From 07a30c4c009e192e35d63b22088ad65516beaee7 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Tue, 20 Apr 2021 14:13:23 +0100
Subject: [PATCH 001/966] Convert oneshot AEAD over to multipart struct

Multipart AEAD operation struct has to be public as it's allocated by
the caller, so to save duplication of code, switch oneshot AEAD over to
using the multipart operation struct.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 include/psa/crypto_struct.h | 22 +++++++++++++----
 library/psa_crypto_aead.c   | 48 +++++++++++--------------------------
 2 files changed, 31 insertions(+), 39 deletions(-)

diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h
index 47012fdd00..a1182c48db 100644
--- a/include/psa/crypto_struct.h
+++ b/include/psa/crypto_struct.h
@@ -75,6 +75,8 @@ extern "C" {
 
 #include "mbedtls/cmac.h"
 #include "mbedtls/gcm.h"
+#include "mbedtls/ccm.h"
+#include "mbedtls/chachapoly.h"
 
 /* Include the context definition for the compiled-in drivers for the primitive
  * algorithms. */
@@ -153,17 +155,27 @@ struct psa_aead_operation_s
 {
     psa_algorithm_t alg;
     unsigned int key_set : 1;
-    unsigned int iv_set : 1;
-    uint8_t iv_size;
-    uint8_t block_size;
+    unsigned int nonce_set : 1;
+
+    uint8_t tag_length;
+
     union
     {
         unsigned dummy; /* Enable easier initializing of the union. */
-        mbedtls_cipher_context_t cipher;
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
+        mbedtls_ccm_context ccm;
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
+        mbedtls_gcm_context gcm;
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
+        mbedtls_chachapoly_context chachapoly;
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
+
     } ctx;
 };
 
-#define PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, 0, {0}}
+#define PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, {0}}
 static inline struct psa_aead_operation_s psa_aead_operation_init( void )
 {
     const struct psa_aead_operation_s v = PSA_AEAD_OPERATION_INIT;
diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c
index 356679c38f..07c52d433a 100644
--- a/library/psa_crypto_aead.c
+++ b/library/psa_crypto_aead.c
@@ -30,30 +30,10 @@
 #include "mbedtls/cipher.h"
 #include "mbedtls/gcm.h"
 
-typedef struct
-{
-    union
-    {
-        unsigned dummy; /* Make the union non-empty even with no supported algorithms. */
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
-        mbedtls_ccm_context ccm;
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
-        mbedtls_gcm_context gcm;
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
-        mbedtls_chachapoly_context chachapoly;
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
-    } ctx;
-    psa_algorithm_t core_alg;
-    uint8_t tag_length;
-} aead_operation_t;
 
-#define AEAD_OPERATION_INIT {{0}, 0, 0}
-
-static void psa_aead_abort_internal( aead_operation_t *operation )
+static void psa_aead_abort_internal( psa_aead_operation_t *operation )
 {
-    switch( operation->core_alg )
+    switch( operation->alg )
     {
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
         case PSA_ALG_CCM:
@@ -74,7 +54,7 @@ static void psa_aead_abort_internal( aead_operation_t *operation )
 }
 
 static psa_status_t psa_aead_setup(
-    aead_operation_t *operation,
+    psa_aead_operation_t *operation,
     const psa_key_attributes_t *attributes,
     const uint8_t *key_buffer,
     psa_algorithm_t alg )
@@ -97,7 +77,7 @@ static psa_status_t psa_aead_setup(
     {
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
         case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 0 ):
-            operation->core_alg = PSA_ALG_CCM;
+            operation->alg = PSA_ALG_CCM;
             full_tag_length = 16;
             /* CCM allows the following tag lengths: 4, 6, 8, 10, 12, 14, 16.
              * The call to mbedtls_ccm_encrypt_and_tag or
@@ -116,7 +96,7 @@ static psa_status_t psa_aead_setup(
 
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
         case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 0 ):
-            operation->core_alg = PSA_ALG_GCM;
+            operation->alg = PSA_ALG_GCM;
             full_tag_length = 16;
             /* GCM allows the following tag lengths: 4, 8, 12, 13, 14, 15, 16.
              * The call to mbedtls_gcm_crypt_and_tag or
@@ -135,7 +115,7 @@ static psa_status_t psa_aead_setup(
 
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
         case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CHACHA20_POLY1305, 0 ):
-            operation->core_alg = PSA_ALG_CHACHA20_POLY1305;
+            operation->alg = PSA_ALG_CHACHA20_POLY1305;
             full_tag_length = 16;
             /* We only support the default tag length. */
             if( alg != PSA_ALG_CHACHA20_POLY1305 )
@@ -176,7 +156,7 @@ psa_status_t mbedtls_psa_aead_encrypt(
     uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length )
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-    aead_operation_t operation = AEAD_OPERATION_INIT;
+    psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT;
     uint8_t *tag;
     (void) key_buffer_size;
 
@@ -194,7 +174,7 @@ psa_status_t mbedtls_psa_aead_encrypt(
     tag = ciphertext + plaintext_length;
 
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
-    if( operation.core_alg == PSA_ALG_CCM )
+    if( operation.alg == PSA_ALG_CCM )
     {
         status = mbedtls_to_psa_error(
             mbedtls_ccm_encrypt_and_tag( &operation.ctx.ccm,
@@ -208,7 +188,7 @@ psa_status_t mbedtls_psa_aead_encrypt(
     else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
-    if( operation.core_alg == PSA_ALG_GCM )
+    if( operation.alg == PSA_ALG_GCM )
     {
         status = mbedtls_to_psa_error(
             mbedtls_gcm_crypt_and_tag( &operation.ctx.gcm,
@@ -222,7 +202,7 @@ psa_status_t mbedtls_psa_aead_encrypt(
     else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
-    if( operation.core_alg == PSA_ALG_CHACHA20_POLY1305 )
+    if( operation.alg == PSA_ALG_CHACHA20_POLY1305 )
     {
         if( nonce_length != 12 || operation.tag_length != 16 )
         {
@@ -286,7 +266,7 @@ psa_status_t mbedtls_psa_aead_decrypt(
     uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length )
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-    aead_operation_t operation = AEAD_OPERATION_INIT;
+    psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT;
     const uint8_t *tag = NULL;
     (void) key_buffer_size;
 
@@ -301,7 +281,7 @@ psa_status_t mbedtls_psa_aead_decrypt(
         goto exit;
 
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
-    if( operation.core_alg == PSA_ALG_CCM )
+    if( operation.alg == PSA_ALG_CCM )
     {
         status = mbedtls_to_psa_error(
             mbedtls_ccm_auth_decrypt( &operation.ctx.ccm,
@@ -315,7 +295,7 @@ psa_status_t mbedtls_psa_aead_decrypt(
     else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
-    if( operation.core_alg == PSA_ALG_GCM )
+    if( operation.alg == PSA_ALG_GCM )
     {
         status = mbedtls_to_psa_error(
             mbedtls_gcm_auth_decrypt( &operation.ctx.gcm,
@@ -329,7 +309,7 @@ psa_status_t mbedtls_psa_aead_decrypt(
     else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
-    if( operation.core_alg == PSA_ALG_CHACHA20_POLY1305 )
+    if( operation.alg == PSA_ALG_CHACHA20_POLY1305 )
     {
         if( nonce_length != 12 || operation.tag_length != 16 )
         {

From adb8b16b16091187d17b4a29de74dc3cc37c3502 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Tue, 20 Apr 2021 16:06:57 +0100
Subject: [PATCH 002/966] Add internal implementation of multipart AEAD

For the time being CCM and GCM are not entirely implemented correctly
due to issues with their underlying implentations, which would be
difficult to fix in 2.x, and thus require all the AD and data to be
passed in in one go.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 include/psa/crypto_struct.h |  24 +-
 library/psa_crypto_aead.c   | 756 ++++++++++++++++++++++++++++++++++--
 library/psa_crypto_aead.h   | 640 ++++++++++++++++++++++++++++++
 3 files changed, 1397 insertions(+), 23 deletions(-)

diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h
index a1182c48db..6c93814be3 100644
--- a/include/psa/crypto_struct.h
+++ b/include/psa/crypto_struct.h
@@ -154,10 +154,32 @@ static inline struct psa_mac_operation_s psa_mac_operation_init( void )
 struct psa_aead_operation_s
 {
     psa_algorithm_t alg;
+    psa_key_type_t key_type;
+
     unsigned int key_set : 1;
     unsigned int nonce_set : 1;
+    unsigned int lengths_set : 1;
+    unsigned int is_encrypt : 1;
+    unsigned int ad_started : 1;
+    unsigned int body_started : 1;
 
     uint8_t tag_length;
+    uint8_t nonce_length;
+
+    size_t ad_remaining;
+    size_t body_remaining;
+
+    /* Buffers for AD/data - only required until CCM gets proper multipart
+       support. */
+    uint8_t* ad_buffer;
+    size_t ad_length;
+
+    uint8_t* data_buffer;
+    size_t data_length;
+
+    /* buffer to store Nonce - only required until CCM and GCM get proper
+       multipart support. */
+    uint8_t nonce[PSA_AEAD_NONCE_MAX_SIZE];
 
     union
     {
@@ -175,7 +197,7 @@ struct psa_aead_operation_s
     } ctx;
 };
 
-#define PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, {0}}
+#define PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, {0}, {0}}
 static inline struct psa_aead_operation_s psa_aead_operation_init( void )
 {
     const struct psa_aead_operation_s v = PSA_AEAD_OPERATION_INIT;
diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c
index 07c52d433a..47b0e7b3e2 100644
--- a/library/psa_crypto_aead.c
+++ b/library/psa_crypto_aead.c
@@ -20,39 +20,40 @@
 
 #include "common.h"
 
+
 #if defined(MBEDTLS_PSA_CRYPTO_C)
 
 #include "psa_crypto_aead.h"
 #include "psa_crypto_core.h"
 
+#include <string.h>
+#include "mbedtls/platform.h"
+#if !defined(MBEDTLS_PLATFORM_C)
+#define mbedtls_calloc calloc
+#define mbedtls_free   free
+#endif
+
 #include "mbedtls/ccm.h"
 #include "mbedtls/chachapoly.h"
 #include "mbedtls/cipher.h"
 #include "mbedtls/gcm.h"
+#include "mbedtls/error.h"
 
-
-static void psa_aead_abort_internal( psa_aead_operation_t *operation )
+/* Constant-time buffer comparison. This is duplication of code from
+ * psa_crypto.c, but has nowhere private I can put it for the minute. Really
+   belongs in the constant time module, when that gets implemented */
+static inline int safer_memcmp( const uint8_t *a, const uint8_t *b, size_t n )
 {
-    switch( operation->alg )
-    {
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
-        case PSA_ALG_CCM:
-            mbedtls_ccm_free( &operation->ctx.ccm );
-            break;
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
-        case PSA_ALG_GCM:
-            mbedtls_gcm_free( &operation->ctx.gcm );
-            break;
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
-        case PSA_ALG_CHACHA20_POLY1305:
-            mbedtls_chachapoly_free( &operation->ctx.chachapoly );
-            break;
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
-    }
+    size_t i;
+    unsigned char diff = 0;
+
+    for( i = 0; i < n; i++ )
+        diff |= a[i] ^ b[i];
+
+    return( diff );
 }
 
+
 static psa_status_t psa_aead_setup(
     psa_aead_operation_t *operation,
     const psa_key_attributes_t *attributes,
@@ -65,6 +66,12 @@ static psa_status_t psa_aead_setup(
     mbedtls_cipher_id_t cipher_id;
     size_t full_tag_length = 0;
 
+    if( operation->key_set || operation->nonce_set ||
+        operation->ad_started || operation->body_started )
+    {
+        return( PSA_ERROR_BAD_STATE );
+    }
+
     key_bits = attributes->core.bits;
 
     cipher_info = mbedtls_cipher_info_from_psa( alg,
@@ -143,6 +150,8 @@ static psa_status_t psa_aead_setup(
                                                  key_bits,
                                                  alg );
 
+    operation->key_set = 1;
+
     return( PSA_SUCCESS );
 }
 
@@ -230,7 +239,7 @@ psa_status_t mbedtls_psa_aead_encrypt(
         *ciphertext_length = plaintext_length + operation.tag_length;
 
 exit:
-    psa_aead_abort_internal( &operation );
+    mbedtls_psa_aead_abort( &operation );
 
     return( status );
 }
@@ -336,12 +345,715 @@ psa_status_t mbedtls_psa_aead_decrypt(
         *plaintext_length = ciphertext_length - operation.tag_length;
 
 exit:
-    psa_aead_abort_internal( &operation );
+    mbedtls_psa_aead_abort( &operation );
 
     if( status == PSA_SUCCESS )
         *plaintext_length = ciphertext_length - operation.tag_length;
     return( status );
 }
 
+/* Set the key and algorithm for a multipart authenticated encryption
+ * operation. */
+psa_status_t mbedtls_psa_aead_encrypt_setup( psa_aead_operation_t *operation,
+                                             const psa_key_attributes_t *attributes,
+                                             const uint8_t *key_buffer, size_t key_buffer_size,
+                                             psa_algorithm_t alg )
+{
+    psa_status_t status;
+
+    (void) key_buffer_size;
+
+    status = psa_aead_setup( operation, attributes, key_buffer, alg );
+
+    if( status == PSA_SUCCESS )
+    {
+        operation->is_encrypt = 1;
+    }
+
+    return ( status );
+}
+
+/* Set the key and algorithm for a multipart authenticated decryption
+ * operation. */
+psa_status_t mbedtls_psa_aead_decrypt_setup( psa_aead_operation_t *operation,
+                                             const psa_key_attributes_t *attributes,
+                                             const uint8_t *key_buffer, size_t key_buffer_size,
+                                             psa_algorithm_t alg )
+{
+    psa_status_t status;
+
+    (void) key_buffer_size;
+
+    status = psa_aead_setup( operation, attributes, key_buffer, alg );
+
+    if( status == PSA_SUCCESS )
+    {
+        operation->is_encrypt = 0;
+    }
+
+    return ( status );
+}
+
+/* Generate a random nonce / IV for multipart AEAD operation */
+psa_status_t mbedtls_psa_aead_generate_nonce( psa_aead_operation_t *operation,
+                                              uint8_t *nonce,
+                                              size_t nonce_size,
+                                              size_t *nonce_length )
+{
+    psa_status_t status;
+    size_t required_nonce_size = nonce_size;
+
+    if( !operation->key_set || operation->nonce_set ||
+        operation->ad_started || operation->body_started )
+    {
+        return( PSA_ERROR_BAD_STATE );
+    }
+
+    required_nonce_size = PSA_AEAD_NONCE_LENGTH(operation->key_type, operation->alg);
+
+    if( nonce_size == 0 || nonce_size < required_nonce_size )
+    {
+        return( PSA_ERROR_BUFFER_TOO_SMALL );
+    }
+
+    status = psa_generate_random( nonce, required_nonce_size );
+
+    if( status != PSA_SUCCESS )
+    {
+        return status;
+    }
+
+    status = mbedtls_psa_aead_set_nonce( operation, nonce, required_nonce_size );
+
+    if( status == PSA_SUCCESS )
+    {
+        *nonce_length = required_nonce_size;
+    }
+
+    return status;
+}
+
+/* Set a nonce for the multipart AEAD operation*/
+psa_status_t mbedtls_psa_aead_set_nonce( psa_aead_operation_t *operation,
+                                         const uint8_t *nonce,
+                                         size_t nonce_length )
+{
+    psa_status_t status;
+
+    if( !operation->key_set || operation->nonce_set ||
+        operation->ad_started || operation->body_started )
+    {
+        return( PSA_ERROR_BAD_STATE );
+    }
+
+    /* Restricting to a nominal safe length for nonces even though some
+       algorithms can handle longer nonces, but not without collision */
+    if( nonce_length > PSA_AEAD_NONCE_MAX_SIZE )
+    {
+        return( PSA_ERROR_INVALID_ARGUMENT );
+    }
+
+    #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
+    if( operation->alg == PSA_ALG_GCM )
+    {
+        /* GCM sets nonce once additional data has been supplied */
+        memcpy(operation->nonce, nonce, nonce_length);
+
+        /* We know that nonce size cannot exceed the uint8_t size */
+        operation->nonce_length = ( uint8_t ) nonce_length;
+        status = PSA_SUCCESS;
+    }
+    else
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
+    if( operation->alg == PSA_ALG_CCM )
+    {
+        /* Multipart CCM not supported as yet, so CCM is basically operating
+           in oneshot mode. Store the nonce as we need this later */
+        memcpy(operation->nonce, nonce, nonce_length);
+
+        /* We know that nonce size cannot exceed the uint8_t size */
+        operation->nonce_length = ( uint8_t ) nonce_length;
+        status = PSA_SUCCESS;
+    }
+    else
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
+    if( operation->alg == PSA_ALG_CHACHA20_POLY1305 )
+    {
+        if( nonce_length != 12 && nonce_length != 8)
+        {
+            return( PSA_ERROR_INVALID_ARGUMENT );
+        }
+
+        status = mbedtls_to_psa_error(mbedtls_chachapoly_starts( &operation->ctx.chachapoly,
+                                                                 nonce,
+                                                                 operation->is_encrypt ?
+                                                                 MBEDTLS_CHACHAPOLY_ENCRYPT :
+                                                                 MBEDTLS_CHACHAPOLY_DECRYPT ) );
+        }
+    else
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
+    {
+        ( void ) nonce;
+        ( void ) nonce_length;
+
+        return ( PSA_ERROR_NOT_SUPPORTED );
+    }
+
+    if( status == PSA_SUCCESS )
+    {
+        operation->nonce_set = 1;
+    }
+
+    return( status );
+}
+ /* Declare the lengths of the message and additional data for AEAD. */
+psa_status_t mbedtls_psa_aead_set_lengths( psa_aead_operation_t *operation,
+                                           size_t ad_length,
+                                           size_t plaintext_length )
+{
+
+    if( !operation->key_set || operation->lengths_set )
+    {
+        return( PSA_ERROR_BAD_STATE );
+    }
+
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
+    if( operation->alg == PSA_ALG_GCM )
+    {
+#if SIZE_MAX > UINT32_MAX
+        if( ( (uint64_t) ad_length ) >> 61 != 0 ||
+            ( (uint64_t) plaintext_length ) > 0xFFFFFFFE0ull )
+        {
+            return ( PSA_ERROR_INVALID_ARGUMENT );
+        }
+#endif
+    }
+    else
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
+    if( operation->alg == PSA_ALG_CCM )
+    {
+        if( ad_length > 0xFF00 )
+        {
+            return ( PSA_ERROR_INVALID_ARGUMENT );
+        }
+    }
+    else
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
+    if( operation->alg == PSA_ALG_CHACHA20_POLY1305 )
+    {
+        /* No length restrictions for ChaChaPoly. */
+    }
+    else
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
+    {
+        ( void ) ad_length;
+        ( void ) plaintext_length;
+
+        return ( PSA_ERROR_NOT_SUPPORTED );
+    }
+
+    operation->ad_remaining = ad_length;
+    operation->body_remaining = plaintext_length;
+    operation->lengths_set = 1;
+
+    return ( PSA_SUCCESS );
+}
+
+/* Pass additional data to an active multipart AEAD operation. */
+psa_status_t mbedtls_psa_aead_update_ad( psa_aead_operation_t *operation,
+                                         const uint8_t *input,
+                                         size_t input_length )
+{
+    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+    if( !operation->nonce_set || !operation->key_set )
+    {
+        return( PSA_ERROR_BAD_STATE );
+    }
+
+    if( operation->lengths_set )
+    {
+        if ( operation->ad_remaining < input_length )
+        {
+            return( PSA_ERROR_INVALID_ARGUMENT );
+        }
+
+        operation->ad_remaining -= input_length;
+    }
+
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
+    if( operation->alg == PSA_ALG_GCM )
+    {
+        if( !operation->lengths_set || operation->ad_started )
+        {
+            return( PSA_ERROR_BAD_STATE );
+        }
+
+        /* GCM currently requires all the additional data to be passed in in
+         * one contigious buffer, so until that is re-done, we have to enforce
+         * this, as we cannot allocate a buffer to collate multiple calls into.
+           */
+        if( input_length != operation->ad_remaining )
+        {
+            return ( PSA_ERROR_INVALID_ARGUMENT );
+        }
+
+        status = mbedtls_to_psa_error( mbedtls_gcm_starts( &operation->ctx.gcm,
+                                                          operation->is_encrypt ?
+                                                           MBEDTLS_GCM_ENCRYPT : MBEDTLS_GCM_DECRYPT,
+                                                          operation->nonce,
+                                                          operation->nonce_length,
+                                                          input,
+                                                          input_length ) );
+
+    }
+    else
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
+    if( operation->alg == PSA_ALG_CCM )
+    {
+        /* CCM requires all additional data to be passed in in one go at the
+           minute, as we are basically operating in oneshot mode. */
+        if( !operation->lengths_set || operation->ad_started )
+        {
+            return( PSA_ERROR_BAD_STATE );
+        }
+
+        /* Save the additional data for later, this will be passed in
+           when we have the body. */
+        operation->ad_buffer = ( uint8_t * ) mbedtls_calloc(1, input_length );
+
+        if( operation->ad_buffer )
+        {
+            memcpy( operation->ad_buffer, input, input_length );
+            operation->ad_length = input_length;
+        }
+        else
+        {
+            return ( PSA_ERROR_INSUFFICIENT_MEMORY );
+        }
+    }
+    else
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
+    if( operation->alg == PSA_ALG_CHACHA20_POLY1305 )
+    {
+        status = mbedtls_to_psa_error( mbedtls_chachapoly_update_aad( &operation->ctx.chachapoly,
+                                                                      input,
+                                                                      input_length ) );
+    }
+    else
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
+    {
+        (void) input;
+        (void) input_length;
+
+        return ( PSA_ERROR_NOT_SUPPORTED );
+    }
+
+    if( status == PSA_SUCCESS )
+    {
+        operation->ad_started = 1;
+    }
+
+    return ( status );
+}
+
+/* Encrypt or decrypt a message fragment in an active multipart AEAD
+ * operation.*/
+psa_status_t mbedtls_psa_aead_update( psa_aead_operation_t *operation,
+                                      const uint8_t *input,
+                                      size_t input_length,
+                                      uint8_t *output,
+                                      size_t output_size,
+                                      size_t *output_length )
+{
+    size_t update_output_size;
+    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+    if( !operation->nonce_set || !operation->key_set || !operation->ad_started )
+    {
+        return( PSA_ERROR_BAD_STATE );
+    }
+
+    update_output_size = PSA_AEAD_UPDATE_OUTPUT_SIZE(operation->key_type,
+                                                     operation->alg, input_length);
+
+    if(update_output_size > output_size )
+    {
+        return ( PSA_ERROR_BUFFER_TOO_SMALL );
+    }
+
+    if( operation->lengths_set)
+    {
+        /* Additional data length was supplied, but not all the additional
+           data was supplied.*/
+        if( operation->ad_remaining != 0 )
+        {
+            return ( PSA_ERROR_INVALID_ARGUMENT );
+        }
+
+        /* Too much data provided. */
+        if( operation->body_remaining < input_length )
+        {
+            return ( PSA_ERROR_INVALID_ARGUMENT );
+        }
+
+        operation->body_remaining -= input_length;
+    }
+
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
+    if( operation->alg == PSA_ALG_GCM )
+    {
+        /* For the time being set the requirement that all of the body data
+         * must be passed in in one update, rather than deal with the complexity
+         * of non block size aligned updates. This will be fixed in 3.0 when
+           we can change the signature of the GCM multipart functions */
+        if( !operation->lengths_set || operation->body_remaining != 0 )
+        {
+            return( PSA_ERROR_BAD_STATE );
+        }
+
+        if( operation->ad_started )
+        {
+            return( PSA_ERROR_BAD_STATE );
+        }
+
+        status =  mbedtls_to_psa_error( mbedtls_gcm_update( &operation->ctx.gcm,
+                                                        input_length,
+                                                        input,
+                                                        output ) );
+    }
+    else
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
+    if( operation->alg == PSA_ALG_CCM )
+    {
+        /* CCM dooes not support multipart yet, so all the input has to be
+           passed in in one go. Store the data for the final step.*/
+        if( operation->ad_started )
+        {
+            return( PSA_ERROR_BAD_STATE );
+        }
+
+        /* Save the additional data for later, this will be passed in
+           when we have the body. */
+        operation->data_buffer = ( uint8_t * ) mbedtls_calloc(1, input_length );
+
+        if( operation->data_buffer )
+        {
+            memcpy( operation->data_buffer, input, input_length );
+            operation->data_length = input_length;
+        }
+        else
+        {
+            return ( PSA_ERROR_INSUFFICIENT_MEMORY );
+        }
+
+    }
+    else
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
+    if( operation->alg == PSA_ALG_CHACHA20_POLY1305 )
+    {
+        status = mbedtls_to_psa_error( mbedtls_chachapoly_update( &operation->ctx.chachapoly,
+                                                                  input_length,
+                                                                  input,
+                                                                  output ) );
+    }
+    else
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
+    {
+        (void) input;
+        (void) input_length;
+
+        return ( PSA_ERROR_NOT_SUPPORTED );
+    }
+
+    if( status == PSA_SUCCESS )
+    {
+        *output_length = update_output_size;
+        operation->body_started = 1;
+    }
+
+    return( status );
+}
+
+/* Common checks for both mbedtls_psa_aead_finish() and
+   mbedtls_psa_aead_verify() */
+static psa_status_t mbedtls_psa_aead_finish_checks( psa_aead_operation_t *operation,
+                                                    size_t output_size,
+                                                    size_t tag_size,
+                                                    size_t *finish_output_size,
+                                                    size_t *output_tag_length )
+{
+    if( !operation->key_set || !operation->nonce_set
+        || !operation->ad_started || !operation->body_started)
+    {
+        return( PSA_ERROR_BAD_STATE );
+    }
+
+    if( operation->lengths_set )
+    {
+        if( operation->ad_remaining != 0 || operation->body_remaining != 0 )
+        {
+            return( PSA_ERROR_BAD_STATE );
+        }
+    }
+
+    *output_tag_length = operation->tag_length;
+
+    if( tag_size < *output_tag_length)
+    {
+        return ( PSA_ERROR_BUFFER_TOO_SMALL );
+    }
+
+    if( operation->is_encrypt )
+    {
+        *finish_output_size = PSA_AEAD_FINISH_OUTPUT_SIZE(operation->key_type,
+                                                          operation->alg);
+    }
+    else
+    {
+        *finish_output_size = PSA_AEAD_VERIFY_OUTPUT_SIZE(operation->key_type,
+                                                          operation->alg);
+    }
+
+    if( output_size < *finish_output_size )
+    {
+        return ( PSA_ERROR_BUFFER_TOO_SMALL );
+    }
+
+    return ( PSA_SUCCESS );
+
+}
+
+/* Finish encrypting a message in a multipart AEAD operation. */
+psa_status_t mbedtls_psa_aead_finish( psa_aead_operation_t *operation,
+                                      uint8_t *ciphertext,
+                                      size_t ciphertext_size,
+                                      size_t *ciphertext_length,
+                                      uint8_t *tag,
+                                      size_t tag_size,
+                                      size_t *tag_length )
+{
+    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+    size_t output_tag_length;
+    size_t finish_output_size;
+
+    status = mbedtls_psa_aead_finish_checks( operation, ciphertext_size, tag_size, &finish_output_size,
+                                             &output_tag_length);
+
+    if( status != PSA_SUCCESS )
+    {
+        return status;
+    }
+
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
+    if( operation->alg == PSA_ALG_GCM )
+    {
+        /* We will need to do final GCM pass in here when multipart is done. */
+        status =  mbedtls_to_psa_error( mbedtls_gcm_finish( &operation->ctx.gcm,
+                                                            tag,
+                                                            tag_size ) );
+    }
+    else
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
+    if( operation->alg == PSA_ALG_CCM )
+    {
+        if( !operation->ad_buffer || !operation->data_buffer )
+        {
+            return( PSA_ERROR_BAD_STATE );
+        }
+
+        /* Perform oneshot CCM encryption with data already stored, as
+           CCM does not support multipart yet.*/
+        status = mbedtls_to_psa_error( mbedtls_ccm_encrypt_and_tag( &operation->ctx.ccm,
+                                                                    operation->data_length,
+                                                                    operation->nonce,
+                                                                    operation->nonce_length,
+                                                                    operation->ad_buffer,
+                                                                    operation->ad_length,
+                                                                    operation->data_buffer,
+                                                                    ciphertext,
+                                                                    tag, tag_size ) );
+
+        /* Even if the above operation fails, we no longer need the data */
+        mbedtls_free(operation->ad_buffer);
+        operation->ad_buffer = NULL;
+        operation->ad_length = 0;
+
+        mbedtls_free(operation->data_buffer);
+        operation->data_buffer = NULL;
+        operation->data_length = 0;
+    }
+    else
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
+    if( operation->alg == PSA_ALG_CHACHA20_POLY1305 )
+    {
+        status = mbedtls_to_psa_error( mbedtls_chachapoly_finish( &operation->ctx.chachapoly,
+                                                                  tag ) );
+    }
+    else
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
+    {
+        ( void ) ciphertext;
+        ( void ) ciphertext_size;
+        ( void ) ciphertext_length;
+        ( void ) tag;
+        ( void ) tag_size;
+        ( void ) tag_length;
+
+        return ( PSA_ERROR_NOT_SUPPORTED );
+    }
+
+    if( status == PSA_SUCCESS )
+    {
+        *ciphertext_length = finish_output_size;
+        *tag_length = output_tag_length;
+    }
+
+    mbedtls_psa_aead_abort(operation);
+
+    return ( status );
+}
+
+/* Finish authenticating and decrypting a message in a multipart AEAD
+ * operation.*/
+psa_status_t mbedtls_psa_aead_verify( psa_aead_operation_t *operation,
+                                      uint8_t *plaintext,
+                                      size_t plaintext_size,
+                                      size_t *plaintext_length,
+                                      const uint8_t *tag,
+                                      size_t tag_length )
+{
+    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+
+    size_t finish_output_size;
+    size_t output_tag_length;
+
+    int do_tag_check = 1;
+    uint8_t check_tag[16];
+
+    status = mbedtls_psa_aead_finish_checks( operation, plaintext_size, tag_length, &finish_output_size,
+                                             &output_tag_length);
+
+    if( status != PSA_SUCCESS )
+    {
+        return status;
+    }
+
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
+    if( operation->alg == PSA_ALG_GCM )
+    {
+        /* Call finish to get the tag for comparison */
+        status =  mbedtls_to_psa_error( mbedtls_gcm_finish( &operation->ctx.gcm,
+                                                            check_tag,
+                                                            16 ) );
+    }
+    else
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
+    if( operation->alg == PSA_ALG_CCM )
+    {
+        if( !operation->ad_buffer || !operation->data_buffer )
+        {
+            return( PSA_ERROR_BAD_STATE );
+        }
+
+        /* Perform oneshot CCM decryption with data already stored, as
+           CCM does not support multipart yet.*/
+
+        ret = mbedtls_ccm_auth_decrypt( &operation->ctx.ccm, operation->data_length,
+                                       operation->nonce, operation->nonce_length,
+                                       operation->ad_buffer, operation->ad_length,
+                                       operation->data_buffer, plaintext,
+                                       tag, tag_length );
+
+        if( ret == MBEDTLS_ERR_CCM_AUTH_FAILED )
+        {
+            status = PSA_ERROR_INVALID_SIGNATURE;
+        }
+        else
+        {
+            status = mbedtls_to_psa_error( ret );
+            do_tag_check = 0;
+        }
+
+        /* Even if the above operation fails, we no longer need the data */
+        mbedtls_free(operation->ad_buffer);
+        operation->ad_buffer = NULL;
+        operation->ad_length = 0;
+
+        mbedtls_free(operation->data_buffer);
+        operation->data_buffer = NULL;
+        operation->data_length = 0;
+    }
+    else
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
+    if( operation->alg == PSA_ALG_CHACHA20_POLY1305 )
+    {
+        // call finish to get the tag for comparison.
+        status = mbedtls_to_psa_error( mbedtls_chachapoly_finish( &operation->ctx.chachapoly,
+                                                                  check_tag ) );
+    }
+    else
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
+    {
+        ( void ) plaintext;
+        ( void ) plaintext_size;
+        ( void ) plaintext_length;
+        ( void ) tag;
+        ( void ) tag_length;
+
+        return ( PSA_ERROR_NOT_SUPPORTED );
+    }
+
+    if( status == PSA_SUCCESS )
+    {
+        if( do_tag_check && safer_memcmp(tag, check_tag, tag_length) != 0 )
+        {
+            status = MBEDTLS_ERR_GCM_AUTH_FAILED;
+        }
+    }
+
+    mbedtls_psa_aead_abort(operation);
+
+    return ( status );
+}
+
+/* Abort an AEAD operation */
+psa_status_t mbedtls_psa_aead_abort( psa_aead_operation_t *operation )
+{
+   switch( operation->alg )
+    {
+#if defined(MBEDTLS_CCM_C)
+        case MBEDTLS_PSA_BUILTIN_ALG_CCM:
+            mbedtls_ccm_free( &operation->ctx.ccm );
+            break;
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
+        case PSA_ALG_GCM:
+            mbedtls_gcm_free( &operation->ctx.gcm );
+            break;
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
+       case PSA_ALG_CHACHA20_POLY1305:
+           mbedtls_chachapoly_free( &operation->ctx.chachapoly );
+           break;
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
+    }
+
+    return( PSA_SUCCESS );
+}
+
 #endif /* MBEDTLS_PSA_CRYPTO_C */
 
diff --git a/library/psa_crypto_aead.h b/library/psa_crypto_aead.h
index aab0f835c4..d7aac24ed0 100644
--- a/library/psa_crypto_aead.h
+++ b/library/psa_crypto_aead.h
@@ -148,4 +148,644 @@ psa_status_t mbedtls_psa_aead_decrypt(
     const uint8_t *ciphertext, size_t ciphertext_length,
     uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length );
 
+/** Set the key for a multipart authenticated encryption operation.
+ *
+ *  \note The signature of this function is that of a PSA driver
+ *       aead_encrypt_setup entry point. This function behaves as an
+ *       aead_encrypt_setup entry point as defined in the PSA driver interface
+ *       specification for transparent drivers.
+ *
+ * The sequence of operations to encrypt a message with authentication
+ * is as follows:
+ * -# Allocate an operation object which will be passed to all the functions
+ *    listed here.
+ * -# Initialize the operation object with one of the methods described in the
+ *    documentation for #psa_aead_operation_t, e.g.
+ *    #PSA_AEAD_OPERATION_INIT.
+ * -# Call mbedtls_psa_aead_encrypt_setup() to specify the algorithm and key.
+ * -# If needed, call mbedtls_psa_aead_set_lengths() to specify the length of
+ *    the inputs to the subsequent calls to mbedtls_psa_aead_update_ad() and
+ *    mbedtls_psa_aead_update(). See the documentation of mbedtls_psa_aead_set_lengths()
+ *    for details.
+ * -# Call either mbedtls_psa_aead_generate_nonce() or mbedtls_psa_aead_set_nonce() to
+ *    generate or set the nonce. You should use
+ *    mbedtls_psa_aead_generate_nonce() unless the protocol you are implementing
+ *    requires a specific nonce value.
+ * -# Call mbedtls_psa_aead_update_ad() zero, one or more times, passing a fragment
+ *    of the non-encrypted additional authenticated data each time.
+ * -# Call mbedtls_psa_aead_update() zero, one or more times, passing a fragment
+ *    of the message to encrypt each time.
+ * -# Call mbedtls_psa_aead_finish().
+ *
+ * If an error occurs at any step after a call to mbedtls_psa_aead_encrypt_setup(),
+ * the operation will need to be reset by a call to mbedtls_psa_aead_abort(). The
+ * application may call mbedtls_psa_aead_abort() at any time after the operation
+ * has been initialized.
+ *
+ * After a successful call to mbedtls_psa_aead_encrypt_setup(), the application must
+ * eventually terminate the operation. The following events terminate an
+ * operation:
+ * - A successful call to mbedtls_psa_aead_finish().
+ * - A call to mbedtls_psa_aead_abort().
+ *
+ * \param[in,out] operation     The operation object to set up. It must have
+ *                              been initialized as per the documentation for
+ *                              #mbedtls_psa_aead_operation_t and not yet in use.
+ * \param[in]  attributes       The attributes of the key to use for the
+ *                              operation.
+ * \param[in]  key_buffer       The buffer containing the key context.
+ * \param      key_buffer_size  Size of the \p key_buffer buffer in bytes.
+ * \param alg                   The AEAD algorithm to compute
+ *                              (\c PSA_ALG_XXX value such that
+ *                              #PSA_ALG_IS_AEAD(\p alg) is true).
+ *
+ * \retval #PSA_SUCCESS
+ *         Success.
+ * \retval #PSA_ERROR_BAD_STATE
+ *         The operation state is not valid (it must be inactive).
+ * \retval #PSA_ERROR_INVALID_HANDLE
+ * \retval #PSA_ERROR_NOT_PERMITTED
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ *         \p key is not compatible with \p alg.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ *         \p alg is not supported or is not an AEAD algorithm.
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_STORAGE_FAILURE
+ * \retval #PSA_ERROR_BAD_STATE
+ *         The library has not been previously initialized by psa_crypto_init().
+ *         It is implementation-dependent whether a failure to initialize
+ *         results in this error code.
+ */
+psa_status_t mbedtls_psa_aead_encrypt_setup(psa_aead_operation_t *operation,
+                                            const psa_key_attributes_t *attributes,
+                                            const uint8_t *key_buffer, size_t key_buffer_size,
+                                            psa_algorithm_t alg);
+
+/** Set the key for a multipart authenticated decryption operation.
+ *
+ * \note The signature of this function is that of a PSA driver
+ *       aead_decrypt_setup entry point. This function behaves as an
+ *       aead_decrypt_setup entry point as defined in the PSA driver interface
+ *       specification for transparent drivers.
+ *
+ * The sequence of operations to decrypt a message with authentication
+ * is as follows:
+ * -# Allocate an operation object which will be passed to all the functions
+ *    listed here.
+ * -# Initialize the operation object with one of the methods described in the
+ *    documentation for #psa_aead_operation_t, e.g.
+ *    #PSA_AEAD_OPERATION_INIT.
+ * -# Call mbedtls_psa_aead_decrypt_setup() to specify the algorithm and key.
+ * -# If needed, call mbedtls_psa_aead_set_lengths() to specify the length of the
+ *    inputs to the subsequent calls to mbedtls_psa_aead_update_ad() and
+ *    mbedtls_psa_aead_update(). See the documentation of mbedtls_psa_aead_set_lengths()
+ *    for details.
+ * -# Call mbedtls_psa_aead_set_nonce() with the nonce for the decryption.
+ * -# Call mbedtls_psa_aead_update_ad() zero, one or more times, passing a fragment
+ *    of the non-encrypted additional authenticated data each time.
+ * -# Call mbedtls_psa_aead_update() zero, one or more times, passing a fragment
+ *    of the ciphertext to decrypt each time.
+ * -# Call mbedtls_psa_aead_verify().
+ *
+ * If an error occurs at any step after a call to mbedtls_psa_aead_decrypt_setup(),
+ * the operation will need to be reset by a call to mbedtls_psa_aead_abort(). The
+ * application may call mbedtls_psa_aead_abort() at any time after the operation
+ * has been initialized.
+ *
+ * After a successful call to mbedtls_psa_aead_decrypt_setup(), the application must
+ * eventually terminate the operation. The following events terminate an
+ * operation:
+ * - A successful call to mbedtls_psa_aead_verify().
+ * - A call to mbedtls_psa_aead_abort().
+ *
+ * \param[in,out] operation     The operation object to set up. It must have
+ *                              been initialized as per the documentation for
+ *                              #psa_aead_operation_t and not yet in use.
+ * \param[in]  attributes       The attributes of the key to use for the
+ *                              operation.
+ * \param[in]  key_buffer       The buffer containing the key context.
+ * \param      key_buffer_size  Size of the \p key_buffer buffer in bytes.
+ * \param alg                   The AEAD algorithm to compute
+ *                              (\c PSA_ALG_XXX value such that
+ *                              #PSA_ALG_IS_AEAD(\p alg) is true).
+ *
+ * \retval #PSA_SUCCESS
+ *         Success.
+ * \retval #PSA_ERROR_BAD_STATE
+ *         The operation state is not valid (it must be inactive).
+ * \retval #PSA_ERROR_INVALID_HANDLE
+ * \retval #PSA_ERROR_NOT_PERMITTED
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ *         \p key is not compatible with \p alg.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ *         \p alg is not supported or is not an AEAD algorithm.
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_STORAGE_FAILURE
+ * \retval #PSA_ERROR_BAD_STATE
+ *         The library has not been previously initialized by psa_crypto_init().
+ *         It is implementation-dependent whether a failure to initialize
+ *         results in this error code.
+ */
+psa_status_t mbedtls_psa_aead_decrypt_setup(psa_aead_operation_t *operation,
+                                            const psa_key_attributes_t *attributes,
+                                            const uint8_t *key_buffer, size_t key_buffer_size,
+                                            psa_algorithm_t alg);
+
+/** Generate a random nonce for an authenticated encryption operation.
+ *
+ * \note The signature of this function is that of a PSA driver
+ *       aead_generate_nonce entry point. This function behaves as an
+ *       aead_generate_nonce entry point as defined in the PSA driver interface
+ *       specification for transparent drivers.
+ *
+ * This function generates a random nonce for the authenticated encryption
+ * operation with an appropriate size for the chosen algorithm, key type
+ * and key size.
+ *
+ * The application must call mbedtls_psa_aead_encrypt_setup() before
+ * calling this function.
+ *
+ * If this function returns an error status, the operation enters an error
+ * state and must be aborted by calling mbedtls_psa_aead_abort().
+ *
+ * \param[in,out] operation     Active AEAD operation.
+ * \param[out] nonce            Buffer where the generated nonce is to be
+ *                              written.
+ * \param nonce_size            Size of the \p nonce buffer in bytes.
+ * \param[out] nonce_length     On success, the number of bytes of the
+ *                              generated nonce.
+ *
+ * \retval #PSA_SUCCESS
+ *         Success.
+ * \retval #PSA_ERROR_BAD_STATE
+ *         The operation state is not valid (it must be an active aead encrypt
+ *         operation, with no nonce set).
+ * \retval #PSA_ERROR_BUFFER_TOO_SMALL
+ *         The size of the \p nonce buffer is too small.
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_STORAGE_FAILURE
+ * \retval #PSA_ERROR_BAD_STATE
+ *         The library has not been previously initialized by psa_crypto_init().
+ *         It is implementation-dependent whether a failure to initialize
+ *         results in this error code.
+ */
+psa_status_t mbedtls_psa_aead_generate_nonce(psa_aead_operation_t *operation,
+                                            uint8_t *nonce,
+                                            size_t nonce_size,
+                                            size_t *nonce_length);
+
+/** Set the nonce for an authenticated encryption or decryption operation.
+ *
+ * \note The signature of this function is that of a PSA driver
+ *       psa_aead_set_nonce entry point. This function behaves as an
+ *       psa_aead_set_nonce entry point as defined in the PSA driver interface
+ *       specification for transparent drivers.
+ *
+ * This function sets the nonce for the authenticated
+ * encryption or decryption operation.
+ *
+ * The application must call mbedtls_psa_aead_encrypt_setup() or
+ * mbedtls_psa_aead_decrypt_setup() before calling this function.
+ *
+ * If this function returns an error status, the operation enters an error
+ * state and must be aborted by calling mbedtls_psa_aead_abort().
+ *
+ * \note When encrypting, applications should use mbedtls_psa_aead_generate_nonce()
+ * instead of this function, unless implementing a protocol that requires
+ * a non-random IV.
+ *
+ * \param[in,out] operation     Active AEAD operation.
+ * \param[in] nonce             Buffer containing the nonce to use.
+ * \param nonce_length          Size of the nonce in bytes.
+ *
+ * \retval #PSA_SUCCESS
+ *         Success.
+ * \retval #PSA_ERROR_BAD_STATE
+ *         The operation state is not valid (it must be active, with no nonce
+ *         set).
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ *         The size of \p nonce is not acceptable for the chosen algorithm.
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_STORAGE_FAILURE
+ * \retval #PSA_ERROR_BAD_STATE
+ *         The library has not been previously initialized by psa_crypto_init().
+ *         It is implementation-dependent whether a failure to initialize
+ *         results in this error code.
+ */
+psa_status_t mbedtls_psa_aead_set_nonce(psa_aead_operation_t *operation,
+                                        const uint8_t *nonce,
+                                        size_t nonce_length);
+
+/** Declare the lengths of the message and additional data for AEAD.
+ *
+ * \note The signature of this function is that of a PSA driver
+ *       psa_aead_set_lengths entry point. This function behaves as an
+ *       psa_aead_set_lengths entry point as defined in the PSA driver interface
+ *       specification for transparent drivers.
+ *
+ * The application must call this function before calling
+ * mbedtls_psa_aead_update_ad() or mbedtls_psa_aead_update() if the algorithm for
+ * the operation requires it. If the algorithm does not require it,
+ * calling this function is optional, but if this function is called
+ * then the implementation must enforce the lengths.
+ *
+ * You may call this function before or after setting the nonce with
+ * mbedtls_psa_aead_set_nonce() or mbedtls_psa_aead_generate_nonce().
+ *
+ * - For #PSA_ALG_CCM, calling this function is required.
+ * - For the other AEAD algorithms defined in this specification, calling
+ *   this function is not required.
+ * - For vendor-defined algorithm, refer to the vendor documentation.
+ *
+ * If this function returns an error status, the operation enters an error
+ * state and must be aborted by calling mbedtls_psa_aead_abort().
+ *
+ * \param[in,out] operation     Active AEAD operation.
+ * \param ad_length             Size of the non-encrypted additional
+ *                              authenticated data in bytes.
+ * \param plaintext_length      Size of the plaintext to encrypt in bytes.
+ *
+ * \retval #PSA_SUCCESS
+ *         Success.
+ * \retval #PSA_ERROR_BAD_STATE
+ *         The operation state is not valid (it must be active, and
+ *         mbedtls_psa_aead_update_ad() and mbedtls_psa_aead_update() must not have been
+ *         called yet).
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ *         At least one of the lengths is not acceptable for the chosen
+ *         algorithm.
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_BAD_STATE
+ *         The library has not been previously initialized by psa_crypto_init().
+ *         It is implementation-dependent whether a failure to initialize
+ *         results in this error code.
+ */
+psa_status_t mbedtls_psa_aead_set_lengths(psa_aead_operation_t *operation,
+                                          size_t ad_length,
+                                          size_t plaintext_length);
+
+/** Pass additional data to an active AEAD operation.
+ *
+ *  \note The signature of this function is that of a PSA driver
+ *       aead_update_ad entry point. This function behaves as an aead_update_ad
+ *       entry point as defined in the PSA driver interface specification for
+ *       transparent drivers.
+ *
+ * Additional data is authenticated, but not encrypted.
+ *
+ * You may call this function multiple times to pass successive fragments
+ * of the additional data. You may not call this function after passing
+ * data to encrypt or decrypt with mbedtls_psa_aead_update().
+ *
+ * Before calling this function, you must:
+ * 1. Call either mbedtls_psa_aead_encrypt_setup() or mbedtls_psa_aead_decrypt_setup().
+ * 2. Set the nonce with mbedtls_psa_aead_generate_nonce() or
+ *    mbedtls_psa_aead_set_nonce().
+ *
+ * If this function returns an error status, the operation enters an error
+ * state and must be aborted by calling mbedtls_psa_aead_abort().
+ *
+ * \warning When decrypting, until mbedtls_psa_aead_verify() has returned #PSA_SUCCESS,
+ *          there is no guarantee that the input is valid. Therefore, until
+ *          you have called mbedtls_psa_aead_verify() and it has returned #PSA_SUCCESS,
+ *          treat the input as untrusted and prepare to undo any action that
+ *          depends on the input if mbedtls_psa_aead_verify() returns an error status.
+ *
+ * \note    For the time being #PSA_ALG_CCM and #PSA_ALG_GCM require the entire
+ *          additional data to be passed in in one go, i.e. only call
+ *          mbedtls_mbedtls_psa_aead_update_ad() once.
+ *
+ * \param[in,out] operation     Active AEAD operation.
+ * \param[in] input             Buffer containing the fragment of
+ *                              additional data.
+ * \param input_length          Size of the \p input buffer in bytes.
+ *
+ * \retval #PSA_SUCCESS
+ *         Success.
+ * \retval #PSA_ERROR_BAD_STATE
+ *         The operation state is not valid (it must be active, have a nonce
+ *         set, have lengths set if required by the algorithm, and
+ *         mbedtls_psa_aead_update() must not have been called yet).
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ *         The total input length overflows the additional data length that
+ *         was previously specified with mbedtls_psa_aead_set_lengths().
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_STORAGE_FAILURE
+ * \retval #PSA_ERROR_BAD_STATE
+ *         The library has not been previously initialized by psa_crypto_init().
+ *         It is implementation-dependent whether a failure to initialize
+ *         results in this error code.
+ */
+psa_status_t mbedtls_psa_aead_update_ad(psa_aead_operation_t *operation,
+                                        const uint8_t *input,
+                                        size_t input_length);
+
+/** Encrypt or decrypt a message fragment in an active AEAD operation.
+ *
+ *  \note The signature of this function is that of a PSA driver
+ *       aead_update entry point. This function behaves as an aead_update entry
+ *       point as defined in the PSA driver interface specification for
+ *       transparent drivers.
+ *
+ * Before calling this function, you must:
+ * 1. Call either mbedtls_psa_aead_encrypt_setup() or mbedtls_psa_aead_decrypt_setup().
+ *    The choice of setup function determines whether this function
+ *    encrypts or decrypts its input.
+ * 2. Set the nonce with mbedtls_psa_aead_generate_nonce() or mbedtls_psa_aead_set_nonce().
+ * 3. Call mbedtls_psa_aead_update_ad() to pass all the additional data.
+ *
+ * If this function returns an error status, the operation enters an error
+ * state and must be aborted by calling mbedtls_psa_aead_abort().
+ *
+ * \warning When decrypting, until mbedtls_psa_aead_verify() has returned
+ *          #PSA_SUCCESS, there is no guarantee that the input is valid.
+ *          Therefore, until you have called mbedtls_psa_aead_verify() and it
+ *          has returned #PSA_SUCCESS:
+ *          - Do not use the output in any way other than storing it in a
+ *            confidential location. If you take any action that depends
+ *            on the tentative decrypted data, this action will need to be
+ *            undone if the input turns out not to be valid. Furthermore,
+ *            if an adversary can observe that this action took place
+ *            (for example through timing), they may be able to use this
+ *            fact as an oracle to decrypt any message encrypted with the
+ *            same key.
+ *          - In particular, do not copy the output anywhere but to a
+ *            memory or storage space that you have exclusive access to.
+ *
+ * This function does not require the input to be aligned to any
+ * particular block boundary. If the implementation can only process
+ * a whole block at a time, it must consume all the input provided, but
+ * it may delay the end of the corresponding output until a subsequent
+ * call to mbedtls_psa_aead_update(), mbedtls_psa_aead_finish() or
+ * mbedtls_psa_aead_verify() provides sufficient input. The amount of data that
+ * can be delayed in this way is bounded by #PSA_AEAD_UPDATE_OUTPUT_SIZE.
+ *
+ * \note For the time being #PSA_ALG_CCM and #PSA_ALG_GCM require the entire
+ *       data to be passed in in one go, i.e. only call
+ *       mbedtls_mbedtls_psa_aead_update() once.
+ *
+ * \param[in,out] operation     Active AEAD operation.
+ * \param[in] input             Buffer containing the message fragment to
+ *                              encrypt or decrypt.
+ * \param input_length          Size of the \p input buffer in bytes.
+ * \param[out] output           Buffer where the output is to be written.
+ * \param output_size           Size of the \p output buffer in bytes.
+ *                              This must be at least
+ *                              #PSA_AEAD_UPDATE_OUTPUT_SIZE(\c alg,
+ *                              \p input_length) where \c alg is the
+ *                              algorithm that is being calculated.
+ * \param[out] output_length    On success, the number of bytes
+ *                              that make up the returned output.
+ *
+ * \retval #PSA_SUCCESS
+ *         Success.
+ * \retval #PSA_ERROR_BAD_STATE
+ *         The operation state is not valid (it must be active, have a nonce
+ *         set, and have lengths set if required by the algorithm).
+ * \retval #PSA_ERROR_BUFFER_TOO_SMALL
+ *         The size of the \p output buffer is too small.
+ *         You can determine a sufficient buffer size by calling
+ *         #PSA_AEAD_UPDATE_OUTPUT_SIZE(\c alg, \p input_length)
+ *         where \c alg is the algorithm that is being calculated.
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ *         The total length of input to mbedtls_psa_aead_update_ad() so far is
+ *         less than the additional data length that was previously
+ *         specified with mbedtls_psa_aead_set_lengths().
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ *         The total input length overflows the plaintext length that
+ *         was previously specified with mbedtls_psa_aead_set_lengths().
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_STORAGE_FAILURE
+ * \retval #PSA_ERROR_BAD_STATE
+ *         The library has not been previously initialized by psa_crypto_init().
+ *         It is implementation-dependent whether a failure to initialize
+ *         results in this error code.
+ */
+psa_status_t mbedtls_psa_aead_update(psa_aead_operation_t *operation,
+                                     const uint8_t *input,
+                                     size_t input_length,
+                                     uint8_t *output,
+                                     size_t output_size,
+                                     size_t *output_length);
+
+/** Finish encrypting a message in an AEAD operation.
+ *
+ *  \note The signature of this function is that of a PSA driver
+ *       aead_finish entry point. This function behaves as an aead_finish entry
+ *       point as defined in the PSA driver interface specification for
+ *       transparent drivers.
+ *
+ * The operation must have been set up with mbedtls_psa_aead_encrypt_setup().
+ *
+ * This function finishes the authentication of the additional data
+ * formed by concatenating the inputs passed to preceding calls to
+ * mbedtls_psa_aead_update_ad() with the plaintext formed by concatenating the
+ * inputs passed to preceding calls to mbedtls_psa_aead_update().
+ *
+ * This function has two output buffers:
+ * - \p ciphertext contains trailing ciphertext that was buffered from
+ *   preceding calls to mbedtls_psa_aead_update().
+ * - \p tag contains the authentication tag. Its length is always
+ *   #PSA_AEAD_TAG_LENGTH(\c alg) where \c alg is the AEAD algorithm
+ *   that the operation performs.
+ *
+ * When this function returns successfuly, the operation becomes inactive.
+ * If this function returns an error status, the operation enters an error
+ * state and must be aborted by calling mbedtls_psa_aead_abort().
+ *
+ * \param[in,out] operation     Active AEAD operation.
+ * \param[out] ciphertext       Buffer where the last part of the ciphertext
+ *                              is to be written.
+ * \param ciphertext_size       Size of the \p ciphertext buffer in bytes.
+ *                              This must be at least
+ *                              #PSA_AEAD_FINISH_OUTPUT_SIZE(\c alg) where
+ *                              \c alg is the algorithm that is being
+ *                              calculated.
+ * \param[out] ciphertext_length On success, the number of bytes of
+ *                              returned ciphertext.
+ * \param[out] tag              Buffer where the authentication tag is
+ *                              to be written.
+ * \param tag_size              Size of the \p tag buffer in bytes.
+ *                              This must be at least
+ *                              #PSA_AEAD_TAG_LENGTH(\c alg) where \c alg is
+ *                              the algorithm that is being calculated.
+ * \param[out] tag_length       On success, the number of bytes
+ *                              that make up the returned tag.
+ *
+ * \retval #PSA_SUCCESS
+ *         Success.
+ * \retval #PSA_ERROR_BAD_STATE
+ *         The operation state is not valid (it must be an active encryption
+ *         operation with a nonce set).
+ * \retval #PSA_ERROR_BUFFER_TOO_SMALL
+ *         The size of the \p ciphertext or \p tag buffer is too small.
+ *         You can determine a sufficient buffer size for \p ciphertext by
+ *         calling #PSA_AEAD_FINISH_OUTPUT_SIZE(\c alg)
+ *         where \c alg is the algorithm that is being calculated.
+ *         You can determine a sufficient buffer size for \p tag by
+ *         calling #PSA_AEAD_TAG_LENGTH(\c alg).
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ *         The total length of input to psa_aead_update_ad() so far is
+ *         less than the additional data length that was previously
+ *         specified with psa_aead_set_lengths().
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ *         The total length of input to mbedtls_psa_aead_update() so far is
+ *         less than the plaintext length that was previously
+ *         specified with mbedtls_psa_aead_set_lengths().
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_STORAGE_FAILURE
+ * \retval #PSA_ERROR_BAD_STATE
+ *         The library has not been previously initialized by psa_crypto_init().
+ *         It is implementation-dependent whether a failure to initialize
+ *         results in this error code.
+ */
+psa_status_t mbedtls_psa_aead_finish(psa_aead_operation_t *operation,
+                                     uint8_t *ciphertext,
+                                     size_t ciphertext_size,
+                                     size_t *ciphertext_length,
+                                     uint8_t *tag,
+                                     size_t tag_size,
+                                     size_t *tag_length);
+
+/** Finish authenticating and decrypting a message in an AEAD operation.
+ *
+ *  \note The signature of this function is that of a PSA driver
+ *       aead_verify entry point. This function behaves as an aead_verify entry
+ *       point as defined in the PSA driver interface specification for
+ *       transparent drivers.
+ *
+ * The operation must have been set up with mbedtls_psa_aead_decrypt_setup().
+ *
+ * This function finishes the authenticated decryption of the message
+ * components:
+ *
+ * -  The additional data consisting of the concatenation of the inputs
+ *    passed to preceding calls to mbedtls_psa_aead_update_ad().
+ * -  The ciphertext consisting of the concatenation of the inputs passed to
+ *    preceding calls to mbedtls_psa_aead_update().
+ * -  The tag passed to this function call.
+ *
+ * If the authentication tag is correct, this function outputs any remaining
+ * plaintext and reports success. If the authentication tag is not correct,
+ * this function returns #PSA_ERROR_INVALID_SIGNATURE.
+ *
+ * When this function returns successfuly, the operation becomes inactive.
+ * If this function returns an error status, the operation enters an error
+ * state and must be aborted by calling mbedtls_psa_aead_abort().
+ *
+ * \note Implementations shall make the best effort to ensure that the
+ * comparison between the actual tag and the expected tag is performed
+ * in constant time.
+ *
+ * \param[in,out] operation     Active AEAD operation.
+ * \param[out] plaintext        Buffer where the last part of the plaintext
+ *                              is to be written. This is the remaining data
+ *                              from previous calls to mbedtls_psa_aead_update()
+ *                              that could not be processed until the end
+ *                              of the input.
+ * \param plaintext_size        Size of the \p plaintext buffer in bytes.
+ *                              This must be at least
+ *                              #PSA_AEAD_VERIFY_OUTPUT_SIZE(\c alg) where
+ *                              \c alg is the algorithm that is being
+ *                              calculated.
+ * \param[out] plaintext_length On success, the number of bytes of
+ *                              returned plaintext.
+ * \param[in] tag               Buffer containing the authentication tag.
+ * \param tag_length            Size of the \p tag buffer in bytes.
+ *
+ * \retval #PSA_SUCCESS
+ *         Success.
+ * \retval #PSA_ERROR_INVALID_SIGNATURE
+ *         The calculations were successful, but the authentication tag is
+ *         not correct.
+ * \retval #PSA_ERROR_BAD_STATE
+ *         The operation state is not valid (it must be an active decryption
+ *         operation with a nonce set).
+ * \retval #PSA_ERROR_BUFFER_TOO_SMALL
+ *         The size of the \p plaintext buffer is too small.
+ *         You can determine a sufficient buffer size for \p plaintext by
+ *         calling #PSA_AEAD_VERIFY_OUTPUT_SIZE(\c alg)
+ *         where \c alg is the algorithm that is being calculated.
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ *         The total length of input to mbedtls_psa_aead_update_ad() so far is
+ *         less than the additional data length that was previously
+ *         specified with mbedtls_psa_aead_set_lengths().
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ *         The total length of input to mbedtls_psa_aead_update() so far is
+ *         less than the plaintext length that was previously
+ *         specified with psa_aead_set_lengths().
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_STORAGE_FAILURE
+ * \retval #PSA_ERROR_BAD_STATE
+ *         The library has not been previously initialized by psa_crypto_init().
+ *         It is implementation-dependent whether a failure to initialize
+ *         results in this error code.
+ */
+psa_status_t mbedtls_psa_aead_verify(psa_aead_operation_t *operation,
+                                     uint8_t *plaintext,
+                                     size_t plaintext_size,
+                                     size_t *plaintext_length,
+                                     const uint8_t *tag,
+                                     size_t tag_length);
+
+/** Abort an AEAD operation.
+ *
+ *  \note The signature of this function is that of a PSA driver
+ *       aead_abort entry point. This function behaves as an aead_abort entry
+ *       point as defined in the PSA driver interface specification for
+ *       transparent drivers.
+ *
+ * Aborting an operation frees all associated resources except for the
+ * \p operation structure itself. Once aborted, the operation object
+ * can be reused for another operation by calling
+ * mbedtls_psa_aead_encrypt_setup() or mbedtls_psa_aead_decrypt_setup() again.
+ *
+ * You may call this function any time after the operation object has
+ * been initialized as described in #psa_aead_operation_t.
+ *
+ * In particular, calling mbedtls_psa_aead_abort() after the operation has been
+ * terminated by a call to mbedtls_psa_aead_abort(), mbedtls_psa_aead_finish() or
+ * mbedtls_psa_aead_verify() is safe and has no effect.
+ *
+ * \param[in,out] operation     Initialized AEAD operation.
+ *
+ * \retval #PSA_SUCCESS
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_BAD_STATE
+ *         The library has not been previously initialized by psa_crypto_init().
+ *         It is implementation-dependent whether a failure to initialize
+ *         results in this error code.
+ */
+psa_status_t mbedtls_psa_aead_abort(psa_aead_operation_t *operation);
+
+
 #endif /* PSA_CRYPTO_AEAD */

From 6504aa64517ffec5b3894119d86418223b299f6c Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Tue, 20 Apr 2021 17:09:36 +0100
Subject: [PATCH 003/966] First pass addition of driver wrappers

Transparent driver test functions not yet implemented.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 include/psa/crypto_struct.h          |  10 +-
 library/psa_crypto_driver_wrappers.c | 371 +++++++++++++++++++++++++++
 library/psa_crypto_driver_wrappers.h |  61 +++++
 3 files changed, 441 insertions(+), 1 deletion(-)

diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h
index 6c93814be3..6f0fc01fe8 100644
--- a/include/psa/crypto_struct.h
+++ b/include/psa/crypto_struct.h
@@ -156,6 +156,14 @@ struct psa_aead_operation_s
     psa_algorithm_t alg;
     psa_key_type_t key_type;
 
+    /** Unique ID indicating which driver got assigned to do the
+     * operation. Since driver contexts are driver-specific, swapping
+     * drivers halfway through the operation is not supported.
+     * ID values are auto-generated in psa_crypto_driver_wrappers.h
+     * ID value zero means the context is not valid or not assigned to
+     * any driver (i.e. none of the driver contexts are active). */
+    unsigned int id;
+
     unsigned int key_set : 1;
     unsigned int nonce_set : 1;
     unsigned int lengths_set : 1;
@@ -197,7 +205,7 @@ struct psa_aead_operation_s
     } ctx;
 };
 
-#define PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, {0}, {0}}
+#define PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, {0}, {0}}
 static inline struct psa_aead_operation_s psa_aead_operation_init( void )
 {
     const struct psa_aead_operation_s v = PSA_AEAD_OPERATION_INIT;
diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c
index 795e424894..59a00a6cfd 100644
--- a/library/psa_crypto_driver_wrappers.c
+++ b/library/psa_crypto_driver_wrappers.c
@@ -1292,6 +1292,377 @@ psa_status_t psa_driver_wrapper_aead_decrypt(
     }
 }
 
+psa_status_t psa_driver_wrapper_aead_encrypt_setup(
+   psa_aead_operation_t *operation,
+   const psa_key_attributes_t *attributes,
+   const uint8_t *key_buffer, size_t key_buffer_size,
+   psa_algorithm_t alg )
+{
+    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+    psa_key_location_t location =
+        PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
+
+    switch( location )
+    {
+        case PSA_KEY_LOCATION_LOCAL_STORAGE:
+            /* Key is stored in the slot in export representation, so
+             * cycle through all known transparent accelerators */
+
+#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+//          status = test_transparent_aead_encrypt_setup(
+//                      operation, attributes,
+//                      key_buffer, key_buffer_size,
+//                      alg );
+            /* Declared with fallback == true */
+            if( status == PSA_SUCCESS )
+                operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
+
+            if( status != PSA_ERROR_NOT_SUPPORTED )
+                return( status );
+#endif /* PSA_CRYPTO_DRIVER_TEST */
+#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+
+            /* Fell through, meaning no accelerator supports this operation */
+            status = mbedtls_psa_aead_encrypt_setup(
+                        operation, attributes,
+                        key_buffer, key_buffer_size,
+                        alg );
+
+            if( status == PSA_SUCCESS )
+                operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
+
+            return( status );
+
+        /* Add cases for opaque driver here */
+
+        default:
+            /* Key is declared with a lifetime not known to us */
+            (void)status;
+            return( PSA_ERROR_INVALID_ARGUMENT );
+    }
+}
+
+psa_status_t psa_driver_wrapper_aead_decrypt_setup(
+   psa_aead_operation_t *operation,
+   const psa_key_attributes_t *attributes,
+   const uint8_t *key_buffer, size_t key_buffer_size,
+   psa_algorithm_t alg )
+{
+    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+    psa_key_location_t location =
+        PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
+
+    switch( location )
+    {
+        case PSA_KEY_LOCATION_LOCAL_STORAGE:
+            /* Key is stored in the slot in export representation, so
+             * cycle through all known transparent accelerators */
+
+#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+//          status = test_transparent_aead_decrypt_setup(
+//                      operation, attributes,
+//                      key_buffer, key_buffer_size,
+//                      alg );
+            /* Declared with fallback == true */
+            if( status == PSA_SUCCESS )
+                operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
+
+            if( status != PSA_ERROR_NOT_SUPPORTED )
+                return( status );
+#endif /* PSA_CRYPTO_DRIVER_TEST */
+#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+
+            /* Fell through, meaning no accelerator supports this operation */
+            status = mbedtls_psa_aead_decrypt_setup(
+                        operation, attributes,
+                        key_buffer, key_buffer_size,
+                        alg );
+
+            if( status == PSA_SUCCESS )
+                operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
+
+            return( status );
+
+        /* Add cases for opaque driver here */
+
+        default:
+            /* Key is declared with a lifetime not known to us */
+            (void)status;
+            return( PSA_ERROR_INVALID_ARGUMENT );
+    }
+}
+
+psa_status_t psa_driver_wrapper_aead_generate_nonce(
+   psa_aead_operation_t *operation,
+   uint8_t *nonce,
+   size_t nonce_size,
+   size_t *nonce_length )
+{
+    switch( operation->id )
+    {
+#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
+        case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
+            return( mbedtls_psa_aead_generate_nonce( operation, nonce, nonce_size,
+                                                     nonce_length ) );
+#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
+
+#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+        case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
+//          return( test_transparent_aead_generate_nonce(
+//                      operation, nonce, nonce_size, nonce_length ) );
+
+        /* Add cases for opaque driver here */
+
+#endif /* PSA_CRYPTO_DRIVER_TEST */
+#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+    }
+
+    (void)nonce;
+    (void)nonce_size;
+    (void)nonce_length;
+
+    return( PSA_ERROR_INVALID_ARGUMENT );
+}
+
+psa_status_t psa_driver_wrapper_aead_set_nonce(
+   psa_aead_operation_t *operation,
+   const uint8_t *nonce,
+   size_t nonce_length )
+{
+    switch( operation->id )
+    {
+#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
+        case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
+            return( mbedtls_psa_aead_set_nonce( operation, nonce, nonce_length ) );
+
+#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
+
+#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+        case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
+//          return( test_transparent_aead_set_nonce(
+//                      operation, nonce, nonce_length ) );
+
+        /* Add cases for opaque driver here */
+
+#endif /* PSA_CRYPTO_DRIVER_TEST */
+#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+    }
+
+    (void)nonce;
+    (void)nonce_length;
+
+    return( PSA_ERROR_INVALID_ARGUMENT );
+}
+
+psa_status_t psa_driver_wrapper_aead_set_lengths(
+   psa_aead_operation_t *operation,
+   size_t ad_length,
+   size_t plaintext_length )
+{
+    switch( operation->id )
+    {
+#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
+        case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
+            return( mbedtls_psa_aead_set_lengths( operation, ad_length, plaintext_length ) );
+
+#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
+
+#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+        case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
+//          return( test_transparent_aead_set_lengths(
+//                      operation, ad_length, plaintext_length ) );
+
+        /* Add cases for opaque driver here */
+
+#endif /* PSA_CRYPTO_DRIVER_TEST */
+#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+    }
+
+    (void)ad_length;
+    (void)plaintext_length;
+
+    return( PSA_ERROR_INVALID_ARGUMENT );
+}
+
+psa_status_t psa_driver_wrapper_aead_update_ad(
+   psa_aead_operation_t *operation,
+   const uint8_t *input,
+   size_t input_length )
+{
+    switch( operation->id )
+    {
+#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
+        case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
+            return( mbedtls_psa_aead_update_ad( operation, input, input_length ) );
+
+#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
+
+#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+        case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
+//          return( test_transparent_aead_update_ad(
+//                      operation, input, input_length ) );
+
+        /* Add cases for opaque driver here */
+
+#endif /* PSA_CRYPTO_DRIVER_TEST */
+#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+    }
+
+    (void)input;
+    (void)input_length;
+
+    return( PSA_ERROR_INVALID_ARGUMENT );
+}
+
+psa_status_t psa_driver_wrapper_aead_update(
+   psa_aead_operation_t *operation,
+   const uint8_t *input,
+   size_t input_length,
+   uint8_t *output,
+   size_t output_size,
+   size_t *output_length )
+{
+    switch( operation->id )
+    {
+#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
+        case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
+            return( mbedtls_psa_aead_update( operation, input, input_length, output,
+                                             output_size, output_length ) );
+
+#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
+
+#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+        case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
+//          return( test_transparent_aead_update(
+//                      operation, input, input_length, ouput, output_size,
+//                      output_length ) );
+
+        /* Add cases for opaque driver here */
+
+#endif /* PSA_CRYPTO_DRIVER_TEST */
+#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+    }
+
+    (void)input;
+    (void)input_length;
+    (void)output;
+    (void)output_size;
+    (void)output_length;
+
+    return( PSA_ERROR_INVALID_ARGUMENT );
+}
+
+psa_status_t psa_driver_wrapper_aead_finish(
+   psa_aead_operation_t *operation,
+   uint8_t *ciphertext,
+   size_t ciphertext_size,
+   size_t *ciphertext_length,
+   uint8_t *tag,
+   size_t tag_size,
+   size_t *tag_length )
+{
+    switch( operation->id )
+    {
+#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
+        case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
+            return( mbedtls_psa_aead_finish( operation, ciphertext, ciphertext_size,
+                                             ciphertext_length, tag, tag_size, tag_length ) );
+
+#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
+
+#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+        case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
+//          return( test_transparent_aead_finish(
+//                      operation, ciphertext, ciphertext_size,
+//                      ciphertext_length, tag, tag_size, tag_length ) );
+
+        /* Add cases for opaque driver here */
+
+#endif /* PSA_CRYPTO_DRIVER_TEST */
+#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+    }
+
+    (void)ciphertext;
+    (void)ciphertext_size;
+    (void)ciphertext_length;
+    (void)tag;
+    (void)tag_size;
+    (void)tag_length;
+
+    return( PSA_ERROR_INVALID_ARGUMENT );
+}
+
+psa_status_t psa_driver_wrapper_aead_verify(
+   psa_aead_operation_t *operation,
+   uint8_t *plaintext,
+   size_t plaintext_size,
+   size_t *plaintext_length,
+   const uint8_t *tag,
+   size_t tag_length )
+{
+    switch( operation->id )
+    {
+#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
+        case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
+            return( mbedtls_psa_aead_verify( operation, plaintext, plaintext_size,
+                                             plaintext_length, tag, tag_length ) );
+
+#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
+
+#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+        case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
+//          return( test_transparent_aead_verify(
+//                      operation, ciphertext, ciphertext_size,
+//                      ciphertext_length, tag, tag_length ) );
+
+        /* Add cases for opaque driver here */
+
+#endif /* PSA_CRYPTO_DRIVER_TEST */
+#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+    }
+
+    (void)plaintext;
+    (void)plaintext_size;
+    (void)plaintext_length;
+    (void)tag;
+    (void)tag_length;
+
+    return( PSA_ERROR_INVALID_ARGUMENT );
+}
+
+psa_status_t psa_driver_wrapper_aead_abort(
+   psa_aead_operation_t *operation )
+{
+    switch( operation->id )
+    {
+#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
+        case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
+            return( mbedtls_psa_aead_abort( operation ) );
+
+#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
+
+#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+        case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
+//          return( test_transparent_aead_abort( operation ) );
+
+        /* Add cases for opaque driver here */
+
+#endif /* PSA_CRYPTO_DRIVER_TEST */
+#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+    }
+
+    return( PSA_ERROR_INVALID_ARGUMENT );
+}
 
 /*
  * MAC functions
diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h
index 37d5a9a1c0..bdb2eba16a 100644
--- a/library/psa_crypto_driver_wrappers.h
+++ b/library/psa_crypto_driver_wrappers.h
@@ -183,6 +183,67 @@ psa_status_t psa_driver_wrapper_aead_decrypt(
     const uint8_t *ciphertext, size_t ciphertext_length,
     uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length );
 
+psa_status_t psa_driver_wrapper_aead_encrypt_setup(
+    psa_aead_operation_t *operation,
+    const psa_key_attributes_t *attributes,
+    const uint8_t *key_buffer, size_t key_buffer_size,
+    psa_algorithm_t alg );
+
+psa_status_t psa_driver_wrapper_aead_decrypt_setup(
+    psa_aead_operation_t *operation,
+    const psa_key_attributes_t *attributes,
+    const uint8_t *key_buffer, size_t key_buffer_size,
+    psa_algorithm_t alg );
+
+psa_status_t psa_driver_wrapper_aead_generate_nonce(
+    psa_aead_operation_t *operation,
+    uint8_t *nonce,
+    size_t nonce_size,
+    size_t *nonce_length );
+
+psa_status_t psa_driver_wrapper_aead_set_nonce(
+    psa_aead_operation_t *operation,
+    const uint8_t *nonce,
+    size_t nonce_length );
+
+psa_status_t psa_driver_wrapper_aead_set_lengths(
+    psa_aead_operation_t *operation,
+    size_t ad_length,
+    size_t plaintext_length );
+
+psa_status_t psa_driver_wrapper_aead_update_ad(
+    psa_aead_operation_t *operation,
+    const uint8_t *input,
+    size_t input_length );
+
+psa_status_t psa_driver_wrapper_aead_update(
+    psa_aead_operation_t *operation,
+    const uint8_t *input,
+    size_t input_length,
+    uint8_t *output,
+    size_t output_size,
+    size_t *output_length );
+
+psa_status_t psa_driver_wrapper_aead_finish(
+    psa_aead_operation_t *operation,
+    uint8_t *ciphertext,
+    size_t ciphertext_size,
+    size_t *ciphertext_length,
+    uint8_t *tag,
+    size_t tag_size,
+    size_t *tag_length );
+
+psa_status_t psa_driver_wrapper_aead_verify(
+    psa_aead_operation_t *operation,
+    uint8_t *plaintext,
+    size_t plaintext_size,
+    size_t *plaintext_length,
+    const uint8_t *tag,
+    size_t tag_length );
+
+psa_status_t psa_driver_wrapper_aead_abort(
+    psa_aead_operation_t *operation );
+
 /*
  * MAC functions
  */

From 302ff6bdd632c61c5c50452ce1b5ac8226336a98 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Tue, 20 Apr 2021 18:10:30 +0100
Subject: [PATCH 004/966] Implement multipart AEAD PSA interface

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto.c                 | 249 +++++++++++++++++++++++++++
 library/psa_crypto_aead.c            |  73 --------
 library/psa_crypto_aead.h            |  61 +------
 library/psa_crypto_driver_wrappers.c |  33 ----
 library/psa_crypto_driver_wrappers.h |   6 -
 5 files changed, 257 insertions(+), 165 deletions(-)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 2583735fe9..6598cf43a3 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3214,6 +3214,255 @@ psa_status_t psa_aead_decrypt( mbedtls_svc_key_id_t key,
     return( status );
 }
 
+/* Set the key for a multipart authenticated encryption operation. */
+psa_status_t psa_aead_encrypt_setup( psa_aead_operation_t *operation,
+                                     mbedtls_svc_key_id_t key,
+                                     psa_algorithm_t alg )
+{
+    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+    psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
+    psa_key_slot_t *slot;
+
+    if( !PSA_ALG_IS_AEAD( alg ) || PSA_ALG_IS_WILDCARD( alg ) )
+        return( PSA_ERROR_NOT_SUPPORTED );
+
+    status = psa_get_and_lock_key_slot_with_policy(
+                 key, &slot, PSA_KEY_USAGE_DECRYPT, alg );
+
+    if( status != PSA_SUCCESS )
+    {
+        return( status );
+    }
+
+    psa_key_attributes_t attributes = {
+      .core = slot->attr
+    };
+
+    status = psa_driver_wrapper_aead_encrypt_setup( operation,
+                                                    &attributes, slot->key.data,
+                                                    slot->key.bytes, alg );
+
+
+    unlock_status = psa_unlock_key_slot( slot );
+
+    if( unlock_status != PSA_SUCCESS )
+    {
+        return( unlock_status );
+    }
+
+    return( status );
+}
+
+/* Set the key for a multipart authenticated decryption operation. */
+psa_status_t psa_aead_decrypt_setup( psa_aead_operation_t *operation,
+                                     mbedtls_svc_key_id_t key,
+                                     psa_algorithm_t alg )
+{
+    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+    psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
+    psa_key_slot_t *slot;
+
+    if( !PSA_ALG_IS_AEAD( alg ) || PSA_ALG_IS_WILDCARD( alg ) )
+        return( PSA_ERROR_NOT_SUPPORTED );
+
+    status = psa_get_and_lock_key_slot_with_policy(
+                 key, &slot, PSA_KEY_USAGE_DECRYPT, alg );
+
+    if( status != PSA_SUCCESS )
+    {
+        return( status );
+    }
+
+    psa_key_attributes_t attributes = {
+      .core = slot->attr
+    };
+
+    status = psa_driver_wrapper_aead_decrypt_setup( operation,
+                                                    &attributes, slot->key.data,
+                                                    slot->key.bytes, alg );
+
+
+    unlock_status = psa_unlock_key_slot( slot );
+
+    if( unlock_status != PSA_SUCCESS )
+    {
+        return( unlock_status );
+    }
+
+    return( status );
+}
+
+/* Generate a random nonce / IV for multipart AEAD operation */
+psa_status_t psa_aead_generate_nonce( psa_aead_operation_t *operation,
+                                      uint8_t *nonce,
+                                      size_t nonce_size,
+                                      size_t *nonce_length )
+{
+    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+    size_t required_nonce_size = nonce_size;
+
+     *nonce_length = 0;
+
+    if( !operation->key_set || operation->nonce_set ||
+        operation->ad_started || operation->body_started )
+    {
+        return( PSA_ERROR_BAD_STATE );
+    }
+
+    required_nonce_size = PSA_AEAD_NONCE_LENGTH(operation->key_type, operation->alg);
+
+    if( nonce_size == 0 || nonce_size < required_nonce_size )
+    {
+        return( PSA_ERROR_BUFFER_TOO_SMALL );
+    }
+
+    status = psa_generate_random( nonce, required_nonce_size );
+
+    if( status != PSA_SUCCESS )
+    {
+        return status;
+    }
+
+    status = psa_driver_wrapper_aead_set_nonce( operation, nonce, required_nonce_size );
+
+    if( status == PSA_SUCCESS )
+    {
+        *nonce_length = required_nonce_size;
+    }
+
+    return status;
+}
+
+/* Set the nonce for a multipart authenticated encryption or decryption
+   operation.*/
+psa_status_t psa_aead_set_nonce( psa_aead_operation_t *operation,
+                                 const uint8_t *nonce,
+                                 size_t nonce_length )
+{
+    if( !operation->key_set || operation->nonce_set ||
+        operation->ad_started || operation->body_started )
+    {
+        return( PSA_ERROR_BAD_STATE );
+    }
+
+    return( psa_driver_wrapper_aead_set_nonce( operation, nonce, nonce_length ) );
+}
+
+/* Declare the lengths of the message and additional data for multipart AEAD. */
+psa_status_t psa_aead_set_lengths( psa_aead_operation_t *operation,
+                                   size_t ad_length,
+                                   size_t plaintext_length )
+{
+    if( !operation->key_set || operation->lengths_set )
+    {
+        return( PSA_ERROR_BAD_STATE );
+    }
+
+    return( psa_driver_wrapper_aead_set_lengths( operation, ad_length, plaintext_length ) );
+}
+ /* Pass additional data to an active multipart AEAD operation. */
+psa_status_t psa_aead_update_ad( psa_aead_operation_t *operation,
+                                 const uint8_t *input,
+                                 size_t input_length )
+{
+    if( !operation->nonce_set || !operation->key_set )
+    {
+        return( PSA_ERROR_BAD_STATE );
+    }
+
+    return( psa_driver_wrapper_aead_update_ad( operation, input, input_length ) );
+}
+
+/* Encrypt or decrypt a message fragment in an active multipart AEAD
+   operation.*/
+psa_status_t psa_aead_update( psa_aead_operation_t *operation,
+                              const uint8_t *input,
+                              size_t input_length,
+                              uint8_t *output,
+                              size_t output_size,
+                              size_t *output_length )
+{
+
+    *output_length = 0;
+
+    if( !operation->nonce_set || !operation->key_set || !operation->ad_started )
+    {
+        return( PSA_ERROR_BAD_STATE );
+    }
+
+    return( psa_driver_wrapper_aead_update( operation, input, input_length, output, output_size,
+                                            output_length ) );
+}
+
+/* Finish encrypting a message in a multipart AEAD operation. */
+psa_status_t psa_aead_finish( psa_aead_operation_t *operation,
+                              uint8_t *ciphertext,
+                              size_t ciphertext_size,
+                              size_t *ciphertext_length,
+                              uint8_t *tag,
+                              size_t tag_size,
+                              size_t *tag_length )
+{
+    *ciphertext_length = 0;
+    *tag_length = 0;
+
+    if( !operation->key_set || !operation->nonce_set ||
+        !operation->ad_started || !operation->body_started )
+    {
+        return( PSA_ERROR_BAD_STATE );
+    }
+
+    return( psa_driver_wrapper_aead_finish( operation, ciphertext, ciphertext_size,
+                                            ciphertext_length, tag, tag_size, tag_length ) );
+}
+
+/* Finish authenticating and decrypting a message in a multipart AEAD
+   operation.*/
+psa_status_t psa_aead_verify( psa_aead_operation_t *operation,
+                              uint8_t *plaintext,
+                              size_t plaintext_size,
+                              size_t *plaintext_length,
+                              const uint8_t *tag,
+                              size_t tag_length )
+{
+    *plaintext_length = 0;
+
+    if( !operation->key_set || !operation->nonce_set ||
+        !operation->ad_started || !operation->body_started )
+    {
+        return( PSA_ERROR_BAD_STATE );
+    }
+
+    return( psa_driver_wrapper_aead_verify( operation, plaintext, plaintext_size, plaintext_length,
+                                             tag, tag_length ) );
+}
+
+/* Abort an AEAD operation. */
+psa_status_t psa_aead_abort(psa_aead_operation_t *operation)
+{
+    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+    if( operation->id == 0 )
+    {
+        /* The object has (apparently) been initialized but it is not (yet)
+         * in use. It's ok to call abort on such an object, and there's
+         * nothing to do. */
+        return( PSA_SUCCESS );
+    }
+
+    status = psa_driver_wrapper_aead_abort( operation );
+
+    operation->id = 0;
+    operation->key_set = 0;
+    operation->nonce_set = 0;
+    operation->lengths_set = 0;
+    operation->is_encrypt = 0;
+    operation->ad_started = 0;
+    operation->body_started = 0;
+
+    return( status );
+}
+
 /****************************************************************/
 /* Generators */
 /****************************************************************/
diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c
index 47b0e7b3e2..f8cceae8ee 100644
--- a/library/psa_crypto_aead.c
+++ b/library/psa_crypto_aead.c
@@ -394,45 +394,6 @@ psa_status_t mbedtls_psa_aead_decrypt_setup( psa_aead_operation_t *operation,
     return ( status );
 }
 
-/* Generate a random nonce / IV for multipart AEAD operation */
-psa_status_t mbedtls_psa_aead_generate_nonce( psa_aead_operation_t *operation,
-                                              uint8_t *nonce,
-                                              size_t nonce_size,
-                                              size_t *nonce_length )
-{
-    psa_status_t status;
-    size_t required_nonce_size = nonce_size;
-
-    if( !operation->key_set || operation->nonce_set ||
-        operation->ad_started || operation->body_started )
-    {
-        return( PSA_ERROR_BAD_STATE );
-    }
-
-    required_nonce_size = PSA_AEAD_NONCE_LENGTH(operation->key_type, operation->alg);
-
-    if( nonce_size == 0 || nonce_size < required_nonce_size )
-    {
-        return( PSA_ERROR_BUFFER_TOO_SMALL );
-    }
-
-    status = psa_generate_random( nonce, required_nonce_size );
-
-    if( status != PSA_SUCCESS )
-    {
-        return status;
-    }
-
-    status = mbedtls_psa_aead_set_nonce( operation, nonce, required_nonce_size );
-
-    if( status == PSA_SUCCESS )
-    {
-        *nonce_length = required_nonce_size;
-    }
-
-    return status;
-}
-
 /* Set a nonce for the multipart AEAD operation*/
 psa_status_t mbedtls_psa_aead_set_nonce( psa_aead_operation_t *operation,
                                          const uint8_t *nonce,
@@ -440,19 +401,6 @@ psa_status_t mbedtls_psa_aead_set_nonce( psa_aead_operation_t *operation,
 {
     psa_status_t status;
 
-    if( !operation->key_set || operation->nonce_set ||
-        operation->ad_started || operation->body_started )
-    {
-        return( PSA_ERROR_BAD_STATE );
-    }
-
-    /* Restricting to a nominal safe length for nonces even though some
-       algorithms can handle longer nonces, but not without collision */
-    if( nonce_length > PSA_AEAD_NONCE_MAX_SIZE )
-    {
-        return( PSA_ERROR_INVALID_ARGUMENT );
-    }
-
     #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
     if( operation->alg == PSA_ALG_GCM )
     {
@@ -514,11 +462,6 @@ psa_status_t mbedtls_psa_aead_set_lengths( psa_aead_operation_t *operation,
                                            size_t plaintext_length )
 {
 
-    if( !operation->key_set || operation->lengths_set )
-    {
-        return( PSA_ERROR_BAD_STATE );
-    }
-
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
     if( operation->alg == PSA_ALG_GCM )
     {
@@ -570,11 +513,6 @@ psa_status_t mbedtls_psa_aead_update_ad( psa_aead_operation_t *operation,
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
-    if( !operation->nonce_set || !operation->key_set )
-    {
-        return( PSA_ERROR_BAD_STATE );
-    }
-
     if( operation->lengths_set )
     {
         if ( operation->ad_remaining < input_length )
@@ -675,11 +613,6 @@ psa_status_t mbedtls_psa_aead_update( psa_aead_operation_t *operation,
     size_t update_output_size;
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
-    if( !operation->nonce_set || !operation->key_set || !operation->ad_started )
-    {
-        return( PSA_ERROR_BAD_STATE );
-    }
-
     update_output_size = PSA_AEAD_UPDATE_OUTPUT_SIZE(operation->key_type,
                                                      operation->alg, input_length);
 
@@ -791,12 +724,6 @@ static psa_status_t mbedtls_psa_aead_finish_checks( psa_aead_operation_t *operat
                                                     size_t *finish_output_size,
                                                     size_t *output_tag_length )
 {
-    if( !operation->key_set || !operation->nonce_set
-        || !operation->ad_started || !operation->body_started)
-    {
-        return( PSA_ERROR_BAD_STATE );
-    }
-
     if( operation->lengths_set )
     {
         if( operation->ad_remaining != 0 || operation->body_remaining != 0 )
diff --git a/library/psa_crypto_aead.h b/library/psa_crypto_aead.h
index d7aac24ed0..a9d268773e 100644
--- a/library/psa_crypto_aead.h
+++ b/library/psa_crypto_aead.h
@@ -167,9 +167,9 @@ psa_status_t mbedtls_psa_aead_decrypt(
  *    the inputs to the subsequent calls to mbedtls_psa_aead_update_ad() and
  *    mbedtls_psa_aead_update(). See the documentation of mbedtls_psa_aead_set_lengths()
  *    for details.
- * -# Call either mbedtls_psa_aead_generate_nonce() or mbedtls_psa_aead_set_nonce() to
- *    generate or set the nonce. You should use
- *    mbedtls_psa_aead_generate_nonce() unless the protocol you are implementing
+ * -# Call either psa_aead_generate_nonce() or
+ *    mbedtls_psa_aead_set_nonce() to generate or set the nonce. You should use
+ *    psa_aead_generate_nonce() unless the protocol you are implementing
  *    requires a specific nonce value.
  * -# Call mbedtls_psa_aead_update_ad() zero, one or more times, passing a fragment
  *    of the non-encrypted additional authenticated data each time.
@@ -297,52 +297,6 @@ psa_status_t mbedtls_psa_aead_decrypt_setup(psa_aead_operation_t *operation,
                                             const uint8_t *key_buffer, size_t key_buffer_size,
                                             psa_algorithm_t alg);
 
-/** Generate a random nonce for an authenticated encryption operation.
- *
- * \note The signature of this function is that of a PSA driver
- *       aead_generate_nonce entry point. This function behaves as an
- *       aead_generate_nonce entry point as defined in the PSA driver interface
- *       specification for transparent drivers.
- *
- * This function generates a random nonce for the authenticated encryption
- * operation with an appropriate size for the chosen algorithm, key type
- * and key size.
- *
- * The application must call mbedtls_psa_aead_encrypt_setup() before
- * calling this function.
- *
- * If this function returns an error status, the operation enters an error
- * state and must be aborted by calling mbedtls_psa_aead_abort().
- *
- * \param[in,out] operation     Active AEAD operation.
- * \param[out] nonce            Buffer where the generated nonce is to be
- *                              written.
- * \param nonce_size            Size of the \p nonce buffer in bytes.
- * \param[out] nonce_length     On success, the number of bytes of the
- *                              generated nonce.
- *
- * \retval #PSA_SUCCESS
- *         Success.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be an active aead encrypt
- *         operation, with no nonce set).
- * \retval #PSA_ERROR_BUFFER_TOO_SMALL
- *         The size of the \p nonce buffer is too small.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
- *         It is implementation-dependent whether a failure to initialize
- *         results in this error code.
- */
-psa_status_t mbedtls_psa_aead_generate_nonce(psa_aead_operation_t *operation,
-                                            uint8_t *nonce,
-                                            size_t nonce_size,
-                                            size_t *nonce_length);
-
 /** Set the nonce for an authenticated encryption or decryption operation.
  *
  * \note The signature of this function is that of a PSA driver
@@ -402,7 +356,7 @@ psa_status_t mbedtls_psa_aead_set_nonce(psa_aead_operation_t *operation,
  * then the implementation must enforce the lengths.
  *
  * You may call this function before or after setting the nonce with
- * mbedtls_psa_aead_set_nonce() or mbedtls_psa_aead_generate_nonce().
+ * mbedtls_psa_aead_set_nonce() or psa_aead_generate_nonce().
  *
  * - For #PSA_ALG_CCM, calling this function is required.
  * - For the other AEAD algorithms defined in this specification, calling
@@ -454,7 +408,7 @@ psa_status_t mbedtls_psa_aead_set_lengths(psa_aead_operation_t *operation,
  *
  * Before calling this function, you must:
  * 1. Call either mbedtls_psa_aead_encrypt_setup() or mbedtls_psa_aead_decrypt_setup().
- * 2. Set the nonce with mbedtls_psa_aead_generate_nonce() or
+ * 2. Set the nonce with psa_aead_generate_nonce() or
  *    mbedtls_psa_aead_set_nonce().
  *
  * If this function returns an error status, the operation enters an error
@@ -509,8 +463,9 @@ psa_status_t mbedtls_psa_aead_update_ad(psa_aead_operation_t *operation,
  * 1. Call either mbedtls_psa_aead_encrypt_setup() or mbedtls_psa_aead_decrypt_setup().
  *    The choice of setup function determines whether this function
  *    encrypts or decrypts its input.
- * 2. Set the nonce with mbedtls_psa_aead_generate_nonce() or mbedtls_psa_aead_set_nonce().
- * 3. Call mbedtls_psa_aead_update_ad() to pass all the additional data.
+ * 2. Set the nonce with psa_aead_generate_nonce() or
+ * mbedtls_psa_aead_set_nonce(). 3. Call mbedtls_psa_aead_update_ad() to pass
+ * all the additional data.
  *
  * If this function returns an error status, the operation enters an error
  * state and must be aborted by calling mbedtls_psa_aead_abort().
diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c
index 59a00a6cfd..5e09fd231c 100644
--- a/library/psa_crypto_driver_wrappers.c
+++ b/library/psa_crypto_driver_wrappers.c
@@ -1394,39 +1394,6 @@ psa_status_t psa_driver_wrapper_aead_decrypt_setup(
     }
 }
 
-psa_status_t psa_driver_wrapper_aead_generate_nonce(
-   psa_aead_operation_t *operation,
-   uint8_t *nonce,
-   size_t nonce_size,
-   size_t *nonce_length )
-{
-    switch( operation->id )
-    {
-#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
-        case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
-            return( mbedtls_psa_aead_generate_nonce( operation, nonce, nonce_size,
-                                                     nonce_length ) );
-#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
-
-#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-        case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
-//          return( test_transparent_aead_generate_nonce(
-//                      operation, nonce, nonce_size, nonce_length ) );
-
-        /* Add cases for opaque driver here */
-
-#endif /* PSA_CRYPTO_DRIVER_TEST */
-#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
-    }
-
-    (void)nonce;
-    (void)nonce_size;
-    (void)nonce_length;
-
-    return( PSA_ERROR_INVALID_ARGUMENT );
-}
-
 psa_status_t psa_driver_wrapper_aead_set_nonce(
    psa_aead_operation_t *operation,
    const uint8_t *nonce,
diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h
index bdb2eba16a..05adb53f74 100644
--- a/library/psa_crypto_driver_wrappers.h
+++ b/library/psa_crypto_driver_wrappers.h
@@ -195,12 +195,6 @@ psa_status_t psa_driver_wrapper_aead_decrypt_setup(
     const uint8_t *key_buffer, size_t key_buffer_size,
     psa_algorithm_t alg );
 
-psa_status_t psa_driver_wrapper_aead_generate_nonce(
-    psa_aead_operation_t *operation,
-    uint8_t *nonce,
-    size_t nonce_size,
-    size_t *nonce_length );
-
 psa_status_t psa_driver_wrapper_aead_set_nonce(
     psa_aead_operation_t *operation,
     const uint8_t *nonce,

From 5653da0201c19755fa3f2ced4d8d8eea681bfbc3 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Wed, 21 Apr 2021 12:26:21 +0100
Subject: [PATCH 005/966] Fix errors with missing tests

Return not supported for the time being whilst we don't have the
transparent driver tests done.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto_driver_wrappers.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c
index 5e09fd231c..91ad37f80d 100644
--- a/library/psa_crypto_driver_wrappers.c
+++ b/library/psa_crypto_driver_wrappers.c
@@ -1310,6 +1310,7 @@ psa_status_t psa_driver_wrapper_aead_encrypt_setup(
 
 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
 #if defined(PSA_CRYPTO_DRIVER_TEST)
+            status = PSA_ERROR_NOT_SUPPORTED;
 //          status = test_transparent_aead_encrypt_setup(
 //                      operation, attributes,
 //                      key_buffer, key_buffer_size,
@@ -1361,6 +1362,7 @@ psa_status_t psa_driver_wrapper_aead_decrypt_setup(
 
 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
 #if defined(PSA_CRYPTO_DRIVER_TEST)
+            status = PSA_ERROR_NOT_SUPPORTED;
 //          status = test_transparent_aead_decrypt_setup(
 //                      operation, attributes,
 //                      key_buffer, key_buffer_size,
@@ -1410,6 +1412,7 @@ psa_status_t psa_driver_wrapper_aead_set_nonce(
 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
 #if defined(PSA_CRYPTO_DRIVER_TEST)
         case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
+            return( PSA_ERROR_NOT_SUPPORTED );
 //          return( test_transparent_aead_set_nonce(
 //                      operation, nonce, nonce_length ) );
 
@@ -1441,6 +1444,7 @@ psa_status_t psa_driver_wrapper_aead_set_lengths(
 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
 #if defined(PSA_CRYPTO_DRIVER_TEST)
         case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
+            return( PSA_ERROR_NOT_SUPPORTED );
 //          return( test_transparent_aead_set_lengths(
 //                      operation, ad_length, plaintext_length ) );
 
@@ -1472,6 +1476,7 @@ psa_status_t psa_driver_wrapper_aead_update_ad(
 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
 #if defined(PSA_CRYPTO_DRIVER_TEST)
         case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
+            return( PSA_ERROR_NOT_SUPPORTED );
 //          return( test_transparent_aead_update_ad(
 //                      operation, input, input_length ) );
 
@@ -1507,6 +1512,7 @@ psa_status_t psa_driver_wrapper_aead_update(
 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
 #if defined(PSA_CRYPTO_DRIVER_TEST)
         case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
+            return( PSA_ERROR_NOT_SUPPORTED );
 //          return( test_transparent_aead_update(
 //                      operation, input, input_length, ouput, output_size,
 //                      output_length ) );
@@ -1547,6 +1553,7 @@ psa_status_t psa_driver_wrapper_aead_finish(
 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
 #if defined(PSA_CRYPTO_DRIVER_TEST)
         case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
+            return( PSA_ERROR_NOT_SUPPORTED );
 //          return( test_transparent_aead_finish(
 //                      operation, ciphertext, ciphertext_size,
 //                      ciphertext_length, tag, tag_size, tag_length ) );
@@ -1587,6 +1594,7 @@ psa_status_t psa_driver_wrapper_aead_verify(
 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
 #if defined(PSA_CRYPTO_DRIVER_TEST)
         case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
+            return( PSA_ERROR_NOT_SUPPORTED );
 //          return( test_transparent_aead_verify(
 //                      operation, ciphertext, ciphertext_size,
 //                      ciphertext_length, tag, tag_length ) );
@@ -1620,6 +1628,7 @@ psa_status_t psa_driver_wrapper_aead_abort(
 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
 #if defined(PSA_CRYPTO_DRIVER_TEST)
         case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
+            return( PSA_ERROR_NOT_SUPPORTED );
 //          return( test_transparent_aead_abort( operation ) );
 
         /* Add cases for opaque driver here */

From 811d8d462fed3892b11a095438d4993dc7168cd8 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Thu, 22 Apr 2021 11:31:14 +0100
Subject: [PATCH 006/966] Fix incorrect enums being used

Fix memory leak due to aead_abort() using incorrect enums to identify
algorithm used. Fix incorrect return on failure to check tag on
aead_verify()

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto_aead.c | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c
index f8cceae8ee..e92dac512b 100644
--- a/library/psa_crypto_aead.c
+++ b/library/psa_crypto_aead.c
@@ -948,7 +948,7 @@ psa_status_t mbedtls_psa_aead_verify( psa_aead_operation_t *operation,
     {
         if( do_tag_check && safer_memcmp(tag, check_tag, tag_length) != 0 )
         {
-            status = MBEDTLS_ERR_GCM_AUTH_FAILED;
+            status = PSA_ERROR_INVALID_SIGNATURE;
         }
     }
 
@@ -960,10 +960,10 @@ psa_status_t mbedtls_psa_aead_verify( psa_aead_operation_t *operation,
 /* Abort an AEAD operation */
 psa_status_t mbedtls_psa_aead_abort( psa_aead_operation_t *operation )
 {
-   switch( operation->alg )
+    switch( operation->alg )
     {
-#if defined(MBEDTLS_CCM_C)
-        case MBEDTLS_PSA_BUILTIN_ALG_CCM:
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
+        case PSA_ALG_CCM:
             mbedtls_ccm_free( &operation->ctx.ccm );
             break;
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
@@ -973,9 +973,9 @@ psa_status_t mbedtls_psa_aead_abort( psa_aead_operation_t *operation )
             break;
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
-       case PSA_ALG_CHACHA20_POLY1305:
-           mbedtls_chachapoly_free( &operation->ctx.chachapoly );
-           break;
+        case PSA_ALG_CHACHA20_POLY1305:
+            mbedtls_chachapoly_free( &operation->ctx.chachapoly );
+            break;
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
     }
 

From c4e1dcf006318c6c5f6d671c703bae4a65e188ae Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Fri, 23 Apr 2021 18:59:23 +0100
Subject: [PATCH 007/966] Fix incorrect PSA key usage

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 6598cf43a3..a6d0cdb20e 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3227,7 +3227,7 @@ psa_status_t psa_aead_encrypt_setup( psa_aead_operation_t *operation,
         return( PSA_ERROR_NOT_SUPPORTED );
 
     status = psa_get_and_lock_key_slot_with_policy(
-                 key, &slot, PSA_KEY_USAGE_DECRYPT, alg );
+                 key, &slot, PSA_KEY_USAGE_ENCRYPT, alg );
 
     if( status != PSA_SUCCESS )
     {

From 72c10082ddd0c35133b32466133c7dddb7fb8194 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Fri, 23 Apr 2021 19:02:16 +0100
Subject: [PATCH 008/966] Fix logic issues with state checks

Also fix missing return values.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto_aead.c | 48 +++++++++++++++++++++++++++++----------
 1 file changed, 36 insertions(+), 12 deletions(-)

diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c
index e92dac512b..b559f7a169 100644
--- a/library/psa_crypto_aead.c
+++ b/library/psa_crypto_aead.c
@@ -535,7 +535,7 @@ psa_status_t mbedtls_psa_aead_update_ad( psa_aead_operation_t *operation,
          * one contigious buffer, so until that is re-done, we have to enforce
          * this, as we cannot allocate a buffer to collate multiple calls into.
            */
-        if( input_length != operation->ad_remaining )
+        if( operation->ad_remaining != 0 )
         {
             return ( PSA_ERROR_INVALID_ARGUMENT );
         }
@@ -556,7 +556,7 @@ psa_status_t mbedtls_psa_aead_update_ad( psa_aead_operation_t *operation,
     {
         /* CCM requires all additional data to be passed in in one go at the
            minute, as we are basically operating in oneshot mode. */
-        if( !operation->lengths_set || operation->ad_started )
+        if( operation->ad_started )
         {
             return( PSA_ERROR_BAD_STATE );
         }
@@ -569,6 +569,7 @@ psa_status_t mbedtls_psa_aead_update_ad( psa_aead_operation_t *operation,
         {
             memcpy( operation->ad_buffer, input, input_length );
             operation->ad_length = input_length;
+            status = PSA_SUCCESS;
         }
         else
         {
@@ -613,10 +614,20 @@ psa_status_t mbedtls_psa_aead_update( psa_aead_operation_t *operation,
     size_t update_output_size;
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
-    update_output_size = PSA_AEAD_UPDATE_OUTPUT_SIZE(operation->key_type,
-                                                     operation->alg, input_length);
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
+    if( operation->alg == PSA_ALG_CCM )
+    {
+        /* CCM will currently not output anything until finish. */
+        update_output_size = 0;
+    }
+    else
+#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) */
+    {
+        update_output_size = input_length;
+    }
 
-    if(update_output_size > output_size )
+    if( PSA_AEAD_UPDATE_OUTPUT_SIZE( operation->key_type, operation->alg,
+                                        input_length ) > output_size )
     {
         return ( PSA_ERROR_BUFFER_TOO_SMALL );
     }
@@ -651,7 +662,7 @@ psa_status_t mbedtls_psa_aead_update( psa_aead_operation_t *operation,
             return( PSA_ERROR_BAD_STATE );
         }
 
-        if( operation->ad_started )
+        if( !operation->ad_started )
         {
             return( PSA_ERROR_BAD_STATE );
         }
@@ -668,7 +679,7 @@ psa_status_t mbedtls_psa_aead_update( psa_aead_operation_t *operation,
     {
         /* CCM dooes not support multipart yet, so all the input has to be
            passed in in one go. Store the data for the final step.*/
-        if( operation->ad_started )
+        if( operation->body_started )
         {
             return( PSA_ERROR_BAD_STATE );
         }
@@ -681,6 +692,7 @@ psa_status_t mbedtls_psa_aead_update( psa_aead_operation_t *operation,
         {
             memcpy( operation->data_buffer, input, input_length );
             operation->data_length = input_length;
+            status = PSA_SUCCESS;
         }
         else
         {
@@ -739,15 +751,25 @@ static psa_status_t mbedtls_psa_aead_finish_checks( psa_aead_operation_t *operat
         return ( PSA_ERROR_BUFFER_TOO_SMALL );
     }
 
-    if( operation->is_encrypt )
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
+    if( operation->alg == PSA_ALG_CCM )
     {
-        *finish_output_size = PSA_AEAD_FINISH_OUTPUT_SIZE(operation->key_type,
-                                                          operation->alg);
+        /* CCM will output all data at this step. */
+        *finish_output_size = operation->data_length;
     }
     else
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
     {
-        *finish_output_size = PSA_AEAD_VERIFY_OUTPUT_SIZE(operation->key_type,
-                                                          operation->alg);
+        if( operation->is_encrypt )
+        {
+           *finish_output_size = PSA_AEAD_FINISH_OUTPUT_SIZE( operation->key_type,
+                                                              operation->alg );
+        }
+        else
+        {
+            *finish_output_size = PSA_AEAD_VERIFY_OUTPUT_SIZE( operation->key_type,
+                                                               operation->alg );
+        }
     }
 
     if( output_size < *finish_output_size )
@@ -946,6 +968,8 @@ psa_status_t mbedtls_psa_aead_verify( psa_aead_operation_t *operation,
 
     if( status == PSA_SUCCESS )
     {
+        *plaintext_length = finish_output_size;
+
         if( do_tag_check && safer_memcmp(tag, check_tag, tag_length) != 0 )
         {
             status = PSA_ERROR_INVALID_SIGNATURE;

From fd3ca24e565509693fae09a5227dfa2c6b583cff Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Sun, 25 Apr 2021 18:10:42 +0100
Subject: [PATCH 009/966] Move CCM ouput to update step.

Move CCM to update all data at update step, as final step can only
output at most a block length, so outputting all data at this step
significantly breaks the tests. Had to add unpleasant workaround for the
validate stage, but this is the only way I can do things without
breaking CCM Alt implementations.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 include/psa/crypto_struct.h |  10 +-
 library/psa_crypto_aead.c   | 223 +++++++++++++++++++++---------------
 2 files changed, 135 insertions(+), 98 deletions(-)

diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h
index 6f0fc01fe8..90a0c2098c 100644
--- a/include/psa/crypto_struct.h
+++ b/include/psa/crypto_struct.h
@@ -179,11 +179,13 @@ struct psa_aead_operation_s
 
     /* Buffers for AD/data - only required until CCM gets proper multipart
        support. */
-    uint8_t* ad_buffer;
+    uint8_t *ad_buffer;
     size_t ad_length;
 
-    uint8_t* data_buffer;
-    size_t data_length;
+    uint8_t *body_buffer;
+    uint8_t body_length;
+
+    uint8_t *tag_buffer;
 
     /* buffer to store Nonce - only required until CCM and GCM get proper
        multipart support. */
@@ -205,7 +207,7 @@ struct psa_aead_operation_s
     } ctx;
 };
 
-#define PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, {0}, {0}}
+#define PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, {0}, {0}}
 static inline struct psa_aead_operation_s psa_aead_operation_init( void )
 {
     const struct psa_aead_operation_s v = PSA_AEAD_OPERATION_INIT;
diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c
index b559f7a169..bfa271b5a1 100644
--- a/library/psa_crypto_aead.c
+++ b/library/psa_crypto_aead.c
@@ -613,18 +613,9 @@ psa_status_t mbedtls_psa_aead_update( psa_aead_operation_t *operation,
 {
     size_t update_output_size;
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
-    if( operation->alg == PSA_ALG_CCM )
-    {
-        /* CCM will currently not output anything until finish. */
-        update_output_size = 0;
-    }
-    else
-#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) */
-    {
-        update_output_size = input_length;
-    }
+    update_output_size = input_length;
 
     if( PSA_AEAD_UPDATE_OUTPUT_SIZE( operation->key_type, operation->alg,
                                         input_length ) > output_size )
@@ -678,27 +669,78 @@ psa_status_t mbedtls_psa_aead_update( psa_aead_operation_t *operation,
     if( operation->alg == PSA_ALG_CCM )
     {
         /* CCM dooes not support multipart yet, so all the input has to be
-           passed in in one go. Store the data for the final step.*/
+           passed in in one go. */
         if( operation->body_started )
         {
             return( PSA_ERROR_BAD_STATE );
         }
 
-        /* Save the additional data for later, this will be passed in
-           when we have the body. */
-        operation->data_buffer = ( uint8_t * ) mbedtls_calloc(1, input_length );
+        /* Need to store tag for Finish() / Verify() */
+        operation->tag_buffer = ( uint8_t * ) mbedtls_calloc(1, operation->tag_length );
 
-        if( operation->data_buffer )
+        if( operation->tag_buffer )
         {
-            memcpy( operation->data_buffer, input, input_length );
-            operation->data_length = input_length;
-            status = PSA_SUCCESS;
+
+            if( operation->is_encrypt )
+            {
+                /* Perform oneshot CCM encryption with additional data already
+                   stored, as CCM does not support multipart yet.*/
+                status = mbedtls_to_psa_error( mbedtls_ccm_encrypt_and_tag( &operation->ctx.ccm,
+                                                                            input_length,
+                                                                            operation->nonce,
+                                                                            operation->nonce_length,
+                                                                            operation->ad_buffer,
+                                                                            operation->ad_length,
+                                                                            input,
+                                                                            output,
+                                                                            operation->tag_buffer,
+                                                                            operation->tag_length ) );
+
+                /* Even if the above operation fails, we no longer need the
+                   additional data.*/
+                mbedtls_free(operation->ad_buffer);
+                operation->ad_buffer = NULL;
+                operation->ad_length = 0;
+            }
+            else
+            {
+                /* Need to back up the body data so we can do this again
+                   later.*/
+                operation->body_buffer = ( uint8_t * ) mbedtls_calloc(1, input_length );
+
+                if( operation->body_buffer )
+                {
+                    memcpy( operation->body_buffer, input, input_length );
+                    operation->body_length = input_length;
+
+                    /* this will fail, as the tag is clearly false, but will write the
+                       decrypted data to the output buffer. */
+                    ret = mbedtls_ccm_auth_decrypt( &operation->ctx.ccm, input_length,
+                                                    operation->nonce, operation->nonce_length,
+                                                    operation->ad_buffer, operation->ad_length,
+                                                    input, output,
+                                                    operation->tag_buffer,
+                                                    operation->tag_length );
+
+                    if( ret == MBEDTLS_ERR_CCM_AUTH_FAILED )
+                    {
+                        status = PSA_SUCCESS;
+                    }
+                    else
+                    {
+                        status = mbedtls_to_psa_error( ret );
+                    }
+                }
+                else
+                {
+                    status = PSA_ERROR_INSUFFICIENT_MEMORY;
+                }
+            }
         }
         else
         {
-            return ( PSA_ERROR_INSUFFICIENT_MEMORY );
+            status = PSA_ERROR_INSUFFICIENT_MEMORY;
         }
-
     }
     else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
@@ -732,10 +774,10 @@ psa_status_t mbedtls_psa_aead_update( psa_aead_operation_t *operation,
    mbedtls_psa_aead_verify() */
 static psa_status_t mbedtls_psa_aead_finish_checks( psa_aead_operation_t *operation,
                                                     size_t output_size,
-                                                    size_t tag_size,
-                                                    size_t *finish_output_size,
-                                                    size_t *output_tag_length )
+                                                    size_t tag_size )
 {
+    size_t finish_output_size;
+
     if( operation->lengths_set )
     {
         if( operation->ad_remaining != 0 || operation->body_remaining != 0 )
@@ -744,41 +786,28 @@ static psa_status_t mbedtls_psa_aead_finish_checks( psa_aead_operation_t *operat
         }
     }
 
-    *output_tag_length = operation->tag_length;
-
-    if( tag_size < *output_tag_length)
+    if( tag_size < operation->tag_length )
     {
         return ( PSA_ERROR_BUFFER_TOO_SMALL );
     }
 
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
-    if( operation->alg == PSA_ALG_CCM )
+    if( operation->is_encrypt )
     {
-        /* CCM will output all data at this step. */
-        *finish_output_size = operation->data_length;
+            finish_output_size = PSA_AEAD_FINISH_OUTPUT_SIZE( operation->key_type,
+                                                              operation->alg );
     }
     else
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
     {
-        if( operation->is_encrypt )
-        {
-           *finish_output_size = PSA_AEAD_FINISH_OUTPUT_SIZE( operation->key_type,
-                                                              operation->alg );
-        }
-        else
-        {
-            *finish_output_size = PSA_AEAD_VERIFY_OUTPUT_SIZE( operation->key_type,
+            finish_output_size = PSA_AEAD_VERIFY_OUTPUT_SIZE( operation->key_type,
                                                                operation->alg );
-        }
     }
 
-    if( output_size < *finish_output_size )
+    if( output_size < finish_output_size )
     {
         return ( PSA_ERROR_BUFFER_TOO_SMALL );
     }
 
     return ( PSA_SUCCESS );
-
 }
 
 /* Finish encrypting a message in a multipart AEAD operation. */
@@ -791,11 +820,9 @@ psa_status_t mbedtls_psa_aead_finish( psa_aead_operation_t *operation,
                                       size_t *tag_length )
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-    size_t output_tag_length;
-    size_t finish_output_size;
+    size_t finish_output_size = 0;
 
-    status = mbedtls_psa_aead_finish_checks( operation, ciphertext_size, tag_size, &finish_output_size,
-                                             &output_tag_length);
+    status = mbedtls_psa_aead_finish_checks( operation, ciphertext_size, tag_size );
 
     if( status != PSA_SUCCESS )
     {
@@ -815,31 +842,13 @@ psa_status_t mbedtls_psa_aead_finish( psa_aead_operation_t *operation,
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
     if( operation->alg == PSA_ALG_CCM )
     {
-        if( !operation->ad_buffer || !operation->data_buffer )
-        {
-            return( PSA_ERROR_BAD_STATE );
-        }
+        /* Copy the previously generated tag into place */
+        memcpy( tag, operation->tag_buffer, operation->tag_length );
 
-        /* Perform oneshot CCM encryption with data already stored, as
-           CCM does not support multipart yet.*/
-        status = mbedtls_to_psa_error( mbedtls_ccm_encrypt_and_tag( &operation->ctx.ccm,
-                                                                    operation->data_length,
-                                                                    operation->nonce,
-                                                                    operation->nonce_length,
-                                                                    operation->ad_buffer,
-                                                                    operation->ad_length,
-                                                                    operation->data_buffer,
-                                                                    ciphertext,
-                                                                    tag, tag_size ) );
+        mbedtls_free(operation->tag_buffer);
+        operation->tag_buffer = NULL;
 
-        /* Even if the above operation fails, we no longer need the data */
-        mbedtls_free(operation->ad_buffer);
-        operation->ad_buffer = NULL;
-        operation->ad_length = 0;
-
-        mbedtls_free(operation->data_buffer);
-        operation->data_buffer = NULL;
-        operation->data_length = 0;
+        status = PSA_SUCCESS;
     }
     else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
@@ -865,7 +874,7 @@ psa_status_t mbedtls_psa_aead_finish( psa_aead_operation_t *operation,
     if( status == PSA_SUCCESS )
     {
         *ciphertext_length = finish_output_size;
-        *tag_length = output_tag_length;
+        *tag_length = operation->tag_length;
     }
 
     mbedtls_psa_aead_abort(operation);
@@ -885,14 +894,15 @@ psa_status_t mbedtls_psa_aead_verify( psa_aead_operation_t *operation,
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    size_t finish_output_size;
-    size_t output_tag_length;
+    uint8_t * temp_buffer;
+    size_t temp_buffer_size;
+
+    size_t finish_output_size = 0;
 
     int do_tag_check = 1;
     uint8_t check_tag[16];
 
-    status = mbedtls_psa_aead_finish_checks( operation, plaintext_size, tag_length, &finish_output_size,
-                                             &output_tag_length);
+    status = mbedtls_psa_aead_finish_checks( operation, plaintext_size, tag_length );
 
     if( status != PSA_SUCCESS )
     {
@@ -905,45 +915,58 @@ psa_status_t mbedtls_psa_aead_verify( psa_aead_operation_t *operation,
         /* Call finish to get the tag for comparison */
         status =  mbedtls_to_psa_error( mbedtls_gcm_finish( &operation->ctx.gcm,
                                                             check_tag,
-                                                            16 ) );
+                                                            operation->tag_length ) );
     }
     else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
     if( operation->alg == PSA_ALG_CCM )
     {
-        if( !operation->ad_buffer || !operation->data_buffer )
+        if( !operation->ad_buffer || !operation->body_buffer )
         {
             return( PSA_ERROR_BAD_STATE );
         }
 
-        /* Perform oneshot CCM decryption with data already stored, as
-           CCM does not support multipart yet.*/
+        /* Perform oneshot CCM decryption *again*, as its the
+         * only way to get the tag, but this time throw away the
+           results, as verify cannot write that much data. */
+        temp_buffer_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( operation->key_type,
+                                                        operation->alg, operation->body_length );
 
-        ret = mbedtls_ccm_auth_decrypt( &operation->ctx.ccm, operation->data_length,
-                                       operation->nonce, operation->nonce_length,
-                                       operation->ad_buffer, operation->ad_length,
-                                       operation->data_buffer, plaintext,
-                                       tag, tag_length );
+        temp_buffer = ( uint8_t * ) mbedtls_calloc(1, temp_buffer_size );
 
-        if( ret == MBEDTLS_ERR_CCM_AUTH_FAILED )
+        if( temp_buffer )
         {
-            status = PSA_ERROR_INVALID_SIGNATURE;
+            ret = mbedtls_ccm_auth_decrypt( &operation->ctx.ccm, operation->body_length,
+                                           operation->nonce, operation->nonce_length,
+                                           operation->ad_buffer, operation->ad_length,
+                                           operation->body_buffer, temp_buffer,
+                                           tag, tag_length );
+
+            if( ret == MBEDTLS_ERR_CCM_AUTH_FAILED )
+            {
+                status = PSA_ERROR_INVALID_SIGNATURE;
+            }
+            else
+            {
+                status = mbedtls_to_psa_error( ret );
+                do_tag_check = 0;
+            }
         }
         else
         {
-            status = mbedtls_to_psa_error( ret );
-            do_tag_check = 0;
+            status = PSA_ERROR_INSUFFICIENT_MEMORY;
         }
 
         /* Even if the above operation fails, we no longer need the data */
-        mbedtls_free(operation->ad_buffer);
-        operation->ad_buffer = NULL;
-        operation->ad_length = 0;
+        mbedtls_free(temp_buffer);
 
-        mbedtls_free(operation->data_buffer);
-        operation->data_buffer = NULL;
-        operation->data_length = 0;
+        mbedtls_free(operation->body_buffer);
+        operation->body_buffer = NULL;
+        operation->body_length = 0;
+
+        mbedtls_free(operation->tag_buffer);
+        operation->tag_buffer = NULL;
     }
     else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
@@ -953,6 +976,7 @@ psa_status_t mbedtls_psa_aead_verify( psa_aead_operation_t *operation,
         // call finish to get the tag for comparison.
         status = mbedtls_to_psa_error( mbedtls_chachapoly_finish( &operation->ctx.chachapoly,
                                                                   check_tag ) );
+
     }
     else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
@@ -1003,6 +1027,17 @@ psa_status_t mbedtls_psa_aead_abort( psa_aead_operation_t *operation )
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
     }
 
+    mbedtls_free(operation->ad_buffer);
+    operation->ad_buffer = NULL;
+    operation->ad_length = 0;
+
+    mbedtls_free(operation->body_buffer);
+    operation->body_buffer = NULL;
+    operation->body_length = 0;
+
+    mbedtls_free(operation->tag_buffer);
+    operation->tag_buffer = NULL;
+
     return( PSA_SUCCESS );
 }
 

From 0023e0a1de4f0392125c2b5f3e15e13506abbb35 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Tue, 27 Apr 2021 10:06:22 +0100
Subject: [PATCH 010/966] Add tests for multipart AEAD

Just clone of one shot tests for now - all additional data and body data
is passed in in one go.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 tests/suites/test_suite_psa_crypto.data     | 264 +++++++
 tests/suites/test_suite_psa_crypto.function | 778 ++++++++++++++++++++
 2 files changed, 1042 insertions(+)

diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index 7b86185b9b..fc79741dc0 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -2062,6 +2062,270 @@ PSA AEAD encrypt/decrypt: invalid algorithm (ChaCha20)
 depends_on:MBEDTLS_CHACHA20_C
 aead_encrypt_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_STREAM_CIPHER:"":"":"":PSA_ERROR_NOT_SUPPORTED
 
+PSA Multipart AEAD encrypt/decrypt, AES-GCM, 19 bytes #1
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_encrypt_decrypt:PSA_KEY_TYPE_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":PSA_ALG_GCM:"000102030405060708090A0B0C0D0E0F":"000102030405060708090A0B":-1:"0C0D0E0F101112131415161718191A1B1C1D1E":-1:PSA_SUCCESS
+
+PSA Multipart AEAD encrypt/decrypt, AES GCM, 19 bytes #2
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_GCM:"000102030405060708090A0B0C0D0E0F":"EC46BB63B02520C33C49FD70":-1:"B96B49E21D621741632875DB7F6C9243D2D7C2":-1:PSA_SUCCESS
+
+PSA Multipart AEAD encrypt/decrypt, AES-GCM, 19 bytes, 12 byte nonce , 1
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_encrypt_decrypt:PSA_KEY_TYPE_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":PSA_ALG_GCM:"E462C58482FE8264AEEB7231":"000102030405060708090A0B":-1:"0C0D0E0F101112131415161718191A1B1C1D1E":-1:PSA_SUCCESS
+
+PSA Multipart AEAD encrypt/decrypt, AES GCM, 19 bytes, 12 byte nonce , 2
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_GCM:"E462C58482FE8264AEEB7231":"EC46BB63B02520C33C49FD70":-1:"B96B49E21D621741632875DB7F6C9243D2D7C2":-1:PSA_SUCCESS
+
+PSA Multipart AEAD encrypt, AES-GCM, 128 bytes #1
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":-1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":-1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96"
+
+PSA Multipart AEAD encrypt, AES-GCM, 128 bytes #2
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":-1:"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":-1:"12495120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56"
+
+PSA Multipart AEAD encrypt, AES-GCM, 128 bytes #1, T=4
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":-1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":-1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847f"
+
+PSA Multipart AEAD encrypt, AES-GCM, 128 bytes #1, T=15
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":-1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":-1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a"
+
+PSA Multipart AEAD encrypt, AES-GCM, 128 bytes #1, T=16
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":-1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":-1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96"
+
+PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=0, AAD=0, TAG=16,
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"ab2265b4c168955561f04315":"":-1:"":-1:"f149e2b5f0adaa9842ca5f45b768a8fc"
+
+PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=0, AAD=16, TAG=16,
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"41c5da8667ef725220ffe39ae0ac590ac9fca729ab60ada0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"05ad13a5e2c2ab667e1a6fbc":"8b5c124bef6e2f0fe4d8c95cd5fa4cf1":-1:"":-1:"204bdb1bd62154bf08922aaa54eed705"
+
+PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=0, AAD=20, TAG=16,
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"093ef7551ebbff8eb0c0a8a4a62b198f0c2e838de10eeeee":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"e656e93930ed5210ba3f0322":"3da22dacfd11b21b0a713157f60aec0cd22f1add":-1:"":-1:"1b2d2764573e20ae640bf29d48e5fe05"
+
+PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=0, AAD=48, TAG=15,
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"31389612d244c9792a510eca3f9c94f9f48c97ed67ae965a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"df6b54ec8b58114df5b09279":"0863bec42ee93385efbec665adfc46dafcd793f29e859e3b531c15b168f1888dd13e905cd7d5bc03f9f1f6495717df62":-1:"":-1:"77e5682a49243d5b9016eb1adafa2d"
+
+PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=0, TAG=16,
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"5f4b43e811da9c470d6a9b01":"":-1:"d2ae38c4375954835d75b8e4c2f9bbb4":-1:"69482957e6be5c54882d00314e0259cf191e9f29bef63a26860c1e020a21137e"
+
+PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=0, TAG=8,
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"c50ac59e50556e47b834380018c0dc0380af9df3bf6714e6":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"f303bf4b6cfbba7104cd9436":"":-1:"d3f3f57033df30c22860231334b099cb":-1:"2269c72d77f2b6f9d57da1820ec5a5d3d62d4491e3e4e9e7"
+
+PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=16, TAG=14,
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"8ef391e4b7a2fe05b959be27823357080f963ed2f64b9e59":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"0080052a2a5bb0e95222a419":"290322092d57479e20f6281e331d95a9":-1:"e7fb0631eebf9bdba87045b33650c4ce":-1:"88d674044031414af7ba9da8b89dd68e69897d99d8e1706f38c613896c18"
+
+PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=16, TAG=4,
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"1cb5a0db778d3eb430b2816ceef9e455f519a8977b074183":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"c1df5e9e2e3165c54242a306":"7134e5ddc396c2a8a7da23906c8f7b40":-1:"636871d4c0aae3da7b55abd8b5f21297":-1:"14eb02562aa1d963d0033626cdc8a5c8972f4bdf"
+
+PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=20, TAG=13,
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"45148f42669f8ab8fad689d9b9180e39d7ea8fc95696297e":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"5afcb134acc78b4eb9d11e79":"aec409e5fd82e50b824ebc1f45e75188d80615c6":-1:"3d952be11deb421b56e0ce9d7ce99553":-1:"077c0d53869869e191df116fd7baa8a293d2b577a29b0953c91b5d3b9d"
+
+PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=48, TAG=15,
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"5255428457fe75e64447971ec5af0d13c5b60a07ee2d07b0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"40cb6ebafc202f82223db097":"b2da2bd05ab1f3e39613efc8d80c5d0f240ee08f6abad5791649e9c1d0f48fa3dc59c1e535d1db1a4d3fa2263f5a1117":-1:"fdd8a462c86d4365c8bfee0e25fc8a62":-1:"9ca4a6d08267038f6f7999c84105bb5eaf8f7b3b9310ec688e033088a03482"
+
+PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=0, TAG=16,
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"b52c505a37d78eda5dd34f20c22540ea1b58963cf8e5bf8ffa85f9f2492505b4":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"516c33929df5a3284ff463d7":"":-1:"":-1:"bdc1ac884d332457a1d2664f168c76f0"
+
+PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=0, TAG=12,
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"98ebf7a58db8b8371d9069171190063cc1fdc1927e49a3385f890d41a838619c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"3e6db953bd4e641de644e50a":"":-1:"":-1:"2fb9c3e41fff24ef07437c47"
+
+PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=20, TAG=16,
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"886cff5f3e6b8d0e1ad0a38fcdb26de97e8acbe79f6bed66959a598fa5047d65":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"3a8efa1cd74bbab5448f9945":"519fee519d25c7a304d6c6aa1897ee1eb8c59655":-1:"":-1:"f6d47505ec96c98a42dc3ae719877b87"
+
+PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=20, TAG=13,
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a7c928738b89c3258b910ac31bc465338b2e133b143fd52d9c9859eb1d01f2a0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"a483a7e94fbb2d694d3c4a8d":"bdb613cd3c2f0edd37b3ed43041bacb949ee51fa":-1:"":-1:"5233f95bdcf5d666fb957acdcb"
+
+PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=48, TAG=15,
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"16a5b58a1dbb273a8fc6a4af722d46dbb898dd86ab128cb93d8388a8647a80a3":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"59e0c40d6675923cf5e004d5":"5b4b4ffc9c66bd394abeed3f03b695b949b3b69a42198cc3bfad971174915df913b967ccf36ee1f001f54efbcd117b68":-1:"":-1:"d57e27914ecb4a764359d3c0f8d4d6"
+
+PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=48, TAG=4,
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"5dd13092dd695b90ab835ed6343031c4cdb710d32f4d3804d72b46d921fcfa18":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"1de4bd816c8ec6bffc1e6453":"1b63d6278702abacf8b6c2faf542a808659fd5da03cdc1061a8593ea8ce9fc8ff54ffef6ebf3e15f7a832b4ae750a6ce":-1:"":-1:"72901467"
+
+PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=16, AAD=0, TAG=15,
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"ef9f9284cf599eac3b119905a7d18851e7e374cf63aea04358586b0f757670f8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"b6ac8e4963f49207ffd6374c":"":-1:"722ee47da4b77424733546c2d400c4e5":-1:"1224dfefb72a20d49e09256908874979882eafea22adf8dbed06a2265f907b"
+
+PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=16, AAD=0, TAG=12,
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"b33b0e4c5b9f7ef77cec1a29ed5844bda3853238bdf7766e7645029931f169f0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"f226d65e8654fdf5193ed721":"":-1:"bcf48ddcfe9d011a1003973d68d2d78a":-1:"d2eb20898a301b5d8e69e9926272021393af01abb6a970047a7fc010"
+
+PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=16, AAD=16, TAG=14,
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"c6e126a65faec77ab62318e30d8a50c39a664670039a66ae5a6874201bc68f9f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"0ba5193b2d3a8378d67163ce":"5844b289dc74327f9fd93f7aae1c3d39":-1:"c37aada3d4408e880d47e41df77da9b9":-1:"b5cd7563989b460a2fe187e90c41fc3179c73d0d1e3a4484909969de93b0"
+
+PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=16, AAD=48, TAG=15,
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"2e6942d537f1a98444c2f9dbdb5d8db42a503a00a17b57d516399569e044a703":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"7eb67721581ed52cfcfc2c4d":"a96cc73451502c7278b467ac85d5fc14fc1a2f51bc685645b173f0cd9af02d383095de063e6eaa50374ce9bc951e9e61":-1:"e5f410fe939e79b7ad33fbd3aaf5856f":-1:"727f5e19a5582e5782bbbe73517f0c04c492319abf12b03b380724ff1483a3"
+
+PSA Multipart AEAD decrypt, AES-GCM, 144 bytes #1
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":-1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":-1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_SUCCESS
+
+PSA Multipart AEAD decrypt, AES-GCM, 144 bytes #2
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":-1:"12495120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56":-1:"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":PSA_SUCCESS
+
+PSA Multipart AEAD decrypt, AES-GCM, 144 bytes, T=4
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":-1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847f":-1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_SUCCESS
+
+PSA Multipart AEAD decrypt, AES-GCM, 144 bytes, T=15
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":-1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a":-1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_SUCCESS
+
+PSA Multipart AEAD decrypt, AES-GCM, 144 bytes, T=16
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":-1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":-1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_SUCCESS
+
+PSA Multipart AEAD decrypt, AES-GCM, invalid signature
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":-1:"12195120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56":-1:"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":PSA_ERROR_INVALID_SIGNATURE
+
+PSA Multipart AEAD decrypt, AES-GCM, T=15 but passing 16 bytes
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":-1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":-1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_ERROR_INVALID_SIGNATURE
+
+PSA Multipart AEAD decrypt: AES-GCM, invalid tag length 0
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 0 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT
+
+PSA Multipart AEAD decrypt: AES-GCM, invalid tag length 2
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 2 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT
+
+PSA Multipart AEAD decrypt: AES-GCM, invalid tag length 18
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 18 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT
+
+PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=0, AAD=0, TAG=16
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"0e5d6e68f82f32bea3f0b69498c1a31ef6d955cd3d27a2a8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"caf72ee1e62e1001e8cfbc63":"":-1:"db1a74ffb5f7de26f5742e0942b1b9cb":-1:"":PSA_SUCCESS
+
+PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=0, AAD=48, TAG=14
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e79fb7defce4f650402e6b521170686d3eb2a0b9514f3a64":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"40e0d2d836c0519e7042419b":"41c5b5d971c0723bc1b63a259fe7e06c2961de1241bc34c13965f43636e4da3da8c75ed5956abe3a42f3039af005925a":-1:"434ff68f2436f48418fd69f52158":-1:"":PSA_SUCCESS
+
+PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=0, TAG=15
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e41d1f533d5b342ffe434b94b1372683bfd5d9d8cb79f9ee":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"5fe11a596dfcd3a305c1d711":"":-1:"1847f64fff986476d1d2f758692f856da4a0ff98c0c1101694c84fd86680c9":-1:"b03c2c20f758a93a8d1220232ad87098":PSA_SUCCESS
+
+PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=20, TAG=15
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"8e7da473c057a2a4669a0d22bf9b7c9913fba48930ca0c9b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"f9ff8ef80d76c50f9ca0e9ff":"f141bae18a1b54f065554fd34aa02c91c90f505c":-1:"5deb093b6e7c766a64bb9d5170af1ff8bf130b64eebdce06a9bdb2cf1da15a":-1:"b22b2dcdcc18adc30d16297b84b459d8":PSA_SUCCESS
+
+PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=48, TAG=12
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"01bf150add51bb11623e3bfbebd62a7ea81c5b192b8eb6de":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"dfacbc6791b785d324c646b7":"e35412a625324257bef35399a7eacca34fec2d2d24166e6bb3e94d96f5c57599ded45e2a74503f07116caa1692398a07":-1:"77579db3c6da769e17731faac4732d7cce65d960a49f94f6b583e54a":-1:"7e5fd8b595ddc4753676107951d900e2":PSA_SUCCESS
+
+PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=48, TAG=8
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"551266c4ed166fe1c43761927801ed50cb9c0b3864fc97df":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"e711afbeccd567f866340abb":"562d1697237ebc563941076d459727dfa094eb9ac00d30ed5836825d163dd27517c7660a01056b2d868c7fc5d0343830":-1:"2b54cc27f6ee71882e8b1ead207d2b042d262e87eac97b58":-1:"37245449db8f72b1ecdb420f629d3d80":PSA_SUCCESS
+
+PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=0, TAG=15
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"78fa4a2a5b5b1b1d9580ea527f2e1653e9336e15cc5462f5":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"98b774f7110e0bea624b487f":"":-1:"a642aabed8b99e15e297ee705a40c3e2e506cb889727b327b7e044a8":-1:"496909523f574b205d757659c5":PSA_SUCCESS
+
+PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=16, TAG=15
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"61f4c2e55d729c4657e503dfe2b604e2853675dbdeb0982a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"0c4d5548aa2d8d54964e1e63":"5affdf8886dabb14790aff3dbfcbdd80":-1:"0d4eacc3db304f46cb7a9eba6ec105bf86d9dc0639b7cebbd5260f47":-1:"b6e056de521a27266dffbc0d96":PSA_SUCCESS
+
+PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=20, TAG=13
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"73245c4f115a74fe71d6fefb9094c57c75f28033a3c7372b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"536a82485999b93b0bb7ef24":"64dcad870a42eeec0730fd7a7e4154638a85d739":-1:"29333e87bfe65d0e37da2936f695824d4e3f37fab3b8e2b868f6":-1:"f6d56f8c86f27d957fa63aea22":PSA_SUCCESS
+
+PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=48, TAG=4
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"9002e74638e09dd1f091439518e1460cdd5905bd9e1a37ae":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"76c81a95d24be5c8bac63b50":"aa3ae4531aaac8f3eb07f748712c55a680bc8df5cf845edc66d09049500b41688b8023f5746879b45bdd586af29c4ede":-1:"31bf37acbc53ca3fdbc9e5eaaebbb85a7f":-1:"bd94b34511bc65ae47684805cb":PSA_SUCCESS
+
+PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=0, TAG=16
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f5a2b27c74355872eb3ef6c5feafaa740e6ae990d9d48c3bd9bb8235e589f010":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"58d2240f580a31c1d24948e9":"":-1:"15e051a5e4a5f5da6cea92e2ebee5bac":-1:"":PSA_SUCCESS
+
+PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=16, TAG=15
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"3395a1485315c5b5e6353acb05ae9499c440a2e9f5c57494662f827235ea314c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"3b7e632571602456b49880f0":"f283f80226dacb69c8af089ec6b59e81":-1:"84c8beff4b0d160ee68ac613097f51":-1:"":PSA_SUCCESS
+
+PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=20, TAG=15
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4dc46ca55c1c1fcb4720c274c0e675c2ac5bf93d8dd5e951ca9f6b61f884edc9":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"6473ab77dc885127422f5594":"e2cf8172ab4cf77eba45cd2c8ff939b938080a90":-1:"8d6351f18d873242204c20144e2b83":-1:"":PSA_SUCCESS
+
+PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=48, TAG=14
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a7f95798434f9a0fe6fd8acd30b8bad96dbdcfacee4594f01cbf26479be7d154":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"9ef5a77b02137b46e8461d09":"5595a16fa12d4dcdba6b128480dce2d39c1211c3fb6068cde6013f6a80dfcda5eb92af8879e40ee9c177fd0e446fc8ca":-1:"3bfd3d99fe2063e8ef8255519fe0":-1:"":PSA_SUCCESS
+
+PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=0, TAG=16
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4c8ebfe1444ec1b2d503c6986659af2c94fafe945f72c1e8486a5acfedb8a0f8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"473360e0ad24889959858995":"":-1:"d2c78110ac7e8f107c0df0570bd7c90cc26a379b6d98ef2852ead8ce83a833a7":-1:"7789b41cb3ee548814ca0b388c10b343":PSA_SUCCESS
+
+PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=0, TAG=4
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"57805f98aae1b8b64bb49756529ab8181b3ada674a90c55422e9eb26c48bcd7b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"9735945d8ca161777206632a":"":-1:"58375442ab1c0e6a8952c83d128d9fc5f45bb315":-1:"4860116a6d2deb9bf794bfd6ac5bbbd6":PSA_SUCCESS
+
+PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=16, TAG=8
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f913bb823a1d0c10b0b72d56866907b893f2266f15de1abc17f93600824db55a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"d4fe686a14592b6ca1bd6b42":"e35d880c1c53688eb83869de9dd8a473":-1:"35af9b502ea6b56269f896bf98affdd59c2aa418b38bc7fd":-1:"ff426dd751190ff826e8b4a0792d746e":PSA_SUCCESS
+
+PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=20, TAG=14
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"74e9d9d7cd0728cea94e169af485f21f9d2447e022f16008f803dcf5c4f7cc0c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"ecba39edc96667da726122c0":"ae9ab021f86f5b81bb2e0fcbd4b855e1501e9f82":-1:"e5745ce0e02dbba05363b548c3ac7047eacca7e61db6f72fc9b9e5bdb2bb":-1:"0a0b284515694188b6b6c15bc8a09036":PSA_SUCCESS
+
+PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=13, AAD=0, TAG=14
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"60667fce64b8c7169ddf45f335e46951248f69abc4e0f4f292d0ffe3dfd5219f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"1057322a39f08ef761c3c8fc":"":-1:"501b033c841acb430c52d88fe9cb44c751f2f1641d1e801a534ac8":-1:"f386b28e7eb4c2fb8eb5dc66a2":PSA_SUCCESS
+
+PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=13, AAD=20, TAG=15
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e67590da399cbcdcddcc56110562ade8665b50287a8ab38e8b9ee7520531b560":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"2c36ab6b686a66fba1805196":"823493d42f4f60b2d1433ad75eccaafd7e7c7d12":-1:"cff6b6f03c67152f3ce1030653d9bd9a6559f5b04b48d77c2a1fc364":-1:"da1c61fbfcdb73445ad4c7d889":PSA_SUCCESS
+
+PSA Multipart AEAD encrypt: ChaCha20-Poly1305 (RFC7539)
+depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
+aead_multipart_encrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":-1:"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":-1:"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691"
+
+PSA Multipart AEAD encrypt: ChaCha20-Poly1305 (zero-length input)
+depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
+aead_multipart_encrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"":-1:"":-1:"a0784d7a4716f3feb4f64e7f4b39bf04"
+
+PSA Multipart AEAD decrypt: ChaCha20-Poly1305 (RFC7539, good tag)
+depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
+aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":-1:"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":-1:"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_SUCCESS
+
+PSA Multipart AEAD decrypt: ChaCha20-Poly1305 (RFC7539, bad tag)
+depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
+aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":-1:"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600690":-1:"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_ERROR_INVALID_SIGNATURE
+
+PSA Multipart AEAD decrypt: ChaCha20-Poly1305 (good tag, zero-length input)
+depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
+aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"":-1:"a0784d7a4716f3feb4f64e7f4b39bf04":-1:"":PSA_SUCCESS
+
+PSA Multipart AEAD encrypt/decrypt: invalid algorithm (CTR)
+depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
+aead_multipart_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CTR:"000102030405060708090A0B0C0D0E0F":"":-1:"":-1:PSA_ERROR_NOT_SUPPORTED
+
+PSA Multipart AEAD encrypt/decrypt: invalid algorithm (ChaCha20)
+depends_on:MBEDTLS_CHACHA20_C
+aead_multipart_encrypt_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_STREAM_CIPHER:"":"":-1:"":-1:PSA_ERROR_NOT_SUPPORTED
+
 PSA signature size: RSA keypair, 1024 bits, PKCS#1 v1.5 raw
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR
 signature_size:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:128
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index bff0c35a04..991b10a8a9 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -3152,6 +3152,784 @@ exit:
 }
 /* END_CASE */
 
+/* BEGIN_CASE */
+void aead_multipart_encrypt( int key_type_arg, data_t *key_data,
+                             int alg_arg,
+                             data_t *nonce,
+                             data_t *additional_data,
+                             int ad_part_len,
+                             data_t *input_data,
+                             int data_part_len,
+                             data_t *expected_result )
+{
+    mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
+    psa_key_type_t key_type = key_type_arg;
+    psa_algorithm_t alg = alg_arg;
+    psa_aead_operation_t operation;
+    unsigned char *output_data = NULL;
+    unsigned char *part_data = NULL;
+    unsigned char *final_data = NULL;
+    size_t output_size = 0;
+    size_t part_data_size = 0;
+    size_t output_length = 0;
+    size_t key_bits = 0;
+    size_t tag_length = 0;
+    size_t tag_size = 0;
+    size_t nonce_length = 0;
+    uint8_t nonce_buffer[16];
+    uint8_t tag_buffer[16];
+    uint32_t part_offset = 0;
+    size_t part_length = 0;
+    size_t output_part_length = 0;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+    psa_status_t status = PSA_ERROR_GENERIC_ERROR;
+
+    PSA_ASSERT( psa_crypto_init( ) );
+
+    psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT  );
+    psa_set_key_algorithm( &attributes, alg );
+    psa_set_key_type( &attributes, key_type );
+
+    PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+                                &key ) );
+
+    PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
+    key_bits = psa_get_key_bits( &attributes );
+
+    tag_length = PSA_AEAD_TAG_LENGTH( key_type, key_bits, alg );
+
+    TEST_ASSERT( tag_length <= 16 );
+
+    output_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg,
+                                               ( input_data->len + tag_length ) );
+
+    ASSERT_ALLOC( output_data, output_size );
+
+    ASSERT_ALLOC( final_data, PSA_AEAD_FINISH_OUTPUT_MAX_SIZE );
+
+    operation = psa_aead_operation_init();
+
+    status = psa_aead_encrypt_setup( &operation, key, alg );
+
+    /* If the operation is not supported, just skip and not fail in case the
+     * encryption involves a common limitation of cryptography hardwares and
+     * an alternative implementation. */
+    if( status == PSA_ERROR_NOT_SUPPORTED )
+    {
+        MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 );
+        MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce->len );
+    }
+
+    PSA_ASSERT( status );
+
+    if( nonce->len == 0 )
+    {
+        PSA_ASSERT( psa_aead_generate_nonce( &operation, nonce_buffer, sizeof( nonce_buffer ),
+                                            &nonce_length ) );
+    }
+    else
+    {
+        nonce_length = nonce->len;
+        PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) );
+    }
+
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
+    if( operation.alg == PSA_ALG_GCM )
+    {
+        PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len, input_data->len ) );
+    }
+#endif
+
+    if( ad_part_len != -1 )
+    {
+        /* Pass addtional data in parts */
+        part_offset = 0;
+
+        while( part_offset <= additional_data->len)
+        {
+            if( additional_data->len - part_offset < ( uint32_t ) ad_part_len )
+            {
+                part_length = additional_data->len - part_offset;
+            }
+            else
+            {
+                part_length = ad_part_len;
+            }
+
+            PSA_ASSERT( psa_aead_update_ad(&operation, additional_data->x + part_offset,
+                                            part_length ) );
+
+            part_offset += part_length;
+        }
+    }
+    else
+    {
+        /* Pass additional data in one go. */
+        PSA_ASSERT( psa_aead_update_ad(&operation, additional_data->x, additional_data->len) );
+    }
+
+    if( data_part_len != -1 )
+    {
+        /* Pass data in parts */
+        part_data_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, ( size_t ) data_part_len );
+
+        ASSERT_ALLOC( part_data, part_data_size );
+
+        part_offset = 0;
+
+        while( part_offset <= input_data->len)
+        {
+            if( input_data->len - part_offset < ( uint32_t ) data_part_len )
+            {
+                part_length = input_data->len - part_offset;
+            }
+            else
+            {
+                part_length = data_part_len;
+            }
+
+            PSA_ASSERT( psa_aead_update( &operation, ( input_data->x + part_offset ),
+                                         part_length, part_data,
+                                         part_data_size, &output_part_length ) );
+
+            memcpy( ( output_data + part_offset ), part_data, output_part_length );
+
+            part_offset += part_length;
+            output_length += output_part_length;
+        }
+    }
+    else
+    {
+        /* Pass whole data in one go */
+        PSA_ASSERT( psa_aead_update( &operation, input_data->x,
+                                         input_data->len, output_data,
+                                         output_size, &output_length ) );
+    }
+
+    PSA_ASSERT( psa_aead_finish( &operation, final_data,
+                                 PSA_AEAD_FINISH_OUTPUT_MAX_SIZE,
+                                 &output_part_length,
+                                 tag_buffer, tag_length,
+                                 &tag_size ) );
+
+    memcpy( ( output_data + output_length ), final_data, output_part_length );
+
+    TEST_EQUAL(tag_length, tag_size);
+
+    output_length += output_part_length;
+
+    memcpy( ( output_data + output_length ), tag_buffer, tag_length );
+
+    output_length += tag_length;
+
+    /* For all currently defined algorithms, PSA_AEAD_ENCRYPT_OUTPUT_SIZE
+     * should be exact. */
+    TEST_EQUAL( output_length,
+                PSA_AEAD_ENCRYPT_OUTPUT_SIZE( key_type, alg, input_data->len ) );
+    TEST_ASSERT( output_length <=
+                 PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE( input_data->len ) );
+
+    ASSERT_COMPARE( expected_result->x, expected_result->len,
+                    output_data, output_length );
+
+exit:
+    psa_destroy_key( key );
+    mbedtls_free( output_data );
+    mbedtls_free( part_data );
+    mbedtls_free( final_data );
+    PSA_DONE( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void aead_multipart_encrypt_decrypt( int key_type_arg, data_t *key_data,
+                                     int alg_arg,
+                                     data_t *nonce,
+                                     data_t *additional_data,
+                                     int ad_part_len,
+                                     data_t *input_data,
+                                     int data_part_len,
+                                     int expected_result_arg )
+{
+    mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
+    psa_key_type_t key_type = key_type_arg;
+    psa_algorithm_t alg = alg_arg;
+    psa_aead_operation_t operation;
+    unsigned char *output_data = NULL;
+    unsigned char *part_data = NULL;
+    unsigned char *final_data = NULL;
+    size_t part_data_size;
+    size_t output_size = 0;
+    size_t output_length = 0;
+    unsigned char *output_data2 = NULL;
+    size_t output_size2 = 0;
+    size_t output_length2 = 0;
+    size_t key_bits = 0;
+    size_t tag_length = 0;
+    size_t tag_size = 0;
+    size_t nonce_length = 0;
+    uint8_t nonce_buffer[16];
+    uint8_t tag_buffer[16];
+    uint32_t part_offset = 0;
+    size_t part_length = 0;
+    size_t output_part_length = 0;
+    psa_status_t status = PSA_ERROR_GENERIC_ERROR;
+    psa_status_t expected_result = expected_result_arg;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+    PSA_ASSERT( psa_crypto_init( ) );
+
+    psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
+    psa_set_key_algorithm( &attributes, alg );
+    psa_set_key_type( &attributes, key_type );
+
+    PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+                                &key ) );
+
+    PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
+    key_bits = psa_get_key_bits( &attributes );
+
+    tag_length = PSA_AEAD_TAG_LENGTH( key_type, key_bits, alg );
+
+    TEST_ASSERT( tag_length <= 16 );
+
+    output_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, input_data->len );
+
+    ASSERT_ALLOC( output_data, output_size );
+    ASSERT_ALLOC( final_data, PSA_AEAD_FINISH_OUTPUT_MAX_SIZE );
+
+    operation = psa_aead_operation_init();
+
+    status = psa_aead_encrypt_setup( &operation, key, alg );
+
+    /* If the operation is not supported, just skip and not fail in case the
+     * encryption involves a common limitation of cryptography hardwares and
+     * an alternative implementation. */
+    if( status == PSA_ERROR_NOT_SUPPORTED )
+    {
+        MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 );
+        MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce->len );
+    }
+
+    if( status != PSA_SUCCESS )
+    {
+        TEST_EQUAL( status, expected_result_arg );
+        goto exit;
+    }
+
+    if( nonce->len == 0 )
+    {
+        status = psa_aead_generate_nonce( &operation, nonce_buffer, sizeof( nonce_buffer ),
+                                          &nonce_length );
+    }
+    else
+    {
+        nonce_length = nonce->len;
+        status = psa_aead_set_nonce( &operation, nonce->x, nonce->len );
+    }
+
+    if( status != PSA_SUCCESS )
+    {
+        TEST_EQUAL( status, expected_result_arg );
+        goto exit;
+    }
+
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
+    if( operation.alg == PSA_ALG_GCM )
+    {
+        status = psa_aead_set_lengths( &operation, additional_data->len, input_data->len );
+
+        if( status != PSA_SUCCESS )
+        {
+            TEST_EQUAL( status, expected_result_arg );
+            goto exit;
+        }
+    }
+#endif
+
+    if( ad_part_len != -1 )
+    {
+        part_offset = 0;
+
+        while( part_offset <= additional_data->len)
+        {
+            if( additional_data->len - part_offset < ( uint32_t ) ad_part_len )
+            {
+                part_length = additional_data->len - part_offset;
+            }
+            else
+            {
+                part_length = ad_part_len;
+            }
+
+            status = psa_aead_update_ad( &operation, additional_data->x + part_offset,
+                                         part_length );
+
+            if( status != PSA_SUCCESS )
+            {
+                TEST_EQUAL( status, expected_result_arg );
+                goto exit;
+            }
+
+            part_offset += part_length;
+        }
+    }
+    else
+    {
+        status = psa_aead_update_ad(&operation, additional_data->x, additional_data->len);
+
+        if( status != PSA_SUCCESS )
+        {
+            TEST_EQUAL( status, expected_result_arg );
+            goto exit;
+        }
+    }
+
+    if( data_part_len != -1 )
+    {
+        /* Pass data in parts */
+        part_data_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg,
+                                                      ( size_t ) data_part_len );
+
+        ASSERT_ALLOC( part_data, part_data_size );
+
+        part_offset = 0;
+
+        while( part_offset <= input_data->len)
+        {
+            if( input_data->len - part_offset < ( uint32_t ) data_part_len )
+            {
+                part_length = input_data->len - part_offset;
+            }
+            else
+            {
+                part_length = data_part_len;
+            }
+
+            status = psa_aead_update( &operation, ( input_data->x + part_offset ),
+                                      part_length, part_data,
+                                      part_data_size, &output_part_length );
+
+            if( status != PSA_SUCCESS )
+            {
+                TEST_EQUAL( status, expected_result_arg );
+                goto exit;
+            }
+
+            memcpy( ( output_data + part_offset ), part_data, output_part_length );
+
+            part_offset += part_length;
+            output_length += output_part_length;
+        }
+    }
+    else
+    {
+        status = psa_aead_update( &operation, input_data->x,
+                                         input_data->len, output_data,
+                                         output_size, &output_length );
+
+        if( status != PSA_SUCCESS )
+        {
+            TEST_EQUAL( status, expected_result_arg );
+            goto exit;
+        }
+    }
+
+    status = psa_aead_finish( &operation, final_data,
+                              PSA_AEAD_FINISH_OUTPUT_MAX_SIZE,
+                              &output_part_length,
+                              tag_buffer, tag_length,
+                              &tag_size );
+
+    if( status != PSA_SUCCESS )
+    {
+        TEST_EQUAL( status, expected_result_arg );
+        goto exit;
+    }
+
+    memcpy( ( output_data + output_length ), final_data, output_part_length );
+
+    output_length += output_part_length;
+
+    /* For all currently defined algorithms, PSA_AEAD_ENCRYPT_OUTPUT_SIZE
+     * should be exact. */
+    if( expected_result != PSA_ERROR_INVALID_ARGUMENT )
+        TEST_EQUAL( ( output_length + tag_length ),
+                    PSA_AEAD_ENCRYPT_OUTPUT_SIZE( key_type, alg, input_data->len ) );
+
+    TEST_EQUAL(tag_length, tag_size);
+
+    if( PSA_SUCCESS == expected_result )
+    {
+        output_size2 = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, output_length );
+        ASSERT_ALLOC( output_data2, output_size2 );
+
+        /* For all currently defined algorithms, PSA_AEAD_DECRYPT_OUTPUT_SIZE
+         * should be exact. */
+        TEST_EQUAL( input_data->len,
+                    PSA_AEAD_DECRYPT_OUTPUT_SIZE( key_type, alg,
+                                                  ( output_length  + tag_length ) ) );
+
+        TEST_ASSERT( input_data->len <=
+                     PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE( output_length + tag_length ) );
+
+        operation = psa_aead_operation_init();
+
+        status = psa_aead_decrypt_setup( &operation, key, alg );
+
+        /* If the operation is not supported, just skip and not fail in case the
+         * encryption involves a common limitation of cryptography hardwares and
+         * an alternative implementation. */
+        if( status == PSA_ERROR_NOT_SUPPORTED )
+        {
+            MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 );
+            MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce->len );
+        }
+
+        TEST_EQUAL( status, expected_result );
+
+        if( nonce->len == 0 )
+        {
+            /* Use previously generated nonce. */
+            status = psa_aead_set_nonce( &operation, nonce_buffer, nonce_length );
+        }
+        else
+        {
+            nonce_length = nonce->len;
+            status = psa_aead_set_nonce( &operation, nonce->x, nonce->len );
+        }
+
+        if( status != PSA_SUCCESS )
+        {
+            TEST_EQUAL( status, expected_result_arg );
+        }
+
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
+        if( operation.alg == PSA_ALG_GCM )
+        {
+            status = psa_aead_set_lengths( &operation, additional_data->len, output_length );
+
+            if( status != PSA_SUCCESS )
+            {
+                TEST_EQUAL( status, expected_result_arg );
+            }
+        }
+#endif
+
+        if( ad_part_len != -1 )
+        {
+            part_offset = 0;
+
+            while( part_offset <= additional_data->len)
+            {
+                if( additional_data->len - part_offset < ( uint32_t ) ad_part_len )
+                {
+                    part_length = additional_data->len - part_offset;
+                }
+                else
+                {
+                    part_length = ad_part_len;
+                }
+
+                PSA_ASSERT( psa_aead_update_ad(&operation, additional_data->x + part_offset,
+                                                part_length ) );
+
+                part_offset += part_length;
+            }
+        }
+        else
+        {
+            PSA_ASSERT( psa_aead_update_ad(&operation, additional_data->x, additional_data->len) );
+        }
+
+        if( data_part_len != -1 )
+        {
+            /* Pass data in parts */
+            part_data_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, ( size_t ) data_part_len );
+
+            ASSERT_ALLOC( part_data, part_data_size );
+
+            part_offset = 0;
+
+            while( part_offset <= ( input_data->len - tag_length ) )
+            {
+                if( ( input_data->len - tag_length - part_offset ) < ( uint32_t ) data_part_len )
+                {
+                    part_length = ( input_data->len - tag_length - part_offset );
+                }
+                else
+                {
+                    part_length = data_part_len;
+                }
+
+                PSA_ASSERT( psa_aead_update( &operation, ( input_data->x + part_offset ),
+                                             part_length, part_data,
+                                             part_data_size, &output_part_length ) );
+
+                memcpy( ( output_data2 + part_offset ), part_data, output_part_length );
+
+                part_offset += part_length;
+                output_length2 += output_part_length;
+            }
+        }
+        else
+        {
+            PSA_ASSERT( psa_aead_update( &operation, output_data,
+                                             output_length, output_data2,
+                                             output_size2, &output_length2 ) );
+        }
+
+        PSA_ASSERT( psa_aead_verify( &operation, final_data,
+                                     PSA_AEAD_FINISH_OUTPUT_MAX_SIZE,
+                                     &output_part_length,
+                                     tag_buffer, tag_length ) );
+
+        memcpy( ( output_data2 + output_length2 ), final_data, output_part_length);
+
+        output_length2 += output_part_length;
+
+        ASSERT_COMPARE( input_data->x, input_data->len,
+                        output_data2, output_length2 );
+    }
+
+exit:
+    psa_destroy_key( key );
+    mbedtls_free( output_data );
+    mbedtls_free( output_data2 );
+    mbedtls_free( part_data );
+    mbedtls_free( final_data );
+    PSA_DONE( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void aead_multipart_decrypt( int key_type_arg, data_t *key_data,
+                             int alg_arg,
+                             data_t *nonce,
+                             data_t *additional_data,
+                             int ad_part_len,
+                             data_t *input_data,
+                             int data_part_len,
+                             data_t *expected_data,
+                             int expected_result_arg )
+{
+    mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
+    psa_key_type_t key_type = key_type_arg;
+    psa_algorithm_t alg = alg_arg;
+    psa_aead_operation_t operation;
+    unsigned char *output_data = NULL;
+    unsigned char *part_data = NULL;
+    unsigned char *final_data = NULL;
+    size_t part_data_size;
+    size_t output_size = 0;
+    size_t output_length = 0;
+    size_t key_bits = 0;
+    size_t tag_length = 0;
+    size_t nonce_length = 0;
+    uint8_t nonce_buffer[16];
+    uint32_t part_offset = 0;
+    size_t part_length = 0;
+    size_t output_part_length = 0;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+    psa_status_t expected_result = expected_result_arg;
+    psa_status_t status = PSA_ERROR_GENERIC_ERROR;
+
+    PSA_ASSERT( psa_crypto_init( ) );
+
+    psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT  );
+    psa_set_key_algorithm( &attributes, alg );
+    psa_set_key_type( &attributes, key_type );
+
+    PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+                                &key ) );
+
+    PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
+    key_bits = psa_get_key_bits( &attributes );
+
+    tag_length = PSA_AEAD_TAG_LENGTH( key_type, key_bits, alg );
+
+    output_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg,
+                                               ( input_data->len - tag_length ) );
+
+    ASSERT_ALLOC( output_data, output_size );
+    ASSERT_ALLOC( final_data, PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE );
+
+    operation = psa_aead_operation_init();
+
+    status = psa_aead_decrypt_setup( &operation, key, alg );
+
+    /* If the operation is not supported, just skip and not fail in case the
+     * encryption involves a common limitation of cryptography hardwares and
+     * an alternative implementation. */
+    if( status == PSA_ERROR_NOT_SUPPORTED )
+    {
+        MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 );
+        MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce->len );
+    }
+
+    if( status != PSA_SUCCESS )
+    {
+        TEST_EQUAL( status, expected_result_arg );
+        goto exit;
+    }
+
+    if( nonce->len == 0 )
+    {
+        status = psa_aead_generate_nonce( &operation, nonce_buffer, sizeof( nonce_buffer ),
+                                          &nonce_length );
+    }
+    else
+    {
+        nonce_length = nonce->len;
+        status = psa_aead_set_nonce( &operation, nonce->x, nonce->len );
+    }
+
+    if( status != PSA_SUCCESS )
+    {
+        TEST_EQUAL( status, expected_result_arg );
+        goto exit;
+    }
+
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
+    if( operation.alg == PSA_ALG_GCM )
+    {
+        status = psa_aead_set_lengths( &operation, additional_data->len,
+                                       ( input_data->len - tag_length ) );
+
+        if( status != PSA_SUCCESS )
+        {
+            TEST_EQUAL( status, expected_result_arg );
+            goto exit;
+        }
+    }
+#endif
+
+    if( ad_part_len != -1 )
+    {
+        part_offset = 0;
+
+        while( part_offset <= additional_data->len)
+        {
+            if( additional_data->len - part_offset < ( uint32_t ) ad_part_len )
+            {
+                part_length = additional_data->len - part_offset;
+            }
+            else
+            {
+                part_length = ad_part_len;
+            }
+
+            status = psa_aead_update_ad( &operation, additional_data->x + part_offset,
+                                         part_length );
+
+            if( status != PSA_SUCCESS )
+            {
+                TEST_EQUAL( status, expected_result_arg );
+                goto exit;
+            }
+
+            part_offset += part_length;
+        }
+    }
+    else
+    {
+        status = psa_aead_update_ad( &operation, additional_data->x, additional_data->len );
+
+        if( status != PSA_SUCCESS )
+        {
+            TEST_EQUAL( status, expected_result_arg );
+            goto exit;
+        }
+    }
+
+    if( data_part_len != -1 )
+    {
+        /* Pass data in parts */
+        part_data_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, ( size_t ) data_part_len );
+
+        ASSERT_ALLOC( part_data, part_data_size );
+
+        part_offset = 0;
+
+        while( part_offset <= input_data->len)
+        {
+            if( (input_data->len - tag_length - part_offset ) < ( uint32_t ) data_part_len )
+            {
+                part_length = ( input_data->len - tag_length - part_offset );
+            }
+            else
+            {
+                part_length = data_part_len;
+            }
+
+            status = psa_aead_update( &operation, ( input_data->x + part_offset ),
+                                         part_length, part_data,
+                                         part_data_size, &output_part_length );
+
+            if( status != PSA_SUCCESS )
+            {
+                TEST_EQUAL( status, expected_result_arg );
+                goto exit;
+            }
+
+            memcpy( ( output_data + part_offset ), part_data, output_part_length );
+
+            part_offset += part_length;
+            output_length += output_part_length;
+        }
+    }
+    else
+    {
+        status = psa_aead_update( &operation, input_data->x,
+                                  ( input_data->len - tag_length ), output_data,
+                                  output_size, &output_length );
+
+        if( status != PSA_SUCCESS )
+        {
+            TEST_EQUAL( status, expected_result_arg );
+            goto exit;
+        }
+    }
+
+    status = psa_aead_verify( &operation, final_data,
+                                 PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE,
+                                 &output_part_length,
+                                 ( input_data->x + input_data->len - tag_length ),
+                                 tag_length );
+
+    if( status != PSA_SUCCESS )
+    {
+        TEST_EQUAL( status, expected_result_arg );
+        goto exit;
+    }
+
+    memcpy( ( output_data + output_length ), final_data, output_part_length );
+
+    output_length += output_part_length;
+
+    if( expected_result != PSA_ERROR_INVALID_ARGUMENT )
+    {
+        /* For all currently defined algorithms, PSA_AEAD_DECRYPT_OUTPUT_SIZE
+         * should be exact. */
+        TEST_EQUAL( output_length,
+                    PSA_AEAD_DECRYPT_OUTPUT_SIZE( key_type, alg, input_data->len ) );
+        TEST_ASSERT( output_length <=
+                     PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE( input_data->len ) );
+    }
+
+    if( expected_result == PSA_SUCCESS )
+        ASSERT_COMPARE( expected_data->x, expected_data->len,
+                        output_data, output_length );
+
+exit:
+    psa_destroy_key( key );
+    mbedtls_free( output_data );
+    mbedtls_free( part_data );
+    mbedtls_free( final_data );
+    PSA_DONE( );
+}
+/* END_CASE */
+
 /* BEGIN_CASE */
 void signature_size( int type_arg,
                      int bits,

From 4bbe82bdcc606672bda65dc4a3bcd57b2894a185 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Tue, 27 Apr 2021 12:11:56 +0100
Subject: [PATCH 011/966] Add transparent driver tests for M-AEAD

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto_driver_wrappers.c |  48 +++----
 tests/include/test/drivers/aead.h    |  55 ++++++++
 tests/src/drivers/test_driver_aead.c | 204 +++++++++++++++++++++++++++
 3 files changed, 283 insertions(+), 24 deletions(-)

diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c
index 91ad37f80d..ce49a226bf 100644
--- a/library/psa_crypto_driver_wrappers.c
+++ b/library/psa_crypto_driver_wrappers.c
@@ -1311,10 +1311,10 @@ psa_status_t psa_driver_wrapper_aead_encrypt_setup(
 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
 #if defined(PSA_CRYPTO_DRIVER_TEST)
             status = PSA_ERROR_NOT_SUPPORTED;
-//          status = test_transparent_aead_encrypt_setup(
-//                      operation, attributes,
-//                      key_buffer, key_buffer_size,
-//                      alg );
+            status = test_transparent_aead_encrypt_setup(
+                        operation, attributes,
+                        key_buffer, key_buffer_size,
+                        alg );
             /* Declared with fallback == true */
             if( status == PSA_SUCCESS )
                 operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
@@ -1363,10 +1363,10 @@ psa_status_t psa_driver_wrapper_aead_decrypt_setup(
 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
 #if defined(PSA_CRYPTO_DRIVER_TEST)
             status = PSA_ERROR_NOT_SUPPORTED;
-//          status = test_transparent_aead_decrypt_setup(
-//                      operation, attributes,
-//                      key_buffer, key_buffer_size,
-//                      alg );
+            status = test_transparent_aead_decrypt_setup(
+                        operation, attributes,
+                        key_buffer, key_buffer_size,
+                        alg );
             /* Declared with fallback == true */
             if( status == PSA_SUCCESS )
                 operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
@@ -1413,8 +1413,8 @@ psa_status_t psa_driver_wrapper_aead_set_nonce(
 #if defined(PSA_CRYPTO_DRIVER_TEST)
         case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
             return( PSA_ERROR_NOT_SUPPORTED );
-//          return( test_transparent_aead_set_nonce(
-//                      operation, nonce, nonce_length ) );
+            return( test_transparent_aead_set_nonce(
+                        operation, nonce, nonce_length ) );
 
         /* Add cases for opaque driver here */
 
@@ -1445,8 +1445,8 @@ psa_status_t psa_driver_wrapper_aead_set_lengths(
 #if defined(PSA_CRYPTO_DRIVER_TEST)
         case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
             return( PSA_ERROR_NOT_SUPPORTED );
-//          return( test_transparent_aead_set_lengths(
-//                      operation, ad_length, plaintext_length ) );
+            return( test_transparent_aead_set_lengths(
+                        operation, ad_length, plaintext_length ) );
 
         /* Add cases for opaque driver here */
 
@@ -1477,8 +1477,8 @@ psa_status_t psa_driver_wrapper_aead_update_ad(
 #if defined(PSA_CRYPTO_DRIVER_TEST)
         case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
             return( PSA_ERROR_NOT_SUPPORTED );
-//          return( test_transparent_aead_update_ad(
-//                      operation, input, input_length ) );
+            return( test_transparent_aead_update_ad(
+                        operation, input, input_length ) );
 
         /* Add cases for opaque driver here */
 
@@ -1513,9 +1513,9 @@ psa_status_t psa_driver_wrapper_aead_update(
 #if defined(PSA_CRYPTO_DRIVER_TEST)
         case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
             return( PSA_ERROR_NOT_SUPPORTED );
-//          return( test_transparent_aead_update(
-//                      operation, input, input_length, ouput, output_size,
-//                      output_length ) );
+            return( test_transparent_aead_update(
+                        operation, input, input_length, output, output_size,
+                        output_length ) );
 
         /* Add cases for opaque driver here */
 
@@ -1554,9 +1554,9 @@ psa_status_t psa_driver_wrapper_aead_finish(
 #if defined(PSA_CRYPTO_DRIVER_TEST)
         case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
             return( PSA_ERROR_NOT_SUPPORTED );
-//          return( test_transparent_aead_finish(
-//                      operation, ciphertext, ciphertext_size,
-//                      ciphertext_length, tag, tag_size, tag_length ) );
+            return( test_transparent_aead_finish(
+                        operation, ciphertext, ciphertext_size,
+                        ciphertext_length, tag, tag_size, tag_length ) );
 
         /* Add cases for opaque driver here */
 
@@ -1595,9 +1595,9 @@ psa_status_t psa_driver_wrapper_aead_verify(
 #if defined(PSA_CRYPTO_DRIVER_TEST)
         case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
             return( PSA_ERROR_NOT_SUPPORTED );
-//          return( test_transparent_aead_verify(
-//                      operation, ciphertext, ciphertext_size,
-//                      ciphertext_length, tag, tag_length ) );
+            return( test_transparent_aead_verify(
+                        operation, plaintext, plaintext_size,
+                        plaintext_length, tag, tag_length ) );
 
         /* Add cases for opaque driver here */
 
@@ -1629,7 +1629,7 @@ psa_status_t psa_driver_wrapper_aead_abort(
 #if defined(PSA_CRYPTO_DRIVER_TEST)
         case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
             return( PSA_ERROR_NOT_SUPPORTED );
-//          return( test_transparent_aead_abort( operation ) );
+            return( test_transparent_aead_abort( operation ) );
 
         /* Add cases for opaque driver here */
 
diff --git a/tests/include/test/drivers/aead.h b/tests/include/test/drivers/aead.h
index 2207cb36fe..23f32c0a88 100644
--- a/tests/include/test/drivers/aead.h
+++ b/tests/include/test/drivers/aead.h
@@ -67,5 +67,60 @@ psa_status_t mbedtls_test_transparent_aead_decrypt(
     const uint8_t *ciphertext, size_t ciphertext_length,
     uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length );
 
+psa_status_t test_transparent_aead_encrypt_setup(
+    psa_aead_operation_t *operation,
+    const psa_key_attributes_t *attributes,
+    const uint8_t *key_buffer, size_t key_buffer_size,
+    psa_algorithm_t alg );
+
+psa_status_t test_transparent_aead_decrypt_setup(
+    psa_aead_operation_t *operation,
+    const psa_key_attributes_t *attributes,
+    const uint8_t *key_buffer, size_t key_buffer_size,
+    psa_algorithm_t alg );
+
+psa_status_t test_transparent_aead_set_nonce(
+    psa_aead_operation_t *operation,
+    const uint8_t *nonce,
+    size_t nonce_length );
+
+psa_status_t test_transparent_aead_set_lengths(
+    psa_aead_operation_t *operation,
+    size_t ad_length,
+    size_t plaintext_length );
+
+psa_status_t test_transparent_aead_update_ad(
+    psa_aead_operation_t *operation,
+    const uint8_t *input,
+    size_t input_length );
+
+psa_status_t test_transparent_aead_update(
+   psa_aead_operation_t *operation,
+   const uint8_t *input,
+   size_t input_length,
+   uint8_t *output,
+   size_t output_size,
+   size_t *output_length );
+
+psa_status_t test_transparent_aead_finish(
+   psa_aead_operation_t *operation,
+   uint8_t *ciphertext,
+   size_t ciphertext_size,
+   size_t *ciphertext_length,
+   uint8_t *tag,
+   size_t tag_size,
+   size_t *tag_length );
+
+psa_status_t test_transparent_aead_verify(
+   psa_aead_operation_t *operation,
+   uint8_t *plaintext,
+   size_t plaintext_size,
+   size_t *plaintext_length,
+   const uint8_t *tag,
+   size_t tag_length );
+
+psa_status_t test_transparent_aead_abort(
+   psa_aead_operation_t *operation );
+
 #endif /* PSA_CRYPTO_DRIVER_TEST */
 #endif /* PSA_CRYPTO_TEST_DRIVERS_AEAD_H */
diff --git a/tests/src/drivers/test_driver_aead.c b/tests/src/drivers/test_driver_aead.c
index 25396c92f5..67118efcbe 100644
--- a/tests/src/drivers/test_driver_aead.c
+++ b/tests/src/drivers/test_driver_aead.c
@@ -93,4 +93,208 @@ psa_status_t mbedtls_test_transparent_aead_decrypt(
     return( mbedtls_test_driver_aead_hooks.driver_status );
 }
 
+psa_status_t test_transparent_aead_encrypt_setup(
+    psa_aead_operation_t *operation,
+    const psa_key_attributes_t *attributes,
+    const uint8_t *key_buffer, size_t key_buffer_size,
+    psa_algorithm_t alg )
+{
+    test_driver_aead_hooks.hits++;
+
+    if( test_driver_aead_hooks.forced_status != PSA_SUCCESS )
+    {
+         test_driver_aead_hooks.driver_status =
+             test_driver_aead_hooks.forced_status;
+    }
+    else
+    {
+        test_driver_aead_hooks.driver_status =
+            mbedtls_psa_aead_encrypt_setup( operation, attributes, key_buffer,
+                                            key_buffer_size, alg );
+    }
+
+    return( test_driver_aead_hooks.driver_status );
+}
+
+psa_status_t test_transparent_aead_decrypt_setup(
+    psa_aead_operation_t *operation,
+    const psa_key_attributes_t *attributes,
+    const uint8_t *key_buffer, size_t key_buffer_size,
+    psa_algorithm_t alg )
+{
+    test_driver_aead_hooks.hits++;
+
+    if( test_driver_aead_hooks.forced_status != PSA_SUCCESS )
+    {
+         test_driver_aead_hooks.driver_status =
+             test_driver_aead_hooks.forced_status;
+    }
+    else
+    {
+        test_driver_aead_hooks.driver_status =
+            mbedtls_psa_aead_decrypt_setup( operation, attributes, key_buffer,
+                                            key_buffer_size, alg );
+    }
+
+    return( test_driver_aead_hooks.driver_status );
+}
+
+psa_status_t test_transparent_aead_set_nonce(
+    psa_aead_operation_t *operation,
+    const uint8_t *nonce,
+    size_t nonce_length )
+{
+    test_driver_aead_hooks.hits++;
+
+    if( test_driver_aead_hooks.forced_status != PSA_SUCCESS )
+    {
+         test_driver_aead_hooks.driver_status =
+             test_driver_aead_hooks.forced_status;
+    }
+    else
+    {
+        test_driver_aead_hooks.driver_status =
+            mbedtls_psa_aead_set_nonce( operation, nonce, nonce_length );
+    }
+
+    return( test_driver_aead_hooks.driver_status );
+}
+
+psa_status_t test_transparent_aead_set_lengths(
+    psa_aead_operation_t *operation,
+    size_t ad_length,
+    size_t plaintext_length )
+{
+    test_driver_aead_hooks.hits++;
+
+    if( test_driver_aead_hooks.forced_status != PSA_SUCCESS )
+    {
+         test_driver_aead_hooks.driver_status =
+             test_driver_aead_hooks.forced_status;
+    }
+    else
+    {
+        test_driver_aead_hooks.driver_status =
+            mbedtls_psa_aead_set_lengths( operation, ad_length, plaintext_length );
+    }
+
+    return( test_driver_aead_hooks.driver_status );
+}
+
+psa_status_t test_transparent_aead_update_ad(
+    psa_aead_operation_t *operation,
+    const uint8_t *input,
+    size_t input_length )
+{
+    test_driver_aead_hooks.hits++;
+
+    if( test_driver_aead_hooks.forced_status != PSA_SUCCESS )
+    {
+         test_driver_aead_hooks.driver_status =
+             test_driver_aead_hooks.forced_status;
+    }
+    else
+    {
+        test_driver_aead_hooks.driver_status =
+            mbedtls_psa_aead_update_ad( operation, input, input_length );
+    }
+
+    return( test_driver_aead_hooks.driver_status );
+}
+
+psa_status_t test_transparent_aead_update(
+   psa_aead_operation_t *operation,
+   const uint8_t *input,
+   size_t input_length,
+   uint8_t *output,
+   size_t output_size,
+   size_t *output_length )
+{
+    test_driver_aead_hooks.hits++;
+
+    if( test_driver_aead_hooks.forced_status != PSA_SUCCESS )
+    {
+         test_driver_aead_hooks.driver_status =
+             test_driver_aead_hooks.forced_status;
+    }
+    else
+    {
+        test_driver_aead_hooks.driver_status =
+            mbedtls_psa_aead_update( operation, input, input_length, output,
+                                    output_size, output_length );
+    }
+
+    return( test_driver_aead_hooks.driver_status );
+}
+
+psa_status_t test_transparent_aead_finish(
+   psa_aead_operation_t *operation,
+   uint8_t *ciphertext,
+   size_t ciphertext_size,
+   size_t *ciphertext_length,
+   uint8_t *tag,
+   size_t tag_size,
+   size_t *tag_length )
+{
+   test_driver_aead_hooks.hits++;
+
+    if( test_driver_aead_hooks.forced_status != PSA_SUCCESS )
+    {
+         test_driver_aead_hooks.driver_status =
+             test_driver_aead_hooks.forced_status;
+    }
+    else
+    {
+        test_driver_aead_hooks.driver_status =
+            mbedtls_psa_aead_finish( operation, ciphertext, ciphertext_size,
+                                     ciphertext_length, tag, tag_size, tag_length );
+    }
+
+    return( test_driver_aead_hooks.driver_status );
+}
+
+psa_status_t test_transparent_aead_verify(
+   psa_aead_operation_t *operation,
+   uint8_t *plaintext,
+   size_t plaintext_size,
+   size_t *plaintext_length,
+   const uint8_t *tag,
+   size_t tag_length )
+{
+   test_driver_aead_hooks.hits++;
+
+    if( test_driver_aead_hooks.forced_status != PSA_SUCCESS )
+    {
+         test_driver_aead_hooks.driver_status =
+             test_driver_aead_hooks.forced_status;
+    }
+    else
+    {
+        test_driver_aead_hooks.driver_status =
+            mbedtls_psa_aead_verify( operation, plaintext, plaintext_size,
+                                    plaintext_length, tag, tag_length );
+    }
+
+    return( test_driver_aead_hooks.driver_status );
+}
+
+psa_status_t test_transparent_aead_abort(
+   psa_aead_operation_t *operation )
+{
+   test_driver_aead_hooks.hits++;
+
+    if( test_driver_aead_hooks.forced_status != PSA_SUCCESS )
+    {
+         test_driver_aead_hooks.driver_status =
+             test_driver_aead_hooks.forced_status;
+    }
+    else
+    {
+        test_driver_aead_hooks.driver_status =
+            mbedtls_psa_aead_abort( operation );
+    }
+
+    return( test_driver_aead_hooks.driver_status );
+}
+
 #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */

From d4e99ed40cd8a043daa8a62cec96ad58e3167570 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Tue, 27 Apr 2021 16:34:31 +0100
Subject: [PATCH 012/966] Fix mistyped buffer size variable

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 include/psa/crypto_struct.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h
index 90a0c2098c..6c5639d1c8 100644
--- a/include/psa/crypto_struct.h
+++ b/include/psa/crypto_struct.h
@@ -183,7 +183,7 @@ struct psa_aead_operation_s
     size_t ad_length;
 
     uint8_t *body_buffer;
-    uint8_t body_length;
+    size_t body_length;
 
     uint8_t *tag_buffer;
 

From ac3c20013cba08babf891fa6616d25cdf7df5c7c Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Tue, 27 Apr 2021 19:10:18 +0100
Subject: [PATCH 013/966] Prevent unsafe memcpy

Some tests cause a zero length input or output, which can mean the
allocated test output buffers can be zero length. Protect against
calling memcpy blindly in these situations.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 tests/suites/test_suite_psa_crypto.function | 45 ++++++++++++++++-----
 1 file changed, 36 insertions(+), 9 deletions(-)

diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 991b10a8a9..a7ba675257 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -3292,7 +3292,10 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data,
                                          part_length, part_data,
                                          part_data_size, &output_part_length ) );
 
-            memcpy( ( output_data + part_offset ), part_data, output_part_length );
+            if( output_data && output_part_length )
+            {
+                memcpy( ( output_data + part_offset ), part_data, output_part_length );
+            }
 
             part_offset += part_length;
             output_length += output_part_length;
@@ -3312,13 +3315,19 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data,
                                  tag_buffer, tag_length,
                                  &tag_size ) );
 
-    memcpy( ( output_data + output_length ), final_data, output_part_length );
+    if( output_data && output_part_length )
+    {
+        memcpy( ( output_data + output_length ), final_data, output_part_length );
+    }
 
     TEST_EQUAL(tag_length, tag_size);
 
     output_length += output_part_length;
 
-    memcpy( ( output_data + output_length ), tag_buffer, tag_length );
+    if( output_data && tag_length )
+    {
+        memcpy( ( output_data + output_length ), tag_buffer, tag_length );
+    }
 
     output_length += tag_length;
 
@@ -3516,7 +3525,10 @@ void aead_multipart_encrypt_decrypt( int key_type_arg, data_t *key_data,
                 goto exit;
             }
 
-            memcpy( ( output_data + part_offset ), part_data, output_part_length );
+            if( output_data && output_part_length )
+            {
+                memcpy( ( output_data + part_offset ), part_data, output_part_length );
+            }
 
             part_offset += part_length;
             output_length += output_part_length;
@@ -3547,7 +3559,10 @@ void aead_multipart_encrypt_decrypt( int key_type_arg, data_t *key_data,
         goto exit;
     }
 
-    memcpy( ( output_data + output_length ), final_data, output_part_length );
+    if( output_data &&output_part_length )
+    {
+        memcpy( ( output_data + output_length ), final_data, output_part_length );
+    }
 
     output_length += output_part_length;
 
@@ -3666,7 +3681,10 @@ void aead_multipart_encrypt_decrypt( int key_type_arg, data_t *key_data,
                                              part_length, part_data,
                                              part_data_size, &output_part_length ) );
 
-                memcpy( ( output_data2 + part_offset ), part_data, output_part_length );
+                if( output_data2 && output_part_length )
+                {
+                    memcpy( ( output_data2 + part_offset ), part_data, output_part_length );
+                }
 
                 part_offset += part_length;
                 output_length2 += output_part_length;
@@ -3684,7 +3702,10 @@ void aead_multipart_encrypt_decrypt( int key_type_arg, data_t *key_data,
                                      &output_part_length,
                                      tag_buffer, tag_length ) );
 
-        memcpy( ( output_data2 + output_length2 ), final_data, output_part_length);
+        if( output_data2 && output_part_length )
+        {
+            memcpy( ( output_data2 + output_length2 ), final_data, output_part_length);
+        }
 
         output_length2 += output_part_length;
 
@@ -3872,7 +3893,10 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data,
                 goto exit;
             }
 
-            memcpy( ( output_data + part_offset ), part_data, output_part_length );
+            if( output_data && output_part_length )
+            {
+                memcpy( ( output_data + part_offset ), part_data, output_part_length );
+            }
 
             part_offset += part_length;
             output_length += output_part_length;
@@ -3903,7 +3927,10 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data,
         goto exit;
     }
 
-    memcpy( ( output_data + output_length ), final_data, output_part_length );
+    if( output_data && output_part_length )
+    {
+        memcpy( ( output_data + output_length ), final_data, output_part_length );
+    }
 
     output_length += output_part_length;
 

From 72baf658193d97bca6e37eed1a195eec09b13bf3 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Wed, 28 Apr 2021 13:23:27 +0100
Subject: [PATCH 014/966] Ensure operation id gets set even if failure

Although this deviates from the standard "auto-generated" code, the
M-AEAD setup functions set the key and thus allocate memory. If the
failure occurs after this (invalid tag size for example) then not having
the id set to the internal drivers means that abort does not get called,
and this causes the allocated data to leak.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto_driver_wrappers.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c
index ce49a226bf..1e17435015 100644
--- a/library/psa_crypto_driver_wrappers.c
+++ b/library/psa_crypto_driver_wrappers.c
@@ -1330,8 +1330,7 @@ psa_status_t psa_driver_wrapper_aead_encrypt_setup(
                         key_buffer, key_buffer_size,
                         alg );
 
-            if( status == PSA_SUCCESS )
-                operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
+            operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
 
             return( status );
 
@@ -1382,8 +1381,7 @@ psa_status_t psa_driver_wrapper_aead_decrypt_setup(
                         key_buffer, key_buffer_size,
                         alg );
 
-            if( status == PSA_SUCCESS )
-                operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
+            operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
 
             return( status );
 

From 16e6dcd72e85ed3b56f5f9c3041cd9b98ea4c466 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Wed, 28 Apr 2021 13:27:39 +0100
Subject: [PATCH 015/966] Add missing abort call to the end of tests

All tests should have an abort call in case of test failure to make sure
everything is cleaned up. Also removed unused define.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 tests/suites/test_suite_psa_crypto.function | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index a7ba675257..6ae5030ee1 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -3343,6 +3343,7 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data,
 
 exit:
     psa_destroy_key( key );
+    psa_aead_abort( &operation );
     mbedtls_free( output_data );
     mbedtls_free( part_data );
     mbedtls_free( final_data );
@@ -3715,6 +3716,7 @@ void aead_multipart_encrypt_decrypt( int key_type_arg, data_t *key_data,
 
 exit:
     psa_destroy_key( key );
+    psa_aead_abort( &operation );
     mbedtls_free( output_data );
     mbedtls_free( output_data2 );
     mbedtls_free( part_data );
@@ -3950,6 +3952,7 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data,
 
 exit:
     psa_destroy_key( key );
+    psa_aead_abort( &operation );
     mbedtls_free( output_data );
     mbedtls_free( part_data );
     mbedtls_free( final_data );

From 7bc45ebf13d0496ea9ffd22c7e97f0678306b105 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Wed, 28 Apr 2021 13:44:46 +0100
Subject: [PATCH 016/966] Add Changelog entry

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 ChangeLog.d/add_psa_m_aead.txt | 3 +++
 1 file changed, 3 insertions(+)
 create mode 100644 ChangeLog.d/add_psa_m_aead.txt

diff --git a/ChangeLog.d/add_psa_m_aead.txt b/ChangeLog.d/add_psa_m_aead.txt
new file mode 100644
index 0000000000..d5c0a48c2f
--- /dev/null
+++ b/ChangeLog.d/add_psa_m_aead.txt
@@ -0,0 +1,3 @@
+Features
+   * Implemented the multipart AEAD API within the PSA Crypto API, along with
+     tests in the PSA Crypto test suite, and transparent driver wrappers.

From fe5480a4c2a32931d4f7772b23da5935530d399d Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Wed, 28 Apr 2021 16:44:37 +0100
Subject: [PATCH 017/966] Fix transparent driver wrappers

Remove spurious "not supported" returns, and fix same issue that was
encountered with internal implementations - operation needs to be
marked as a type even if the initial call fails, otherwise cleanup won't
get done.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto_driver_wrappers.c | 13 ++-----------
 1 file changed, 2 insertions(+), 11 deletions(-)

diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c
index 1e17435015..0a7960ca7e 100644
--- a/library/psa_crypto_driver_wrappers.c
+++ b/library/psa_crypto_driver_wrappers.c
@@ -1316,8 +1316,7 @@ psa_status_t psa_driver_wrapper_aead_encrypt_setup(
                         key_buffer, key_buffer_size,
                         alg );
             /* Declared with fallback == true */
-            if( status == PSA_SUCCESS )
-                operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
+            operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
 
             if( status != PSA_ERROR_NOT_SUPPORTED )
                 return( status );
@@ -1367,8 +1366,7 @@ psa_status_t psa_driver_wrapper_aead_decrypt_setup(
                         key_buffer, key_buffer_size,
                         alg );
             /* Declared with fallback == true */
-            if( status == PSA_SUCCESS )
-                operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
+            operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
 
             if( status != PSA_ERROR_NOT_SUPPORTED )
                 return( status );
@@ -1410,7 +1408,6 @@ psa_status_t psa_driver_wrapper_aead_set_nonce(
 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
 #if defined(PSA_CRYPTO_DRIVER_TEST)
         case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
-            return( PSA_ERROR_NOT_SUPPORTED );
             return( test_transparent_aead_set_nonce(
                         operation, nonce, nonce_length ) );
 
@@ -1442,7 +1439,6 @@ psa_status_t psa_driver_wrapper_aead_set_lengths(
 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
 #if defined(PSA_CRYPTO_DRIVER_TEST)
         case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
-            return( PSA_ERROR_NOT_SUPPORTED );
             return( test_transparent_aead_set_lengths(
                         operation, ad_length, plaintext_length ) );
 
@@ -1474,7 +1470,6 @@ psa_status_t psa_driver_wrapper_aead_update_ad(
 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
 #if defined(PSA_CRYPTO_DRIVER_TEST)
         case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
-            return( PSA_ERROR_NOT_SUPPORTED );
             return( test_transparent_aead_update_ad(
                         operation, input, input_length ) );
 
@@ -1510,7 +1505,6 @@ psa_status_t psa_driver_wrapper_aead_update(
 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
 #if defined(PSA_CRYPTO_DRIVER_TEST)
         case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
-            return( PSA_ERROR_NOT_SUPPORTED );
             return( test_transparent_aead_update(
                         operation, input, input_length, output, output_size,
                         output_length ) );
@@ -1551,7 +1545,6 @@ psa_status_t psa_driver_wrapper_aead_finish(
 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
 #if defined(PSA_CRYPTO_DRIVER_TEST)
         case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
-            return( PSA_ERROR_NOT_SUPPORTED );
             return( test_transparent_aead_finish(
                         operation, ciphertext, ciphertext_size,
                         ciphertext_length, tag, tag_size, tag_length ) );
@@ -1592,7 +1585,6 @@ psa_status_t psa_driver_wrapper_aead_verify(
 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
 #if defined(PSA_CRYPTO_DRIVER_TEST)
         case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
-            return( PSA_ERROR_NOT_SUPPORTED );
             return( test_transparent_aead_verify(
                         operation, plaintext, plaintext_size,
                         plaintext_length, tag, tag_length ) );
@@ -1626,7 +1618,6 @@ psa_status_t psa_driver_wrapper_aead_abort(
 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
 #if defined(PSA_CRYPTO_DRIVER_TEST)
         case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
-            return( PSA_ERROR_NOT_SUPPORTED );
             return( test_transparent_aead_abort( operation ) );
 
         /* Add cases for opaque driver here */

From 5d9fa8d675da84a48d86fd1578751b67c9a2a204 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Tue, 4 May 2021 17:21:16 +0100
Subject: [PATCH 018/966] Add define to allow multipart ccm to work

Add (internal only) define to config.h which allows the temporary
implementation of CCM to work, by removing the buffer zeroization on tag
fail when decrypting. This will obviously be removed when multipart CCM
is properaly implemented

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 include/mbedtls/config.h                |   8 ++
 library/ccm.c                           |   2 +
 scripts/config.py                       |   1 +
 tests/suites/test_suite_psa_crypto.data | 112 ++++++++++++++++++++++++
 4 files changed, 123 insertions(+)

diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index a4479d79ff..6cb05e4712 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -3756,6 +3756,14 @@
  */
 //#define MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
 
+/**
+ * Internal define that removes the zeroization of the output when decrypting
+ * CCM and the tag check fails. This is for internal use only, and was added so
+ * that PSA multipart CCM could be implmented. This option will be removed at
+ * some point in the future when proper CCM multipart support is implemented.
+ * Use at own risk.
+ */
+//#define MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL
 /* \} name SECTION: Customisation configuration options */
 
 /* Target and application specific configurations
diff --git a/library/ccm.c b/library/ccm.c
index 424ee77b69..d52e7b0797 100644
--- a/library/ccm.c
+++ b/library/ccm.c
@@ -386,7 +386,9 @@ int mbedtls_ccm_star_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
 
     if( diff != 0 )
     {
+#ifndef MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL
         mbedtls_platform_zeroize( output, length );
+#endif
         return( MBEDTLS_ERR_CCM_AUTH_FAILED );
     }
 
diff --git a/scripts/config.py b/scripts/config.py
index a77ead0544..f9f06053d3 100755
--- a/scripts/config.py
+++ b/scripts/config.py
@@ -197,6 +197,7 @@ EXCLUDE_FROM_FULL = frozenset([
     'MBEDTLS_TEST_NULL_ENTROPY', # removes a feature
     'MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION', # influences the use of X.509 in TLS
     'MBEDTLS_X509_REMOVE_INFO', # removes a feature
+    'MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL', # lowers security of CCM
 ])
 
 def is_seamless_alt(name):
diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index fc79741dc0..8a85edd10c 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -2062,6 +2062,118 @@ PSA AEAD encrypt/decrypt: invalid algorithm (ChaCha20)
 depends_on:MBEDTLS_CHACHA20_C
 aead_encrypt_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_STREAM_CIPHER:"":"":"":PSA_ERROR_NOT_SUPPORTED
 
+PSA Multipart AEAD encrypt/decrypt: AES-CCM, 19 bytes #1
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL
+aead_multipart_encrypt_decrypt:PSA_KEY_TYPE_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":PSA_ALG_CCM:"000102030405060708090A0B":"000102030405060708090A0B":-1:"0C0D0E0F101112131415161718191A1B1C1D1E":-1:PSA_SUCCESS
+
+PSA Multipart AEAD encrypt/decrypt: AES-CCM, 19 bytes #2
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL
+aead_multipart_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CCM:"000102030405060708090A0B":"EC46BB63B02520C33C49FD70":-1:"B96B49E21D621741632875DB7F6C9243D2D7C2":-1:PSA_SUCCESS
+
+PSA Multipart AEAD encrypt/decrypt: DES-CCM not supported
+depends_on:MBEDTLS_DES_C:MBEDTLS_CCM_C:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL
+aead_multipart_encrypt_decrypt:PSA_KEY_TYPE_DES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CCM:"000102030405060708090A0B":"EC46BB63B02520C33C49FD70":-1:"B96B49E21D621741632875DB7F6C9243D2D7C2":-1:PSA_ERROR_NOT_SUPPORTED
+
+PSA Multipart AEAD encrypt: AES-CCM, 23 bytes
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CCM:"00412B4EA9CDBE3C9696766CFA":"0BE1A88BACE018B1":-1:"08E8CF97D820EA258460E96AD9CF5289054D895CEAC47C":-1:"4CB97F86A2A4689A877947AB8091EF5386A6FFBDD080F8120333D1FCB691F3406CBF531F83A4D8"
+
+PSA Multipart AEAD encrypt: AES-CCM, 24 bytes
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6d80e8bf80f4a46cab06d4313f0db9be9"
+
+PSA Multipart AEAD encrypt: AES-CCM, 24 bytes, T=4
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 4 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6643b4f39"
+
+PSA Multipart AEAD encrypt: AES-CCM, 24 bytes, T=6
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 6 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b63fdffcd729bc"
+
+PSA Multipart AEAD encrypt: AES-CCM, 24 bytes, T=8
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 8 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b64cf2c3bf5f220776"
+
+PSA Multipart AEAD encrypt: AES-CCM, 24 bytes, T=10
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 10 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b69613343621327defd18e"
+
+PSA Multipart AEAD encrypt: AES-CCM, 24 bytes, T=12
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 12 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b69a2e5d8faee3138fa5cf9846"
+
+PSA Multipart AEAD encrypt: AES-CCM, 24 bytes, T=14
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 14 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6c99af01cdb6aa76df73c8646c27f"
+
+PSA Multipart AEAD encrypt: AES-CCM, 24 bytes, T=16
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 16 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6d80e8bf80f4a46cab06d4313f0db9be9"
+
+PSA Multipart AEAD decrypt: AES-CCM, 39 bytes
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CCM:"00412B4EA9CDBE3C9696766CFA":"0BE1A88BACE018B1":-1:"4CB97F86A2A4689A877947AB8091EF5386A6FFBDD080F8120333D1FCB691F3406CBF531F83A4D8":-1:"08E8CF97D820EA258460E96AD9CF5289054D895CEAC47C":PSA_SUCCESS
+
+PSA Multipart AEAD decrypt, AES-CCM, 40 bytes
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6d80e8bf80f4a46cab06d4313f0db9be9":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_SUCCESS
+
+PSA Multipart AEAD decrypt: AES-CCM, 24 bytes, T=4
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 4 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6643b4f39":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_SUCCESS
+
+PSA Multipart AEAD decrypt: AES-CCM, 24 bytes, T=6
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 6 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b63fdffcd729bc":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_SUCCESS
+
+PSA Multipart AEAD decrypt: AES-CCM, 24 bytes, T=8
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 8 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b64cf2c3bf5f220776":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_SUCCESS
+
+PSA Multipart AEAD decrypt: AES-CCM, 24 bytes, T=10
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 10 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b69613343621327defd18e":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_SUCCESS
+
+PSA Multipart AEAD decrypt: AES-CCM, 24 bytes, T=12
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 12 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b69a2e5d8faee3138fa5cf9846":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_SUCCESS
+
+PSA Multipart AEAD decrypt: AES-CCM, 24 bytes, T=14
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 14 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6c99af01cdb6aa76df73c8646c27f":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_SUCCESS
+
+PSA Multipart AEAD decrypt: AES-CCM, 24 bytes, T=16
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 16 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6d80e8bf80f4a46cab06d4313f0db9be9":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_SUCCESS
+
+PSA Multipart AEAD decrypt: AES-CCM, invalid signature
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"26d56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6d80e8bf80f4a46cab06d4313f0db9be9":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_SIGNATURE
+
+PSA Multipart AEAD decrypt: AES-CCM, invalid signature, T=4
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 4 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6643b4f38":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_SIGNATURE
+
+PSA Multipart AEAD decrypt: AES-CCM, T=4, tag is truncated tag for T=16
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 4 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"26c56961c035a7e452cce61bc6ee220d":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_SIGNATURE
+
+PSA Multipart AEAD decrypt: AES-CCM, invalid tag length 0
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 0 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT
+
+PSA Multipart AEAD decrypt: AES-CCM, invalid tag length 2
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 2 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT
+
+PSA Multipart AEAD decrypt: AES-CCM, invalid tag length 15
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 15 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT
+
+PSA Multipart AEAD decrypt: AES-CCM, invalid tag length 18
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 18 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT
+
 PSA Multipart AEAD encrypt/decrypt, AES-GCM, 19 bytes #1
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_encrypt_decrypt:PSA_KEY_TYPE_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":PSA_ALG_GCM:"000102030405060708090A0B0C0D0E0F":"000102030405060708090A0B":-1:"0C0D0E0F101112131415161718191A1B1C1D1E":-1:PSA_SUCCESS

From f0e21de4307e1b6d5d1b385b0cc52875323bbecc Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Thu, 6 May 2021 19:23:40 +0100
Subject: [PATCH 019/966] Fix generated files after adding config option

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 programs/test/query_config.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/programs/test/query_config.c b/programs/test/query_config.c
index 450e2fbbf0..647279d687 100644
--- a/programs/test/query_config.c
+++ b/programs/test/query_config.c
@@ -2723,6 +2723,14 @@ int query_config( const char *config )
     }
 #endif /* MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED */
 
+#if defined(MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL)
+    if( strcmp( "MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL );
+        return( 0 );
+    }
+#endif /* MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL */
+
     /* If the symbol is not found, return an error */
     return( 1 );
 }

From a218ceba931d8b8f9d1db7d85b08bb853e6a5147 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Fri, 7 May 2021 15:10:31 +0100
Subject: [PATCH 020/966] Merge upstream test driver changes locally

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto_driver_wrappers.c |  43 +++++----
 tests/include/test/drivers/aead.h    |  18 ++--
 tests/src/drivers/test_driver_aead.c | 132 ++++++++++++++-------------
 3 files changed, 101 insertions(+), 92 deletions(-)

diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c
index 0a7960ca7e..7faedb30e3 100644
--- a/library/psa_crypto_driver_wrappers.c
+++ b/library/psa_crypto_driver_wrappers.c
@@ -1311,7 +1311,7 @@ psa_status_t psa_driver_wrapper_aead_encrypt_setup(
 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
 #if defined(PSA_CRYPTO_DRIVER_TEST)
             status = PSA_ERROR_NOT_SUPPORTED;
-            status = test_transparent_aead_encrypt_setup(
+            status = mbedtls_test_transparent_aead_encrypt_setup(
                         operation, attributes,
                         key_buffer, key_buffer_size,
                         alg );
@@ -1361,7 +1361,7 @@ psa_status_t psa_driver_wrapper_aead_decrypt_setup(
 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
 #if defined(PSA_CRYPTO_DRIVER_TEST)
             status = PSA_ERROR_NOT_SUPPORTED;
-            status = test_transparent_aead_decrypt_setup(
+            status = mbedtls_test_transparent_aead_decrypt_setup(
                         operation, attributes,
                         key_buffer, key_buffer_size,
                         alg );
@@ -1401,14 +1401,15 @@ psa_status_t psa_driver_wrapper_aead_set_nonce(
     {
 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
         case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
-            return( mbedtls_psa_aead_set_nonce( operation, nonce, nonce_length ) );
+            return( mbedtls_psa_aead_set_nonce( operation, nonce,
+                                                nonce_length ) );
 
 #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
 
 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
 #if defined(PSA_CRYPTO_DRIVER_TEST)
         case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
-            return( test_transparent_aead_set_nonce(
+            return( mbedtls_test_transparent_aead_set_nonce(
                         operation, nonce, nonce_length ) );
 
         /* Add cases for opaque driver here */
@@ -1432,14 +1433,15 @@ psa_status_t psa_driver_wrapper_aead_set_lengths(
     {
 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
         case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
-            return( mbedtls_psa_aead_set_lengths( operation, ad_length, plaintext_length ) );
+            return( mbedtls_psa_aead_set_lengths( operation, ad_length,
+                                                  plaintext_length ) );
 
 #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
 
 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
 #if defined(PSA_CRYPTO_DRIVER_TEST)
         case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
-            return( test_transparent_aead_set_lengths(
+            return( mbedtls_test_transparent_aead_set_lengths(
                         operation, ad_length, plaintext_length ) );
 
         /* Add cases for opaque driver here */
@@ -1463,14 +1465,15 @@ psa_status_t psa_driver_wrapper_aead_update_ad(
     {
 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
         case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
-            return( mbedtls_psa_aead_update_ad( operation, input, input_length ) );
+            return( mbedtls_psa_aead_update_ad( operation, input,
+                                                input_length ) );
 
 #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
 
 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
 #if defined(PSA_CRYPTO_DRIVER_TEST)
         case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
-            return( test_transparent_aead_update_ad(
+            return( mbedtls_test_transparent_aead_update_ad(
                         operation, input, input_length ) );
 
         /* Add cases for opaque driver here */
@@ -1497,15 +1500,16 @@ psa_status_t psa_driver_wrapper_aead_update(
     {
 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
         case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
-            return( mbedtls_psa_aead_update( operation, input, input_length, output,
-                                             output_size, output_length ) );
+            return( mbedtls_psa_aead_update( operation, input, input_length,
+                                             output, output_size,
+                                             output_length ) );
 
 #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
 
 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
 #if defined(PSA_CRYPTO_DRIVER_TEST)
         case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
-            return( test_transparent_aead_update(
+            return( mbedtls_test_transparent_aead_update(
                         operation, input, input_length, output, output_size,
                         output_length ) );
 
@@ -1537,15 +1541,17 @@ psa_status_t psa_driver_wrapper_aead_finish(
     {
 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
         case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
-            return( mbedtls_psa_aead_finish( operation, ciphertext, ciphertext_size,
-                                             ciphertext_length, tag, tag_size, tag_length ) );
+            return( mbedtls_psa_aead_finish( operation, ciphertext,
+                                             ciphertext_size,
+                                             ciphertext_length, tag,
+                                             tag_size, tag_length ) );
 
 #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
 
 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
 #if defined(PSA_CRYPTO_DRIVER_TEST)
         case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
-            return( test_transparent_aead_finish(
+            return( mbedtls_test_transparent_aead_finish(
                         operation, ciphertext, ciphertext_size,
                         ciphertext_length, tag, tag_size, tag_length ) );
 
@@ -1577,15 +1583,16 @@ psa_status_t psa_driver_wrapper_aead_verify(
     {
 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
         case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
-            return( mbedtls_psa_aead_verify( operation, plaintext, plaintext_size,
-                                             plaintext_length, tag, tag_length ) );
+            return( mbedtls_psa_aead_verify( operation, plaintext,
+                                             plaintext_size, plaintext_length,
+                                             tag, tag_length ) );
 
 #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
 
 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
 #if defined(PSA_CRYPTO_DRIVER_TEST)
         case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
-            return( test_transparent_aead_verify(
+            return( mbedtls_test_transparent_aead_verify(
                         operation, plaintext, plaintext_size,
                         plaintext_length, tag, tag_length ) );
 
@@ -1618,7 +1625,7 @@ psa_status_t psa_driver_wrapper_aead_abort(
 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
 #if defined(PSA_CRYPTO_DRIVER_TEST)
         case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
-            return( test_transparent_aead_abort( operation ) );
+            return( mbedtls_test_transparent_aead_abort( operation ) );
 
         /* Add cases for opaque driver here */
 
diff --git a/tests/include/test/drivers/aead.h b/tests/include/test/drivers/aead.h
index 23f32c0a88..e1058af8b1 100644
--- a/tests/include/test/drivers/aead.h
+++ b/tests/include/test/drivers/aead.h
@@ -67,34 +67,34 @@ psa_status_t mbedtls_test_transparent_aead_decrypt(
     const uint8_t *ciphertext, size_t ciphertext_length,
     uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length );
 
-psa_status_t test_transparent_aead_encrypt_setup(
+psa_status_t mbedtls_test_transparent_aead_encrypt_setup(
     psa_aead_operation_t *operation,
     const psa_key_attributes_t *attributes,
     const uint8_t *key_buffer, size_t key_buffer_size,
     psa_algorithm_t alg );
 
-psa_status_t test_transparent_aead_decrypt_setup(
+psa_status_t mbedtls_test_transparent_aead_decrypt_setup(
     psa_aead_operation_t *operation,
     const psa_key_attributes_t *attributes,
     const uint8_t *key_buffer, size_t key_buffer_size,
     psa_algorithm_t alg );
 
-psa_status_t test_transparent_aead_set_nonce(
+psa_status_t mbedtls_test_transparent_aead_set_nonce(
     psa_aead_operation_t *operation,
     const uint8_t *nonce,
     size_t nonce_length );
 
-psa_status_t test_transparent_aead_set_lengths(
+psa_status_t mbedtls_test_transparent_aead_set_lengths(
     psa_aead_operation_t *operation,
     size_t ad_length,
     size_t plaintext_length );
 
-psa_status_t test_transparent_aead_update_ad(
+psa_status_t mbedtls_test_transparent_aead_update_ad(
     psa_aead_operation_t *operation,
     const uint8_t *input,
     size_t input_length );
 
-psa_status_t test_transparent_aead_update(
+psa_status_t mbedtls_test_transparent_aead_update(
    psa_aead_operation_t *operation,
    const uint8_t *input,
    size_t input_length,
@@ -102,7 +102,7 @@ psa_status_t test_transparent_aead_update(
    size_t output_size,
    size_t *output_length );
 
-psa_status_t test_transparent_aead_finish(
+psa_status_t mbedtls_test_transparent_aead_finish(
    psa_aead_operation_t *operation,
    uint8_t *ciphertext,
    size_t ciphertext_size,
@@ -111,7 +111,7 @@ psa_status_t test_transparent_aead_finish(
    size_t tag_size,
    size_t *tag_length );
 
-psa_status_t test_transparent_aead_verify(
+psa_status_t mbedtls_test_transparent_aead_verify(
    psa_aead_operation_t *operation,
    uint8_t *plaintext,
    size_t plaintext_size,
@@ -119,7 +119,7 @@ psa_status_t test_transparent_aead_verify(
    const uint8_t *tag,
    size_t tag_length );
 
-psa_status_t test_transparent_aead_abort(
+psa_status_t mbedtls_test_transparent_aead_abort(
    psa_aead_operation_t *operation );
 
 #endif /* PSA_CRYPTO_DRIVER_TEST */
diff --git a/tests/src/drivers/test_driver_aead.c b/tests/src/drivers/test_driver_aead.c
index 67118efcbe..34bbc51ab2 100644
--- a/tests/src/drivers/test_driver_aead.c
+++ b/tests/src/drivers/test_driver_aead.c
@@ -93,116 +93,117 @@ psa_status_t mbedtls_test_transparent_aead_decrypt(
     return( mbedtls_test_driver_aead_hooks.driver_status );
 }
 
-psa_status_t test_transparent_aead_encrypt_setup(
+psa_status_t mbedtls_test_transparent_aead_encrypt_setup(
     psa_aead_operation_t *operation,
     const psa_key_attributes_t *attributes,
     const uint8_t *key_buffer, size_t key_buffer_size,
     psa_algorithm_t alg )
 {
-    test_driver_aead_hooks.hits++;
+    mbedtls_test_driver_aead_hooks.hits++;
 
-    if( test_driver_aead_hooks.forced_status != PSA_SUCCESS )
+    if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS )
     {
-         test_driver_aead_hooks.driver_status =
-             test_driver_aead_hooks.forced_status;
+         mbedtls_test_driver_aead_hooks.driver_status =
+             mbedtls_test_driver_aead_hooks.forced_status;
     }
     else
     {
-        test_driver_aead_hooks.driver_status =
+        mbedtls_test_driver_aead_hooks.driver_status =
             mbedtls_psa_aead_encrypt_setup( operation, attributes, key_buffer,
                                             key_buffer_size, alg );
     }
 
-    return( test_driver_aead_hooks.driver_status );
+    return( mbedtls_test_driver_aead_hooks.driver_status );
 }
 
-psa_status_t test_transparent_aead_decrypt_setup(
+psa_status_t mbedtls_test_transparent_aead_decrypt_setup(
     psa_aead_operation_t *operation,
     const psa_key_attributes_t *attributes,
     const uint8_t *key_buffer, size_t key_buffer_size,
     psa_algorithm_t alg )
 {
-    test_driver_aead_hooks.hits++;
+    mbedtls_test_driver_aead_hooks.hits++;
 
-    if( test_driver_aead_hooks.forced_status != PSA_SUCCESS )
+    if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS )
     {
-         test_driver_aead_hooks.driver_status =
-             test_driver_aead_hooks.forced_status;
+         mbedtls_test_driver_aead_hooks.driver_status =
+             mbedtls_test_driver_aead_hooks.forced_status;
     }
     else
     {
-        test_driver_aead_hooks.driver_status =
+        mbedtls_test_driver_aead_hooks.driver_status =
             mbedtls_psa_aead_decrypt_setup( operation, attributes, key_buffer,
                                             key_buffer_size, alg );
     }
 
-    return( test_driver_aead_hooks.driver_status );
+    return( mbedtls_test_driver_aead_hooks.driver_status );
 }
 
-psa_status_t test_transparent_aead_set_nonce(
+psa_status_t mbedtls_test_transparent_aead_set_nonce(
     psa_aead_operation_t *operation,
     const uint8_t *nonce,
     size_t nonce_length )
 {
-    test_driver_aead_hooks.hits++;
+    mbedtls_test_driver_aead_hooks.hits++;
 
-    if( test_driver_aead_hooks.forced_status != PSA_SUCCESS )
+    if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS )
     {
-         test_driver_aead_hooks.driver_status =
-             test_driver_aead_hooks.forced_status;
+         mbedtls_test_driver_aead_hooks.driver_status =
+             mbedtls_test_driver_aead_hooks.forced_status;
     }
     else
     {
-        test_driver_aead_hooks.driver_status =
+        mbedtls_test_driver_aead_hooks.driver_status =
             mbedtls_psa_aead_set_nonce( operation, nonce, nonce_length );
     }
 
-    return( test_driver_aead_hooks.driver_status );
+    return( mbedtls_test_driver_aead_hooks.driver_status );
 }
 
-psa_status_t test_transparent_aead_set_lengths(
+psa_status_t mbedtls_test_transparent_aead_set_lengths(
     psa_aead_operation_t *operation,
     size_t ad_length,
     size_t plaintext_length )
 {
-    test_driver_aead_hooks.hits++;
+    mbedtls_test_driver_aead_hooks.hits++;
 
-    if( test_driver_aead_hooks.forced_status != PSA_SUCCESS )
+    if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS )
     {
-         test_driver_aead_hooks.driver_status =
-             test_driver_aead_hooks.forced_status;
+         mbedtls_test_driver_aead_hooks.driver_status =
+             mbedtls_test_driver_aead_hooks.forced_status;
     }
     else
     {
-        test_driver_aead_hooks.driver_status =
-            mbedtls_psa_aead_set_lengths( operation, ad_length, plaintext_length );
+        mbedtls_test_driver_aead_hooks.driver_status =
+            mbedtls_psa_aead_set_lengths( operation, ad_length,
+                                          plaintext_length );
     }
 
-    return( test_driver_aead_hooks.driver_status );
+    return( mbedtls_test_driver_aead_hooks.driver_status );
 }
 
-psa_status_t test_transparent_aead_update_ad(
+psa_status_t mbedtls_test_transparent_aead_update_ad(
     psa_aead_operation_t *operation,
     const uint8_t *input,
     size_t input_length )
 {
-    test_driver_aead_hooks.hits++;
+    mbedtls_test_driver_aead_hooks.hits++;
 
-    if( test_driver_aead_hooks.forced_status != PSA_SUCCESS )
+    if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS )
     {
-         test_driver_aead_hooks.driver_status =
-             test_driver_aead_hooks.forced_status;
+         mbedtls_test_driver_aead_hooks.driver_status =
+             mbedtls_test_driver_aead_hooks.forced_status;
     }
     else
     {
-        test_driver_aead_hooks.driver_status =
+        mbedtls_test_driver_aead_hooks.driver_status =
             mbedtls_psa_aead_update_ad( operation, input, input_length );
     }
 
-    return( test_driver_aead_hooks.driver_status );
+    return( mbedtls_test_driver_aead_hooks.driver_status );
 }
 
-psa_status_t test_transparent_aead_update(
+psa_status_t mbedtls_test_transparent_aead_update(
    psa_aead_operation_t *operation,
    const uint8_t *input,
    size_t input_length,
@@ -210,24 +211,24 @@ psa_status_t test_transparent_aead_update(
    size_t output_size,
    size_t *output_length )
 {
-    test_driver_aead_hooks.hits++;
+    mbedtls_test_driver_aead_hooks.hits++;
 
-    if( test_driver_aead_hooks.forced_status != PSA_SUCCESS )
+    if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS )
     {
-         test_driver_aead_hooks.driver_status =
-             test_driver_aead_hooks.forced_status;
+         mbedtls_test_driver_aead_hooks.driver_status =
+             mbedtls_test_driver_aead_hooks.forced_status;
     }
     else
     {
-        test_driver_aead_hooks.driver_status =
+        mbedtls_test_driver_aead_hooks.driver_status =
             mbedtls_psa_aead_update( operation, input, input_length, output,
                                     output_size, output_length );
     }
 
-    return( test_driver_aead_hooks.driver_status );
+    return( mbedtls_test_driver_aead_hooks.driver_status );
 }
 
-psa_status_t test_transparent_aead_finish(
+psa_status_t mbedtls_test_transparent_aead_finish(
    psa_aead_operation_t *operation,
    uint8_t *ciphertext,
    size_t ciphertext_size,
@@ -236,24 +237,25 @@ psa_status_t test_transparent_aead_finish(
    size_t tag_size,
    size_t *tag_length )
 {
-   test_driver_aead_hooks.hits++;
+   mbedtls_test_driver_aead_hooks.hits++;
 
-    if( test_driver_aead_hooks.forced_status != PSA_SUCCESS )
+    if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS )
     {
-         test_driver_aead_hooks.driver_status =
-             test_driver_aead_hooks.forced_status;
+         mbedtls_test_driver_aead_hooks.driver_status =
+             mbedtls_test_driver_aead_hooks.forced_status;
     }
     else
     {
-        test_driver_aead_hooks.driver_status =
+        mbedtls_test_driver_aead_hooks.driver_status =
             mbedtls_psa_aead_finish( operation, ciphertext, ciphertext_size,
-                                     ciphertext_length, tag, tag_size, tag_length );
+                                     ciphertext_length, tag, tag_size,
+                                     tag_length );
     }
 
-    return( test_driver_aead_hooks.driver_status );
+    return( mbedtls_test_driver_aead_hooks.driver_status );
 }
 
-psa_status_t test_transparent_aead_verify(
+psa_status_t mbedtls_test_transparent_aead_verify(
    psa_aead_operation_t *operation,
    uint8_t *plaintext,
    size_t plaintext_size,
@@ -261,40 +263,40 @@ psa_status_t test_transparent_aead_verify(
    const uint8_t *tag,
    size_t tag_length )
 {
-   test_driver_aead_hooks.hits++;
+   mbedtls_test_driver_aead_hooks.hits++;
 
-    if( test_driver_aead_hooks.forced_status != PSA_SUCCESS )
+    if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS )
     {
-         test_driver_aead_hooks.driver_status =
-             test_driver_aead_hooks.forced_status;
+         mbedtls_test_driver_aead_hooks.driver_status =
+             mbedtls_test_driver_aead_hooks.forced_status;
     }
     else
     {
-        test_driver_aead_hooks.driver_status =
+        mbedtls_test_driver_aead_hooks.driver_status =
             mbedtls_psa_aead_verify( operation, plaintext, plaintext_size,
                                     plaintext_length, tag, tag_length );
     }
 
-    return( test_driver_aead_hooks.driver_status );
+    return( mbedtls_test_driver_aead_hooks.driver_status );
 }
 
-psa_status_t test_transparent_aead_abort(
+psa_status_t mbedtls_test_transparent_aead_abort(
    psa_aead_operation_t *operation )
 {
-   test_driver_aead_hooks.hits++;
+   mbedtls_test_driver_aead_hooks.hits++;
 
-    if( test_driver_aead_hooks.forced_status != PSA_SUCCESS )
+    if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS )
     {
-         test_driver_aead_hooks.driver_status =
-             test_driver_aead_hooks.forced_status;
+         mbedtls_test_driver_aead_hooks.driver_status =
+             mbedtls_test_driver_aead_hooks.forced_status;
     }
     else
     {
-        test_driver_aead_hooks.driver_status =
+        mbedtls_test_driver_aead_hooks.driver_status =
             mbedtls_psa_aead_abort( operation );
     }
 
-    return( test_driver_aead_hooks.driver_status );
+    return( mbedtls_test_driver_aead_hooks.driver_status );
 }
 
 #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */

From 2df40057b3ce3682a4ca36a4bff4c5bd3088091c Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Fri, 7 May 2021 17:52:18 +0100
Subject: [PATCH 021/966] Fix excessive line lengths

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto.c                        |  30 ++--
 library/psa_crypto_aead.c                   | 147 +++++++++++--------
 tests/suites/test_suite_psa_crypto.function | 150 +++++++++++++-------
 3 files changed, 206 insertions(+), 121 deletions(-)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index a6d0cdb20e..4ab0c63b36 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3309,7 +3309,8 @@ psa_status_t psa_aead_generate_nonce( psa_aead_operation_t *operation,
         return( PSA_ERROR_BAD_STATE );
     }
 
-    required_nonce_size = PSA_AEAD_NONCE_LENGTH(operation->key_type, operation->alg);
+    required_nonce_size = PSA_AEAD_NONCE_LENGTH(operation->key_type,
+                                                operation->alg);
 
     if( nonce_size == 0 || nonce_size < required_nonce_size )
     {
@@ -3323,7 +3324,8 @@ psa_status_t psa_aead_generate_nonce( psa_aead_operation_t *operation,
         return status;
     }
 
-    status = psa_driver_wrapper_aead_set_nonce( operation, nonce, required_nonce_size );
+    status = psa_driver_wrapper_aead_set_nonce( operation, nonce,
+                                                required_nonce_size );
 
     if( status == PSA_SUCCESS )
     {
@@ -3345,7 +3347,8 @@ psa_status_t psa_aead_set_nonce( psa_aead_operation_t *operation,
         return( PSA_ERROR_BAD_STATE );
     }
 
-    return( psa_driver_wrapper_aead_set_nonce( operation, nonce, nonce_length ) );
+    return( psa_driver_wrapper_aead_set_nonce( operation, nonce,
+                                               nonce_length ) );
 }
 
 /* Declare the lengths of the message and additional data for multipart AEAD. */
@@ -3358,7 +3361,8 @@ psa_status_t psa_aead_set_lengths( psa_aead_operation_t *operation,
         return( PSA_ERROR_BAD_STATE );
     }
 
-    return( psa_driver_wrapper_aead_set_lengths( operation, ad_length, plaintext_length ) );
+    return( psa_driver_wrapper_aead_set_lengths( operation, ad_length,
+                                                 plaintext_length ) );
 }
  /* Pass additional data to an active multipart AEAD operation. */
 psa_status_t psa_aead_update_ad( psa_aead_operation_t *operation,
@@ -3370,7 +3374,8 @@ psa_status_t psa_aead_update_ad( psa_aead_operation_t *operation,
         return( PSA_ERROR_BAD_STATE );
     }
 
-    return( psa_driver_wrapper_aead_update_ad( operation, input, input_length ) );
+    return( psa_driver_wrapper_aead_update_ad( operation, input,
+                                               input_length ) );
 }
 
 /* Encrypt or decrypt a message fragment in an active multipart AEAD
@@ -3390,7 +3395,8 @@ psa_status_t psa_aead_update( psa_aead_operation_t *operation,
         return( PSA_ERROR_BAD_STATE );
     }
 
-    return( psa_driver_wrapper_aead_update( operation, input, input_length, output, output_size,
+    return( psa_driver_wrapper_aead_update( operation, input, input_length,
+                                            output, output_size,
                                             output_length ) );
 }
 
@@ -3412,8 +3418,10 @@ psa_status_t psa_aead_finish( psa_aead_operation_t *operation,
         return( PSA_ERROR_BAD_STATE );
     }
 
-    return( psa_driver_wrapper_aead_finish( operation, ciphertext, ciphertext_size,
-                                            ciphertext_length, tag, tag_size, tag_length ) );
+    return( psa_driver_wrapper_aead_finish( operation, ciphertext,
+                                            ciphertext_size,
+                                            ciphertext_length,
+                                            tag, tag_size, tag_length ) );
 }
 
 /* Finish authenticating and decrypting a message in a multipart AEAD
@@ -3433,8 +3441,10 @@ psa_status_t psa_aead_verify( psa_aead_operation_t *operation,
         return( PSA_ERROR_BAD_STATE );
     }
 
-    return( psa_driver_wrapper_aead_verify( operation, plaintext, plaintext_size, plaintext_length,
-                                             tag, tag_length ) );
+    return( psa_driver_wrapper_aead_verify( operation, plaintext,
+                                            plaintext_size,
+                                            plaintext_length,
+                                            tag, tag_length ) );
 }
 
 /* Abort an AEAD operation. */
diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c
index bfa271b5a1..f5b4dc512f 100644
--- a/library/psa_crypto_aead.c
+++ b/library/psa_crypto_aead.c
@@ -355,8 +355,10 @@ exit:
 /* Set the key and algorithm for a multipart authenticated encryption
  * operation. */
 psa_status_t mbedtls_psa_aead_encrypt_setup( psa_aead_operation_t *operation,
-                                             const psa_key_attributes_t *attributes,
-                                             const uint8_t *key_buffer, size_t key_buffer_size,
+                                             const psa_key_attributes_t
+                                                                    *attributes,
+                                             const uint8_t *key_buffer,
+                                             size_t key_buffer_size,
                                              psa_algorithm_t alg )
 {
     psa_status_t status;
@@ -376,8 +378,10 @@ psa_status_t mbedtls_psa_aead_encrypt_setup( psa_aead_operation_t *operation,
 /* Set the key and algorithm for a multipart authenticated decryption
  * operation. */
 psa_status_t mbedtls_psa_aead_decrypt_setup( psa_aead_operation_t *operation,
-                                             const psa_key_attributes_t *attributes,
-                                             const uint8_t *key_buffer, size_t key_buffer_size,
+                                             const psa_key_attributes_t
+                                                                    *attributes,
+                                             const uint8_t *key_buffer,
+                                             size_t key_buffer_size,
                                              psa_algorithm_t alg )
 {
     psa_status_t status;
@@ -434,11 +438,12 @@ psa_status_t mbedtls_psa_aead_set_nonce( psa_aead_operation_t *operation,
             return( PSA_ERROR_INVALID_ARGUMENT );
         }
 
-        status = mbedtls_to_psa_error(mbedtls_chachapoly_starts( &operation->ctx.chachapoly,
-                                                                 nonce,
-                                                                 operation->is_encrypt ?
-                                                                 MBEDTLS_CHACHAPOLY_ENCRYPT :
-                                                                 MBEDTLS_CHACHAPOLY_DECRYPT ) );
+        status = mbedtls_to_psa_error(
+           mbedtls_chachapoly_starts( &operation->ctx.chachapoly,
+                                      nonce,
+                                      operation->is_encrypt ?
+                                      MBEDTLS_CHACHAPOLY_ENCRYPT :
+                                      MBEDTLS_CHACHAPOLY_DECRYPT ) );
         }
     else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
@@ -540,13 +545,14 @@ psa_status_t mbedtls_psa_aead_update_ad( psa_aead_operation_t *operation,
             return ( PSA_ERROR_INVALID_ARGUMENT );
         }
 
-        status = mbedtls_to_psa_error( mbedtls_gcm_starts( &operation->ctx.gcm,
-                                                          operation->is_encrypt ?
-                                                           MBEDTLS_GCM_ENCRYPT : MBEDTLS_GCM_DECRYPT,
-                                                          operation->nonce,
-                                                          operation->nonce_length,
-                                                          input,
-                                                          input_length ) );
+        status = mbedtls_to_psa_error(
+           mbedtls_gcm_starts( &operation->ctx.gcm,
+                               operation->is_encrypt ?
+                               MBEDTLS_GCM_ENCRYPT : MBEDTLS_GCM_DECRYPT,
+                               operation->nonce,
+                               operation->nonce_length,
+                               input,
+                               input_length ) );
 
     }
     else
@@ -581,9 +587,10 @@ psa_status_t mbedtls_psa_aead_update_ad( psa_aead_operation_t *operation,
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
     if( operation->alg == PSA_ALG_CHACHA20_POLY1305 )
     {
-        status = mbedtls_to_psa_error( mbedtls_chachapoly_update_aad( &operation->ctx.chachapoly,
-                                                                      input,
-                                                                      input_length ) );
+        status = mbedtls_to_psa_error(
+           mbedtls_chachapoly_update_aad( &operation->ctx.chachapoly,
+                                          input,
+                                          input_length ) );
     }
     else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
@@ -676,7 +683,8 @@ psa_status_t mbedtls_psa_aead_update( psa_aead_operation_t *operation,
         }
 
         /* Need to store tag for Finish() / Verify() */
-        operation->tag_buffer = ( uint8_t * ) mbedtls_calloc(1, operation->tag_length );
+        operation->tag_buffer =
+            ( uint8_t * ) mbedtls_calloc(1, operation->tag_length );
 
         if( operation->tag_buffer )
         {
@@ -685,16 +693,17 @@ psa_status_t mbedtls_psa_aead_update( psa_aead_operation_t *operation,
             {
                 /* Perform oneshot CCM encryption with additional data already
                    stored, as CCM does not support multipart yet.*/
-                status = mbedtls_to_psa_error( mbedtls_ccm_encrypt_and_tag( &operation->ctx.ccm,
-                                                                            input_length,
-                                                                            operation->nonce,
-                                                                            operation->nonce_length,
-                                                                            operation->ad_buffer,
-                                                                            operation->ad_length,
-                                                                            input,
-                                                                            output,
-                                                                            operation->tag_buffer,
-                                                                            operation->tag_length ) );
+                status = mbedtls_to_psa_error(
+                   mbedtls_ccm_encrypt_and_tag( &operation->ctx.ccm,
+                                                input_length,
+                                                operation->nonce,
+                                                operation->nonce_length,
+                                                operation->ad_buffer,
+                                                operation->ad_length,
+                                                input,
+                                                output,
+                                                operation->tag_buffer,
+                                                operation->tag_length ) );
 
                 /* Even if the above operation fails, we no longer need the
                    additional data.*/
@@ -706,18 +715,22 @@ psa_status_t mbedtls_psa_aead_update( psa_aead_operation_t *operation,
             {
                 /* Need to back up the body data so we can do this again
                    later.*/
-                operation->body_buffer = ( uint8_t * ) mbedtls_calloc(1, input_length );
+                operation->body_buffer =
+                    ( uint8_t * ) mbedtls_calloc(1, input_length );
 
                 if( operation->body_buffer )
                 {
                     memcpy( operation->body_buffer, input, input_length );
                     operation->body_length = input_length;
 
-                    /* this will fail, as the tag is clearly false, but will write the
-                       decrypted data to the output buffer. */
-                    ret = mbedtls_ccm_auth_decrypt( &operation->ctx.ccm, input_length,
-                                                    operation->nonce, operation->nonce_length,
-                                                    operation->ad_buffer, operation->ad_length,
+                    /* this will fail, as the tag is clearly false, but will
+                       write the decrypted data to the output buffer.*/
+                    ret = mbedtls_ccm_auth_decrypt( &operation->ctx.ccm,
+                                                    input_length,
+                                                    operation->nonce,
+                                                    operation->nonce_length,
+                                                    operation->ad_buffer,
+                                                    operation->ad_length,
                                                     input, output,
                                                     operation->tag_buffer,
                                                     operation->tag_length );
@@ -747,10 +760,11 @@ psa_status_t mbedtls_psa_aead_update( psa_aead_operation_t *operation,
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
     if( operation->alg == PSA_ALG_CHACHA20_POLY1305 )
     {
-        status = mbedtls_to_psa_error( mbedtls_chachapoly_update( &operation->ctx.chachapoly,
-                                                                  input_length,
-                                                                  input,
-                                                                  output ) );
+        status = mbedtls_to_psa_error(
+           mbedtls_chachapoly_update( &operation->ctx.chachapoly,
+                                      input_length,
+                                      input,
+                                      output ) );
     }
     else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
@@ -772,7 +786,8 @@ psa_status_t mbedtls_psa_aead_update( psa_aead_operation_t *operation,
 
 /* Common checks for both mbedtls_psa_aead_finish() and
    mbedtls_psa_aead_verify() */
-static psa_status_t mbedtls_psa_aead_finish_checks( psa_aead_operation_t *operation,
+static psa_status_t mbedtls_psa_aead_finish_checks( psa_aead_operation_t
+                                                                    *operation,
                                                     size_t output_size,
                                                     size_t tag_size )
 {
@@ -793,13 +808,15 @@ static psa_status_t mbedtls_psa_aead_finish_checks( psa_aead_operation_t *operat
 
     if( operation->is_encrypt )
     {
-            finish_output_size = PSA_AEAD_FINISH_OUTPUT_SIZE( operation->key_type,
-                                                              operation->alg );
+            finish_output_size =
+                PSA_AEAD_FINISH_OUTPUT_SIZE( operation->key_type,
+                                             operation->alg );
     }
     else
     {
-            finish_output_size = PSA_AEAD_VERIFY_OUTPUT_SIZE( operation->key_type,
-                                                               operation->alg );
+            finish_output_size =
+                PSA_AEAD_VERIFY_OUTPUT_SIZE( operation->key_type,
+                                             operation->alg );
     }
 
     if( output_size < finish_output_size )
@@ -822,7 +839,8 @@ psa_status_t mbedtls_psa_aead_finish( psa_aead_operation_t *operation,
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     size_t finish_output_size = 0;
 
-    status = mbedtls_psa_aead_finish_checks( operation, ciphertext_size, tag_size );
+    status = mbedtls_psa_aead_finish_checks( operation, ciphertext_size,
+                                             tag_size );
 
     if( status != PSA_SUCCESS )
     {
@@ -855,8 +873,9 @@ psa_status_t mbedtls_psa_aead_finish( psa_aead_operation_t *operation,
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
     if( operation->alg == PSA_ALG_CHACHA20_POLY1305 )
     {
-        status = mbedtls_to_psa_error( mbedtls_chachapoly_finish( &operation->ctx.chachapoly,
-                                                                  tag ) );
+        status = mbedtls_to_psa_error(
+           mbedtls_chachapoly_finish( &operation->ctx.chachapoly,
+                                      tag ) );
     }
     else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
@@ -902,7 +921,8 @@ psa_status_t mbedtls_psa_aead_verify( psa_aead_operation_t *operation,
     int do_tag_check = 1;
     uint8_t check_tag[16];
 
-    status = mbedtls_psa_aead_finish_checks( operation, plaintext_size, tag_length );
+    status = mbedtls_psa_aead_finish_checks( operation, plaintext_size,
+                                             tag_length );
 
     if( status != PSA_SUCCESS )
     {
@@ -913,9 +933,10 @@ psa_status_t mbedtls_psa_aead_verify( psa_aead_operation_t *operation,
     if( operation->alg == PSA_ALG_GCM )
     {
         /* Call finish to get the tag for comparison */
-        status =  mbedtls_to_psa_error( mbedtls_gcm_finish( &operation->ctx.gcm,
-                                                            check_tag,
-                                                            operation->tag_length ) );
+        status =  mbedtls_to_psa_error(
+           mbedtls_gcm_finish( &operation->ctx.gcm,
+                               check_tag,
+                               operation->tag_length ) );
     }
     else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
@@ -931,17 +952,22 @@ psa_status_t mbedtls_psa_aead_verify( psa_aead_operation_t *operation,
          * only way to get the tag, but this time throw away the
            results, as verify cannot write that much data. */
         temp_buffer_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( operation->key_type,
-                                                        operation->alg, operation->body_length );
+                                                        operation->alg,
+                                                        operation->body_length
+                                                        );
 
         temp_buffer = ( uint8_t * ) mbedtls_calloc(1, temp_buffer_size );
 
         if( temp_buffer )
         {
-            ret = mbedtls_ccm_auth_decrypt( &operation->ctx.ccm, operation->body_length,
-                                           operation->nonce, operation->nonce_length,
-                                           operation->ad_buffer, operation->ad_length,
-                                           operation->body_buffer, temp_buffer,
-                                           tag, tag_length );
+            ret = mbedtls_ccm_auth_decrypt( &operation->ctx.ccm,
+                                            operation->body_length,
+                                            operation->nonce,
+                                            operation->nonce_length,
+                                            operation->ad_buffer,
+                                            operation->ad_length,
+                                            operation->body_buffer,
+                                            temp_buffer, tag, tag_length );
 
             if( ret == MBEDTLS_ERR_CCM_AUTH_FAILED )
             {
@@ -974,8 +1000,9 @@ psa_status_t mbedtls_psa_aead_verify( psa_aead_operation_t *operation,
     if( operation->alg == PSA_ALG_CHACHA20_POLY1305 )
     {
         // call finish to get the tag for comparison.
-        status = mbedtls_to_psa_error( mbedtls_chachapoly_finish( &operation->ctx.chachapoly,
-                                                                  check_tag ) );
+        status = mbedtls_to_psa_error(
+           mbedtls_chachapoly_finish( &operation->ctx.chachapoly,
+                                      check_tag ) );
 
     }
     else
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 6ae5030ee1..04d947f375 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -3201,7 +3201,8 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data,
     TEST_ASSERT( tag_length <= 16 );
 
     output_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg,
-                                               ( input_data->len + tag_length ) );
+                                               ( input_data->len +
+                                                 tag_length ) );
 
     ASSERT_ALLOC( output_data, output_size );
 
@@ -3224,8 +3225,9 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data,
 
     if( nonce->len == 0 )
     {
-        PSA_ASSERT( psa_aead_generate_nonce( &operation, nonce_buffer, sizeof( nonce_buffer ),
-                                            &nonce_length ) );
+        PSA_ASSERT( psa_aead_generate_nonce( &operation, nonce_buffer,
+                                             sizeof( nonce_buffer ),
+                                             &nonce_length ) );
     }
     else
     {
@@ -3236,7 +3238,8 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data,
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
     if( operation.alg == PSA_ALG_GCM )
     {
-        PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len, input_data->len ) );
+        PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len,
+                                          input_data->len ) );
     }
 #endif
 
@@ -3256,7 +3259,8 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data,
                 part_length = ad_part_len;
             }
 
-            PSA_ASSERT( psa_aead_update_ad(&operation, additional_data->x + part_offset,
+            PSA_ASSERT( psa_aead_update_ad( &operation,
+                                            additional_data->x + part_offset,
                                             part_length ) );
 
             part_offset += part_length;
@@ -3265,13 +3269,15 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data,
     else
     {
         /* Pass additional data in one go. */
-        PSA_ASSERT( psa_aead_update_ad(&operation, additional_data->x, additional_data->len) );
+        PSA_ASSERT( psa_aead_update_ad(&operation, additional_data->x,
+                                       additional_data->len) );
     }
 
     if( data_part_len != -1 )
     {
         /* Pass data in parts */
-        part_data_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, ( size_t ) data_part_len );
+        part_data_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg,
+                                                     ( size_t ) data_part_len );
 
         ASSERT_ALLOC( part_data, part_data_size );
 
@@ -3288,13 +3294,16 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data,
                 part_length = data_part_len;
             }
 
-            PSA_ASSERT( psa_aead_update( &operation, ( input_data->x + part_offset ),
+            PSA_ASSERT( psa_aead_update( &operation,
+                                         ( input_data->x + part_offset ),
                                          part_length, part_data,
-                                         part_data_size, &output_part_length ) );
+                                         part_data_size,
+                                         &output_part_length ) );
 
             if( output_data && output_part_length )
             {
-                memcpy( ( output_data + part_offset ), part_data, output_part_length );
+                memcpy( ( output_data + part_offset ), part_data,
+                        output_part_length );
             }
 
             part_offset += part_length;
@@ -3317,7 +3326,8 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data,
 
     if( output_data && output_part_length )
     {
-        memcpy( ( output_data + output_length ), final_data, output_part_length );
+        memcpy( ( output_data + output_length ), final_data,
+                output_part_length );
     }
 
     TEST_EQUAL(tag_length, tag_size);
@@ -3334,7 +3344,8 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data,
     /* For all currently defined algorithms, PSA_AEAD_ENCRYPT_OUTPUT_SIZE
      * should be exact. */
     TEST_EQUAL( output_length,
-                PSA_AEAD_ENCRYPT_OUTPUT_SIZE( key_type, alg, input_data->len ) );
+                PSA_AEAD_ENCRYPT_OUTPUT_SIZE( key_type, alg,
+                                              input_data->len ) );
     TEST_ASSERT( output_length <=
                  PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE( input_data->len ) );
 
@@ -3389,7 +3400,8 @@ void aead_multipart_encrypt_decrypt( int key_type_arg, data_t *key_data,
 
     PSA_ASSERT( psa_crypto_init( ) );
 
-    psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
+    psa_set_key_usage_flags( &attributes,
+                             PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
     psa_set_key_algorithm( &attributes, alg );
     psa_set_key_type( &attributes, key_type );
 
@@ -3429,7 +3441,8 @@ void aead_multipart_encrypt_decrypt( int key_type_arg, data_t *key_data,
 
     if( nonce->len == 0 )
     {
-        status = psa_aead_generate_nonce( &operation, nonce_buffer, sizeof( nonce_buffer ),
+        status = psa_aead_generate_nonce( &operation, nonce_buffer,
+                                          sizeof( nonce_buffer ),
                                           &nonce_length );
     }
     else
@@ -3447,7 +3460,8 @@ void aead_multipart_encrypt_decrypt( int key_type_arg, data_t *key_data,
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
     if( operation.alg == PSA_ALG_GCM )
     {
-        status = psa_aead_set_lengths( &operation, additional_data->len, input_data->len );
+        status = psa_aead_set_lengths( &operation, additional_data->len,
+                                       input_data->len );
 
         if( status != PSA_SUCCESS )
         {
@@ -3472,7 +3486,8 @@ void aead_multipart_encrypt_decrypt( int key_type_arg, data_t *key_data,
                 part_length = ad_part_len;
             }
 
-            status = psa_aead_update_ad( &operation, additional_data->x + part_offset,
+            status = psa_aead_update_ad( &operation,
+                                         additional_data->x + part_offset,
                                          part_length );
 
             if( status != PSA_SUCCESS )
@@ -3486,7 +3501,8 @@ void aead_multipart_encrypt_decrypt( int key_type_arg, data_t *key_data,
     }
     else
     {
-        status = psa_aead_update_ad(&operation, additional_data->x, additional_data->len);
+        status = psa_aead_update_ad(&operation, additional_data->x,
+                                    additional_data->len);
 
         if( status != PSA_SUCCESS )
         {
@@ -3499,7 +3515,7 @@ void aead_multipart_encrypt_decrypt( int key_type_arg, data_t *key_data,
     {
         /* Pass data in parts */
         part_data_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg,
-                                                      ( size_t ) data_part_len );
+                                                     ( size_t ) data_part_len );
 
         ASSERT_ALLOC( part_data, part_data_size );
 
@@ -3516,7 +3532,8 @@ void aead_multipart_encrypt_decrypt( int key_type_arg, data_t *key_data,
                 part_length = data_part_len;
             }
 
-            status = psa_aead_update( &operation, ( input_data->x + part_offset ),
+            status = psa_aead_update( &operation,
+                                      ( input_data->x + part_offset ),
                                       part_length, part_data,
                                       part_data_size, &output_part_length );
 
@@ -3528,7 +3545,8 @@ void aead_multipart_encrypt_decrypt( int key_type_arg, data_t *key_data,
 
             if( output_data && output_part_length )
             {
-                memcpy( ( output_data + part_offset ), part_data, output_part_length );
+                memcpy( ( output_data + part_offset ), part_data,
+                        output_part_length );
             }
 
             part_offset += part_length;
@@ -3562,7 +3580,8 @@ void aead_multipart_encrypt_decrypt( int key_type_arg, data_t *key_data,
 
     if( output_data &&output_part_length )
     {
-        memcpy( ( output_data + output_length ), final_data, output_part_length );
+        memcpy( ( output_data + output_length ), final_data,
+                output_part_length );
     }
 
     output_length += output_part_length;
@@ -3571,23 +3590,27 @@ void aead_multipart_encrypt_decrypt( int key_type_arg, data_t *key_data,
      * should be exact. */
     if( expected_result != PSA_ERROR_INVALID_ARGUMENT )
         TEST_EQUAL( ( output_length + tag_length ),
-                    PSA_AEAD_ENCRYPT_OUTPUT_SIZE( key_type, alg, input_data->len ) );
+                    PSA_AEAD_ENCRYPT_OUTPUT_SIZE( key_type, alg,
+                                                  input_data->len ) );
 
     TEST_EQUAL(tag_length, tag_size);
 
     if( PSA_SUCCESS == expected_result )
     {
-        output_size2 = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, output_length );
+        output_size2 = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg,
+                                                    output_length );
         ASSERT_ALLOC( output_data2, output_size2 );
 
         /* For all currently defined algorithms, PSA_AEAD_DECRYPT_OUTPUT_SIZE
          * should be exact. */
         TEST_EQUAL( input_data->len,
                     PSA_AEAD_DECRYPT_OUTPUT_SIZE( key_type, alg,
-                                                  ( output_length  + tag_length ) ) );
+                                                  ( output_length +
+                                                    tag_length ) ) );
 
         TEST_ASSERT( input_data->len <=
-                     PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE( output_length + tag_length ) );
+                     PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE( output_length +
+                                                       tag_length ) );
 
         operation = psa_aead_operation_init();
 
@@ -3599,7 +3622,8 @@ void aead_multipart_encrypt_decrypt( int key_type_arg, data_t *key_data,
         if( status == PSA_ERROR_NOT_SUPPORTED )
         {
             MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 );
-            MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce->len );
+            MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg,
+                                                                nonce->len );
         }
 
         TEST_EQUAL( status, expected_result );
@@ -3607,7 +3631,8 @@ void aead_multipart_encrypt_decrypt( int key_type_arg, data_t *key_data,
         if( nonce->len == 0 )
         {
             /* Use previously generated nonce. */
-            status = psa_aead_set_nonce( &operation, nonce_buffer, nonce_length );
+            status = psa_aead_set_nonce( &operation, nonce_buffer,
+                                         nonce_length );
         }
         else
         {
@@ -3623,7 +3648,8 @@ void aead_multipart_encrypt_decrypt( int key_type_arg, data_t *key_data,
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
         if( operation.alg == PSA_ALG_GCM )
         {
-            status = psa_aead_set_lengths( &operation, additional_data->len, output_length );
+            status = psa_aead_set_lengths( &operation, additional_data->len,
+                                           output_length );
 
             if( status != PSA_SUCCESS )
             {
@@ -3638,7 +3664,8 @@ void aead_multipart_encrypt_decrypt( int key_type_arg, data_t *key_data,
 
             while( part_offset <= additional_data->len)
             {
-                if( additional_data->len - part_offset < ( uint32_t ) ad_part_len )
+                if( additional_data->len - part_offset <
+                    ( uint32_t ) ad_part_len )
                 {
                     part_length = additional_data->len - part_offset;
                 }
@@ -3647,7 +3674,9 @@ void aead_multipart_encrypt_decrypt( int key_type_arg, data_t *key_data,
                     part_length = ad_part_len;
                 }
 
-                PSA_ASSERT( psa_aead_update_ad(&operation, additional_data->x + part_offset,
+                PSA_ASSERT( psa_aead_update_ad( &operation,
+                                                additional_data->x +
+                                                part_offset,
                                                 part_length ) );
 
                 part_offset += part_length;
@@ -3655,13 +3684,15 @@ void aead_multipart_encrypt_decrypt( int key_type_arg, data_t *key_data,
         }
         else
         {
-            PSA_ASSERT( psa_aead_update_ad(&operation, additional_data->x, additional_data->len) );
+            PSA_ASSERT( psa_aead_update_ad(&operation, additional_data->x,
+                                           additional_data->len) );
         }
 
         if( data_part_len != -1 )
         {
             /* Pass data in parts */
-            part_data_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, ( size_t ) data_part_len );
+            part_data_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg,
+                                                     ( size_t ) data_part_len );
 
             ASSERT_ALLOC( part_data, part_data_size );
 
@@ -3669,22 +3700,27 @@ void aead_multipart_encrypt_decrypt( int key_type_arg, data_t *key_data,
 
             while( part_offset <= ( input_data->len - tag_length ) )
             {
-                if( ( input_data->len - tag_length - part_offset ) < ( uint32_t ) data_part_len )
+                if( ( input_data->len - tag_length - part_offset ) <
+                    ( uint32_t ) data_part_len )
                 {
-                    part_length = ( input_data->len - tag_length - part_offset );
+                    part_length =
+                        ( input_data->len - tag_length - part_offset );
                 }
                 else
                 {
                     part_length = data_part_len;
                 }
 
-                PSA_ASSERT( psa_aead_update( &operation, ( input_data->x + part_offset ),
+                PSA_ASSERT( psa_aead_update( &operation,
+                                             ( input_data->x + part_offset ),
                                              part_length, part_data,
-                                             part_data_size, &output_part_length ) );
+                                             part_data_size,
+                                             &output_part_length ) );
 
                 if( output_data2 && output_part_length )
                 {
-                    memcpy( ( output_data2 + part_offset ), part_data, output_part_length );
+                    memcpy( ( output_data2 + part_offset ),
+                            part_data, output_part_length );
                 }
 
                 part_offset += part_length;
@@ -3705,7 +3741,8 @@ void aead_multipart_encrypt_decrypt( int key_type_arg, data_t *key_data,
 
         if( output_data2 && output_part_length )
         {
-            memcpy( ( output_data2 + output_length2 ), final_data, output_part_length);
+            memcpy( ( output_data2 + output_length2 ), final_data,
+                    output_part_length);
         }
 
         output_length2 += output_part_length;
@@ -3772,7 +3809,8 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data,
     tag_length = PSA_AEAD_TAG_LENGTH( key_type, key_bits, alg );
 
     output_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg,
-                                               ( input_data->len - tag_length ) );
+                                               ( input_data->len -
+                                                 tag_length ) );
 
     ASSERT_ALLOC( output_data, output_size );
     ASSERT_ALLOC( final_data, PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE );
@@ -3798,7 +3836,8 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data,
 
     if( nonce->len == 0 )
     {
-        status = psa_aead_generate_nonce( &operation, nonce_buffer, sizeof( nonce_buffer ),
+        status = psa_aead_generate_nonce( &operation, nonce_buffer,
+                                          sizeof( nonce_buffer ),
                                           &nonce_length );
     }
     else
@@ -3842,7 +3881,8 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data,
                 part_length = ad_part_len;
             }
 
-            status = psa_aead_update_ad( &operation, additional_data->x + part_offset,
+            status = psa_aead_update_ad( &operation,
+                                         additional_data->x + part_offset,
                                          part_length );
 
             if( status != PSA_SUCCESS )
@@ -3856,7 +3896,8 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data,
     }
     else
     {
-        status = psa_aead_update_ad( &operation, additional_data->x, additional_data->len );
+        status = psa_aead_update_ad( &operation, additional_data->x,
+                                     additional_data->len );
 
         if( status != PSA_SUCCESS )
         {
@@ -3868,7 +3909,8 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data,
     if( data_part_len != -1 )
     {
         /* Pass data in parts */
-        part_data_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, ( size_t ) data_part_len );
+        part_data_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg,
+                                                     ( size_t ) data_part_len );
 
         ASSERT_ALLOC( part_data, part_data_size );
 
@@ -3876,7 +3918,8 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data,
 
         while( part_offset <= input_data->len)
         {
-            if( (input_data->len - tag_length - part_offset ) < ( uint32_t ) data_part_len )
+            if( (input_data->len - tag_length - part_offset ) <
+                ( uint32_t ) data_part_len )
             {
                 part_length = ( input_data->len - tag_length - part_offset );
             }
@@ -3885,9 +3928,10 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data,
                 part_length = data_part_len;
             }
 
-            status = psa_aead_update( &operation, ( input_data->x + part_offset ),
-                                         part_length, part_data,
-                                         part_data_size, &output_part_length );
+            status = psa_aead_update( &operation,
+                                      ( input_data->x + part_offset ),
+                                      part_length, part_data,
+                                      part_data_size, &output_part_length );
 
             if( status != PSA_SUCCESS )
             {
@@ -3897,7 +3941,8 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data,
 
             if( output_data && output_part_length )
             {
-                memcpy( ( output_data + part_offset ), part_data, output_part_length );
+                memcpy( ( output_data + part_offset ), part_data,
+                        output_part_length );
             }
 
             part_offset += part_length;
@@ -3920,7 +3965,8 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data,
     status = psa_aead_verify( &operation, final_data,
                                  PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE,
                                  &output_part_length,
-                                 ( input_data->x + input_data->len - tag_length ),
+                                 ( input_data->x + input_data->len -
+                                   tag_length ),
                                  tag_length );
 
     if( status != PSA_SUCCESS )
@@ -3931,7 +3977,8 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data,
 
     if( output_data && output_part_length )
     {
-        memcpy( ( output_data + output_length ), final_data, output_part_length );
+        memcpy( ( output_data + output_length ), final_data,
+                output_part_length );
     }
 
     output_length += output_part_length;
@@ -3941,7 +3988,8 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data,
         /* For all currently defined algorithms, PSA_AEAD_DECRYPT_OUTPUT_SIZE
          * should be exact. */
         TEST_EQUAL( output_length,
-                    PSA_AEAD_DECRYPT_OUTPUT_SIZE( key_type, alg, input_data->len ) );
+                    PSA_AEAD_DECRYPT_OUTPUT_SIZE( key_type, alg,
+                                                  input_data->len ) );
         TEST_ASSERT( output_length <=
                      PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE( input_data->len ) );
     }

From cbbde5f28c4241ef7b002b23b0979b35703f7606 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Mon, 10 May 2021 18:19:46 +0100
Subject: [PATCH 022/966] Split multipart AEAD contexts into two parts

Split to data required for internal implementation and data required for
driver implementation with data left over for the PSA layer.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 include/psa/crypto_builtin_primitives.h       |  59 ++++++++
 .../psa/crypto_driver_contexts_primitives.h   |   8 +
 include/psa/crypto_struct.h                   |  43 +-----
 library/psa_crypto.c                          | 100 +++++++++++--
 library/psa_crypto_aead.c                     |  54 ++++---
 library/psa_crypto_aead.h                     | 138 ++++++++++--------
 library/psa_crypto_driver_wrappers.c          |  84 ++++++-----
 tests/src/drivers/test_driver_aead.c          |  18 +--
 8 files changed, 321 insertions(+), 183 deletions(-)

diff --git a/include/psa/crypto_builtin_primitives.h b/include/psa/crypto_builtin_primitives.h
index 75801a1789..e3903bca50 100644
--- a/include/psa/crypto_builtin_primitives.h
+++ b/include/psa/crypto_builtin_primitives.h
@@ -118,6 +118,62 @@ typedef struct {
 
 #define MBEDTLS_PSA_CIPHER_OPERATION_INIT {0, 0, 0, {0}}
 
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) || \
+    defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) || \
+    defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
+#define MBEDTLS_PSA_BUILTIN_AEAD  1
+#endif
+
+/* Context structure for the Mbed TLS cipher implementation. */
+typedef struct
+{
+    psa_algorithm_t alg;
+    psa_key_type_t key_type;
+
+    unsigned int lengths_set : 1;
+    unsigned int is_encrypt : 1;
+    unsigned int ad_started : 1;
+    unsigned int body_started : 1;
+
+    uint8_t tag_length;
+    uint8_t nonce_length;
+
+    size_t ad_remaining;
+    size_t body_remaining;
+
+    /* Buffers for AD/data - only required until CCM gets proper multipart
+       support. */
+    uint8_t *ad_buffer;
+    size_t ad_length;
+
+    uint8_t *body_buffer;
+    size_t body_length;
+
+    uint8_t *tag_buffer;
+
+    /* buffer to store Nonce - only required until CCM and GCM get proper
+       multipart support. */
+    uint8_t nonce[PSA_AEAD_NONCE_MAX_SIZE];
+
+    union
+    {
+        unsigned dummy; /* Enable easier initializing of the union. */
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
+        mbedtls_ccm_context ccm;
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
+        mbedtls_gcm_context gcm;
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
+        mbedtls_chachapoly_context chachapoly;
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
+
+    } ctx;
+
+} mbedtls_psa_aead_operation_t;
+
+#define MBEDTLS_PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, {0}, {0}}
+
 /*
  * BEYOND THIS POINT, TEST DRIVER DECLARATIONS ONLY.
  */
@@ -130,6 +186,9 @@ typedef mbedtls_psa_hash_operation_t mbedtls_transparent_test_driver_hash_operat
 typedef mbedtls_psa_cipher_operation_t
         mbedtls_transparent_test_driver_cipher_operation_t;
 
+typedef mbedtls_psa_aead_operation_t
+        mbedtls_transparent_test_driver_aead_operation_t;
+
 typedef struct {
     unsigned int initialised : 1;
     mbedtls_transparent_test_driver_cipher_operation_t ctx;
diff --git a/include/psa/crypto_driver_contexts_primitives.h b/include/psa/crypto_driver_contexts_primitives.h
index 104d4bdb6d..4fba9eb030 100644
--- a/include/psa/crypto_driver_contexts_primitives.h
+++ b/include/psa/crypto_driver_contexts_primitives.h
@@ -65,5 +65,13 @@ typedef union {
 #endif
 } psa_driver_cipher_context_t;
 
+typedef union {
+    unsigned dummy; /* Make sure this union is always non-empty */
+    mbedtls_psa_aead_operation_t mbedtls_ctx;
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+    mbedtls_transparent_test_driver_aead_operation_t transparent_test_driver_ctx;
+#endif
+} psa_driver_aead_context_t;
+
 #endif /* PSA_CRYPTO_DRIVER_CONTEXTS_PRIMITIVES_H */
 /* End of automatically generated file. */
diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h
index 6c5639d1c8..6bb6f421b3 100644
--- a/include/psa/crypto_struct.h
+++ b/include/psa/crypto_struct.h
@@ -153,8 +153,6 @@ static inline struct psa_mac_operation_s psa_mac_operation_init( void )
 
 struct psa_aead_operation_s
 {
-    psa_algorithm_t alg;
-    psa_key_type_t key_type;
 
     /** Unique ID indicating which driver got assigned to do the
      * operation. Since driver contexts are driver-specific, swapping
@@ -164,50 +162,19 @@ struct psa_aead_operation_s
      * any driver (i.e. none of the driver contexts are active). */
     unsigned int id;
 
+    psa_algorithm_t alg;
+    psa_key_type_t key_type;
+
     unsigned int key_set : 1;
     unsigned int nonce_set : 1;
     unsigned int lengths_set : 1;
-    unsigned int is_encrypt : 1;
     unsigned int ad_started : 1;
     unsigned int body_started : 1;
 
-    uint8_t tag_length;
-    uint8_t nonce_length;
-
-    size_t ad_remaining;
-    size_t body_remaining;
-
-    /* Buffers for AD/data - only required until CCM gets proper multipart
-       support. */
-    uint8_t *ad_buffer;
-    size_t ad_length;
-
-    uint8_t *body_buffer;
-    size_t body_length;
-
-    uint8_t *tag_buffer;
-
-    /* buffer to store Nonce - only required until CCM and GCM get proper
-       multipart support. */
-    uint8_t nonce[PSA_AEAD_NONCE_MAX_SIZE];
-
-    union
-    {
-        unsigned dummy; /* Enable easier initializing of the union. */
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
-        mbedtls_ccm_context ccm;
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
-        mbedtls_gcm_context gcm;
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
-        mbedtls_chachapoly_context chachapoly;
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
-
-    } ctx;
+    psa_driver_aead_context_t ctx;
 };
 
-#define PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, {0}, {0}}
+#define PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, 0, 0, 0, 0, {0}}
 static inline struct psa_aead_operation_s psa_aead_operation_init( void )
 {
     const struct psa_aead_operation_s v = PSA_AEAD_OPERATION_INIT;
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 4ab0c63b36..7190aa4da2 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3214,6 +3214,25 @@ psa_status_t psa_aead_decrypt( mbedtls_svc_key_id_t key,
     return( status );
 }
 
+/* Helper function to get the base algorithm from its variants. */
+static psa_algorithm_t psa_aead_get_base_algorithm(psa_algorithm_t alg)
+{
+    switch( PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, 0 ) )
+    {
+        case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 0 ):
+            return( PSA_ALG_CCM );
+
+        case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 0 ):
+            return( PSA_ALG_GCM );
+
+        case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CHACHA20_POLY1305, 0 ):
+            return( PSA_ALG_CHACHA20_POLY1305 );
+
+        default:
+            return( PSA_ERROR_NOT_SUPPORTED );
+    }
+}
+
 /* Set the key for a multipart authenticated encryption operation. */
 psa_status_t psa_aead_encrypt_setup( psa_aead_operation_t *operation,
                                      mbedtls_svc_key_id_t key,
@@ -3226,6 +3245,12 @@ psa_status_t psa_aead_encrypt_setup( psa_aead_operation_t *operation,
     if( !PSA_ALG_IS_AEAD( alg ) || PSA_ALG_IS_WILDCARD( alg ) )
         return( PSA_ERROR_NOT_SUPPORTED );
 
+    if( operation->key_set || operation->nonce_set ||
+        operation->ad_started || operation->body_started )
+    {
+        return( PSA_ERROR_BAD_STATE );
+    }
+
     status = psa_get_and_lock_key_slot_with_policy(
                  key, &slot, PSA_KEY_USAGE_ENCRYPT, alg );
 
@@ -3242,6 +3267,7 @@ psa_status_t psa_aead_encrypt_setup( psa_aead_operation_t *operation,
                                                     &attributes, slot->key.data,
                                                     slot->key.bytes, alg );
 
+    operation->key_type = psa_get_key_type( &attributes );
 
     unlock_status = psa_unlock_key_slot( slot );
 
@@ -3250,6 +3276,12 @@ psa_status_t psa_aead_encrypt_setup( psa_aead_operation_t *operation,
         return( unlock_status );
     }
 
+    if( status == PSA_SUCCESS )
+    {
+        operation->alg = psa_aead_get_base_algorithm( alg );
+        operation->key_set = 1;
+    }
+
     return( status );
 }
 
@@ -3265,6 +3297,12 @@ psa_status_t psa_aead_decrypt_setup( psa_aead_operation_t *operation,
     if( !PSA_ALG_IS_AEAD( alg ) || PSA_ALG_IS_WILDCARD( alg ) )
         return( PSA_ERROR_NOT_SUPPORTED );
 
+    if( operation->key_set || operation->nonce_set ||
+        operation->ad_started || operation->body_started )
+    {
+        return( PSA_ERROR_BAD_STATE );
+    }
+
     status = psa_get_and_lock_key_slot_with_policy(
                  key, &slot, PSA_KEY_USAGE_DECRYPT, alg );
 
@@ -3281,6 +3319,7 @@ psa_status_t psa_aead_decrypt_setup( psa_aead_operation_t *operation,
                                                     &attributes, slot->key.data,
                                                     slot->key.bytes, alg );
 
+    operation->key_type = psa_get_key_type( &attributes );
 
     unlock_status = psa_unlock_key_slot( slot );
 
@@ -3289,6 +3328,12 @@ psa_status_t psa_aead_decrypt_setup( psa_aead_operation_t *operation,
         return( unlock_status );
     }
 
+    if( status == PSA_SUCCESS )
+    {
+        operation->alg = psa_aead_get_base_algorithm( alg );
+        operation->key_set = 1;
+    }
+
     return( status );
 }
 
@@ -3341,14 +3386,23 @@ psa_status_t psa_aead_set_nonce( psa_aead_operation_t *operation,
                                  const uint8_t *nonce,
                                  size_t nonce_length )
 {
+    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
     if( !operation->key_set || operation->nonce_set ||
         operation->ad_started || operation->body_started )
     {
         return( PSA_ERROR_BAD_STATE );
     }
 
-    return( psa_driver_wrapper_aead_set_nonce( operation, nonce,
-                                               nonce_length ) );
+    status = psa_driver_wrapper_aead_set_nonce( operation, nonce,
+                                                nonce_length );
+
+    if( status == PSA_SUCCESS )
+    {
+        operation->nonce_set = 1;
+    }
+
+    return( status );
 }
 
 /* Declare the lengths of the message and additional data for multipart AEAD. */
@@ -3356,26 +3410,44 @@ psa_status_t psa_aead_set_lengths( psa_aead_operation_t *operation,
                                    size_t ad_length,
                                    size_t plaintext_length )
 {
+    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
     if( !operation->key_set || operation->lengths_set )
     {
         return( PSA_ERROR_BAD_STATE );
     }
 
-    return( psa_driver_wrapper_aead_set_lengths( operation, ad_length,
-                                                 plaintext_length ) );
+    status = psa_driver_wrapper_aead_set_lengths( operation, ad_length,
+                                                  plaintext_length );
+
+    if( status == PSA_SUCCESS )
+    {
+        operation->lengths_set = 1;
+    }
+
+    return status;
 }
  /* Pass additional data to an active multipart AEAD operation. */
 psa_status_t psa_aead_update_ad( psa_aead_operation_t *operation,
                                  const uint8_t *input,
                                  size_t input_length )
 {
+    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
     if( !operation->nonce_set || !operation->key_set )
     {
         return( PSA_ERROR_BAD_STATE );
     }
 
-    return( psa_driver_wrapper_aead_update_ad( operation, input,
-                                               input_length ) );
+    status = psa_driver_wrapper_aead_update_ad( operation, input,
+                                                input_length );
+
+    if( status == PSA_SUCCESS )
+    {
+        operation->ad_started = 1;
+    }
+
+    return status;
 }
 
 /* Encrypt or decrypt a message fragment in an active multipart AEAD
@@ -3387,6 +3459,7 @@ psa_status_t psa_aead_update( psa_aead_operation_t *operation,
                               size_t output_size,
                               size_t *output_length )
 {
+    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
     *output_length = 0;
 
@@ -3395,9 +3468,16 @@ psa_status_t psa_aead_update( psa_aead_operation_t *operation,
         return( PSA_ERROR_BAD_STATE );
     }
 
-    return( psa_driver_wrapper_aead_update( operation, input, input_length,
-                                            output, output_size,
-                                            output_length ) );
+    status = psa_driver_wrapper_aead_update( operation, input, input_length,
+                                             output, output_size,
+                                             output_length );
+
+    if( status == PSA_SUCCESS )
+    {
+        operation->body_started = 1;
+    }
+
+    return status;
 }
 
 /* Finish encrypting a message in a multipart AEAD operation. */
@@ -3422,6 +3502,7 @@ psa_status_t psa_aead_finish( psa_aead_operation_t *operation,
                                             ciphertext_size,
                                             ciphertext_length,
                                             tag, tag_size, tag_length ) );
+
 }
 
 /* Finish authenticating and decrypting a message in a multipart AEAD
@@ -3466,7 +3547,6 @@ psa_status_t psa_aead_abort(psa_aead_operation_t *operation)
     operation->key_set = 0;
     operation->nonce_set = 0;
     operation->lengths_set = 0;
-    operation->is_encrypt = 0;
     operation->ad_started = 0;
     operation->body_started = 0;
 
diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c
index f5b4dc512f..8f8b74e7e4 100644
--- a/library/psa_crypto_aead.c
+++ b/library/psa_crypto_aead.c
@@ -20,7 +20,6 @@
 
 #include "common.h"
 
-
 #if defined(MBEDTLS_PSA_CRYPTO_C)
 
 #include "psa_crypto_aead.h"
@@ -55,7 +54,7 @@ static inline int safer_memcmp( const uint8_t *a, const uint8_t *b, size_t n )
 
 
 static psa_status_t psa_aead_setup(
-    psa_aead_operation_t *operation,
+    mbedtls_psa_aead_operation_t *operation,
     const psa_key_attributes_t *attributes,
     const uint8_t *key_buffer,
     psa_algorithm_t alg )
@@ -66,12 +65,6 @@ static psa_status_t psa_aead_setup(
     mbedtls_cipher_id_t cipher_id;
     size_t full_tag_length = 0;
 
-    if( operation->key_set || operation->nonce_set ||
-        operation->ad_started || operation->body_started )
-    {
-        return( PSA_ERROR_BAD_STATE );
-    }
-
     key_bits = attributes->core.bits;
 
     cipher_info = mbedtls_cipher_info_from_psa( alg,
@@ -146,12 +139,12 @@ static psa_status_t psa_aead_setup(
         > full_tag_length )
         return( PSA_ERROR_INVALID_ARGUMENT );
 
-    operation->tag_length = PSA_AEAD_TAG_LENGTH( attributes->core.type,
+    operation->key_type = psa_get_key_type( attributes );
+
+    operation->tag_length = PSA_AEAD_TAG_LENGTH( operation->key_type,
                                                  key_bits,
                                                  alg );
 
-    operation->key_set = 1;
-
     return( PSA_SUCCESS );
 }
 
@@ -165,7 +158,7 @@ psa_status_t mbedtls_psa_aead_encrypt(
     uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length )
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-    psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT;
+    mbedtls_psa_aead_operation_t operation = MBEDTLS_PSA_AEAD_OPERATION_INIT;
     uint8_t *tag;
     (void) key_buffer_size;
 
@@ -275,7 +268,7 @@ psa_status_t mbedtls_psa_aead_decrypt(
     uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length )
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-    psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT;
+    mbedtls_psa_aead_operation_t operation = MBEDTLS_PSA_AEAD_OPERATION_INIT;
     const uint8_t *tag = NULL;
     (void) key_buffer_size;
 
@@ -354,7 +347,8 @@ exit:
 
 /* Set the key and algorithm for a multipart authenticated encryption
  * operation. */
-psa_status_t mbedtls_psa_aead_encrypt_setup( psa_aead_operation_t *operation,
+psa_status_t mbedtls_psa_aead_encrypt_setup( mbedtls_psa_aead_operation_t
+                                                                    *operation,
                                              const psa_key_attributes_t
                                                                     *attributes,
                                              const uint8_t *key_buffer,
@@ -377,7 +371,8 @@ psa_status_t mbedtls_psa_aead_encrypt_setup( psa_aead_operation_t *operation,
 
 /* Set the key and algorithm for a multipart authenticated decryption
  * operation. */
-psa_status_t mbedtls_psa_aead_decrypt_setup( psa_aead_operation_t *operation,
+psa_status_t mbedtls_psa_aead_decrypt_setup( mbedtls_psa_aead_operation_t
+                                                                    *operation,
                                              const psa_key_attributes_t
                                                                     *attributes,
                                              const uint8_t *key_buffer,
@@ -399,7 +394,8 @@ psa_status_t mbedtls_psa_aead_decrypt_setup( psa_aead_operation_t *operation,
 }
 
 /* Set a nonce for the multipart AEAD operation*/
-psa_status_t mbedtls_psa_aead_set_nonce( psa_aead_operation_t *operation,
+psa_status_t mbedtls_psa_aead_set_nonce( mbedtls_psa_aead_operation_t
+                                                                    *operation,
                                          const uint8_t *nonce,
                                          size_t nonce_length )
 {
@@ -454,15 +450,11 @@ psa_status_t mbedtls_psa_aead_set_nonce( psa_aead_operation_t *operation,
         return ( PSA_ERROR_NOT_SUPPORTED );
     }
 
-    if( status == PSA_SUCCESS )
-    {
-        operation->nonce_set = 1;
-    }
-
     return( status );
 }
  /* Declare the lengths of the message and additional data for AEAD. */
-psa_status_t mbedtls_psa_aead_set_lengths( psa_aead_operation_t *operation,
+psa_status_t mbedtls_psa_aead_set_lengths( mbedtls_psa_aead_operation_t
+                                                                    *operation,
                                            size_t ad_length,
                                            size_t plaintext_length )
 {
@@ -512,7 +504,8 @@ psa_status_t mbedtls_psa_aead_set_lengths( psa_aead_operation_t *operation,
 }
 
 /* Pass additional data to an active multipart AEAD operation. */
-psa_status_t mbedtls_psa_aead_update_ad( psa_aead_operation_t *operation,
+psa_status_t mbedtls_psa_aead_update_ad( mbedtls_psa_aead_operation_t
+                                                                    *operation,
                                          const uint8_t *input,
                                          size_t input_length )
 {
@@ -611,7 +604,7 @@ psa_status_t mbedtls_psa_aead_update_ad( psa_aead_operation_t *operation,
 
 /* Encrypt or decrypt a message fragment in an active multipart AEAD
  * operation.*/
-psa_status_t mbedtls_psa_aead_update( psa_aead_operation_t *operation,
+psa_status_t mbedtls_psa_aead_update( mbedtls_psa_aead_operation_t *operation,
                                       const uint8_t *input,
                                       size_t input_length,
                                       uint8_t *output,
@@ -786,7 +779,7 @@ psa_status_t mbedtls_psa_aead_update( psa_aead_operation_t *operation,
 
 /* Common checks for both mbedtls_psa_aead_finish() and
    mbedtls_psa_aead_verify() */
-static psa_status_t mbedtls_psa_aead_finish_checks( psa_aead_operation_t
+static psa_status_t mbedtls_psa_aead_finish_checks( mbedtls_psa_aead_operation_t
                                                                     *operation,
                                                     size_t output_size,
                                                     size_t tag_size )
@@ -828,7 +821,7 @@ static psa_status_t mbedtls_psa_aead_finish_checks( psa_aead_operation_t
 }
 
 /* Finish encrypting a message in a multipart AEAD operation. */
-psa_status_t mbedtls_psa_aead_finish( psa_aead_operation_t *operation,
+psa_status_t mbedtls_psa_aead_finish( mbedtls_psa_aead_operation_t *operation,
                                       uint8_t *ciphertext,
                                       size_t ciphertext_size,
                                       size_t *ciphertext_length,
@@ -903,7 +896,7 @@ psa_status_t mbedtls_psa_aead_finish( psa_aead_operation_t *operation,
 
 /* Finish authenticating and decrypting a message in a multipart AEAD
  * operation.*/
-psa_status_t mbedtls_psa_aead_verify( psa_aead_operation_t *operation,
+psa_status_t mbedtls_psa_aead_verify( mbedtls_psa_aead_operation_t *operation,
                                       uint8_t *plaintext,
                                       size_t plaintext_size,
                                       size_t *plaintext_length,
@@ -1033,7 +1026,7 @@ psa_status_t mbedtls_psa_aead_verify( psa_aead_operation_t *operation,
 }
 
 /* Abort an AEAD operation */
-psa_status_t mbedtls_psa_aead_abort( psa_aead_operation_t *operation )
+psa_status_t mbedtls_psa_aead_abort( mbedtls_psa_aead_operation_t *operation )
 {
     switch( operation->alg )
     {
@@ -1054,6 +1047,11 @@ psa_status_t mbedtls_psa_aead_abort( psa_aead_operation_t *operation )
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
     }
 
+    operation->lengths_set = 0;
+    operation->is_encrypt = 0;
+    operation->ad_started = 0;
+    operation->body_started = 0;
+
     mbedtls_free(operation->ad_buffer);
     operation->ad_buffer = NULL;
     operation->ad_length = 0;
diff --git a/library/psa_crypto_aead.h b/library/psa_crypto_aead.h
index a9d268773e..4b6d6cd1ba 100644
--- a/library/psa_crypto_aead.h
+++ b/library/psa_crypto_aead.h
@@ -160,37 +160,39 @@ psa_status_t mbedtls_psa_aead_decrypt(
  * -# Allocate an operation object which will be passed to all the functions
  *    listed here.
  * -# Initialize the operation object with one of the methods described in the
- *    documentation for #psa_aead_operation_t, e.g.
- *    #PSA_AEAD_OPERATION_INIT.
+ *    documentation for #mbedtls_psa_aead_operation_t, e.g.
+ *    #MBEDTLS_PSA_AEAD_OPERATION_INIT.
  * -# Call mbedtls_psa_aead_encrypt_setup() to specify the algorithm and key.
  * -# If needed, call mbedtls_psa_aead_set_lengths() to specify the length of
  *    the inputs to the subsequent calls to mbedtls_psa_aead_update_ad() and
- *    mbedtls_psa_aead_update(). See the documentation of mbedtls_psa_aead_set_lengths()
- *    for details.
+ *    mbedtls_psa_aead_update(). See the documentation of
+ *    mbedtls_psa_aead_set_lengths() for details.
  * -# Call either psa_aead_generate_nonce() or
  *    mbedtls_psa_aead_set_nonce() to generate or set the nonce. You should use
  *    psa_aead_generate_nonce() unless the protocol you are implementing
  *    requires a specific nonce value.
- * -# Call mbedtls_psa_aead_update_ad() zero, one or more times, passing a fragment
- *    of the non-encrypted additional authenticated data each time.
+ * -# Call mbedtls_psa_aead_update_ad() zero, one or more times, passing
+ *    a fragment of the non-encrypted additional authenticated data each time.
  * -# Call mbedtls_psa_aead_update() zero, one or more times, passing a fragment
  *    of the message to encrypt each time.
  * -# Call mbedtls_psa_aead_finish().
  *
- * If an error occurs at any step after a call to mbedtls_psa_aead_encrypt_setup(),
- * the operation will need to be reset by a call to mbedtls_psa_aead_abort(). The
- * application may call mbedtls_psa_aead_abort() at any time after the operation
- * has been initialized.
+ * If an error occurs at any step after a call to
+ * mbedtls_psa_aead_encrypt_setup(), the operation will need to be reset by a
+ * call to mbedtls_psa_aead_abort(). The application may call
+ * mbedtls_psa_aead_abort() at any time after the operation has been
+ * initialized.
  *
- * After a successful call to mbedtls_psa_aead_encrypt_setup(), the application must
- * eventually terminate the operation. The following events terminate an
+ * After a successful call to mbedtls_psa_aead_encrypt_setup(), the application
+ * must eventually terminate the operation. The following events terminate an
  * operation:
  * - A successful call to mbedtls_psa_aead_finish().
  * - A call to mbedtls_psa_aead_abort().
  *
  * \param[in,out] operation     The operation object to set up. It must have
  *                              been initialized as per the documentation for
- *                              #mbedtls_psa_aead_operation_t and not yet in use.
+ *                              #mbedtls_psa_aead_operation_t and not yet in
+ *                              use.
  * \param[in]  attributes       The attributes of the key to use for the
  *                              operation.
  * \param[in]  key_buffer       The buffer containing the key context.
@@ -219,9 +221,12 @@ psa_status_t mbedtls_psa_aead_decrypt(
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
-psa_status_t mbedtls_psa_aead_encrypt_setup(psa_aead_operation_t *operation,
-                                            const psa_key_attributes_t *attributes,
-                                            const uint8_t *key_buffer, size_t key_buffer_size,
+psa_status_t mbedtls_psa_aead_encrypt_setup(mbedtls_psa_aead_operation_t
+                                                                     *operation,
+                                            const psa_key_attributes_t
+                                                                    *attributes,
+                                            const uint8_t *key_buffer,
+                                            size_t key_buffer_size,
                                             psa_algorithm_t alg);
 
 /** Set the key for a multipart authenticated decryption operation.
@@ -236,34 +241,36 @@ psa_status_t mbedtls_psa_aead_encrypt_setup(psa_aead_operation_t *operation,
  * -# Allocate an operation object which will be passed to all the functions
  *    listed here.
  * -# Initialize the operation object with one of the methods described in the
- *    documentation for #psa_aead_operation_t, e.g.
+ *    documentation for #mbedtls_psa_aead_operation_t, e.g.
  *    #PSA_AEAD_OPERATION_INIT.
  * -# Call mbedtls_psa_aead_decrypt_setup() to specify the algorithm and key.
- * -# If needed, call mbedtls_psa_aead_set_lengths() to specify the length of the
- *    inputs to the subsequent calls to mbedtls_psa_aead_update_ad() and
- *    mbedtls_psa_aead_update(). See the documentation of mbedtls_psa_aead_set_lengths()
- *    for details.
+ * -# If needed, call mbedtls_psa_aead_set_lengths() to specify the length of
+ *    the inputs to the subsequent calls to mbedtls_psa_aead_update_ad() and
+ *    mbedtls_psa_aead_update(). See the documentation of
+ *    mbedtls_psa_aead_set_lengths() for details.
  * -# Call mbedtls_psa_aead_set_nonce() with the nonce for the decryption.
- * -# Call mbedtls_psa_aead_update_ad() zero, one or more times, passing a fragment
- *    of the non-encrypted additional authenticated data each time.
+ * -# Call mbedtls_psa_aead_update_ad() zero, one or more times, passing a
+ *    fragment of the non-encrypted additional authenticated data each time.
  * -# Call mbedtls_psa_aead_update() zero, one or more times, passing a fragment
  *    of the ciphertext to decrypt each time.
  * -# Call mbedtls_psa_aead_verify().
  *
- * If an error occurs at any step after a call to mbedtls_psa_aead_decrypt_setup(),
- * the operation will need to be reset by a call to mbedtls_psa_aead_abort(). The
- * application may call mbedtls_psa_aead_abort() at any time after the operation
- * has been initialized.
+ * If an error occurs at any step after a call to
+ * mbedtls_psa_aead_decrypt_setup(), the operation will need to be reset by a
+ * call to mbedtls_psa_aead_abort(). The application may call
+ * mbedtls_psa_aead_abort() at any time after the operation has been
+ * initialized.
  *
- * After a successful call to mbedtls_psa_aead_decrypt_setup(), the application must
- * eventually terminate the operation. The following events terminate an
+ * After a successful call to mbedtls_psa_aead_decrypt_setup(), the application
+ * must eventually terminate the operation. The following events terminate an
  * operation:
  * - A successful call to mbedtls_psa_aead_verify().
  * - A call to mbedtls_psa_aead_abort().
  *
  * \param[in,out] operation     The operation object to set up. It must have
  *                              been initialized as per the documentation for
- *                              #psa_aead_operation_t and not yet in use.
+ *                              #mbedtls_psa_aead_operation_t and not yet in
+ *                              use.
  * \param[in]  attributes       The attributes of the key to use for the
  *                              operation.
  * \param[in]  key_buffer       The buffer containing the key context.
@@ -292,9 +299,12 @@ psa_status_t mbedtls_psa_aead_encrypt_setup(psa_aead_operation_t *operation,
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
-psa_status_t mbedtls_psa_aead_decrypt_setup(psa_aead_operation_t *operation,
-                                            const psa_key_attributes_t *attributes,
-                                            const uint8_t *key_buffer, size_t key_buffer_size,
+psa_status_t mbedtls_psa_aead_decrypt_setup(mbedtls_psa_aead_operation_t
+                                                                     *operation,
+                                            const psa_key_attributes_t
+                                                                    *attributes,
+                                            const uint8_t *key_buffer,
+                                            size_t key_buffer_size,
                                             psa_algorithm_t alg);
 
 /** Set the nonce for an authenticated encryption or decryption operation.
@@ -313,9 +323,9 @@ psa_status_t mbedtls_psa_aead_decrypt_setup(psa_aead_operation_t *operation,
  * If this function returns an error status, the operation enters an error
  * state and must be aborted by calling mbedtls_psa_aead_abort().
  *
- * \note When encrypting, applications should use mbedtls_psa_aead_generate_nonce()
- * instead of this function, unless implementing a protocol that requires
- * a non-random IV.
+ * \note When encrypting, applications should use
+ * mbedtls_psa_aead_generate_nonce() instead of this function, unless
+ * implementing a protocol that requires a non-random IV.
  *
  * \param[in,out] operation     Active AEAD operation.
  * \param[in] nonce             Buffer containing the nonce to use.
@@ -338,7 +348,7 @@ psa_status_t mbedtls_psa_aead_decrypt_setup(psa_aead_operation_t *operation,
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
-psa_status_t mbedtls_psa_aead_set_nonce(psa_aead_operation_t *operation,
+psa_status_t mbedtls_psa_aead_set_nonce(mbedtls_psa_aead_operation_t *operation,
                                         const uint8_t *nonce,
                                         size_t nonce_length);
 
@@ -350,10 +360,10 @@ psa_status_t mbedtls_psa_aead_set_nonce(psa_aead_operation_t *operation,
  *       specification for transparent drivers.
  *
  * The application must call this function before calling
- * mbedtls_psa_aead_update_ad() or mbedtls_psa_aead_update() if the algorithm for
- * the operation requires it. If the algorithm does not require it,
- * calling this function is optional, but if this function is called
- * then the implementation must enforce the lengths.
+ * mbedtls_psa_aead_update_ad() or mbedtls_psa_aead_update() if the algorithm
+ * for the operation requires it. If the algorithm does not require it, calling
+ * this function is optional, but if this function is called then the
+ * implementation must enforce the lengths.
  *
  * You may call this function before or after setting the nonce with
  * mbedtls_psa_aead_set_nonce() or psa_aead_generate_nonce().
@@ -375,8 +385,8 @@ psa_status_t mbedtls_psa_aead_set_nonce(psa_aead_operation_t *operation,
  *         Success.
  * \retval #PSA_ERROR_BAD_STATE
  *         The operation state is not valid (it must be active, and
- *         mbedtls_psa_aead_update_ad() and mbedtls_psa_aead_update() must not have been
- *         called yet).
+ *         mbedtls_psa_aead_update_ad() and mbedtls_psa_aead_update() must not
+ *         have been called yet).
  * \retval #PSA_ERROR_INVALID_ARGUMENT
  *         At least one of the lengths is not acceptable for the chosen
  *         algorithm.
@@ -389,7 +399,8 @@ psa_status_t mbedtls_psa_aead_set_nonce(psa_aead_operation_t *operation,
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
-psa_status_t mbedtls_psa_aead_set_lengths(psa_aead_operation_t *operation,
+psa_status_t mbedtls_psa_aead_set_lengths(mbedtls_psa_aead_operation_t
+                                                                     *operation,
                                           size_t ad_length,
                                           size_t plaintext_length);
 
@@ -407,18 +418,19 @@ psa_status_t mbedtls_psa_aead_set_lengths(psa_aead_operation_t *operation,
  * data to encrypt or decrypt with mbedtls_psa_aead_update().
  *
  * Before calling this function, you must:
- * 1. Call either mbedtls_psa_aead_encrypt_setup() or mbedtls_psa_aead_decrypt_setup().
- * 2. Set the nonce with psa_aead_generate_nonce() or
- *    mbedtls_psa_aead_set_nonce().
+ * 1. Call either mbedtls_psa_aead_encrypt_setup() or
+ *    mbedtls_psa_aead_decrypt_setup(). 2. Set the nonce with
+ *    psa_aead_generate_nonce() or mbedtls_psa_aead_set_nonce().
  *
  * If this function returns an error status, the operation enters an error
  * state and must be aborted by calling mbedtls_psa_aead_abort().
  *
- * \warning When decrypting, until mbedtls_psa_aead_verify() has returned #PSA_SUCCESS,
- *          there is no guarantee that the input is valid. Therefore, until
- *          you have called mbedtls_psa_aead_verify() and it has returned #PSA_SUCCESS,
- *          treat the input as untrusted and prepare to undo any action that
- *          depends on the input if mbedtls_psa_aead_verify() returns an error status.
+ * \warning When decrypting, until mbedtls_psa_aead_verify() has returned
+ *          #PSA_SUCCESS, there is no guarantee that the input is valid.
+ *          Therefore, until you have called mbedtls_psa_aead_verify() and it
+ *          has returned #PSA_SUCCESS, treat the input as untrusted and prepare
+ *          to undo any action that depends on the input if
+ *          mbedtls_psa_aead_verify() returns an error status.
  *
  * \note    For the time being #PSA_ALG_CCM and #PSA_ALG_GCM require the entire
  *          additional data to be passed in in one go, i.e. only call
@@ -448,7 +460,7 @@ psa_status_t mbedtls_psa_aead_set_lengths(psa_aead_operation_t *operation,
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
-psa_status_t mbedtls_psa_aead_update_ad(psa_aead_operation_t *operation,
+psa_status_t mbedtls_psa_aead_update_ad(mbedtls_psa_aead_operation_t *operation,
                                         const uint8_t *input,
                                         size_t input_length);
 
@@ -460,9 +472,9 @@ psa_status_t mbedtls_psa_aead_update_ad(psa_aead_operation_t *operation,
  *       transparent drivers.
  *
  * Before calling this function, you must:
- * 1. Call either mbedtls_psa_aead_encrypt_setup() or mbedtls_psa_aead_decrypt_setup().
- *    The choice of setup function determines whether this function
- *    encrypts or decrypts its input.
+ * 1. Call either mbedtls_psa_aead_encrypt_setup() or
+ *    mbedtls_psa_aead_decrypt_setup(). The choice of setup function determines
+ *    whether this function encrypts or decrypts its input.
  * 2. Set the nonce with psa_aead_generate_nonce() or
  * mbedtls_psa_aead_set_nonce(). 3. Call mbedtls_psa_aead_update_ad() to pass
  * all the additional data.
@@ -537,7 +549,7 @@ psa_status_t mbedtls_psa_aead_update_ad(psa_aead_operation_t *operation,
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
-psa_status_t mbedtls_psa_aead_update(psa_aead_operation_t *operation,
+psa_status_t mbedtls_psa_aead_update(mbedtls_psa_aead_operation_t *operation,
                                      const uint8_t *input,
                                      size_t input_length,
                                      uint8_t *output,
@@ -618,7 +630,7 @@ psa_status_t mbedtls_psa_aead_update(psa_aead_operation_t *operation,
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
-psa_status_t mbedtls_psa_aead_finish(psa_aead_operation_t *operation,
+psa_status_t mbedtls_psa_aead_finish(mbedtls_psa_aead_operation_t *operation,
                                      uint8_t *ciphertext,
                                      size_t ciphertext_size,
                                      size_t *ciphertext_length,
@@ -703,7 +715,7 @@ psa_status_t mbedtls_psa_aead_finish(psa_aead_operation_t *operation,
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
-psa_status_t mbedtls_psa_aead_verify(psa_aead_operation_t *operation,
+psa_status_t mbedtls_psa_aead_verify(mbedtls_psa_aead_operation_t *operation,
                                      uint8_t *plaintext,
                                      size_t plaintext_size,
                                      size_t *plaintext_length,
@@ -723,11 +735,11 @@ psa_status_t mbedtls_psa_aead_verify(psa_aead_operation_t *operation,
  * mbedtls_psa_aead_encrypt_setup() or mbedtls_psa_aead_decrypt_setup() again.
  *
  * You may call this function any time after the operation object has
- * been initialized as described in #psa_aead_operation_t.
+ * been initialized as described in #mbedtls_psa_aead_operation_t.
  *
  * In particular, calling mbedtls_psa_aead_abort() after the operation has been
- * terminated by a call to mbedtls_psa_aead_abort(), mbedtls_psa_aead_finish() or
- * mbedtls_psa_aead_verify() is safe and has no effect.
+ * terminated by a call to mbedtls_psa_aead_abort(), mbedtls_psa_aead_finish()
+ * or mbedtls_psa_aead_verify() is safe and has no effect.
  *
  * \param[in,out] operation     Initialized AEAD operation.
  *
@@ -740,7 +752,7 @@ psa_status_t mbedtls_psa_aead_verify(psa_aead_operation_t *operation,
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
-psa_status_t mbedtls_psa_aead_abort(psa_aead_operation_t *operation);
+psa_status_t mbedtls_psa_aead_abort(mbedtls_psa_aead_operation_t *operation);
 
 
 #endif /* PSA_CRYPTO_AEAD */
diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c
index 7faedb30e3..7590800e26 100644
--- a/library/psa_crypto_driver_wrappers.c
+++ b/library/psa_crypto_driver_wrappers.c
@@ -1310,10 +1310,9 @@ psa_status_t psa_driver_wrapper_aead_encrypt_setup(
 
 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
 #if defined(PSA_CRYPTO_DRIVER_TEST)
-            status = PSA_ERROR_NOT_SUPPORTED;
             status = mbedtls_test_transparent_aead_encrypt_setup(
-                        operation, attributes,
-                        key_buffer, key_buffer_size,
+                        &operation->ctx.transparent_test_driver_ctx,
+                        attributes, key_buffer, key_buffer_size,
                         alg );
             /* Declared with fallback == true */
             operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
@@ -1325,7 +1324,7 @@ psa_status_t psa_driver_wrapper_aead_encrypt_setup(
 
             /* Fell through, meaning no accelerator supports this operation */
             status = mbedtls_psa_aead_encrypt_setup(
-                        operation, attributes,
+                        &operation->ctx.mbedtls_ctx, attributes,
                         key_buffer, key_buffer_size,
                         alg );
 
@@ -1360,9 +1359,9 @@ psa_status_t psa_driver_wrapper_aead_decrypt_setup(
 
 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
 #if defined(PSA_CRYPTO_DRIVER_TEST)
-            status = PSA_ERROR_NOT_SUPPORTED;
             status = mbedtls_test_transparent_aead_decrypt_setup(
-                        operation, attributes,
+                        &operation->ctx.transparent_test_driver_ctx,
+                         attributes,
                         key_buffer, key_buffer_size,
                         alg );
             /* Declared with fallback == true */
@@ -1375,7 +1374,8 @@ psa_status_t psa_driver_wrapper_aead_decrypt_setup(
 
             /* Fell through, meaning no accelerator supports this operation */
             status = mbedtls_psa_aead_decrypt_setup(
-                        operation, attributes,
+                        &operation->ctx.mbedtls_ctx,
+                         attributes,
                         key_buffer, key_buffer_size,
                         alg );
 
@@ -1401,16 +1401,18 @@ psa_status_t psa_driver_wrapper_aead_set_nonce(
     {
 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
         case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
-            return( mbedtls_psa_aead_set_nonce( operation, nonce,
+            return( mbedtls_psa_aead_set_nonce( &operation->ctx.mbedtls_ctx,
+                                                nonce,
                                                 nonce_length ) );
 
-#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
+#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
 
 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
 #if defined(PSA_CRYPTO_DRIVER_TEST)
         case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
             return( mbedtls_test_transparent_aead_set_nonce(
-                        operation, nonce, nonce_length ) );
+                         &operation->ctx.transparent_test_driver_ctx,
+                         nonce, nonce_length ) );
 
         /* Add cases for opaque driver here */
 
@@ -1431,18 +1433,20 @@ psa_status_t psa_driver_wrapper_aead_set_lengths(
 {
     switch( operation->id )
     {
-#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
+#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
         case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
-            return( mbedtls_psa_aead_set_lengths( operation, ad_length,
+            return( mbedtls_psa_aead_set_lengths( &operation->ctx.mbedtls_ctx,
+                                                  ad_length,
                                                   plaintext_length ) );
 
-#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
+#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
 
 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
 #if defined(PSA_CRYPTO_DRIVER_TEST)
         case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
             return( mbedtls_test_transparent_aead_set_lengths(
-                        operation, ad_length, plaintext_length ) );
+                        &operation->ctx.transparent_test_driver_ctx,
+                        ad_length, plaintext_length ) );
 
         /* Add cases for opaque driver here */
 
@@ -1463,18 +1467,20 @@ psa_status_t psa_driver_wrapper_aead_update_ad(
 {
     switch( operation->id )
     {
-#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
+#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
         case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
-            return( mbedtls_psa_aead_update_ad( operation, input,
+            return( mbedtls_psa_aead_update_ad( &operation->ctx.mbedtls_ctx,
+                                                input,
                                                 input_length ) );
 
-#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
+#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
 
 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
 #if defined(PSA_CRYPTO_DRIVER_TEST)
         case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
             return( mbedtls_test_transparent_aead_update_ad(
-                        operation, input, input_length ) );
+                        &operation->ctx.transparent_test_driver_ctx,
+                        input, input_length ) );
 
         /* Add cases for opaque driver here */
 
@@ -1498,19 +1504,21 @@ psa_status_t psa_driver_wrapper_aead_update(
 {
     switch( operation->id )
     {
-#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
+#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
         case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
-            return( mbedtls_psa_aead_update( operation, input, input_length,
+            return( mbedtls_psa_aead_update( &operation->ctx.mbedtls_ctx,
+                                             input, input_length,
                                              output, output_size,
                                              output_length ) );
 
-#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
+#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
 
 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
 #if defined(PSA_CRYPTO_DRIVER_TEST)
         case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
             return( mbedtls_test_transparent_aead_update(
-                        operation, input, input_length, output, output_size,
+                        &operation->ctx.transparent_test_driver_ctx,
+                        input, input_length, output, output_size,
                         output_length ) );
 
         /* Add cases for opaque driver here */
@@ -1539,20 +1547,22 @@ psa_status_t psa_driver_wrapper_aead_finish(
 {
     switch( operation->id )
     {
-#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
+#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
         case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
-            return( mbedtls_psa_aead_finish( operation, ciphertext,
+            return( mbedtls_psa_aead_finish( &operation->ctx.mbedtls_ctx,
+                                             ciphertext,
                                              ciphertext_size,
                                              ciphertext_length, tag,
                                              tag_size, tag_length ) );
 
-#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
+#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
 
 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
 #if defined(PSA_CRYPTO_DRIVER_TEST)
         case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
             return( mbedtls_test_transparent_aead_finish(
-                        operation, ciphertext, ciphertext_size,
+                        &operation->ctx.transparent_test_driver_ctx,
+                        ciphertext, ciphertext_size,
                         ciphertext_length, tag, tag_size, tag_length ) );
 
         /* Add cases for opaque driver here */
@@ -1581,19 +1591,22 @@ psa_status_t psa_driver_wrapper_aead_verify(
 {
     switch( operation->id )
     {
-#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
+#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
         case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
-            return( mbedtls_psa_aead_verify( operation, plaintext,
-                                             plaintext_size, plaintext_length,
+            return( mbedtls_psa_aead_verify( &operation->ctx.mbedtls_ctx,
+                                             plaintext,
+                                             plaintext_size,
+                                             plaintext_length,
                                              tag, tag_length ) );
 
-#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
+#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
 
 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
 #if defined(PSA_CRYPTO_DRIVER_TEST)
         case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
             return( mbedtls_test_transparent_aead_verify(
-                        operation, plaintext, plaintext_size,
+                        &operation->ctx.transparent_test_driver_ctx,
+                        plaintext, plaintext_size,
                         plaintext_length, tag, tag_length ) );
 
         /* Add cases for opaque driver here */
@@ -1616,16 +1629,17 @@ psa_status_t psa_driver_wrapper_aead_abort(
 {
     switch( operation->id )
     {
-#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
+#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
         case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
-            return( mbedtls_psa_aead_abort( operation ) );
+            return( mbedtls_psa_aead_abort( &operation->ctx.mbedtls_ctx ) );
 
-#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
+#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
 
 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
 #if defined(PSA_CRYPTO_DRIVER_TEST)
         case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
-            return( mbedtls_test_transparent_aead_abort( operation ) );
+            return( mbedtls_test_transparent_aead_abort(
+               &operation->ctx.transparent_test_driver_ctx ) );
 
         /* Add cases for opaque driver here */
 
diff --git a/tests/src/drivers/test_driver_aead.c b/tests/src/drivers/test_driver_aead.c
index 34bbc51ab2..006d3327f5 100644
--- a/tests/src/drivers/test_driver_aead.c
+++ b/tests/src/drivers/test_driver_aead.c
@@ -94,7 +94,7 @@ psa_status_t mbedtls_test_transparent_aead_decrypt(
 }
 
 psa_status_t mbedtls_test_transparent_aead_encrypt_setup(
-    psa_aead_operation_t *operation,
+    mbedtls_transparent_test_driver_aead_operation_t *operation,
     const psa_key_attributes_t *attributes,
     const uint8_t *key_buffer, size_t key_buffer_size,
     psa_algorithm_t alg )
@@ -117,7 +117,7 @@ psa_status_t mbedtls_test_transparent_aead_encrypt_setup(
 }
 
 psa_status_t mbedtls_test_transparent_aead_decrypt_setup(
-    psa_aead_operation_t *operation,
+    mbedtls_transparent_test_driver_aead_operation_t *operation,
     const psa_key_attributes_t *attributes,
     const uint8_t *key_buffer, size_t key_buffer_size,
     psa_algorithm_t alg )
@@ -140,7 +140,7 @@ psa_status_t mbedtls_test_transparent_aead_decrypt_setup(
 }
 
 psa_status_t mbedtls_test_transparent_aead_set_nonce(
-    psa_aead_operation_t *operation,
+    mbedtls_transparent_test_driver_aead_operation_t *operation,
     const uint8_t *nonce,
     size_t nonce_length )
 {
@@ -161,7 +161,7 @@ psa_status_t mbedtls_test_transparent_aead_set_nonce(
 }
 
 psa_status_t mbedtls_test_transparent_aead_set_lengths(
-    psa_aead_operation_t *operation,
+    mbedtls_transparent_test_driver_aead_operation_t *operation,
     size_t ad_length,
     size_t plaintext_length )
 {
@@ -183,7 +183,7 @@ psa_status_t mbedtls_test_transparent_aead_set_lengths(
 }
 
 psa_status_t mbedtls_test_transparent_aead_update_ad(
-    psa_aead_operation_t *operation,
+    mbedtls_transparent_test_driver_aead_operation_t *operation,
     const uint8_t *input,
     size_t input_length )
 {
@@ -204,7 +204,7 @@ psa_status_t mbedtls_test_transparent_aead_update_ad(
 }
 
 psa_status_t mbedtls_test_transparent_aead_update(
-   psa_aead_operation_t *operation,
+   mbedtls_transparent_test_driver_aead_operation_t *operation,
    const uint8_t *input,
    size_t input_length,
    uint8_t *output,
@@ -229,7 +229,7 @@ psa_status_t mbedtls_test_transparent_aead_update(
 }
 
 psa_status_t mbedtls_test_transparent_aead_finish(
-   psa_aead_operation_t *operation,
+   mbedtls_transparent_test_driver_aead_operation_t *operation,
    uint8_t *ciphertext,
    size_t ciphertext_size,
    size_t *ciphertext_length,
@@ -256,7 +256,7 @@ psa_status_t mbedtls_test_transparent_aead_finish(
 }
 
 psa_status_t mbedtls_test_transparent_aead_verify(
-   psa_aead_operation_t *operation,
+   mbedtls_transparent_test_driver_aead_operation_t *operation,
    uint8_t *plaintext,
    size_t plaintext_size,
    size_t *plaintext_length,
@@ -281,7 +281,7 @@ psa_status_t mbedtls_test_transparent_aead_verify(
 }
 
 psa_status_t mbedtls_test_transparent_aead_abort(
-   psa_aead_operation_t *operation )
+   mbedtls_transparent_test_driver_aead_operation_t *operation )
 {
    mbedtls_test_driver_aead_hooks.hits++;
 

From 7f0a1801078665462ba7fe13f6c6724c1f34741b Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Tue, 11 May 2021 17:43:42 +0100
Subject: [PATCH 023/966] Fix missed drivers header

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 tests/include/test/drivers/aead.h | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/tests/include/test/drivers/aead.h b/tests/include/test/drivers/aead.h
index e1058af8b1..86c18d4d3a 100644
--- a/tests/include/test/drivers/aead.h
+++ b/tests/include/test/drivers/aead.h
@@ -68,34 +68,34 @@ psa_status_t mbedtls_test_transparent_aead_decrypt(
     uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length );
 
 psa_status_t mbedtls_test_transparent_aead_encrypt_setup(
-    psa_aead_operation_t *operation,
+    mbedtls_psa_aead_operation_t *operation,
     const psa_key_attributes_t *attributes,
     const uint8_t *key_buffer, size_t key_buffer_size,
     psa_algorithm_t alg );
 
 psa_status_t mbedtls_test_transparent_aead_decrypt_setup(
-    psa_aead_operation_t *operation,
+    mbedtls_psa_aead_operation_t *operation,
     const psa_key_attributes_t *attributes,
     const uint8_t *key_buffer, size_t key_buffer_size,
     psa_algorithm_t alg );
 
 psa_status_t mbedtls_test_transparent_aead_set_nonce(
-    psa_aead_operation_t *operation,
+    mbedtls_psa_aead_operation_t *operation,
     const uint8_t *nonce,
     size_t nonce_length );
 
 psa_status_t mbedtls_test_transparent_aead_set_lengths(
-    psa_aead_operation_t *operation,
+    mbedtls_psa_aead_operation_t *operation,
     size_t ad_length,
     size_t plaintext_length );
 
 psa_status_t mbedtls_test_transparent_aead_update_ad(
-    psa_aead_operation_t *operation,
+    mbedtls_psa_aead_operation_t *operation,
     const uint8_t *input,
     size_t input_length );
 
 psa_status_t mbedtls_test_transparent_aead_update(
-   psa_aead_operation_t *operation,
+   mbedtls_psa_aead_operation_t *operation,
    const uint8_t *input,
    size_t input_length,
    uint8_t *output,
@@ -103,7 +103,7 @@ psa_status_t mbedtls_test_transparent_aead_update(
    size_t *output_length );
 
 psa_status_t mbedtls_test_transparent_aead_finish(
-   psa_aead_operation_t *operation,
+   mbedtls_psa_aead_operation_t *operation,
    uint8_t *ciphertext,
    size_t ciphertext_size,
    size_t *ciphertext_length,
@@ -112,7 +112,7 @@ psa_status_t mbedtls_test_transparent_aead_finish(
    size_t *tag_length );
 
 psa_status_t mbedtls_test_transparent_aead_verify(
-   psa_aead_operation_t *operation,
+   mbedtls_psa_aead_operation_t *operation,
    uint8_t *plaintext,
    size_t plaintext_size,
    size_t *plaintext_length,
@@ -120,7 +120,7 @@ psa_status_t mbedtls_test_transparent_aead_verify(
    size_t tag_length );
 
 psa_status_t mbedtls_test_transparent_aead_abort(
-   psa_aead_operation_t *operation );
+   mbedtls_psa_aead_operation_t *operation );
 
 #endif /* PSA_CRYPTO_DRIVER_TEST */
 #endif /* PSA_CRYPTO_TEST_DRIVERS_AEAD_H */

From 6edb7473db1e4c1ee9a8da405c25ea0c3841e06c Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Mon, 10 May 2021 19:29:35 +0100
Subject: [PATCH 024/966] Move safer_memcmp to psa_crypto_core.h

Same change as made by Steven Cooreman, although not yet merged.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto_aead.c | 18 ++----------------
 1 file changed, 2 insertions(+), 16 deletions(-)

diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c
index 8f8b74e7e4..ac4297ed40 100644
--- a/library/psa_crypto_aead.c
+++ b/library/psa_crypto_aead.c
@@ -38,21 +38,6 @@
 #include "mbedtls/gcm.h"
 #include "mbedtls/error.h"
 
-/* Constant-time buffer comparison. This is duplication of code from
- * psa_crypto.c, but has nowhere private I can put it for the minute. Really
-   belongs in the constant time module, when that gets implemented */
-static inline int safer_memcmp( const uint8_t *a, const uint8_t *b, size_t n )
-{
-    size_t i;
-    unsigned char diff = 0;
-
-    for( i = 0; i < n; i++ )
-        diff |= a[i] ^ b[i];
-
-    return( diff );
-}
-
-
 static psa_status_t psa_aead_setup(
     mbedtls_psa_aead_operation_t *operation,
     const psa_key_attributes_t *attributes,
@@ -1014,7 +999,8 @@ psa_status_t mbedtls_psa_aead_verify( mbedtls_psa_aead_operation_t *operation,
     {
         *plaintext_length = finish_output_size;
 
-        if( do_tag_check && safer_memcmp(tag, check_tag, tag_length) != 0 )
+        if( do_tag_check &&
+            mbedtls_psa_safer_memcmp(tag, check_tag, tag_length) != 0 )
         {
             status = PSA_ERROR_INVALID_SIGNATURE;
         }

From ef29e17a94b9cd0c4b6c48ada1a3e21766c9ab9b Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Mon, 10 May 2021 19:33:03 +0100
Subject: [PATCH 025/966] Add comment to non-obvious code guard

Ad and body lengths can only be too big on builds where size_t is bigger
than 32 bits. This checking code therefore generates always true
comparison warnings on 32 bit platforms, and thus had to be guarded.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto_aead.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c
index ac4297ed40..29dbedeb7b 100644
--- a/library/psa_crypto_aead.c
+++ b/library/psa_crypto_aead.c
@@ -447,6 +447,9 @@ psa_status_t mbedtls_psa_aead_set_lengths( mbedtls_psa_aead_operation_t
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
     if( operation->alg == PSA_ALG_GCM )
     {
+        /* Lengths can only be too large for GCM if size_t is bigger than 32
+         * bits. Without the guard this code will generate warnings on 32bit
+           builds */
 #if SIZE_MAX > UINT32_MAX
         if( ( (uint64_t) ad_length ) >> 61 != 0 ||
             ( (uint64_t) plaintext_length ) > 0xFFFFFFFE0ull )

From 39dc6b8aa58b00b93683c975427914185ea4a67e Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Tue, 11 May 2021 19:16:09 +0100
Subject: [PATCH 026/966] Add abort call to all failure points

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto.c | 156 ++++++++++++++++++++++++++++---------------
 1 file changed, 102 insertions(+), 54 deletions(-)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 7190aa4da2..ee7ac90caa 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3243,12 +3243,16 @@ psa_status_t psa_aead_encrypt_setup( psa_aead_operation_t *operation,
     psa_key_slot_t *slot;
 
     if( !PSA_ALG_IS_AEAD( alg ) || PSA_ALG_IS_WILDCARD( alg ) )
-        return( PSA_ERROR_NOT_SUPPORTED );
+    {
+        status = PSA_ERROR_NOT_SUPPORTED;
+        goto exit;
+    }
 
     if( operation->key_set || operation->nonce_set ||
         operation->ad_started || operation->body_started )
     {
-        return( PSA_ERROR_BAD_STATE );
+        status = PSA_ERROR_BAD_STATE;
+        goto exit;
     }
 
     status = psa_get_and_lock_key_slot_with_policy(
@@ -3256,7 +3260,7 @@ psa_status_t psa_aead_encrypt_setup( psa_aead_operation_t *operation,
 
     if( status != PSA_SUCCESS )
     {
-        return( status );
+        goto exit;
     }
 
     psa_key_attributes_t attributes = {
@@ -3267,20 +3271,29 @@ psa_status_t psa_aead_encrypt_setup( psa_aead_operation_t *operation,
                                                     &attributes, slot->key.data,
                                                     slot->key.bytes, alg );
 
+    if( status != PSA_SUCCESS )
+    {
+        goto exit;
+    }
+
     operation->key_type = psa_get_key_type( &attributes );
 
     unlock_status = psa_unlock_key_slot( slot );
 
     if( unlock_status != PSA_SUCCESS )
     {
-        return( unlock_status );
+        status = unlock_status;
     }
 
+exit:
+
     if( status == PSA_SUCCESS )
     {
         operation->alg = psa_aead_get_base_algorithm( alg );
         operation->key_set = 1;
     }
+    else
+        psa_aead_abort( operation );
 
     return( status );
 }
@@ -3295,21 +3308,23 @@ psa_status_t psa_aead_decrypt_setup( psa_aead_operation_t *operation,
     psa_key_slot_t *slot;
 
     if( !PSA_ALG_IS_AEAD( alg ) || PSA_ALG_IS_WILDCARD( alg ) )
-        return( PSA_ERROR_NOT_SUPPORTED );
+    {
+        status = PSA_ERROR_NOT_SUPPORTED;
+        goto exit;
+    }
 
     if( operation->key_set || operation->nonce_set ||
         operation->ad_started || operation->body_started )
     {
-        return( PSA_ERROR_BAD_STATE );
+        status = PSA_ERROR_BAD_STATE;
+        goto exit;
     }
 
     status = psa_get_and_lock_key_slot_with_policy(
                  key, &slot, PSA_KEY_USAGE_DECRYPT, alg );
 
     if( status != PSA_SUCCESS )
-    {
-        return( status );
-    }
+        goto exit;
 
     psa_key_attributes_t attributes = {
       .core = slot->attr
@@ -3324,15 +3339,17 @@ psa_status_t psa_aead_decrypt_setup( psa_aead_operation_t *operation,
     unlock_status = psa_unlock_key_slot( slot );
 
     if( unlock_status != PSA_SUCCESS )
-    {
-        return( unlock_status );
-    }
+        status = unlock_status;
+
+exit:
 
     if( status == PSA_SUCCESS )
     {
         operation->alg = psa_aead_get_base_algorithm( alg );
         operation->key_set = 1;
     }
+    else
+        psa_aead_abort( operation );
 
     return( status );
 }
@@ -3351,33 +3368,35 @@ psa_status_t psa_aead_generate_nonce( psa_aead_operation_t *operation,
     if( !operation->key_set || operation->nonce_set ||
         operation->ad_started || operation->body_started )
     {
-        return( PSA_ERROR_BAD_STATE );
+        status = PSA_ERROR_BAD_STATE;
+        goto exit;
     }
 
     required_nonce_size = PSA_AEAD_NONCE_LENGTH(operation->key_type,
                                                 operation->alg);
 
-    if( nonce_size == 0 || nonce_size < required_nonce_size )
+    if( nonce_size < required_nonce_size )
     {
-        return( PSA_ERROR_BUFFER_TOO_SMALL );
+        status = PSA_ERROR_BUFFER_TOO_SMALL;
+        goto exit;
     }
 
     status = psa_generate_random( nonce, required_nonce_size );
 
     if( status != PSA_SUCCESS )
-    {
-        return status;
-    }
+        goto exit;
 
     status = psa_driver_wrapper_aead_set_nonce( operation, nonce,
                                                 required_nonce_size );
 
-    if( status == PSA_SUCCESS )
-    {
-        *nonce_length = required_nonce_size;
-    }
+exit:
 
-    return status;
+    if( status == PSA_SUCCESS )
+        *nonce_length = required_nonce_size;
+    else
+        psa_aead_abort( operation );
+
+    return( status );
 }
 
 /* Set the nonce for a multipart authenticated encryption or decryption
@@ -3391,16 +3410,19 @@ psa_status_t psa_aead_set_nonce( psa_aead_operation_t *operation,
     if( !operation->key_set || operation->nonce_set ||
         operation->ad_started || operation->body_started )
     {
-        return( PSA_ERROR_BAD_STATE );
+        status = PSA_ERROR_BAD_STATE;
+        goto exit;
     }
 
     status = psa_driver_wrapper_aead_set_nonce( operation, nonce,
                                                 nonce_length );
 
+exit:
+
     if( status == PSA_SUCCESS )
-    {
         operation->nonce_set = 1;
-    }
+    else
+        psa_aead_abort( operation );
 
     return( status );
 }
@@ -3414,18 +3436,21 @@ psa_status_t psa_aead_set_lengths( psa_aead_operation_t *operation,
 
     if( !operation->key_set || operation->lengths_set )
     {
-        return( PSA_ERROR_BAD_STATE );
+        status = PSA_ERROR_BAD_STATE;
+        goto exit;
     }
 
     status = psa_driver_wrapper_aead_set_lengths( operation, ad_length,
                                                   plaintext_length );
 
-    if( status == PSA_SUCCESS )
-    {
-        operation->lengths_set = 1;
-    }
+exit:
 
-    return status;
+    if( status == PSA_SUCCESS )
+        operation->lengths_set = 1;
+    else
+        psa_aead_abort( operation );
+
+    return( status );
 }
  /* Pass additional data to an active multipart AEAD operation. */
 psa_status_t psa_aead_update_ad( psa_aead_operation_t *operation,
@@ -3436,18 +3461,21 @@ psa_status_t psa_aead_update_ad( psa_aead_operation_t *operation,
 
     if( !operation->nonce_set || !operation->key_set )
     {
-        return( PSA_ERROR_BAD_STATE );
+        status = PSA_ERROR_BAD_STATE;
+        goto exit;
     }
 
     status = psa_driver_wrapper_aead_update_ad( operation, input,
                                                 input_length );
 
-    if( status == PSA_SUCCESS )
-    {
-        operation->ad_started = 1;
-    }
+exit:
 
-    return status;
+    if( status == PSA_SUCCESS )
+        operation->ad_started = 1;
+    else
+        psa_aead_abort( operation );
+
+    return( status );
 }
 
 /* Encrypt or decrypt a message fragment in an active multipart AEAD
@@ -3465,19 +3493,22 @@ psa_status_t psa_aead_update( psa_aead_operation_t *operation,
 
     if( !operation->nonce_set || !operation->key_set || !operation->ad_started )
     {
-        return( PSA_ERROR_BAD_STATE );
+        status = PSA_ERROR_BAD_STATE;
+        goto exit;
     }
 
     status = psa_driver_wrapper_aead_update( operation, input, input_length,
                                              output, output_size,
                                              output_length );
 
-    if( status == PSA_SUCCESS )
-    {
-        operation->body_started = 1;
-    }
+exit:
 
-    return status;
+    if( status == PSA_SUCCESS )
+        operation->body_started = 1;
+    else
+        psa_aead_abort( operation );
+
+    return( status );
 }
 
 /* Finish encrypting a message in a multipart AEAD operation. */
@@ -3489,20 +3520,28 @@ psa_status_t psa_aead_finish( psa_aead_operation_t *operation,
                               size_t tag_size,
                               size_t *tag_length )
 {
+    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
     *ciphertext_length = 0;
     *tag_length = 0;
 
     if( !operation->key_set || !operation->nonce_set ||
         !operation->ad_started || !operation->body_started )
     {
-        return( PSA_ERROR_BAD_STATE );
+        status = PSA_ERROR_BAD_STATE;
+        goto exit;
     }
 
-    return( psa_driver_wrapper_aead_finish( operation, ciphertext,
-                                            ciphertext_size,
-                                            ciphertext_length,
-                                            tag, tag_size, tag_length ) );
+    status = psa_driver_wrapper_aead_finish( operation, ciphertext,
+                                             ciphertext_size,
+                                             ciphertext_length,
+                                             tag, tag_size, tag_length );
 
+exit:
+
+    psa_aead_abort( operation );
+
+    return( status );
 }
 
 /* Finish authenticating and decrypting a message in a multipart AEAD
@@ -3514,18 +3553,27 @@ psa_status_t psa_aead_verify( psa_aead_operation_t *operation,
                               const uint8_t *tag,
                               size_t tag_length )
 {
+    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
     *plaintext_length = 0;
 
     if( !operation->key_set || !operation->nonce_set ||
         !operation->ad_started || !operation->body_started )
     {
-        return( PSA_ERROR_BAD_STATE );
+        status = PSA_ERROR_BAD_STATE;
+        goto exit;
     }
 
-    return( psa_driver_wrapper_aead_verify( operation, plaintext,
-                                            plaintext_size,
-                                            plaintext_length,
-                                            tag, tag_length ) );
+    status = psa_driver_wrapper_aead_verify( operation, plaintext,
+                                             plaintext_size,
+                                             plaintext_length,
+                                             tag, tag_length );
+
+exit:
+
+    psa_aead_abort( operation );
+
+    return( status );
 }
 
 /* Abort an AEAD operation. */

From 81231f33f0bd31c3c8d962d54cef82a1571bd46e Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Tue, 11 May 2021 19:18:28 +0100
Subject: [PATCH 027/966] Return invalid argument for unsupported algorithm

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto.c                    | 4 ++--
 tests/suites/test_suite_psa_crypto.data | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index ee7ac90caa..4a83b09c92 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3244,7 +3244,7 @@ psa_status_t psa_aead_encrypt_setup( psa_aead_operation_t *operation,
 
     if( !PSA_ALG_IS_AEAD( alg ) || PSA_ALG_IS_WILDCARD( alg ) )
     {
-        status = PSA_ERROR_NOT_SUPPORTED;
+        status = PSA_ERROR_INVALID_ARGUMENT;
         goto exit;
     }
 
@@ -3309,7 +3309,7 @@ psa_status_t psa_aead_decrypt_setup( psa_aead_operation_t *operation,
 
     if( !PSA_ALG_IS_AEAD( alg ) || PSA_ALG_IS_WILDCARD( alg ) )
     {
-        status = PSA_ERROR_NOT_SUPPORTED;
+        status = PSA_ERROR_INVALID_ARGUMENT;
         goto exit;
     }
 
diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index 8a85edd10c..177d688e3e 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -2432,11 +2432,11 @@ aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f90
 
 PSA Multipart AEAD encrypt/decrypt: invalid algorithm (CTR)
 depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
-aead_multipart_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CTR:"000102030405060708090A0B0C0D0E0F":"":-1:"":-1:PSA_ERROR_NOT_SUPPORTED
+aead_multipart_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CTR:"000102030405060708090A0B0C0D0E0F":"":-1:"":-1:PSA_ERROR_INVALID_ARGUMENT
 
 PSA Multipart AEAD encrypt/decrypt: invalid algorithm (ChaCha20)
 depends_on:MBEDTLS_CHACHA20_C
-aead_multipart_encrypt_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_STREAM_CIPHER:"":"":-1:"":-1:PSA_ERROR_NOT_SUPPORTED
+aead_multipart_encrypt_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_STREAM_CIPHER:"":"":-1:"":-1:PSA_ERROR_INVALID_ARGUMENT
 
 PSA signature size: RSA keypair, 1024 bits, PKCS#1 v1.5 raw
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR

From bbe90b5f7f6776d878c1dfd3694cd430152a0140 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Tue, 11 May 2021 22:22:42 +0100
Subject: [PATCH 028/966] Formatting fixes for psa_crypto.c

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 4a83b09c92..81673c40fb 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3372,8 +3372,8 @@ psa_status_t psa_aead_generate_nonce( psa_aead_operation_t *operation,
         goto exit;
     }
 
-    required_nonce_size = PSA_AEAD_NONCE_LENGTH(operation->key_type,
-                                                operation->alg);
+    required_nonce_size = PSA_AEAD_NONCE_LENGTH( operation->key_type,
+                                                operation->alg );
 
     if( nonce_size < required_nonce_size )
     {
@@ -3577,7 +3577,7 @@ exit:
 }
 
 /* Abort an AEAD operation. */
-psa_status_t psa_aead_abort(psa_aead_operation_t *operation)
+psa_status_t psa_aead_abort( psa_aead_operation_t *operation )
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 

From a559b3ce5642480cb0433d54a7fed339de7814a6 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Wed, 12 May 2021 12:12:07 +0100
Subject: [PATCH 029/966] Remove key_set and use id instead

In keeping with the other PSA multipart operations.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 include/psa/crypto_struct.h |  3 +--
 library/psa_crypto.c        | 25 +++++++++----------------
 2 files changed, 10 insertions(+), 18 deletions(-)

diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h
index 6bb6f421b3..36503f91cf 100644
--- a/include/psa/crypto_struct.h
+++ b/include/psa/crypto_struct.h
@@ -165,7 +165,6 @@ struct psa_aead_operation_s
     psa_algorithm_t alg;
     psa_key_type_t key_type;
 
-    unsigned int key_set : 1;
     unsigned int nonce_set : 1;
     unsigned int lengths_set : 1;
     unsigned int ad_started : 1;
@@ -174,7 +173,7 @@ struct psa_aead_operation_s
     psa_driver_aead_context_t ctx;
 };
 
-#define PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, 0, 0, 0, 0, {0}}
+#define PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, 0, 0, 0, {0}}
 static inline struct psa_aead_operation_s psa_aead_operation_init( void )
 {
     const struct psa_aead_operation_s v = PSA_AEAD_OPERATION_INIT;
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 81673c40fb..527e44e766 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3248,7 +3248,7 @@ psa_status_t psa_aead_encrypt_setup( psa_aead_operation_t *operation,
         goto exit;
     }
 
-    if( operation->key_set || operation->nonce_set ||
+    if( operation->id || operation->nonce_set ||
         operation->ad_started || operation->body_started )
     {
         status = PSA_ERROR_BAD_STATE;
@@ -3288,10 +3288,7 @@ psa_status_t psa_aead_encrypt_setup( psa_aead_operation_t *operation,
 exit:
 
     if( status == PSA_SUCCESS )
-    {
         operation->alg = psa_aead_get_base_algorithm( alg );
-        operation->key_set = 1;
-    }
     else
         psa_aead_abort( operation );
 
@@ -3313,7 +3310,7 @@ psa_status_t psa_aead_decrypt_setup( psa_aead_operation_t *operation,
         goto exit;
     }
 
-    if( operation->key_set || operation->nonce_set ||
+    if( operation->id || operation->nonce_set ||
         operation->ad_started || operation->body_started )
     {
         status = PSA_ERROR_BAD_STATE;
@@ -3344,10 +3341,7 @@ psa_status_t psa_aead_decrypt_setup( psa_aead_operation_t *operation,
 exit:
 
     if( status == PSA_SUCCESS )
-    {
         operation->alg = psa_aead_get_base_algorithm( alg );
-        operation->key_set = 1;
-    }
     else
         psa_aead_abort( operation );
 
@@ -3365,7 +3359,7 @@ psa_status_t psa_aead_generate_nonce( psa_aead_operation_t *operation,
 
      *nonce_length = 0;
 
-    if( !operation->key_set || operation->nonce_set ||
+    if( !operation->id || operation->nonce_set ||
         operation->ad_started || operation->body_started )
     {
         status = PSA_ERROR_BAD_STATE;
@@ -3407,7 +3401,7 @@ psa_status_t psa_aead_set_nonce( psa_aead_operation_t *operation,
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
-    if( !operation->key_set || operation->nonce_set ||
+    if( !operation->id || operation->nonce_set ||
         operation->ad_started || operation->body_started )
     {
         status = PSA_ERROR_BAD_STATE;
@@ -3434,7 +3428,7 @@ psa_status_t psa_aead_set_lengths( psa_aead_operation_t *operation,
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
-    if( !operation->key_set || operation->lengths_set )
+    if( !operation->id || operation->lengths_set )
     {
         status = PSA_ERROR_BAD_STATE;
         goto exit;
@@ -3459,7 +3453,7 @@ psa_status_t psa_aead_update_ad( psa_aead_operation_t *operation,
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
-    if( !operation->nonce_set || !operation->key_set )
+    if( !operation->id || !operation->nonce_set )
     {
         status = PSA_ERROR_BAD_STATE;
         goto exit;
@@ -3491,7 +3485,7 @@ psa_status_t psa_aead_update( psa_aead_operation_t *operation,
 
     *output_length = 0;
 
-    if( !operation->nonce_set || !operation->key_set || !operation->ad_started )
+    if( !operation->id || !operation->nonce_set || !operation->ad_started )
     {
         status = PSA_ERROR_BAD_STATE;
         goto exit;
@@ -3525,7 +3519,7 @@ psa_status_t psa_aead_finish( psa_aead_operation_t *operation,
     *ciphertext_length = 0;
     *tag_length = 0;
 
-    if( !operation->key_set || !operation->nonce_set ||
+    if( !operation->id || !operation->nonce_set ||
         !operation->ad_started || !operation->body_started )
     {
         status = PSA_ERROR_BAD_STATE;
@@ -3557,7 +3551,7 @@ psa_status_t psa_aead_verify( psa_aead_operation_t *operation,
 
     *plaintext_length = 0;
 
-    if( !operation->key_set || !operation->nonce_set ||
+    if( !operation->id || !operation->nonce_set ||
         !operation->ad_started || !operation->body_started )
     {
         status = PSA_ERROR_BAD_STATE;
@@ -3592,7 +3586,6 @@ psa_status_t psa_aead_abort( psa_aead_operation_t *operation )
     status = psa_driver_wrapper_aead_abort( operation );
 
     operation->id = 0;
-    operation->key_set = 0;
     operation->nonce_set = 0;
     operation->lengths_set = 0;
     operation->ad_started = 0;

From cc3585973910c4318b690f372fcd220823d41c73 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Wed, 12 May 2021 12:22:28 +0100
Subject: [PATCH 030/966] Pass key buffer size into psa_aead_setup

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto_aead.c | 25 +++++++++++++++----------
 1 file changed, 15 insertions(+), 10 deletions(-)

diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c
index 29dbedeb7b..37a4545b6e 100644
--- a/library/psa_crypto_aead.c
+++ b/library/psa_crypto_aead.c
@@ -42,6 +42,7 @@ static psa_status_t psa_aead_setup(
     mbedtls_psa_aead_operation_t *operation,
     const psa_key_attributes_t *attributes,
     const uint8_t *key_buffer,
+    size_t key_buffer_size,
     psa_algorithm_t alg )
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
@@ -50,6 +51,8 @@ static psa_status_t psa_aead_setup(
     mbedtls_cipher_id_t cipher_id;
     size_t full_tag_length = 0;
 
+    ( void ) key_buffer_size;
+
     key_bits = attributes->core.bits;
 
     cipher_info = mbedtls_cipher_info_from_psa( alg,
@@ -145,9 +148,10 @@ psa_status_t mbedtls_psa_aead_encrypt(
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     mbedtls_psa_aead_operation_t operation = MBEDTLS_PSA_AEAD_OPERATION_INIT;
     uint8_t *tag;
-    (void) key_buffer_size;
 
-    status = psa_aead_setup( &operation, attributes, key_buffer, alg );
+    status = psa_aead_setup( &operation, attributes, key_buffer,
+                             key_buffer_size, alg );
+
     if( status != PSA_SUCCESS )
         goto exit;
 
@@ -255,9 +259,10 @@ psa_status_t mbedtls_psa_aead_decrypt(
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     mbedtls_psa_aead_operation_t operation = MBEDTLS_PSA_AEAD_OPERATION_INIT;
     const uint8_t *tag = NULL;
-    (void) key_buffer_size;
 
-    status = psa_aead_setup( &operation, attributes, key_buffer, alg );
+    status = psa_aead_setup( &operation, attributes, key_buffer,
+                             key_buffer_size, alg );
+
     if( status != PSA_SUCCESS )
         goto exit;
 
@@ -342,9 +347,8 @@ psa_status_t mbedtls_psa_aead_encrypt_setup( mbedtls_psa_aead_operation_t
 {
     psa_status_t status;
 
-    (void) key_buffer_size;
-
-    status = psa_aead_setup( operation, attributes, key_buffer, alg );
+    status = psa_aead_setup( operation, attributes, key_buffer,
+                             key_buffer_size, alg );
 
     if( status == PSA_SUCCESS )
     {
@@ -368,7 +372,8 @@ psa_status_t mbedtls_psa_aead_decrypt_setup( mbedtls_psa_aead_operation_t
 
     (void) key_buffer_size;
 
-    status = psa_aead_setup( operation, attributes, key_buffer, alg );
+    status = psa_aead_setup( operation, attributes, key_buffer,
+                             key_buffer_size, alg );
 
     if( status == PSA_SUCCESS )
     {
@@ -448,8 +453,8 @@ psa_status_t mbedtls_psa_aead_set_lengths( mbedtls_psa_aead_operation_t
     if( operation->alg == PSA_ALG_GCM )
     {
         /* Lengths can only be too large for GCM if size_t is bigger than 32
-         * bits. Without the guard this code will generate warnings on 32bit
-           builds */
+         * bits. Without th
+           e guard this code will generate warnings on 32bit builds*/
 #if SIZE_MAX > UINT32_MAX
         if( ( (uint64_t) ad_length ) >> 61 != 0 ||
             ( (uint64_t) plaintext_length ) > 0xFFFFFFFE0ull )

From 80acb7ee21c58df798b21dd03e3ee679f1f0c027 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Wed, 12 May 2021 12:41:33 +0100
Subject: [PATCH 031/966] Formatting fixups and spelling mistake fixes

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto_aead.c | 98 +++++----------------------------------
 1 file changed, 11 insertions(+), 87 deletions(-)

diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c
index 37a4545b6e..b694bfd9e6 100644
--- a/library/psa_crypto_aead.c
+++ b/library/psa_crypto_aead.c
@@ -351,9 +351,7 @@ psa_status_t mbedtls_psa_aead_encrypt_setup( mbedtls_psa_aead_operation_t
                              key_buffer_size, alg );
 
     if( status == PSA_SUCCESS )
-    {
         operation->is_encrypt = 1;
-    }
 
     return ( status );
 }
@@ -376,9 +374,7 @@ psa_status_t mbedtls_psa_aead_decrypt_setup( mbedtls_psa_aead_operation_t
                              key_buffer_size, alg );
 
     if( status == PSA_SUCCESS )
-    {
         operation->is_encrypt = 0;
-    }
 
     return ( status );
 }
@@ -408,7 +404,7 @@ psa_status_t mbedtls_psa_aead_set_nonce( mbedtls_psa_aead_operation_t
     {
         /* Multipart CCM not supported as yet, so CCM is basically operating
            in oneshot mode. Store the nonce as we need this later */
-        memcpy(operation->nonce, nonce, nonce_length);
+        memcpy( operation->nonce, nonce, nonce_length );
 
         /* We know that nonce size cannot exceed the uint8_t size */
         operation->nonce_length = ( uint8_t ) nonce_length;
@@ -469,9 +465,7 @@ psa_status_t mbedtls_psa_aead_set_lengths( mbedtls_psa_aead_operation_t
     if( operation->alg == PSA_ALG_CCM )
     {
         if( ad_length > 0xFF00 )
-        {
             return ( PSA_ERROR_INVALID_ARGUMENT );
-        }
     }
     else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
@@ -507,9 +501,7 @@ psa_status_t mbedtls_psa_aead_update_ad( mbedtls_psa_aead_operation_t
     if( operation->lengths_set )
     {
         if ( operation->ad_remaining < input_length )
-        {
             return( PSA_ERROR_INVALID_ARGUMENT );
-        }
 
         operation->ad_remaining -= input_length;
     }
@@ -518,18 +510,14 @@ psa_status_t mbedtls_psa_aead_update_ad( mbedtls_psa_aead_operation_t
     if( operation->alg == PSA_ALG_GCM )
     {
         if( !operation->lengths_set || operation->ad_started )
-        {
             return( PSA_ERROR_BAD_STATE );
-        }
 
         /* GCM currently requires all the additional data to be passed in in
-         * one contigious buffer, so until that is re-done, we have to enforce
+         * one contiguous buffer, so until that is re-done, we have to enforce
          * this, as we cannot allocate a buffer to collate multiple calls into.
            */
         if( operation->ad_remaining != 0 )
-        {
             return ( PSA_ERROR_INVALID_ARGUMENT );
-        }
 
         status = mbedtls_to_psa_error(
            mbedtls_gcm_starts( &operation->ctx.gcm,
@@ -549,9 +537,7 @@ psa_status_t mbedtls_psa_aead_update_ad( mbedtls_psa_aead_operation_t
         /* CCM requires all additional data to be passed in in one go at the
            minute, as we are basically operating in oneshot mode. */
         if( operation->ad_started )
-        {
             return( PSA_ERROR_BAD_STATE );
-        }
 
         /* Save the additional data for later, this will be passed in
            when we have the body. */
@@ -564,9 +550,7 @@ psa_status_t mbedtls_psa_aead_update_ad( mbedtls_psa_aead_operation_t
             status = PSA_SUCCESS;
         }
         else
-        {
             return ( PSA_ERROR_INSUFFICIENT_MEMORY );
-        }
     }
     else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
@@ -588,9 +572,7 @@ psa_status_t mbedtls_psa_aead_update_ad( mbedtls_psa_aead_operation_t
     }
 
     if( status == PSA_SUCCESS )
-    {
         operation->ad_started = 1;
-    }
 
     return ( status );
 }
@@ -612,24 +594,18 @@ psa_status_t mbedtls_psa_aead_update( mbedtls_psa_aead_operation_t *operation,
 
     if( PSA_AEAD_UPDATE_OUTPUT_SIZE( operation->key_type, operation->alg,
                                         input_length ) > output_size )
-    {
         return ( PSA_ERROR_BUFFER_TOO_SMALL );
-    }
 
     if( operation->lengths_set)
     {
         /* Additional data length was supplied, but not all the additional
            data was supplied.*/
         if( operation->ad_remaining != 0 )
-        {
             return ( PSA_ERROR_INVALID_ARGUMENT );
-        }
 
         /* Too much data provided. */
         if( operation->body_remaining < input_length )
-        {
             return ( PSA_ERROR_INVALID_ARGUMENT );
-        }
 
         operation->body_remaining -= input_length;
     }
@@ -642,14 +618,10 @@ psa_status_t mbedtls_psa_aead_update( mbedtls_psa_aead_operation_t *operation,
          * of non block size aligned updates. This will be fixed in 3.0 when
            we can change the signature of the GCM multipart functions */
         if( !operation->lengths_set || operation->body_remaining != 0 )
-        {
             return( PSA_ERROR_BAD_STATE );
-        }
 
         if( !operation->ad_started )
-        {
             return( PSA_ERROR_BAD_STATE );
-        }
 
         status =  mbedtls_to_psa_error( mbedtls_gcm_update( &operation->ctx.gcm,
                                                         input_length,
@@ -661,20 +633,17 @@ psa_status_t mbedtls_psa_aead_update( mbedtls_psa_aead_operation_t *operation,
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
     if( operation->alg == PSA_ALG_CCM )
     {
-        /* CCM dooes not support multipart yet, so all the input has to be
+        /* CCM does not support multipart yet, so all the input has to be
            passed in in one go. */
         if( operation->body_started )
-        {
             return( PSA_ERROR_BAD_STATE );
-        }
 
         /* Need to store tag for Finish() / Verify() */
         operation->tag_buffer =
-            ( uint8_t * ) mbedtls_calloc(1, operation->tag_length );
+            ( uint8_t * ) mbedtls_calloc( 1, operation->tag_length );
 
         if( operation->tag_buffer )
         {
-
             if( operation->is_encrypt )
             {
                 /* Perform oneshot CCM encryption with additional data already
@@ -693,7 +662,7 @@ psa_status_t mbedtls_psa_aead_update( mbedtls_psa_aead_operation_t *operation,
 
                 /* Even if the above operation fails, we no longer need the
                    additional data.*/
-                mbedtls_free(operation->ad_buffer);
+                mbedtls_free( operation->ad_buffer );
                 operation->ad_buffer = NULL;
                 operation->ad_length = 0;
             }
@@ -722,24 +691,16 @@ psa_status_t mbedtls_psa_aead_update( mbedtls_psa_aead_operation_t *operation,
                                                     operation->tag_length );
 
                     if( ret == MBEDTLS_ERR_CCM_AUTH_FAILED )
-                    {
                         status = PSA_SUCCESS;
-                    }
                     else
-                    {
                         status = mbedtls_to_psa_error( ret );
-                    }
                 }
                 else
-                {
                     status = PSA_ERROR_INSUFFICIENT_MEMORY;
-                }
             }
         }
         else
-        {
             status = PSA_ERROR_INSUFFICIENT_MEMORY;
-        }
     }
     else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
@@ -780,35 +741,18 @@ static psa_status_t mbedtls_psa_aead_finish_checks( mbedtls_psa_aead_operation_t
     size_t finish_output_size;
 
     if( operation->lengths_set )
-    {
         if( operation->ad_remaining != 0 || operation->body_remaining != 0 )
-        {
             return( PSA_ERROR_BAD_STATE );
-        }
-    }
 
     if( tag_size < operation->tag_length )
-    {
         return ( PSA_ERROR_BUFFER_TOO_SMALL );
-    }
 
-    if( operation->is_encrypt )
-    {
-            finish_output_size =
-                PSA_AEAD_FINISH_OUTPUT_SIZE( operation->key_type,
-                                             operation->alg );
-    }
-    else
-    {
-            finish_output_size =
-                PSA_AEAD_VERIFY_OUTPUT_SIZE( operation->key_type,
-                                             operation->alg );
-    }
+    finish_output_size = operation->is_encrypt ?
+        PSA_AEAD_FINISH_OUTPUT_SIZE( operation->key_type, operation->alg ) :
+        PSA_AEAD_VERIFY_OUTPUT_SIZE( operation->key_type, operation->alg );
 
     if( output_size < finish_output_size )
-    {
         return ( PSA_ERROR_BUFFER_TOO_SMALL );
-    }
 
     return ( PSA_SUCCESS );
 }
@@ -829,18 +773,14 @@ psa_status_t mbedtls_psa_aead_finish( mbedtls_psa_aead_operation_t *operation,
                                              tag_size );
 
     if( status != PSA_SUCCESS )
-    {
         return status;
-    }
 
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
     if( operation->alg == PSA_ALG_GCM )
-    {
         /* We will need to do final GCM pass in here when multipart is done. */
         status =  mbedtls_to_psa_error( mbedtls_gcm_finish( &operation->ctx.gcm,
                                                             tag,
                                                             tag_size ) );
-    }
     else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
@@ -858,11 +798,9 @@ psa_status_t mbedtls_psa_aead_finish( mbedtls_psa_aead_operation_t *operation,
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
     if( operation->alg == PSA_ALG_CHACHA20_POLY1305 )
-    {
         status = mbedtls_to_psa_error(
            mbedtls_chachapoly_finish( &operation->ctx.chachapoly,
                                       tag ) );
-    }
     else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
     {
@@ -911,28 +849,22 @@ psa_status_t mbedtls_psa_aead_verify( mbedtls_psa_aead_operation_t *operation,
                                              tag_length );
 
     if( status != PSA_SUCCESS )
-    {
         return status;
-    }
 
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
     if( operation->alg == PSA_ALG_GCM )
-    {
         /* Call finish to get the tag for comparison */
         status =  mbedtls_to_psa_error(
            mbedtls_gcm_finish( &operation->ctx.gcm,
                                check_tag,
                                operation->tag_length ) );
-    }
     else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
     if( operation->alg == PSA_ALG_CCM )
     {
         if( !operation->ad_buffer || !operation->body_buffer )
-        {
             return( PSA_ERROR_BAD_STATE );
-        }
 
         /* Perform oneshot CCM decryption *again*, as its the
          * only way to get the tag, but this time throw away the
@@ -956,9 +888,7 @@ psa_status_t mbedtls_psa_aead_verify( mbedtls_psa_aead_operation_t *operation,
                                             temp_buffer, tag, tag_length );
 
             if( ret == MBEDTLS_ERR_CCM_AUTH_FAILED )
-            {
                 status = PSA_ERROR_INVALID_SIGNATURE;
-            }
             else
             {
                 status = mbedtls_to_psa_error( ret );
@@ -966,9 +896,7 @@ psa_status_t mbedtls_psa_aead_verify( mbedtls_psa_aead_operation_t *operation,
             }
         }
         else
-        {
             status = PSA_ERROR_INSUFFICIENT_MEMORY;
-        }
 
         /* Even if the above operation fails, we no longer need the data */
         mbedtls_free(temp_buffer);
@@ -984,13 +912,11 @@ psa_status_t mbedtls_psa_aead_verify( mbedtls_psa_aead_operation_t *operation,
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
     if( operation->alg == PSA_ALG_CHACHA20_POLY1305 )
-    {
         // call finish to get the tag for comparison.
         status = mbedtls_to_psa_error(
            mbedtls_chachapoly_finish( &operation->ctx.chachapoly,
                                       check_tag ) );
 
-    }
     else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
     {
@@ -1009,9 +935,7 @@ psa_status_t mbedtls_psa_aead_verify( mbedtls_psa_aead_operation_t *operation,
 
         if( do_tag_check &&
             mbedtls_psa_safer_memcmp(tag, check_tag, tag_length) != 0 )
-        {
             status = PSA_ERROR_INVALID_SIGNATURE;
-        }
     }
 
     mbedtls_psa_aead_abort(operation);
@@ -1046,15 +970,15 @@ psa_status_t mbedtls_psa_aead_abort( mbedtls_psa_aead_operation_t *operation )
     operation->ad_started = 0;
     operation->body_started = 0;
 
-    mbedtls_free(operation->ad_buffer);
+    mbedtls_free( operation->ad_buffer );
     operation->ad_buffer = NULL;
     operation->ad_length = 0;
 
-    mbedtls_free(operation->body_buffer);
+    mbedtls_free( operation->body_buffer );
     operation->body_buffer = NULL;
     operation->body_length = 0;
 
-    mbedtls_free(operation->tag_buffer);
+    mbedtls_free( operation->tag_buffer );
     operation->tag_buffer = NULL;
 
     return( PSA_SUCCESS );

From ccaea40023814fbb31b2d35435b0e2c8c87535ea Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Thu, 13 May 2021 14:22:52 +0100
Subject: [PATCH 032/966] Replace hard coded buffer size with define

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto_aead.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c
index b694bfd9e6..0d1cdaed45 100644
--- a/library/psa_crypto_aead.c
+++ b/library/psa_crypto_aead.c
@@ -843,7 +843,7 @@ psa_status_t mbedtls_psa_aead_verify( mbedtls_psa_aead_operation_t *operation,
     size_t finish_output_size = 0;
 
     int do_tag_check = 1;
-    uint8_t check_tag[16];
+    uint8_t check_tag[PSA_AEAD_TAG_MAX_SIZE];
 
     status = mbedtls_psa_aead_finish_checks( operation, plaintext_size,
                                              tag_length );

From 9e8ccd7e82f7546383a3e1e8ff4315441fc54506 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Thu, 13 May 2021 14:30:53 +0100
Subject: [PATCH 033/966] Make sure all statuses are initialised

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto_aead.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c
index 0d1cdaed45..66798072ac 100644
--- a/library/psa_crypto_aead.c
+++ b/library/psa_crypto_aead.c
@@ -345,7 +345,7 @@ psa_status_t mbedtls_psa_aead_encrypt_setup( mbedtls_psa_aead_operation_t
                                              size_t key_buffer_size,
                                              psa_algorithm_t alg )
 {
-    psa_status_t status;
+    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
     status = psa_aead_setup( operation, attributes, key_buffer,
                              key_buffer_size, alg );
@@ -366,7 +366,7 @@ psa_status_t mbedtls_psa_aead_decrypt_setup( mbedtls_psa_aead_operation_t
                                              size_t key_buffer_size,
                                              psa_algorithm_t alg )
 {
-    psa_status_t status;
+    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
     (void) key_buffer_size;
 
@@ -385,7 +385,7 @@ psa_status_t mbedtls_psa_aead_set_nonce( mbedtls_psa_aead_operation_t
                                          const uint8_t *nonce,
                                          size_t nonce_length )
 {
-    psa_status_t status;
+    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
     #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
     if( operation->alg == PSA_ALG_GCM )

From c10ad21a1b7eed23d53d8e185673376cb226ad31 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Thu, 13 May 2021 17:08:29 +0100
Subject: [PATCH 034/966] Remove SetLengths() requirement for GCM

Also return NOT_SUPPORTED, rather than BAD_STATE for our current
workarounds for GCM/CCM

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto_aead.c | 19 +++++++------------
 1 file changed, 7 insertions(+), 12 deletions(-)

diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c
index 66798072ac..9a98ba533f 100644
--- a/library/psa_crypto_aead.c
+++ b/library/psa_crypto_aead.c
@@ -509,15 +509,12 @@ psa_status_t mbedtls_psa_aead_update_ad( mbedtls_psa_aead_operation_t
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
     if( operation->alg == PSA_ALG_GCM )
     {
-        if( !operation->lengths_set || operation->ad_started )
-            return( PSA_ERROR_BAD_STATE );
-
-        /* GCM currently requires all the additional data to be passed in in
+         /* GCM currently requires all the additional data to be passed in in
          * one contiguous buffer, so until that is re-done, we have to enforce
          * this, as we cannot allocate a buffer to collate multiple calls into.
            */
-        if( operation->ad_remaining != 0 )
-            return ( PSA_ERROR_INVALID_ARGUMENT );
+        if( operation->ad_started )
+            return( PSA_ERROR_NOT_SUPPORTED );
 
         status = mbedtls_to_psa_error(
            mbedtls_gcm_starts( &operation->ctx.gcm,
@@ -537,7 +534,7 @@ psa_status_t mbedtls_psa_aead_update_ad( mbedtls_psa_aead_operation_t
         /* CCM requires all additional data to be passed in in one go at the
            minute, as we are basically operating in oneshot mode. */
         if( operation->ad_started )
-            return( PSA_ERROR_BAD_STATE );
+            return( PSA_ERROR_NOT_SUPPORTED );
 
         /* Save the additional data for later, this will be passed in
            when we have the body. */
@@ -617,11 +614,9 @@ psa_status_t mbedtls_psa_aead_update( mbedtls_psa_aead_operation_t *operation,
          * must be passed in in one update, rather than deal with the complexity
          * of non block size aligned updates. This will be fixed in 3.0 when
            we can change the signature of the GCM multipart functions */
-        if( !operation->lengths_set || operation->body_remaining != 0 )
-            return( PSA_ERROR_BAD_STATE );
+        if( operation->body_started )
+            return( PSA_ERROR_NOT_SUPPORTED );
 
-        if( !operation->ad_started )
-            return( PSA_ERROR_BAD_STATE );
 
         status =  mbedtls_to_psa_error( mbedtls_gcm_update( &operation->ctx.gcm,
                                                         input_length,
@@ -636,7 +631,7 @@ psa_status_t mbedtls_psa_aead_update( mbedtls_psa_aead_operation_t *operation,
         /* CCM does not support multipart yet, so all the input has to be
            passed in in one go. */
         if( operation->body_started )
-            return( PSA_ERROR_BAD_STATE );
+            return( PSA_ERROR_NOT_SUPPORTED );
 
         /* Need to store tag for Finish() / Verify() */
         operation->tag_buffer =

From e2c788d4804bf4321a61aefe0133b8d12db79e7e Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Thu, 13 May 2021 17:16:01 +0100
Subject: [PATCH 035/966] Rename badly named variable

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto_aead.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c
index 9a98ba533f..9c31e0051e 100644
--- a/library/psa_crypto_aead.c
+++ b/library/psa_crypto_aead.c
@@ -583,11 +583,11 @@ psa_status_t mbedtls_psa_aead_update( mbedtls_psa_aead_operation_t *operation,
                                       size_t output_size,
                                       size_t *output_length )
 {
-    size_t update_output_size;
+    size_t update_output_length;
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    update_output_size = input_length;
+    update_output_length = input_length;
 
     if( PSA_AEAD_UPDATE_OUTPUT_SIZE( operation->key_type, operation->alg,
                                         input_length ) > output_size )
@@ -719,7 +719,7 @@ psa_status_t mbedtls_psa_aead_update( mbedtls_psa_aead_operation_t *operation,
 
     if( status == PSA_SUCCESS )
     {
-        *output_length = update_output_size;
+        *output_length = update_output_length;
         operation->body_started = 1;
     }
 

From 6108ee7c2d289f6f48bb977bb4cc1d2f431d85a0 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Thu, 13 May 2021 18:26:41 +0100
Subject: [PATCH 036/966] Change logic to reduce indentation

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto_aead.c | 158 +++++++++++++++++++-------------------
 1 file changed, 79 insertions(+), 79 deletions(-)

diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c
index 9c31e0051e..0a84888b1f 100644
--- a/library/psa_crypto_aead.c
+++ b/library/psa_crypto_aead.c
@@ -538,16 +538,16 @@ psa_status_t mbedtls_psa_aead_update_ad( mbedtls_psa_aead_operation_t
 
         /* Save the additional data for later, this will be passed in
            when we have the body. */
-        operation->ad_buffer = ( uint8_t * ) mbedtls_calloc(1, input_length );
+        operation->ad_buffer = ( uint8_t * ) mbedtls_calloc( 1, input_length );
 
-        if( operation->ad_buffer )
+        if( operation->ad_buffer == NULL )
         {
-            memcpy( operation->ad_buffer, input, input_length );
-            operation->ad_length = input_length;
-            status = PSA_SUCCESS;
+            return( PSA_ERROR_INSUFFICIENT_MEMORY );
         }
-        else
-            return ( PSA_ERROR_INSUFFICIENT_MEMORY );
+
+        memcpy( operation->ad_buffer, input, input_length );
+        operation->ad_length = input_length;
+        status = PSA_SUCCESS;
     }
     else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
@@ -637,65 +637,65 @@ psa_status_t mbedtls_psa_aead_update( mbedtls_psa_aead_operation_t *operation,
         operation->tag_buffer =
             ( uint8_t * ) mbedtls_calloc( 1, operation->tag_length );
 
-        if( operation->tag_buffer )
+        if( operation->tag_buffer == NULL)
         {
-            if( operation->is_encrypt )
-            {
-                /* Perform oneshot CCM encryption with additional data already
-                   stored, as CCM does not support multipart yet.*/
-                status = mbedtls_to_psa_error(
-                   mbedtls_ccm_encrypt_and_tag( &operation->ctx.ccm,
-                                                input_length,
-                                                operation->nonce,
-                                                operation->nonce_length,
-                                                operation->ad_buffer,
-                                                operation->ad_length,
-                                                input,
-                                                output,
-                                                operation->tag_buffer,
-                                                operation->tag_length ) );
+            return( PSA_ERROR_INSUFFICIENT_MEMORY );
+        }
 
-                /* Even if the above operation fails, we no longer need the
-                   additional data.*/
-                mbedtls_free( operation->ad_buffer );
-                operation->ad_buffer = NULL;
-                operation->ad_length = 0;
-            }
-            else
-            {
-                /* Need to back up the body data so we can do this again
-                   later.*/
-                operation->body_buffer =
-                    ( uint8_t * ) mbedtls_calloc(1, input_length );
+        if( operation->is_encrypt )
+        {
+            /* Perform oneshot CCM encryption with additional data already
+               stored, as CCM does not support multipart yet.*/
+            status = mbedtls_to_psa_error(
+               mbedtls_ccm_encrypt_and_tag( &operation->ctx.ccm,
+                                            input_length,
+                                            operation->nonce,
+                                            operation->nonce_length,
+                                            operation->ad_buffer,
+                                            operation->ad_length,
+                                            input,
+                                            output,
+                                            operation->tag_buffer,
+                                            operation->tag_length ) );
 
-                if( operation->body_buffer )
-                {
-                    memcpy( operation->body_buffer, input, input_length );
-                    operation->body_length = input_length;
-
-                    /* this will fail, as the tag is clearly false, but will
-                       write the decrypted data to the output buffer.*/
-                    ret = mbedtls_ccm_auth_decrypt( &operation->ctx.ccm,
-                                                    input_length,
-                                                    operation->nonce,
-                                                    operation->nonce_length,
-                                                    operation->ad_buffer,
-                                                    operation->ad_length,
-                                                    input, output,
-                                                    operation->tag_buffer,
-                                                    operation->tag_length );
-
-                    if( ret == MBEDTLS_ERR_CCM_AUTH_FAILED )
-                        status = PSA_SUCCESS;
-                    else
-                        status = mbedtls_to_psa_error( ret );
-                }
-                else
-                    status = PSA_ERROR_INSUFFICIENT_MEMORY;
-            }
+            /* Even if the above operation fails, we no longer need the
+               additional data.*/
+            mbedtls_free( operation->ad_buffer );
+            operation->ad_buffer = NULL;
+            operation->ad_length = 0;
         }
         else
-            status = PSA_ERROR_INSUFFICIENT_MEMORY;
+        {
+            /* Need to back up the body data so we can do this again
+               later.*/
+            operation->body_buffer =
+                ( uint8_t * ) mbedtls_calloc(1, input_length );
+
+            if( operation->body_buffer == NULL)
+            {
+                return( PSA_ERROR_INSUFFICIENT_MEMORY );
+            }
+
+            memcpy( operation->body_buffer, input, input_length );
+            operation->body_length = input_length;
+
+            /* this will fail, as the tag is clearly false, but will
+               write the decrypted data to the output buffer.*/
+            ret = mbedtls_ccm_auth_decrypt( &operation->ctx.ccm,
+                                            input_length,
+                                            operation->nonce,
+                                            operation->nonce_length,
+                                            operation->ad_buffer,
+                                            operation->ad_length,
+                                            input, output,
+                                            operation->tag_buffer,
+                                            operation->tag_length );
+
+            if( ret == MBEDTLS_ERR_CCM_AUTH_FAILED )
+                status = PSA_SUCCESS;
+            else
+                status = mbedtls_to_psa_error( ret );
+        }
     }
     else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
@@ -871,27 +871,27 @@ psa_status_t mbedtls_psa_aead_verify( mbedtls_psa_aead_operation_t *operation,
 
         temp_buffer = ( uint8_t * ) mbedtls_calloc(1, temp_buffer_size );
 
-        if( temp_buffer )
+        if( temp_buffer == NULL)
         {
-            ret = mbedtls_ccm_auth_decrypt( &operation->ctx.ccm,
-                                            operation->body_length,
-                                            operation->nonce,
-                                            operation->nonce_length,
-                                            operation->ad_buffer,
-                                            operation->ad_length,
-                                            operation->body_buffer,
-                                            temp_buffer, tag, tag_length );
-
-            if( ret == MBEDTLS_ERR_CCM_AUTH_FAILED )
-                status = PSA_ERROR_INVALID_SIGNATURE;
-            else
-            {
-                status = mbedtls_to_psa_error( ret );
-                do_tag_check = 0;
-            }
+            return( PSA_ERROR_INSUFFICIENT_MEMORY );
         }
+
+        ret = mbedtls_ccm_auth_decrypt( &operation->ctx.ccm,
+                                        operation->body_length,
+                                        operation->nonce,
+                                        operation->nonce_length,
+                                        operation->ad_buffer,
+                                        operation->ad_length,
+                                        operation->body_buffer,
+                                        temp_buffer, tag, tag_length );
+
+        if( ret == MBEDTLS_ERR_CCM_AUTH_FAILED )
+            status = PSA_ERROR_INVALID_SIGNATURE;
         else
-            status = PSA_ERROR_INSUFFICIENT_MEMORY;
+        {
+            status = mbedtls_to_psa_error( ret );
+            do_tag_check = 0;
+        }
 
         /* Even if the above operation fails, we no longer need the data */
         mbedtls_free(temp_buffer);

From b06e1c0d68b1acd130cd1abc3056fdf589aadbb9 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Thu, 13 May 2021 18:33:43 +0100
Subject: [PATCH 037/966] Remove unnecessary code

Calls to abort that are now being done by the psa_crypto layer, freeing
of tempory allocations (done by abort) and a couple of checks that had
already been done prior to that point

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto_aead.c | 22 ----------------------
 1 file changed, 22 deletions(-)

diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c
index 0a84888b1f..848889af85 100644
--- a/library/psa_crypto_aead.c
+++ b/library/psa_crypto_aead.c
@@ -658,11 +658,6 @@ psa_status_t mbedtls_psa_aead_update( mbedtls_psa_aead_operation_t *operation,
                                             operation->tag_buffer,
                                             operation->tag_length ) );
 
-            /* Even if the above operation fails, we no longer need the
-               additional data.*/
-            mbedtls_free( operation->ad_buffer );
-            operation->ad_buffer = NULL;
-            operation->ad_length = 0;
         }
         else
         {
@@ -784,9 +779,6 @@ psa_status_t mbedtls_psa_aead_finish( mbedtls_psa_aead_operation_t *operation,
         /* Copy the previously generated tag into place */
         memcpy( tag, operation->tag_buffer, operation->tag_length );
 
-        mbedtls_free(operation->tag_buffer);
-        operation->tag_buffer = NULL;
-
         status = PSA_SUCCESS;
     }
     else
@@ -815,8 +807,6 @@ psa_status_t mbedtls_psa_aead_finish( mbedtls_psa_aead_operation_t *operation,
         *tag_length = operation->tag_length;
     }
 
-    mbedtls_psa_aead_abort(operation);
-
     return ( status );
 }
 
@@ -858,9 +848,6 @@ psa_status_t mbedtls_psa_aead_verify( mbedtls_psa_aead_operation_t *operation,
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
     if( operation->alg == PSA_ALG_CCM )
     {
-        if( !operation->ad_buffer || !operation->body_buffer )
-            return( PSA_ERROR_BAD_STATE );
-
         /* Perform oneshot CCM decryption *again*, as its the
          * only way to get the tag, but this time throw away the
            results, as verify cannot write that much data. */
@@ -895,13 +882,6 @@ psa_status_t mbedtls_psa_aead_verify( mbedtls_psa_aead_operation_t *operation,
 
         /* Even if the above operation fails, we no longer need the data */
         mbedtls_free(temp_buffer);
-
-        mbedtls_free(operation->body_buffer);
-        operation->body_buffer = NULL;
-        operation->body_length = 0;
-
-        mbedtls_free(operation->tag_buffer);
-        operation->tag_buffer = NULL;
     }
     else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
@@ -933,8 +913,6 @@ psa_status_t mbedtls_psa_aead_verify( mbedtls_psa_aead_operation_t *operation,
             status = PSA_ERROR_INVALID_SIGNATURE;
     }
 
-    mbedtls_psa_aead_abort(operation);
-
     return ( status );
 }
 

From 4148a6816902d12dd9973baf807ca1e6b908ec88 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Fri, 14 May 2021 17:26:56 +0100
Subject: [PATCH 038/966] Update documentation for internal implementation

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto_aead.h | 205 +++++++++++++-------------------------
 1 file changed, 72 insertions(+), 133 deletions(-)

diff --git a/library/psa_crypto_aead.h b/library/psa_crypto_aead.h
index 4b6d6cd1ba..4bf514796d 100644
--- a/library/psa_crypto_aead.h
+++ b/library/psa_crypto_aead.h
@@ -155,39 +155,14 @@ psa_status_t mbedtls_psa_aead_decrypt(
  *       aead_encrypt_setup entry point as defined in the PSA driver interface
  *       specification for transparent drivers.
  *
- * The sequence of operations to encrypt a message with authentication
- * is as follows:
- * -# Allocate an operation object which will be passed to all the functions
- *    listed here.
- * -# Initialize the operation object with one of the methods described in the
- *    documentation for #mbedtls_psa_aead_operation_t, e.g.
- *    #MBEDTLS_PSA_AEAD_OPERATION_INIT.
- * -# Call mbedtls_psa_aead_encrypt_setup() to specify the algorithm and key.
- * -# If needed, call mbedtls_psa_aead_set_lengths() to specify the length of
- *    the inputs to the subsequent calls to mbedtls_psa_aead_update_ad() and
- *    mbedtls_psa_aead_update(). See the documentation of
- *    mbedtls_psa_aead_set_lengths() for details.
- * -# Call either psa_aead_generate_nonce() or
- *    mbedtls_psa_aead_set_nonce() to generate or set the nonce. You should use
- *    psa_aead_generate_nonce() unless the protocol you are implementing
- *    requires a specific nonce value.
- * -# Call mbedtls_psa_aead_update_ad() zero, one or more times, passing
- *    a fragment of the non-encrypted additional authenticated data each time.
- * -# Call mbedtls_psa_aead_update() zero, one or more times, passing a fragment
- *    of the message to encrypt each time.
- * -# Call mbedtls_psa_aead_finish().
- *
  * If an error occurs at any step after a call to
- * mbedtls_psa_aead_encrypt_setup(), the operation will need to be reset by a
- * call to mbedtls_psa_aead_abort(). The application may call
+ * mbedtls_psa_aead_encrypt_setup(), the operation is reset by the PSA core by a
+ * call to mbedtls_psa_aead_abort(). The PSA core may call
  * mbedtls_psa_aead_abort() at any time after the operation has been
  * initialized.
  *
- * After a successful call to mbedtls_psa_aead_encrypt_setup(), the application
- * must eventually terminate the operation. The following events terminate an
- * operation:
- * - A successful call to mbedtls_psa_aead_finish().
- * - A call to mbedtls_psa_aead_abort().
+ * After a successful call to mbedtls_psa_aead_encrypt_setup(), the PSA core
+ * eventually terminates the operation by calling mbedtls_psa_aead_abort().
  *
  * \param[in,out] operation     The operation object to set up. It must have
  *                              been initialized as per the documentation for
@@ -236,36 +211,14 @@ psa_status_t mbedtls_psa_aead_encrypt_setup(mbedtls_psa_aead_operation_t
  *       aead_decrypt_setup entry point as defined in the PSA driver interface
  *       specification for transparent drivers.
  *
- * The sequence of operations to decrypt a message with authentication
- * is as follows:
- * -# Allocate an operation object which will be passed to all the functions
- *    listed here.
- * -# Initialize the operation object with one of the methods described in the
- *    documentation for #mbedtls_psa_aead_operation_t, e.g.
- *    #PSA_AEAD_OPERATION_INIT.
- * -# Call mbedtls_psa_aead_decrypt_setup() to specify the algorithm and key.
- * -# If needed, call mbedtls_psa_aead_set_lengths() to specify the length of
- *    the inputs to the subsequent calls to mbedtls_psa_aead_update_ad() and
- *    mbedtls_psa_aead_update(). See the documentation of
- *    mbedtls_psa_aead_set_lengths() for details.
- * -# Call mbedtls_psa_aead_set_nonce() with the nonce for the decryption.
- * -# Call mbedtls_psa_aead_update_ad() zero, one or more times, passing a
- *    fragment of the non-encrypted additional authenticated data each time.
- * -# Call mbedtls_psa_aead_update() zero, one or more times, passing a fragment
- *    of the ciphertext to decrypt each time.
- * -# Call mbedtls_psa_aead_verify().
- *
  * If an error occurs at any step after a call to
- * mbedtls_psa_aead_decrypt_setup(), the operation will need to be reset by a
- * call to mbedtls_psa_aead_abort(). The application may call
+ * mbedtls_psa_aead_decrypt_setup(), the PSA core resets the operation by a
+ * call to mbedtls_psa_aead_abort(). The PSA core may call
  * mbedtls_psa_aead_abort() at any time after the operation has been
  * initialized.
  *
- * After a successful call to mbedtls_psa_aead_decrypt_setup(), the application
- * must eventually terminate the operation. The following events terminate an
- * operation:
- * - A successful call to mbedtls_psa_aead_verify().
- * - A call to mbedtls_psa_aead_abort().
+ * After a successful call to mbedtls_psa_aead_decrypt_setup(), the PSA core
+ * eventually terminates the operation by a call to mbedtls_psa_aead_abort().
  *
  * \param[in,out] operation     The operation object to set up. It must have
  *                              been initialized as per the documentation for
@@ -309,23 +262,19 @@ psa_status_t mbedtls_psa_aead_decrypt_setup(mbedtls_psa_aead_operation_t
 
 /** Set the nonce for an authenticated encryption or decryption operation.
  *
- * \note The signature of this function is that of a PSA driver
- *       psa_aead_set_nonce entry point. This function behaves as an
- *       psa_aead_set_nonce entry point as defined in the PSA driver interface
- *       specification for transparent drivers.
+ * \note The signature of this function is that of a PSA driver aead_set_nonce
+ *       entry point. This function behaves as an aead_set_nonce entry point as
+ *       defined in the PSA driver interface specification for transparent
+ *       drivers.
  *
  * This function sets the nonce for the authenticated
  * encryption or decryption operation.
  *
- * The application must call mbedtls_psa_aead_encrypt_setup() or
+ * The PSA core calls mbedtls_psa_aead_encrypt_setup() or
  * mbedtls_psa_aead_decrypt_setup() before calling this function.
  *
- * If this function returns an error status, the operation enters an error
- * state and must be aborted by calling mbedtls_psa_aead_abort().
- *
- * \note When encrypting, applications should use
- * mbedtls_psa_aead_generate_nonce() instead of this function, unless
- * implementing a protocol that requires a non-random IV.
+ * If this function returns an error status, the PSA core calls
+ * mbedtls_psa_aead_abort().
  *
  * \param[in,out] operation     Active AEAD operation.
  * \param[in] nonce             Buffer containing the nonce to use.
@@ -354,19 +303,18 @@ psa_status_t mbedtls_psa_aead_set_nonce(mbedtls_psa_aead_operation_t *operation,
 
 /** Declare the lengths of the message and additional data for AEAD.
  *
- * \note The signature of this function is that of a PSA driver
- *       psa_aead_set_lengths entry point. This function behaves as an
- *       psa_aead_set_lengths entry point as defined in the PSA driver interface
- *       specification for transparent drivers.
+ * \note The signature of this function is that of a PSA driver aead_set_lengths
+ *       entry point. This function behaves as an aead_set_lengths entry point
+ *       as defined in the PSA driver interface specification for transparent
+ *       drivers.
  *
- * The application must call this function before calling
- * mbedtls_psa_aead_update_ad() or mbedtls_psa_aead_update() if the algorithm
- * for the operation requires it. If the algorithm does not require it, calling
- * this function is optional, but if this function is called then the
- * implementation must enforce the lengths.
+ * The PSA core calls this function before calling mbedtls_psa_aead_update_ad()
+ * or mbedtls_psa_aead_update() if the algorithm for the operation requires it.
+ * If the algorithm does not require it, calling this function is optional, but
+ * if this function is called then the implementation must enforce the lengths.
  *
- * You may call this function before or after setting the nonce with
- * mbedtls_psa_aead_set_nonce() or psa_aead_generate_nonce().
+ * The PSA core may call this function before or after setting the nonce with
+ * mbedtls_psa_aead_set_nonce().
  *
  * - For #PSA_ALG_CCM, calling this function is required.
  * - For the other AEAD algorithms defined in this specification, calling
@@ -413,17 +361,17 @@ psa_status_t mbedtls_psa_aead_set_lengths(mbedtls_psa_aead_operation_t
  *
  * Additional data is authenticated, but not encrypted.
  *
- * You may call this function multiple times to pass successive fragments
- * of the additional data. You may not call this function after passing
- * data to encrypt or decrypt with mbedtls_psa_aead_update().
+ * The PSA core can call this function multiple times to pass successive
+ * fragments of the additional data. It will not call this function after
+ * passing data to encrypt or decrypt with mbedtls_psa_aead_update().
  *
- * Before calling this function, you must:
- * 1. Call either mbedtls_psa_aead_encrypt_setup() or
- *    mbedtls_psa_aead_decrypt_setup(). 2. Set the nonce with
- *    psa_aead_generate_nonce() or mbedtls_psa_aead_set_nonce().
+ * Before calling this function, The PSA core will:
+ *    1. Call either mbedtls_psa_aead_encrypt_setup() or
+ *       mbedtls_psa_aead_decrypt_setup().
+ *    2. Set the nonce with mbedtls_psa_aead_set_nonce().
  *
- * If this function returns an error status, the operation enters an error
- * state and must be aborted by calling mbedtls_psa_aead_abort().
+ * If this function returns an error status, the PSA core will call
+ * mbedtls_psa_aead_abort().
  *
  * \warning When decrypting, until mbedtls_psa_aead_verify() has returned
  *          #PSA_SUCCESS, there is no guarantee that the input is valid.
@@ -433,8 +381,8 @@ psa_status_t mbedtls_psa_aead_set_lengths(mbedtls_psa_aead_operation_t
  *          mbedtls_psa_aead_verify() returns an error status.
  *
  * \note    For the time being #PSA_ALG_CCM and #PSA_ALG_GCM require the entire
- *          additional data to be passed in in one go, i.e. only call
- *          mbedtls_mbedtls_psa_aead_update_ad() once.
+ *          additional data to be passed in in one go, i.e.
+ *          mbedtls_mbedtls_psa_aead_update_ad() can only be called once.
  *
  * \param[in,out] operation     Active AEAD operation.
  * \param[in] input             Buffer containing the fragment of
@@ -471,31 +419,15 @@ psa_status_t mbedtls_psa_aead_update_ad(mbedtls_psa_aead_operation_t *operation,
  *       point as defined in the PSA driver interface specification for
  *       transparent drivers.
  *
- * Before calling this function, you must:
- * 1. Call either mbedtls_psa_aead_encrypt_setup() or
- *    mbedtls_psa_aead_decrypt_setup(). The choice of setup function determines
- *    whether this function encrypts or decrypts its input.
- * 2. Set the nonce with psa_aead_generate_nonce() or
- * mbedtls_psa_aead_set_nonce(). 3. Call mbedtls_psa_aead_update_ad() to pass
- * all the additional data.
+ * Before calling this function, the PSA core will:
+ *    1. Call either mbedtls_psa_aead_encrypt_setup() or
+ *       mbedtls_psa_aead_decrypt_setup(). The choice of setup function
+ *       determines whether this function encrypts or decrypts its input.
+ *    2. Set the nonce with mbedtls_psa_aead_set_nonce().
+ *    3. Call mbedtls_psa_aead_update_ad() to pass all the additional data.
  *
- * If this function returns an error status, the operation enters an error
- * state and must be aborted by calling mbedtls_psa_aead_abort().
- *
- * \warning When decrypting, until mbedtls_psa_aead_verify() has returned
- *          #PSA_SUCCESS, there is no guarantee that the input is valid.
- *          Therefore, until you have called mbedtls_psa_aead_verify() and it
- *          has returned #PSA_SUCCESS:
- *          - Do not use the output in any way other than storing it in a
- *            confidential location. If you take any action that depends
- *            on the tentative decrypted data, this action will need to be
- *            undone if the input turns out not to be valid. Furthermore,
- *            if an adversary can observe that this action took place
- *            (for example through timing), they may be able to use this
- *            fact as an oracle to decrypt any message encrypted with the
- *            same key.
- *          - In particular, do not copy the output anywhere but to a
- *            memory or storage space that you have exclusive access to.
+ * If this function returns an error status, the PSA core will call
+ * mbedtls_psa_aead_abort().
  *
  * This function does not require the input to be aligned to any
  * particular block boundary. If the implementation can only process
@@ -506,8 +438,8 @@ psa_status_t mbedtls_psa_aead_update_ad(mbedtls_psa_aead_operation_t *operation,
  * can be delayed in this way is bounded by #PSA_AEAD_UPDATE_OUTPUT_SIZE.
  *
  * \note For the time being #PSA_ALG_CCM and #PSA_ALG_GCM require the entire
- *       data to be passed in in one go, i.e. only call
- *       mbedtls_mbedtls_psa_aead_update() once.
+ *       data to be passed in in one go, i.e. mbedtls_mbedtls_psa_aead_update()
+ *       can only be called once.
  *
  * \param[in,out] operation     Active AEAD operation.
  * \param[in] input             Buffer containing the message fragment to
@@ -563,7 +495,8 @@ psa_status_t mbedtls_psa_aead_update(mbedtls_psa_aead_operation_t *operation,
  *       point as defined in the PSA driver interface specification for
  *       transparent drivers.
  *
- * The operation must have been set up with mbedtls_psa_aead_encrypt_setup().
+ * The operation must have been set up by the PSA core with
+ * mbedtls_psa_aead_encrypt_setup().
  *
  * This function finishes the authentication of the additional data
  * formed by concatenating the inputs passed to preceding calls to
@@ -572,14 +505,11 @@ psa_status_t mbedtls_psa_aead_update(mbedtls_psa_aead_operation_t *operation,
  *
  * This function has two output buffers:
  * - \p ciphertext contains trailing ciphertext that was buffered from
- *   preceding calls to mbedtls_psa_aead_update().
- * - \p tag contains the authentication tag. Its length is always
- *   #PSA_AEAD_TAG_LENGTH(\c alg) where \c alg is the AEAD algorithm
- *   that the operation performs.
+ *   preceding calls to psa_aead_update().
+ * - \p tag contains the authentication tag.
  *
- * When this function returns successfuly, the operation becomes inactive.
- * If this function returns an error status, the operation enters an error
- * state and must be aborted by calling mbedtls_psa_aead_abort().
+ * Whether or not this function returns successfuly, the PSA core subsequently
+ * calls mbedtls_psa_aead_abort() to deactivate the operation.
  *
  * \param[in,out] operation     Active AEAD operation.
  * \param[out] ciphertext       Buffer where the last part of the ciphertext
@@ -594,9 +524,17 @@ psa_status_t mbedtls_psa_aead_update(mbedtls_psa_aead_operation_t *operation,
  * \param[out] tag              Buffer where the authentication tag is
  *                              to be written.
  * \param tag_size              Size of the \p tag buffer in bytes.
- *                              This must be at least
- *                              #PSA_AEAD_TAG_LENGTH(\c alg) where \c alg is
- *                              the algorithm that is being calculated.
+ *                              This must be appropriate for the selected
+ *                              algorithm and key:
+ *                              - The exact tag size is #PSA_AEAD_TAG_LENGTH(\c
+ *                                key_type, \c key_bits, \c alg) where
+ *                                \c key_type and \c key_bits are the type and
+ *                                bit-size of the key, and \c alg is the
+ *                                algorithm that were used in the call to
+ *                                psa_aead_encrypt_setup().
+ *                              - #PSA_AEAD_TAG_MAX_SIZE evaluates to the
+ *                                maximum tag size of any supported AEAD
+ *                                algorithm.
  * \param[out] tag_length       On success, the number of bytes
  *                              that make up the returned tag.
  *
@@ -610,8 +548,9 @@ psa_status_t mbedtls_psa_aead_update(mbedtls_psa_aead_operation_t *operation,
  *         You can determine a sufficient buffer size for \p ciphertext by
  *         calling #PSA_AEAD_FINISH_OUTPUT_SIZE(\c alg)
  *         where \c alg is the algorithm that is being calculated.
- *         You can determine a sufficient buffer size for \p tag by
- *         calling #PSA_AEAD_TAG_LENGTH(\c alg).
+ *         #PSA_AEAD_TAG_LENGTH(\c key_type, \c key_bits, \c alg) or
+ *         #PSA_AEAD_TAG_MAX_SIZE can be used to determine the required \p tag
+ *         buffer size.
  * \retval #PSA_ERROR_INVALID_ARGUMENT
  *         The total length of input to psa_aead_update_ad() so far is
  *         less than the additional data length that was previously
@@ -645,7 +584,8 @@ psa_status_t mbedtls_psa_aead_finish(mbedtls_psa_aead_operation_t *operation,
  *       point as defined in the PSA driver interface specification for
  *       transparent drivers.
  *
- * The operation must have been set up with mbedtls_psa_aead_decrypt_setup().
+ * The operation must have been set up by the PSA core with
+ * mbedtls_psa_aead_decrypt_setup().
  *
  * This function finishes the authenticated decryption of the message
  * components:
@@ -660,9 +600,8 @@ psa_status_t mbedtls_psa_aead_finish(mbedtls_psa_aead_operation_t *operation,
  * plaintext and reports success. If the authentication tag is not correct,
  * this function returns #PSA_ERROR_INVALID_SIGNATURE.
  *
- * When this function returns successfuly, the operation becomes inactive.
- * If this function returns an error status, the operation enters an error
- * state and must be aborted by calling mbedtls_psa_aead_abort().
+ * Whether or not this function returns successfully, the PSA core subsequently
+ * calls mbedtls_psa_aead_abort() to deactivate the operation.
  *
  * \note Implementations shall make the best effort to ensure that the
  * comparison between the actual tag and the expected tag is performed
@@ -731,10 +670,10 @@ psa_status_t mbedtls_psa_aead_verify(mbedtls_psa_aead_operation_t *operation,
  *
  * Aborting an operation frees all associated resources except for the
  * \p operation structure itself. Once aborted, the operation object
- * can be reused for another operation by calling
+ * can be reused for another operation by the PSA core by it calling
  * mbedtls_psa_aead_encrypt_setup() or mbedtls_psa_aead_decrypt_setup() again.
  *
- * You may call this function any time after the operation object has
+ * The PSA core may call this function any time after the operation object has
  * been initialized as described in #mbedtls_psa_aead_operation_t.
  *
  * In particular, calling mbedtls_psa_aead_abort() after the operation has been

From 9622c9aae098f89d8c6569b20c17de8cd2321616 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Mon, 17 May 2021 17:30:52 +0100
Subject: [PATCH 039/966] Fix updated size macros in documentation

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto_aead.h | 68 +++++++++++++++++++++++++--------------
 1 file changed, 44 insertions(+), 24 deletions(-)

diff --git a/library/psa_crypto_aead.h b/library/psa_crypto_aead.h
index 4bf514796d..ce8bb3a513 100644
--- a/library/psa_crypto_aead.h
+++ b/library/psa_crypto_aead.h
@@ -447,10 +447,18 @@ psa_status_t mbedtls_psa_aead_update_ad(mbedtls_psa_aead_operation_t *operation,
  * \param input_length          Size of the \p input buffer in bytes.
  * \param[out] output           Buffer where the output is to be written.
  * \param output_size           Size of the \p output buffer in bytes.
- *                              This must be at least
- *                              #PSA_AEAD_UPDATE_OUTPUT_SIZE(\c alg,
- *                              \p input_length) where \c alg is the
- *                              algorithm that is being calculated.
+ *                              This must be appropriate for the selected
+ *                                algorithm and key:
+ *                                - A sufficient output size is
+ *                                  #PSA_AEAD_UPDATE_OUTPUT_SIZE(\c key_type,
+ *                                  \c alg, \p input_length) where
+ *                                  \c key_type is the type of key and \c alg is
+ *                                  the algorithm that were used to set up the
+ *                                  operation.
+ *                                - #PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE(\p
+ *                                  input_length) evaluates to the maximum
+ *                                  output size of any supported AEAD
+ *                                  algorithm.
  * \param[out] output_length    On success, the number of bytes
  *                              that make up the returned output.
  *
@@ -461,9 +469,10 @@ psa_status_t mbedtls_psa_aead_update_ad(mbedtls_psa_aead_operation_t *operation,
  *         set, and have lengths set if required by the algorithm).
  * \retval #PSA_ERROR_BUFFER_TOO_SMALL
  *         The size of the \p output buffer is too small.
- *         You can determine a sufficient buffer size by calling
- *         #PSA_AEAD_UPDATE_OUTPUT_SIZE(\c alg, \p input_length)
- *         where \c alg is the algorithm that is being calculated.
+  *         The size of the \p output buffer is too small.
+ *         #PSA_AEAD_UPDATE_OUTPUT_SIZE(\c key_type, \c alg, \p input_length) or
+ *         #PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE(\p input_length) can be used to
+ *         determine the required buffer size.
  * \retval #PSA_ERROR_INVALID_ARGUMENT
  *         The total length of input to mbedtls_psa_aead_update_ad() so far is
  *         less than the additional data length that was previously
@@ -515,10 +524,16 @@ psa_status_t mbedtls_psa_aead_update(mbedtls_psa_aead_operation_t *operation,
  * \param[out] ciphertext       Buffer where the last part of the ciphertext
  *                              is to be written.
  * \param ciphertext_size       Size of the \p ciphertext buffer in bytes.
- *                              This must be at least
- *                              #PSA_AEAD_FINISH_OUTPUT_SIZE(\c alg) where
- *                              \c alg is the algorithm that is being
- *                              calculated.
+ *                              This must be appropriate for the selected
+ *                              algorithm and key:
+ *                              - A sufficient output size is
+ *                                #PSA_AEAD_FINISH_OUTPUT_SIZE(\c key_type,
+ *                                \c alg) where \c key_type is the type of key
+ *                                and \c alg is the algorithm that were used to
+ *                                set up the operation.
+ *                              - #PSA_AEAD_FINISH_OUTPUT_MAX_SIZE evaluates to
+ *                                the maximum output size of any supported AEAD
+ *                                algorithm.
  * \param[out] ciphertext_length On success, the number of bytes of
  *                              returned ciphertext.
  * \param[out] tag              Buffer where the authentication tag is
@@ -545,12 +560,11 @@ psa_status_t mbedtls_psa_aead_update(mbedtls_psa_aead_operation_t *operation,
  *         operation with a nonce set).
  * \retval #PSA_ERROR_BUFFER_TOO_SMALL
  *         The size of the \p ciphertext or \p tag buffer is too small.
- *         You can determine a sufficient buffer size for \p ciphertext by
- *         calling #PSA_AEAD_FINISH_OUTPUT_SIZE(\c alg)
- *         where \c alg is the algorithm that is being calculated.
- *         #PSA_AEAD_TAG_LENGTH(\c key_type, \c key_bits, \c alg) or
- *         #PSA_AEAD_TAG_MAX_SIZE can be used to determine the required \p tag
- *         buffer size.
+ *         #PSA_AEAD_FINISH_OUTPUT_SIZE(\c key_type, \c alg) or
+ *         #PSA_AEAD_FINISH_OUTPUT_MAX_SIZE can be used to determine the
+ *         required \p ciphertext buffer size. #PSA_AEAD_TAG_LENGTH(\c key_type,
+ *         \c key_bits, \c alg) or #PSA_AEAD_TAG_MAX_SIZE can be used to
+ *         determine the required \p tag buffer size.
  * \retval #PSA_ERROR_INVALID_ARGUMENT
  *         The total length of input to psa_aead_update_ad() so far is
  *         less than the additional data length that was previously
@@ -614,10 +628,16 @@ psa_status_t mbedtls_psa_aead_finish(mbedtls_psa_aead_operation_t *operation,
  *                              that could not be processed until the end
  *                              of the input.
  * \param plaintext_size        Size of the \p plaintext buffer in bytes.
- *                              This must be at least
- *                              #PSA_AEAD_VERIFY_OUTPUT_SIZE(\c alg) where
- *                              \c alg is the algorithm that is being
- *                              calculated.
+ *                              This must be appropriate for the selected
+ *                              algorithm and key:
+ *                              - A sufficient output size is
+ *                                #PSA_AEAD_VERIFY_OUTPUT_SIZE(\c key_type,
+ *                                \c alg) where \c key_type is the type of key
+ *                                and \c alg is the algorithm that were used to
+ *                                set up the operation.
+ *                              - #PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE evaluates to
+ *                                the maximum output size of any supported AEAD
+ *                                algorithm.
  * \param[out] plaintext_length On success, the number of bytes of
  *                              returned plaintext.
  * \param[in] tag               Buffer containing the authentication tag.
@@ -633,9 +653,9 @@ psa_status_t mbedtls_psa_aead_finish(mbedtls_psa_aead_operation_t *operation,
  *         operation with a nonce set).
  * \retval #PSA_ERROR_BUFFER_TOO_SMALL
  *         The size of the \p plaintext buffer is too small.
- *         You can determine a sufficient buffer size for \p plaintext by
- *         calling #PSA_AEAD_VERIFY_OUTPUT_SIZE(\c alg)
- *         where \c alg is the algorithm that is being calculated.
+ *         #PSA_AEAD_VERIFY_OUTPUT_SIZE(\c key_type, \c alg) or
+ *         #PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE can be used to determine the
+ *         required buffer size.
  * \retval #PSA_ERROR_INVALID_ARGUMENT
  *         The total length of input to mbedtls_psa_aead_update_ad() so far is
  *         less than the additional data length that was previously

From 498d3503c4d9ee4dd9dd96aa26ba8301ecc75c9d Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Mon, 17 May 2021 18:16:20 +0100
Subject: [PATCH 040/966] Misc documentation fixes.

Misnamed function calls, typos and missed changes.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto_aead.h | 26 +++++++++++++-------------
 1 file changed, 13 insertions(+), 13 deletions(-)

diff --git a/library/psa_crypto_aead.h b/library/psa_crypto_aead.h
index ce8bb3a513..c111c332e5 100644
--- a/library/psa_crypto_aead.h
+++ b/library/psa_crypto_aead.h
@@ -273,7 +273,7 @@ psa_status_t mbedtls_psa_aead_decrypt_setup(mbedtls_psa_aead_operation_t
  * The PSA core calls mbedtls_psa_aead_encrypt_setup() or
  * mbedtls_psa_aead_decrypt_setup() before calling this function.
  *
- * If this function returns an error status, the PSA core calls
+ * If this function returns an error status, the PSA core will call
  * mbedtls_psa_aead_abort().
  *
  * \param[in,out] operation     Active AEAD operation.
@@ -321,8 +321,8 @@ psa_status_t mbedtls_psa_aead_set_nonce(mbedtls_psa_aead_operation_t *operation,
  *   this function is not required.
  * - For vendor-defined algorithm, refer to the vendor documentation.
  *
- * If this function returns an error status, the operation enters an error
- * state and must be aborted by calling mbedtls_psa_aead_abort().
+ * If this function returns an error status, the PSA core calls
+ * mbedtls_psa_aead_abort().
  *
  * \param[in,out] operation     Active AEAD operation.
  * \param ad_length             Size of the non-encrypted additional
@@ -365,7 +365,7 @@ psa_status_t mbedtls_psa_aead_set_lengths(mbedtls_psa_aead_operation_t
  * fragments of the additional data. It will not call this function after
  * passing data to encrypt or decrypt with mbedtls_psa_aead_update().
  *
- * Before calling this function, The PSA core will:
+ * Before calling this function, the PSA core will:
  *    1. Call either mbedtls_psa_aead_encrypt_setup() or
  *       mbedtls_psa_aead_decrypt_setup().
  *    2. Set the nonce with mbedtls_psa_aead_set_nonce().
@@ -382,7 +382,7 @@ psa_status_t mbedtls_psa_aead_set_lengths(mbedtls_psa_aead_operation_t
  *
  * \note    For the time being #PSA_ALG_CCM and #PSA_ALG_GCM require the entire
  *          additional data to be passed in in one go, i.e.
- *          mbedtls_mbedtls_psa_aead_update_ad() can only be called once.
+ *          mbedtls_psa_aead_update_ad() can only be called once.
  *
  * \param[in,out] operation     Active AEAD operation.
  * \param[in] input             Buffer containing the fragment of
@@ -438,8 +438,8 @@ psa_status_t mbedtls_psa_aead_update_ad(mbedtls_psa_aead_operation_t *operation,
  * can be delayed in this way is bounded by #PSA_AEAD_UPDATE_OUTPUT_SIZE.
  *
  * \note For the time being #PSA_ALG_CCM and #PSA_ALG_GCM require the entire
- *       data to be passed in in one go, i.e. mbedtls_mbedtls_psa_aead_update()
- *       can only be called once.
+ *       data to be passed in in one go, i.e. mbedtls_psa_aead_update() can only
+ *       be called once.
  *
  * \param[in,out] operation     Active AEAD operation.
  * \param[in] input             Buffer containing the message fragment to
@@ -514,7 +514,7 @@ psa_status_t mbedtls_psa_aead_update(mbedtls_psa_aead_operation_t *operation,
  *
  * This function has two output buffers:
  * - \p ciphertext contains trailing ciphertext that was buffered from
- *   preceding calls to psa_aead_update().
+ *   preceding calls to mbedtls_psa_aead_update().
  * - \p tag contains the authentication tag.
  *
  * Whether or not this function returns successfuly, the PSA core subsequently
@@ -544,9 +544,9 @@ psa_status_t mbedtls_psa_aead_update(mbedtls_psa_aead_operation_t *operation,
  *                              - The exact tag size is #PSA_AEAD_TAG_LENGTH(\c
  *                                key_type, \c key_bits, \c alg) where
  *                                \c key_type and \c key_bits are the type and
- *                                bit-size of the key, and \c alg is the
+ *                                bit-size of the key, and \c alg are the
  *                                algorithm that were used in the call to
- *                                psa_aead_encrypt_setup().
+ *                                mbedtls_psa_aead_encrypt_setup().
  *                              - #PSA_AEAD_TAG_MAX_SIZE evaluates to the
  *                                maximum tag size of any supported AEAD
  *                                algorithm.
@@ -566,9 +566,9 @@ psa_status_t mbedtls_psa_aead_update(mbedtls_psa_aead_operation_t *operation,
  *         \c key_bits, \c alg) or #PSA_AEAD_TAG_MAX_SIZE can be used to
  *         determine the required \p tag buffer size.
  * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         The total length of input to psa_aead_update_ad() so far is
+ *         The total length of input to mbedtls_psa_aead_update_ad() so far is
  *         less than the additional data length that was previously
- *         specified with psa_aead_set_lengths().
+ *         specified with mbedtls_psa_aead_set_lengths().
  * \retval #PSA_ERROR_INVALID_ARGUMENT
  *         The total length of input to mbedtls_psa_aead_update() so far is
  *         less than the plaintext length that was previously
@@ -663,7 +663,7 @@ psa_status_t mbedtls_psa_aead_finish(mbedtls_psa_aead_operation_t *operation,
  * \retval #PSA_ERROR_INVALID_ARGUMENT
  *         The total length of input to mbedtls_psa_aead_update() so far is
  *         less than the plaintext length that was previously
- *         specified with psa_aead_set_lengths().
+ *         specified with mbedtls_psa_aead_set_lengths().
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE

From b91f331fcee009e79e6f1c1a8ede672bc7fb4b6d Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Wed, 19 May 2021 12:30:15 +0100
Subject: [PATCH 041/966] Correct potential return values in documentation

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto_aead.h | 121 ++++++++------------------------------
 1 file changed, 23 insertions(+), 98 deletions(-)

diff --git a/library/psa_crypto_aead.h b/library/psa_crypto_aead.h
index c111c332e5..cf6230149d 100644
--- a/library/psa_crypto_aead.h
+++ b/library/psa_crypto_aead.h
@@ -178,23 +178,12 @@ psa_status_t mbedtls_psa_aead_decrypt(
  *
  * \retval #PSA_SUCCESS
  *         Success.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be inactive).
- * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_NOT_PERMITTED
  * \retval #PSA_ERROR_INVALID_ARGUMENT
  *         \p key is not compatible with \p alg.
  * \retval #PSA_ERROR_NOT_SUPPORTED
  *         \p alg is not supported or is not an AEAD algorithm.
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
- *         It is implementation-dependent whether a failure to initialize
- *         results in this error code.
+ *         Failed to allocate memory for key material
  */
 psa_status_t mbedtls_psa_aead_encrypt_setup(mbedtls_psa_aead_operation_t
                                                                      *operation,
@@ -234,23 +223,12 @@ psa_status_t mbedtls_psa_aead_encrypt_setup(mbedtls_psa_aead_operation_t
  *
  * \retval #PSA_SUCCESS
  *         Success.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be inactive).
- * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_NOT_PERMITTED
- * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * * \retval #PSA_ERROR_INVALID_ARGUMENT
  *         \p key is not compatible with \p alg.
  * \retval #PSA_ERROR_NOT_SUPPORTED
  *         \p alg is not supported or is not an AEAD algorithm.
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
- *         It is implementation-dependent whether a failure to initialize
- *         results in this error code.
+ *         Failed to allocate memory for key material
  */
 psa_status_t mbedtls_psa_aead_decrypt_setup(mbedtls_psa_aead_operation_t
                                                                      *operation,
@@ -282,20 +260,11 @@ psa_status_t mbedtls_psa_aead_decrypt_setup(mbedtls_psa_aead_operation_t
  *
  * \retval #PSA_SUCCESS
  *         Success.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be active, with no nonce
- *         set).
  * \retval #PSA_ERROR_INVALID_ARGUMENT
  *         The size of \p nonce is not acceptable for the chosen algorithm.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
- *         It is implementation-dependent whether a failure to initialize
- *         results in this error code.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ *         Algorithm previously set is not supported in this configuration of
+ *         the library.
  */
 psa_status_t mbedtls_psa_aead_set_nonce(mbedtls_psa_aead_operation_t *operation,
                                         const uint8_t *nonce,
@@ -331,21 +300,12 @@ psa_status_t mbedtls_psa_aead_set_nonce(mbedtls_psa_aead_operation_t *operation,
  *
  * \retval #PSA_SUCCESS
  *         Success.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be active, and
- *         mbedtls_psa_aead_update_ad() and mbedtls_psa_aead_update() must not
- *         have been called yet).
  * \retval #PSA_ERROR_INVALID_ARGUMENT
  *         At least one of the lengths is not acceptable for the chosen
  *         algorithm.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
- *         It is implementation-dependent whether a failure to initialize
- *         results in this error code.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ *         Algorithm previously set is not supported in this configuration of
+ *         the library.
  */
 psa_status_t mbedtls_psa_aead_set_lengths(mbedtls_psa_aead_operation_t
                                                                      *operation,
@@ -391,22 +351,15 @@ psa_status_t mbedtls_psa_aead_set_lengths(mbedtls_psa_aead_operation_t
  *
  * \retval #PSA_SUCCESS
  *         Success.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be active, have a nonce
- *         set, have lengths set if required by the algorithm, and
- *         mbedtls_psa_aead_update() must not have been called yet).
  * \retval #PSA_ERROR_INVALID_ARGUMENT
  *         The total input length overflows the additional data length that
  *         was previously specified with mbedtls_psa_aead_set_lengths().
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
- *         It is implementation-dependent whether a failure to initialize
- *         results in this error code.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ *         (For GCM / CCM) PSA core attempted to call mbedtls_psa_update_ad()
+ *         more than once.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ *         Algorithm previously set is not supported in this configuration of
+ *         the library.
  */
 psa_status_t mbedtls_psa_aead_update_ad(mbedtls_psa_aead_operation_t *operation,
                                         const uint8_t *input,
@@ -464,12 +417,9 @@ psa_status_t mbedtls_psa_aead_update_ad(mbedtls_psa_aead_operation_t *operation,
  *
  * \retval #PSA_SUCCESS
  *         Success.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be active, have a nonce
- *         set, and have lengths set if required by the algorithm).
+
  * \retval #PSA_ERROR_BUFFER_TOO_SMALL
  *         The size of the \p output buffer is too small.
-  *         The size of the \p output buffer is too small.
  *         #PSA_AEAD_UPDATE_OUTPUT_SIZE(\c key_type, \c alg, \p input_length) or
  *         #PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE(\p input_length) can be used to
  *         determine the required buffer size.
@@ -480,15 +430,12 @@ psa_status_t mbedtls_psa_aead_update_ad(mbedtls_psa_aead_operation_t *operation,
  * \retval #PSA_ERROR_INVALID_ARGUMENT
  *         The total input length overflows the plaintext length that
  *         was previously specified with mbedtls_psa_aead_set_lengths().
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ *         (GCM / CCM only) PSA core attempted to call mbedtls_psa_update() more
+ *         than once.
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
- *         It is implementation-dependent whether a failure to initialize
- *         results in this error code.
+ *         (CCM only) Unable to allocate memory for the tag or the body
+
  */
 psa_status_t mbedtls_psa_aead_update(mbedtls_psa_aead_operation_t *operation,
                                      const uint8_t *input,
@@ -573,15 +520,6 @@ psa_status_t mbedtls_psa_aead_update(mbedtls_psa_aead_operation_t *operation,
  *         The total length of input to mbedtls_psa_aead_update() so far is
  *         less than the plaintext length that was previously
  *         specified with mbedtls_psa_aead_set_lengths().
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
- *         It is implementation-dependent whether a failure to initialize
- *         results in this error code.
  */
 psa_status_t mbedtls_psa_aead_finish(mbedtls_psa_aead_operation_t *operation,
                                      uint8_t *ciphertext,
@@ -665,14 +603,7 @@ psa_status_t mbedtls_psa_aead_finish(mbedtls_psa_aead_operation_t *operation,
  *         less than the plaintext length that was previously
  *         specified with mbedtls_psa_aead_set_lengths().
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
- *         It is implementation-dependent whether a failure to initialize
- *         results in this error code.
+ *         (CCM only) Failed to allocate temporary buffer
  */
 psa_status_t mbedtls_psa_aead_verify(mbedtls_psa_aead_operation_t *operation,
                                      uint8_t *plaintext,
@@ -703,13 +634,7 @@ psa_status_t mbedtls_psa_aead_verify(mbedtls_psa_aead_operation_t *operation,
  * \param[in,out] operation     Initialized AEAD operation.
  *
  * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
- *         It is implementation-dependent whether a failure to initialize
- *         results in this error code.
+ *         Success.
  */
 psa_status_t mbedtls_psa_aead_abort(mbedtls_psa_aead_operation_t *operation);
 

From 5c656cbf99fd8a6297f7c912fb1ee6362c1fc722 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Wed, 19 May 2021 14:15:01 +0100
Subject: [PATCH 042/966] Fix missed incorrect include guard

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto_driver_wrappers.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c
index 7590800e26..3245ff4221 100644
--- a/library/psa_crypto_driver_wrappers.c
+++ b/library/psa_crypto_driver_wrappers.c
@@ -1399,7 +1399,7 @@ psa_status_t psa_driver_wrapper_aead_set_nonce(
 {
     switch( operation->id )
     {
-#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
+#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
         case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
             return( mbedtls_psa_aead_set_nonce( &operation->ctx.mbedtls_ctx,
                                                 nonce,

From e9eeea32905ce2c416df21afc19c6244ac989685 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Wed, 19 May 2021 14:32:58 +0100
Subject: [PATCH 043/966] Formatting fixes

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto_aead.c | 22 ++++++++--------------
 1 file changed, 8 insertions(+), 14 deletions(-)

diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c
index 848889af85..4fb0e3b0f1 100644
--- a/library/psa_crypto_aead.c
+++ b/library/psa_crypto_aead.c
@@ -391,7 +391,7 @@ psa_status_t mbedtls_psa_aead_set_nonce( mbedtls_psa_aead_operation_t
     if( operation->alg == PSA_ALG_GCM )
     {
         /* GCM sets nonce once additional data has been supplied */
-        memcpy(operation->nonce, nonce, nonce_length);
+        memcpy( operation->nonce, nonce, nonce_length );
 
         /* We know that nonce size cannot exceed the uint8_t size */
         operation->nonce_length = ( uint8_t ) nonce_length;
@@ -449,8 +449,8 @@ psa_status_t mbedtls_psa_aead_set_lengths( mbedtls_psa_aead_operation_t
     if( operation->alg == PSA_ALG_GCM )
     {
         /* Lengths can only be too large for GCM if size_t is bigger than 32
-         * bits. Without th
-           e guard this code will generate warnings on 32bit builds*/
+         * bits. Without the guard this code will generate warnings on 32bit
+           builds */
 #if SIZE_MAX > UINT32_MAX
         if( ( (uint64_t) ad_length ) >> 61 != 0 ||
             ( (uint64_t) plaintext_length ) > 0xFFFFFFFE0ull )
@@ -509,10 +509,10 @@ psa_status_t mbedtls_psa_aead_update_ad( mbedtls_psa_aead_operation_t
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
     if( operation->alg == PSA_ALG_GCM )
     {
-         /* GCM currently requires all the additional data to be passed in in
-         * one contiguous buffer, so until that is re-done, we have to enforce
-         * this, as we cannot allocate a buffer to collate multiple calls into.
-           */
+         /* GCM currently requires all the additional data to be passed in
+          * in one contiguous buffer, so until that is re-done, we have to
+          * enforce this, as we cannot allocate a buffer to collate multiple
+          * calls into. */
         if( operation->ad_started )
             return( PSA_ERROR_NOT_SUPPORTED );
 
@@ -541,9 +541,7 @@ psa_status_t mbedtls_psa_aead_update_ad( mbedtls_psa_aead_operation_t
         operation->ad_buffer = ( uint8_t * ) mbedtls_calloc( 1, input_length );
 
         if( operation->ad_buffer == NULL )
-        {
             return( PSA_ERROR_INSUFFICIENT_MEMORY );
-        }
 
         memcpy( operation->ad_buffer, input, input_length );
         operation->ad_length = input_length;
@@ -667,9 +665,7 @@ psa_status_t mbedtls_psa_aead_update( mbedtls_psa_aead_operation_t *operation,
                 ( uint8_t * ) mbedtls_calloc(1, input_length );
 
             if( operation->body_buffer == NULL)
-            {
                 return( PSA_ERROR_INSUFFICIENT_MEMORY );
-            }
 
             memcpy( operation->body_buffer, input, input_length );
             operation->body_length = input_length;
@@ -859,9 +855,7 @@ psa_status_t mbedtls_psa_aead_verify( mbedtls_psa_aead_operation_t *operation,
         temp_buffer = ( uint8_t * ) mbedtls_calloc(1, temp_buffer_size );
 
         if( temp_buffer == NULL)
-        {
             return( PSA_ERROR_INSUFFICIENT_MEMORY );
-        }
 
         ret = mbedtls_ccm_auth_decrypt( &operation->ctx.ccm,
                                         operation->body_length,
@@ -881,7 +875,7 @@ psa_status_t mbedtls_psa_aead_verify( mbedtls_psa_aead_operation_t *operation,
         }
 
         /* Even if the above operation fails, we no longer need the data */
-        mbedtls_free(temp_buffer);
+        mbedtls_free( temp_buffer );
     }
     else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */

From bb8bf6649e4fd09ad044849c242ae8f7d4b266d1 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Wed, 19 May 2021 17:29:42 +0100
Subject: [PATCH 044/966] Change function signature indentation

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto_aead.c | 102 +++++++++++++++++++-------------------
 library/psa_crypto_aead.h |  93 +++++++++++++++++-----------------
 2 files changed, 100 insertions(+), 95 deletions(-)

diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c
index 4fb0e3b0f1..0daa3034a1 100644
--- a/library/psa_crypto_aead.c
+++ b/library/psa_crypto_aead.c
@@ -337,13 +337,12 @@ exit:
 
 /* Set the key and algorithm for a multipart authenticated encryption
  * operation. */
-psa_status_t mbedtls_psa_aead_encrypt_setup( mbedtls_psa_aead_operation_t
-                                                                    *operation,
-                                             const psa_key_attributes_t
-                                                                    *attributes,
-                                             const uint8_t *key_buffer,
-                                             size_t key_buffer_size,
-                                             psa_algorithm_t alg )
+psa_status_t mbedtls_psa_aead_encrypt_setup(
+    mbedtls_psa_aead_operation_t *operation,
+    const psa_key_attributes_t *attributes,
+    const uint8_t *key_buffer,
+    size_t key_buffer_size,
+    psa_algorithm_t alg )
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
@@ -358,13 +357,12 @@ psa_status_t mbedtls_psa_aead_encrypt_setup( mbedtls_psa_aead_operation_t
 
 /* Set the key and algorithm for a multipart authenticated decryption
  * operation. */
-psa_status_t mbedtls_psa_aead_decrypt_setup( mbedtls_psa_aead_operation_t
-                                                                    *operation,
-                                             const psa_key_attributes_t
-                                                                    *attributes,
-                                             const uint8_t *key_buffer,
-                                             size_t key_buffer_size,
-                                             psa_algorithm_t alg )
+psa_status_t mbedtls_psa_aead_decrypt_setup(
+    mbedtls_psa_aead_operation_t *operation,
+    const psa_key_attributes_t *attributes,
+    const uint8_t *key_buffer,
+    size_t key_buffer_size,
+    psa_algorithm_t alg )
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
@@ -380,10 +378,10 @@ psa_status_t mbedtls_psa_aead_decrypt_setup( mbedtls_psa_aead_operation_t
 }
 
 /* Set a nonce for the multipart AEAD operation*/
-psa_status_t mbedtls_psa_aead_set_nonce( mbedtls_psa_aead_operation_t
-                                                                    *operation,
-                                         const uint8_t *nonce,
-                                         size_t nonce_length )
+psa_status_t mbedtls_psa_aead_set_nonce(
+    mbedtls_psa_aead_operation_t *operation,
+    const uint8_t *nonce,
+    size_t nonce_length )
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
@@ -439,10 +437,10 @@ psa_status_t mbedtls_psa_aead_set_nonce( mbedtls_psa_aead_operation_t
     return( status );
 }
  /* Declare the lengths of the message and additional data for AEAD. */
-psa_status_t mbedtls_psa_aead_set_lengths( mbedtls_psa_aead_operation_t
-                                                                    *operation,
-                                           size_t ad_length,
-                                           size_t plaintext_length )
+psa_status_t mbedtls_psa_aead_set_lengths(
+    mbedtls_psa_aead_operation_t *operation,
+    size_t ad_length,
+    size_t plaintext_length )
 {
 
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
@@ -491,10 +489,10 @@ psa_status_t mbedtls_psa_aead_set_lengths( mbedtls_psa_aead_operation_t
 }
 
 /* Pass additional data to an active multipart AEAD operation. */
-psa_status_t mbedtls_psa_aead_update_ad( mbedtls_psa_aead_operation_t
-                                                                    *operation,
-                                         const uint8_t *input,
-                                         size_t input_length )
+psa_status_t mbedtls_psa_aead_update_ad(
+    mbedtls_psa_aead_operation_t *operation,
+    const uint8_t *input,
+    size_t input_length )
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
@@ -574,12 +572,13 @@ psa_status_t mbedtls_psa_aead_update_ad( mbedtls_psa_aead_operation_t
 
 /* Encrypt or decrypt a message fragment in an active multipart AEAD
  * operation.*/
-psa_status_t mbedtls_psa_aead_update( mbedtls_psa_aead_operation_t *operation,
-                                      const uint8_t *input,
-                                      size_t input_length,
-                                      uint8_t *output,
-                                      size_t output_size,
-                                      size_t *output_length )
+psa_status_t mbedtls_psa_aead_update(
+    mbedtls_psa_aead_operation_t *operation,
+    const uint8_t *input,
+    size_t input_length,
+    uint8_t *output,
+    size_t output_size,
+    size_t *output_length )
 {
     size_t update_output_length;
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
@@ -719,10 +718,10 @@ psa_status_t mbedtls_psa_aead_update( mbedtls_psa_aead_operation_t *operation,
 
 /* Common checks for both mbedtls_psa_aead_finish() and
    mbedtls_psa_aead_verify() */
-static psa_status_t mbedtls_psa_aead_finish_checks( mbedtls_psa_aead_operation_t
-                                                                    *operation,
-                                                    size_t output_size,
-                                                    size_t tag_size )
+static psa_status_t mbedtls_psa_aead_finish_checks(
+    mbedtls_psa_aead_operation_t *operation,
+    size_t output_size,
+    size_t tag_size )
 {
     size_t finish_output_size;
 
@@ -744,13 +743,14 @@ static psa_status_t mbedtls_psa_aead_finish_checks( mbedtls_psa_aead_operation_t
 }
 
 /* Finish encrypting a message in a multipart AEAD operation. */
-psa_status_t mbedtls_psa_aead_finish( mbedtls_psa_aead_operation_t *operation,
-                                      uint8_t *ciphertext,
-                                      size_t ciphertext_size,
-                                      size_t *ciphertext_length,
-                                      uint8_t *tag,
-                                      size_t tag_size,
-                                      size_t *tag_length )
+psa_status_t mbedtls_psa_aead_finish(
+    mbedtls_psa_aead_operation_t *operation,
+    uint8_t *ciphertext,
+    size_t ciphertext_size,
+    size_t *ciphertext_length,
+    uint8_t *tag,
+    size_t tag_size,
+    size_t *tag_length )
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     size_t finish_output_size = 0;
@@ -808,12 +808,13 @@ psa_status_t mbedtls_psa_aead_finish( mbedtls_psa_aead_operation_t *operation,
 
 /* Finish authenticating and decrypting a message in a multipart AEAD
  * operation.*/
-psa_status_t mbedtls_psa_aead_verify( mbedtls_psa_aead_operation_t *operation,
-                                      uint8_t *plaintext,
-                                      size_t plaintext_size,
-                                      size_t *plaintext_length,
-                                      const uint8_t *tag,
-                                      size_t tag_length )
+psa_status_t mbedtls_psa_aead_verify(
+    mbedtls_psa_aead_operation_t *operation,
+    uint8_t *plaintext,
+    size_t plaintext_size,
+    size_t *plaintext_length,
+    const uint8_t *tag,
+    size_t tag_length )
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@@ -911,7 +912,8 @@ psa_status_t mbedtls_psa_aead_verify( mbedtls_psa_aead_operation_t *operation,
 }
 
 /* Abort an AEAD operation */
-psa_status_t mbedtls_psa_aead_abort( mbedtls_psa_aead_operation_t *operation )
+psa_status_t mbedtls_psa_aead_abort(
+   mbedtls_psa_aead_operation_t *operation )
 {
     switch( operation->alg )
     {
diff --git a/library/psa_crypto_aead.h b/library/psa_crypto_aead.h
index cf6230149d..fcac5cac18 100644
--- a/library/psa_crypto_aead.h
+++ b/library/psa_crypto_aead.h
@@ -185,13 +185,12 @@ psa_status_t mbedtls_psa_aead_decrypt(
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  *         Failed to allocate memory for key material
  */
-psa_status_t mbedtls_psa_aead_encrypt_setup(mbedtls_psa_aead_operation_t
-                                                                     *operation,
-                                            const psa_key_attributes_t
-                                                                    *attributes,
-                                            const uint8_t *key_buffer,
-                                            size_t key_buffer_size,
-                                            psa_algorithm_t alg);
+psa_status_t mbedtls_psa_aead_encrypt_setup(
+    mbedtls_psa_aead_operation_t *operation,
+    const psa_key_attributes_t *attributes,
+    const uint8_t *key_buffer,
+    size_t key_buffer_size,
+    psa_algorithm_t alg );
 
 /** Set the key for a multipart authenticated decryption operation.
  *
@@ -230,13 +229,12 @@ psa_status_t mbedtls_psa_aead_encrypt_setup(mbedtls_psa_aead_operation_t
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  *         Failed to allocate memory for key material
  */
-psa_status_t mbedtls_psa_aead_decrypt_setup(mbedtls_psa_aead_operation_t
-                                                                     *operation,
-                                            const psa_key_attributes_t
-                                                                    *attributes,
-                                            const uint8_t *key_buffer,
-                                            size_t key_buffer_size,
-                                            psa_algorithm_t alg);
+psa_status_t mbedtls_psa_aead_decrypt_setup(
+    mbedtls_psa_aead_operation_t *operation,
+    const psa_key_attributes_t *attributes,
+    const uint8_t *key_buffer,
+    size_t key_buffer_size,
+    psa_algorithm_t alg );
 
 /** Set the nonce for an authenticated encryption or decryption operation.
  *
@@ -266,9 +264,10 @@ psa_status_t mbedtls_psa_aead_decrypt_setup(mbedtls_psa_aead_operation_t
  *         Algorithm previously set is not supported in this configuration of
  *         the library.
  */
-psa_status_t mbedtls_psa_aead_set_nonce(mbedtls_psa_aead_operation_t *operation,
-                                        const uint8_t *nonce,
-                                        size_t nonce_length);
+psa_status_t mbedtls_psa_aead_set_nonce(
+    mbedtls_psa_aead_operation_t *operation,
+    const uint8_t *nonce,
+    size_t nonce_length );
 
 /** Declare the lengths of the message and additional data for AEAD.
  *
@@ -307,10 +306,10 @@ psa_status_t mbedtls_psa_aead_set_nonce(mbedtls_psa_aead_operation_t *operation,
  *         Algorithm previously set is not supported in this configuration of
  *         the library.
  */
-psa_status_t mbedtls_psa_aead_set_lengths(mbedtls_psa_aead_operation_t
-                                                                     *operation,
-                                          size_t ad_length,
-                                          size_t plaintext_length);
+psa_status_t mbedtls_psa_aead_set_lengths(
+    mbedtls_psa_aead_operation_t *operation,
+    size_t ad_length,
+    size_t plaintext_length );
 
 /** Pass additional data to an active AEAD operation.
  *
@@ -361,9 +360,10 @@ psa_status_t mbedtls_psa_aead_set_lengths(mbedtls_psa_aead_operation_t
  *         Algorithm previously set is not supported in this configuration of
  *         the library.
  */
-psa_status_t mbedtls_psa_aead_update_ad(mbedtls_psa_aead_operation_t *operation,
-                                        const uint8_t *input,
-                                        size_t input_length);
+psa_status_t mbedtls_psa_aead_update_ad(
+    mbedtls_psa_aead_operation_t *operation,
+    const uint8_t *input,
+    size_t input_length );
 
 /** Encrypt or decrypt a message fragment in an active AEAD operation.
  *
@@ -437,12 +437,13 @@ psa_status_t mbedtls_psa_aead_update_ad(mbedtls_psa_aead_operation_t *operation,
  *         (CCM only) Unable to allocate memory for the tag or the body
 
  */
-psa_status_t mbedtls_psa_aead_update(mbedtls_psa_aead_operation_t *operation,
-                                     const uint8_t *input,
-                                     size_t input_length,
-                                     uint8_t *output,
-                                     size_t output_size,
-                                     size_t *output_length);
+psa_status_t mbedtls_psa_aead_update(
+    mbedtls_psa_aead_operation_t *operation,
+    const uint8_t *input,
+    size_t input_length,
+    uint8_t *output,
+    size_t output_size,
+    size_t *output_length );
 
 /** Finish encrypting a message in an AEAD operation.
  *
@@ -521,13 +522,14 @@ psa_status_t mbedtls_psa_aead_update(mbedtls_psa_aead_operation_t *operation,
  *         less than the plaintext length that was previously
  *         specified with mbedtls_psa_aead_set_lengths().
  */
-psa_status_t mbedtls_psa_aead_finish(mbedtls_psa_aead_operation_t *operation,
-                                     uint8_t *ciphertext,
-                                     size_t ciphertext_size,
-                                     size_t *ciphertext_length,
-                                     uint8_t *tag,
-                                     size_t tag_size,
-                                     size_t *tag_length);
+psa_status_t mbedtls_psa_aead_finish(
+    mbedtls_psa_aead_operation_t *operation,
+    uint8_t *ciphertext,
+    size_t ciphertext_size,
+    size_t *ciphertext_length,
+    uint8_t *tag,
+    size_t tag_size,
+    size_t *tag_length );
 
 /** Finish authenticating and decrypting a message in an AEAD operation.
  *
@@ -605,12 +607,13 @@ psa_status_t mbedtls_psa_aead_finish(mbedtls_psa_aead_operation_t *operation,
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  *         (CCM only) Failed to allocate temporary buffer
  */
-psa_status_t mbedtls_psa_aead_verify(mbedtls_psa_aead_operation_t *operation,
-                                     uint8_t *plaintext,
-                                     size_t plaintext_size,
-                                     size_t *plaintext_length,
-                                     const uint8_t *tag,
-                                     size_t tag_length);
+psa_status_t mbedtls_psa_aead_verify(
+    mbedtls_psa_aead_operation_t *operation,
+    uint8_t *plaintext,
+    size_t plaintext_size,
+    size_t *plaintext_length,
+    const uint8_t *tag,
+    size_t tag_length );
 
 /** Abort an AEAD operation.
  *
@@ -636,7 +639,7 @@ psa_status_t mbedtls_psa_aead_verify(mbedtls_psa_aead_operation_t *operation,
  * \retval #PSA_SUCCESS
  *         Success.
  */
-psa_status_t mbedtls_psa_aead_abort(mbedtls_psa_aead_operation_t *operation);
-
+psa_status_t mbedtls_psa_aead_abort(
+    mbedtls_psa_aead_operation_t *operation );
 
 #endif /* PSA_CRYPTO_AEAD */

From cee785cd72d7163042fbf34924836efdd04cf149 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Thu, 20 May 2021 14:29:20 +0100
Subject: [PATCH 045/966] Seperate id checks from other state checks

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto.c | 88 ++++++++++++++++++++++++++++++++++----------
 1 file changed, 69 insertions(+), 19 deletions(-)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 527e44e766..9c7a380d54 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3248,8 +3248,14 @@ psa_status_t psa_aead_encrypt_setup( psa_aead_operation_t *operation,
         goto exit;
     }
 
-    if( operation->id || operation->nonce_set ||
-        operation->ad_started || operation->body_started )
+    if( operation->id != 0 )
+    {
+        status = PSA_ERROR_BAD_STATE;
+        goto exit;
+    }
+
+    if( operation->nonce_set || operation->ad_started ||
+        operation->body_started )
     {
         status = PSA_ERROR_BAD_STATE;
         goto exit;
@@ -3259,9 +3265,7 @@ psa_status_t psa_aead_encrypt_setup( psa_aead_operation_t *operation,
                  key, &slot, PSA_KEY_USAGE_ENCRYPT, alg );
 
     if( status != PSA_SUCCESS )
-    {
         goto exit;
-    }
 
     psa_key_attributes_t attributes = {
       .core = slot->attr
@@ -3272,9 +3276,7 @@ psa_status_t psa_aead_encrypt_setup( psa_aead_operation_t *operation,
                                                     slot->key.bytes, alg );
 
     if( status != PSA_SUCCESS )
-    {
         goto exit;
-    }
 
     operation->key_type = psa_get_key_type( &attributes );
 
@@ -3310,8 +3312,14 @@ psa_status_t psa_aead_decrypt_setup( psa_aead_operation_t *operation,
         goto exit;
     }
 
-    if( operation->id || operation->nonce_set ||
-        operation->ad_started || operation->body_started )
+    if( operation->id != 0 )
+    {
+        status = PSA_ERROR_BAD_STATE;
+        goto exit;
+    }
+
+    if( operation->nonce_set || operation->ad_started ||
+        operation->body_started )
     {
         status = PSA_ERROR_BAD_STATE;
         goto exit;
@@ -3359,8 +3367,14 @@ psa_status_t psa_aead_generate_nonce( psa_aead_operation_t *operation,
 
      *nonce_length = 0;
 
-    if( !operation->id || operation->nonce_set ||
-        operation->ad_started || operation->body_started )
+    if( operation->id == 0 )
+    {
+        status = PSA_ERROR_BAD_STATE;
+        goto exit;
+    }
+
+    if( operation->nonce_set || operation->ad_started ||
+        operation->body_started )
     {
         status = PSA_ERROR_BAD_STATE;
         goto exit;
@@ -3401,8 +3415,14 @@ psa_status_t psa_aead_set_nonce( psa_aead_operation_t *operation,
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
-    if( !operation->id || operation->nonce_set ||
-        operation->ad_started || operation->body_started )
+    if( operation->id == 0 )
+    {
+        status = PSA_ERROR_BAD_STATE;
+        goto exit;
+    }
+
+    if( operation->nonce_set || operation->ad_started ||
+        operation->body_started )
     {
         status = PSA_ERROR_BAD_STATE;
         goto exit;
@@ -3428,7 +3448,13 @@ psa_status_t psa_aead_set_lengths( psa_aead_operation_t *operation,
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
-    if( !operation->id || operation->lengths_set )
+    if( operation->id == 0 )
+    {
+        status = PSA_ERROR_BAD_STATE;
+        goto exit;
+    }
+
+    if( operation->lengths_set )
     {
         status = PSA_ERROR_BAD_STATE;
         goto exit;
@@ -3453,7 +3479,13 @@ psa_status_t psa_aead_update_ad( psa_aead_operation_t *operation,
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
-    if( !operation->id || !operation->nonce_set )
+    if( operation->id == 0 )
+    {
+        status = PSA_ERROR_BAD_STATE;
+        goto exit;
+    }
+
+    if( !operation->nonce_set )
     {
         status = PSA_ERROR_BAD_STATE;
         goto exit;
@@ -3485,7 +3517,13 @@ psa_status_t psa_aead_update( psa_aead_operation_t *operation,
 
     *output_length = 0;
 
-    if( !operation->id || !operation->nonce_set || !operation->ad_started )
+    if( operation->id == 0 )
+    {
+        status = PSA_ERROR_BAD_STATE;
+        goto exit;
+    }
+
+    if( !operation->nonce_set || !operation->ad_started )
     {
         status = PSA_ERROR_BAD_STATE;
         goto exit;
@@ -3519,8 +3557,14 @@ psa_status_t psa_aead_finish( psa_aead_operation_t *operation,
     *ciphertext_length = 0;
     *tag_length = 0;
 
-    if( !operation->id || !operation->nonce_set ||
-        !operation->ad_started || !operation->body_started )
+    if( operation->id == 0 )
+    {
+        status = PSA_ERROR_BAD_STATE;
+        goto exit;
+    }
+
+    if( !operation->nonce_set || !operation->ad_started ||
+        !operation->body_started )
     {
         status = PSA_ERROR_BAD_STATE;
         goto exit;
@@ -3551,8 +3595,14 @@ psa_status_t psa_aead_verify( psa_aead_operation_t *operation,
 
     *plaintext_length = 0;
 
-    if( !operation->id || !operation->nonce_set ||
-        !operation->ad_started || !operation->body_started )
+    if( operation->id == 0 )
+    {
+        status = PSA_ERROR_BAD_STATE;
+        goto exit;
+    }
+
+    if( !operation->nonce_set || !operation->ad_started ||
+        !operation->body_started )
     {
         status = PSA_ERROR_BAD_STATE;
         goto exit;

From ac1b3fd5b6b12f9cf4821ecb493a700c57a696ea Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Thu, 20 May 2021 14:33:13 +0100
Subject: [PATCH 046/966] Ensure that key gets unlocked in case of error

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto.c | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 9c7a380d54..adf3b2b7a8 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3280,14 +3280,12 @@ psa_status_t psa_aead_encrypt_setup( psa_aead_operation_t *operation,
 
     operation->key_type = psa_get_key_type( &attributes );
 
+exit:
+
     unlock_status = psa_unlock_key_slot( slot );
 
     if( unlock_status != PSA_SUCCESS )
-    {
         status = unlock_status;
-    }
-
-exit:
 
     if( status == PSA_SUCCESS )
         operation->alg = psa_aead_get_base_algorithm( alg );
@@ -3339,15 +3337,18 @@ psa_status_t psa_aead_decrypt_setup( psa_aead_operation_t *operation,
                                                     &attributes, slot->key.data,
                                                     slot->key.bytes, alg );
 
+    if( status != PSA_SUCCESS )
+        goto exit;
+
     operation->key_type = psa_get_key_type( &attributes );
 
+exit:
+
     unlock_status = psa_unlock_key_slot( slot );
 
     if( unlock_status != PSA_SUCCESS )
         status = unlock_status;
 
-exit:
-
     if( status == PSA_SUCCESS )
         operation->alg = psa_aead_get_base_algorithm( alg );
     else

From b91da71db1ccb6a28a0a9cec7c769ab73d1d32bf Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Thu, 20 May 2021 14:43:47 +0100
Subject: [PATCH 047/966] Remove unrequired initialisation

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index adf3b2b7a8..e97cbaf987 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3364,7 +3364,7 @@ psa_status_t psa_aead_generate_nonce( psa_aead_operation_t *operation,
                                       size_t *nonce_length )
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-    size_t required_nonce_size = nonce_size;
+    size_t required_nonce_size;
 
      *nonce_length = 0;
 

From ee4ffe00798af7d5364fd7543db593bca4e26cca Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Thu, 20 May 2021 17:25:06 +0100
Subject: [PATCH 048/966] Move AEAD length checks to PSA core

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 include/psa/crypto_builtin_primitives.h |  6 +--
 include/psa/crypto_struct.h             |  5 ++-
 library/psa_crypto.c                    | 49 +++++++++++++++++++++++++
 library/psa_crypto_aead.c               | 31 ----------------
 4 files changed, 54 insertions(+), 37 deletions(-)

diff --git a/include/psa/crypto_builtin_primitives.h b/include/psa/crypto_builtin_primitives.h
index e3903bca50..b28e0d7e2e 100644
--- a/include/psa/crypto_builtin_primitives.h
+++ b/include/psa/crypto_builtin_primitives.h
@@ -130,7 +130,6 @@ typedef struct
     psa_algorithm_t alg;
     psa_key_type_t key_type;
 
-    unsigned int lengths_set : 1;
     unsigned int is_encrypt : 1;
     unsigned int ad_started : 1;
     unsigned int body_started : 1;
@@ -138,9 +137,6 @@ typedef struct
     uint8_t tag_length;
     uint8_t nonce_length;
 
-    size_t ad_remaining;
-    size_t body_remaining;
-
     /* Buffers for AD/data - only required until CCM gets proper multipart
        support. */
     uint8_t *ad_buffer;
@@ -172,7 +168,7 @@ typedef struct
 
 } mbedtls_psa_aead_operation_t;
 
-#define MBEDTLS_PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, {0}, {0}}
+#define MBEDTLS_PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, {0}, {0}}
 
 /*
  * BEYOND THIS POINT, TEST DRIVER DECLARATIONS ONLY.
diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h
index 36503f91cf..0f74c5481d 100644
--- a/include/psa/crypto_struct.h
+++ b/include/psa/crypto_struct.h
@@ -165,6 +165,9 @@ struct psa_aead_operation_s
     psa_algorithm_t alg;
     psa_key_type_t key_type;
 
+    size_t ad_remaining;
+    size_t body_remaining;
+
     unsigned int nonce_set : 1;
     unsigned int lengths_set : 1;
     unsigned int ad_started : 1;
@@ -173,7 +176,7 @@ struct psa_aead_operation_s
     psa_driver_aead_context_t ctx;
 };
 
-#define PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, 0, 0, 0, {0}}
+#define PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, 0, 0, 0, 0, 0, {0}}
 static inline struct psa_aead_operation_s psa_aead_operation_init( void )
 {
     const struct psa_aead_operation_s v = PSA_AEAD_OPERATION_INIT;
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index e97cbaf987..c53020a2be 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3467,7 +3467,11 @@ psa_status_t psa_aead_set_lengths( psa_aead_operation_t *operation,
 exit:
 
     if( status == PSA_SUCCESS )
+    {
+        operation->ad_remaining = ad_length;
+        operation->body_remaining = plaintext_length;
         operation->lengths_set = 1;
+    }
     else
         psa_aead_abort( operation );
 
@@ -3492,6 +3496,17 @@ psa_status_t psa_aead_update_ad( psa_aead_operation_t *operation,
         goto exit;
     }
 
+    if( operation->lengths_set )
+    {
+        if ( operation->ad_remaining < input_length )
+        {
+            status = PSA_ERROR_INVALID_ARGUMENT;
+            goto exit;
+        }
+
+        operation->ad_remaining -= input_length;
+    }
+
     status = psa_driver_wrapper_aead_update_ad( operation, input,
                                                 input_length );
 
@@ -3530,6 +3545,26 @@ psa_status_t psa_aead_update( psa_aead_operation_t *operation,
         goto exit;
     }
 
+    if( operation->lengths_set )
+    {
+        /* Additional data length was supplied, but not all the additional
+           data was supplied.*/
+        if( operation->ad_remaining != 0 )
+        {
+            status = PSA_ERROR_INVALID_ARGUMENT;
+            goto exit;
+        }
+
+        /* Too much data provided. */
+        if( operation->body_remaining < input_length )
+        {
+            status = PSA_ERROR_INVALID_ARGUMENT;
+            goto exit;
+        }
+
+        operation->body_remaining -= input_length;
+    }
+
     status = psa_driver_wrapper_aead_update( operation, input, input_length,
                                              output, output_size,
                                              output_length );
@@ -3571,6 +3606,13 @@ psa_status_t psa_aead_finish( psa_aead_operation_t *operation,
         goto exit;
     }
 
+    if( operation->lengths_set && (operation->ad_remaining != 0 ||
+                                   operation->body_remaining != 0 ) )
+    {
+        status = PSA_ERROR_BAD_STATE;
+        goto exit;
+    }
+
     status = psa_driver_wrapper_aead_finish( operation, ciphertext,
                                              ciphertext_size,
                                              ciphertext_length,
@@ -3609,6 +3651,13 @@ psa_status_t psa_aead_verify( psa_aead_operation_t *operation,
         goto exit;
     }
 
+    if( operation->lengths_set && (operation->ad_remaining != 0 ||
+                                   operation->body_remaining != 0 ) )
+    {
+        status = PSA_ERROR_BAD_STATE;
+        goto exit;
+    }
+
     status = psa_driver_wrapper_aead_verify( operation, plaintext,
                                              plaintext_size,
                                              plaintext_length,
diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c
index 0daa3034a1..bbfc9271ea 100644
--- a/library/psa_crypto_aead.c
+++ b/library/psa_crypto_aead.c
@@ -481,10 +481,6 @@ psa_status_t mbedtls_psa_aead_set_lengths(
         return ( PSA_ERROR_NOT_SUPPORTED );
     }
 
-    operation->ad_remaining = ad_length;
-    operation->body_remaining = plaintext_length;
-    operation->lengths_set = 1;
-
     return ( PSA_SUCCESS );
 }
 
@@ -496,14 +492,6 @@ psa_status_t mbedtls_psa_aead_update_ad(
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
-    if( operation->lengths_set )
-    {
-        if ( operation->ad_remaining < input_length )
-            return( PSA_ERROR_INVALID_ARGUMENT );
-
-        operation->ad_remaining -= input_length;
-    }
-
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
     if( operation->alg == PSA_ALG_GCM )
     {
@@ -590,20 +578,6 @@ psa_status_t mbedtls_psa_aead_update(
                                         input_length ) > output_size )
         return ( PSA_ERROR_BUFFER_TOO_SMALL );
 
-    if( operation->lengths_set)
-    {
-        /* Additional data length was supplied, but not all the additional
-           data was supplied.*/
-        if( operation->ad_remaining != 0 )
-            return ( PSA_ERROR_INVALID_ARGUMENT );
-
-        /* Too much data provided. */
-        if( operation->body_remaining < input_length )
-            return ( PSA_ERROR_INVALID_ARGUMENT );
-
-        operation->body_remaining -= input_length;
-    }
-
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
     if( operation->alg == PSA_ALG_GCM )
     {
@@ -725,10 +699,6 @@ static psa_status_t mbedtls_psa_aead_finish_checks(
 {
     size_t finish_output_size;
 
-    if( operation->lengths_set )
-        if( operation->ad_remaining != 0 || operation->body_remaining != 0 )
-            return( PSA_ERROR_BAD_STATE );
-
     if( tag_size < operation->tag_length )
         return ( PSA_ERROR_BUFFER_TOO_SMALL );
 
@@ -934,7 +904,6 @@ psa_status_t mbedtls_psa_aead_abort(
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
     }
 
-    operation->lengths_set = 0;
     operation->is_encrypt = 0;
     operation->ad_started = 0;
     operation->body_started = 0;

From 1a98acac1c6a31507f81164ba2b30e6357d6e44e Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Thu, 20 May 2021 18:24:07 +0100
Subject: [PATCH 049/966] Properly handle GCM's range of nonce sizes

Add comment to the effect that we cannot really check nonce size as the
GCM spec allows almost arbitrarily large nonces. As a result of this,
change the operation nonce over to an allocated buffer to avoid overflow
situations.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 include/psa/crypto_builtin_primitives.h |  6 +++---
 library/psa_crypto.c                    |  6 ++++++
 library/psa_crypto_aead.c               | 18 ++++++++++++++++--
 library/psa_crypto_aead.h               |  2 ++
 4 files changed, 27 insertions(+), 5 deletions(-)

diff --git a/include/psa/crypto_builtin_primitives.h b/include/psa/crypto_builtin_primitives.h
index b28e0d7e2e..b67b23ff12 100644
--- a/include/psa/crypto_builtin_primitives.h
+++ b/include/psa/crypto_builtin_primitives.h
@@ -135,7 +135,6 @@ typedef struct
     unsigned int body_started : 1;
 
     uint8_t tag_length;
-    uint8_t nonce_length;
 
     /* Buffers for AD/data - only required until CCM gets proper multipart
        support. */
@@ -149,7 +148,8 @@ typedef struct
 
     /* buffer to store Nonce - only required until CCM and GCM get proper
        multipart support. */
-    uint8_t nonce[PSA_AEAD_NONCE_MAX_SIZE];
+    uint8_t *nonce;
+    size_t nonce_length;
 
     union
     {
@@ -168,7 +168,7 @@ typedef struct
 
 } mbedtls_psa_aead_operation_t;
 
-#define MBEDTLS_PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, {0}, {0}}
+#define MBEDTLS_PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, {0}}
 
 /*
  * BEYOND THIS POINT, TEST DRIVER DECLARATIONS ONLY.
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index c53020a2be..fcc22e167e 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3429,6 +3429,12 @@ psa_status_t psa_aead_set_nonce( psa_aead_operation_t *operation,
         goto exit;
     }
 
+    /* Not checking nonce size here as GCM spec allows almost abitrarily large
+     * nonces. Please note that we do not generally recommend the usage of
+     * nonces of greater length than PSA_AEAD_NONCE_MAX_SIZE, as large nonces
+     * are hashed to a shorter size, which can then lead to collisions if you
+       encrypt a very large number of messages. */
+
     status = psa_driver_wrapper_aead_set_nonce( operation, nonce,
                                                 nonce_length );
 
diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c
index bbfc9271ea..10849b2ad4 100644
--- a/library/psa_crypto_aead.c
+++ b/library/psa_crypto_aead.c
@@ -388,11 +388,16 @@ psa_status_t mbedtls_psa_aead_set_nonce(
     #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
     if( operation->alg == PSA_ALG_GCM )
     {
+        operation->nonce = mbedtls_calloc( 1, nonce_length );
+
+        if( operation->nonce == NULL )
+            return( PSA_ERROR_INSUFFICIENT_MEMORY );
+
         /* GCM sets nonce once additional data has been supplied */
         memcpy( operation->nonce, nonce, nonce_length );
 
         /* We know that nonce size cannot exceed the uint8_t size */
-        operation->nonce_length = ( uint8_t ) nonce_length;
+        operation->nonce_length = nonce_length;
         status = PSA_SUCCESS;
     }
     else
@@ -400,12 +405,17 @@ psa_status_t mbedtls_psa_aead_set_nonce(
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
     if( operation->alg == PSA_ALG_CCM )
     {
+        operation->nonce = mbedtls_calloc( 1, nonce_length );
+
+        if( operation->nonce == NULL )
+            return( PSA_ERROR_INSUFFICIENT_MEMORY );
+
         /* Multipart CCM not supported as yet, so CCM is basically operating
            in oneshot mode. Store the nonce as we need this later */
         memcpy( operation->nonce, nonce, nonce_length );
 
         /* We know that nonce size cannot exceed the uint8_t size */
-        operation->nonce_length = ( uint8_t ) nonce_length;
+        operation->nonce_length = nonce_length;
         status = PSA_SUCCESS;
     }
     else
@@ -919,6 +929,10 @@ psa_status_t mbedtls_psa_aead_abort(
     mbedtls_free( operation->tag_buffer );
     operation->tag_buffer = NULL;
 
+    mbedtls_free( operation->nonce );
+    operation->nonce = NULL;
+    operation->nonce_length = 0;
+
     return( PSA_SUCCESS );
 }
 
diff --git a/library/psa_crypto_aead.h b/library/psa_crypto_aead.h
index fcac5cac18..ef4842e355 100644
--- a/library/psa_crypto_aead.h
+++ b/library/psa_crypto_aead.h
@@ -263,6 +263,8 @@ psa_status_t mbedtls_psa_aead_decrypt_setup(
  * \retval #PSA_ERROR_NOT_SUPPORTED
  *         Algorithm previously set is not supported in this configuration of
  *         the library.
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ *         (GCM and CCM only) Unable to allocate buffer for nonce.
  */
 psa_status_t mbedtls_psa_aead_set_nonce(
     mbedtls_psa_aead_operation_t *operation,

From 3dc1c242b426c0ccdd683495d8345ed2395ee976 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Thu, 20 May 2021 18:32:57 +0100
Subject: [PATCH 050/966] Move AEAD contexts from primitives to composites

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 include/psa/crypto_builtin_composites.h       | 56 +++++++++++++++++++
 include/psa/crypto_builtin_primitives.h       | 55 ------------------
 .../psa/crypto_driver_contexts_composites.h   |  8 +++
 .../psa/crypto_driver_contexts_primitives.h   |  8 ---
 4 files changed, 64 insertions(+), 63 deletions(-)

diff --git a/include/psa/crypto_builtin_composites.h b/include/psa/crypto_builtin_composites.h
index 1d11b003e4..b65922b9c2 100644
--- a/include/psa/crypto_builtin_composites.h
+++ b/include/psa/crypto_builtin_composites.h
@@ -76,6 +76,58 @@ typedef struct
 
 #define MBEDTLS_PSA_MAC_OPERATION_INIT {0, {0}}
 
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) || \
+    defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) || \
+    defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
+#define MBEDTLS_PSA_BUILTIN_AEAD  1
+#endif
+
+/* Context structure for the Mbed TLS AEAD implementation. */
+typedef struct
+{
+    psa_algorithm_t alg;
+    psa_key_type_t key_type;
+
+    unsigned int is_encrypt : 1;
+    unsigned int ad_started : 1;
+    unsigned int body_started : 1;
+
+    uint8_t tag_length;
+
+    /* Buffers for AD/data - only required until CCM gets proper multipart
+       support. */
+    uint8_t *ad_buffer;
+    size_t ad_length;
+
+    uint8_t *body_buffer;
+    size_t body_length;
+
+    uint8_t *tag_buffer;
+
+    /* buffer to store Nonce - only required until CCM and GCM get proper
+       multipart support. */
+    uint8_t *nonce;
+    size_t nonce_length;
+
+    union
+    {
+        unsigned dummy; /* Enable easier initializing of the union. */
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
+        mbedtls_ccm_context ccm;
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
+        mbedtls_gcm_context gcm;
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
+        mbedtls_chachapoly_context chachapoly;
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
+
+    } ctx;
+
+} mbedtls_psa_aead_operation_t;
+
+#define MBEDTLS_PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, {0}}
+
 /*
  * BEYOND THIS POINT, TEST DRIVER DECLARATIONS ONLY.
  */
@@ -87,6 +139,10 @@ typedef mbedtls_psa_mac_operation_t mbedtls_opaque_test_driver_mac_operation_t;
 #define MBEDTLS_TRANSPARENT_TEST_DRIVER_MAC_OPERATION_INIT MBEDTLS_PSA_MAC_OPERATION_INIT
 #define MBEDTLS_OPAQUE_TEST_DRIVER_MAC_OPERATION_INIT MBEDTLS_PSA_MAC_OPERATION_INIT
 
+typedef mbedtls_psa_aead_operation_t mbedtls_transparent_test_driver_aead_operation_t;
+
+#define MBEDTLS_TRANSPARENT_TEST_DRIVER_AEAD_OPERATION_INIT MBEDTLS_PSA_AEAD_OPERATION_INIT
+
 #endif /* PSA_CRYPTO_DRIVER_TEST */
 
 #endif /* PSA_CRYPTO_BUILTIN_COMPOSITES_H */
diff --git a/include/psa/crypto_builtin_primitives.h b/include/psa/crypto_builtin_primitives.h
index b67b23ff12..75801a1789 100644
--- a/include/psa/crypto_builtin_primitives.h
+++ b/include/psa/crypto_builtin_primitives.h
@@ -118,58 +118,6 @@ typedef struct {
 
 #define MBEDTLS_PSA_CIPHER_OPERATION_INIT {0, 0, 0, {0}}
 
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) || \
-    defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) || \
-    defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
-#define MBEDTLS_PSA_BUILTIN_AEAD  1
-#endif
-
-/* Context structure for the Mbed TLS cipher implementation. */
-typedef struct
-{
-    psa_algorithm_t alg;
-    psa_key_type_t key_type;
-
-    unsigned int is_encrypt : 1;
-    unsigned int ad_started : 1;
-    unsigned int body_started : 1;
-
-    uint8_t tag_length;
-
-    /* Buffers for AD/data - only required until CCM gets proper multipart
-       support. */
-    uint8_t *ad_buffer;
-    size_t ad_length;
-
-    uint8_t *body_buffer;
-    size_t body_length;
-
-    uint8_t *tag_buffer;
-
-    /* buffer to store Nonce - only required until CCM and GCM get proper
-       multipart support. */
-    uint8_t *nonce;
-    size_t nonce_length;
-
-    union
-    {
-        unsigned dummy; /* Enable easier initializing of the union. */
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
-        mbedtls_ccm_context ccm;
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
-        mbedtls_gcm_context gcm;
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
-        mbedtls_chachapoly_context chachapoly;
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
-
-    } ctx;
-
-} mbedtls_psa_aead_operation_t;
-
-#define MBEDTLS_PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, {0}}
-
 /*
  * BEYOND THIS POINT, TEST DRIVER DECLARATIONS ONLY.
  */
@@ -182,9 +130,6 @@ typedef mbedtls_psa_hash_operation_t mbedtls_transparent_test_driver_hash_operat
 typedef mbedtls_psa_cipher_operation_t
         mbedtls_transparent_test_driver_cipher_operation_t;
 
-typedef mbedtls_psa_aead_operation_t
-        mbedtls_transparent_test_driver_aead_operation_t;
-
 typedef struct {
     unsigned int initialised : 1;
     mbedtls_transparent_test_driver_cipher_operation_t ctx;
diff --git a/include/psa/crypto_driver_contexts_composites.h b/include/psa/crypto_driver_contexts_composites.h
index 239fdcb337..957986c22f 100644
--- a/include/psa/crypto_driver_contexts_composites.h
+++ b/include/psa/crypto_driver_contexts_composites.h
@@ -58,5 +58,13 @@ typedef union {
 #endif
 } psa_driver_mac_context_t;
 
+typedef union {
+    unsigned dummy; /* Make sure this union is always non-empty */
+    mbedtls_psa_aead_operation_t mbedtls_ctx;
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+    mbedtls_transparent_test_driver_aead_operation_t transparent_test_driver_ctx;
+#endif
+} psa_driver_aead_context_t;
+
 #endif /* PSA_CRYPTO_DRIVER_CONTEXTS_COMPOSITES_H */
 /* End of automatically generated file. */
diff --git a/include/psa/crypto_driver_contexts_primitives.h b/include/psa/crypto_driver_contexts_primitives.h
index 4fba9eb030..104d4bdb6d 100644
--- a/include/psa/crypto_driver_contexts_primitives.h
+++ b/include/psa/crypto_driver_contexts_primitives.h
@@ -65,13 +65,5 @@ typedef union {
 #endif
 } psa_driver_cipher_context_t;
 
-typedef union {
-    unsigned dummy; /* Make sure this union is always non-empty */
-    mbedtls_psa_aead_operation_t mbedtls_ctx;
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-    mbedtls_transparent_test_driver_aead_operation_t transparent_test_driver_ctx;
-#endif
-} psa_driver_aead_context_t;
-
 #endif /* PSA_CRYPTO_DRIVER_CONTEXTS_PRIMITIVES_H */
 /* End of automatically generated file. */

From e715f88d9d30e2c2812280f5952339e9dc25b09a Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Thu, 20 May 2021 21:54:19 +0100
Subject: [PATCH 051/966] Fix key slot being used uninitialised on error

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto.c | 22 ++++++++++++++--------
 1 file changed, 14 insertions(+), 8 deletions(-)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index fcc22e167e..5d55e4543d 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3240,7 +3240,7 @@ psa_status_t psa_aead_encrypt_setup( psa_aead_operation_t *operation,
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
-    psa_key_slot_t *slot;
+    psa_key_slot_t *slot = NULL;
 
     if( !PSA_ALG_IS_AEAD( alg ) || PSA_ALG_IS_WILDCARD( alg ) )
     {
@@ -3282,10 +3282,13 @@ psa_status_t psa_aead_encrypt_setup( psa_aead_operation_t *operation,
 
 exit:
 
-    unlock_status = psa_unlock_key_slot( slot );
+    if( slot )
+    {
+        unlock_status = psa_unlock_key_slot( slot );
 
-    if( unlock_status != PSA_SUCCESS )
-        status = unlock_status;
+        if( unlock_status != PSA_SUCCESS )
+            status = unlock_status;
+    }
 
     if( status == PSA_SUCCESS )
         operation->alg = psa_aead_get_base_algorithm( alg );
@@ -3302,7 +3305,7 @@ psa_status_t psa_aead_decrypt_setup( psa_aead_operation_t *operation,
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
-    psa_key_slot_t *slot;
+    psa_key_slot_t *slot = NULL;
 
     if( !PSA_ALG_IS_AEAD( alg ) || PSA_ALG_IS_WILDCARD( alg ) )
     {
@@ -3344,10 +3347,13 @@ psa_status_t psa_aead_decrypt_setup( psa_aead_operation_t *operation,
 
 exit:
 
-    unlock_status = psa_unlock_key_slot( slot );
+    if( slot )
+    {
+        unlock_status = psa_unlock_key_slot( slot );
 
-    if( unlock_status != PSA_SUCCESS )
-        status = unlock_status;
+        if( unlock_status != PSA_SUCCESS )
+            status = unlock_status;
+    }
 
     if( status == PSA_SUCCESS )
         operation->alg = psa_aead_get_base_algorithm( alg );

From 60aa203e30b0ae13bfe2d1aa074e396199d71fc8 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Thu, 20 May 2021 18:57:02 +0100
Subject: [PATCH 052/966] Remove temporary AEAD CCM implementation

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 include/mbedtls/config.h                |   8 --
 library/ccm.c                           |   2 -
 library/psa_crypto_aead.c               | 160 ++++++------------------
 programs/test/query_config.c            |   8 --
 scripts/config.py                       |   1 -
 tests/suites/test_suite_psa_crypto.data | 112 -----------------
 6 files changed, 35 insertions(+), 256 deletions(-)

diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 6cb05e4712..a4479d79ff 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -3756,14 +3756,6 @@
  */
 //#define MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
 
-/**
- * Internal define that removes the zeroization of the output when decrypting
- * CCM and the tag check fails. This is for internal use only, and was added so
- * that PSA multipart CCM could be implmented. This option will be removed at
- * some point in the future when proper CCM multipart support is implemented.
- * Use at own risk.
- */
-//#define MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL
 /* \} name SECTION: Customisation configuration options */
 
 /* Target and application specific configurations
diff --git a/library/ccm.c b/library/ccm.c
index d52e7b0797..424ee77b69 100644
--- a/library/ccm.c
+++ b/library/ccm.c
@@ -386,9 +386,7 @@ int mbedtls_ccm_star_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
 
     if( diff != 0 )
     {
-#ifndef MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL
         mbedtls_platform_zeroize( output, length );
-#endif
         return( MBEDTLS_ERR_CCM_AUTH_FAILED );
     }
 
diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c
index 10849b2ad4..fb86775e51 100644
--- a/library/psa_crypto_aead.c
+++ b/library/psa_crypto_aead.c
@@ -346,6 +346,13 @@ psa_status_t mbedtls_psa_aead_encrypt_setup(
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
+    if( operation->alg == PSA_ALG_CCM )
+    {
+        return ( PSA_ERROR_NOT_SUPPORTED );
+    }
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
+
     status = psa_aead_setup( operation, attributes, key_buffer,
                              key_buffer_size, alg );
 
@@ -366,7 +373,12 @@ psa_status_t mbedtls_psa_aead_decrypt_setup(
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
-    (void) key_buffer_size;
+    #if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
+    if( operation->alg == PSA_ALG_CCM )
+    {
+        return ( PSA_ERROR_NOT_SUPPORTED );
+    }
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
 
     status = psa_aead_setup( operation, attributes, key_buffer,
                              key_buffer_size, alg );
@@ -405,18 +417,10 @@ psa_status_t mbedtls_psa_aead_set_nonce(
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
     if( operation->alg == PSA_ALG_CCM )
     {
-        operation->nonce = mbedtls_calloc( 1, nonce_length );
+        ( void ) nonce;
+        ( void ) nonce_length;
 
-        if( operation->nonce == NULL )
-            return( PSA_ERROR_INSUFFICIENT_MEMORY );
-
-        /* Multipart CCM not supported as yet, so CCM is basically operating
-           in oneshot mode. Store the nonce as we need this later */
-        memcpy( operation->nonce, nonce, nonce_length );
-
-        /* We know that nonce size cannot exceed the uint8_t size */
-        operation->nonce_length = nonce_length;
-        status = PSA_SUCCESS;
+        return ( PSA_ERROR_NOT_SUPPORTED );
     }
     else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
@@ -527,21 +531,10 @@ psa_status_t mbedtls_psa_aead_update_ad(
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
     if( operation->alg == PSA_ALG_CCM )
     {
-        /* CCM requires all additional data to be passed in in one go at the
-           minute, as we are basically operating in oneshot mode. */
-        if( operation->ad_started )
-            return( PSA_ERROR_NOT_SUPPORTED );
+        (void) input;
+        (void) input_length;
 
-        /* Save the additional data for later, this will be passed in
-           when we have the body. */
-        operation->ad_buffer = ( uint8_t * ) mbedtls_calloc( 1, input_length );
-
-        if( operation->ad_buffer == NULL )
-            return( PSA_ERROR_INSUFFICIENT_MEMORY );
-
-        memcpy( operation->ad_buffer, input, input_length );
-        operation->ad_length = input_length;
-        status = PSA_SUCCESS;
+        return ( PSA_ERROR_NOT_SUPPORTED );
     }
     else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
@@ -580,7 +573,6 @@ psa_status_t mbedtls_psa_aead_update(
 {
     size_t update_output_length;
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
     update_output_length = input_length;
 
@@ -609,67 +601,10 @@ psa_status_t mbedtls_psa_aead_update(
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
     if( operation->alg == PSA_ALG_CCM )
     {
-        /* CCM does not support multipart yet, so all the input has to be
-           passed in in one go. */
-        if( operation->body_started )
-            return( PSA_ERROR_NOT_SUPPORTED );
+        (void) input;
+        (void) input_length;
 
-        /* Need to store tag for Finish() / Verify() */
-        operation->tag_buffer =
-            ( uint8_t * ) mbedtls_calloc( 1, operation->tag_length );
-
-        if( operation->tag_buffer == NULL)
-        {
-            return( PSA_ERROR_INSUFFICIENT_MEMORY );
-        }
-
-        if( operation->is_encrypt )
-        {
-            /* Perform oneshot CCM encryption with additional data already
-               stored, as CCM does not support multipart yet.*/
-            status = mbedtls_to_psa_error(
-               mbedtls_ccm_encrypt_and_tag( &operation->ctx.ccm,
-                                            input_length,
-                                            operation->nonce,
-                                            operation->nonce_length,
-                                            operation->ad_buffer,
-                                            operation->ad_length,
-                                            input,
-                                            output,
-                                            operation->tag_buffer,
-                                            operation->tag_length ) );
-
-        }
-        else
-        {
-            /* Need to back up the body data so we can do this again
-               later.*/
-            operation->body_buffer =
-                ( uint8_t * ) mbedtls_calloc(1, input_length );
-
-            if( operation->body_buffer == NULL)
-                return( PSA_ERROR_INSUFFICIENT_MEMORY );
-
-            memcpy( operation->body_buffer, input, input_length );
-            operation->body_length = input_length;
-
-            /* this will fail, as the tag is clearly false, but will
-               write the decrypted data to the output buffer.*/
-            ret = mbedtls_ccm_auth_decrypt( &operation->ctx.ccm,
-                                            input_length,
-                                            operation->nonce,
-                                            operation->nonce_length,
-                                            operation->ad_buffer,
-                                            operation->ad_length,
-                                            input, output,
-                                            operation->tag_buffer,
-                                            operation->tag_length );
-
-            if( ret == MBEDTLS_ERR_CCM_AUTH_FAILED )
-                status = PSA_SUCCESS;
-            else
-                status = mbedtls_to_psa_error( ret );
-        }
+        return ( PSA_ERROR_NOT_SUPPORTED );
     }
     else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
@@ -752,10 +687,14 @@ psa_status_t mbedtls_psa_aead_finish(
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
     if( operation->alg == PSA_ALG_CCM )
     {
-        /* Copy the previously generated tag into place */
-        memcpy( tag, operation->tag_buffer, operation->tag_length );
+        ( void ) ciphertext;
+        ( void ) ciphertext_size;
+        ( void ) ciphertext_length;
+        ( void ) tag;
+        ( void ) tag_size;
+        ( void ) tag_length;
 
-        status = PSA_SUCCESS;
+        return ( PSA_ERROR_NOT_SUPPORTED );
     }
     else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
@@ -797,10 +736,6 @@ psa_status_t mbedtls_psa_aead_verify(
     size_t tag_length )
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
-    uint8_t * temp_buffer;
-    size_t temp_buffer_size;
 
     size_t finish_output_size = 0;
 
@@ -825,38 +760,13 @@ psa_status_t mbedtls_psa_aead_verify(
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
     if( operation->alg == PSA_ALG_CCM )
     {
-        /* Perform oneshot CCM decryption *again*, as its the
-         * only way to get the tag, but this time throw away the
-           results, as verify cannot write that much data. */
-        temp_buffer_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( operation->key_type,
-                                                        operation->alg,
-                                                        operation->body_length
-                                                        );
+        ( void ) plaintext;
+        ( void ) plaintext_size;
+        ( void ) plaintext_length;
+        ( void ) tag;
+        ( void ) tag_length;
 
-        temp_buffer = ( uint8_t * ) mbedtls_calloc(1, temp_buffer_size );
-
-        if( temp_buffer == NULL)
-            return( PSA_ERROR_INSUFFICIENT_MEMORY );
-
-        ret = mbedtls_ccm_auth_decrypt( &operation->ctx.ccm,
-                                        operation->body_length,
-                                        operation->nonce,
-                                        operation->nonce_length,
-                                        operation->ad_buffer,
-                                        operation->ad_length,
-                                        operation->body_buffer,
-                                        temp_buffer, tag, tag_length );
-
-        if( ret == MBEDTLS_ERR_CCM_AUTH_FAILED )
-            status = PSA_ERROR_INVALID_SIGNATURE;
-        else
-        {
-            status = mbedtls_to_psa_error( ret );
-            do_tag_check = 0;
-        }
-
-        /* Even if the above operation fails, we no longer need the data */
-        mbedtls_free( temp_buffer );
+        return ( PSA_ERROR_NOT_SUPPORTED );
     }
     else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
diff --git a/programs/test/query_config.c b/programs/test/query_config.c
index 647279d687..450e2fbbf0 100644
--- a/programs/test/query_config.c
+++ b/programs/test/query_config.c
@@ -2723,14 +2723,6 @@ int query_config( const char *config )
     }
 #endif /* MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED */
 
-#if defined(MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL)
-    if( strcmp( "MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL", config ) == 0 )
-    {
-        MACRO_EXPANSION_TO_STR( MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL );
-        return( 0 );
-    }
-#endif /* MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL */
-
     /* If the symbol is not found, return an error */
     return( 1 );
 }
diff --git a/scripts/config.py b/scripts/config.py
index f9f06053d3..a77ead0544 100755
--- a/scripts/config.py
+++ b/scripts/config.py
@@ -197,7 +197,6 @@ EXCLUDE_FROM_FULL = frozenset([
     'MBEDTLS_TEST_NULL_ENTROPY', # removes a feature
     'MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION', # influences the use of X.509 in TLS
     'MBEDTLS_X509_REMOVE_INFO', # removes a feature
-    'MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL', # lowers security of CCM
 ])
 
 def is_seamless_alt(name):
diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index 177d688e3e..c2e80e18d5 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -2062,118 +2062,6 @@ PSA AEAD encrypt/decrypt: invalid algorithm (ChaCha20)
 depends_on:MBEDTLS_CHACHA20_C
 aead_encrypt_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_STREAM_CIPHER:"":"":"":PSA_ERROR_NOT_SUPPORTED
 
-PSA Multipart AEAD encrypt/decrypt: AES-CCM, 19 bytes #1
-depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL
-aead_multipart_encrypt_decrypt:PSA_KEY_TYPE_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":PSA_ALG_CCM:"000102030405060708090A0B":"000102030405060708090A0B":-1:"0C0D0E0F101112131415161718191A1B1C1D1E":-1:PSA_SUCCESS
-
-PSA Multipart AEAD encrypt/decrypt: AES-CCM, 19 bytes #2
-depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL
-aead_multipart_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CCM:"000102030405060708090A0B":"EC46BB63B02520C33C49FD70":-1:"B96B49E21D621741632875DB7F6C9243D2D7C2":-1:PSA_SUCCESS
-
-PSA Multipart AEAD encrypt/decrypt: DES-CCM not supported
-depends_on:MBEDTLS_DES_C:MBEDTLS_CCM_C:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL
-aead_multipart_encrypt_decrypt:PSA_KEY_TYPE_DES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CCM:"000102030405060708090A0B":"EC46BB63B02520C33C49FD70":-1:"B96B49E21D621741632875DB7F6C9243D2D7C2":-1:PSA_ERROR_NOT_SUPPORTED
-
-PSA Multipart AEAD encrypt: AES-CCM, 23 bytes
-depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CCM:"00412B4EA9CDBE3C9696766CFA":"0BE1A88BACE018B1":-1:"08E8CF97D820EA258460E96AD9CF5289054D895CEAC47C":-1:"4CB97F86A2A4689A877947AB8091EF5386A6FFBDD080F8120333D1FCB691F3406CBF531F83A4D8"
-
-PSA Multipart AEAD encrypt: AES-CCM, 24 bytes
-depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6d80e8bf80f4a46cab06d4313f0db9be9"
-
-PSA Multipart AEAD encrypt: AES-CCM, 24 bytes, T=4
-depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 4 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6643b4f39"
-
-PSA Multipart AEAD encrypt: AES-CCM, 24 bytes, T=6
-depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 6 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b63fdffcd729bc"
-
-PSA Multipart AEAD encrypt: AES-CCM, 24 bytes, T=8
-depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 8 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b64cf2c3bf5f220776"
-
-PSA Multipart AEAD encrypt: AES-CCM, 24 bytes, T=10
-depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 10 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b69613343621327defd18e"
-
-PSA Multipart AEAD encrypt: AES-CCM, 24 bytes, T=12
-depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 12 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b69a2e5d8faee3138fa5cf9846"
-
-PSA Multipart AEAD encrypt: AES-CCM, 24 bytes, T=14
-depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 14 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6c99af01cdb6aa76df73c8646c27f"
-
-PSA Multipart AEAD encrypt: AES-CCM, 24 bytes, T=16
-depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 16 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6d80e8bf80f4a46cab06d4313f0db9be9"
-
-PSA Multipart AEAD decrypt: AES-CCM, 39 bytes
-depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CCM:"00412B4EA9CDBE3C9696766CFA":"0BE1A88BACE018B1":-1:"4CB97F86A2A4689A877947AB8091EF5386A6FFBDD080F8120333D1FCB691F3406CBF531F83A4D8":-1:"08E8CF97D820EA258460E96AD9CF5289054D895CEAC47C":PSA_SUCCESS
-
-PSA Multipart AEAD decrypt, AES-CCM, 40 bytes
-depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6d80e8bf80f4a46cab06d4313f0db9be9":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_SUCCESS
-
-PSA Multipart AEAD decrypt: AES-CCM, 24 bytes, T=4
-depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 4 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6643b4f39":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_SUCCESS
-
-PSA Multipart AEAD decrypt: AES-CCM, 24 bytes, T=6
-depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 6 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b63fdffcd729bc":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_SUCCESS
-
-PSA Multipart AEAD decrypt: AES-CCM, 24 bytes, T=8
-depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 8 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b64cf2c3bf5f220776":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_SUCCESS
-
-PSA Multipart AEAD decrypt: AES-CCM, 24 bytes, T=10
-depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 10 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b69613343621327defd18e":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_SUCCESS
-
-PSA Multipart AEAD decrypt: AES-CCM, 24 bytes, T=12
-depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 12 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b69a2e5d8faee3138fa5cf9846":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_SUCCESS
-
-PSA Multipart AEAD decrypt: AES-CCM, 24 bytes, T=14
-depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 14 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6c99af01cdb6aa76df73c8646c27f":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_SUCCESS
-
-PSA Multipart AEAD decrypt: AES-CCM, 24 bytes, T=16
-depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 16 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6d80e8bf80f4a46cab06d4313f0db9be9":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_SUCCESS
-
-PSA Multipart AEAD decrypt: AES-CCM, invalid signature
-depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"26d56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6d80e8bf80f4a46cab06d4313f0db9be9":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_SIGNATURE
-
-PSA Multipart AEAD decrypt: AES-CCM, invalid signature, T=4
-depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 4 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6643b4f38":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_SIGNATURE
-
-PSA Multipart AEAD decrypt: AES-CCM, T=4, tag is truncated tag for T=16
-depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 4 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"26c56961c035a7e452cce61bc6ee220d":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_SIGNATURE
-
-PSA Multipart AEAD decrypt: AES-CCM, invalid tag length 0
-depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 0 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT
-
-PSA Multipart AEAD decrypt: AES-CCM, invalid tag length 2
-depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 2 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT
-
-PSA Multipart AEAD decrypt: AES-CCM, invalid tag length 15
-depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 15 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT
-
-PSA Multipart AEAD decrypt: AES-CCM, invalid tag length 18
-depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 18 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT
-
 PSA Multipart AEAD encrypt/decrypt, AES-GCM, 19 bytes #1
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_encrypt_decrypt:PSA_KEY_TYPE_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":PSA_ALG_GCM:"000102030405060708090A0B0C0D0E0F":"000102030405060708090A0B":-1:"0C0D0E0F101112131415161718191A1B1C1D1E":-1:PSA_SUCCESS

From e95259f833f9580990e6d210b5e591f7cf72d9f3 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Fri, 21 May 2021 17:09:21 +0100
Subject: [PATCH 053/966] Remove some CCM leftovers

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 include/psa/crypto_builtin_composites.h | 15 +----
 library/psa_crypto_aead.c               | 76 ++-----------------------
 2 files changed, 7 insertions(+), 84 deletions(-)

diff --git a/include/psa/crypto_builtin_composites.h b/include/psa/crypto_builtin_composites.h
index b65922b9c2..ff8e148fdb 100644
--- a/include/psa/crypto_builtin_composites.h
+++ b/include/psa/crypto_builtin_composites.h
@@ -93,19 +93,10 @@ typedef struct
     unsigned int body_started : 1;
 
     uint8_t tag_length;
-
-    /* Buffers for AD/data - only required until CCM gets proper multipart
-       support. */
-    uint8_t *ad_buffer;
-    size_t ad_length;
-
-    uint8_t *body_buffer;
-    size_t body_length;
-
     uint8_t *tag_buffer;
 
-    /* buffer to store Nonce - only required until CCM and GCM get proper
-       multipart support. */
+    /* Buffer to store Nonce - only required until CCM and GCM get proper
+     * multipart support.*/
     uint8_t *nonce;
     size_t nonce_length;
 
@@ -126,7 +117,7 @@ typedef struct
 
 } mbedtls_psa_aead_operation_t;
 
-#define MBEDTLS_PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, {0}}
+#define MBEDTLS_PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, 0, 0, 0, 0, 0, {0}}
 
 /*
  * BEYOND THIS POINT, TEST DRIVER DECLARATIONS ONLY.
diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c
index fb86775e51..d585c59f65 100644
--- a/library/psa_crypto_aead.c
+++ b/library/psa_crypto_aead.c
@@ -349,7 +349,7 @@ psa_status_t mbedtls_psa_aead_encrypt_setup(
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
     if( operation->alg == PSA_ALG_CCM )
     {
-        return ( PSA_ERROR_NOT_SUPPORTED );
+        return( PSA_ERROR_NOT_SUPPORTED );
     }
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
 
@@ -373,10 +373,10 @@ psa_status_t mbedtls_psa_aead_decrypt_setup(
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
-    #if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
     if( operation->alg == PSA_ALG_CCM )
     {
-        return ( PSA_ERROR_NOT_SUPPORTED );
+        return( PSA_ERROR_NOT_SUPPORTED );
     }
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
 
@@ -408,22 +408,11 @@ psa_status_t mbedtls_psa_aead_set_nonce(
         /* GCM sets nonce once additional data has been supplied */
         memcpy( operation->nonce, nonce, nonce_length );
 
-        /* We know that nonce size cannot exceed the uint8_t size */
         operation->nonce_length = nonce_length;
         status = PSA_SUCCESS;
     }
     else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
-    if( operation->alg == PSA_ALG_CCM )
-    {
-        ( void ) nonce;
-        ( void ) nonce_length;
-
-        return ( PSA_ERROR_NOT_SUPPORTED );
-    }
-    else
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
     if( operation->alg == PSA_ALG_CHACHA20_POLY1305 )
     {
@@ -462,7 +451,7 @@ psa_status_t mbedtls_psa_aead_set_lengths(
     {
         /* Lengths can only be too large for GCM if size_t is bigger than 32
          * bits. Without the guard this code will generate warnings on 32bit
-           builds */
+         * builds */
 #if SIZE_MAX > UINT32_MAX
         if( ( (uint64_t) ad_length ) >> 61 != 0 ||
             ( (uint64_t) plaintext_length ) > 0xFFFFFFFE0ull )
@@ -528,16 +517,6 @@ psa_status_t mbedtls_psa_aead_update_ad(
     }
     else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
-    if( operation->alg == PSA_ALG_CCM )
-    {
-        (void) input;
-        (void) input_length;
-
-        return ( PSA_ERROR_NOT_SUPPORTED );
-    }
-    else
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
     if( operation->alg == PSA_ALG_CHACHA20_POLY1305 )
     {
@@ -598,16 +577,6 @@ psa_status_t mbedtls_psa_aead_update(
     }
     else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
-    if( operation->alg == PSA_ALG_CCM )
-    {
-        (void) input;
-        (void) input_length;
-
-        return ( PSA_ERROR_NOT_SUPPORTED );
-    }
-    else
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
     if( operation->alg == PSA_ALG_CHACHA20_POLY1305 )
     {
@@ -684,20 +653,6 @@ psa_status_t mbedtls_psa_aead_finish(
                                                             tag_size ) );
     else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
-    if( operation->alg == PSA_ALG_CCM )
-    {
-        ( void ) ciphertext;
-        ( void ) ciphertext_size;
-        ( void ) ciphertext_length;
-        ( void ) tag;
-        ( void ) tag_size;
-        ( void ) tag_length;
-
-        return ( PSA_ERROR_NOT_SUPPORTED );
-    }
-    else
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
     if( operation->alg == PSA_ALG_CHACHA20_POLY1305 )
         status = mbedtls_to_psa_error(
@@ -736,9 +691,7 @@ psa_status_t mbedtls_psa_aead_verify(
     size_t tag_length )
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-
     size_t finish_output_size = 0;
-
     int do_tag_check = 1;
     uint8_t check_tag[PSA_AEAD_TAG_MAX_SIZE];
 
@@ -757,19 +710,6 @@ psa_status_t mbedtls_psa_aead_verify(
                                operation->tag_length ) );
     else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
-    if( operation->alg == PSA_ALG_CCM )
-    {
-        ( void ) plaintext;
-        ( void ) plaintext_size;
-        ( void ) plaintext_length;
-        ( void ) tag;
-        ( void ) tag_length;
-
-        return ( PSA_ERROR_NOT_SUPPORTED );
-    }
-    else
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
     if( operation->alg == PSA_ALG_CHACHA20_POLY1305 )
         // call finish to get the tag for comparison.
@@ -828,14 +768,6 @@ psa_status_t mbedtls_psa_aead_abort(
     operation->ad_started = 0;
     operation->body_started = 0;
 
-    mbedtls_free( operation->ad_buffer );
-    operation->ad_buffer = NULL;
-    operation->ad_length = 0;
-
-    mbedtls_free( operation->body_buffer );
-    operation->body_buffer = NULL;
-    operation->body_length = 0;
-
     mbedtls_free( operation->tag_buffer );
     operation->tag_buffer = NULL;
 

From 6981fbcf10010dd6018221782ca2b8b2303b6c28 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Fri, 21 May 2021 17:13:50 +0100
Subject: [PATCH 054/966] Remove unneccessary guard for key unlock

Also make sure failure is not hidden by key unlock failure

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto.c | 19 +++++++------------
 1 file changed, 7 insertions(+), 12 deletions(-)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 5d55e4543d..14ef6e576c 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3282,13 +3282,10 @@ psa_status_t psa_aead_encrypt_setup( psa_aead_operation_t *operation,
 
 exit:
 
-    if( slot )
-    {
-        unlock_status = psa_unlock_key_slot( slot );
+    unlock_status = psa_unlock_key_slot( slot );
 
-        if( unlock_status != PSA_SUCCESS )
-            status = unlock_status;
-    }
+    if( status == PSA_SUCCESS )
+        status = unlock_status;
 
     if( status == PSA_SUCCESS )
         operation->alg = psa_aead_get_base_algorithm( alg );
@@ -3320,6 +3317,7 @@ psa_status_t psa_aead_decrypt_setup( psa_aead_operation_t *operation,
     }
 
     if( operation->nonce_set || operation->ad_started ||
+
         operation->body_started )
     {
         status = PSA_ERROR_BAD_STATE;
@@ -3347,13 +3345,10 @@ psa_status_t psa_aead_decrypt_setup( psa_aead_operation_t *operation,
 
 exit:
 
-    if( slot )
-    {
-        unlock_status = psa_unlock_key_slot( slot );
+    unlock_status = psa_unlock_key_slot( slot );
 
-        if( unlock_status != PSA_SUCCESS )
-            status = unlock_status;
-    }
+    if( status == PSA_SUCCESS )
+        status = unlock_status;
 
     if( status == PSA_SUCCESS )
         operation->alg = psa_aead_get_base_algorithm( alg );

From 6eb959854b4418a5b37e8e193099c34eb079b2e4 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Fri, 21 May 2021 17:41:41 +0100
Subject: [PATCH 055/966] Improve state logic

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto.c | 40 +++++++++++++++++++---------------------
 1 file changed, 19 insertions(+), 21 deletions(-)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 14ef6e576c..fb74a0d852 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3254,8 +3254,8 @@ psa_status_t psa_aead_encrypt_setup( psa_aead_operation_t *operation,
         goto exit;
     }
 
-    if( operation->nonce_set || operation->ad_started ||
-        operation->body_started )
+    if( operation->nonce_set || operation->lengths_set ||
+        operation->ad_started || operation->body_started )
     {
         status = PSA_ERROR_BAD_STATE;
         goto exit;
@@ -3316,9 +3316,8 @@ psa_status_t psa_aead_decrypt_setup( psa_aead_operation_t *operation,
         goto exit;
     }
 
-    if( operation->nonce_set || operation->ad_started ||
-
-        operation->body_started )
+   if( operation->nonce_set || operation->lengths_set ||
+        operation->ad_started || operation->body_started )
     {
         status = PSA_ERROR_BAD_STATE;
         goto exit;
@@ -3375,8 +3374,8 @@ psa_status_t psa_aead_generate_nonce( psa_aead_operation_t *operation,
         goto exit;
     }
 
-    if( operation->nonce_set || operation->ad_started ||
-        operation->body_started )
+    if( operation->nonce_set || operation->lengths_set ||
+        operation->ad_started || operation->body_started )
     {
         status = PSA_ERROR_BAD_STATE;
         goto exit;
@@ -3430,11 +3429,11 @@ psa_status_t psa_aead_set_nonce( psa_aead_operation_t *operation,
         goto exit;
     }
 
-    /* Not checking nonce size here as GCM spec allows almost abitrarily large
-     * nonces. Please note that we do not generally recommend the usage of
-     * nonces of greater length than PSA_AEAD_NONCE_MAX_SIZE, as large nonces
-     * are hashed to a shorter size, which can then lead to collisions if you
-       encrypt a very large number of messages. */
+    /* Not checking nonce size here as GCM spec allows almost arbitrarily
+     * large nonces. Please note that we do not generally recommend the usage
+     * of nonces of greater length than PSA_AEAD_NONCE_MAX_SIZE, as large
+     * nonces are hashed to a shorter size, which can then lead to collisions
+     * if you encrypt a very large number of messages.*/
 
     status = psa_driver_wrapper_aead_set_nonce( operation, nonce,
                                                 nonce_length );
@@ -3462,7 +3461,8 @@ psa_status_t psa_aead_set_lengths( psa_aead_operation_t *operation,
         goto exit;
     }
 
-    if( operation->lengths_set )
+    if( operation->lengths_set || operation->ad_started ||
+        operation->body_started)
     {
         status = PSA_ERROR_BAD_STATE;
         goto exit;
@@ -3497,7 +3497,7 @@ psa_status_t psa_aead_update_ad( psa_aead_operation_t *operation,
         goto exit;
     }
 
-    if( !operation->nonce_set )
+    if( !operation->nonce_set || operation->body_started )
     {
         status = PSA_ERROR_BAD_STATE;
         goto exit;
@@ -3505,7 +3505,7 @@ psa_status_t psa_aead_update_ad( psa_aead_operation_t *operation,
 
     if( operation->lengths_set )
     {
-        if ( operation->ad_remaining < input_length )
+        if( operation->ad_remaining < input_length )
         {
             status = PSA_ERROR_INVALID_ARGUMENT;
             goto exit;
@@ -3546,7 +3546,7 @@ psa_status_t psa_aead_update( psa_aead_operation_t *operation,
         goto exit;
     }
 
-    if( !operation->nonce_set || !operation->ad_started )
+    if( !operation->nonce_set )
     {
         status = PSA_ERROR_BAD_STATE;
         goto exit;
@@ -3606,8 +3606,7 @@ psa_status_t psa_aead_finish( psa_aead_operation_t *operation,
         goto exit;
     }
 
-    if( !operation->nonce_set || !operation->ad_started ||
-        !operation->body_started )
+    if( !operation->nonce_set )
     {
         status = PSA_ERROR_BAD_STATE;
         goto exit;
@@ -3616,7 +3615,7 @@ psa_status_t psa_aead_finish( psa_aead_operation_t *operation,
     if( operation->lengths_set && (operation->ad_remaining != 0 ||
                                    operation->body_remaining != 0 ) )
     {
-        status = PSA_ERROR_BAD_STATE;
+        status = PSA_ERROR_INVALID_ARGUMENT;
         goto exit;
     }
 
@@ -3651,8 +3650,7 @@ psa_status_t psa_aead_verify( psa_aead_operation_t *operation,
         goto exit;
     }
 
-    if( !operation->nonce_set || !operation->ad_started ||
-        !operation->body_started )
+    if( !operation->nonce_set )
     {
         status = PSA_ERROR_BAD_STATE;
         goto exit;

From f47b0957ab71a44ebb8a3430bab7a033b2276421 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Fri, 21 May 2021 18:02:33 +0100
Subject: [PATCH 056/966] Set tag to 'impossible' value on failure to encrypt

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index fb74a0d852..0b64781760 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3626,6 +3626,11 @@ psa_status_t psa_aead_finish( psa_aead_operation_t *operation,
 
 exit:
 
+    /* In case the operation fails and the user fails to check for failure or
+     * the zero tag size, make sure the tag is set to something impossible. */
+    if( status != PSA_SUCCESS )
+        memset(tag, '!', tag_size);
+
     psa_aead_abort( operation );
 
     return( status );

From 3a16e014f209d754586d3fac23f9856830a1a4e9 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Fri, 21 May 2021 18:03:15 +0100
Subject: [PATCH 057/966] Ensure tag lengths match in verification

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto_aead.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c
index d585c59f65..0e7ca63c5d 100644
--- a/library/psa_crypto_aead.c
+++ b/library/psa_crypto_aead.c
@@ -733,8 +733,8 @@ psa_status_t mbedtls_psa_aead_verify(
     {
         *plaintext_length = finish_output_size;
 
-        if( do_tag_check &&
-            mbedtls_psa_safer_memcmp(tag, check_tag, tag_length) != 0 )
+        if( do_tag_check && ( tag_length != operation->tag_length ||
+            mbedtls_psa_safer_memcmp(tag, check_tag, tag_length) != 0 ) )
             status = PSA_ERROR_INVALID_SIGNATURE;
     }
 

From 741beb114781ac3ecfa753fa78d7b8106b5d1c54 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Fri, 21 May 2021 18:48:30 +0100
Subject: [PATCH 058/966] Improve Changelog

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 ChangeLog.d/add_psa_m_aead.txt | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/ChangeLog.d/add_psa_m_aead.txt b/ChangeLog.d/add_psa_m_aead.txt
index d5c0a48c2f..378e9c12d5 100644
--- a/ChangeLog.d/add_psa_m_aead.txt
+++ b/ChangeLog.d/add_psa_m_aead.txt
@@ -1,3 +1,4 @@
 Features
-   * Implemented the multipart AEAD API within the PSA Crypto API, along with
-     tests in the PSA Crypto test suite, and transparent driver wrappers.
+   * Added multipart AEAD API to the PSA Crypto API
+   * Added MbedTLS internal implementations of the PSA Crypto multipart AEAD API
+     supporting PolyChaCha and GCM. CCM is not as yet supported.

From c40bc1e406eb67b31752a9586e49b79e4211ce48 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Fri, 21 May 2021 18:58:12 +0100
Subject: [PATCH 059/966] Fix Changelog typo

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 ChangeLog.d/add_psa_m_aead.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ChangeLog.d/add_psa_m_aead.txt b/ChangeLog.d/add_psa_m_aead.txt
index 378e9c12d5..3ae58095bd 100644
--- a/ChangeLog.d/add_psa_m_aead.txt
+++ b/ChangeLog.d/add_psa_m_aead.txt
@@ -1,4 +1,4 @@
 Features
    * Added multipart AEAD API to the PSA Crypto API
    * Added MbedTLS internal implementations of the PSA Crypto multipart AEAD API
-     supporting PolyChaCha and GCM. CCM is not as yet supported.
+     supporting ChaChaPoly and GCM. CCM is not as yet supported.

From 83f09ef056b4b21a79de0835077545ae0b0bb5c8 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Fri, 21 May 2021 19:28:26 +0100
Subject: [PATCH 060/966] Proper multipart AEAD GCM Implementation

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 include/psa/crypto_builtin_composites.h | 10 +---
 library/psa_crypto_aead.c               | 80 +++++++------------------
 2 files changed, 21 insertions(+), 69 deletions(-)

diff --git a/include/psa/crypto_builtin_composites.h b/include/psa/crypto_builtin_composites.h
index ff8e148fdb..7d8bc1a8fd 100644
--- a/include/psa/crypto_builtin_composites.h
+++ b/include/psa/crypto_builtin_composites.h
@@ -89,16 +89,8 @@ typedef struct
     psa_key_type_t key_type;
 
     unsigned int is_encrypt : 1;
-    unsigned int ad_started : 1;
-    unsigned int body_started : 1;
 
     uint8_t tag_length;
-    uint8_t *tag_buffer;
-
-    /* Buffer to store Nonce - only required until CCM and GCM get proper
-     * multipart support.*/
-    uint8_t *nonce;
-    size_t nonce_length;
 
     union
     {
@@ -117,7 +109,7 @@ typedef struct
 
 } mbedtls_psa_aead_operation_t;
 
-#define MBEDTLS_PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, 0, 0, 0, 0, 0, {0}}
+#define MBEDTLS_PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, {0}}
 
 /*
  * BEYOND THIS POINT, TEST DRIVER DECLARATIONS ONLY.
diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c
index 0e7ca63c5d..1491b35973 100644
--- a/library/psa_crypto_aead.c
+++ b/library/psa_crypto_aead.c
@@ -400,16 +400,12 @@ psa_status_t mbedtls_psa_aead_set_nonce(
     #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
     if( operation->alg == PSA_ALG_GCM )
     {
-        operation->nonce = mbedtls_calloc( 1, nonce_length );
-
-        if( operation->nonce == NULL )
-            return( PSA_ERROR_INSUFFICIENT_MEMORY );
-
-        /* GCM sets nonce once additional data has been supplied */
-        memcpy( operation->nonce, nonce, nonce_length );
-
-        operation->nonce_length = nonce_length;
-        status = PSA_SUCCESS;
+        status = mbedtls_to_psa_error(
+                 mbedtls_gcm_starts( &operation->ctx.gcm,
+                                     operation->is_encrypt ?
+                                     MBEDTLS_GCM_ENCRYPT : MBEDTLS_GCM_DECRYPT,
+                                     nonce,
+                                     nonce_length ) );
     }
     else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
@@ -498,22 +494,8 @@ psa_status_t mbedtls_psa_aead_update_ad(
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
     if( operation->alg == PSA_ALG_GCM )
     {
-         /* GCM currently requires all the additional data to be passed in
-          * in one contiguous buffer, so until that is re-done, we have to
-          * enforce this, as we cannot allocate a buffer to collate multiple
-          * calls into. */
-        if( operation->ad_started )
-            return( PSA_ERROR_NOT_SUPPORTED );
-
         status = mbedtls_to_psa_error(
-           mbedtls_gcm_starts( &operation->ctx.gcm,
-                               operation->is_encrypt ?
-                               MBEDTLS_GCM_ENCRYPT : MBEDTLS_GCM_DECRYPT,
-                               operation->nonce,
-                               operation->nonce_length,
-                               input,
-                               input_length ) );
-
+            mbedtls_gcm_update_ad( &operation->ctx.gcm, input, input_length ) );
     }
     else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
@@ -534,9 +516,6 @@ psa_status_t mbedtls_psa_aead_update_ad(
         return ( PSA_ERROR_NOT_SUPPORTED );
     }
 
-    if( status == PSA_SUCCESS )
-        operation->ad_started = 1;
-
     return ( status );
 }
 
@@ -562,18 +541,11 @@ psa_status_t mbedtls_psa_aead_update(
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
     if( operation->alg == PSA_ALG_GCM )
     {
-        /* For the time being set the requirement that all of the body data
-         * must be passed in in one update, rather than deal with the complexity
-         * of non block size aligned updates. This will be fixed in 3.0 when
-           we can change the signature of the GCM multipart functions */
-        if( operation->body_started )
-            return( PSA_ERROR_NOT_SUPPORTED );
-
-
-        status =  mbedtls_to_psa_error( mbedtls_gcm_update( &operation->ctx.gcm,
-                                                        input_length,
-                                                        input,
-                                                        output ) );
+        status =  mbedtls_to_psa_error(
+            mbedtls_gcm_update( &operation->ctx.gcm,
+                                input, input_length,
+                                output, output_size,
+                                &update_output_length ) );
     }
     else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
@@ -596,10 +568,7 @@ psa_status_t mbedtls_psa_aead_update(
     }
 
     if( status == PSA_SUCCESS )
-    {
         *output_length = update_output_length;
-        operation->body_started = 1;
-    }
 
     return( status );
 }
@@ -647,17 +616,17 @@ psa_status_t mbedtls_psa_aead_finish(
 
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
     if( operation->alg == PSA_ALG_GCM )
-        /* We will need to do final GCM pass in here when multipart is done. */
-        status =  mbedtls_to_psa_error( mbedtls_gcm_finish( &operation->ctx.gcm,
-                                                            tag,
-                                                            tag_size ) );
+        status =  mbedtls_to_psa_error(
+            mbedtls_gcm_finish( &operation->ctx.gcm,
+                                ciphertext, ciphertext_size,
+                                tag, tag_size ) );
     else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
     if( operation->alg == PSA_ALG_CHACHA20_POLY1305 )
         status = mbedtls_to_psa_error(
-           mbedtls_chachapoly_finish( &operation->ctx.chachapoly,
-                                      tag ) );
+            mbedtls_chachapoly_finish( &operation->ctx.chachapoly,
+                                       tag ) );
     else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
     {
@@ -706,8 +675,8 @@ psa_status_t mbedtls_psa_aead_verify(
         /* Call finish to get the tag for comparison */
         status =  mbedtls_to_psa_error(
            mbedtls_gcm_finish( &operation->ctx.gcm,
-                               check_tag,
-                               operation->tag_length ) );
+                               plaintext, plaintext_size,
+                               check_tag, operation->tag_length ) );
     else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
@@ -765,15 +734,6 @@ psa_status_t mbedtls_psa_aead_abort(
     }
 
     operation->is_encrypt = 0;
-    operation->ad_started = 0;
-    operation->body_started = 0;
-
-    mbedtls_free( operation->tag_buffer );
-    operation->tag_buffer = NULL;
-
-    mbedtls_free( operation->nonce );
-    operation->nonce = NULL;
-    operation->nonce_length = 0;
 
     return( PSA_SUCCESS );
 }

From 40ef3a945490550a5abaaad546ca4c88bde592fb Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Tue, 25 May 2021 15:48:09 +0100
Subject: [PATCH 061/966] Fix state logic and return codes

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 39a6b72577..e824123466 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3555,8 +3555,8 @@ psa_status_t psa_aead_generate_nonce( psa_aead_operation_t *operation,
         goto exit;
     }
 
-    if( operation->nonce_set || operation->lengths_set ||
-        operation->ad_started || operation->body_started )
+    if( operation->nonce_set || operation->ad_started ||
+        operation->body_started )
     {
         status = PSA_ERROR_BAD_STATE;
         goto exit;
@@ -3845,7 +3845,7 @@ psa_status_t psa_aead_verify( psa_aead_operation_t *operation,
     if( operation->lengths_set && (operation->ad_remaining != 0 ||
                                    operation->body_remaining != 0 ) )
     {
-        status = PSA_ERROR_BAD_STATE;
+        status = PSA_ERROR_INVALID_ARGUMENT;
         goto exit;
     }
 

From bc94978d8cbe0d3aa34ab6a4647fa784f973733a Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Thu, 3 Jun 2021 15:29:00 +0100
Subject: [PATCH 062/966] Add missing unused arguments

No algorithm defined case generally doesn't use the operation.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto_aead.c | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c
index 1491b35973..3b8fdc8b6e 100644
--- a/library/psa_crypto_aead.c
+++ b/library/psa_crypto_aead.c
@@ -397,7 +397,7 @@ psa_status_t mbedtls_psa_aead_set_nonce(
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
-    #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
     if( operation->alg == PSA_ALG_GCM )
     {
         status = mbedtls_to_psa_error(
@@ -427,6 +427,7 @@ psa_status_t mbedtls_psa_aead_set_nonce(
     else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
     {
+        ( void ) operation;
         ( void ) nonce;
         ( void ) nonce_length;
 
@@ -474,6 +475,7 @@ psa_status_t mbedtls_psa_aead_set_lengths(
     else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
     {
+        ( void ) operation;
         ( void ) ad_length;
         ( void ) plaintext_length;
 
@@ -510,8 +512,9 @@ psa_status_t mbedtls_psa_aead_update_ad(
     else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
     {
-        (void) input;
-        (void) input_length;
+        ( void ) operation;
+        ( void ) input;
+        ( void ) input_length;
 
         return ( PSA_ERROR_NOT_SUPPORTED );
     }
@@ -561,8 +564,8 @@ psa_status_t mbedtls_psa_aead_update(
     else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
     {
-        (void) input;
-        (void) input_length;
+        ( void ) input;
+        ( void ) input_length;
 
         return ( PSA_ERROR_NOT_SUPPORTED );
     }

From 1c8de15490ee0de8a27935fc0781b4df942a7b8c Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Thu, 3 Jun 2021 15:54:00 +0100
Subject: [PATCH 063/966] Update documentation to tally with recent changes

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto_aead.h | 57 ++-------------------------------------
 1 file changed, 2 insertions(+), 55 deletions(-)

diff --git a/library/psa_crypto_aead.h b/library/psa_crypto_aead.h
index ef4842e355..50644c0999 100644
--- a/library/psa_crypto_aead.h
+++ b/library/psa_crypto_aead.h
@@ -181,7 +181,7 @@ psa_status_t mbedtls_psa_aead_decrypt(
  * \retval #PSA_ERROR_INVALID_ARGUMENT
  *         \p key is not compatible with \p alg.
  * \retval #PSA_ERROR_NOT_SUPPORTED
- *         \p alg is not supported or is not an AEAD algorithm.
+ *         \p alg is not supported.
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  *         Failed to allocate memory for key material
  */
@@ -225,7 +225,7 @@ psa_status_t mbedtls_psa_aead_encrypt_setup(
  * * \retval #PSA_ERROR_INVALID_ARGUMENT
  *         \p key is not compatible with \p alg.
  * \retval #PSA_ERROR_NOT_SUPPORTED
- *         \p alg is not supported or is not an AEAD algorithm.
+ *         \p alg is not supported.
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  *         Failed to allocate memory for key material
  */
@@ -263,8 +263,6 @@ psa_status_t mbedtls_psa_aead_decrypt_setup(
  * \retval #PSA_ERROR_NOT_SUPPORTED
  *         Algorithm previously set is not supported in this configuration of
  *         the library.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- *         (GCM and CCM only) Unable to allocate buffer for nonce.
  */
 psa_status_t mbedtls_psa_aead_set_nonce(
     mbedtls_psa_aead_operation_t *operation,
@@ -289,7 +287,6 @@ psa_status_t mbedtls_psa_aead_set_nonce(
  * - For #PSA_ALG_CCM, calling this function is required.
  * - For the other AEAD algorithms defined in this specification, calling
  *   this function is not required.
- * - For vendor-defined algorithm, refer to the vendor documentation.
  *
  * If this function returns an error status, the PSA core calls
  * mbedtls_psa_aead_abort().
@@ -341,9 +338,6 @@ psa_status_t mbedtls_psa_aead_set_lengths(
  *          to undo any action that depends on the input if
  *          mbedtls_psa_aead_verify() returns an error status.
  *
- * \note    For the time being #PSA_ALG_CCM and #PSA_ALG_GCM require the entire
- *          additional data to be passed in in one go, i.e.
- *          mbedtls_psa_aead_update_ad() can only be called once.
  *
  * \param[in,out] operation     Active AEAD operation.
  * \param[in] input             Buffer containing the fragment of
@@ -352,12 +346,6 @@ psa_status_t mbedtls_psa_aead_set_lengths(
  *
  * \retval #PSA_SUCCESS
  *         Success.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         The total input length overflows the additional data length that
- *         was previously specified with mbedtls_psa_aead_set_lengths().
- * \retval #PSA_ERROR_NOT_SUPPORTED
- *         (For GCM / CCM) PSA core attempted to call mbedtls_psa_update_ad()
- *         more than once.
  * \retval #PSA_ERROR_NOT_SUPPORTED
  *         Algorithm previously set is not supported in this configuration of
  *         the library.
@@ -392,10 +380,6 @@ psa_status_t mbedtls_psa_aead_update_ad(
  * mbedtls_psa_aead_verify() provides sufficient input. The amount of data that
  * can be delayed in this way is bounded by #PSA_AEAD_UPDATE_OUTPUT_SIZE.
  *
- * \note For the time being #PSA_ALG_CCM and #PSA_ALG_GCM require the entire
- *       data to be passed in in one go, i.e. mbedtls_psa_aead_update() can only
- *       be called once.
- *
  * \param[in,out] operation     Active AEAD operation.
  * \param[in] input             Buffer containing the message fragment to
  *                              encrypt or decrypt.
@@ -425,19 +409,6 @@ psa_status_t mbedtls_psa_aead_update_ad(
  *         #PSA_AEAD_UPDATE_OUTPUT_SIZE(\c key_type, \c alg, \p input_length) or
  *         #PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE(\p input_length) can be used to
  *         determine the required buffer size.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         The total length of input to mbedtls_psa_aead_update_ad() so far is
- *         less than the additional data length that was previously
- *         specified with mbedtls_psa_aead_set_lengths().
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         The total input length overflows the plaintext length that
- *         was previously specified with mbedtls_psa_aead_set_lengths().
- * \retval #PSA_ERROR_NOT_SUPPORTED
- *         (GCM / CCM only) PSA core attempted to call mbedtls_psa_update() more
- *         than once.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- *         (CCM only) Unable to allocate memory for the tag or the body
-
  */
 psa_status_t mbedtls_psa_aead_update(
     mbedtls_psa_aead_operation_t *operation,
@@ -505,9 +476,6 @@ psa_status_t mbedtls_psa_aead_update(
  *
  * \retval #PSA_SUCCESS
  *         Success.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be an active encryption
- *         operation with a nonce set).
  * \retval #PSA_ERROR_BUFFER_TOO_SMALL
  *         The size of the \p ciphertext or \p tag buffer is too small.
  *         #PSA_AEAD_FINISH_OUTPUT_SIZE(\c key_type, \c alg) or
@@ -515,14 +483,6 @@ psa_status_t mbedtls_psa_aead_update(
  *         required \p ciphertext buffer size. #PSA_AEAD_TAG_LENGTH(\c key_type,
  *         \c key_bits, \c alg) or #PSA_AEAD_TAG_MAX_SIZE can be used to
  *         determine the required \p tag buffer size.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         The total length of input to mbedtls_psa_aead_update_ad() so far is
- *         less than the additional data length that was previously
- *         specified with mbedtls_psa_aead_set_lengths().
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         The total length of input to mbedtls_psa_aead_update() so far is
- *         less than the plaintext length that was previously
- *         specified with mbedtls_psa_aead_set_lengths().
  */
 psa_status_t mbedtls_psa_aead_finish(
     mbedtls_psa_aead_operation_t *operation,
@@ -590,24 +550,11 @@ psa_status_t mbedtls_psa_aead_finish(
  * \retval #PSA_ERROR_INVALID_SIGNATURE
  *         The calculations were successful, but the authentication tag is
  *         not correct.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be an active decryption
- *         operation with a nonce set).
  * \retval #PSA_ERROR_BUFFER_TOO_SMALL
  *         The size of the \p plaintext buffer is too small.
  *         #PSA_AEAD_VERIFY_OUTPUT_SIZE(\c key_type, \c alg) or
  *         #PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE can be used to determine the
  *         required buffer size.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         The total length of input to mbedtls_psa_aead_update_ad() so far is
- *         less than the additional data length that was previously
- *         specified with mbedtls_psa_aead_set_lengths().
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         The total length of input to mbedtls_psa_aead_update() so far is
- *         less than the plaintext length that was previously
- *         specified with mbedtls_psa_aead_set_lengths().
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- *         (CCM only) Failed to allocate temporary buffer
  */
 psa_status_t mbedtls_psa_aead_verify(
     mbedtls_psa_aead_operation_t *operation,

From 388f606acd2faabeceb89c9a62d1c22a5263b00b Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Thu, 3 Jun 2021 19:19:49 +0100
Subject: [PATCH 064/966] Use correct size defines for buffers

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 tests/suites/test_suite_psa_crypto.function | 58 +++++++++++++--------
 1 file changed, 36 insertions(+), 22 deletions(-)

diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 0f9093c7ae..e42015833f 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -3170,14 +3170,15 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data,
     unsigned char *part_data = NULL;
     unsigned char *final_data = NULL;
     size_t output_size = 0;
+    size_t finish_output_size;
     size_t part_data_size = 0;
     size_t output_length = 0;
     size_t key_bits = 0;
     size_t tag_length = 0;
     size_t tag_size = 0;
     size_t nonce_length = 0;
-    uint8_t nonce_buffer[16];
-    uint8_t tag_buffer[16];
+    uint8_t nonce_buffer[PSA_AEAD_NONCE_MAX_SIZE];
+    uint8_t tag_buffer[PSA_AEAD_TAG_MAX_SIZE];
     uint32_t part_offset = 0;
     size_t part_length = 0;
     size_t output_part_length = 0;
@@ -3198,7 +3199,7 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data,
 
     tag_length = PSA_AEAD_TAG_LENGTH( key_type, key_bits, alg );
 
-    TEST_ASSERT( tag_length <= 16 );
+    TEST_ASSERT( tag_length <= PSA_AEAD_TAG_MAX_SIZE );
 
     output_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg,
                                                ( input_data->len +
@@ -3206,9 +3207,13 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data,
 
     ASSERT_ALLOC( output_data, output_size );
 
-    ASSERT_ALLOC( final_data, PSA_AEAD_FINISH_OUTPUT_MAX_SIZE );
+    finish_output_size = PSA_AEAD_FINISH_OUTPUT_SIZE( key_type, alg );
 
-    operation = psa_aead_operation_init();
+    TEST_ASSERT( finish_output_size <= PSA_AEAD_FINISH_OUTPUT_MAX_SIZE );
+
+    ASSERT_ALLOC( final_data, finish_output_size );
+
+    operation = psa_aead_operation_init( );
 
     status = psa_aead_encrypt_setup( &operation, key, alg );
 
@@ -3319,7 +3324,7 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data,
     }
 
     PSA_ASSERT( psa_aead_finish( &operation, final_data,
-                                 PSA_AEAD_FINISH_OUTPUT_MAX_SIZE,
+                                 finish_output_size,
                                  &output_part_length,
                                  tag_buffer, tag_length,
                                  &tag_size ) );
@@ -3381,6 +3386,7 @@ void aead_multipart_encrypt_decrypt( int key_type_arg, data_t *key_data,
     unsigned char *final_data = NULL;
     size_t part_data_size;
     size_t output_size = 0;
+    size_t finish_output_size = 0;
     size_t output_length = 0;
     unsigned char *output_data2 = NULL;
     size_t output_size2 = 0;
@@ -3389,8 +3395,8 @@ void aead_multipart_encrypt_decrypt( int key_type_arg, data_t *key_data,
     size_t tag_length = 0;
     size_t tag_size = 0;
     size_t nonce_length = 0;
-    uint8_t nonce_buffer[16];
-    uint8_t tag_buffer[16];
+    uint8_t nonce_buffer[PSA_AEAD_NONCE_MAX_SIZE];
+    uint8_t tag_buffer[PSA_AEAD_TAG_MAX_SIZE];
     uint32_t part_offset = 0;
     size_t part_length = 0;
     size_t output_part_length = 0;
@@ -3413,14 +3419,19 @@ void aead_multipart_encrypt_decrypt( int key_type_arg, data_t *key_data,
 
     tag_length = PSA_AEAD_TAG_LENGTH( key_type, key_bits, alg );
 
-    TEST_ASSERT( tag_length <= 16 );
+    TEST_ASSERT( tag_length <= PSA_AEAD_TAG_MAX_SIZE );
 
     output_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, input_data->len );
 
     ASSERT_ALLOC( output_data, output_size );
-    ASSERT_ALLOC( final_data, PSA_AEAD_FINISH_OUTPUT_MAX_SIZE );
 
-    operation = psa_aead_operation_init();
+    finish_output_size = PSA_AEAD_FINISH_OUTPUT_SIZE( key_type, alg );
+
+    TEST_ASSERT( finish_output_size <= PSA_AEAD_FINISH_OUTPUT_MAX_SIZE );
+
+    ASSERT_ALLOC( final_data, finish_output_size );
+
+    operation = psa_aead_operation_init( );
 
     status = psa_aead_encrypt_setup( &operation, key, alg );
 
@@ -3567,7 +3578,7 @@ void aead_multipart_encrypt_decrypt( int key_type_arg, data_t *key_data,
     }
 
     status = psa_aead_finish( &operation, final_data,
-                              PSA_AEAD_FINISH_OUTPUT_MAX_SIZE,
+                              finish_output_size,
                               &output_part_length,
                               tag_buffer, tag_length,
                               &tag_size );
@@ -3612,7 +3623,7 @@ void aead_multipart_encrypt_decrypt( int key_type_arg, data_t *key_data,
                      PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE( output_length +
                                                        tag_length ) );
 
-        operation = psa_aead_operation_init();
+        operation = psa_aead_operation_init( );
 
         status = psa_aead_decrypt_setup( &operation, key, alg );
 
@@ -3735,7 +3746,7 @@ void aead_multipart_encrypt_decrypt( int key_type_arg, data_t *key_data,
         }
 
         PSA_ASSERT( psa_aead_verify( &operation, final_data,
-                                     PSA_AEAD_FINISH_OUTPUT_MAX_SIZE,
+                                     finish_output_size,
                                      &output_part_length,
                                      tag_buffer, tag_length ) );
 
@@ -3782,11 +3793,12 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data,
     unsigned char *final_data = NULL;
     size_t part_data_size;
     size_t output_size = 0;
+    size_t verify_output_size = 0;
     size_t output_length = 0;
     size_t key_bits = 0;
     size_t tag_length = 0;
     size_t nonce_length = 0;
-    uint8_t nonce_buffer[16];
+    uint8_t nonce_buffer[PSA_AEAD_NONCE_MAX_SIZE];
     uint32_t part_offset = 0;
     size_t part_length = 0;
     size_t output_part_length = 0;
@@ -3813,9 +3825,12 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data,
                                                  tag_length ) );
 
     ASSERT_ALLOC( output_data, output_size );
-    ASSERT_ALLOC( final_data, PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE );
 
-    operation = psa_aead_operation_init();
+    verify_output_size = PSA_AEAD_VERIFY_OUTPUT_SIZE( key_type, alg );
+    TEST_ASSERT( verify_output_size <= PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE );
+    ASSERT_ALLOC( final_data, verify_output_size );
+
+    operation = psa_aead_operation_init( );
 
     status = psa_aead_decrypt_setup( &operation, key, alg );
 
@@ -3963,11 +3978,10 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data,
     }
 
     status = psa_aead_verify( &operation, final_data,
-                                 PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE,
-                                 &output_part_length,
-                                 ( input_data->x + input_data->len -
-                                   tag_length ),
-                                 tag_length );
+                              verify_output_size,
+                              &output_part_length,
+                              ( input_data->x + input_data->len - tag_length ),
+                              tag_length );
 
     if( status != PSA_SUCCESS )
     {

From 8eb9dafda1a298ef9113e8656c83b8c59ac2e147 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Fri, 4 Jun 2021 16:42:21 +0100
Subject: [PATCH 065/966] Add generate nonce test

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto.c                        |  2 +-
 tests/suites/test_suite_psa_crypto.data     | 20 +++++
 tests/suites/test_suite_psa_crypto.function | 98 +++++++++++++--------
 3 files changed, 82 insertions(+), 38 deletions(-)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index e824123466..8dc6aad534 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3547,7 +3547,7 @@ psa_status_t psa_aead_generate_nonce( psa_aead_operation_t *operation,
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     size_t required_nonce_size;
 
-     *nonce_length = 0;
+    *nonce_length = 0;
 
     if( operation->id == 0 )
     {
diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index 5f87774bbe..f9ce85e59d 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -2374,6 +2374,26 @@ PSA Multipart AEAD encrypt/decrypt: invalid algorithm (ChaCha20)
 depends_on:MBEDTLS_CHACHA20_C
 aead_multipart_encrypt_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_STREAM_CIPHER:"":"":-1:"":-1:PSA_ERROR_INVALID_ARGUMENT
 
+PSA Multipart Nonce Generation, AES - GCM, CAVS 14.0, IV = 12
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_generate_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):12:PSA_SUCCESS
+
+PSA Multipart Nonce Generation, AES - GCM, CAVS 14.0, IV = 0
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_generate_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):0:PSA_ERROR_BUFFER_TOO_SMALL
+
+PSA Multipart Nonce Generation: ChaCha20 - Poly1305, IV = 12
+depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
+aead_multipart_generate_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:12:PSA_SUCCESS
+
+PSA Multipart Nonce Generation: ChaCha20 - Poly1305, IV = 8
+depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
+aead_multipart_generate_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:8:PSA_ERROR_BUFFER_TOO_SMALL
+
+PSA Multipart Nonce Generation: ChaCha20 - Poly1305, IV = 0
+depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
+aead_multipart_generate_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:0:PSA_ERROR_BUFFER_TOO_SMALL
+
 PSA signature size: RSA keypair, 1024 bits, PKCS#1 v1.5 raw
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR
 signature_size:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:128
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index e42015833f..35b9760697 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -3176,8 +3176,6 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data,
     size_t key_bits = 0;
     size_t tag_length = 0;
     size_t tag_size = 0;
-    size_t nonce_length = 0;
-    uint8_t nonce_buffer[PSA_AEAD_NONCE_MAX_SIZE];
     uint8_t tag_buffer[PSA_AEAD_TAG_MAX_SIZE];
     uint32_t part_offset = 0;
     size_t part_length = 0;
@@ -3228,17 +3226,7 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data,
 
     PSA_ASSERT( status );
 
-    if( nonce->len == 0 )
-    {
-        PSA_ASSERT( psa_aead_generate_nonce( &operation, nonce_buffer,
-                                             sizeof( nonce_buffer ),
-                                             &nonce_length ) );
-    }
-    else
-    {
-        nonce_length = nonce->len;
-        PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) );
-    }
+    PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) );
 
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
     if( operation.alg == PSA_ALG_GCM )
@@ -3450,17 +3438,8 @@ void aead_multipart_encrypt_decrypt( int key_type_arg, data_t *key_data,
         goto exit;
     }
 
-    if( nonce->len == 0 )
-    {
-        status = psa_aead_generate_nonce( &operation, nonce_buffer,
-                                          sizeof( nonce_buffer ),
-                                          &nonce_length );
-    }
-    else
-    {
-        nonce_length = nonce->len;
-        status = psa_aead_set_nonce( &operation, nonce->x, nonce->len );
-    }
+    nonce_length = nonce->len;
+    status = psa_aead_set_nonce( &operation, nonce->x, nonce->len );
 
     if( status != PSA_SUCCESS )
     {
@@ -3797,8 +3776,6 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data,
     size_t output_length = 0;
     size_t key_bits = 0;
     size_t tag_length = 0;
-    size_t nonce_length = 0;
-    uint8_t nonce_buffer[PSA_AEAD_NONCE_MAX_SIZE];
     uint32_t part_offset = 0;
     size_t part_length = 0;
     size_t output_part_length = 0;
@@ -3849,17 +3826,7 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data,
         goto exit;
     }
 
-    if( nonce->len == 0 )
-    {
-        status = psa_aead_generate_nonce( &operation, nonce_buffer,
-                                          sizeof( nonce_buffer ),
-                                          &nonce_length );
-    }
-    else
-    {
-        nonce_length = nonce->len;
-        status = psa_aead_set_nonce( &operation, nonce->x, nonce->len );
-    }
+    status = psa_aead_set_nonce( &operation, nonce->x, nonce->len );
 
     if( status != PSA_SUCCESS )
     {
@@ -4022,6 +3989,63 @@ exit:
 }
 /* END_CASE */
 
+/* BEGIN_CASE */
+void aead_multipart_generate_nonce( int key_type_arg, data_t *key_data,
+                                    int alg_arg,
+                                    int nonce_len,
+                                    int expected_result_arg )
+{
+
+    mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
+    psa_key_type_t key_type = key_type_arg;
+    psa_algorithm_t alg = alg_arg;
+    psa_aead_operation_t operation;
+    uint8_t nonce_buffer[PSA_AEAD_NONCE_MAX_SIZE];
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+    psa_status_t status = PSA_ERROR_GENERIC_ERROR;
+    size_t nonce_generated_len = 0;
+
+    PSA_ASSERT( psa_crypto_init( ) );
+
+    psa_set_key_usage_flags( & attributes, PSA_KEY_USAGE_ENCRYPT  );
+    psa_set_key_algorithm( & attributes, alg );
+    psa_set_key_type( & attributes, key_type );
+
+    PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+                                &key ) );
+
+    PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
+
+    operation = psa_aead_operation_init( );
+
+    status = psa_aead_encrypt_setup( &operation, key, alg );
+
+    /* If the operation is not supported, just skip and not fail in case the
+     * encryption involves a common limitation of cryptography hardwares and
+     * an alternative implementation. */
+    if( status == PSA_ERROR_NOT_SUPPORTED )
+    {
+        MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 );
+        MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce_len );
+    }
+
+    PSA_ASSERT( status );
+
+    TEST_ASSERT( nonce_len < PSA_AEAD_NONCE_MAX_SIZE );
+
+    status = psa_aead_generate_nonce( &operation, nonce_buffer,
+                                      nonce_len,
+                                      &nonce_generated_len );
+
+    TEST_ASSERT( status == expected_result_arg );
+
+exit:
+    psa_destroy_key( key );
+    psa_aead_abort( &operation );
+    PSA_DONE( );
+}
+/* END_CASE */
+
 /* BEGIN_CASE */
 void signature_size( int type_arg,
                      int bits,

From d3f824136901470cdffeb7f9ceb20646e9599169 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Wed, 16 Jun 2021 16:52:21 +0100
Subject: [PATCH 066/966] Add multipart tests

Test range of multipart sizes for all tests, rather than having to
define specific tests.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 tests/suites/test_suite_psa_crypto.data     |  132 +-
 tests/suites/test_suite_psa_crypto.function | 1677 ++++++++++---------
 2 files changed, 978 insertions(+), 831 deletions(-)

diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index f9ce85e59d..ea54dcc1b9 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -2112,267 +2112,267 @@ aead_encrypt_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f9091
 
 PSA Multipart AEAD encrypt/decrypt, AES-GCM, 19 bytes #1
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt_decrypt:PSA_KEY_TYPE_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":PSA_ALG_GCM:"000102030405060708090A0B0C0D0E0F":"000102030405060708090A0B":-1:"0C0D0E0F101112131415161718191A1B1C1D1E":-1:PSA_SUCCESS
+aead_multipart_encrypt_decrypt:PSA_KEY_TYPE_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":PSA_ALG_GCM:"000102030405060708090A0B0C0D0E0F":"000102030405060708090A0B":0:"0C0D0E0F101112131415161718191A1B1C1D1E":1:PSA_SUCCESS
 
 PSA Multipart AEAD encrypt/decrypt, AES GCM, 19 bytes #2
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_GCM:"000102030405060708090A0B0C0D0E0F":"EC46BB63B02520C33C49FD70":-1:"B96B49E21D621741632875DB7F6C9243D2D7C2":-1:PSA_SUCCESS
+aead_multipart_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_GCM:"000102030405060708090A0B0C0D0E0F":"EC46BB63B02520C33C49FD70":0:"B96B49E21D621741632875DB7F6C9243D2D7C2":1:PSA_SUCCESS
 
 PSA Multipart AEAD encrypt/decrypt, AES-GCM, 19 bytes, 12 byte nonce , 1
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt_decrypt:PSA_KEY_TYPE_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":PSA_ALG_GCM:"E462C58482FE8264AEEB7231":"000102030405060708090A0B":-1:"0C0D0E0F101112131415161718191A1B1C1D1E":-1:PSA_SUCCESS
+aead_multipart_encrypt_decrypt:PSA_KEY_TYPE_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":PSA_ALG_GCM:"E462C58482FE8264AEEB7231":"000102030405060708090A0B":0:"0C0D0E0F101112131415161718191A1B1C1D1E":1:PSA_SUCCESS
 
 PSA Multipart AEAD encrypt/decrypt, AES GCM, 19 bytes, 12 byte nonce , 2
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_GCM:"E462C58482FE8264AEEB7231":"EC46BB63B02520C33C49FD70":-1:"B96B49E21D621741632875DB7F6C9243D2D7C2":-1:PSA_SUCCESS
+aead_multipart_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_GCM:"E462C58482FE8264AEEB7231":"EC46BB63B02520C33C49FD70":0:"B96B49E21D621741632875DB7F6C9243D2D7C2":1:PSA_SUCCESS
 
 PSA Multipart AEAD encrypt, AES-GCM, 128 bytes #1
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":-1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":-1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96"
 
 PSA Multipart AEAD encrypt, AES-GCM, 128 bytes #2
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":-1:"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":-1:"12495120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":0:"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":1:"12495120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56"
 
 PSA Multipart AEAD encrypt, AES-GCM, 128 bytes #1, T=4
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":-1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":-1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847f"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847f"
 
 PSA Multipart AEAD encrypt, AES-GCM, 128 bytes #1, T=15
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":-1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":-1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a"
 
 PSA Multipart AEAD encrypt, AES-GCM, 128 bytes #1, T=16
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":-1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":-1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96"
 
 PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=0, AAD=0, TAG=16,
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"ab2265b4c168955561f04315":"":-1:"":-1:"f149e2b5f0adaa9842ca5f45b768a8fc"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"ab2265b4c168955561f04315":"":0:"":1:"f149e2b5f0adaa9842ca5f45b768a8fc"
 
 PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=0, AAD=16, TAG=16,
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"41c5da8667ef725220ffe39ae0ac590ac9fca729ab60ada0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"05ad13a5e2c2ab667e1a6fbc":"8b5c124bef6e2f0fe4d8c95cd5fa4cf1":-1:"":-1:"204bdb1bd62154bf08922aaa54eed705"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"41c5da8667ef725220ffe39ae0ac590ac9fca729ab60ada0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"05ad13a5e2c2ab667e1a6fbc":"8b5c124bef6e2f0fe4d8c95cd5fa4cf1":0:"":1:"204bdb1bd62154bf08922aaa54eed705"
 
 PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=0, AAD=20, TAG=16,
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"093ef7551ebbff8eb0c0a8a4a62b198f0c2e838de10eeeee":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"e656e93930ed5210ba3f0322":"3da22dacfd11b21b0a713157f60aec0cd22f1add":-1:"":-1:"1b2d2764573e20ae640bf29d48e5fe05"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"093ef7551ebbff8eb0c0a8a4a62b198f0c2e838de10eeeee":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"e656e93930ed5210ba3f0322":"3da22dacfd11b21b0a713157f60aec0cd22f1add":0:"":1:"1b2d2764573e20ae640bf29d48e5fe05"
 
 PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=0, AAD=48, TAG=15,
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"31389612d244c9792a510eca3f9c94f9f48c97ed67ae965a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"df6b54ec8b58114df5b09279":"0863bec42ee93385efbec665adfc46dafcd793f29e859e3b531c15b168f1888dd13e905cd7d5bc03f9f1f6495717df62":-1:"":-1:"77e5682a49243d5b9016eb1adafa2d"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"31389612d244c9792a510eca3f9c94f9f48c97ed67ae965a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"df6b54ec8b58114df5b09279":"0863bec42ee93385efbec665adfc46dafcd793f29e859e3b531c15b168f1888dd13e905cd7d5bc03f9f1f6495717df62":0:"":1:"77e5682a49243d5b9016eb1adafa2d"
 
 PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=0, TAG=16,
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"5f4b43e811da9c470d6a9b01":"":-1:"d2ae38c4375954835d75b8e4c2f9bbb4":-1:"69482957e6be5c54882d00314e0259cf191e9f29bef63a26860c1e020a21137e"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"5f4b43e811da9c470d6a9b01":"":0:"d2ae38c4375954835d75b8e4c2f9bbb4":1:"69482957e6be5c54882d00314e0259cf191e9f29bef63a26860c1e020a21137e"
 
 PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=0, TAG=8,
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"c50ac59e50556e47b834380018c0dc0380af9df3bf6714e6":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"f303bf4b6cfbba7104cd9436":"":-1:"d3f3f57033df30c22860231334b099cb":-1:"2269c72d77f2b6f9d57da1820ec5a5d3d62d4491e3e4e9e7"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"c50ac59e50556e47b834380018c0dc0380af9df3bf6714e6":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"f303bf4b6cfbba7104cd9436":"":0:"d3f3f57033df30c22860231334b099cb":1:"2269c72d77f2b6f9d57da1820ec5a5d3d62d4491e3e4e9e7"
 
 PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=16, TAG=14,
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"8ef391e4b7a2fe05b959be27823357080f963ed2f64b9e59":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"0080052a2a5bb0e95222a419":"290322092d57479e20f6281e331d95a9":-1:"e7fb0631eebf9bdba87045b33650c4ce":-1:"88d674044031414af7ba9da8b89dd68e69897d99d8e1706f38c613896c18"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"8ef391e4b7a2fe05b959be27823357080f963ed2f64b9e59":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"0080052a2a5bb0e95222a419":"290322092d57479e20f6281e331d95a9":0:"e7fb0631eebf9bdba87045b33650c4ce":1:"88d674044031414af7ba9da8b89dd68e69897d99d8e1706f38c613896c18"
 
 PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=16, TAG=4,
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"1cb5a0db778d3eb430b2816ceef9e455f519a8977b074183":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"c1df5e9e2e3165c54242a306":"7134e5ddc396c2a8a7da23906c8f7b40":-1:"636871d4c0aae3da7b55abd8b5f21297":-1:"14eb02562aa1d963d0033626cdc8a5c8972f4bdf"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"1cb5a0db778d3eb430b2816ceef9e455f519a8977b074183":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"c1df5e9e2e3165c54242a306":"7134e5ddc396c2a8a7da23906c8f7b40":0:"636871d4c0aae3da7b55abd8b5f21297":1:"14eb02562aa1d963d0033626cdc8a5c8972f4bdf"
 
 PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=20, TAG=13,
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"45148f42669f8ab8fad689d9b9180e39d7ea8fc95696297e":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"5afcb134acc78b4eb9d11e79":"aec409e5fd82e50b824ebc1f45e75188d80615c6":-1:"3d952be11deb421b56e0ce9d7ce99553":-1:"077c0d53869869e191df116fd7baa8a293d2b577a29b0953c91b5d3b9d"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"45148f42669f8ab8fad689d9b9180e39d7ea8fc95696297e":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"5afcb134acc78b4eb9d11e79":"aec409e5fd82e50b824ebc1f45e75188d80615c6":0:"3d952be11deb421b56e0ce9d7ce99553":1:"077c0d53869869e191df116fd7baa8a293d2b577a29b0953c91b5d3b9d"
 
 PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=48, TAG=15,
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"5255428457fe75e64447971ec5af0d13c5b60a07ee2d07b0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"40cb6ebafc202f82223db097":"b2da2bd05ab1f3e39613efc8d80c5d0f240ee08f6abad5791649e9c1d0f48fa3dc59c1e535d1db1a4d3fa2263f5a1117":-1:"fdd8a462c86d4365c8bfee0e25fc8a62":-1:"9ca4a6d08267038f6f7999c84105bb5eaf8f7b3b9310ec688e033088a03482"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"5255428457fe75e64447971ec5af0d13c5b60a07ee2d07b0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"40cb6ebafc202f82223db097":"b2da2bd05ab1f3e39613efc8d80c5d0f240ee08f6abad5791649e9c1d0f48fa3dc59c1e535d1db1a4d3fa2263f5a1117":0:"fdd8a462c86d4365c8bfee0e25fc8a62":1:"9ca4a6d08267038f6f7999c84105bb5eaf8f7b3b9310ec688e033088a03482"
 
 PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=0, TAG=16,
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"b52c505a37d78eda5dd34f20c22540ea1b58963cf8e5bf8ffa85f9f2492505b4":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"516c33929df5a3284ff463d7":"":-1:"":-1:"bdc1ac884d332457a1d2664f168c76f0"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"b52c505a37d78eda5dd34f20c22540ea1b58963cf8e5bf8ffa85f9f2492505b4":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"516c33929df5a3284ff463d7":"":0:"":1:"bdc1ac884d332457a1d2664f168c76f0"
 
 PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=0, TAG=12,
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"98ebf7a58db8b8371d9069171190063cc1fdc1927e49a3385f890d41a838619c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"3e6db953bd4e641de644e50a":"":-1:"":-1:"2fb9c3e41fff24ef07437c47"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"98ebf7a58db8b8371d9069171190063cc1fdc1927e49a3385f890d41a838619c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"3e6db953bd4e641de644e50a":"":0:"":1:"2fb9c3e41fff24ef07437c47"
 
 PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=20, TAG=16,
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"886cff5f3e6b8d0e1ad0a38fcdb26de97e8acbe79f6bed66959a598fa5047d65":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"3a8efa1cd74bbab5448f9945":"519fee519d25c7a304d6c6aa1897ee1eb8c59655":-1:"":-1:"f6d47505ec96c98a42dc3ae719877b87"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"886cff5f3e6b8d0e1ad0a38fcdb26de97e8acbe79f6bed66959a598fa5047d65":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"3a8efa1cd74bbab5448f9945":"519fee519d25c7a304d6c6aa1897ee1eb8c59655":0:"":1:"f6d47505ec96c98a42dc3ae719877b87"
 
 PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=20, TAG=13,
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a7c928738b89c3258b910ac31bc465338b2e133b143fd52d9c9859eb1d01f2a0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"a483a7e94fbb2d694d3c4a8d":"bdb613cd3c2f0edd37b3ed43041bacb949ee51fa":-1:"":-1:"5233f95bdcf5d666fb957acdcb"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a7c928738b89c3258b910ac31bc465338b2e133b143fd52d9c9859eb1d01f2a0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"a483a7e94fbb2d694d3c4a8d":"bdb613cd3c2f0edd37b3ed43041bacb949ee51fa":0:"":1:"5233f95bdcf5d666fb957acdcb"
 
 PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=48, TAG=15,
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"16a5b58a1dbb273a8fc6a4af722d46dbb898dd86ab128cb93d8388a8647a80a3":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"59e0c40d6675923cf5e004d5":"5b4b4ffc9c66bd394abeed3f03b695b949b3b69a42198cc3bfad971174915df913b967ccf36ee1f001f54efbcd117b68":-1:"":-1:"d57e27914ecb4a764359d3c0f8d4d6"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"16a5b58a1dbb273a8fc6a4af722d46dbb898dd86ab128cb93d8388a8647a80a3":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"59e0c40d6675923cf5e004d5":"5b4b4ffc9c66bd394abeed3f03b695b949b3b69a42198cc3bfad971174915df913b967ccf36ee1f001f54efbcd117b68":0:"":1:"d57e27914ecb4a764359d3c0f8d4d6"
 
 PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=48, TAG=4,
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"5dd13092dd695b90ab835ed6343031c4cdb710d32f4d3804d72b46d921fcfa18":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"1de4bd816c8ec6bffc1e6453":"1b63d6278702abacf8b6c2faf542a808659fd5da03cdc1061a8593ea8ce9fc8ff54ffef6ebf3e15f7a832b4ae750a6ce":-1:"":-1:"72901467"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"5dd13092dd695b90ab835ed6343031c4cdb710d32f4d3804d72b46d921fcfa18":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"1de4bd816c8ec6bffc1e6453":"1b63d6278702abacf8b6c2faf542a808659fd5da03cdc1061a8593ea8ce9fc8ff54ffef6ebf3e15f7a832b4ae750a6ce":0:"":1:"72901467"
 
 PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=16, AAD=0, TAG=15,
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"ef9f9284cf599eac3b119905a7d18851e7e374cf63aea04358586b0f757670f8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"b6ac8e4963f49207ffd6374c":"":-1:"722ee47da4b77424733546c2d400c4e5":-1:"1224dfefb72a20d49e09256908874979882eafea22adf8dbed06a2265f907b"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"ef9f9284cf599eac3b119905a7d18851e7e374cf63aea04358586b0f757670f8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"b6ac8e4963f49207ffd6374c":"":0:"722ee47da4b77424733546c2d400c4e5":1:"1224dfefb72a20d49e09256908874979882eafea22adf8dbed06a2265f907b"
 
 PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=16, AAD=0, TAG=12,
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"b33b0e4c5b9f7ef77cec1a29ed5844bda3853238bdf7766e7645029931f169f0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"f226d65e8654fdf5193ed721":"":-1:"bcf48ddcfe9d011a1003973d68d2d78a":-1:"d2eb20898a301b5d8e69e9926272021393af01abb6a970047a7fc010"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"b33b0e4c5b9f7ef77cec1a29ed5844bda3853238bdf7766e7645029931f169f0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"f226d65e8654fdf5193ed721":"":0:"bcf48ddcfe9d011a1003973d68d2d78a":1:"d2eb20898a301b5d8e69e9926272021393af01abb6a970047a7fc010"
 
 PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=16, AAD=16, TAG=14,
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"c6e126a65faec77ab62318e30d8a50c39a664670039a66ae5a6874201bc68f9f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"0ba5193b2d3a8378d67163ce":"5844b289dc74327f9fd93f7aae1c3d39":-1:"c37aada3d4408e880d47e41df77da9b9":-1:"b5cd7563989b460a2fe187e90c41fc3179c73d0d1e3a4484909969de93b0"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"c6e126a65faec77ab62318e30d8a50c39a664670039a66ae5a6874201bc68f9f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"0ba5193b2d3a8378d67163ce":"5844b289dc74327f9fd93f7aae1c3d39":0:"c37aada3d4408e880d47e41df77da9b9":1:"b5cd7563989b460a2fe187e90c41fc3179c73d0d1e3a4484909969de93b0"
 
 PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=16, AAD=48, TAG=15,
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"2e6942d537f1a98444c2f9dbdb5d8db42a503a00a17b57d516399569e044a703":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"7eb67721581ed52cfcfc2c4d":"a96cc73451502c7278b467ac85d5fc14fc1a2f51bc685645b173f0cd9af02d383095de063e6eaa50374ce9bc951e9e61":-1:"e5f410fe939e79b7ad33fbd3aaf5856f":-1:"727f5e19a5582e5782bbbe73517f0c04c492319abf12b03b380724ff1483a3"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"2e6942d537f1a98444c2f9dbdb5d8db42a503a00a17b57d516399569e044a703":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"7eb67721581ed52cfcfc2c4d":"a96cc73451502c7278b467ac85d5fc14fc1a2f51bc685645b173f0cd9af02d383095de063e6eaa50374ce9bc951e9e61":0:"e5f410fe939e79b7ad33fbd3aaf5856f":1:"727f5e19a5582e5782bbbe73517f0c04c492319abf12b03b380724ff1483a3"
 
 PSA Multipart AEAD decrypt, AES-GCM, 144 bytes #1
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":-1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":-1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_SUCCESS
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_SUCCESS
 
 PSA Multipart AEAD decrypt, AES-GCM, 144 bytes #2
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":-1:"12495120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56":-1:"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":PSA_SUCCESS
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":0:"12495120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56":1:"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":PSA_SUCCESS
 
 PSA Multipart AEAD decrypt, AES-GCM, 144 bytes, T=4
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":-1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847f":-1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_SUCCESS
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847f":1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_SUCCESS
 
 PSA Multipart AEAD decrypt, AES-GCM, 144 bytes, T=15
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":-1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a":-1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_SUCCESS
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a":1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_SUCCESS
 
 PSA Multipart AEAD decrypt, AES-GCM, 144 bytes, T=16
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":-1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":-1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_SUCCESS
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_SUCCESS
 
 PSA Multipart AEAD decrypt, AES-GCM, invalid signature
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":-1:"12195120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56":-1:"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":PSA_ERROR_INVALID_SIGNATURE
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":0:"12195120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56":1:"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":PSA_ERROR_INVALID_SIGNATURE
 
 PSA Multipart AEAD decrypt, AES-GCM, T=15 but passing 16 bytes
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":-1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":-1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_ERROR_INVALID_SIGNATURE
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_ERROR_INVALID_SIGNATURE
 
 PSA Multipart AEAD decrypt: AES-GCM, invalid tag length 0
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 0 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 0 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":0:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT
 
 PSA Multipart AEAD decrypt: AES-GCM, invalid tag length 2
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 2 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 2 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":0:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT
 
 PSA Multipart AEAD decrypt: AES-GCM, invalid tag length 18
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 18 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 18 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":0:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=0, AAD=0, TAG=16
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"0e5d6e68f82f32bea3f0b69498c1a31ef6d955cd3d27a2a8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"caf72ee1e62e1001e8cfbc63":"":-1:"db1a74ffb5f7de26f5742e0942b1b9cb":-1:"":PSA_SUCCESS
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"0e5d6e68f82f32bea3f0b69498c1a31ef6d955cd3d27a2a8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"caf72ee1e62e1001e8cfbc63":"":0:"db1a74ffb5f7de26f5742e0942b1b9cb":1:"":PSA_SUCCESS
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=0, AAD=48, TAG=14
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e79fb7defce4f650402e6b521170686d3eb2a0b9514f3a64":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"40e0d2d836c0519e7042419b":"41c5b5d971c0723bc1b63a259fe7e06c2961de1241bc34c13965f43636e4da3da8c75ed5956abe3a42f3039af005925a":-1:"434ff68f2436f48418fd69f52158":-1:"":PSA_SUCCESS
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e79fb7defce4f650402e6b521170686d3eb2a0b9514f3a64":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"40e0d2d836c0519e7042419b":"41c5b5d971c0723bc1b63a259fe7e06c2961de1241bc34c13965f43636e4da3da8c75ed5956abe3a42f3039af005925a":0:"434ff68f2436f48418fd69f52158":1:"":PSA_SUCCESS
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=0, TAG=15
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e41d1f533d5b342ffe434b94b1372683bfd5d9d8cb79f9ee":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"5fe11a596dfcd3a305c1d711":"":-1:"1847f64fff986476d1d2f758692f856da4a0ff98c0c1101694c84fd86680c9":-1:"b03c2c20f758a93a8d1220232ad87098":PSA_SUCCESS
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e41d1f533d5b342ffe434b94b1372683bfd5d9d8cb79f9ee":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"5fe11a596dfcd3a305c1d711":"":0:"1847f64fff986476d1d2f758692f856da4a0ff98c0c1101694c84fd86680c9":1:"b03c2c20f758a93a8d1220232ad87098":PSA_SUCCESS
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=20, TAG=15
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"8e7da473c057a2a4669a0d22bf9b7c9913fba48930ca0c9b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"f9ff8ef80d76c50f9ca0e9ff":"f141bae18a1b54f065554fd34aa02c91c90f505c":-1:"5deb093b6e7c766a64bb9d5170af1ff8bf130b64eebdce06a9bdb2cf1da15a":-1:"b22b2dcdcc18adc30d16297b84b459d8":PSA_SUCCESS
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"8e7da473c057a2a4669a0d22bf9b7c9913fba48930ca0c9b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"f9ff8ef80d76c50f9ca0e9ff":"f141bae18a1b54f065554fd34aa02c91c90f505c":0:"5deb093b6e7c766a64bb9d5170af1ff8bf130b64eebdce06a9bdb2cf1da15a":1:"b22b2dcdcc18adc30d16297b84b459d8":PSA_SUCCESS
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=48, TAG=12
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"01bf150add51bb11623e3bfbebd62a7ea81c5b192b8eb6de":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"dfacbc6791b785d324c646b7":"e35412a625324257bef35399a7eacca34fec2d2d24166e6bb3e94d96f5c57599ded45e2a74503f07116caa1692398a07":-1:"77579db3c6da769e17731faac4732d7cce65d960a49f94f6b583e54a":-1:"7e5fd8b595ddc4753676107951d900e2":PSA_SUCCESS
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"01bf150add51bb11623e3bfbebd62a7ea81c5b192b8eb6de":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"dfacbc6791b785d324c646b7":"e35412a625324257bef35399a7eacca34fec2d2d24166e6bb3e94d96f5c57599ded45e2a74503f07116caa1692398a07":0:"77579db3c6da769e17731faac4732d7cce65d960a49f94f6b583e54a":1:"7e5fd8b595ddc4753676107951d900e2":PSA_SUCCESS
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=48, TAG=8
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"551266c4ed166fe1c43761927801ed50cb9c0b3864fc97df":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"e711afbeccd567f866340abb":"562d1697237ebc563941076d459727dfa094eb9ac00d30ed5836825d163dd27517c7660a01056b2d868c7fc5d0343830":-1:"2b54cc27f6ee71882e8b1ead207d2b042d262e87eac97b58":-1:"37245449db8f72b1ecdb420f629d3d80":PSA_SUCCESS
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"551266c4ed166fe1c43761927801ed50cb9c0b3864fc97df":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"e711afbeccd567f866340abb":"562d1697237ebc563941076d459727dfa094eb9ac00d30ed5836825d163dd27517c7660a01056b2d868c7fc5d0343830":0:"2b54cc27f6ee71882e8b1ead207d2b042d262e87eac97b58":1:"37245449db8f72b1ecdb420f629d3d80":PSA_SUCCESS
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=0, TAG=15
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"78fa4a2a5b5b1b1d9580ea527f2e1653e9336e15cc5462f5":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"98b774f7110e0bea624b487f":"":-1:"a642aabed8b99e15e297ee705a40c3e2e506cb889727b327b7e044a8":-1:"496909523f574b205d757659c5":PSA_SUCCESS
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"78fa4a2a5b5b1b1d9580ea527f2e1653e9336e15cc5462f5":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"98b774f7110e0bea624b487f":"":0:"a642aabed8b99e15e297ee705a40c3e2e506cb889727b327b7e044a8":1:"496909523f574b205d757659c5":PSA_SUCCESS
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=16, TAG=15
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"61f4c2e55d729c4657e503dfe2b604e2853675dbdeb0982a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"0c4d5548aa2d8d54964e1e63":"5affdf8886dabb14790aff3dbfcbdd80":-1:"0d4eacc3db304f46cb7a9eba6ec105bf86d9dc0639b7cebbd5260f47":-1:"b6e056de521a27266dffbc0d96":PSA_SUCCESS
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"61f4c2e55d729c4657e503dfe2b604e2853675dbdeb0982a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"0c4d5548aa2d8d54964e1e63":"5affdf8886dabb14790aff3dbfcbdd80":0:"0d4eacc3db304f46cb7a9eba6ec105bf86d9dc0639b7cebbd5260f47":1:"b6e056de521a27266dffbc0d96":PSA_SUCCESS
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=20, TAG=13
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"73245c4f115a74fe71d6fefb9094c57c75f28033a3c7372b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"536a82485999b93b0bb7ef24":"64dcad870a42eeec0730fd7a7e4154638a85d739":-1:"29333e87bfe65d0e37da2936f695824d4e3f37fab3b8e2b868f6":-1:"f6d56f8c86f27d957fa63aea22":PSA_SUCCESS
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"73245c4f115a74fe71d6fefb9094c57c75f28033a3c7372b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"536a82485999b93b0bb7ef24":"64dcad870a42eeec0730fd7a7e4154638a85d739":0:"29333e87bfe65d0e37da2936f695824d4e3f37fab3b8e2b868f6":1:"f6d56f8c86f27d957fa63aea22":PSA_SUCCESS
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=48, TAG=4
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"9002e74638e09dd1f091439518e1460cdd5905bd9e1a37ae":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"76c81a95d24be5c8bac63b50":"aa3ae4531aaac8f3eb07f748712c55a680bc8df5cf845edc66d09049500b41688b8023f5746879b45bdd586af29c4ede":-1:"31bf37acbc53ca3fdbc9e5eaaebbb85a7f":-1:"bd94b34511bc65ae47684805cb":PSA_SUCCESS
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"9002e74638e09dd1f091439518e1460cdd5905bd9e1a37ae":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"76c81a95d24be5c8bac63b50":"aa3ae4531aaac8f3eb07f748712c55a680bc8df5cf845edc66d09049500b41688b8023f5746879b45bdd586af29c4ede":0:"31bf37acbc53ca3fdbc9e5eaaebbb85a7f":1:"bd94b34511bc65ae47684805cb":PSA_SUCCESS
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=0, TAG=16
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f5a2b27c74355872eb3ef6c5feafaa740e6ae990d9d48c3bd9bb8235e589f010":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"58d2240f580a31c1d24948e9":"":-1:"15e051a5e4a5f5da6cea92e2ebee5bac":-1:"":PSA_SUCCESS
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f5a2b27c74355872eb3ef6c5feafaa740e6ae990d9d48c3bd9bb8235e589f010":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"58d2240f580a31c1d24948e9":"":0:"15e051a5e4a5f5da6cea92e2ebee5bac":1:"":PSA_SUCCESS
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=16, TAG=15
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"3395a1485315c5b5e6353acb05ae9499c440a2e9f5c57494662f827235ea314c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"3b7e632571602456b49880f0":"f283f80226dacb69c8af089ec6b59e81":-1:"84c8beff4b0d160ee68ac613097f51":-1:"":PSA_SUCCESS
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"3395a1485315c5b5e6353acb05ae9499c440a2e9f5c57494662f827235ea314c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"3b7e632571602456b49880f0":"f283f80226dacb69c8af089ec6b59e81":0:"84c8beff4b0d160ee68ac613097f51":1:"":PSA_SUCCESS
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=20, TAG=15
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4dc46ca55c1c1fcb4720c274c0e675c2ac5bf93d8dd5e951ca9f6b61f884edc9":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"6473ab77dc885127422f5594":"e2cf8172ab4cf77eba45cd2c8ff939b938080a90":-1:"8d6351f18d873242204c20144e2b83":-1:"":PSA_SUCCESS
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4dc46ca55c1c1fcb4720c274c0e675c2ac5bf93d8dd5e951ca9f6b61f884edc9":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"6473ab77dc885127422f5594":"e2cf8172ab4cf77eba45cd2c8ff939b938080a90":0:"8d6351f18d873242204c20144e2b83":1:"":PSA_SUCCESS
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=48, TAG=14
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a7f95798434f9a0fe6fd8acd30b8bad96dbdcfacee4594f01cbf26479be7d154":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"9ef5a77b02137b46e8461d09":"5595a16fa12d4dcdba6b128480dce2d39c1211c3fb6068cde6013f6a80dfcda5eb92af8879e40ee9c177fd0e446fc8ca":-1:"3bfd3d99fe2063e8ef8255519fe0":-1:"":PSA_SUCCESS
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a7f95798434f9a0fe6fd8acd30b8bad96dbdcfacee4594f01cbf26479be7d154":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"9ef5a77b02137b46e8461d09":"5595a16fa12d4dcdba6b128480dce2d39c1211c3fb6068cde6013f6a80dfcda5eb92af8879e40ee9c177fd0e446fc8ca":0:"3bfd3d99fe2063e8ef8255519fe0":1:"":PSA_SUCCESS
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=0, TAG=16
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4c8ebfe1444ec1b2d503c6986659af2c94fafe945f72c1e8486a5acfedb8a0f8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"473360e0ad24889959858995":"":-1:"d2c78110ac7e8f107c0df0570bd7c90cc26a379b6d98ef2852ead8ce83a833a7":-1:"7789b41cb3ee548814ca0b388c10b343":PSA_SUCCESS
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4c8ebfe1444ec1b2d503c6986659af2c94fafe945f72c1e8486a5acfedb8a0f8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"473360e0ad24889959858995":"":0:"d2c78110ac7e8f107c0df0570bd7c90cc26a379b6d98ef2852ead8ce83a833a7":1:"7789b41cb3ee548814ca0b388c10b343":PSA_SUCCESS
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=0, TAG=4
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"57805f98aae1b8b64bb49756529ab8181b3ada674a90c55422e9eb26c48bcd7b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"9735945d8ca161777206632a":"":-1:"58375442ab1c0e6a8952c83d128d9fc5f45bb315":-1:"4860116a6d2deb9bf794bfd6ac5bbbd6":PSA_SUCCESS
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"57805f98aae1b8b64bb49756529ab8181b3ada674a90c55422e9eb26c48bcd7b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"9735945d8ca161777206632a":"":0:"58375442ab1c0e6a8952c83d128d9fc5f45bb315":1:"4860116a6d2deb9bf794bfd6ac5bbbd6":PSA_SUCCESS
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=16, TAG=8
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f913bb823a1d0c10b0b72d56866907b893f2266f15de1abc17f93600824db55a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"d4fe686a14592b6ca1bd6b42":"e35d880c1c53688eb83869de9dd8a473":-1:"35af9b502ea6b56269f896bf98affdd59c2aa418b38bc7fd":-1:"ff426dd751190ff826e8b4a0792d746e":PSA_SUCCESS
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f913bb823a1d0c10b0b72d56866907b893f2266f15de1abc17f93600824db55a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"d4fe686a14592b6ca1bd6b42":"e35d880c1c53688eb83869de9dd8a473":0:"35af9b502ea6b56269f896bf98affdd59c2aa418b38bc7fd":1:"ff426dd751190ff826e8b4a0792d746e":PSA_SUCCESS
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=20, TAG=14
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"74e9d9d7cd0728cea94e169af485f21f9d2447e022f16008f803dcf5c4f7cc0c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"ecba39edc96667da726122c0":"ae9ab021f86f5b81bb2e0fcbd4b855e1501e9f82":-1:"e5745ce0e02dbba05363b548c3ac7047eacca7e61db6f72fc9b9e5bdb2bb":-1:"0a0b284515694188b6b6c15bc8a09036":PSA_SUCCESS
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"74e9d9d7cd0728cea94e169af485f21f9d2447e022f16008f803dcf5c4f7cc0c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"ecba39edc96667da726122c0":"ae9ab021f86f5b81bb2e0fcbd4b855e1501e9f82":0:"e5745ce0e02dbba05363b548c3ac7047eacca7e61db6f72fc9b9e5bdb2bb":1:"0a0b284515694188b6b6c15bc8a09036":PSA_SUCCESS
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=13, AAD=0, TAG=14
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"60667fce64b8c7169ddf45f335e46951248f69abc4e0f4f292d0ffe3dfd5219f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"1057322a39f08ef761c3c8fc":"":-1:"501b033c841acb430c52d88fe9cb44c751f2f1641d1e801a534ac8":-1:"f386b28e7eb4c2fb8eb5dc66a2":PSA_SUCCESS
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"60667fce64b8c7169ddf45f335e46951248f69abc4e0f4f292d0ffe3dfd5219f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"1057322a39f08ef761c3c8fc":"":0:"501b033c841acb430c52d88fe9cb44c751f2f1641d1e801a534ac8":1:"f386b28e7eb4c2fb8eb5dc66a2":PSA_SUCCESS
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=13, AAD=20, TAG=15
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e67590da399cbcdcddcc56110562ade8665b50287a8ab38e8b9ee7520531b560":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"2c36ab6b686a66fba1805196":"823493d42f4f60b2d1433ad75eccaafd7e7c7d12":-1:"cff6b6f03c67152f3ce1030653d9bd9a6559f5b04b48d77c2a1fc364":-1:"da1c61fbfcdb73445ad4c7d889":PSA_SUCCESS
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e67590da399cbcdcddcc56110562ade8665b50287a8ab38e8b9ee7520531b560":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"2c36ab6b686a66fba1805196":"823493d42f4f60b2d1433ad75eccaafd7e7c7d12":0:"cff6b6f03c67152f3ce1030653d9bd9a6559f5b04b48d77c2a1fc364":1:"da1c61fbfcdb73445ad4c7d889":PSA_SUCCESS
 
 PSA Multipart AEAD encrypt: ChaCha20-Poly1305 (RFC7539)
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
-aead_multipart_encrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":-1:"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":-1:"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691"
+aead_multipart_encrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":1:"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":1:"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691"
 
 PSA Multipart AEAD encrypt: ChaCha20-Poly1305 (zero-length input)
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
-aead_multipart_encrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"":-1:"":-1:"a0784d7a4716f3feb4f64e7f4b39bf04"
+aead_multipart_encrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"":1:"":1:"a0784d7a4716f3feb4f64e7f4b39bf04"
 
 PSA Multipart AEAD decrypt: ChaCha20-Poly1305 (RFC7539, good tag)
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
-aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":-1:"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":-1:"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_SUCCESS
+aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":1:"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":1:"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_SUCCESS
 
 PSA Multipart AEAD decrypt: ChaCha20-Poly1305 (RFC7539, bad tag)
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
-aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":-1:"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600690":-1:"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_ERROR_INVALID_SIGNATURE
+aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":1:"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600690":1:"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_ERROR_INVALID_SIGNATURE
 
 PSA Multipart AEAD decrypt: ChaCha20-Poly1305 (good tag, zero-length input)
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
-aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"":-1:"a0784d7a4716f3feb4f64e7f4b39bf04":-1:"":PSA_SUCCESS
+aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"":1:"a0784d7a4716f3feb4f64e7f4b39bf04":1:"":PSA_SUCCESS
 
 PSA Multipart AEAD encrypt/decrypt: invalid algorithm (CTR)
 depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
-aead_multipart_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CTR:"000102030405060708090A0B0C0D0E0F":"":-1:"":-1:PSA_ERROR_INVALID_ARGUMENT
+aead_multipart_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CTR:"000102030405060708090A0B0C0D0E0F":"":0:"":1:PSA_ERROR_INVALID_ARGUMENT
 
 PSA Multipart AEAD encrypt/decrypt: invalid algorithm (ChaCha20)
 depends_on:MBEDTLS_CHACHA20_C
-aead_multipart_encrypt_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_STREAM_CIPHER:"":"":-1:"":-1:PSA_ERROR_INVALID_ARGUMENT
+aead_multipart_encrypt_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_STREAM_CIPHER:"":"":1:"":1:PSA_ERROR_INVALID_ARGUMENT
 
 PSA Multipart Nonce Generation, AES - GCM, CAVS 14.0, IV = 12
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 35b9760697..576d467008 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -264,6 +264,845 @@ typedef enum {
     DERIVE_KEY = 2
 } generate_method;
 
+static psa_status_t aead_multipart_encrypt_internal( int key_type_arg,
+                                                     data_t *key_data,
+                                                     int alg_arg,
+                                                     data_t *nonce,
+                                                     data_t *additional_data,
+                                                     int ad_part_len,
+                                                     data_t *input_data,
+                                                     int data_part_len,
+                                                     data_t *expected_result )
+{
+    mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
+    psa_key_type_t key_type = key_type_arg;
+    psa_algorithm_t alg = alg_arg;
+    psa_aead_operation_t operation;
+    unsigned char *output_data = NULL;
+    unsigned char *part_data = NULL;
+    unsigned char *final_data = NULL;
+    size_t output_size = 0;
+    size_t finish_output_size;
+    size_t part_data_size = 0;
+    size_t output_length = 0;
+    size_t key_bits = 0;
+    size_t tag_length = 0;
+    size_t tag_size = 0;
+    uint8_t tag_buffer[PSA_AEAD_TAG_MAX_SIZE];
+    uint32_t part_offset = 0;
+    size_t part_length = 0;
+    size_t output_part_length = 0;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+    psa_status_t status = PSA_ERROR_GENERIC_ERROR;
+
+    PSA_ASSERT( psa_crypto_init( ) );
+
+    psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT  );
+    psa_set_key_algorithm( &attributes, alg );
+    psa_set_key_type( &attributes, key_type );
+
+    PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+                                &key ) );
+
+    PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
+    key_bits = psa_get_key_bits( &attributes );
+
+    tag_length = PSA_AEAD_TAG_LENGTH( key_type, key_bits, alg );
+
+    TEST_ASSERT( tag_length <= PSA_AEAD_TAG_MAX_SIZE );
+
+    output_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg,
+                                               ( input_data->len +
+                                                tag_length ) );
+
+    ASSERT_ALLOC( output_data, output_size );
+
+    finish_output_size = PSA_AEAD_FINISH_OUTPUT_SIZE( key_type, alg );
+
+    TEST_ASSERT( finish_output_size <= PSA_AEAD_FINISH_OUTPUT_MAX_SIZE );
+
+    ASSERT_ALLOC( final_data, finish_output_size );
+
+    operation = psa_aead_operation_init( );
+
+    status = psa_aead_encrypt_setup( &operation, key, alg );
+
+    /* If the operation is not supported, just skip and not fail in case the
+     * encryption involves a common limitation of cryptography hardwares and
+     * an alternative implementation. */
+    if( status == PSA_ERROR_NOT_SUPPORTED )
+    {
+        MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 );
+        MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce->len );
+    }
+
+    PSA_ASSERT( status );
+
+    PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) );
+
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
+    if( operation.alg == PSA_ALG_GCM )
+    {
+        PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len,
+                                          input_data->len ) );
+    }
+#endif
+
+    if( ad_part_len != -1 )
+    {
+        /* Pass additional data in parts */
+        part_offset = 0;
+
+        while( part_offset < additional_data->len )
+        {
+            if( additional_data->len - part_offset < ( uint32_t ) ad_part_len )
+            {
+                part_length = additional_data->len - part_offset;
+            }
+            else
+            {
+                part_length = ad_part_len;
+            }
+
+            PSA_ASSERT( psa_aead_update_ad( &operation,
+                                            additional_data->x + part_offset,
+                                            part_length ) );
+
+            part_offset += part_length;
+        }
+    }
+    else
+    {
+        /* Pass additional data in one go. */
+        PSA_ASSERT( psa_aead_update_ad( &operation, additional_data->x,
+                                        additional_data->len ) );
+    }
+
+    if( data_part_len != -1 )
+    {
+        /* Pass data in parts */
+        part_data_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg,
+                                                    ( size_t ) data_part_len );
+
+        ASSERT_ALLOC( part_data, part_data_size );
+
+        part_offset = 0;
+
+        while( part_offset < input_data->len )
+        {
+            if( input_data->len - part_offset < ( uint32_t ) data_part_len )
+            {
+                part_length = input_data->len - part_offset;
+            }
+            else
+            {
+                part_length = data_part_len;
+            }
+
+            PSA_ASSERT( psa_aead_update( &operation,
+                                         ( input_data->x + part_offset ),
+                                         part_length, part_data,
+                                         part_data_size,
+                                         &output_part_length ) );
+
+            if( output_data && output_part_length )
+            {
+                memcpy( ( output_data + part_offset ), part_data,
+                        output_part_length );
+            }
+
+            part_offset += part_length;
+            output_length += output_part_length;
+        }
+    }
+    else
+    {
+        /* Pass whole data in one go */
+        PSA_ASSERT( psa_aead_update( &operation, input_data->x,
+                                     input_data->len, output_data,
+                                     output_size, &output_length ) );
+    }
+
+    PSA_ASSERT( psa_aead_finish( &operation, final_data,
+                                 finish_output_size,
+                                 &output_part_length,
+                                 tag_buffer, tag_length,
+                                 &tag_size ) );
+
+    if( output_data && output_part_length )
+    {
+        memcpy( ( output_data + output_length ), final_data,
+                output_part_length );
+    }
+
+    TEST_EQUAL( tag_length, tag_size );
+
+    output_length += output_part_length;
+
+    if( output_data && tag_length )
+    {
+        memcpy( ( output_data + output_length ), tag_buffer, tag_length );
+    }
+
+    output_length += tag_length;
+
+    /* For all currently defined algorithms, PSA_AEAD_ENCRYPT_OUTPUT_SIZE
+     * should be exact. */
+    TEST_EQUAL( output_length,
+                PSA_AEAD_ENCRYPT_OUTPUT_SIZE( key_type, alg,
+                                              input_data->len ) );
+    TEST_ASSERT( output_length <=
+                     PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE( input_data->len ) );
+
+    ASSERT_COMPARE( expected_result->x, expected_result->len,
+                    output_data, output_length );
+
+exit:
+    psa_destroy_key( key );
+    psa_aead_abort( &operation );
+    mbedtls_free( output_data );
+    mbedtls_free( part_data );
+    mbedtls_free( final_data );
+    PSA_DONE( );
+
+    return( status );
+}
+
+void aead_multipart_decrypt_internal( int key_type_arg, data_t *key_data,
+                                      int alg_arg,
+                                      data_t *nonce,
+                                      data_t *additional_data,
+                                      int ad_part_len,
+                                      data_t *input_data,
+                                      int data_part_len,
+                                      data_t *expected_data,
+                                      int expected_result_arg )
+{
+    mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
+    psa_key_type_t key_type = key_type_arg;
+    psa_algorithm_t alg = alg_arg;
+    psa_aead_operation_t operation;
+    unsigned char *output_data = NULL;
+    unsigned char *part_data = NULL;
+    unsigned char *final_data = NULL;
+    size_t part_data_size;
+    size_t output_size = 0;
+    size_t verify_output_size = 0;
+    size_t output_length = 0;
+    size_t key_bits = 0;
+    size_t tag_length = 0;
+    uint32_t part_offset = 0;
+    size_t part_length = 0;
+    size_t output_part_length = 0;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+    psa_status_t expected_result = expected_result_arg;
+    psa_status_t status = PSA_ERROR_GENERIC_ERROR;
+
+    PSA_ASSERT( psa_crypto_init( ) );
+
+    psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT  );
+    psa_set_key_algorithm( &attributes, alg );
+    psa_set_key_type( &attributes, key_type );
+
+    PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+                                &key ) );
+
+    PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
+    key_bits = psa_get_key_bits( &attributes );
+
+    tag_length = PSA_AEAD_TAG_LENGTH( key_type, key_bits, alg );
+
+    output_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg,
+                                               ( input_data->len -
+                                                tag_length ) );
+
+    ASSERT_ALLOC( output_data, output_size );
+
+    verify_output_size = PSA_AEAD_VERIFY_OUTPUT_SIZE( key_type, alg );
+    TEST_ASSERT( verify_output_size <= PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE );
+    ASSERT_ALLOC( final_data, verify_output_size );
+
+    operation = psa_aead_operation_init( );
+
+    status = psa_aead_decrypt_setup( &operation, key, alg );
+
+    /* If the operation is not supported, just skip and not fail in case the
+     * encryption involves a common limitation of cryptography hardwares and
+     * an alternative implementation. */
+    if( status == PSA_ERROR_NOT_SUPPORTED )
+    {
+        MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 );
+        MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce->len );
+    }
+
+    if( status != PSA_SUCCESS )
+    {
+        TEST_EQUAL( status, expected_result_arg );
+        goto exit;
+    }
+
+    status = psa_aead_set_nonce( &operation, nonce->x, nonce->len );
+
+    if( status != PSA_SUCCESS )
+    {
+        TEST_EQUAL( status, expected_result_arg );
+        goto exit;
+    }
+
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
+    if( operation.alg == PSA_ALG_GCM )
+    {
+        status = psa_aead_set_lengths( &operation, additional_data->len,
+                                       ( input_data->len - tag_length ) );
+
+        if( status != PSA_SUCCESS )
+        {
+            TEST_EQUAL( status, expected_result_arg );
+            goto exit;
+        }
+    }
+#endif
+
+    if( ad_part_len != -1 )
+    {
+        part_offset = 0;
+
+        while( part_offset < additional_data->len )
+        {
+            if( additional_data->len - part_offset < ( uint32_t ) ad_part_len )
+            {
+                part_length = additional_data->len - part_offset;
+            }
+            else
+            {
+                part_length = ad_part_len;
+            }
+
+            status = psa_aead_update_ad( &operation,
+                                         additional_data->x + part_offset,
+                                         part_length );
+
+            if( status != PSA_SUCCESS )
+            {
+                TEST_EQUAL( status, expected_result_arg );
+                goto exit;
+            }
+
+            part_offset += part_length;
+        }
+    }
+    else
+    {
+        status = psa_aead_update_ad( &operation, additional_data->x,
+                                     additional_data->len );
+
+        if( status != PSA_SUCCESS )
+        {
+            TEST_EQUAL( status, expected_result_arg );
+            goto exit;
+        }
+    }
+
+    if( data_part_len != -1 )
+    {
+        /* Pass data in parts */
+        part_data_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg,
+                                                      ( size_t ) data_part_len );
+
+        ASSERT_ALLOC( part_data, part_data_size );
+
+        part_offset = 0;
+
+        while( part_offset < ( input_data->len - tag_length) )
+        {
+            if( (input_data->len - tag_length - part_offset ) <
+                    ( uint32_t ) data_part_len )
+            {
+                part_length = ( input_data->len - tag_length - part_offset );
+            }
+            else
+            {
+                part_length = data_part_len;
+            }
+
+            status = psa_aead_update( &operation,
+                                      ( input_data->x + part_offset ),
+                                      part_length, part_data,
+                                      part_data_size, &output_part_length );
+
+            if( status != PSA_SUCCESS )
+            {
+                TEST_EQUAL( status, expected_result_arg );
+                goto exit;
+            }
+
+            if( output_data && output_part_length )
+            {
+                memcpy( ( output_data + part_offset ), part_data,
+                        output_part_length );
+            }
+
+            part_offset += part_length;
+            output_length += output_part_length;
+        }
+    }
+    else
+    {
+        status = psa_aead_update( &operation, input_data->x,
+                                  ( input_data->len - tag_length ), output_data,
+                                  output_size, &output_length );
+
+        if( status != PSA_SUCCESS )
+        {
+            TEST_EQUAL( status, expected_result_arg );
+            goto exit;
+        }
+    }
+
+    status = psa_aead_verify( &operation, final_data,
+                              verify_output_size,
+                              &output_part_length,
+                              ( input_data->x + input_data->len - tag_length ),
+                              tag_length );
+
+    if( status != PSA_SUCCESS )
+    {
+        TEST_EQUAL( status, expected_result_arg );
+        goto exit;
+    }
+
+    if( output_data && output_part_length )
+    {
+        memcpy( ( output_data + output_length ), final_data,
+                output_part_length );
+    }
+
+    output_length += output_part_length;
+
+    if( expected_result != PSA_ERROR_INVALID_ARGUMENT )
+    {
+        /* For all currently defined algorithms, PSA_AEAD_DECRYPT_OUTPUT_SIZE
+         * should be exact. */
+        TEST_EQUAL( output_length,
+                    PSA_AEAD_DECRYPT_OUTPUT_SIZE( key_type, alg,
+                                                  input_data->len ) );
+        TEST_ASSERT( output_length <=
+                         PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE( input_data->len ) );
+    }
+
+    if( expected_result == PSA_SUCCESS )
+    {
+        ASSERT_COMPARE( expected_data->x, expected_data->len,
+                        output_data, output_length );
+    }
+
+exit:
+    psa_destroy_key( key );
+    psa_aead_abort( &operation );
+    mbedtls_free( output_data );
+    mbedtls_free( part_data );
+    mbedtls_free( final_data );
+    PSA_DONE( );
+}
+
+void aead_multipart_encrypt_decrypt_internal( int key_type_arg,
+                                              data_t *key_data,
+                                              int alg_arg,
+                                              data_t *nonce,
+                                              data_t *additional_data,
+                                              int ad_part_len,
+                                              data_t *input_data,
+                                              int data_part_len,
+                                              int expected_status_arg )
+{
+    mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
+    psa_key_type_t key_type = key_type_arg;
+    psa_algorithm_t alg = alg_arg;
+    psa_aead_operation_t operation;
+    unsigned char *output_data = NULL;
+    unsigned char *part_data = NULL;
+    unsigned char *final_data = NULL;
+    size_t part_data_size;
+    size_t output_size = 0;
+    size_t finish_output_size = 0;
+    size_t output_length = 0;
+    unsigned char *output_data2 = NULL;
+    size_t output_size2 = 0;
+    size_t output_length2 = 0;
+    size_t key_bits = 0;
+    size_t tag_length = 0;
+    size_t tag_size = 0;
+    size_t nonce_length = 0;
+    uint8_t nonce_buffer[PSA_AEAD_NONCE_MAX_SIZE];
+    uint8_t tag_buffer[PSA_AEAD_TAG_MAX_SIZE];
+    uint32_t part_offset = 0;
+    size_t part_length = 0;
+    size_t output_part_length = 0;
+    psa_status_t status = PSA_ERROR_GENERIC_ERROR;
+    psa_status_t expected_status = expected_status_arg;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+    PSA_ASSERT( psa_crypto_init( ) );
+
+    psa_set_key_usage_flags( &attributes,
+                             PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
+    psa_set_key_algorithm( &attributes, alg );
+    psa_set_key_type( &attributes, key_type );
+
+    PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+                                &key ) );
+
+    PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
+    key_bits = psa_get_key_bits( &attributes );
+
+    tag_length = PSA_AEAD_TAG_LENGTH( key_type, key_bits, alg );
+
+    TEST_ASSERT( tag_length <= PSA_AEAD_TAG_MAX_SIZE );
+
+    output_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, input_data->len );
+
+    ASSERT_ALLOC( output_data, output_size );
+
+    finish_output_size = PSA_AEAD_FINISH_OUTPUT_SIZE( key_type, alg );
+
+    TEST_ASSERT( finish_output_size <= PSA_AEAD_FINISH_OUTPUT_MAX_SIZE );
+
+    ASSERT_ALLOC( final_data, finish_output_size );
+
+    operation = psa_aead_operation_init( );
+
+    status = psa_aead_encrypt_setup( &operation, key, alg );
+
+    /* If the operation is not supported, just skip and not fail in case the
+     * encryption involves a common limitation of cryptography hardwares and
+     * an alternative implementation. */
+    if( status == PSA_ERROR_NOT_SUPPORTED )
+    {
+        MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 );
+        MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce->len );
+    }
+
+    if( status != PSA_SUCCESS )
+    {
+        TEST_EQUAL( status, expected_status );
+        goto exit;
+    }
+
+    nonce_length = nonce->len;
+    status = psa_aead_set_nonce( &operation, nonce->x, nonce->len );
+
+    if( status != PSA_SUCCESS )
+    {
+        TEST_EQUAL( status, expected_status );
+        goto exit;
+    }
+
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
+    if( operation.alg == PSA_ALG_GCM )
+    {
+        status = psa_aead_set_lengths( &operation, additional_data->len,
+                                       input_data->len );
+
+        if( status != PSA_SUCCESS )
+        {
+            TEST_EQUAL( status, expected_status );
+            goto exit;
+        }
+    }
+#endif
+
+    if( ad_part_len != -1 )
+    {
+        part_offset = 0;
+
+        while( part_offset < additional_data->len )
+        {
+            if( additional_data->len - part_offset < ( uint32_t ) ad_part_len )
+            {
+                part_length = additional_data->len - part_offset;
+            }
+            else
+            {
+                part_length = ad_part_len;
+            }
+
+            status = psa_aead_update_ad( &operation,
+                                         additional_data->x + part_offset,
+                                         part_length );
+
+            if( status != PSA_SUCCESS )
+            {
+                TEST_EQUAL( status, expected_status );
+                goto exit;
+            }
+
+            part_offset += part_length;
+        }
+    }
+    else
+    {
+        status = psa_aead_update_ad( &operation, additional_data->x,
+                                     additional_data->len );
+
+        if( status != PSA_SUCCESS )
+        {
+            TEST_EQUAL( status, expected_status );
+            goto exit;
+        }
+    }
+
+    if( data_part_len != -1 )
+    {
+        /* Pass data in parts */
+        part_data_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg,
+                                                      ( size_t ) data_part_len );
+
+        ASSERT_ALLOC( part_data, part_data_size );
+
+        part_offset = 0;
+
+        while( part_offset < input_data->len )
+        {
+            if( input_data->len - part_offset < ( uint32_t ) data_part_len )
+            {
+                part_length = input_data->len - part_offset;
+            }
+            else
+            {
+                part_length = data_part_len;
+            }
+
+            status = psa_aead_update( &operation,
+                                      ( input_data->x + part_offset ),
+                                      part_length, part_data,
+                                      part_data_size, &output_part_length );
+
+            if( status != PSA_SUCCESS )
+            {
+                TEST_EQUAL( status, expected_status );
+                goto exit;
+            }
+
+            if( output_data && output_part_length )
+            {
+                memcpy( ( output_data + part_offset ), part_data,
+                        output_part_length );
+            }
+
+            part_offset += part_length;
+            output_length += output_part_length;
+        }
+    }
+    else
+    {
+        status = psa_aead_update( &operation, input_data->x,
+                                  input_data->len, output_data,
+                                  output_size, &output_length );
+
+        if( status != PSA_SUCCESS )
+        {
+            TEST_EQUAL( status, expected_status );
+            goto exit;
+        }
+    }
+
+    status = psa_aead_finish( &operation, final_data,
+                              finish_output_size,
+                              &output_part_length,
+                              tag_buffer, tag_length,
+                              &tag_size );
+
+    if( status != PSA_SUCCESS )
+    {
+        TEST_EQUAL( status, expected_status );
+        goto exit;
+    }
+
+    if( output_data && output_part_length )
+    {
+        memcpy( ( output_data + output_length ), final_data,
+                output_part_length );
+    }
+
+    output_length += output_part_length;
+
+    /* For all currently defined algorithms, PSA_AEAD_ENCRYPT_OUTPUT_SIZE
+     * should be exact. */
+    if( expected_status != PSA_ERROR_INVALID_ARGUMENT )
+    {
+        TEST_EQUAL( ( output_length + tag_length ),
+                    PSA_AEAD_ENCRYPT_OUTPUT_SIZE( key_type, alg,
+                                                  input_data->len ) );
+    }
+
+    TEST_EQUAL( tag_length, tag_size );
+
+    if( PSA_SUCCESS == expected_status )
+    {
+        output_size2 = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg,
+                                                    output_length );
+        ASSERT_ALLOC( output_data2, output_size2 );
+
+        /* For all currently defined algorithms, PSA_AEAD_DECRYPT_OUTPUT_SIZE
+         * should be exact. */
+        TEST_EQUAL( input_data->len,
+                    PSA_AEAD_DECRYPT_OUTPUT_SIZE( key_type, alg,
+                                                  ( output_length +
+                                                   tag_length ) ) );
+
+        TEST_ASSERT( input_data->len <=
+                         PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE( output_length +
+                                                           tag_length ) );
+
+        operation = psa_aead_operation_init( );
+
+        status = psa_aead_decrypt_setup( &operation, key, alg );
+
+        /* If the operation is not supported, just skip and not fail in case the
+         * encryption involves a common limitation of cryptography hardwares and
+         * an alternative implementation. */
+        if( status == PSA_ERROR_NOT_SUPPORTED )
+        {
+            MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 );
+            MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg,
+                                                                nonce->len );
+        }
+
+        TEST_EQUAL( status, expected_status );
+
+        if( nonce->len == 0 )
+        {
+            /* Use previously generated nonce. */
+            status = psa_aead_set_nonce( &operation, nonce_buffer,
+                                         nonce_length );
+        }
+        else
+        {
+            nonce_length = nonce->len;
+            status = psa_aead_set_nonce( &operation, nonce->x, nonce->len );
+        }
+
+        if( status != PSA_SUCCESS )
+        {
+            TEST_EQUAL( status, expected_status);
+        }
+
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
+        if( operation.alg == PSA_ALG_GCM )
+        {
+            status = psa_aead_set_lengths( &operation, additional_data->len,
+                                           output_length );
+
+            if( status != PSA_SUCCESS )
+            {
+                TEST_EQUAL( status, expected_status );
+            }
+        }
+#endif
+
+        if( ad_part_len != -1 )
+        {
+            part_offset = 0;
+
+            while( part_offset < additional_data->len )
+            {
+                if( additional_data->len - part_offset <
+                        ( uint32_t ) ad_part_len )
+                {
+                    part_length = additional_data->len - part_offset;
+                }
+                else
+                {
+                    part_length = ad_part_len;
+                }
+
+                PSA_ASSERT( psa_aead_update_ad( &operation,
+                                                additional_data->x +
+                                                part_offset,
+                                                part_length ) );
+
+                part_offset += part_length;
+            }
+        }
+        else
+        {
+            PSA_ASSERT( psa_aead_update_ad( &operation, additional_data->x,
+                                            additional_data->len ) );
+        }
+
+        if( data_part_len != -1 )
+        {
+            /* Pass data in parts */
+            part_data_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg,
+                                                     ( size_t ) data_part_len );
+
+            part_data = NULL;
+            ASSERT_ALLOC( part_data, part_data_size );
+
+            part_offset = 0;
+
+            while( part_offset < output_length )
+            {
+                if( ( output_length - part_offset ) <
+                    ( uint32_t ) data_part_len )
+                {
+                    part_length = ( output_length - part_offset );
+                }
+                else
+                {
+                    part_length = data_part_len;
+                }
+
+                PSA_ASSERT( psa_aead_update( &operation,
+                                             ( output_data + part_offset ),
+                                             part_length, part_data,
+                                             part_data_size,
+                                             &output_part_length ) );
+
+                if( output_data2 && output_part_length )
+                {
+                    memcpy( ( output_data2 + part_offset ),
+                            part_data, output_part_length );
+                }
+
+                part_offset += part_length;
+                output_length2 += output_part_length;
+            }
+        }
+        else
+        {
+            PSA_ASSERT( psa_aead_update( &operation, output_data,
+                                         output_length, output_data2,
+                                         output_size2, &output_length2 ) );
+        }
+
+        PSA_ASSERT( psa_aead_verify( &operation, final_data,
+                                     finish_output_size,
+                                     &output_part_length,
+                                     tag_buffer, tag_length ) );
+
+        if( output_data2 && output_part_length )
+        {
+            memcpy( ( output_data2 + output_length2 ), final_data,
+                    output_part_length );
+        }
+
+        output_length2 += output_part_length;
+
+        ASSERT_COMPARE( input_data->x, input_data->len,
+                        output_data2, output_length2 );
+    }
+
+exit:
+    psa_destroy_key( key );
+    psa_aead_abort( &operation );
+    mbedtls_free( output_data );
+    mbedtls_free( output_data2 );
+    mbedtls_free( part_data );
+    mbedtls_free( final_data );
+    PSA_DONE( );
+}
+
 /* END_HEADER */
 
 /* BEGIN_DEPENDENCIES
@@ -3157,201 +3996,46 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data,
                              int alg_arg,
                              data_t *nonce,
                              data_t *additional_data,
-                             int ad_part_len,
+                             int test_ad_mp_arg,
                              data_t *input_data,
-                             int data_part_len,
-                             data_t *expected_result )
+                             int test_data_mp_arg,
+                             data_t *expected_result_arg )
 {
-    mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
-    psa_key_type_t key_type = key_type_arg;
-    psa_algorithm_t alg = alg_arg;
-    psa_aead_operation_t operation;
-    unsigned char *output_data = NULL;
-    unsigned char *part_data = NULL;
-    unsigned char *final_data = NULL;
-    size_t output_size = 0;
-    size_t finish_output_size;
-    size_t part_data_size = 0;
-    size_t output_length = 0;
-    size_t key_bits = 0;
-    size_t tag_length = 0;
-    size_t tag_size = 0;
-    uint8_t tag_buffer[PSA_AEAD_TAG_MAX_SIZE];
-    uint32_t part_offset = 0;
-    size_t part_length = 0;
-    size_t output_part_length = 0;
-    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
-    psa_status_t status = PSA_ERROR_GENERIC_ERROR;
+    size_t ad_part_len = 0;
+    size_t data_part_len = 0;
 
-    PSA_ASSERT( psa_crypto_init( ) );
-
-    psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT  );
-    psa_set_key_algorithm( &attributes, alg );
-    psa_set_key_type( &attributes, key_type );
-
-    PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
-                                &key ) );
-
-    PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
-    key_bits = psa_get_key_bits( &attributes );
-
-    tag_length = PSA_AEAD_TAG_LENGTH( key_type, key_bits, alg );
-
-    TEST_ASSERT( tag_length <= PSA_AEAD_TAG_MAX_SIZE );
-
-    output_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg,
-                                               ( input_data->len +
-                                                 tag_length ) );
-
-    ASSERT_ALLOC( output_data, output_size );
-
-    finish_output_size = PSA_AEAD_FINISH_OUTPUT_SIZE( key_type, alg );
-
-    TEST_ASSERT( finish_output_size <= PSA_AEAD_FINISH_OUTPUT_MAX_SIZE );
-
-    ASSERT_ALLOC( final_data, finish_output_size );
-
-    operation = psa_aead_operation_init( );
-
-    status = psa_aead_encrypt_setup( &operation, key, alg );
-
-    /* If the operation is not supported, just skip and not fail in case the
-     * encryption involves a common limitation of cryptography hardwares and
-     * an alternative implementation. */
-    if( status == PSA_ERROR_NOT_SUPPORTED )
+    if( test_ad_mp_arg == 1 )
     {
-        MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 );
-        MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce->len );
-    }
-
-    PSA_ASSERT( status );
-
-    PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) );
-
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
-    if( operation.alg == PSA_ALG_GCM )
-    {
-        PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len,
-                                          input_data->len ) );
-    }
-#endif
-
-    if( ad_part_len != -1 )
-    {
-        /* Pass addtional data in parts */
-        part_offset = 0;
-
-        while( part_offset <= additional_data->len)
+        for( ad_part_len = 1; ad_part_len <= additional_data->len;
+             ad_part_len++ )
         {
-            if( additional_data->len - part_offset < ( uint32_t ) ad_part_len )
-            {
-                part_length = additional_data->len - part_offset;
-            }
-            else
-            {
-                part_length = ad_part_len;
-            }
+            mbedtls_test_set_step( ad_part_len );
 
-            PSA_ASSERT( psa_aead_update_ad( &operation,
-                                            additional_data->x + part_offset,
-                                            part_length ) );
-
-            part_offset += part_length;
+            aead_multipart_encrypt_internal( key_type_arg, key_data,
+                                             alg_arg,nonce,
+                                             additional_data,
+                                             ad_part_len,
+                                             input_data, -1,
+                                             expected_result_arg );
         }
     }
-    else
+
+    if( test_data_mp_arg == 1 )
     {
-        /* Pass additional data in one go. */
-        PSA_ASSERT( psa_aead_update_ad(&operation, additional_data->x,
-                                       additional_data->len) );
-    }
-
-    if( data_part_len != -1 )
-    {
-        /* Pass data in parts */
-        part_data_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg,
-                                                     ( size_t ) data_part_len );
-
-        ASSERT_ALLOC( part_data, part_data_size );
-
-        part_offset = 0;
-
-        while( part_offset <= input_data->len)
+        for( data_part_len = 1; data_part_len <= input_data->len;
+             data_part_len++ )
         {
-            if( input_data->len - part_offset < ( uint32_t ) data_part_len )
-            {
-                part_length = input_data->len - part_offset;
-            }
-            else
-            {
-                part_length = data_part_len;
-            }
-
-            PSA_ASSERT( psa_aead_update( &operation,
-                                         ( input_data->x + part_offset ),
-                                         part_length, part_data,
-                                         part_data_size,
-                                         &output_part_length ) );
-
-            if( output_data && output_part_length )
-            {
-                memcpy( ( output_data + part_offset ), part_data,
-                        output_part_length );
-            }
-
-            part_offset += part_length;
-            output_length += output_part_length;
+            aead_multipart_encrypt_internal( key_type_arg, key_data,
+                                             alg_arg, nonce,
+                                             additional_data, -1,
+                                             input_data, data_part_len,
+                                             expected_result_arg );
         }
     }
-    else
-    {
-        /* Pass whole data in one go */
-        PSA_ASSERT( psa_aead_update( &operation, input_data->x,
-                                         input_data->len, output_data,
-                                         output_size, &output_length ) );
-    }
 
-    PSA_ASSERT( psa_aead_finish( &operation, final_data,
-                                 finish_output_size,
-                                 &output_part_length,
-                                 tag_buffer, tag_length,
-                                 &tag_size ) );
-
-    if( output_data && output_part_length )
-    {
-        memcpy( ( output_data + output_length ), final_data,
-                output_part_length );
-    }
-
-    TEST_EQUAL(tag_length, tag_size);
-
-    output_length += output_part_length;
-
-    if( output_data && tag_length )
-    {
-        memcpy( ( output_data + output_length ), tag_buffer, tag_length );
-    }
-
-    output_length += tag_length;
-
-    /* For all currently defined algorithms, PSA_AEAD_ENCRYPT_OUTPUT_SIZE
-     * should be exact. */
-    TEST_EQUAL( output_length,
-                PSA_AEAD_ENCRYPT_OUTPUT_SIZE( key_type, alg,
-                                              input_data->len ) );
-    TEST_ASSERT( output_length <=
-                 PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE( input_data->len ) );
-
-    ASSERT_COMPARE( expected_result->x, expected_result->len,
-                    output_data, output_length );
+    goto exit;
 
 exit:
-    psa_destroy_key( key );
-    psa_aead_abort( &operation );
-    mbedtls_free( output_data );
-    mbedtls_free( part_data );
-    mbedtls_free( final_data );
-    PSA_DONE( );
 }
 /* END_CASE */
 
@@ -3360,395 +4044,46 @@ void aead_multipart_encrypt_decrypt( int key_type_arg, data_t *key_data,
                                      int alg_arg,
                                      data_t *nonce,
                                      data_t *additional_data,
-                                     int ad_part_len,
+                                     int test_ad_mp_arg,
                                      data_t *input_data,
-                                     int data_part_len,
-                                     int expected_result_arg )
+                                     int test_data_mp_arg,
+                                     int expected_status_arg )
 {
-    mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
-    psa_key_type_t key_type = key_type_arg;
-    psa_algorithm_t alg = alg_arg;
-    psa_aead_operation_t operation;
-    unsigned char *output_data = NULL;
-    unsigned char *part_data = NULL;
-    unsigned char *final_data = NULL;
-    size_t part_data_size;
-    size_t output_size = 0;
-    size_t finish_output_size = 0;
-    size_t output_length = 0;
-    unsigned char *output_data2 = NULL;
-    size_t output_size2 = 0;
-    size_t output_length2 = 0;
-    size_t key_bits = 0;
-    size_t tag_length = 0;
-    size_t tag_size = 0;
-    size_t nonce_length = 0;
-    uint8_t nonce_buffer[PSA_AEAD_NONCE_MAX_SIZE];
-    uint8_t tag_buffer[PSA_AEAD_TAG_MAX_SIZE];
-    uint32_t part_offset = 0;
-    size_t part_length = 0;
-    size_t output_part_length = 0;
-    psa_status_t status = PSA_ERROR_GENERIC_ERROR;
-    psa_status_t expected_result = expected_result_arg;
-    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+    size_t ad_part_len = 0;
+    size_t data_part_len = 0;
 
-    PSA_ASSERT( psa_crypto_init( ) );
-
-    psa_set_key_usage_flags( &attributes,
-                             PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
-    psa_set_key_algorithm( &attributes, alg );
-    psa_set_key_type( &attributes, key_type );
-
-    PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
-                                &key ) );
-
-    PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
-    key_bits = psa_get_key_bits( &attributes );
-
-    tag_length = PSA_AEAD_TAG_LENGTH( key_type, key_bits, alg );
-
-    TEST_ASSERT( tag_length <= PSA_AEAD_TAG_MAX_SIZE );
-
-    output_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, input_data->len );
-
-    ASSERT_ALLOC( output_data, output_size );
-
-    finish_output_size = PSA_AEAD_FINISH_OUTPUT_SIZE( key_type, alg );
-
-    TEST_ASSERT( finish_output_size <= PSA_AEAD_FINISH_OUTPUT_MAX_SIZE );
-
-    ASSERT_ALLOC( final_data, finish_output_size );
-
-    operation = psa_aead_operation_init( );
-
-    status = psa_aead_encrypt_setup( &operation, key, alg );
-
-    /* If the operation is not supported, just skip and not fail in case the
-     * encryption involves a common limitation of cryptography hardwares and
-     * an alternative implementation. */
-    if( status == PSA_ERROR_NOT_SUPPORTED )
+    if( test_ad_mp_arg == 1 )
     {
-        MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 );
-        MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce->len );
-    }
-
-    if( status != PSA_SUCCESS )
-    {
-        TEST_EQUAL( status, expected_result_arg );
-        goto exit;
-    }
-
-    nonce_length = nonce->len;
-    status = psa_aead_set_nonce( &operation, nonce->x, nonce->len );
-
-    if( status != PSA_SUCCESS )
-    {
-        TEST_EQUAL( status, expected_result_arg );
-        goto exit;
-    }
-
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
-    if( operation.alg == PSA_ALG_GCM )
-    {
-        status = psa_aead_set_lengths( &operation, additional_data->len,
-                                       input_data->len );
-
-        if( status != PSA_SUCCESS )
+        for( ad_part_len = 1; ad_part_len <= additional_data->len;
+             ad_part_len++ )
         {
-            TEST_EQUAL( status, expected_result_arg );
-            goto exit;
-        }
-    }
-#endif
+            mbedtls_test_set_step( ad_part_len );
 
-    if( ad_part_len != -1 )
-    {
-        part_offset = 0;
-
-        while( part_offset <= additional_data->len)
-        {
-            if( additional_data->len - part_offset < ( uint32_t ) ad_part_len )
-            {
-                part_length = additional_data->len - part_offset;
-            }
-            else
-            {
-                part_length = ad_part_len;
-            }
-
-            status = psa_aead_update_ad( &operation,
-                                         additional_data->x + part_offset,
-                                         part_length );
-
-            if( status != PSA_SUCCESS )
-            {
-                TEST_EQUAL( status, expected_result_arg );
-                goto exit;
-            }
-
-            part_offset += part_length;
-        }
-    }
-    else
-    {
-        status = psa_aead_update_ad(&operation, additional_data->x,
-                                    additional_data->len);
-
-        if( status != PSA_SUCCESS )
-        {
-            TEST_EQUAL( status, expected_result_arg );
-            goto exit;
+            aead_multipart_encrypt_decrypt_internal( key_type_arg, key_data,
+                                                     alg_arg, nonce,
+                                                     additional_data,
+                                                     ad_part_len,
+                                                     input_data, -1,
+                                                     expected_status_arg );
         }
     }
 
-    if( data_part_len != -1 )
+    if( test_data_mp_arg == 1 )
     {
-        /* Pass data in parts */
-        part_data_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg,
-                                                     ( size_t ) data_part_len );
-
-        ASSERT_ALLOC( part_data, part_data_size );
-
-        part_offset = 0;
-
-        while( part_offset <= input_data->len)
+        for( data_part_len = 1; data_part_len <= input_data->len;
+             data_part_len++ )
         {
-            if( input_data->len - part_offset < ( uint32_t ) data_part_len )
-            {
-                part_length = input_data->len - part_offset;
-            }
-            else
-            {
-                part_length = data_part_len;
-            }
-
-            status = psa_aead_update( &operation,
-                                      ( input_data->x + part_offset ),
-                                      part_length, part_data,
-                                      part_data_size, &output_part_length );
-
-            if( status != PSA_SUCCESS )
-            {
-                TEST_EQUAL( status, expected_result_arg );
-                goto exit;
-            }
-
-            if( output_data && output_part_length )
-            {
-                memcpy( ( output_data + part_offset ), part_data,
-                        output_part_length );
-            }
-
-            part_offset += part_length;
-            output_length += output_part_length;
-        }
-    }
-    else
-    {
-        status = psa_aead_update( &operation, input_data->x,
-                                         input_data->len, output_data,
-                                         output_size, &output_length );
-
-        if( status != PSA_SUCCESS )
-        {
-            TEST_EQUAL( status, expected_result_arg );
-            goto exit;
+            aead_multipart_encrypt_decrypt_internal( key_type_arg, key_data,
+                                                     alg_arg, nonce,
+                                                     additional_data, -1,
+                                                     input_data, data_part_len,
+                                                     expected_status_arg );
         }
     }
 
-    status = psa_aead_finish( &operation, final_data,
-                              finish_output_size,
-                              &output_part_length,
-                              tag_buffer, tag_length,
-                              &tag_size );
-
-    if( status != PSA_SUCCESS )
-    {
-        TEST_EQUAL( status, expected_result_arg );
-        goto exit;
-    }
-
-    if( output_data &&output_part_length )
-    {
-        memcpy( ( output_data + output_length ), final_data,
-                output_part_length );
-    }
-
-    output_length += output_part_length;
-
-    /* For all currently defined algorithms, PSA_AEAD_ENCRYPT_OUTPUT_SIZE
-     * should be exact. */
-    if( expected_result != PSA_ERROR_INVALID_ARGUMENT )
-        TEST_EQUAL( ( output_length + tag_length ),
-                    PSA_AEAD_ENCRYPT_OUTPUT_SIZE( key_type, alg,
-                                                  input_data->len ) );
-
-    TEST_EQUAL(tag_length, tag_size);
-
-    if( PSA_SUCCESS == expected_result )
-    {
-        output_size2 = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg,
-                                                    output_length );
-        ASSERT_ALLOC( output_data2, output_size2 );
-
-        /* For all currently defined algorithms, PSA_AEAD_DECRYPT_OUTPUT_SIZE
-         * should be exact. */
-        TEST_EQUAL( input_data->len,
-                    PSA_AEAD_DECRYPT_OUTPUT_SIZE( key_type, alg,
-                                                  ( output_length +
-                                                    tag_length ) ) );
-
-        TEST_ASSERT( input_data->len <=
-                     PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE( output_length +
-                                                       tag_length ) );
-
-        operation = psa_aead_operation_init( );
-
-        status = psa_aead_decrypt_setup( &operation, key, alg );
-
-        /* If the operation is not supported, just skip and not fail in case the
-         * encryption involves a common limitation of cryptography hardwares and
-         * an alternative implementation. */
-        if( status == PSA_ERROR_NOT_SUPPORTED )
-        {
-            MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 );
-            MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg,
-                                                                nonce->len );
-        }
-
-        TEST_EQUAL( status, expected_result );
-
-        if( nonce->len == 0 )
-        {
-            /* Use previously generated nonce. */
-            status = psa_aead_set_nonce( &operation, nonce_buffer,
-                                         nonce_length );
-        }
-        else
-        {
-            nonce_length = nonce->len;
-            status = psa_aead_set_nonce( &operation, nonce->x, nonce->len );
-        }
-
-        if( status != PSA_SUCCESS )
-        {
-            TEST_EQUAL( status, expected_result_arg );
-        }
-
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
-        if( operation.alg == PSA_ALG_GCM )
-        {
-            status = psa_aead_set_lengths( &operation, additional_data->len,
-                                           output_length );
-
-            if( status != PSA_SUCCESS )
-            {
-                TEST_EQUAL( status, expected_result_arg );
-            }
-        }
-#endif
-
-        if( ad_part_len != -1 )
-        {
-            part_offset = 0;
-
-            while( part_offset <= additional_data->len)
-            {
-                if( additional_data->len - part_offset <
-                    ( uint32_t ) ad_part_len )
-                {
-                    part_length = additional_data->len - part_offset;
-                }
-                else
-                {
-                    part_length = ad_part_len;
-                }
-
-                PSA_ASSERT( psa_aead_update_ad( &operation,
-                                                additional_data->x +
-                                                part_offset,
-                                                part_length ) );
-
-                part_offset += part_length;
-            }
-        }
-        else
-        {
-            PSA_ASSERT( psa_aead_update_ad(&operation, additional_data->x,
-                                           additional_data->len) );
-        }
-
-        if( data_part_len != -1 )
-        {
-            /* Pass data in parts */
-            part_data_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg,
-                                                     ( size_t ) data_part_len );
-
-            ASSERT_ALLOC( part_data, part_data_size );
-
-            part_offset = 0;
-
-            while( part_offset <= ( input_data->len - tag_length ) )
-            {
-                if( ( input_data->len - tag_length - part_offset ) <
-                    ( uint32_t ) data_part_len )
-                {
-                    part_length =
-                        ( input_data->len - tag_length - part_offset );
-                }
-                else
-                {
-                    part_length = data_part_len;
-                }
-
-                PSA_ASSERT( psa_aead_update( &operation,
-                                             ( input_data->x + part_offset ),
-                                             part_length, part_data,
-                                             part_data_size,
-                                             &output_part_length ) );
-
-                if( output_data2 && output_part_length )
-                {
-                    memcpy( ( output_data2 + part_offset ),
-                            part_data, output_part_length );
-                }
-
-                part_offset += part_length;
-                output_length2 += output_part_length;
-            }
-        }
-        else
-        {
-            PSA_ASSERT( psa_aead_update( &operation, output_data,
-                                             output_length, output_data2,
-                                             output_size2, &output_length2 ) );
-        }
-
-        PSA_ASSERT( psa_aead_verify( &operation, final_data,
-                                     finish_output_size,
-                                     &output_part_length,
-                                     tag_buffer, tag_length ) );
-
-        if( output_data2 && output_part_length )
-        {
-            memcpy( ( output_data2 + output_length2 ), final_data,
-                    output_part_length);
-        }
-
-        output_length2 += output_part_length;
-
-        ASSERT_COMPARE( input_data->x, input_data->len,
-                        output_data2, output_length2 );
-    }
+    goto exit;
 
 exit:
-    psa_destroy_key( key );
-    psa_aead_abort( &operation );
-    mbedtls_free( output_data );
-    mbedtls_free( output_data2 );
-    mbedtls_free( part_data );
-    mbedtls_free( final_data );
-    PSA_DONE( );
 }
 /* END_CASE */
 
@@ -3757,235 +4092,47 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data,
                              int alg_arg,
                              data_t *nonce,
                              data_t *additional_data,
-                             int ad_part_len,
+                             int test_ad_mp_arg,
                              data_t *input_data,
-                             int data_part_len,
+                             int test_data_mp_arg,
                              data_t *expected_data,
-                             int expected_result_arg )
+                             int expected_status )
 {
-    mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
-    psa_key_type_t key_type = key_type_arg;
-    psa_algorithm_t alg = alg_arg;
-    psa_aead_operation_t operation;
-    unsigned char *output_data = NULL;
-    unsigned char *part_data = NULL;
-    unsigned char *final_data = NULL;
-    size_t part_data_size;
-    size_t output_size = 0;
-    size_t verify_output_size = 0;
-    size_t output_length = 0;
-    size_t key_bits = 0;
-    size_t tag_length = 0;
-    uint32_t part_offset = 0;
-    size_t part_length = 0;
-    size_t output_part_length = 0;
-    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
-    psa_status_t expected_result = expected_result_arg;
-    psa_status_t status = PSA_ERROR_GENERIC_ERROR;
+    size_t ad_part_len = 0;
+    size_t data_part_len = 0;
 
-    PSA_ASSERT( psa_crypto_init( ) );
-
-    psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT  );
-    psa_set_key_algorithm( &attributes, alg );
-    psa_set_key_type( &attributes, key_type );
-
-    PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
-                                &key ) );
-
-    PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
-    key_bits = psa_get_key_bits( &attributes );
-
-    tag_length = PSA_AEAD_TAG_LENGTH( key_type, key_bits, alg );
-
-    output_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg,
-                                               ( input_data->len -
-                                                 tag_length ) );
-
-    ASSERT_ALLOC( output_data, output_size );
-
-    verify_output_size = PSA_AEAD_VERIFY_OUTPUT_SIZE( key_type, alg );
-    TEST_ASSERT( verify_output_size <= PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE );
-    ASSERT_ALLOC( final_data, verify_output_size );
-
-    operation = psa_aead_operation_init( );
-
-    status = psa_aead_decrypt_setup( &operation, key, alg );
-
-    /* If the operation is not supported, just skip and not fail in case the
-     * encryption involves a common limitation of cryptography hardwares and
-     * an alternative implementation. */
-    if( status == PSA_ERROR_NOT_SUPPORTED )
+    if( test_ad_mp_arg == 1 )
     {
-        MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 );
-        MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce->len );
-    }
-
-    if( status != PSA_SUCCESS )
-    {
-        TEST_EQUAL( status, expected_result_arg );
-        goto exit;
-    }
-
-    status = psa_aead_set_nonce( &operation, nonce->x, nonce->len );
-
-    if( status != PSA_SUCCESS )
-    {
-        TEST_EQUAL( status, expected_result_arg );
-        goto exit;
-    }
-
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
-    if( operation.alg == PSA_ALG_GCM )
-    {
-        status = psa_aead_set_lengths( &operation, additional_data->len,
-                                       ( input_data->len - tag_length ) );
-
-        if( status != PSA_SUCCESS )
+        for( ad_part_len = 1; ad_part_len <= additional_data->len;
+             ad_part_len++ )
         {
-            TEST_EQUAL( status, expected_result_arg );
-            goto exit;
-        }
-    }
-#endif
+            mbedtls_test_set_step( ad_part_len );
 
-    if( ad_part_len != -1 )
-    {
-        part_offset = 0;
-
-        while( part_offset <= additional_data->len)
-        {
-            if( additional_data->len - part_offset < ( uint32_t ) ad_part_len )
-            {
-                part_length = additional_data->len - part_offset;
-            }
-            else
-            {
-                part_length = ad_part_len;
-            }
-
-            status = psa_aead_update_ad( &operation,
-                                         additional_data->x + part_offset,
-                                         part_length );
-
-            if( status != PSA_SUCCESS )
-            {
-                TEST_EQUAL( status, expected_result_arg );
-                goto exit;
-            }
-
-            part_offset += part_length;
-        }
-    }
-    else
-    {
-        status = psa_aead_update_ad( &operation, additional_data->x,
-                                     additional_data->len );
-
-        if( status != PSA_SUCCESS )
-        {
-            TEST_EQUAL( status, expected_result_arg );
-            goto exit;
+            aead_multipart_decrypt_internal( key_type_arg, key_data,
+                                             alg_arg, nonce,
+                                             additional_data,
+                                             ad_part_len,
+                                             input_data, -1,
+                                             expected_data, expected_status );
         }
     }
 
-    if( data_part_len != -1 )
+    if( test_data_mp_arg == 1 )
     {
-        /* Pass data in parts */
-        part_data_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg,
-                                                     ( size_t ) data_part_len );
-
-        ASSERT_ALLOC( part_data, part_data_size );
-
-        part_offset = 0;
-
-        while( part_offset <= input_data->len)
+        for( data_part_len = 1; data_part_len <= input_data->len;
+             data_part_len++ )
         {
-            if( (input_data->len - tag_length - part_offset ) <
-                ( uint32_t ) data_part_len )
-            {
-                part_length = ( input_data->len - tag_length - part_offset );
-            }
-            else
-            {
-                part_length = data_part_len;
-            }
-
-            status = psa_aead_update( &operation,
-                                      ( input_data->x + part_offset ),
-                                      part_length, part_data,
-                                      part_data_size, &output_part_length );
-
-            if( status != PSA_SUCCESS )
-            {
-                TEST_EQUAL( status, expected_result_arg );
-                goto exit;
-            }
-
-            if( output_data && output_part_length )
-            {
-                memcpy( ( output_data + part_offset ), part_data,
-                        output_part_length );
-            }
-
-            part_offset += part_length;
-            output_length += output_part_length;
-        }
-    }
-    else
-    {
-        status = psa_aead_update( &operation, input_data->x,
-                                  ( input_data->len - tag_length ), output_data,
-                                  output_size, &output_length );
-
-        if( status != PSA_SUCCESS )
-        {
-            TEST_EQUAL( status, expected_result_arg );
-            goto exit;
+            aead_multipart_decrypt_internal( key_type_arg, key_data,
+                                             alg_arg, nonce,
+                                             additional_data, -1,
+                                             input_data, data_part_len,
+                                             expected_data, expected_status );
         }
     }
 
-    status = psa_aead_verify( &operation, final_data,
-                              verify_output_size,
-                              &output_part_length,
-                              ( input_data->x + input_data->len - tag_length ),
-                              tag_length );
-
-    if( status != PSA_SUCCESS )
-    {
-        TEST_EQUAL( status, expected_result_arg );
-        goto exit;
-    }
-
-    if( output_data && output_part_length )
-    {
-        memcpy( ( output_data + output_length ), final_data,
-                output_part_length );
-    }
-
-    output_length += output_part_length;
-
-    if( expected_result != PSA_ERROR_INVALID_ARGUMENT )
-    {
-        /* For all currently defined algorithms, PSA_AEAD_DECRYPT_OUTPUT_SIZE
-         * should be exact. */
-        TEST_EQUAL( output_length,
-                    PSA_AEAD_DECRYPT_OUTPUT_SIZE( key_type, alg,
-                                                  input_data->len ) );
-        TEST_ASSERT( output_length <=
-                     PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE( input_data->len ) );
-    }
-
-    if( expected_result == PSA_SUCCESS )
-        ASSERT_COMPARE( expected_data->x, expected_data->len,
-                        output_data, output_length );
+    goto exit;
 
 exit:
-    psa_destroy_key( key );
-    psa_aead_abort( &operation );
-    mbedtls_free( output_data );
-    mbedtls_free( part_data );
-    mbedtls_free( final_data );
-    PSA_DONE( );
 }
 /* END_CASE */
 

From c23a9a07995ec09b941e7606ea0f1d3f654b63ca Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Mon, 21 Jun 2021 18:32:46 +0100
Subject: [PATCH 067/966] Add state checks for multipart AEAD

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 tests/suites/test_suite_psa_crypto.data     |   4 +
 tests/suites/test_suite_psa_crypto.function | 282 ++++++++++++++++++++
 2 files changed, 286 insertions(+)

diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index ea54dcc1b9..b74a959bbb 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -2394,6 +2394,10 @@ PSA Multipart Nonce Generation: ChaCha20 - Poly1305, IV = 0
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
 aead_multipart_generate_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:0:PSA_ERROR_BUFFER_TOO_SMALL
 
+PSA Multipart State Checks, AES - GCM
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_state_test:PSA_KEY_TYPE_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":PSA_ALG_GCM:"000102030405060708090A0B0C0D0E0F":"000102030405060708090A0B":"0C0D0E0F101112131415161718191A1B1C1D1E"
+
 PSA signature size: RSA keypair, 1024 bits, PKCS#1 v1.5 raw
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR
 signature_size:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:128
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 576d467008..fdec30fb9f 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -4193,6 +4193,288 @@ exit:
 }
 /* END_CASE */
 
+/* BEGIN_CASE */
+void aead_multipart_state_test( int key_type_arg, data_t *key_data,
+                                int alg_arg,
+                                data_t *nonce,
+                                data_t *additional_data,
+                                data_t *input_data )
+{
+    mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
+    psa_key_type_t key_type = key_type_arg;
+    psa_algorithm_t alg = alg_arg;
+    psa_aead_operation_t operation;
+    unsigned char *output_data = NULL;
+    unsigned char *final_data = NULL;
+    size_t output_size = 0;
+    size_t finish_output_size = 0;
+    size_t output_length = 0;
+    size_t key_bits = 0;
+    size_t tag_length = 0;
+    size_t tag_size = 0;
+    size_t nonce_length = 0;
+    uint8_t nonce_buffer[PSA_AEAD_NONCE_MAX_SIZE];
+    uint8_t tag_buffer[PSA_AEAD_TAG_MAX_SIZE];
+    size_t output_part_length = 0;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+    PSA_ASSERT( psa_crypto_init( ) );
+
+    psa_set_key_usage_flags( & attributes,
+                             PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
+    psa_set_key_algorithm( & attributes, alg );
+    psa_set_key_type( & attributes, key_type );
+
+    PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+                                &key ) );
+
+    PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
+    key_bits = psa_get_key_bits( &attributes );
+
+    tag_length = PSA_AEAD_TAG_LENGTH( key_type, key_bits, alg );
+
+    TEST_ASSERT( tag_length <= PSA_AEAD_TAG_MAX_SIZE );
+
+    output_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, input_data->len );
+
+    ASSERT_ALLOC( output_data, output_size );
+
+    finish_output_size = PSA_AEAD_FINISH_OUTPUT_SIZE( key_type, alg );
+
+    TEST_ASSERT( finish_output_size <= PSA_AEAD_FINISH_OUTPUT_MAX_SIZE );
+
+    ASSERT_ALLOC( final_data, finish_output_size );
+
+    /* Test all operations error without calling setup first. */
+
+    operation = psa_aead_operation_init( );
+
+    TEST_EQUAL( psa_aead_set_nonce( &operation, nonce->x, nonce->len ),
+                PSA_ERROR_BAD_STATE );
+
+    psa_aead_abort( &operation );
+
+    operation = psa_aead_operation_init( );
+
+    TEST_EQUAL( psa_aead_generate_nonce( &operation, nonce_buffer,
+                                         PSA_AEAD_NONCE_MAX_SIZE,
+                                         &nonce_length ),
+                PSA_ERROR_BAD_STATE );
+
+    psa_aead_abort( &operation );
+
+    operation = psa_aead_operation_init( );
+
+    TEST_EQUAL( psa_aead_set_lengths( &operation, additional_data->len,
+                                      input_data->len ),
+                PSA_ERROR_BAD_STATE );
+
+    psa_aead_abort( &operation );
+
+    operation = psa_aead_operation_init( );
+
+    TEST_EQUAL( psa_aead_update_ad( &operation, additional_data->x,
+                                    additional_data->len ),
+                PSA_ERROR_BAD_STATE );
+
+    psa_aead_abort( &operation );
+
+    operation = psa_aead_operation_init( );
+
+    TEST_EQUAL( psa_aead_update( &operation, input_data->x,
+                                 input_data->len, output_data,
+                                 output_size, &output_length ),
+                PSA_ERROR_BAD_STATE );
+
+    psa_aead_abort( &operation );
+
+    operation = psa_aead_operation_init( );
+
+    TEST_EQUAL( psa_aead_finish( &operation, final_data,
+                                 finish_output_size,
+                                 &output_part_length,
+                                 tag_buffer, tag_length,
+                                 &tag_size ),
+                PSA_ERROR_BAD_STATE );
+
+    psa_aead_abort( &operation );
+
+    operation = psa_aead_operation_init( );
+
+    TEST_EQUAL( psa_aead_verify( &operation, final_data,
+                                 finish_output_size,
+                                 &output_part_length,
+                                 tag_buffer,
+                                 tag_length ),
+                PSA_ERROR_BAD_STATE );
+
+    psa_aead_abort( &operation );
+
+    /* Test for double setups. */
+
+    operation = psa_aead_operation_init( );
+
+    PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) );
+
+    TEST_EQUAL( psa_aead_encrypt_setup( &operation, key, alg ),
+                PSA_ERROR_BAD_STATE );
+
+    psa_aead_abort( &operation );
+
+    operation = psa_aead_operation_init( );
+
+    PSA_ASSERT( psa_aead_decrypt_setup( &operation, key, alg ) );
+
+    TEST_EQUAL( psa_aead_decrypt_setup( &operation, key, alg ),
+                PSA_ERROR_BAD_STATE );
+
+    psa_aead_abort( &operation );
+
+    /* Test for not setting a nonce. */
+
+    operation = psa_aead_operation_init( );
+
+    PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) );
+
+    TEST_EQUAL( psa_aead_update_ad( &operation, additional_data->x,
+                                    additional_data->len ),
+                PSA_ERROR_BAD_STATE );
+
+    psa_aead_abort( &operation );
+
+    /* Test for double setting nonce. */
+
+    operation = psa_aead_operation_init( );
+
+    PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) );
+
+    PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) );
+
+    TEST_EQUAL( psa_aead_set_nonce( &operation, nonce->x, nonce->len ),
+                PSA_ERROR_BAD_STATE );
+
+    psa_aead_abort( &operation );
+
+    /* Test for setting lengths twice. */
+
+    operation = psa_aead_operation_init( );
+
+    PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) );
+
+    PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) );
+
+    PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len,
+                                      input_data->len ) );
+
+    TEST_EQUAL( psa_aead_set_lengths( &operation, additional_data->len,
+                                      input_data->len ),
+                PSA_ERROR_BAD_STATE );
+
+    psa_aead_abort( &operation );
+
+    /* Test for setting lengths after already starting data. */
+
+    operation = psa_aead_operation_init( );
+
+    PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) );
+
+    PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) );
+
+    PSA_ASSERT( psa_aead_update( &operation, input_data->x,
+                                 input_data->len, output_data,
+                                 output_size, &output_length ) );
+
+    TEST_EQUAL( psa_aead_set_lengths( &operation, additional_data->len,
+                                      input_data->len ),
+                PSA_ERROR_BAD_STATE );
+
+    psa_aead_abort( &operation );
+
+    /* Test for not sending any additional data or data (encrypt) */
+
+    operation = psa_aead_operation_init( );
+
+    PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) );
+
+    PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) );
+
+    PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len,
+                                      input_data->len ) );
+
+    TEST_EQUAL( psa_aead_finish( &operation, final_data,
+                                 finish_output_size,
+                                 &output_part_length,
+                                 tag_buffer, tag_length,
+                                 &tag_size ),
+                PSA_ERROR_INVALID_ARGUMENT );
+
+    psa_aead_abort( &operation );
+
+    /* Test for not sending any additional data or data (decrypt) */
+
+    operation = psa_aead_operation_init( );
+
+    PSA_ASSERT( psa_aead_decrypt_setup( &operation, key, alg ) );
+
+    PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) );
+
+    PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len,
+                                      input_data->len ) );
+
+    TEST_EQUAL( psa_aead_verify( &operation, final_data,
+                                 finish_output_size,
+                                 &output_part_length,
+                                 tag_buffer,
+                                 tag_length ),
+                PSA_ERROR_INVALID_ARGUMENT );
+
+    psa_aead_abort( &operation );
+
+    /* Test for not sending any additional data. */
+
+    operation = psa_aead_operation_init( );
+
+    PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) );
+
+    PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) );
+
+    PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len,
+                                      input_data->len ) );
+
+    TEST_EQUAL( psa_aead_update( &operation, input_data->x,
+                                 input_data->len, output_data,
+                                 output_size, &output_length ),
+                PSA_ERROR_INVALID_ARGUMENT );
+
+    psa_aead_abort( &operation );
+
+    /* Test sending additional data after data. */
+
+    operation = psa_aead_operation_init( );
+
+    PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) );
+
+    PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) );
+
+    PSA_ASSERT( psa_aead_update( &operation, input_data->x,
+                                 input_data->len, output_data,
+                                 output_size, &output_length ) );
+
+    TEST_EQUAL( psa_aead_update_ad( &operation, additional_data->x,
+                                    additional_data->len ),
+                PSA_ERROR_BAD_STATE );
+
+    psa_aead_abort( &operation );
+
+exit:
+    psa_destroy_key( key );
+    psa_aead_abort( &operation );
+    mbedtls_free( output_data );
+    mbedtls_free( final_data );
+    PSA_DONE( );
+}
+/* END_CASE */
+
 /* BEGIN_CASE */
 void signature_size( int type_arg,
                      int bits,

From 1c96429282399ace521d3762ab81b5958e88b835 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Mon, 21 Jun 2021 18:36:42 +0100
Subject: [PATCH 068/966] Remove encrypt/decrypt tests

Tests were not really providing any more coverage than already provided.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 tests/suites/test_suite_psa_crypto.data     |  24 +-
 tests/suites/test_suite_psa_crypto.function | 446 --------------------
 2 files changed, 4 insertions(+), 466 deletions(-)

diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index b74a959bbb..49685b4f4e 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -2110,22 +2110,6 @@ PSA AEAD encrypt/decrypt: invalid algorithm (ChaCha20)
 depends_on:MBEDTLS_CHACHA20_C
 aead_encrypt_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_STREAM_CIPHER:"":"":"":PSA_ERROR_NOT_SUPPORTED
 
-PSA Multipart AEAD encrypt/decrypt, AES-GCM, 19 bytes #1
-depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt_decrypt:PSA_KEY_TYPE_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":PSA_ALG_GCM:"000102030405060708090A0B0C0D0E0F":"000102030405060708090A0B":0:"0C0D0E0F101112131415161718191A1B1C1D1E":1:PSA_SUCCESS
-
-PSA Multipart AEAD encrypt/decrypt, AES GCM, 19 bytes #2
-depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_GCM:"000102030405060708090A0B0C0D0E0F":"EC46BB63B02520C33C49FD70":0:"B96B49E21D621741632875DB7F6C9243D2D7C2":1:PSA_SUCCESS
-
-PSA Multipart AEAD encrypt/decrypt, AES-GCM, 19 bytes, 12 byte nonce , 1
-depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt_decrypt:PSA_KEY_TYPE_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":PSA_ALG_GCM:"E462C58482FE8264AEEB7231":"000102030405060708090A0B":0:"0C0D0E0F101112131415161718191A1B1C1D1E":1:PSA_SUCCESS
-
-PSA Multipart AEAD encrypt/decrypt, AES GCM, 19 bytes, 12 byte nonce , 2
-depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_GCM:"E462C58482FE8264AEEB7231":"EC46BB63B02520C33C49FD70":0:"B96B49E21D621741632875DB7F6C9243D2D7C2":1:PSA_SUCCESS
-
 PSA Multipart AEAD encrypt, AES-GCM, 128 bytes #1
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96"
@@ -2366,13 +2350,13 @@ PSA Multipart AEAD decrypt: ChaCha20-Poly1305 (good tag, zero-length input)
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
 aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"":1:"a0784d7a4716f3feb4f64e7f4b39bf04":1:"":PSA_SUCCESS
 
-PSA Multipart AEAD encrypt/decrypt: invalid algorithm (CTR)
+PSA Multipart AEAD decrypt: invalid algorithm (CTR)
 depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
-aead_multipart_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CTR:"000102030405060708090A0B0C0D0E0F":"":0:"":1:PSA_ERROR_INVALID_ARGUMENT
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CTR:"000102030405060708090A0B0C0D0E0F":"":0:"":1:"":PSA_ERROR_INVALID_ARGUMENT
 
-PSA Multipart AEAD encrypt/decrypt: invalid algorithm (ChaCha20)
+PSA Multipart AEAD decrypt: invalid algorithm (ChaCha20)
 depends_on:MBEDTLS_CHACHA20_C
-aead_multipart_encrypt_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_STREAM_CIPHER:"":"":1:"":1:PSA_ERROR_INVALID_ARGUMENT
+aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_STREAM_CIPHER:"":"":1:"":1:"":PSA_ERROR_INVALID_ARGUMENT
 
 PSA Multipart Nonce Generation, AES - GCM, CAVS 14.0, IV = 12
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index fdec30fb9f..1a5c23e8e0 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -705,404 +705,6 @@ exit:
     PSA_DONE( );
 }
 
-void aead_multipart_encrypt_decrypt_internal( int key_type_arg,
-                                              data_t *key_data,
-                                              int alg_arg,
-                                              data_t *nonce,
-                                              data_t *additional_data,
-                                              int ad_part_len,
-                                              data_t *input_data,
-                                              int data_part_len,
-                                              int expected_status_arg )
-{
-    mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
-    psa_key_type_t key_type = key_type_arg;
-    psa_algorithm_t alg = alg_arg;
-    psa_aead_operation_t operation;
-    unsigned char *output_data = NULL;
-    unsigned char *part_data = NULL;
-    unsigned char *final_data = NULL;
-    size_t part_data_size;
-    size_t output_size = 0;
-    size_t finish_output_size = 0;
-    size_t output_length = 0;
-    unsigned char *output_data2 = NULL;
-    size_t output_size2 = 0;
-    size_t output_length2 = 0;
-    size_t key_bits = 0;
-    size_t tag_length = 0;
-    size_t tag_size = 0;
-    size_t nonce_length = 0;
-    uint8_t nonce_buffer[PSA_AEAD_NONCE_MAX_SIZE];
-    uint8_t tag_buffer[PSA_AEAD_TAG_MAX_SIZE];
-    uint32_t part_offset = 0;
-    size_t part_length = 0;
-    size_t output_part_length = 0;
-    psa_status_t status = PSA_ERROR_GENERIC_ERROR;
-    psa_status_t expected_status = expected_status_arg;
-    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
-
-    PSA_ASSERT( psa_crypto_init( ) );
-
-    psa_set_key_usage_flags( &attributes,
-                             PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
-    psa_set_key_algorithm( &attributes, alg );
-    psa_set_key_type( &attributes, key_type );
-
-    PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
-                                &key ) );
-
-    PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
-    key_bits = psa_get_key_bits( &attributes );
-
-    tag_length = PSA_AEAD_TAG_LENGTH( key_type, key_bits, alg );
-
-    TEST_ASSERT( tag_length <= PSA_AEAD_TAG_MAX_SIZE );
-
-    output_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, input_data->len );
-
-    ASSERT_ALLOC( output_data, output_size );
-
-    finish_output_size = PSA_AEAD_FINISH_OUTPUT_SIZE( key_type, alg );
-
-    TEST_ASSERT( finish_output_size <= PSA_AEAD_FINISH_OUTPUT_MAX_SIZE );
-
-    ASSERT_ALLOC( final_data, finish_output_size );
-
-    operation = psa_aead_operation_init( );
-
-    status = psa_aead_encrypt_setup( &operation, key, alg );
-
-    /* If the operation is not supported, just skip and not fail in case the
-     * encryption involves a common limitation of cryptography hardwares and
-     * an alternative implementation. */
-    if( status == PSA_ERROR_NOT_SUPPORTED )
-    {
-        MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 );
-        MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce->len );
-    }
-
-    if( status != PSA_SUCCESS )
-    {
-        TEST_EQUAL( status, expected_status );
-        goto exit;
-    }
-
-    nonce_length = nonce->len;
-    status = psa_aead_set_nonce( &operation, nonce->x, nonce->len );
-
-    if( status != PSA_SUCCESS )
-    {
-        TEST_EQUAL( status, expected_status );
-        goto exit;
-    }
-
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
-    if( operation.alg == PSA_ALG_GCM )
-    {
-        status = psa_aead_set_lengths( &operation, additional_data->len,
-                                       input_data->len );
-
-        if( status != PSA_SUCCESS )
-        {
-            TEST_EQUAL( status, expected_status );
-            goto exit;
-        }
-    }
-#endif
-
-    if( ad_part_len != -1 )
-    {
-        part_offset = 0;
-
-        while( part_offset < additional_data->len )
-        {
-            if( additional_data->len - part_offset < ( uint32_t ) ad_part_len )
-            {
-                part_length = additional_data->len - part_offset;
-            }
-            else
-            {
-                part_length = ad_part_len;
-            }
-
-            status = psa_aead_update_ad( &operation,
-                                         additional_data->x + part_offset,
-                                         part_length );
-
-            if( status != PSA_SUCCESS )
-            {
-                TEST_EQUAL( status, expected_status );
-                goto exit;
-            }
-
-            part_offset += part_length;
-        }
-    }
-    else
-    {
-        status = psa_aead_update_ad( &operation, additional_data->x,
-                                     additional_data->len );
-
-        if( status != PSA_SUCCESS )
-        {
-            TEST_EQUAL( status, expected_status );
-            goto exit;
-        }
-    }
-
-    if( data_part_len != -1 )
-    {
-        /* Pass data in parts */
-        part_data_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg,
-                                                      ( size_t ) data_part_len );
-
-        ASSERT_ALLOC( part_data, part_data_size );
-
-        part_offset = 0;
-
-        while( part_offset < input_data->len )
-        {
-            if( input_data->len - part_offset < ( uint32_t ) data_part_len )
-            {
-                part_length = input_data->len - part_offset;
-            }
-            else
-            {
-                part_length = data_part_len;
-            }
-
-            status = psa_aead_update( &operation,
-                                      ( input_data->x + part_offset ),
-                                      part_length, part_data,
-                                      part_data_size, &output_part_length );
-
-            if( status != PSA_SUCCESS )
-            {
-                TEST_EQUAL( status, expected_status );
-                goto exit;
-            }
-
-            if( output_data && output_part_length )
-            {
-                memcpy( ( output_data + part_offset ), part_data,
-                        output_part_length );
-            }
-
-            part_offset += part_length;
-            output_length += output_part_length;
-        }
-    }
-    else
-    {
-        status = psa_aead_update( &operation, input_data->x,
-                                  input_data->len, output_data,
-                                  output_size, &output_length );
-
-        if( status != PSA_SUCCESS )
-        {
-            TEST_EQUAL( status, expected_status );
-            goto exit;
-        }
-    }
-
-    status = psa_aead_finish( &operation, final_data,
-                              finish_output_size,
-                              &output_part_length,
-                              tag_buffer, tag_length,
-                              &tag_size );
-
-    if( status != PSA_SUCCESS )
-    {
-        TEST_EQUAL( status, expected_status );
-        goto exit;
-    }
-
-    if( output_data && output_part_length )
-    {
-        memcpy( ( output_data + output_length ), final_data,
-                output_part_length );
-    }
-
-    output_length += output_part_length;
-
-    /* For all currently defined algorithms, PSA_AEAD_ENCRYPT_OUTPUT_SIZE
-     * should be exact. */
-    if( expected_status != PSA_ERROR_INVALID_ARGUMENT )
-    {
-        TEST_EQUAL( ( output_length + tag_length ),
-                    PSA_AEAD_ENCRYPT_OUTPUT_SIZE( key_type, alg,
-                                                  input_data->len ) );
-    }
-
-    TEST_EQUAL( tag_length, tag_size );
-
-    if( PSA_SUCCESS == expected_status )
-    {
-        output_size2 = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg,
-                                                    output_length );
-        ASSERT_ALLOC( output_data2, output_size2 );
-
-        /* For all currently defined algorithms, PSA_AEAD_DECRYPT_OUTPUT_SIZE
-         * should be exact. */
-        TEST_EQUAL( input_data->len,
-                    PSA_AEAD_DECRYPT_OUTPUT_SIZE( key_type, alg,
-                                                  ( output_length +
-                                                   tag_length ) ) );
-
-        TEST_ASSERT( input_data->len <=
-                         PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE( output_length +
-                                                           tag_length ) );
-
-        operation = psa_aead_operation_init( );
-
-        status = psa_aead_decrypt_setup( &operation, key, alg );
-
-        /* If the operation is not supported, just skip and not fail in case the
-         * encryption involves a common limitation of cryptography hardwares and
-         * an alternative implementation. */
-        if( status == PSA_ERROR_NOT_SUPPORTED )
-        {
-            MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 );
-            MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg,
-                                                                nonce->len );
-        }
-
-        TEST_EQUAL( status, expected_status );
-
-        if( nonce->len == 0 )
-        {
-            /* Use previously generated nonce. */
-            status = psa_aead_set_nonce( &operation, nonce_buffer,
-                                         nonce_length );
-        }
-        else
-        {
-            nonce_length = nonce->len;
-            status = psa_aead_set_nonce( &operation, nonce->x, nonce->len );
-        }
-
-        if( status != PSA_SUCCESS )
-        {
-            TEST_EQUAL( status, expected_status);
-        }
-
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
-        if( operation.alg == PSA_ALG_GCM )
-        {
-            status = psa_aead_set_lengths( &operation, additional_data->len,
-                                           output_length );
-
-            if( status != PSA_SUCCESS )
-            {
-                TEST_EQUAL( status, expected_status );
-            }
-        }
-#endif
-
-        if( ad_part_len != -1 )
-        {
-            part_offset = 0;
-
-            while( part_offset < additional_data->len )
-            {
-                if( additional_data->len - part_offset <
-                        ( uint32_t ) ad_part_len )
-                {
-                    part_length = additional_data->len - part_offset;
-                }
-                else
-                {
-                    part_length = ad_part_len;
-                }
-
-                PSA_ASSERT( psa_aead_update_ad( &operation,
-                                                additional_data->x +
-                                                part_offset,
-                                                part_length ) );
-
-                part_offset += part_length;
-            }
-        }
-        else
-        {
-            PSA_ASSERT( psa_aead_update_ad( &operation, additional_data->x,
-                                            additional_data->len ) );
-        }
-
-        if( data_part_len != -1 )
-        {
-            /* Pass data in parts */
-            part_data_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg,
-                                                     ( size_t ) data_part_len );
-
-            part_data = NULL;
-            ASSERT_ALLOC( part_data, part_data_size );
-
-            part_offset = 0;
-
-            while( part_offset < output_length )
-            {
-                if( ( output_length - part_offset ) <
-                    ( uint32_t ) data_part_len )
-                {
-                    part_length = ( output_length - part_offset );
-                }
-                else
-                {
-                    part_length = data_part_len;
-                }
-
-                PSA_ASSERT( psa_aead_update( &operation,
-                                             ( output_data + part_offset ),
-                                             part_length, part_data,
-                                             part_data_size,
-                                             &output_part_length ) );
-
-                if( output_data2 && output_part_length )
-                {
-                    memcpy( ( output_data2 + part_offset ),
-                            part_data, output_part_length );
-                }
-
-                part_offset += part_length;
-                output_length2 += output_part_length;
-            }
-        }
-        else
-        {
-            PSA_ASSERT( psa_aead_update( &operation, output_data,
-                                         output_length, output_data2,
-                                         output_size2, &output_length2 ) );
-        }
-
-        PSA_ASSERT( psa_aead_verify( &operation, final_data,
-                                     finish_output_size,
-                                     &output_part_length,
-                                     tag_buffer, tag_length ) );
-
-        if( output_data2 && output_part_length )
-        {
-            memcpy( ( output_data2 + output_length2 ), final_data,
-                    output_part_length );
-        }
-
-        output_length2 += output_part_length;
-
-        ASSERT_COMPARE( input_data->x, input_data->len,
-                        output_data2, output_length2 );
-    }
-
-exit:
-    psa_destroy_key( key );
-    psa_aead_abort( &operation );
-    mbedtls_free( output_data );
-    mbedtls_free( output_data2 );
-    mbedtls_free( part_data );
-    mbedtls_free( final_data );
-    PSA_DONE( );
-}
-
 /* END_HEADER */
 
 /* BEGIN_DEPENDENCIES
@@ -4039,54 +3641,6 @@ exit:
 }
 /* END_CASE */
 
-/* BEGIN_CASE */
-void aead_multipart_encrypt_decrypt( int key_type_arg, data_t *key_data,
-                                     int alg_arg,
-                                     data_t *nonce,
-                                     data_t *additional_data,
-                                     int test_ad_mp_arg,
-                                     data_t *input_data,
-                                     int test_data_mp_arg,
-                                     int expected_status_arg )
-{
-    size_t ad_part_len = 0;
-    size_t data_part_len = 0;
-
-    if( test_ad_mp_arg == 1 )
-    {
-        for( ad_part_len = 1; ad_part_len <= additional_data->len;
-             ad_part_len++ )
-        {
-            mbedtls_test_set_step( ad_part_len );
-
-            aead_multipart_encrypt_decrypt_internal( key_type_arg, key_data,
-                                                     alg_arg, nonce,
-                                                     additional_data,
-                                                     ad_part_len,
-                                                     input_data, -1,
-                                                     expected_status_arg );
-        }
-    }
-
-    if( test_data_mp_arg == 1 )
-    {
-        for( data_part_len = 1; data_part_len <= input_data->len;
-             data_part_len++ )
-        {
-            aead_multipart_encrypt_decrypt_internal( key_type_arg, key_data,
-                                                     alg_arg, nonce,
-                                                     additional_data, -1,
-                                                     input_data, data_part_len,
-                                                     expected_status_arg );
-        }
-    }
-
-    goto exit;
-
-exit:
-}
-/* END_CASE */
-
 /* BEGIN_CASE */
 void aead_multipart_decrypt( int key_type_arg, data_t *key_data,
                              int alg_arg,

From 5e3bb131114fd6c72794ac46c3a050395ea9a3e9 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Tue, 22 Jun 2021 16:22:13 +0100
Subject: [PATCH 069/966] Add set_lengths argument to all tests.

Run all tests that do not require set_lengths with and without setting
lengths.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 tests/suites/test_suite_psa_crypto.data     | 340 ++++++++++++++++----
 tests/suites/test_suite_psa_crypto.function |  16 +-
 2 files changed, 288 insertions(+), 68 deletions(-)

diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index 49685b4f4e..7fe94495b5 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -2112,251 +2112,467 @@ aead_encrypt_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f9091
 
 PSA Multipart AEAD encrypt, AES-GCM, 128 bytes #1
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1:0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96"
+
+PSA Multipart AEAD encrypt, AES-GCM, 128 bytes #1 (lengths set)
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1:1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96"
 
 PSA Multipart AEAD encrypt, AES-GCM, 128 bytes #2
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":0:"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":1:"12495120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":0:"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":1:0:"12495120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56"
+
+PSA Multipart AEAD encrypt, AES-GCM, 128 bytes #2 (lengths set)
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":0:"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":1:1:"12495120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56"
 
 PSA Multipart AEAD encrypt, AES-GCM, 128 bytes #1, T=4
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847f"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1:0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847f"
+
+PSA Multipart AEAD encrypt, AES-GCM, 128 bytes #1, T=4 (lengths set)
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1:1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847f"
 
 PSA Multipart AEAD encrypt, AES-GCM, 128 bytes #1, T=15
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1:0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a"
+
+PSA Multipart AEAD encrypt, AES-GCM, 128 bytes #1, T=15 (lengths set)
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1:1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a"
 
 PSA Multipart AEAD encrypt, AES-GCM, 128 bytes #1, T=16
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1:0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96"
+
+PSA Multipart AEAD encrypt, AES-GCM, 128 bytes #1, T=16 (lengths set)
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1:1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96"
 
 PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=0, AAD=0, TAG=16,
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"ab2265b4c168955561f04315":"":0:"":1:"f149e2b5f0adaa9842ca5f45b768a8fc"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"ab2265b4c168955561f04315":"":0:"":1:0:"f149e2b5f0adaa9842ca5f45b768a8fc"
+
+PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=0, AAD=0, TAG=16, (lengths set)
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"ab2265b4c168955561f04315":"":0:"":1:1:"f149e2b5f0adaa9842ca5f45b768a8fc"
 
 PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=0, AAD=16, TAG=16,
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"41c5da8667ef725220ffe39ae0ac590ac9fca729ab60ada0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"05ad13a5e2c2ab667e1a6fbc":"8b5c124bef6e2f0fe4d8c95cd5fa4cf1":0:"":1:"204bdb1bd62154bf08922aaa54eed705"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"41c5da8667ef725220ffe39ae0ac590ac9fca729ab60ada0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"05ad13a5e2c2ab667e1a6fbc":"8b5c124bef6e2f0fe4d8c95cd5fa4cf1":0:"":1:0:"204bdb1bd62154bf08922aaa54eed705"
+
+PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=0, AAD=16, TAG=16, (lengths set)
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"41c5da8667ef725220ffe39ae0ac590ac9fca729ab60ada0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"05ad13a5e2c2ab667e1a6fbc":"8b5c124bef6e2f0fe4d8c95cd5fa4cf1":0:"":1:1:"204bdb1bd62154bf08922aaa54eed705"
 
 PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=0, AAD=20, TAG=16,
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"093ef7551ebbff8eb0c0a8a4a62b198f0c2e838de10eeeee":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"e656e93930ed5210ba3f0322":"3da22dacfd11b21b0a713157f60aec0cd22f1add":0:"":1:"1b2d2764573e20ae640bf29d48e5fe05"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"093ef7551ebbff8eb0c0a8a4a62b198f0c2e838de10eeeee":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"e656e93930ed5210ba3f0322":"3da22dacfd11b21b0a713157f60aec0cd22f1add":0:"":1:0:"1b2d2764573e20ae640bf29d48e5fe05"
+
+PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=0, AAD=20, TAG=16, (lengths set)
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"093ef7551ebbff8eb0c0a8a4a62b198f0c2e838de10eeeee":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"e656e93930ed5210ba3f0322":"3da22dacfd11b21b0a713157f60aec0cd22f1add":0:"":1:1:"1b2d2764573e20ae640bf29d48e5fe05"
 
 PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=0, AAD=48, TAG=15,
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"31389612d244c9792a510eca3f9c94f9f48c97ed67ae965a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"df6b54ec8b58114df5b09279":"0863bec42ee93385efbec665adfc46dafcd793f29e859e3b531c15b168f1888dd13e905cd7d5bc03f9f1f6495717df62":0:"":1:"77e5682a49243d5b9016eb1adafa2d"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"31389612d244c9792a510eca3f9c94f9f48c97ed67ae965a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"df6b54ec8b58114df5b09279":"0863bec42ee93385efbec665adfc46dafcd793f29e859e3b531c15b168f1888dd13e905cd7d5bc03f9f1f6495717df62":0:"":1:0:"77e5682a49243d5b9016eb1adafa2d"
+
+PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=0, AAD=48, TAG=15, (lengths set)
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"31389612d244c9792a510eca3f9c94f9f48c97ed67ae965a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"df6b54ec8b58114df5b09279":"0863bec42ee93385efbec665adfc46dafcd793f29e859e3b531c15b168f1888dd13e905cd7d5bc03f9f1f6495717df62":0:"":1:1:"77e5682a49243d5b9016eb1adafa2d"
 
 PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=0, TAG=16,
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"5f4b43e811da9c470d6a9b01":"":0:"d2ae38c4375954835d75b8e4c2f9bbb4":1:"69482957e6be5c54882d00314e0259cf191e9f29bef63a26860c1e020a21137e"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"5f4b43e811da9c470d6a9b01":"":0:"d2ae38c4375954835d75b8e4c2f9bbb4":1:0:"69482957e6be5c54882d00314e0259cf191e9f29bef63a26860c1e020a21137e"
+
+PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=0, TAG=16, (lengths set)
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"5f4b43e811da9c470d6a9b01":"":0:"d2ae38c4375954835d75b8e4c2f9bbb4":1:1:"69482957e6be5c54882d00314e0259cf191e9f29bef63a26860c1e020a21137e"
 
 PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=0, TAG=8,
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"c50ac59e50556e47b834380018c0dc0380af9df3bf6714e6":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"f303bf4b6cfbba7104cd9436":"":0:"d3f3f57033df30c22860231334b099cb":1:"2269c72d77f2b6f9d57da1820ec5a5d3d62d4491e3e4e9e7"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"c50ac59e50556e47b834380018c0dc0380af9df3bf6714e6":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"f303bf4b6cfbba7104cd9436":"":0:"d3f3f57033df30c22860231334b099cb":1:0:"2269c72d77f2b6f9d57da1820ec5a5d3d62d4491e3e4e9e7"
+
+PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=0, TAG=8, (lengths set)
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"c50ac59e50556e47b834380018c0dc0380af9df3bf6714e6":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"f303bf4b6cfbba7104cd9436":"":0:"d3f3f57033df30c22860231334b099cb":1:1:"2269c72d77f2b6f9d57da1820ec5a5d3d62d4491e3e4e9e7"
 
 PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=16, TAG=14,
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"8ef391e4b7a2fe05b959be27823357080f963ed2f64b9e59":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"0080052a2a5bb0e95222a419":"290322092d57479e20f6281e331d95a9":0:"e7fb0631eebf9bdba87045b33650c4ce":1:"88d674044031414af7ba9da8b89dd68e69897d99d8e1706f38c613896c18"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"8ef391e4b7a2fe05b959be27823357080f963ed2f64b9e59":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"0080052a2a5bb0e95222a419":"290322092d57479e20f6281e331d95a9":0:"e7fb0631eebf9bdba87045b33650c4ce":1:0:"88d674044031414af7ba9da8b89dd68e69897d99d8e1706f38c613896c18"
+
+PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=16, TAG=14, (lengths set)
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"8ef391e4b7a2fe05b959be27823357080f963ed2f64b9e59":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"0080052a2a5bb0e95222a419":"290322092d57479e20f6281e331d95a9":0:"e7fb0631eebf9bdba87045b33650c4ce":1:1:"88d674044031414af7ba9da8b89dd68e69897d99d8e1706f38c613896c18"
 
 PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=16, TAG=4,
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"1cb5a0db778d3eb430b2816ceef9e455f519a8977b074183":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"c1df5e9e2e3165c54242a306":"7134e5ddc396c2a8a7da23906c8f7b40":0:"636871d4c0aae3da7b55abd8b5f21297":1:"14eb02562aa1d963d0033626cdc8a5c8972f4bdf"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"1cb5a0db778d3eb430b2816ceef9e455f519a8977b074183":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"c1df5e9e2e3165c54242a306":"7134e5ddc396c2a8a7da23906c8f7b40":0:"636871d4c0aae3da7b55abd8b5f21297":1:0:"14eb02562aa1d963d0033626cdc8a5c8972f4bdf"
+
+PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=16, TAG=4, (lengths set)
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"1cb5a0db778d3eb430b2816ceef9e455f519a8977b074183":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"c1df5e9e2e3165c54242a306":"7134e5ddc396c2a8a7da23906c8f7b40":0:"636871d4c0aae3da7b55abd8b5f21297":1:1:"14eb02562aa1d963d0033626cdc8a5c8972f4bdf"
 
 PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=20, TAG=13,
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"45148f42669f8ab8fad689d9b9180e39d7ea8fc95696297e":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"5afcb134acc78b4eb9d11e79":"aec409e5fd82e50b824ebc1f45e75188d80615c6":0:"3d952be11deb421b56e0ce9d7ce99553":1:"077c0d53869869e191df116fd7baa8a293d2b577a29b0953c91b5d3b9d"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"45148f42669f8ab8fad689d9b9180e39d7ea8fc95696297e":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"5afcb134acc78b4eb9d11e79":"aec409e5fd82e50b824ebc1f45e75188d80615c6":0:"3d952be11deb421b56e0ce9d7ce99553":1:0:"077c0d53869869e191df116fd7baa8a293d2b577a29b0953c91b5d3b9d"
+
+PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=20, TAG=13, (lengths set)
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"45148f42669f8ab8fad689d9b9180e39d7ea8fc95696297e":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"5afcb134acc78b4eb9d11e79":"aec409e5fd82e50b824ebc1f45e75188d80615c6":0:"3d952be11deb421b56e0ce9d7ce99553":1:1:"077c0d53869869e191df116fd7baa8a293d2b577a29b0953c91b5d3b9d"
 
 PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=48, TAG=15,
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"5255428457fe75e64447971ec5af0d13c5b60a07ee2d07b0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"40cb6ebafc202f82223db097":"b2da2bd05ab1f3e39613efc8d80c5d0f240ee08f6abad5791649e9c1d0f48fa3dc59c1e535d1db1a4d3fa2263f5a1117":0:"fdd8a462c86d4365c8bfee0e25fc8a62":1:"9ca4a6d08267038f6f7999c84105bb5eaf8f7b3b9310ec688e033088a03482"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"5255428457fe75e64447971ec5af0d13c5b60a07ee2d07b0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"40cb6ebafc202f82223db097":"b2da2bd05ab1f3e39613efc8d80c5d0f240ee08f6abad5791649e9c1d0f48fa3dc59c1e535d1db1a4d3fa2263f5a1117":0:"fdd8a462c86d4365c8bfee0e25fc8a62":1:0:"9ca4a6d08267038f6f7999c84105bb5eaf8f7b3b9310ec688e033088a03482"
+
+PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=48, TAG=15, (lengths set)
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"5255428457fe75e64447971ec5af0d13c5b60a07ee2d07b0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"40cb6ebafc202f82223db097":"b2da2bd05ab1f3e39613efc8d80c5d0f240ee08f6abad5791649e9c1d0f48fa3dc59c1e535d1db1a4d3fa2263f5a1117":0:"fdd8a462c86d4365c8bfee0e25fc8a62":1:1:"9ca4a6d08267038f6f7999c84105bb5eaf8f7b3b9310ec688e033088a03482"
 
 PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=0, TAG=16,
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"b52c505a37d78eda5dd34f20c22540ea1b58963cf8e5bf8ffa85f9f2492505b4":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"516c33929df5a3284ff463d7":"":0:"":1:"bdc1ac884d332457a1d2664f168c76f0"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"b52c505a37d78eda5dd34f20c22540ea1b58963cf8e5bf8ffa85f9f2492505b4":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"516c33929df5a3284ff463d7":"":0:"":1:0:"bdc1ac884d332457a1d2664f168c76f0"
+
+PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=0, TAG=16, (lengths set)
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"b52c505a37d78eda5dd34f20c22540ea1b58963cf8e5bf8ffa85f9f2492505b4":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"516c33929df5a3284ff463d7":"":0:"":1:1:"bdc1ac884d332457a1d2664f168c76f0"
 
 PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=0, TAG=12,
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"98ebf7a58db8b8371d9069171190063cc1fdc1927e49a3385f890d41a838619c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"3e6db953bd4e641de644e50a":"":0:"":1:"2fb9c3e41fff24ef07437c47"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"98ebf7a58db8b8371d9069171190063cc1fdc1927e49a3385f890d41a838619c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"3e6db953bd4e641de644e50a":"":0:"":1:0:"2fb9c3e41fff24ef07437c47"
+
+PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=0, TAG=12, (lengths set)
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"98ebf7a58db8b8371d9069171190063cc1fdc1927e49a3385f890d41a838619c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"3e6db953bd4e641de644e50a":"":0:"":1:1:"2fb9c3e41fff24ef07437c47"
 
 PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=20, TAG=16,
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"886cff5f3e6b8d0e1ad0a38fcdb26de97e8acbe79f6bed66959a598fa5047d65":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"3a8efa1cd74bbab5448f9945":"519fee519d25c7a304d6c6aa1897ee1eb8c59655":0:"":1:"f6d47505ec96c98a42dc3ae719877b87"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"886cff5f3e6b8d0e1ad0a38fcdb26de97e8acbe79f6bed66959a598fa5047d65":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"3a8efa1cd74bbab5448f9945":"519fee519d25c7a304d6c6aa1897ee1eb8c59655":0:"":1:0:"f6d47505ec96c98a42dc3ae719877b87"
+
+PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=20, TAG=16, (lengths set)
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"886cff5f3e6b8d0e1ad0a38fcdb26de97e8acbe79f6bed66959a598fa5047d65":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"3a8efa1cd74bbab5448f9945":"519fee519d25c7a304d6c6aa1897ee1eb8c59655":0:"":1:1:"f6d47505ec96c98a42dc3ae719877b87"
 
 PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=20, TAG=13,
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a7c928738b89c3258b910ac31bc465338b2e133b143fd52d9c9859eb1d01f2a0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"a483a7e94fbb2d694d3c4a8d":"bdb613cd3c2f0edd37b3ed43041bacb949ee51fa":0:"":1:"5233f95bdcf5d666fb957acdcb"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a7c928738b89c3258b910ac31bc465338b2e133b143fd52d9c9859eb1d01f2a0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"a483a7e94fbb2d694d3c4a8d":"bdb613cd3c2f0edd37b3ed43041bacb949ee51fa":0:"":1:0:"5233f95bdcf5d666fb957acdcb"
+
+PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=20, TAG=13, (lengths set)
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a7c928738b89c3258b910ac31bc465338b2e133b143fd52d9c9859eb1d01f2a0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"a483a7e94fbb2d694d3c4a8d":"bdb613cd3c2f0edd37b3ed43041bacb949ee51fa":0:"":1:1:"5233f95bdcf5d666fb957acdcb"
 
 PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=48, TAG=15,
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"16a5b58a1dbb273a8fc6a4af722d46dbb898dd86ab128cb93d8388a8647a80a3":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"59e0c40d6675923cf5e004d5":"5b4b4ffc9c66bd394abeed3f03b695b949b3b69a42198cc3bfad971174915df913b967ccf36ee1f001f54efbcd117b68":0:"":1:"d57e27914ecb4a764359d3c0f8d4d6"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"16a5b58a1dbb273a8fc6a4af722d46dbb898dd86ab128cb93d8388a8647a80a3":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"59e0c40d6675923cf5e004d5":"5b4b4ffc9c66bd394abeed3f03b695b949b3b69a42198cc3bfad971174915df913b967ccf36ee1f001f54efbcd117b68":0:"":1:0:"d57e27914ecb4a764359d3c0f8d4d6"
+
+PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=48, TAG=15, (lengths set)
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"16a5b58a1dbb273a8fc6a4af722d46dbb898dd86ab128cb93d8388a8647a80a3":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"59e0c40d6675923cf5e004d5":"5b4b4ffc9c66bd394abeed3f03b695b949b3b69a42198cc3bfad971174915df913b967ccf36ee1f001f54efbcd117b68":0:"":1:1:"d57e27914ecb4a764359d3c0f8d4d6"
 
 PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=48, TAG=4,
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"5dd13092dd695b90ab835ed6343031c4cdb710d32f4d3804d72b46d921fcfa18":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"1de4bd816c8ec6bffc1e6453":"1b63d6278702abacf8b6c2faf542a808659fd5da03cdc1061a8593ea8ce9fc8ff54ffef6ebf3e15f7a832b4ae750a6ce":0:"":1:"72901467"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"5dd13092dd695b90ab835ed6343031c4cdb710d32f4d3804d72b46d921fcfa18":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"1de4bd816c8ec6bffc1e6453":"1b63d6278702abacf8b6c2faf542a808659fd5da03cdc1061a8593ea8ce9fc8ff54ffef6ebf3e15f7a832b4ae750a6ce":0:"":1:0:"72901467"
+
+PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=48, TAG=4, (lengths set)
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"5dd13092dd695b90ab835ed6343031c4cdb710d32f4d3804d72b46d921fcfa18":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"1de4bd816c8ec6bffc1e6453":"1b63d6278702abacf8b6c2faf542a808659fd5da03cdc1061a8593ea8ce9fc8ff54ffef6ebf3e15f7a832b4ae750a6ce":0:"":1:1:"72901467"
 
 PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=16, AAD=0, TAG=15,
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"ef9f9284cf599eac3b119905a7d18851e7e374cf63aea04358586b0f757670f8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"b6ac8e4963f49207ffd6374c":"":0:"722ee47da4b77424733546c2d400c4e5":1:"1224dfefb72a20d49e09256908874979882eafea22adf8dbed06a2265f907b"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"ef9f9284cf599eac3b119905a7d18851e7e374cf63aea04358586b0f757670f8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"b6ac8e4963f49207ffd6374c":"":0:"722ee47da4b77424733546c2d400c4e5":1:0:"1224dfefb72a20d49e09256908874979882eafea22adf8dbed06a2265f907b"
+
+PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=16, AAD=0, TAG=15, (lengths set)
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"ef9f9284cf599eac3b119905a7d18851e7e374cf63aea04358586b0f757670f8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"b6ac8e4963f49207ffd6374c":"":0:"722ee47da4b77424733546c2d400c4e5":1:1:"1224dfefb72a20d49e09256908874979882eafea22adf8dbed06a2265f907b"
 
 PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=16, AAD=0, TAG=12,
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"b33b0e4c5b9f7ef77cec1a29ed5844bda3853238bdf7766e7645029931f169f0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"f226d65e8654fdf5193ed721":"":0:"bcf48ddcfe9d011a1003973d68d2d78a":1:"d2eb20898a301b5d8e69e9926272021393af01abb6a970047a7fc010"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"b33b0e4c5b9f7ef77cec1a29ed5844bda3853238bdf7766e7645029931f169f0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"f226d65e8654fdf5193ed721":"":0:"bcf48ddcfe9d011a1003973d68d2d78a":1:0:"d2eb20898a301b5d8e69e9926272021393af01abb6a970047a7fc010"
+
+PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=16, AAD=0, TAG=12, (lengths set)
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"b33b0e4c5b9f7ef77cec1a29ed5844bda3853238bdf7766e7645029931f169f0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"f226d65e8654fdf5193ed721":"":0:"bcf48ddcfe9d011a1003973d68d2d78a":1:1:"d2eb20898a301b5d8e69e9926272021393af01abb6a970047a7fc010"
 
 PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=16, AAD=16, TAG=14,
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"c6e126a65faec77ab62318e30d8a50c39a664670039a66ae5a6874201bc68f9f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"0ba5193b2d3a8378d67163ce":"5844b289dc74327f9fd93f7aae1c3d39":0:"c37aada3d4408e880d47e41df77da9b9":1:"b5cd7563989b460a2fe187e90c41fc3179c73d0d1e3a4484909969de93b0"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"c6e126a65faec77ab62318e30d8a50c39a664670039a66ae5a6874201bc68f9f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"0ba5193b2d3a8378d67163ce":"5844b289dc74327f9fd93f7aae1c3d39":0:"c37aada3d4408e880d47e41df77da9b9":1:0:"b5cd7563989b460a2fe187e90c41fc3179c73d0d1e3a4484909969de93b0"
+
+PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=16, AAD=16, TAG=14, (lengths set)
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"c6e126a65faec77ab62318e30d8a50c39a664670039a66ae5a6874201bc68f9f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"0ba5193b2d3a8378d67163ce":"5844b289dc74327f9fd93f7aae1c3d39":0:"c37aada3d4408e880d47e41df77da9b9":1:1:"b5cd7563989b460a2fe187e90c41fc3179c73d0d1e3a4484909969de93b0"
 
 PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=16, AAD=48, TAG=15,
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"2e6942d537f1a98444c2f9dbdb5d8db42a503a00a17b57d516399569e044a703":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"7eb67721581ed52cfcfc2c4d":"a96cc73451502c7278b467ac85d5fc14fc1a2f51bc685645b173f0cd9af02d383095de063e6eaa50374ce9bc951e9e61":0:"e5f410fe939e79b7ad33fbd3aaf5856f":1:"727f5e19a5582e5782bbbe73517f0c04c492319abf12b03b380724ff1483a3"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"2e6942d537f1a98444c2f9dbdb5d8db42a503a00a17b57d516399569e044a703":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"7eb67721581ed52cfcfc2c4d":"a96cc73451502c7278b467ac85d5fc14fc1a2f51bc685645b173f0cd9af02d383095de063e6eaa50374ce9bc951e9e61":0:"e5f410fe939e79b7ad33fbd3aaf5856f":1:0:"727f5e19a5582e5782bbbe73517f0c04c492319abf12b03b380724ff1483a3"
+
+PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=16, AAD=48, TAG=15, (lengths set)
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"2e6942d537f1a98444c2f9dbdb5d8db42a503a00a17b57d516399569e044a703":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"7eb67721581ed52cfcfc2c4d":"a96cc73451502c7278b467ac85d5fc14fc1a2f51bc685645b173f0cd9af02d383095de063e6eaa50374ce9bc951e9e61":0:"e5f410fe939e79b7ad33fbd3aaf5856f":1:1:"727f5e19a5582e5782bbbe73517f0c04c492319abf12b03b380724ff1483a3"
 
 PSA Multipart AEAD decrypt, AES-GCM, 144 bytes #1
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_SUCCESS
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_SUCCESS
+
+PSA Multipart AEAD decrypt, AES-GCM, 144 bytes #1 (lengths set)
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_SUCCESS
 
 PSA Multipart AEAD decrypt, AES-GCM, 144 bytes #2
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":0:"12495120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56":1:"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":PSA_SUCCESS
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":0:"12495120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56":1:0:"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":PSA_SUCCESS
+
+PSA Multipart AEAD decrypt, AES-GCM, 144 bytes #2 (lengths set)
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":0:"12495120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56":1:1:"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":PSA_SUCCESS
 
 PSA Multipart AEAD decrypt, AES-GCM, 144 bytes, T=4
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847f":1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_SUCCESS
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847f":1:0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_SUCCESS
+
+PSA Multipart AEAD decrypt, AES-GCM, 144 bytes, T=4 (lengths set)
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847f":1:1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_SUCCESS
 
 PSA Multipart AEAD decrypt, AES-GCM, 144 bytes, T=15
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a":1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_SUCCESS
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a":1:0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_SUCCESS
+
+PSA Multipart AEAD decrypt, AES-GCM, 144 bytes, T=15 (lengths set)
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a":1:1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_SUCCESS
 
 PSA Multipart AEAD decrypt, AES-GCM, 144 bytes, T=16
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_SUCCESS
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_SUCCESS
+
+PSA Multipart AEAD decrypt, AES-GCM, 144 bytes, T=16 (lengths set)
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_SUCCESS
 
 PSA Multipart AEAD decrypt, AES-GCM, invalid signature
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":0:"12195120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56":1:"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":PSA_ERROR_INVALID_SIGNATURE
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":0:"12195120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56":1:0:"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":PSA_ERROR_INVALID_SIGNATURE
 
 PSA Multipart AEAD decrypt, AES-GCM, T=15 but passing 16 bytes
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_ERROR_INVALID_SIGNATURE
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_ERROR_INVALID_SIGNATURE
 
 PSA Multipart AEAD decrypt: AES-GCM, invalid tag length 0
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 0 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":0:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 0 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":0:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":1:0:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT
 
 PSA Multipart AEAD decrypt: AES-GCM, invalid tag length 2
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 2 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":0:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 2 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":0:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":1:0:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT
 
 PSA Multipart AEAD decrypt: AES-GCM, invalid tag length 18
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 18 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":0:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 18 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":0:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":1:0:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=0, AAD=0, TAG=16
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"0e5d6e68f82f32bea3f0b69498c1a31ef6d955cd3d27a2a8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"caf72ee1e62e1001e8cfbc63":"":0:"db1a74ffb5f7de26f5742e0942b1b9cb":1:"":PSA_SUCCESS
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"0e5d6e68f82f32bea3f0b69498c1a31ef6d955cd3d27a2a8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"caf72ee1e62e1001e8cfbc63":"":0:"db1a74ffb5f7de26f5742e0942b1b9cb":1:0:"":PSA_SUCCESS
+
+PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=0, AAD=0, TAG=16 (lengths set)
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"0e5d6e68f82f32bea3f0b69498c1a31ef6d955cd3d27a2a8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"caf72ee1e62e1001e8cfbc63":"":0:"db1a74ffb5f7de26f5742e0942b1b9cb":1:1:"":PSA_SUCCESS
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=0, AAD=48, TAG=14
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e79fb7defce4f650402e6b521170686d3eb2a0b9514f3a64":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"40e0d2d836c0519e7042419b":"41c5b5d971c0723bc1b63a259fe7e06c2961de1241bc34c13965f43636e4da3da8c75ed5956abe3a42f3039af005925a":0:"434ff68f2436f48418fd69f52158":1:"":PSA_SUCCESS
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e79fb7defce4f650402e6b521170686d3eb2a0b9514f3a64":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"40e0d2d836c0519e7042419b":"41c5b5d971c0723bc1b63a259fe7e06c2961de1241bc34c13965f43636e4da3da8c75ed5956abe3a42f3039af005925a":0:"434ff68f2436f48418fd69f52158":1:0:"":PSA_SUCCESS
+
+PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=0, AAD=48, TAG=14 (lengths set)
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e79fb7defce4f650402e6b521170686d3eb2a0b9514f3a64":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"40e0d2d836c0519e7042419b":"41c5b5d971c0723bc1b63a259fe7e06c2961de1241bc34c13965f43636e4da3da8c75ed5956abe3a42f3039af005925a":0:"434ff68f2436f48418fd69f52158":1:1:"":PSA_SUCCESS
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=0, TAG=15
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e41d1f533d5b342ffe434b94b1372683bfd5d9d8cb79f9ee":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"5fe11a596dfcd3a305c1d711":"":0:"1847f64fff986476d1d2f758692f856da4a0ff98c0c1101694c84fd86680c9":1:"b03c2c20f758a93a8d1220232ad87098":PSA_SUCCESS
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e41d1f533d5b342ffe434b94b1372683bfd5d9d8cb79f9ee":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"5fe11a596dfcd3a305c1d711":"":0:"1847f64fff986476d1d2f758692f856da4a0ff98c0c1101694c84fd86680c9":1:0:"b03c2c20f758a93a8d1220232ad87098":PSA_SUCCESS
+
+PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=0, TAG=15 (lengths set)
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e41d1f533d5b342ffe434b94b1372683bfd5d9d8cb79f9ee":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"5fe11a596dfcd3a305c1d711":"":0:"1847f64fff986476d1d2f758692f856da4a0ff98c0c1101694c84fd86680c9":1:1:"b03c2c20f758a93a8d1220232ad87098":PSA_SUCCESS
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=20, TAG=15
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"8e7da473c057a2a4669a0d22bf9b7c9913fba48930ca0c9b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"f9ff8ef80d76c50f9ca0e9ff":"f141bae18a1b54f065554fd34aa02c91c90f505c":0:"5deb093b6e7c766a64bb9d5170af1ff8bf130b64eebdce06a9bdb2cf1da15a":1:"b22b2dcdcc18adc30d16297b84b459d8":PSA_SUCCESS
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"8e7da473c057a2a4669a0d22bf9b7c9913fba48930ca0c9b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"f9ff8ef80d76c50f9ca0e9ff":"f141bae18a1b54f065554fd34aa02c91c90f505c":0:"5deb093b6e7c766a64bb9d5170af1ff8bf130b64eebdce06a9bdb2cf1da15a":1:0:"b22b2dcdcc18adc30d16297b84b459d8":PSA_SUCCESS
+
+PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=20, TAG=15 (lengths set)
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"8e7da473c057a2a4669a0d22bf9b7c9913fba48930ca0c9b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"f9ff8ef80d76c50f9ca0e9ff":"f141bae18a1b54f065554fd34aa02c91c90f505c":0:"5deb093b6e7c766a64bb9d5170af1ff8bf130b64eebdce06a9bdb2cf1da15a":1:1:"b22b2dcdcc18adc30d16297b84b459d8":PSA_SUCCESS
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=48, TAG=12
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"01bf150add51bb11623e3bfbebd62a7ea81c5b192b8eb6de":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"dfacbc6791b785d324c646b7":"e35412a625324257bef35399a7eacca34fec2d2d24166e6bb3e94d96f5c57599ded45e2a74503f07116caa1692398a07":0:"77579db3c6da769e17731faac4732d7cce65d960a49f94f6b583e54a":1:"7e5fd8b595ddc4753676107951d900e2":PSA_SUCCESS
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"01bf150add51bb11623e3bfbebd62a7ea81c5b192b8eb6de":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"dfacbc6791b785d324c646b7":"e35412a625324257bef35399a7eacca34fec2d2d24166e6bb3e94d96f5c57599ded45e2a74503f07116caa1692398a07":0:"77579db3c6da769e17731faac4732d7cce65d960a49f94f6b583e54a":1:0:"7e5fd8b595ddc4753676107951d900e2":PSA_SUCCESS
+
+PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=48, TAG=12 (lengths set)
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"01bf150add51bb11623e3bfbebd62a7ea81c5b192b8eb6de":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"dfacbc6791b785d324c646b7":"e35412a625324257bef35399a7eacca34fec2d2d24166e6bb3e94d96f5c57599ded45e2a74503f07116caa1692398a07":0:"77579db3c6da769e17731faac4732d7cce65d960a49f94f6b583e54a":1:1:"7e5fd8b595ddc4753676107951d900e2":PSA_SUCCESS
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=48, TAG=8
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"551266c4ed166fe1c43761927801ed50cb9c0b3864fc97df":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"e711afbeccd567f866340abb":"562d1697237ebc563941076d459727dfa094eb9ac00d30ed5836825d163dd27517c7660a01056b2d868c7fc5d0343830":0:"2b54cc27f6ee71882e8b1ead207d2b042d262e87eac97b58":1:"37245449db8f72b1ecdb420f629d3d80":PSA_SUCCESS
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"551266c4ed166fe1c43761927801ed50cb9c0b3864fc97df":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"e711afbeccd567f866340abb":"562d1697237ebc563941076d459727dfa094eb9ac00d30ed5836825d163dd27517c7660a01056b2d868c7fc5d0343830":0:"2b54cc27f6ee71882e8b1ead207d2b042d262e87eac97b58":1:0:"37245449db8f72b1ecdb420f629d3d80":PSA_SUCCESS
+
+PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=48, TAG=8 (lengths set)
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"551266c4ed166fe1c43761927801ed50cb9c0b3864fc97df":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"e711afbeccd567f866340abb":"562d1697237ebc563941076d459727dfa094eb9ac00d30ed5836825d163dd27517c7660a01056b2d868c7fc5d0343830":0:"2b54cc27f6ee71882e8b1ead207d2b042d262e87eac97b58":1:1:"37245449db8f72b1ecdb420f629d3d80":PSA_SUCCESS
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=0, TAG=15
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"78fa4a2a5b5b1b1d9580ea527f2e1653e9336e15cc5462f5":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"98b774f7110e0bea624b487f":"":0:"a642aabed8b99e15e297ee705a40c3e2e506cb889727b327b7e044a8":1:"496909523f574b205d757659c5":PSA_SUCCESS
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"78fa4a2a5b5b1b1d9580ea527f2e1653e9336e15cc5462f5":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"98b774f7110e0bea624b487f":"":0:"a642aabed8b99e15e297ee705a40c3e2e506cb889727b327b7e044a8":1:0:"496909523f574b205d757659c5":PSA_SUCCESS
+
+PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=0, TAG=15 (lengths set)
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"78fa4a2a5b5b1b1d9580ea527f2e1653e9336e15cc5462f5":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"98b774f7110e0bea624b487f":"":0:"a642aabed8b99e15e297ee705a40c3e2e506cb889727b327b7e044a8":1:1:"496909523f574b205d757659c5":PSA_SUCCESS
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=16, TAG=15
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"61f4c2e55d729c4657e503dfe2b604e2853675dbdeb0982a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"0c4d5548aa2d8d54964e1e63":"5affdf8886dabb14790aff3dbfcbdd80":0:"0d4eacc3db304f46cb7a9eba6ec105bf86d9dc0639b7cebbd5260f47":1:"b6e056de521a27266dffbc0d96":PSA_SUCCESS
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"61f4c2e55d729c4657e503dfe2b604e2853675dbdeb0982a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"0c4d5548aa2d8d54964e1e63":"5affdf8886dabb14790aff3dbfcbdd80":0:"0d4eacc3db304f46cb7a9eba6ec105bf86d9dc0639b7cebbd5260f47":1:0:"b6e056de521a27266dffbc0d96":PSA_SUCCESS
+
+PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=16, TAG=15 (lengths set)
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"61f4c2e55d729c4657e503dfe2b604e2853675dbdeb0982a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"0c4d5548aa2d8d54964e1e63":"5affdf8886dabb14790aff3dbfcbdd80":0:"0d4eacc3db304f46cb7a9eba6ec105bf86d9dc0639b7cebbd5260f47":1:1:"b6e056de521a27266dffbc0d96":PSA_SUCCESS
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=20, TAG=13
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"73245c4f115a74fe71d6fefb9094c57c75f28033a3c7372b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"536a82485999b93b0bb7ef24":"64dcad870a42eeec0730fd7a7e4154638a85d739":0:"29333e87bfe65d0e37da2936f695824d4e3f37fab3b8e2b868f6":1:"f6d56f8c86f27d957fa63aea22":PSA_SUCCESS
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"73245c4f115a74fe71d6fefb9094c57c75f28033a3c7372b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"536a82485999b93b0bb7ef24":"64dcad870a42eeec0730fd7a7e4154638a85d739":0:"29333e87bfe65d0e37da2936f695824d4e3f37fab3b8e2b868f6":1:0:"f6d56f8c86f27d957fa63aea22":PSA_SUCCESS
+
+PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=20, TAG=13 (lengths set)
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"73245c4f115a74fe71d6fefb9094c57c75f28033a3c7372b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"536a82485999b93b0bb7ef24":"64dcad870a42eeec0730fd7a7e4154638a85d739":0:"29333e87bfe65d0e37da2936f695824d4e3f37fab3b8e2b868f6":1:1:"f6d56f8c86f27d957fa63aea22":PSA_SUCCESS
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=48, TAG=4
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"9002e74638e09dd1f091439518e1460cdd5905bd9e1a37ae":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"76c81a95d24be5c8bac63b50":"aa3ae4531aaac8f3eb07f748712c55a680bc8df5cf845edc66d09049500b41688b8023f5746879b45bdd586af29c4ede":0:"31bf37acbc53ca3fdbc9e5eaaebbb85a7f":1:"bd94b34511bc65ae47684805cb":PSA_SUCCESS
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"9002e74638e09dd1f091439518e1460cdd5905bd9e1a37ae":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"76c81a95d24be5c8bac63b50":"aa3ae4531aaac8f3eb07f748712c55a680bc8df5cf845edc66d09049500b41688b8023f5746879b45bdd586af29c4ede":0:"31bf37acbc53ca3fdbc9e5eaaebbb85a7f":1:0:"bd94b34511bc65ae47684805cb":PSA_SUCCESS
+
+PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=48, TAG=4 (lengths set)
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"9002e74638e09dd1f091439518e1460cdd5905bd9e1a37ae":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"76c81a95d24be5c8bac63b50":"aa3ae4531aaac8f3eb07f748712c55a680bc8df5cf845edc66d09049500b41688b8023f5746879b45bdd586af29c4ede":0:"31bf37acbc53ca3fdbc9e5eaaebbb85a7f":1:1:"bd94b34511bc65ae47684805cb":PSA_SUCCESS
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=0, TAG=16
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f5a2b27c74355872eb3ef6c5feafaa740e6ae990d9d48c3bd9bb8235e589f010":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"58d2240f580a31c1d24948e9":"":0:"15e051a5e4a5f5da6cea92e2ebee5bac":1:"":PSA_SUCCESS
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f5a2b27c74355872eb3ef6c5feafaa740e6ae990d9d48c3bd9bb8235e589f010":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"58d2240f580a31c1d24948e9":"":0:"15e051a5e4a5f5da6cea92e2ebee5bac":1:0:"":PSA_SUCCESS
+
+PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=0, TAG=16 (lengths set)
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f5a2b27c74355872eb3ef6c5feafaa740e6ae990d9d48c3bd9bb8235e589f010":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"58d2240f580a31c1d24948e9":"":0:"15e051a5e4a5f5da6cea92e2ebee5bac":1:1:"":PSA_SUCCESS
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=16, TAG=15
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"3395a1485315c5b5e6353acb05ae9499c440a2e9f5c57494662f827235ea314c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"3b7e632571602456b49880f0":"f283f80226dacb69c8af089ec6b59e81":0:"84c8beff4b0d160ee68ac613097f51":1:"":PSA_SUCCESS
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"3395a1485315c5b5e6353acb05ae9499c440a2e9f5c57494662f827235ea314c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"3b7e632571602456b49880f0":"f283f80226dacb69c8af089ec6b59e81":0:"84c8beff4b0d160ee68ac613097f51":1:0:"":PSA_SUCCESS
+
+PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=16, TAG=15 (lengths set)
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"3395a1485315c5b5e6353acb05ae9499c440a2e9f5c57494662f827235ea314c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"3b7e632571602456b49880f0":"f283f80226dacb69c8af089ec6b59e81":0:"84c8beff4b0d160ee68ac613097f51":1:1:"":PSA_SUCCESS
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=20, TAG=15
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4dc46ca55c1c1fcb4720c274c0e675c2ac5bf93d8dd5e951ca9f6b61f884edc9":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"6473ab77dc885127422f5594":"e2cf8172ab4cf77eba45cd2c8ff939b938080a90":0:"8d6351f18d873242204c20144e2b83":1:"":PSA_SUCCESS
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4dc46ca55c1c1fcb4720c274c0e675c2ac5bf93d8dd5e951ca9f6b61f884edc9":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"6473ab77dc885127422f5594":"e2cf8172ab4cf77eba45cd2c8ff939b938080a90":0:"8d6351f18d873242204c20144e2b83":1:0:"":PSA_SUCCESS
+
+PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=20, TAG=15 (lengths set)
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4dc46ca55c1c1fcb4720c274c0e675c2ac5bf93d8dd5e951ca9f6b61f884edc9":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"6473ab77dc885127422f5594":"e2cf8172ab4cf77eba45cd2c8ff939b938080a90":0:"8d6351f18d873242204c20144e2b83":1:1:"":PSA_SUCCESS
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=48, TAG=14
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a7f95798434f9a0fe6fd8acd30b8bad96dbdcfacee4594f01cbf26479be7d154":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"9ef5a77b02137b46e8461d09":"5595a16fa12d4dcdba6b128480dce2d39c1211c3fb6068cde6013f6a80dfcda5eb92af8879e40ee9c177fd0e446fc8ca":0:"3bfd3d99fe2063e8ef8255519fe0":1:"":PSA_SUCCESS
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a7f95798434f9a0fe6fd8acd30b8bad96dbdcfacee4594f01cbf26479be7d154":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"9ef5a77b02137b46e8461d09":"5595a16fa12d4dcdba6b128480dce2d39c1211c3fb6068cde6013f6a80dfcda5eb92af8879e40ee9c177fd0e446fc8ca":0:"3bfd3d99fe2063e8ef8255519fe0":1:0:"":PSA_SUCCESS
+
+PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=48, TAG=14 (lengths set)
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a7f95798434f9a0fe6fd8acd30b8bad96dbdcfacee4594f01cbf26479be7d154":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"9ef5a77b02137b46e8461d09":"5595a16fa12d4dcdba6b128480dce2d39c1211c3fb6068cde6013f6a80dfcda5eb92af8879e40ee9c177fd0e446fc8ca":0:"3bfd3d99fe2063e8ef8255519fe0":1:1:"":PSA_SUCCESS
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=0, TAG=16
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4c8ebfe1444ec1b2d503c6986659af2c94fafe945f72c1e8486a5acfedb8a0f8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"473360e0ad24889959858995":"":0:"d2c78110ac7e8f107c0df0570bd7c90cc26a379b6d98ef2852ead8ce83a833a7":1:"7789b41cb3ee548814ca0b388c10b343":PSA_SUCCESS
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4c8ebfe1444ec1b2d503c6986659af2c94fafe945f72c1e8486a5acfedb8a0f8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"473360e0ad24889959858995":"":0:"d2c78110ac7e8f107c0df0570bd7c90cc26a379b6d98ef2852ead8ce83a833a7":1:0:"7789b41cb3ee548814ca0b388c10b343":PSA_SUCCESS
+
+PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=0, TAG=16 (lengths set)
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4c8ebfe1444ec1b2d503c6986659af2c94fafe945f72c1e8486a5acfedb8a0f8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"473360e0ad24889959858995":"":0:"d2c78110ac7e8f107c0df0570bd7c90cc26a379b6d98ef2852ead8ce83a833a7":1:1:"7789b41cb3ee548814ca0b388c10b343":PSA_SUCCESS
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=0, TAG=4
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"57805f98aae1b8b64bb49756529ab8181b3ada674a90c55422e9eb26c48bcd7b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"9735945d8ca161777206632a":"":0:"58375442ab1c0e6a8952c83d128d9fc5f45bb315":1:"4860116a6d2deb9bf794bfd6ac5bbbd6":PSA_SUCCESS
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"57805f98aae1b8b64bb49756529ab8181b3ada674a90c55422e9eb26c48bcd7b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"9735945d8ca161777206632a":"":0:"58375442ab1c0e6a8952c83d128d9fc5f45bb315":1:0:"4860116a6d2deb9bf794bfd6ac5bbbd6":PSA_SUCCESS
+
+PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=0, TAG=4 (lengths set)
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"57805f98aae1b8b64bb49756529ab8181b3ada674a90c55422e9eb26c48bcd7b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"9735945d8ca161777206632a":"":0:"58375442ab1c0e6a8952c83d128d9fc5f45bb315":1:1:"4860116a6d2deb9bf794bfd6ac5bbbd6":PSA_SUCCESS
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=16, TAG=8
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f913bb823a1d0c10b0b72d56866907b893f2266f15de1abc17f93600824db55a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"d4fe686a14592b6ca1bd6b42":"e35d880c1c53688eb83869de9dd8a473":0:"35af9b502ea6b56269f896bf98affdd59c2aa418b38bc7fd":1:"ff426dd751190ff826e8b4a0792d746e":PSA_SUCCESS
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f913bb823a1d0c10b0b72d56866907b893f2266f15de1abc17f93600824db55a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"d4fe686a14592b6ca1bd6b42":"e35d880c1c53688eb83869de9dd8a473":0:"35af9b502ea6b56269f896bf98affdd59c2aa418b38bc7fd":1:0:"ff426dd751190ff826e8b4a0792d746e":PSA_SUCCESS
+
+PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=16, TAG=8 (lengths set)
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f913bb823a1d0c10b0b72d56866907b893f2266f15de1abc17f93600824db55a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"d4fe686a14592b6ca1bd6b42":"e35d880c1c53688eb83869de9dd8a473":0:"35af9b502ea6b56269f896bf98affdd59c2aa418b38bc7fd":1:1:"ff426dd751190ff826e8b4a0792d746e":PSA_SUCCESS
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=20, TAG=14
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"74e9d9d7cd0728cea94e169af485f21f9d2447e022f16008f803dcf5c4f7cc0c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"ecba39edc96667da726122c0":"ae9ab021f86f5b81bb2e0fcbd4b855e1501e9f82":0:"e5745ce0e02dbba05363b548c3ac7047eacca7e61db6f72fc9b9e5bdb2bb":1:"0a0b284515694188b6b6c15bc8a09036":PSA_SUCCESS
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"74e9d9d7cd0728cea94e169af485f21f9d2447e022f16008f803dcf5c4f7cc0c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"ecba39edc96667da726122c0":"ae9ab021f86f5b81bb2e0fcbd4b855e1501e9f82":0:"e5745ce0e02dbba05363b548c3ac7047eacca7e61db6f72fc9b9e5bdb2bb":1:0:"0a0b284515694188b6b6c15bc8a09036":PSA_SUCCESS
+
+PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=20, TAG=14 (lengths set)
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"74e9d9d7cd0728cea94e169af485f21f9d2447e022f16008f803dcf5c4f7cc0c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"ecba39edc96667da726122c0":"ae9ab021f86f5b81bb2e0fcbd4b855e1501e9f82":0:"e5745ce0e02dbba05363b548c3ac7047eacca7e61db6f72fc9b9e5bdb2bb":1:1:"0a0b284515694188b6b6c15bc8a09036":PSA_SUCCESS
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=13, AAD=0, TAG=14
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"60667fce64b8c7169ddf45f335e46951248f69abc4e0f4f292d0ffe3dfd5219f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"1057322a39f08ef761c3c8fc":"":0:"501b033c841acb430c52d88fe9cb44c751f2f1641d1e801a534ac8":1:"f386b28e7eb4c2fb8eb5dc66a2":PSA_SUCCESS
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"60667fce64b8c7169ddf45f335e46951248f69abc4e0f4f292d0ffe3dfd5219f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"1057322a39f08ef761c3c8fc":"":0:"501b033c841acb430c52d88fe9cb44c751f2f1641d1e801a534ac8":1:0:"f386b28e7eb4c2fb8eb5dc66a2":PSA_SUCCESS
+
+PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=13, AAD=0, TAG=14 (lengths set)
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"60667fce64b8c7169ddf45f335e46951248f69abc4e0f4f292d0ffe3dfd5219f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"1057322a39f08ef761c3c8fc":"":0:"501b033c841acb430c52d88fe9cb44c751f2f1641d1e801a534ac8":1:1:"f386b28e7eb4c2fb8eb5dc66a2":PSA_SUCCESS
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=13, AAD=20, TAG=15
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e67590da399cbcdcddcc56110562ade8665b50287a8ab38e8b9ee7520531b560":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"2c36ab6b686a66fba1805196":"823493d42f4f60b2d1433ad75eccaafd7e7c7d12":0:"cff6b6f03c67152f3ce1030653d9bd9a6559f5b04b48d77c2a1fc364":1:"da1c61fbfcdb73445ad4c7d889":PSA_SUCCESS
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e67590da399cbcdcddcc56110562ade8665b50287a8ab38e8b9ee7520531b560":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"2c36ab6b686a66fba1805196":"823493d42f4f60b2d1433ad75eccaafd7e7c7d12":0:"cff6b6f03c67152f3ce1030653d9bd9a6559f5b04b48d77c2a1fc364":1:0:"da1c61fbfcdb73445ad4c7d889":PSA_SUCCESS
+
+PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=13, AAD=20, TAG=15 (lengths set)
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e67590da399cbcdcddcc56110562ade8665b50287a8ab38e8b9ee7520531b560":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"2c36ab6b686a66fba1805196":"823493d42f4f60b2d1433ad75eccaafd7e7c7d12":0:"cff6b6f03c67152f3ce1030653d9bd9a6559f5b04b48d77c2a1fc364":1:1:"da1c61fbfcdb73445ad4c7d889":PSA_SUCCESS
 
 PSA Multipart AEAD encrypt: ChaCha20-Poly1305 (RFC7539)
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
-aead_multipart_encrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":1:"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":1:"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691"
+aead_multipart_encrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":1:"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":1:0:"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691"
+
+PSA Multipart AEAD encrypt: ChaCha20-Poly1305 (RFC7539) (lengths set)
+depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
+aead_multipart_encrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":1:"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":1:1:"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691"
 
 PSA Multipart AEAD encrypt: ChaCha20-Poly1305 (zero-length input)
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
-aead_multipart_encrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"":1:"":1:"a0784d7a4716f3feb4f64e7f4b39bf04"
+aead_multipart_encrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"":1:"":1:0:"a0784d7a4716f3feb4f64e7f4b39bf04"
+
+PSA Multipart AEAD encrypt: ChaCha20-Poly1305 (zero-length input) (lengths set)
+depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
+aead_multipart_encrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"":1:"":1:1:"a0784d7a4716f3feb4f64e7f4b39bf04"
 
 PSA Multipart AEAD decrypt: ChaCha20-Poly1305 (RFC7539, good tag)
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
-aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":1:"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":1:"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_SUCCESS
+aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":1:"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":1:0:"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_SUCCESS
+
+PSA Multipart AEAD decrypt: ChaCha20-Poly1305 (RFC7539, good tag) (lengths set)
+depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
+aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":1:"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":1:1:"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_SUCCESS
 
 PSA Multipart AEAD decrypt: ChaCha20-Poly1305 (RFC7539, bad tag)
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
-aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":1:"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600690":1:"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_ERROR_INVALID_SIGNATURE
+aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":1:"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600690":1:0:"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_ERROR_INVALID_SIGNATURE
 
 PSA Multipart AEAD decrypt: ChaCha20-Poly1305 (good tag, zero-length input)
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
-aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"":1:"a0784d7a4716f3feb4f64e7f4b39bf04":1:"":PSA_SUCCESS
+aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"":1:"a0784d7a4716f3feb4f64e7f4b39bf04":1:0:"":PSA_SUCCESS
+
+PSA Multipart AEAD decrypt: ChaCha20-Poly1305 (good tag, zero-length input) (lengths set)
+depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
+aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"":1:"a0784d7a4716f3feb4f64e7f4b39bf04":1:1:"":PSA_SUCCESS
 
 PSA Multipart AEAD decrypt: invalid algorithm (CTR)
 depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CTR:"000102030405060708090A0B0C0D0E0F":"":0:"":1:"":PSA_ERROR_INVALID_ARGUMENT
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CTR:"000102030405060708090A0B0C0D0E0F":"":0:"":1:0:"":PSA_ERROR_INVALID_ARGUMENT
 
 PSA Multipart AEAD decrypt: invalid algorithm (ChaCha20)
 depends_on:MBEDTLS_CHACHA20_C
-aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_STREAM_CIPHER:"":"":1:"":1:"":PSA_ERROR_INVALID_ARGUMENT
+aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_STREAM_CIPHER:"":"":1:"":1:0:"":PSA_ERROR_INVALID_ARGUMENT
 
 PSA Multipart Nonce Generation, AES - GCM, CAVS 14.0, IV = 12
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 1a5c23e8e0..2a2f2e61c4 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -272,6 +272,7 @@ static psa_status_t aead_multipart_encrypt_internal( int key_type_arg,
                                                      int ad_part_len,
                                                      data_t *input_data,
                                                      int data_part_len,
+                                                     int test_set_lengths_arg,
                                                      data_t *expected_result )
 {
     mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
@@ -340,13 +341,11 @@ static psa_status_t aead_multipart_encrypt_internal( int key_type_arg,
 
     PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) );
 
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
-    if( operation.alg == PSA_ALG_GCM )
+    if( test_set_lengths_arg )
     {
         PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len,
                                           input_data->len ) );
     }
-#endif
 
     if( ad_part_len != -1 )
     {
@@ -475,6 +474,7 @@ void aead_multipart_decrypt_internal( int key_type_arg, data_t *key_data,
                                       int ad_part_len,
                                       data_t *input_data,
                                       int data_part_len,
+                                      int test_set_lengths_arg,
                                       data_t *expected_data,
                                       int expected_result_arg )
 {
@@ -549,8 +549,7 @@ void aead_multipart_decrypt_internal( int key_type_arg, data_t *key_data,
         goto exit;
     }
 
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
-    if( operation.alg == PSA_ALG_GCM )
+    if( test_set_lengths_arg )
     {
         status = psa_aead_set_lengths( &operation, additional_data->len,
                                        ( input_data->len - tag_length ) );
@@ -561,7 +560,6 @@ void aead_multipart_decrypt_internal( int key_type_arg, data_t *key_data,
             goto exit;
         }
     }
-#endif
 
     if( ad_part_len != -1 )
     {
@@ -3601,6 +3599,7 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data,
                              int test_ad_mp_arg,
                              data_t *input_data,
                              int test_data_mp_arg,
+                             int test_set_lengths_arg,
                              data_t *expected_result_arg )
 {
     size_t ad_part_len = 0;
@@ -3618,6 +3617,7 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data,
                                              additional_data,
                                              ad_part_len,
                                              input_data, -1,
+                                             test_set_lengths_arg,
                                              expected_result_arg );
         }
     }
@@ -3631,6 +3631,7 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data,
                                              alg_arg, nonce,
                                              additional_data, -1,
                                              input_data, data_part_len,
+                                             test_set_lengths_arg,
                                              expected_result_arg );
         }
     }
@@ -3649,6 +3650,7 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data,
                              int test_ad_mp_arg,
                              data_t *input_data,
                              int test_data_mp_arg,
+                             int test_set_lengths_arg,
                              data_t *expected_data,
                              int expected_status )
 {
@@ -3667,6 +3669,7 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data,
                                              additional_data,
                                              ad_part_len,
                                              input_data, -1,
+                                             test_set_lengths_arg,
                                              expected_data, expected_status );
         }
     }
@@ -3680,6 +3683,7 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data,
                                              alg_arg, nonce,
                                              additional_data, -1,
                                              input_data, data_part_len,
+                                             test_set_lengths_arg,
                                              expected_data, expected_status );
         }
     }

From 7220cae93c9dc5a820c18e1a9a2329f97c6256ec Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Tue, 22 Jun 2021 17:25:57 +0100
Subject: [PATCH 070/966] Ensure generate nonce unavailable in decrypt

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 include/psa/crypto_struct.h                 |  3 ++-
 library/psa_crypto.c                        |  9 ++++++++-
 tests/suites/test_suite_psa_crypto.function | 13 +++++++++++++
 3 files changed, 23 insertions(+), 2 deletions(-)

diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h
index 0f74c5481d..e05c846ff8 100644
--- a/include/psa/crypto_struct.h
+++ b/include/psa/crypto_struct.h
@@ -172,11 +172,12 @@ struct psa_aead_operation_s
     unsigned int lengths_set : 1;
     unsigned int ad_started : 1;
     unsigned int body_started : 1;
+    unsigned int is_encrypt : 1;
 
     psa_driver_aead_context_t ctx;
 };
 
-#define PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, 0, 0, 0, 0, 0, {0}}
+#define PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, {0}}
 static inline struct psa_aead_operation_s psa_aead_operation_init( void )
 {
     const struct psa_aead_operation_s v = PSA_AEAD_OPERATION_INIT;
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 8dc6aad534..aec22c79cf 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3469,7 +3469,10 @@ exit:
         status = unlock_status;
 
     if( status == PSA_SUCCESS )
+    {
         operation->alg = psa_aead_get_base_algorithm( alg );
+        operation->is_encrypt = 1;
+    }
     else
         psa_aead_abort( operation );
 
@@ -3531,7 +3534,10 @@ exit:
         status = unlock_status;
 
     if( status == PSA_SUCCESS )
+    {
         operation->alg = psa_aead_get_base_algorithm( alg );
+        operation->is_encrypt = 0;
+    }
     else
         psa_aead_abort( operation );
 
@@ -3556,7 +3562,7 @@ psa_status_t psa_aead_generate_nonce( psa_aead_operation_t *operation,
     }
 
     if( operation->nonce_set || operation->ad_started ||
-        operation->body_started )
+        operation->body_started  || operation->is_encrypt == 0 )
     {
         status = PSA_ERROR_BAD_STATE;
         goto exit;
@@ -3881,6 +3887,7 @@ psa_status_t psa_aead_abort( psa_aead_operation_t *operation )
     operation->lengths_set = 0;
     operation->ad_started = 0;
     operation->body_started = 0;
+    operation->is_encrypt = 0;
 
     return( status );
 }
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 2a2f2e61c4..38545bccc6 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -3913,6 +3913,19 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data,
 
     psa_aead_abort( &operation );
 
+    /* Test for generating nonce in decrypt setup. */
+
+    operation = psa_aead_operation_init( );
+
+    PSA_ASSERT( psa_aead_decrypt_setup( &operation, key, alg ) );
+
+    TEST_EQUAL( psa_aead_generate_nonce( &operation, nonce_buffer,
+                                         PSA_AEAD_NONCE_MAX_SIZE,
+                                         &nonce_length ),
+                PSA_ERROR_BAD_STATE );
+
+    psa_aead_abort( &operation );
+
     /* Test for setting lengths twice. */
 
     operation = psa_aead_operation_init( );

From e4030f2cd181bd9885dd437d0aef419b5a3fb1be Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Tue, 22 Jun 2021 17:36:55 +0100
Subject: [PATCH 071/966] Replace function with macro that already exists

I wrote a function to determine the base algorithm given a variant,
however this is already implemented by
PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto.c | 15 +--------------
 1 file changed, 1 insertion(+), 14 deletions(-)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index aec22c79cf..9254f36e7d 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3398,20 +3398,7 @@ psa_status_t psa_aead_decrypt( mbedtls_svc_key_id_t key,
 /* Helper function to get the base algorithm from its variants. */
 static psa_algorithm_t psa_aead_get_base_algorithm(psa_algorithm_t alg)
 {
-    switch( PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, 0 ) )
-    {
-        case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 0 ):
-            return( PSA_ALG_CCM );
-
-        case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 0 ):
-            return( PSA_ALG_GCM );
-
-        case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CHACHA20_POLY1305, 0 ):
-            return( PSA_ALG_CHACHA20_POLY1305 );
-
-        default:
-            return( PSA_ERROR_NOT_SUPPORTED );
-    }
+    return PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG( alg );
 }
 
 /* Set the key for a multipart authenticated encryption operation. */

From d89304ebb7f8ee28cf56adfa523cdbafcc48df26 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Tue, 22 Jun 2021 17:47:09 +0100
Subject: [PATCH 072/966] Fix formatting issues

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 9254f36e7d..056d5515dc 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3396,7 +3396,7 @@ psa_status_t psa_aead_decrypt( mbedtls_svc_key_id_t key,
 }
 
 /* Helper function to get the base algorithm from its variants. */
-static psa_algorithm_t psa_aead_get_base_algorithm(psa_algorithm_t alg)
+static psa_algorithm_t psa_aead_get_base_algorithm( psa_algorithm_t alg )
 {
     return PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG( alg );
 }
@@ -3487,7 +3487,7 @@ psa_status_t psa_aead_decrypt_setup( psa_aead_operation_t *operation,
         goto exit;
     }
 
-   if( operation->nonce_set || operation->lengths_set ||
+    if( operation->nonce_set || operation->lengths_set ||
         operation->ad_started || operation->body_started )
     {
         status = PSA_ERROR_BAD_STATE;

From f88a565f183a8f24feff070115f46f1100e6971c Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Tue, 22 Jun 2021 17:53:45 +0100
Subject: [PATCH 073/966] Better tag size default for m-aead finish

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 056d5515dc..7a7238cc6d 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3772,7 +3772,7 @@ psa_status_t psa_aead_finish( psa_aead_operation_t *operation,
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
     *ciphertext_length = 0;
-    *tag_length = 0;
+    *tag_length = tag_size;
 
     if( operation->id == 0 )
     {

From 534d0b44847967fa82c2a25f2d87cfdc853d504b Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Tue, 22 Jun 2021 19:15:20 +0100
Subject: [PATCH 074/966] Finish / Verify state checks

Ensure finish only called when encrypting and verify only called for
decrypting, and add tests to ensure this.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto.c                        |  4 +--
 tests/suites/test_suite_psa_crypto.function | 35 +++++++++++++++++++++
 2 files changed, 37 insertions(+), 2 deletions(-)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 7a7238cc6d..c1071b0f37 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3780,7 +3780,7 @@ psa_status_t psa_aead_finish( psa_aead_operation_t *operation,
         goto exit;
     }
 
-    if( !operation->nonce_set )
+    if( !operation->nonce_set || operation->is_encrypt == 0 )
     {
         status = PSA_ERROR_BAD_STATE;
         goto exit;
@@ -3829,7 +3829,7 @@ psa_status_t psa_aead_verify( psa_aead_operation_t *operation,
         goto exit;
     }
 
-    if( !operation->nonce_set )
+    if( !operation->nonce_set || operation->is_encrypt == 1 )
     {
         status = PSA_ERROR_BAD_STATE;
         goto exit;
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 38545bccc6..67f2395230 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -4037,6 +4037,41 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data,
 
     psa_aead_abort( &operation );
 
+    /* Test calling finish on decryption. */
+
+    operation = psa_aead_operation_init( );
+
+    PSA_ASSERT( psa_aead_decrypt_setup( &operation, key, alg ) );
+
+    PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) );
+
+    TEST_EQUAL( psa_aead_finish( &operation, final_data,
+                                 finish_output_size,
+                                 &output_part_length,
+                                 tag_buffer, tag_length,
+                                 &tag_size ),
+                PSA_ERROR_BAD_STATE );
+
+    psa_aead_abort( &operation );
+
+    /* Test calling verify on encryption. */
+
+    operation = psa_aead_operation_init( );
+
+    PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) );
+
+    PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) );
+
+    TEST_EQUAL( psa_aead_verify( &operation, final_data,
+                                 finish_output_size,
+                                 &output_part_length,
+                                 tag_buffer,
+                                 tag_length ),
+                PSA_ERROR_BAD_STATEcd );
+
+    psa_aead_abort( &operation );
+
+
 exit:
     psa_destroy_key( key );
     psa_aead_abort( &operation );

From 5b065cb8cd5386ccafd50b3de15ff022a9f25bd0 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Wed, 23 Jun 2021 08:33:22 +0100
Subject: [PATCH 075/966] Fix typo

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 tests/suites/test_suite_psa_crypto.function | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 67f2395230..5c5c4572b2 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -4067,7 +4067,7 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data,
                                  &output_part_length,
                                  tag_buffer,
                                  tag_length ),
-                PSA_ERROR_BAD_STATEcd );
+                PSA_ERROR_BAD_STATE );
 
     psa_aead_abort( &operation );
 

From ad53dcc9752d3af49d9601445326b3a35f88b12f Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Wed, 23 Jun 2021 08:50:14 +0100
Subject: [PATCH 076/966] Move common final checks to function

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto.c | 51 ++++++++++++++++++++++----------------------
 1 file changed, 26 insertions(+), 25 deletions(-)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index c1071b0f37..714e556b5a 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3760,6 +3760,18 @@ exit:
     return( status );
 }
 
+static psa_status_t psa_aead_final_checks( psa_aead_operation_t *operation )
+{
+    if( operation->id == 0 || operation->nonce_set == 0 )
+        return( PSA_ERROR_BAD_STATE );
+
+    if( operation->lengths_set && (operation->ad_remaining != 0 ||
+                                   operation->body_remaining != 0 ) )
+        return( PSA_ERROR_INVALID_ARGUMENT );
+
+    return( PSA_SUCCESS );
+}
+
 /* Finish encrypting a message in a multipart AEAD operation. */
 psa_status_t psa_aead_finish( psa_aead_operation_t *operation,
                               uint8_t *ciphertext,
@@ -3774,25 +3786,17 @@ psa_status_t psa_aead_finish( psa_aead_operation_t *operation,
     *ciphertext_length = 0;
     *tag_length = tag_size;
 
-    if( operation->id == 0 )
+    status = psa_aead_final_checks( operation );
+
+    if( status != PSA_SUCCESS )
+        goto exit;
+
+    if( operation->is_encrypt == 0 )
     {
         status = PSA_ERROR_BAD_STATE;
         goto exit;
     }
 
-    if( !operation->nonce_set || operation->is_encrypt == 0 )
-    {
-        status = PSA_ERROR_BAD_STATE;
-        goto exit;
-    }
-
-    if( operation->lengths_set && (operation->ad_remaining != 0 ||
-                                   operation->body_remaining != 0 ) )
-    {
-        status = PSA_ERROR_INVALID_ARGUMENT;
-        goto exit;
-    }
-
     status = psa_driver_wrapper_aead_finish( operation, ciphertext,
                                              ciphertext_size,
                                              ciphertext_length,
@@ -3823,24 +3827,21 @@ psa_status_t psa_aead_verify( psa_aead_operation_t *operation,
 
     *plaintext_length = 0;
 
-    if( operation->id == 0 )
+    status = psa_aead_final_checks( operation );
+
+    if( status != PSA_SUCCESS )
+        goto exit;
+
+    if( operation->is_encrypt == 1 )
     {
         status = PSA_ERROR_BAD_STATE;
         goto exit;
     }
 
-    if( !operation->nonce_set || operation->is_encrypt == 1 )
-    {
-        status = PSA_ERROR_BAD_STATE;
-        goto exit;
-    }
+    status = psa_aead_final_checks( operation );
 
-    if( operation->lengths_set && (operation->ad_remaining != 0 ||
-                                   operation->body_remaining != 0 ) )
-    {
-        status = PSA_ERROR_INVALID_ARGUMENT;
+    if( status != PSA_SUCCESS )
         goto exit;
-    }
 
     status = psa_driver_wrapper_aead_verify( operation, plaintext,
                                              plaintext_size,

From fcb5cdc954f4841cef7fb1840e51fad52e52f1ca Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Wed, 23 Jun 2021 09:40:12 +0100
Subject: [PATCH 077/966] Add per function hits to driver wrappers

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 tests/include/test/drivers/aead.h    | 15 +++++++++++++--
 tests/src/drivers/test_driver_aead.c | 22 +++++++++++-----------
 2 files changed, 24 insertions(+), 13 deletions(-)

diff --git a/tests/include/test/drivers/aead.h b/tests/include/test/drivers/aead.h
index 86c18d4d3a..5eabf17de4 100644
--- a/tests/include/test/drivers/aead.h
+++ b/tests/include/test/drivers/aead.h
@@ -34,12 +34,23 @@ typedef struct {
      * function call. */
     psa_status_t forced_status;
     /* Count the amount of times AEAD driver functions are called. */
-    unsigned long hits;
+    unsigned long hits_encrypt;
+    unsigned long hits_decrypt;
+    unsigned long hits_encrypt_setup;
+    unsigned long hits_decrypt_setup;
+    unsigned long hits_set_nonce;
+    unsigned long hits_set_lengths;
+    unsigned long hits_update_ad;
+    unsigned long hits_update;
+    unsigned long hits_finish;
+    unsigned long hits_verify;
+    unsigned long hits_abort;
+
     /* Status returned by the last AEAD driver function call. */
     psa_status_t driver_status;
 } mbedtls_test_driver_aead_hooks_t;
 
-#define MBEDTLS_TEST_DRIVER_AEAD_INIT { 0, 0, 0 }
+#define MBEDTLS_TEST_DRIVER_AEAD_INIT { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }
 static inline mbedtls_test_driver_aead_hooks_t
     mbedtls_test_driver_aead_hooks_init( void )
 {
diff --git a/tests/src/drivers/test_driver_aead.c b/tests/src/drivers/test_driver_aead.c
index 006d3327f5..698353c5d6 100644
--- a/tests/src/drivers/test_driver_aead.c
+++ b/tests/src/drivers/test_driver_aead.c
@@ -40,7 +40,7 @@ psa_status_t mbedtls_test_transparent_aead_encrypt(
     const uint8_t *plaintext, size_t plaintext_length,
     uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length )
 {
-    mbedtls_test_driver_aead_hooks.hits++;
+    mbedtls_test_driver_aead_hooks.hits_encrypt++;
 
     if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS )
     {
@@ -71,7 +71,7 @@ psa_status_t mbedtls_test_transparent_aead_decrypt(
     const uint8_t *ciphertext, size_t ciphertext_length,
     uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length )
 {
-    mbedtls_test_driver_aead_hooks.hits++;
+    mbedtls_test_driver_aead_hooks.hits_decrypt++;
 
     if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS )
     {
@@ -99,7 +99,7 @@ psa_status_t mbedtls_test_transparent_aead_encrypt_setup(
     const uint8_t *key_buffer, size_t key_buffer_size,
     psa_algorithm_t alg )
 {
-    mbedtls_test_driver_aead_hooks.hits++;
+    mbedtls_test_driver_aead_hooks.hits_encrypt_setup++;
 
     if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS )
     {
@@ -122,7 +122,7 @@ psa_status_t mbedtls_test_transparent_aead_decrypt_setup(
     const uint8_t *key_buffer, size_t key_buffer_size,
     psa_algorithm_t alg )
 {
-    mbedtls_test_driver_aead_hooks.hits++;
+    mbedtls_test_driver_aead_hooks.hits_decrypt_setup++;
 
     if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS )
     {
@@ -144,7 +144,7 @@ psa_status_t mbedtls_test_transparent_aead_set_nonce(
     const uint8_t *nonce,
     size_t nonce_length )
 {
-    mbedtls_test_driver_aead_hooks.hits++;
+    mbedtls_test_driver_aead_hooks.hits_set_nonce++;
 
     if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS )
     {
@@ -165,7 +165,7 @@ psa_status_t mbedtls_test_transparent_aead_set_lengths(
     size_t ad_length,
     size_t plaintext_length )
 {
-    mbedtls_test_driver_aead_hooks.hits++;
+    mbedtls_test_driver_aead_hooks.hits_set_lengths++;
 
     if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS )
     {
@@ -187,7 +187,7 @@ psa_status_t mbedtls_test_transparent_aead_update_ad(
     const uint8_t *input,
     size_t input_length )
 {
-    mbedtls_test_driver_aead_hooks.hits++;
+    mbedtls_test_driver_aead_hooks.hits_update_ad++;
 
     if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS )
     {
@@ -211,7 +211,7 @@ psa_status_t mbedtls_test_transparent_aead_update(
    size_t output_size,
    size_t *output_length )
 {
-    mbedtls_test_driver_aead_hooks.hits++;
+    mbedtls_test_driver_aead_hooks.hits_update++;
 
     if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS )
     {
@@ -237,7 +237,7 @@ psa_status_t mbedtls_test_transparent_aead_finish(
    size_t tag_size,
    size_t *tag_length )
 {
-   mbedtls_test_driver_aead_hooks.hits++;
+   mbedtls_test_driver_aead_hooks.hits_finish++;
 
     if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS )
     {
@@ -263,7 +263,7 @@ psa_status_t mbedtls_test_transparent_aead_verify(
    const uint8_t *tag,
    size_t tag_length )
 {
-   mbedtls_test_driver_aead_hooks.hits++;
+   mbedtls_test_driver_aead_hooks.hits_verify++;
 
     if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS )
     {
@@ -283,7 +283,7 @@ psa_status_t mbedtls_test_transparent_aead_verify(
 psa_status_t mbedtls_test_transparent_aead_abort(
    mbedtls_transparent_test_driver_aead_operation_t *operation )
 {
-   mbedtls_test_driver_aead_hooks.hits++;
+   mbedtls_test_driver_aead_hooks.hits_abort++;
 
     if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS )
     {

From d7ab9f1260dc7419203f0153b12524a27afb2f32 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Wed, 23 Jun 2021 09:52:19 +0100
Subject: [PATCH 078/966] Move the setting of id in driver wrappers

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto_driver_wrappers.c | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c
index 354477a9e1..48410c0e1e 100644
--- a/library/psa_crypto_driver_wrappers.c
+++ b/library/psa_crypto_driver_wrappers.c
@@ -1458,26 +1458,25 @@ psa_status_t psa_driver_wrapper_aead_encrypt_setup(
 
 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
 #if defined(PSA_CRYPTO_DRIVER_TEST)
+            operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
             status = mbedtls_test_transparent_aead_encrypt_setup(
                         &operation->ctx.transparent_test_driver_ctx,
                         attributes, key_buffer, key_buffer_size,
                         alg );
-            /* Declared with fallback == true */
-            operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
 
+            /* Declared with fallback == true */
             if( status != PSA_ERROR_NOT_SUPPORTED )
                 return( status );
 #endif /* PSA_CRYPTO_DRIVER_TEST */
 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
 
             /* Fell through, meaning no accelerator supports this operation */
+            operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
             status = mbedtls_psa_aead_encrypt_setup(
                         &operation->ctx.mbedtls_ctx, attributes,
                         key_buffer, key_buffer_size,
                         alg );
 
-            operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
-
             return( status );
 
         /* Add cases for opaque driver here */
@@ -1507,28 +1506,27 @@ psa_status_t psa_driver_wrapper_aead_decrypt_setup(
 
 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
 #if defined(PSA_CRYPTO_DRIVER_TEST)
+            operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
             status = mbedtls_test_transparent_aead_decrypt_setup(
                         &operation->ctx.transparent_test_driver_ctx,
                          attributes,
                         key_buffer, key_buffer_size,
                         alg );
-            /* Declared with fallback == true */
-            operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
 
+            /* Declared with fallback == true */
             if( status != PSA_ERROR_NOT_SUPPORTED )
                 return( status );
 #endif /* PSA_CRYPTO_DRIVER_TEST */
 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
 
             /* Fell through, meaning no accelerator supports this operation */
+            operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
             status = mbedtls_psa_aead_decrypt_setup(
                         &operation->ctx.mbedtls_ctx,
                          attributes,
                         key_buffer, key_buffer_size,
                         alg );
 
-            operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
-
             return( status );
 
         /* Add cases for opaque driver here */

From 2007d70a5ae56e69306632752d14f6af544dfaf8 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Wed, 23 Jun 2021 09:56:55 +0100
Subject: [PATCH 079/966] Improve changelog

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 ChangeLog.d/add_psa_m_aead.txt | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/ChangeLog.d/add_psa_m_aead.txt b/ChangeLog.d/add_psa_m_aead.txt
index 3ae58095bd..fa4e7ac61b 100644
--- a/ChangeLog.d/add_psa_m_aead.txt
+++ b/ChangeLog.d/add_psa_m_aead.txt
@@ -1,4 +1,3 @@
 Features
-   * Added multipart AEAD API to the PSA Crypto API
-   * Added MbedTLS internal implementations of the PSA Crypto multipart AEAD API
-     supporting ChaChaPoly and GCM. CCM is not as yet supported.
+   * Implement the PSA multipart AEAD interface, currently supporting
+     ChaChaPoly and GCM.

From 8fc45169f1b3c8ea54cb70bc33e67da665bcd1f3 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Wed, 23 Jun 2021 16:06:01 +0100
Subject: [PATCH 080/966] Fix compiler errors on many platforms.

Also added comment to explain why I added a seemingly pointless goto

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 tests/suites/test_suite_psa_crypto.function | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 5c5c4572b2..fa5556e50c 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -3636,9 +3636,10 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data,
         }
     }
 
-    goto exit;
 
-exit:
+    /* Goto is required to silence warnings about unused labels, as we
+     * don't actually do any test assertions in this function. */
+    goto exit;
 }
 /* END_CASE */
 
@@ -3688,9 +3689,9 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data,
         }
     }
 
+    /* Goto is required to silence warnings about unused labels, as we
+     * don't actually do any test assertions in this function. */
     goto exit;
-
-exit:
 }
 /* END_CASE */
 

From 95271f10c372c1a805cbc875aec429bead7ef3c9 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Wed, 23 Jun 2021 16:50:45 +0100
Subject: [PATCH 081/966] Call set_nonce direct rather than by wrapper

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 714e556b5a..9fb3a20941 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3569,8 +3569,7 @@ psa_status_t psa_aead_generate_nonce( psa_aead_operation_t *operation,
     if( status != PSA_SUCCESS )
         goto exit;
 
-    status = psa_driver_wrapper_aead_set_nonce( operation, nonce,
-                                                required_nonce_size );
+    status = psa_aead_set_nonce( operation, nonce, required_nonce_size );
 
 exit:
 

From 3bd5dbacc1fffdaf1d99cd8b431e98b75e04a7b4 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Wed, 23 Jun 2021 17:14:40 +0100
Subject: [PATCH 082/966] Improve generate nonce test

Make sure the generated nonce works to encrypt test data if the
generated nonce is valid.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 tests/suites/test_suite_psa_crypto.data     | 10 +++---
 tests/suites/test_suite_psa_crypto.function | 39 +++++++++++++++++++--
 2 files changed, 42 insertions(+), 7 deletions(-)

diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index 7fe94495b5..f55deb022f 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -2576,23 +2576,23 @@ aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f90
 
 PSA Multipart Nonce Generation, AES - GCM, CAVS 14.0, IV = 12
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_generate_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):12:PSA_SUCCESS
+aead_multipart_generate_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):12:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS
 
 PSA Multipart Nonce Generation, AES - GCM, CAVS 14.0, IV = 0
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_generate_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):0:PSA_ERROR_BUFFER_TOO_SMALL
+aead_multipart_generate_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):0:"":"":PSA_ERROR_BUFFER_TOO_SMALL
 
 PSA Multipart Nonce Generation: ChaCha20 - Poly1305, IV = 12
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
-aead_multipart_generate_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:12:PSA_SUCCESS
+aead_multipart_generate_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:12:"50515253c0c1c2c3c4c5c6c7":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_SUCCESS
 
 PSA Multipart Nonce Generation: ChaCha20 - Poly1305, IV = 8
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
-aead_multipart_generate_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:8:PSA_ERROR_BUFFER_TOO_SMALL
+aead_multipart_generate_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:8:"":"":PSA_ERROR_BUFFER_TOO_SMALL
 
 PSA Multipart Nonce Generation: ChaCha20 - Poly1305, IV = 0
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
-aead_multipart_generate_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:0:PSA_ERROR_BUFFER_TOO_SMALL
+aead_multipart_generate_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:0:"":"":PSA_ERROR_BUFFER_TOO_SMALL
 
 PSA Multipart State Checks, AES - GCM
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index fa5556e50c..577b8c6e8e 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -3699,7 +3699,9 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data,
 void aead_multipart_generate_nonce( int key_type_arg, data_t *key_data,
                                     int alg_arg,
                                     int nonce_len,
-                                    int expected_result_arg )
+                                    data_t *additional_data,
+                                    data_t *input_data,
+                                    int expected_status_arg )
 {
 
     mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
@@ -3710,6 +3712,13 @@ void aead_multipart_generate_nonce( int key_type_arg, data_t *key_data,
     psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     psa_status_t status = PSA_ERROR_GENERIC_ERROR;
     size_t nonce_generated_len = 0;
+    unsigned char *output_data = NULL;
+    unsigned char *final_data = NULL;
+    size_t output_size = 0;
+    size_t finish_output_size = 0;
+    size_t output_length = 0;
+    size_t tag_length = 0;
+    uint8_t tag_buffer[PSA_AEAD_TAG_MAX_SIZE];
 
     PSA_ASSERT( psa_crypto_init( ) );
 
@@ -3722,6 +3731,16 @@ void aead_multipart_generate_nonce( int key_type_arg, data_t *key_data,
 
     PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
 
+    output_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, input_data->len );
+
+    ASSERT_ALLOC( output_data, output_size );
+
+    finish_output_size = PSA_AEAD_FINISH_OUTPUT_SIZE( key_type, alg );
+
+    TEST_ASSERT( finish_output_size <= PSA_AEAD_FINISH_OUTPUT_MAX_SIZE );
+
+    ASSERT_ALLOC( final_data, finish_output_size );
+
     operation = psa_aead_operation_init( );
 
     status = psa_aead_encrypt_setup( &operation, key, alg );
@@ -3743,7 +3762,23 @@ void aead_multipart_generate_nonce( int key_type_arg, data_t *key_data,
                                       nonce_len,
                                       &nonce_generated_len );
 
-    TEST_ASSERT( status == expected_result_arg );
+    TEST_ASSERT( status == expected_status_arg );
+
+    if( expected_status_arg == PSA_SUCCESS )
+    {
+
+        /* Ensure we can still complete operation. */
+
+        PSA_ASSERT( psa_aead_update_ad( &operation, additional_data->x,
+                                        additional_data->len ) );
+
+        PSA_ASSERT( psa_aead_update( &operation, input_data->x, input_data->len,
+                                     output_data, output_size, &output_length ) );
+
+        PSA_ASSERT( psa_aead_finish( &operation, final_data, finish_output_size,
+                                     &output_length, tag_buffer,
+                                     PSA_AEAD_TAG_MAX_SIZE, &tag_length ) );
+    }
 
 exit:
     psa_destroy_key( key );

From 018765164762ecf2110a21994f87043af0081df4 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Wed, 23 Jun 2021 18:13:04 +0100
Subject: [PATCH 083/966] Test all set lengths and set/generate nonce orders

Test that the two are completely interchangeable in order.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 tests/suites/test_suite_psa_crypto.function | 40 +++++++++++++++++++++
 1 file changed, 40 insertions(+)

diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 577b8c6e8e..bb4d7e6119 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -3979,6 +3979,46 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data,
 
     psa_aead_abort( &operation );
 
+    /* Test that generate/set nonce and set lengths are interchangeable (we
+     * already tested set nonce followed by set lengths above). */
+
+    operation = psa_aead_operation_init( );
+
+    PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) );
+
+    PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len,
+                                      input_data->len ) );
+
+    PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) );
+
+    psa_aead_abort( &operation );
+
+    operation = psa_aead_operation_init( );
+
+    PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) );
+
+    PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len,
+                                      input_data->len ) );
+
+    PSA_ASSERT( psa_aead_generate_nonce( &operation, nonce_buffer,
+                                         PSA_AEAD_NONCE_MAX_SIZE,
+                                         &nonce_length ) );
+
+    psa_aead_abort( &operation );
+
+    operation = psa_aead_operation_init( );
+
+    PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) );
+
+    PSA_ASSERT( psa_aead_generate_nonce( &operation, nonce_buffer,
+                                         PSA_AEAD_NONCE_MAX_SIZE,
+                                         &nonce_length ) );
+
+    PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len,
+                                      input_data->len ) );
+
+    psa_aead_abort( &operation );
+
     /* Test for setting lengths after already starting data. */
 
     operation = psa_aead_operation_init( );

From cf2d66e022ff9241866f19e49789030e76266e9e Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Wed, 23 Jun 2021 18:49:56 +0100
Subject: [PATCH 084/966] Remove permitting of 8 byte nonce with PolyChaCha

Also unify nonce length checking

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto_aead.c | 35 +++++++++++++++++++++++++++++------
 1 file changed, 29 insertions(+), 6 deletions(-)

diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c
index 3b8fdc8b6e..1a515a14af 100644
--- a/library/psa_crypto_aead.c
+++ b/library/psa_crypto_aead.c
@@ -247,6 +247,21 @@ static psa_status_t psa_aead_unpadded_locate_tag( size_t tag_length,
     return( PSA_SUCCESS );
 }
 
+static psa_status_t mbedtls_aead_check_nonce_length(
+    mbedtls_psa_aead_operation_t *operation,
+    size_t nonce_length )
+{
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
+    if( operation->alg == PSA_ALG_CHACHA20_POLY1305 )
+    {
+        if( nonce_length != 12 )
+            return( PSA_ERROR_NOT_SUPPORTED );
+    }
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
+
+    return PSA_SUCCESS;
+}
+
 psa_status_t mbedtls_psa_aead_decrypt(
     const psa_key_attributes_t *attributes,
     const uint8_t *key_buffer, size_t key_buffer_size,
@@ -272,6 +287,13 @@ psa_status_t mbedtls_psa_aead_decrypt(
     if( status != PSA_SUCCESS )
         goto exit;
 
+    if( mbedtls_aead_check_nonce_length( &operation, nonce_length )
+        != PSA_SUCCESS)
+    {
+        status = PSA_ERROR_NOT_SUPPORTED;
+        goto exit;
+    }
+
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
     if( operation.alg == PSA_ALG_CCM )
     {
@@ -303,7 +325,7 @@ psa_status_t mbedtls_psa_aead_decrypt(
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
     if( operation.alg == PSA_ALG_CHACHA20_POLY1305 )
     {
-        if( nonce_length != 12 || operation.tag_length != 16 )
+        if( operation.tag_length != 16 )
         {
             status = PSA_ERROR_NOT_SUPPORTED;
             goto exit;
@@ -397,6 +419,12 @@ psa_status_t mbedtls_psa_aead_set_nonce(
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
+    if( mbedtls_aead_check_nonce_length( operation, nonce_length )
+        != PSA_SUCCESS)
+    {
+        return( PSA_ERROR_INVALID_ARGUMENT );
+    }
+
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
     if( operation->alg == PSA_ALG_GCM )
     {
@@ -412,11 +440,6 @@ psa_status_t mbedtls_psa_aead_set_nonce(
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
     if( operation->alg == PSA_ALG_CHACHA20_POLY1305 )
     {
-        if( nonce_length != 12 && nonce_length != 8)
-        {
-            return( PSA_ERROR_INVALID_ARGUMENT );
-        }
-
         status = mbedtls_to_psa_error(
            mbedtls_chachapoly_starts( &operation->ctx.chachapoly,
                                       nonce,

From 16906f9011da64a32e20d80cf2b3571148ad87ac Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Thu, 24 Jun 2021 09:57:01 +0100
Subject: [PATCH 085/966] Add missing frees to generate nonce test

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 tests/suites/test_suite_psa_crypto.function | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index bb4d7e6119..819c61b52a 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -3782,6 +3782,8 @@ void aead_multipart_generate_nonce( int key_type_arg, data_t *key_data,
 
 exit:
     psa_destroy_key( key );
+    mbedtls_free( output_data );
+    mbedtls_free( final_data );
     psa_aead_abort( &operation );
     PSA_DONE( );
 }

From e24f1a1a9d123fea12a86d65b5cb9d1f0ff1b594 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Thu, 24 Jun 2021 14:37:53 +0100
Subject: [PATCH 086/966] Fix missed driver wrapper tests

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 tests/suites/test_suite_psa_crypto_driver_wrappers.function | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function
index e86309b065..fb92d34589 100644
--- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function
+++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function
@@ -997,7 +997,7 @@ void aead_encrypt( int key_type_arg, data_t *key_data,
                                input_data->x, input_data->len,
                                output_data, output_size,
                                &output_length );
-    TEST_EQUAL( mbedtls_test_driver_aead_hooks.hits, 1 );
+    TEST_EQUAL( mbedtls_test_driver_aead_hooks.hits_encrypt, 1 );
     TEST_EQUAL( mbedtls_test_driver_aead_hooks.driver_status, forced_status );
 
     TEST_EQUAL( status, ( forced_status == PSA_ERROR_NOT_SUPPORTED ) ?
@@ -1061,7 +1061,7 @@ void aead_decrypt( int key_type_arg, data_t *key_data,
                                input_data->x, input_data->len,
                                output_data, output_size,
                                &output_length );
-    TEST_EQUAL( mbedtls_test_driver_aead_hooks.hits, 1 );
+    TEST_EQUAL( mbedtls_test_driver_aead_hooks.hits_decrypt, 1 );
     TEST_EQUAL( mbedtls_test_driver_aead_hooks.driver_status, forced_status );
 
     TEST_EQUAL( status, ( forced_status == PSA_ERROR_NOT_SUPPORTED ) ?

From a8940ed876997c9f0f051c099f769988b27b452a Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Thu, 24 Jun 2021 16:57:52 +0100
Subject: [PATCH 087/966] Fix documented error codes

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto_aead.h | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/library/psa_crypto_aead.h b/library/psa_crypto_aead.h
index 50644c0999..57b1b74bf5 100644
--- a/library/psa_crypto_aead.h
+++ b/library/psa_crypto_aead.h
@@ -179,7 +179,7 @@ psa_status_t mbedtls_psa_aead_decrypt(
  * \retval #PSA_SUCCESS
  *         Success.
  * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         \p key is not compatible with \p alg.
+ *         An invalid block length was supplied.
  * \retval #PSA_ERROR_NOT_SUPPORTED
  *         \p alg is not supported.
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
@@ -222,8 +222,8 @@ psa_status_t mbedtls_psa_aead_encrypt_setup(
  *
  * \retval #PSA_SUCCESS
  *         Success.
- * * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         \p key is not compatible with \p alg.
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ *         An invalid block length was supplied.
  * \retval #PSA_ERROR_NOT_SUPPORTED
  *         \p alg is not supported.
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
@@ -403,7 +403,7 @@ psa_status_t mbedtls_psa_aead_update_ad(
  *
  * \retval #PSA_SUCCESS
  *         Success.
-
+ *
  * \retval #PSA_ERROR_BUFFER_TOO_SMALL
  *         The size of the \p output buffer is too small.
  *         #PSA_AEAD_UPDATE_OUTPUT_SIZE(\c key_type, \c alg, \p input_length) or

From 87c909a8c598c98fb58593d71fff00fb18f46942 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Thu, 24 Jun 2021 18:07:39 +0100
Subject: [PATCH 088/966] Make auxiliary function static

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 tests/suites/test_suite_psa_crypto.function | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 819c61b52a..502515f2a4 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -467,16 +467,16 @@ exit:
     return( status );
 }
 
-void aead_multipart_decrypt_internal( int key_type_arg, data_t *key_data,
-                                      int alg_arg,
-                                      data_t *nonce,
-                                      data_t *additional_data,
-                                      int ad_part_len,
-                                      data_t *input_data,
-                                      int data_part_len,
-                                      int test_set_lengths_arg,
-                                      data_t *expected_data,
-                                      int expected_result_arg )
+static void aead_multipart_decrypt_internal( int key_type_arg, data_t *key_data,
+                                             int alg_arg,
+                                             data_t *nonce,
+                                             data_t *additional_data,
+                                             int ad_part_len,
+                                             data_t *input_data,
+                                             int data_part_len,
+                                             int test_set_lengths_arg,
+                                             data_t *expected_data,
+                                             int expected_result_arg )
 {
     mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
     psa_key_type_t key_type = key_type_arg;

From 7f429b747b8086781d32eb3db4d48e46a58e8ec7 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Thu, 24 Jun 2021 18:08:54 +0100
Subject: [PATCH 089/966] Remove code duplication and fix formatting

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto.c | 15 +++++----------
 1 file changed, 5 insertions(+), 10 deletions(-)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 9fb3a20941..64c05ea6ed 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3549,7 +3549,7 @@ psa_status_t psa_aead_generate_nonce( psa_aead_operation_t *operation,
     }
 
     if( operation->nonce_set || operation->ad_started ||
-        operation->body_started  || operation->is_encrypt == 0 )
+        operation->body_started || !operation->is_encrypt )
     {
         status = PSA_ERROR_BAD_STATE;
         goto exit;
@@ -3635,7 +3635,7 @@ psa_status_t psa_aead_set_lengths( psa_aead_operation_t *operation,
     }
 
     if( operation->lengths_set || operation->ad_started ||
-        operation->body_started)
+        operation->body_started )
     {
         status = PSA_ERROR_BAD_STATE;
         goto exit;
@@ -3761,7 +3761,7 @@ exit:
 
 static psa_status_t psa_aead_final_checks( psa_aead_operation_t *operation )
 {
-    if( operation->id == 0 || operation->nonce_set == 0 )
+    if( operation->id == 0 || !operation->nonce_set )
         return( PSA_ERROR_BAD_STATE );
 
     if( operation->lengths_set && (operation->ad_remaining != 0 ||
@@ -3790,7 +3790,7 @@ psa_status_t psa_aead_finish( psa_aead_operation_t *operation,
     if( status != PSA_SUCCESS )
         goto exit;
 
-    if( operation->is_encrypt == 0 )
+    if( !operation->is_encrypt )
     {
         status = PSA_ERROR_BAD_STATE;
         goto exit;
@@ -3831,17 +3831,12 @@ psa_status_t psa_aead_verify( psa_aead_operation_t *operation,
     if( status != PSA_SUCCESS )
         goto exit;
 
-    if( operation->is_encrypt == 1 )
+    if( operation->is_encrypt )
     {
         status = PSA_ERROR_BAD_STATE;
         goto exit;
     }
 
-    status = psa_aead_final_checks( operation );
-
-    if( status != PSA_SUCCESS )
-        goto exit;
-
     status = psa_driver_wrapper_aead_verify( operation, plaintext,
                                              plaintext_size,
                                              plaintext_length,

From c2b7144da0f807e2ae1b2c64ab2b5184cd41ac53 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Thu, 24 Jun 2021 18:17:52 +0100
Subject: [PATCH 090/966] Simplify logic and factor out initial checks

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto.c | 66 +++++++++++++++++++-------------------------
 1 file changed, 28 insertions(+), 38 deletions(-)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 64c05ea6ed..a9026e4bb5 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3401,6 +3401,28 @@ static psa_algorithm_t psa_aead_get_base_algorithm( psa_algorithm_t alg )
     return PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG( alg );
 }
 
+static psa_status_t psa_aead_setup_checks( psa_aead_operation_t *operation,
+                                           psa_algorithm_t alg )
+{
+    if( !PSA_ALG_IS_AEAD( alg ) || PSA_ALG_IS_WILDCARD( alg ) )
+    {
+        return( PSA_ERROR_INVALID_ARGUMENT );
+    }
+
+    if( operation->id != 0 )
+    {
+        return( PSA_ERROR_BAD_STATE );
+    }
+
+    if( operation->nonce_set || operation->lengths_set ||
+        operation->ad_started || operation->body_started )
+    {
+        return( PSA_ERROR_BAD_STATE );
+    }
+
+    return( PSA_SUCCESS );
+}
+
 /* Set the key for a multipart authenticated encryption operation. */
 psa_status_t psa_aead_encrypt_setup( psa_aead_operation_t *operation,
                                      mbedtls_svc_key_id_t key,
@@ -3410,24 +3432,10 @@ psa_status_t psa_aead_encrypt_setup( psa_aead_operation_t *operation,
     psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
     psa_key_slot_t *slot = NULL;
 
-    if( !PSA_ALG_IS_AEAD( alg ) || PSA_ALG_IS_WILDCARD( alg ) )
-    {
-        status = PSA_ERROR_INVALID_ARGUMENT;
-        goto exit;
-    }
+    status = psa_aead_setup_checks( operation, alg );
 
-    if( operation->id != 0 )
-    {
-        status = PSA_ERROR_BAD_STATE;
+    if( status != PSA_SUCCESS )
         goto exit;
-    }
-
-    if( operation->nonce_set || operation->lengths_set ||
-        operation->ad_started || operation->body_started )
-    {
-        status = PSA_ERROR_BAD_STATE;
-        goto exit;
-    }
 
     status = psa_get_and_lock_key_slot_with_policy(
                  key, &slot, PSA_KEY_USAGE_ENCRYPT, alg );
@@ -3452,11 +3460,9 @@ exit:
 
     unlock_status = psa_unlock_key_slot( slot );
 
-    if( status == PSA_SUCCESS )
-        status = unlock_status;
-
     if( status == PSA_SUCCESS )
     {
+        status = unlock_status;
         operation->alg = psa_aead_get_base_algorithm( alg );
         operation->is_encrypt = 1;
     }
@@ -3475,24 +3481,10 @@ psa_status_t psa_aead_decrypt_setup( psa_aead_operation_t *operation,
     psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
     psa_key_slot_t *slot = NULL;
 
-    if( !PSA_ALG_IS_AEAD( alg ) || PSA_ALG_IS_WILDCARD( alg ) )
-    {
-        status = PSA_ERROR_INVALID_ARGUMENT;
-        goto exit;
-    }
+    status = psa_aead_setup_checks( operation, alg );
 
-    if( operation->id != 0 )
-    {
-        status = PSA_ERROR_BAD_STATE;
+    if( status != PSA_SUCCESS )
         goto exit;
-    }
-
-    if( operation->nonce_set || operation->lengths_set ||
-        operation->ad_started || operation->body_started )
-    {
-        status = PSA_ERROR_BAD_STATE;
-        goto exit;
-    }
 
     status = psa_get_and_lock_key_slot_with_policy(
                  key, &slot, PSA_KEY_USAGE_DECRYPT, alg );
@@ -3517,11 +3509,9 @@ exit:
 
     unlock_status = psa_unlock_key_slot( slot );
 
-    if( status == PSA_SUCCESS )
-        status = unlock_status;
-
     if( status == PSA_SUCCESS )
     {
+        status = unlock_status;
         operation->alg = psa_aead_get_base_algorithm( alg );
         operation->is_encrypt = 0;
     }

From ed68d7464d3444f6627b5a8137f708abe197256d Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Thu, 24 Jun 2021 20:37:32 +0100
Subject: [PATCH 091/966] Move buffer size checks up to psa_crypto layer

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto.c      | 16 +++++++++++++---
 library/psa_crypto_aead.c | 16 ++--------------
 library/psa_crypto_aead.h | 18 ++++++++----------
 3 files changed, 23 insertions(+), 27 deletions(-)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index a9026e4bb5..a5027f386f 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3749,8 +3749,11 @@ exit:
     return( status );
 }
 
-static psa_status_t psa_aead_final_checks( psa_aead_operation_t *operation )
+static psa_status_t psa_aead_final_checks( psa_aead_operation_t *operation,
+                                           size_t output_size )
 {
+    size_t finish_output_size;
+
     if( operation->id == 0 || !operation->nonce_set )
         return( PSA_ERROR_BAD_STATE );
 
@@ -3758,6 +3761,13 @@ static psa_status_t psa_aead_final_checks( psa_aead_operation_t *operation )
                                    operation->body_remaining != 0 ) )
         return( PSA_ERROR_INVALID_ARGUMENT );
 
+    finish_output_size = operation->is_encrypt ?
+         PSA_AEAD_FINISH_OUTPUT_SIZE( operation->key_type, operation->alg ) :
+         PSA_AEAD_VERIFY_OUTPUT_SIZE( operation->key_type, operation->alg );
+
+    if( output_size < finish_output_size )
+        return( PSA_ERROR_BUFFER_TOO_SMALL );
+
     return( PSA_SUCCESS );
 }
 
@@ -3775,7 +3785,7 @@ psa_status_t psa_aead_finish( psa_aead_operation_t *operation,
     *ciphertext_length = 0;
     *tag_length = tag_size;
 
-    status = psa_aead_final_checks( operation );
+    status = psa_aead_final_checks( operation, ciphertext_size );
 
     if( status != PSA_SUCCESS )
         goto exit;
@@ -3816,7 +3826,7 @@ psa_status_t psa_aead_verify( psa_aead_operation_t *operation,
 
     *plaintext_length = 0;
 
-    status = psa_aead_final_checks( operation );
+    status = psa_aead_final_checks( operation, plaintext_size );
 
     if( status != PSA_SUCCESS )
         goto exit;
diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c
index 1a515a14af..f2096ce3f2 100644
--- a/library/psa_crypto_aead.c
+++ b/library/psa_crypto_aead.c
@@ -603,21 +603,11 @@ psa_status_t mbedtls_psa_aead_update(
    mbedtls_psa_aead_verify() */
 static psa_status_t mbedtls_psa_aead_finish_checks(
     mbedtls_psa_aead_operation_t *operation,
-    size_t output_size,
     size_t tag_size )
 {
-    size_t finish_output_size;
-
     if( tag_size < operation->tag_length )
         return ( PSA_ERROR_BUFFER_TOO_SMALL );
 
-    finish_output_size = operation->is_encrypt ?
-        PSA_AEAD_FINISH_OUTPUT_SIZE( operation->key_type, operation->alg ) :
-        PSA_AEAD_VERIFY_OUTPUT_SIZE( operation->key_type, operation->alg );
-
-    if( output_size < finish_output_size )
-        return ( PSA_ERROR_BUFFER_TOO_SMALL );
-
     return ( PSA_SUCCESS );
 }
 
@@ -634,8 +624,7 @@ psa_status_t mbedtls_psa_aead_finish(
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     size_t finish_output_size = 0;
 
-    status = mbedtls_psa_aead_finish_checks( operation, ciphertext_size,
-                                             tag_size );
+    status = mbedtls_psa_aead_finish_checks( operation, tag_size );
 
     if( status != PSA_SUCCESS )
         return status;
@@ -690,8 +679,7 @@ psa_status_t mbedtls_psa_aead_verify(
     int do_tag_check = 1;
     uint8_t check_tag[PSA_AEAD_TAG_MAX_SIZE];
 
-    status = mbedtls_psa_aead_finish_checks( operation, plaintext_size,
-                                             tag_length );
+    status = mbedtls_psa_aead_finish_checks( operation, tag_length );
 
     if( status != PSA_SUCCESS )
         return status;
diff --git a/library/psa_crypto_aead.h b/library/psa_crypto_aead.h
index 57b1b74bf5..c664f9f2bb 100644
--- a/library/psa_crypto_aead.h
+++ b/library/psa_crypto_aead.h
@@ -477,12 +477,10 @@ psa_status_t mbedtls_psa_aead_update(
  * \retval #PSA_SUCCESS
  *         Success.
  * \retval #PSA_ERROR_BUFFER_TOO_SMALL
- *         The size of the \p ciphertext or \p tag buffer is too small.
- *         #PSA_AEAD_FINISH_OUTPUT_SIZE(\c key_type, \c alg) or
- *         #PSA_AEAD_FINISH_OUTPUT_MAX_SIZE can be used to determine the
- *         required \p ciphertext buffer size. #PSA_AEAD_TAG_LENGTH(\c key_type,
- *         \c key_bits, \c alg) or #PSA_AEAD_TAG_MAX_SIZE can be used to
- *         determine the required \p tag buffer size.
+ *         The size of the \p tag buffer is too small.
+ *         #PSA_AEAD_TAG_LENGTH(\c key_type, key_bits, \c alg) or
+ *         #PSA_AEAD_TAG_MAX_SIZE can be used to determine the required \p tag
+ *         buffer size.
  */
 psa_status_t mbedtls_psa_aead_finish(
     mbedtls_psa_aead_operation_t *operation,
@@ -551,10 +549,10 @@ psa_status_t mbedtls_psa_aead_finish(
  *         The calculations were successful, but the authentication tag is
  *         not correct.
  * \retval #PSA_ERROR_BUFFER_TOO_SMALL
- *         The size of the \p plaintext buffer is too small.
- *         #PSA_AEAD_VERIFY_OUTPUT_SIZE(\c key_type, \c alg) or
- *         #PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE can be used to determine the
- *         required buffer size.
+ *         The size of the \p tag buffer is too small.
+ *         #PSA_AEAD_TAG_LENGTH(\c key_type, key_bits, \c alg) or
+ *         #PSA_AEAD_TAG_MAX_SIZE can be used to determine the required \p tag
+ *         buffer size.
  */
 psa_status_t mbedtls_psa_aead_verify(
     mbedtls_psa_aead_operation_t *operation,

From 62cf2e8e9f62db18514da3392a04cd842515990b Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Fri, 27 Mar 2020 16:35:23 +0100
Subject: [PATCH 092/966] Switch all.sh to bash

This will let us use bash features that are not found in some other sh
implementations, such as DEBUG and ERR traps, "set -o pipefail", etc.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 tests/scripts/all.sh | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index f8e43c8714..b6f39e96fa 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -1,4 +1,4 @@
-#! /usr/bin/env sh
+#! /usr/bin/env bash
 
 # all.sh
 #
@@ -175,8 +175,8 @@ pre_initialize_variables () {
 
     # Gather the list of available components. These are the functions
     # defined in this script whose name starts with "component_".
-    # Parse the script with sed, because in sh there is no way to list
-    # defined functions.
+    # Parse the script with sed. This way we get the functions in the order
+    # they are defined.
     ALL_COMPONENTS=$(sed -n 's/^ *component_\([0-9A-Z_a-z]*\) *().*/\1/p' <"$0")
 
     # Exclude components that are not supported on this platform.

From 5d99682a8c701cff581ee3f33e4e7fbb541010f3 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Sat, 28 Mar 2020 21:09:21 +0100
Subject: [PATCH 093/966] Add --error-test option to test error detection and
 reporting

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 tests/scripts/all.sh | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index b6f39e96fa..20a20a3151 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -231,6 +231,8 @@ General options:
                         Prefix for a cross-compiler for arm-none-eabi
                         (default: "${ARM_NONE_EABI_GCC_PREFIX}")
      --armcc            Run ARM Compiler builds (on by default).
+     --error-test       Error test mode: run a failing function in addition
+                        to any specified component.
      --except           Exclude the COMPONENTs listed on the command line,
                         instead of running only those.
      --no-append-outcome    Write a new outcome file and analyze it (default).
@@ -378,6 +380,7 @@ check_headers_in_cpp () {
 pre_parse_command_line () {
     COMMAND_LINE_COMPONENTS=
     all_except=0
+    error_test=0
     no_armcc=
 
     # Note that legacy options are ignored instead of being omitted from this
@@ -390,6 +393,7 @@ pre_parse_command_line () {
             --armcc) no_armcc=;;
             --armc5-bin-dir) shift; ARMC5_BIN_DIR="$1";;
             --armc6-bin-dir) shift; ARMC6_BIN_DIR="$1";;
+            --error-test) error_test=$((error_test + 1));;
             --except) all_except=1;;
             --force|-f) FORCE=1;;
             --gnutls-cli) shift; GNUTLS_CLI="$1";;
@@ -2636,6 +2640,19 @@ post_report () {
 #### Run all the things
 ################################################################
 
+# Function invoked by --error-test to test error reporting.
+pseudo_component_error_test () {
+    msg "Testing error reporting $error_test"
+    if [ $KEEP_GOING -ne 0 ]; then
+        echo "Expect three failing commands."
+    fi
+    error_test='this should not be used since the component runs in a subshell'
+    grep non_existent /dev/null
+    not grep -q . "$0"
+    make unknown_target
+    false "this should not be executed"
+}
+
 # Run one component and clean up afterwards.
 run_component () {
     # Back up the configuration in case the component modifies it.
@@ -2685,6 +2702,10 @@ cleanup
 pre_generate_files
 
 # Run the requested tests.
+while [ $error_test -gt 0 ]; do
+    run_component pseudo_component_error_test
+    error_test=$((error_test - 1))
+done
 for component in $RUN_COMPONENTS; do
     run_component "component_$component"
 done

From ce266c48bb8214a061c906392b8fbcdf53ac6617 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Sat, 28 Mar 2020 18:50:43 +0100
Subject: [PATCH 094/966] Run each component in a subshell and handle errors
 more robustly

This commit completely rewrites keep-going mode. Instead of relying
solely on "set -e", which has some subtle limitations (such as being
off anywhere inside a conditional), use an ERR trap to record errors.

Run each component in a subshell. This way a component can set
environment variables, change the current directory, etc., without
affecting other components.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 tests/scripts/all.sh | 151 ++++++++++++++++++++++++++-----------------
 1 file changed, 93 insertions(+), 58 deletions(-)

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 20a20a3151..f3494bdd97 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -59,6 +59,15 @@
 # This script must be invoked from the toplevel directory of a git
 # working copy of Mbed TLS.
 #
+# The behavior on an error depends on whether --keep-going (alias -k)
+# is in effect.
+#  * Without --keep-going: the script stops on the first error without
+#    cleaning up. This lets you work in the configuration of the failing
+#    component.
+#  * With --keep-going: the script runs all requested components and
+#    reports failures at the end. In particular the script always cleans
+#    up on exit.
+#
 # Note that the output is not saved. You may want to run
 #   script -c tests/scripts/all.sh
 # or
@@ -81,6 +90,9 @@
 #
 # Each component must start by invoking `msg` with a short informative message.
 #
+# Each component is executed in a separate shell process. The component
+# fails if any command in it returns a non-zero status.
+#
 # The framework performs some cleanup tasks after each component. This
 # means that components can assume that the working directory is in a
 # cleaned-up state, and don't need to perform the cleanup themselves.
@@ -91,19 +103,6 @@
 #   `tests/Makefile` and `programs/fuzz/Makefile` from git.
 #   This cleans up after an in-tree use of CMake.
 #
-# Any command that is expected to fail must be protected so that the
-# script keeps running in --keep-going mode despite `set -e`. In keep-going
-# mode, if a protected command fails, this is logged as a failure and the
-# script will exit with a failure status once it has run all components.
-# Commands can be protected in any of the following ways:
-# * `make` is a function which runs the `make` command with protection.
-#   Note that you must write `make VAR=value`, not `VAR=value make`,
-#   because the `VAR=value make` syntax doesn't work with functions.
-# * Put `report_status` before the command to protect it.
-# * Put `if_build_successful` before a command. This protects it, and
-#   additionally skips it if a prior invocation of `make` in the same
-#   component failed.
-#
 # The tests are roughly in order from fastest to slowest. This doesn't
 # have to be exact, but in general you should add slower tests towards
 # the end and fast checks near the beginning.
@@ -477,8 +476,9 @@ pre_check_git () {
 }
 
 pre_setup_keep_going () {
-    failure_summary=
-    failure_count=0
+    failure_count=0 # Number of failed components
+    last_failure_status=0 # Last failure status in this component
+
     start_red=
     end_color=
     if [ -t 1 ]; then
@@ -489,57 +489,73 @@ pre_setup_keep_going () {
                 ;;
         esac
     fi
-    record_status () {
-        if "$@"; then
-            last_status=0
-        else
-            last_status=$?
-            text="$current_section: $* -> $last_status"
-            failure_summary="$failure_summary
-$text"
-            failure_count=$((failure_count + 1))
-            echo "${start_red}^^^^$text^^^^${end_color}" >&2
-        fi
-    }
-    make () {
-        case "$*" in
-            *test|*check)
-                if [ $build_status -eq 0 ]; then
-                    record_status command make "$@"
-                else
-                    echo "(skipped because the build failed)"
-                fi
-                ;;
-            *)
-                record_status command make "$@"
-                build_status=$last_status
-                ;;
+
+    # Keep a summary of failures in a file. We'll print it out at the end.
+    failure_summary_file=$PWD/all-sh-failures-$$.log
+    : >"$failure_summary_file"
+
+    # Whether it makes sense to keep a component going after the specified
+    # command fails (test command) or not (configure or build).
+    # This doesn't have to be 100% accurate: all failures are recorded anyway.
+    can_keep_going_after_failure () {
+        case "$1" in
+            "msg "*) false;;
+            *[!A-Za-z]"test"|*[!A-Za-z]"test"[!A-Za-z]*) true;;
+            "tests/"*) true;;
+            "grep "*|"not grep "*) true;;
+            *) false;;
         esac
     }
+
+    # This function runs if there is any error in a component.
+    # It must either exit with a nonzero status, or set
+    # last_failure_status to a nonzero value.
+    err_trap () {
+        # Save $? (status of the failing command). This must be the very
+        # first thing, before $? is overridden.
+        last_failure_status=$?
+        failed_command=$BASH_COMMAND
+
+        text="$current_section: $failed_command -> $last_failure_status"
+        echo "${start_red}^^^^$text^^^^${end_color}" >&2
+        echo "$text" >>"$failure_summary_file"
+
+        # If the command is fatal (configure or build command), stop this
+        # component. Otherwise (test command) keep the component running
+        # (run more tests from the same build).
+        if ! can_keep_going_after_failure "$failed_command"; then
+            exit $last_failure_status
+        fi
+    }
+
     final_report () {
         if [ $failure_count -gt 0 ]; then
             echo
             echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
-            echo "${start_red}FAILED: $failure_count${end_color}$failure_summary"
+            echo "${start_red}FAILED: $failure_count components${end_color}"
+            cat "$failure_summary_file"
             echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
-            exit 1
         elif [ -z "${1-}" ]; then
             echo "SUCCESS :)"
         fi
         if [ -n "${1-}" ]; then
             echo "Killed by SIG$1."
         fi
+        rm -f "$failure_summary_file"
+        if [ $failure_count -gt 0 ]; then
+            exit 1
+        fi
     }
 }
 
-if_build_succeeded () {
-    if [ $build_status -eq 0 ]; then
-        record_status "$@"
-    fi
+# These functions are kept temporarily for backward compatibility.
+# Don't use them in new components.
+record_status () {
+    "$@"
+}
+if_build_succeeded () {
+    "$@"
 }
-
-# to be used instead of ! for commands run with
-# record_status or if_build_succeeded
 not() {
     ! "$@"
 }
@@ -2667,12 +2683,35 @@ run_component () {
     # have messed it up or shortened it.
     redirect_err dd if=/dev/urandom of=./tests/seedfile bs=64 count=1
 
-    # Run the component code.
-    if [ $QUIET -eq 1 ]; then
-        # msg() is silenced, so just print the component name here
-        echo "${current_component#component_}"
+    # Run the component in a subshell
+    if [ $KEEP_GOING -eq 1 ]; then
+        set +e
+    fi
+    (
+        if [ $QUIET -eq 1 ]; then
+            # msg() will be silenced, so just print the component name here.
+            echo "${current_component#component_}"
+            exec >/dev/null
+        fi
+        if [ $KEEP_GOING -eq 1 ]; then
+            # Keep "set -e" off, and run an ERR trap instead to record failures.
+            set -E
+            trap err_trap ERR
+        fi
+        # The next line is what runs the component
+        "$@"
+        if [ $KEEP_GOING -eq 1 ]; then
+            trap - ERR
+            exit $last_failure_status
+        fi
+    )
+    component_status=$?
+    if [ $KEEP_GOING -eq 1 ]; then
+        set -e
+        if [ $component_status -ne 0 ]; then
+            failure_count=$((failure_count + 1))
+        fi
     fi
-    redirect_out "$@"
 
     # Restore the build tree to a clean state.
     cleanup
@@ -2689,10 +2728,6 @@ pre_check_git
 build_status=0
 if [ $KEEP_GOING -eq 1 ]; then
     pre_setup_keep_going
-else
-    record_status () {
-        "$@"
-    }
 fi
 pre_setup_quiet_redirect
 pre_prepare_outcome_file

From 3664780f98357b211fe6fafb4fb090c6fe630c84 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Sat, 28 Mar 2020 18:50:49 +0100
Subject: [PATCH 095/966] Detect errors on the left-hand side of a pipeline

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 tests/scripts/all.sh | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index f3494bdd97..f80b8ff1ea 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -113,8 +113,9 @@
 #### Initialization and command line parsing
 ################################################################
 
-# Abort on errors (and uninitialised variables)
-set -eu
+# Abort on errors (even on the left-hand side of a pipe).
+# Treat uninitialised variables as errors.
+set -e -o pipefail -u
 
 pre_check_environment () {
     if [ -d library -a -d include -a -d tests ]; then :; else

From f7e956c85c5204d253db043128ea4260040e158d Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Sat, 28 Mar 2020 18:56:09 +0100
Subject: [PATCH 096/966] component_test_cmake_out_of_source: simplify and fix
 error handling

Remove ssl-opt.err even if it's empty.

Call cat unconditionally: it'll have no visible effect if the file is
empty.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 tests/scripts/all.sh | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index f80b8ff1ea..5a0ae4b0fa 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -2548,11 +2548,10 @@ component_test_cmake_out_of_source () {
     # file is missing (ssl-opt.sh tolerates the absence of some files so
     # may exit with status 0 but emit errors).
     if_build_succeeded ./tests/ssl-opt.sh -f 'Fallback SCSV: beginning of list' 2>ssl-opt.err
-    if [ -s ssl-opt.err ]; then
-        cat ssl-opt.err >&2
-        record_status [ ! -s ssl-opt.err ]
-        rm ssl-opt.err
-    fi
+    cat ssl-opt.err >&2
+    # If ssl-opt.err is non-empty, record an error and keep going.
+    record_status [ ! -s ssl-opt.err ]
+    rm ssl-opt.err
     cd "$MBEDTLS_ROOT_DIR"
     rm -rf "$OUT_OF_SOURCE_DIR"
     unset MBEDTLS_ROOT_DIR

From 1f0cdaf3af3dbedeb0ae9dd7094df375472d129f Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Thu, 8 Jul 2021 18:41:16 +0200
Subject: [PATCH 097/966] Stop dispatching through obsolete functions

Remove the obsolete functions record_status and if_build_succeeded.
They didn't affect error detection, but they made error reporting
worse since $BASH_COMMAND would be the unexpanded "$@".

Keep the function definitions for the sake of pull requests using them
that may still be in flight.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 tests/scripts/all.sh | 209 ++++++++++++++++++++++---------------------
 1 file changed, 105 insertions(+), 104 deletions(-)

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 5a0ae4b0fa..8b8e3dd590 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -549,14 +549,15 @@ pre_setup_keep_going () {
     }
 }
 
-# These functions are kept temporarily for backward compatibility.
-# Don't use them in new components.
+# record_status() and if_build_succeeded() are kept temporarily for backward
+# compatibility. Don't use them in new components.
 record_status () {
     "$@"
 }
 if_build_succeeded () {
     "$@"
 }
+
 not() {
     ! "$@"
 }
@@ -707,24 +708,24 @@ pre_generate_files() {
 
 component_check_recursion () {
     msg "Check: recursion.pl" # < 1s
-    record_status tests/scripts/recursion.pl library/*.c
+    tests/scripts/recursion.pl library/*.c
 }
 
 component_check_generated_files () {
     msg "Check: check-generated-files, files generated with make" # 2s
     make generated_files
-    record_status tests/scripts/check-generated-files.sh
+    tests/scripts/check-generated-files.sh
 
     msg "Check: check-generated-files -u, files present" # 2s
-    record_status tests/scripts/check-generated-files.sh -u
+    tests/scripts/check-generated-files.sh -u
     # Check that the generated files are considered up to date.
-    record_status tests/scripts/check-generated-files.sh
+    tests/scripts/check-generated-files.sh
 
     msg "Check: check-generated-files -u, files absent" # 2s
     command make neat
-    record_status tests/scripts/check-generated-files.sh -u
+    tests/scripts/check-generated-files.sh -u
     # Check that the generated files are considered up to date.
-    record_status tests/scripts/check-generated-files.sh
+    tests/scripts/check-generated-files.sh
 
     # This component ends with the generated files present in the source tree.
     # This is necessary for subsequent components!
@@ -732,18 +733,18 @@ component_check_generated_files () {
 
 component_check_doxy_blocks () {
     msg "Check: doxygen markup outside doxygen blocks" # < 1s
-    record_status tests/scripts/check-doxy-blocks.pl
+    tests/scripts/check-doxy-blocks.pl
 }
 
 component_check_files () {
     msg "Check: file sanity checks (permissions, encodings)" # < 1s
-    record_status tests/scripts/check_files.py
+    tests/scripts/check_files.py
 }
 
 component_check_changelog () {
     msg "Check: changelog entries" # < 1s
     rm -f ChangeLog.new
-    record_status scripts/assemble_changelog.py -o ChangeLog.new
+    scripts/assemble_changelog.py -o ChangeLog.new
     if [ -e ChangeLog.new ]; then
         # Show the diff for information. It isn't an error if the diff is
         # non-empty.
@@ -754,7 +755,7 @@ component_check_changelog () {
 
 component_check_names () {
     msg "Check: declared and exported names (builds the library)" # < 3s
-    record_status tests/scripts/check-names.sh -v
+    tests/scripts/check-names.sh -v
 }
 
 component_check_test_cases () {
@@ -764,13 +765,13 @@ component_check_test_cases () {
     else
         opt=''
     fi
-    record_status tests/scripts/check_test_cases.py $opt
+    tests/scripts/check_test_cases.py $opt
     unset opt
 }
 
 component_check_doxygen_warnings () {
     msg "Check: doxygen warnings (builds the documentation)" # ~ 3s
-    record_status tests/scripts/doxygen.sh
+    tests/scripts/doxygen.sh
 }
 
 
@@ -790,7 +791,7 @@ component_test_default_out_of_box () {
     make test
 
     msg "selftest: make, default config (out-of-box)" # ~10s
-    if_build_succeeded programs/test/selftest
+    programs/test/selftest
 
     export MBEDTLS_TEST_OUTCOME_FILE="$SAVE_MBEDTLS_TEST_OUTCOME_FILE"
     unset SAVE_MBEDTLS_TEST_OUTCOME_FILE
@@ -805,16 +806,16 @@ component_test_default_cmake_gcc_asan () {
     make test
 
     msg "test: selftest (ASan build)" # ~ 10s
-    if_build_succeeded programs/test/selftest
+    programs/test/selftest
 
     msg "test: ssl-opt.sh (ASan build)" # ~ 1 min
-    if_build_succeeded tests/ssl-opt.sh
+    tests/ssl-opt.sh
 
     msg "test: compat.sh (ASan build)" # ~ 6 min
-    if_build_succeeded tests/compat.sh
+    tests/compat.sh
 
     msg "test: context-info.sh (ASan build)" # ~ 15 sec
-    if_build_succeeded tests/context-info.sh
+    tests/context-info.sh
 }
 
 component_test_full_cmake_gcc_asan () {
@@ -827,16 +828,16 @@ component_test_full_cmake_gcc_asan () {
     make test
 
     msg "test: selftest (ASan build)" # ~ 10s
-    if_build_succeeded programs/test/selftest
+    programs/test/selftest
 
     msg "test: ssl-opt.sh (full config, ASan build)"
-    if_build_succeeded tests/ssl-opt.sh
+    tests/ssl-opt.sh
 
     msg "test: compat.sh (full config, ASan build)"
-    if_build_succeeded tests/compat.sh
+    tests/compat.sh
 
     msg "test: context-info.sh (full config, ASan build)" # ~ 15 sec
-    if_build_succeeded tests/context-info.sh
+    tests/context-info.sh
 }
 
 component_test_psa_crypto_key_id_encodes_owner () {
@@ -874,7 +875,7 @@ component_build_psa_crypto_spm () {
     # Check that if a symbol is renamed by crypto_spe.h, the non-renamed
     # version is not present.
     echo "Checking for renamed symbols in the library"
-    if_build_succeeded check_renamed_symbols tests/include/spe/crypto_spe.h library/libmbedcrypto.a
+    check_renamed_symbols tests/include/spe/crypto_spe.h library/libmbedcrypto.a
 }
 
 component_test_psa_crypto_client () {
@@ -900,7 +901,7 @@ component_test_psa_crypto_rsa_no_genprime() {
 component_test_ref_configs () {
     msg "test/build: ref-configs (ASan build)" # ~ 6 min 20s
     CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
-    record_status tests/scripts/test-ref-configs.pl
+    tests/scripts/test-ref-configs.pl
 }
 
 component_test_no_renegotiation () {
@@ -913,7 +914,7 @@ component_test_no_renegotiation () {
     make test
 
     msg "test: !MBEDTLS_SSL_RENEGOTIATION - ssl-opt.sh (ASan build)" # ~ 6 min
-    if_build_succeeded tests/ssl-opt.sh
+    tests/ssl-opt.sh
 }
 
 component_test_no_pem_no_fs () {
@@ -929,7 +930,7 @@ component_test_no_pem_no_fs () {
     make test
 
     msg "test: !MBEDTLS_PEM_PARSE_C !MBEDTLS_FS_IO - ssl-opt.sh (ASan build)" # ~ 6 min
-    if_build_succeeded tests/ssl-opt.sh
+    tests/ssl-opt.sh
 }
 
 component_test_rsa_no_crt () {
@@ -942,13 +943,13 @@ component_test_rsa_no_crt () {
     make test
 
     msg "test: RSA_NO_CRT - RSA-related part of ssl-opt.sh (ASan build)" # ~ 5s
-    if_build_succeeded tests/ssl-opt.sh -f RSA
+    tests/ssl-opt.sh -f RSA
 
     msg "test: RSA_NO_CRT - RSA-related part of compat.sh (ASan build)" # ~ 3 min
-    if_build_succeeded tests/compat.sh -t RSA
+    tests/compat.sh -t RSA
 
     msg "test: RSA_NO_CRT - RSA-related part of context-info.sh (ASan build)" # ~ 15 sec
-    if_build_succeeded tests/context-info.sh
+    tests/context-info.sh
 }
 
 component_test_no_ctr_drbg_classic () {
@@ -967,10 +968,10 @@ component_test_no_ctr_drbg_classic () {
     # The SSL tests are slow, so run a small subset, just enough to get
     # confidence that the SSL code copes with HMAC_DRBG.
     msg "test: Full minus CTR_DRBG, classic crypto - ssl-opt.sh (subset)"
-    if_build_succeeded tests/ssl-opt.sh -f 'Default\|SSL async private.*delay=\|tickets enabled on server'
+    tests/ssl-opt.sh -f 'Default\|SSL async private.*delay=\|tickets enabled on server'
 
     msg "test: Full minus CTR_DRBG, classic crypto - compat.sh (subset)"
-    if_build_succeeded tests/compat.sh -m tls1_2 -t 'ECDSA PSK' -V NO -p OpenSSL
+    tests/compat.sh -m tls1_2 -t 'ECDSA PSK' -V NO -p OpenSSL
 }
 
 component_test_no_ctr_drbg_use_psa () {
@@ -989,10 +990,10 @@ component_test_no_ctr_drbg_use_psa () {
     # The SSL tests are slow, so run a small subset, just enough to get
     # confidence that the SSL code copes with HMAC_DRBG.
     msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - ssl-opt.sh (subset)"
-    if_build_succeeded tests/ssl-opt.sh -f 'Default\|SSL async private.*delay=\|tickets enabled on server'
+    tests/ssl-opt.sh -f 'Default\|SSL async private.*delay=\|tickets enabled on server'
 
     msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - compat.sh (subset)"
-    if_build_succeeded tests/compat.sh -m tls1_2 -t 'ECDSA PSK' -V NO -p OpenSSL
+    tests/compat.sh -m tls1_2 -t 'ECDSA PSK' -V NO -p OpenSSL
 }
 
 component_test_no_hmac_drbg_classic () {
@@ -1014,12 +1015,12 @@ component_test_no_hmac_drbg_classic () {
     # Test SSL with non-deterministic ECDSA. Only test features that
     # might be affected by how ECDSA signature is performed.
     msg "test: Full minus HMAC_DRBG, classic crypto - ssl-opt.sh (subset)"
-    if_build_succeeded tests/ssl-opt.sh -f 'Default\|SSL async private: sign'
+    tests/ssl-opt.sh -f 'Default\|SSL async private: sign'
 
     # To save time, only test one protocol version, since this part of
     # the protocol is identical in (D)TLS up to 1.2.
     msg "test: Full minus HMAC_DRBG, classic crypto - compat.sh (ECDSA)"
-    if_build_succeeded tests/compat.sh -m tls1_2 -t 'ECDSA'
+    tests/compat.sh -m tls1_2 -t 'ECDSA'
 }
 
 component_test_no_hmac_drbg_use_psa () {
@@ -1041,12 +1042,12 @@ component_test_no_hmac_drbg_use_psa () {
     # Test SSL with non-deterministic ECDSA. Only test features that
     # might be affected by how ECDSA signature is performed.
     msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - ssl-opt.sh (subset)"
-    if_build_succeeded tests/ssl-opt.sh -f 'Default\|SSL async private: sign'
+    tests/ssl-opt.sh -f 'Default\|SSL async private: sign'
 
     # To save time, only test one protocol version, since this part of
     # the protocol is identical in (D)TLS up to 1.2.
     msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - compat.sh (ECDSA)"
-    if_build_succeeded tests/compat.sh -m tls1_2 -t 'ECDSA'
+    tests/compat.sh -m tls1_2 -t 'ECDSA'
 }
 
 component_test_psa_external_rng_no_drbg_classic () {
@@ -1069,7 +1070,7 @@ component_test_psa_external_rng_no_drbg_classic () {
     make test
 
     msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, classic crypto - ssl-opt.sh (subset)"
-    if_build_succeeded tests/ssl-opt.sh -f 'Default'
+    tests/ssl-opt.sh -f 'Default'
 }
 
 component_test_psa_external_rng_no_drbg_use_psa () {
@@ -1088,7 +1089,7 @@ component_test_psa_external_rng_no_drbg_use_psa () {
     make test
 
     msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto - ssl-opt.sh (subset)"
-    if_build_succeeded tests/ssl-opt.sh -f 'Default\|opaque'
+    tests/ssl-opt.sh -f 'Default\|opaque'
 }
 
 component_test_psa_external_rng_use_psa_crypto () {
@@ -1103,7 +1104,7 @@ component_test_psa_external_rng_use_psa_crypto () {
     make test
 
     msg "test: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG"
-    if_build_succeeded tests/ssl-opt.sh -f 'Default\|opaque'
+    tests/ssl-opt.sh -f 'Default\|opaque'
 }
 
 component_test_everest () {
@@ -1116,11 +1117,11 @@ component_test_everest () {
     make test
 
     msg "test: Everest ECDH context - ECDH-related part of ssl-opt.sh (ASan build)" # ~ 5s
-    if_build_succeeded tests/ssl-opt.sh -f ECDH
+    tests/ssl-opt.sh -f ECDH
 
     msg "test: Everest ECDH context - compat.sh with some ECDH ciphersuites (ASan build)" # ~ 3 min
     # Exclude some symmetric ciphers that are redundant here to gain time.
-    if_build_succeeded tests/compat.sh -f ECDH -V NO -e 'ARIA\|CAMELLIA\|CHACHA\|DES'
+    tests/compat.sh -f ECDH -V NO -e 'ARIA\|CAMELLIA\|CHACHA\|DES'
 }
 
 component_test_everest_curve25519_only () {
@@ -1150,7 +1151,7 @@ component_test_small_ssl_out_content_len () {
     make
 
     msg "test: small SSL_OUT_CONTENT_LEN - ssl-opt.sh MFL and large packet tests"
-    if_build_succeeded tests/ssl-opt.sh -f "Max fragment\|Large packet"
+    tests/ssl-opt.sh -f "Max fragment\|Large packet"
 }
 
 component_test_small_ssl_in_content_len () {
@@ -1161,7 +1162,7 @@ component_test_small_ssl_in_content_len () {
     make
 
     msg "test: small SSL_IN_CONTENT_LEN - ssl-opt.sh MFL tests"
-    if_build_succeeded tests/ssl-opt.sh -f "Max fragment"
+    tests/ssl-opt.sh -f "Max fragment"
 }
 
 component_test_small_ssl_dtls_max_buffering () {
@@ -1171,7 +1172,7 @@ component_test_small_ssl_dtls_max_buffering () {
     make
 
     msg "test: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #0 - ssl-opt.sh specific reordering test"
-    if_build_succeeded tests/ssl-opt.sh -f "DTLS reordering: Buffer out-of-order hs msg before reassembling next, free buffered msg"
+    tests/ssl-opt.sh -f "DTLS reordering: Buffer out-of-order hs msg before reassembling next, free buffered msg"
 }
 
 component_test_small_mbedtls_ssl_dtls_max_buffering () {
@@ -1181,15 +1182,15 @@ component_test_small_mbedtls_ssl_dtls_max_buffering () {
     make
 
     msg "test: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #1 - ssl-opt.sh specific reordering test"
-    if_build_succeeded tests/ssl-opt.sh -f "DTLS reordering: Buffer encrypted Finished message, drop for fragmented NewSessionTicket"
+    tests/ssl-opt.sh -f "DTLS reordering: Buffer encrypted Finished message, drop for fragmented NewSessionTicket"
 }
 
 component_test_psa_collect_statuses () {
   msg "build+test: psa_collect_statuses" # ~30s
   scripts/config.py full
-  record_status tests/scripts/psa_collect_statuses.py
+  tests/scripts/psa_collect_statuses.py
   # Check that psa_crypto_init() succeeded at least once
-  record_status grep -q '^0:psa_crypto_init:' tests/statuses.log
+  grep -q '^0:psa_crypto_init:' tests/statuses.log
   rm -f tests/statuses.log
 }
 
@@ -1203,16 +1204,16 @@ component_test_full_cmake_clang () {
     make test
 
     msg "test: psa_constant_names (full config, clang)" # ~ 1s
-    record_status tests/scripts/test_psa_constant_names.py
+    tests/scripts/test_psa_constant_names.py
 
     msg "test: ssl-opt.sh default, ECJPAKE, SSL async (full config)" # ~ 1s
-    if_build_succeeded tests/ssl-opt.sh -f 'Default\|ECJPAKE\|SSL async private'
+    tests/ssl-opt.sh -f 'Default\|ECJPAKE\|SSL async private'
 
     msg "test: compat.sh DES, 3DES & NULL (full config)" # ~ 2 min
-    if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '^$' -f 'NULL\|DES'
+    env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '^$' -f 'NULL\|DES'
 
     msg "test: compat.sh ARIA + ChachaPoly"
-    if_build_succeeded env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA'
+    env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA'
 }
 
 component_test_memsan_constant_flow () {
@@ -1319,59 +1320,59 @@ component_build_crypto_default () {
   msg "build: make, crypto only"
   scripts/config.py crypto
   make CFLAGS='-O1 -Werror'
-  if_build_succeeded are_empty_libraries library/libmbedx509.* library/libmbedtls.*
+  are_empty_libraries library/libmbedx509.* library/libmbedtls.*
 }
 
 component_build_crypto_full () {
   msg "build: make, crypto only, full config"
   scripts/config.py crypto_full
   make CFLAGS='-O1 -Werror'
-  if_build_succeeded are_empty_libraries library/libmbedx509.* library/libmbedtls.*
+  are_empty_libraries library/libmbedx509.* library/libmbedtls.*
 }
 
 component_build_crypto_baremetal () {
   msg "build: make, crypto only, baremetal config"
   scripts/config.py crypto_baremetal
   make CFLAGS='-O1 -Werror'
-  if_build_succeeded are_empty_libraries library/libmbedx509.* library/libmbedtls.*
+  are_empty_libraries library/libmbedx509.* library/libmbedtls.*
 }
 
 component_test_depends_curves () {
     msg "test/build: curves.pl (gcc)" # ~ 4 min
-    record_status tests/scripts/curves.pl
+    tests/scripts/curves.pl
 }
 
 component_test_depends_curves_psa () {
     msg "test/build: curves.pl with MBEDTLS_USE_PSA_CRYPTO defined (gcc)"
     scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
-    record_status tests/scripts/curves.pl
+    tests/scripts/curves.pl
 }
 
 component_test_depends_hashes () {
     msg "test/build: depends-hashes.pl (gcc)" # ~ 2 min
-    record_status tests/scripts/depends-hashes.pl
+    tests/scripts/depends-hashes.pl
 }
 
 component_test_depends_hashes_psa () {
     msg "test/build: depends-hashes.pl with MBEDTLS_USE_PSA_CRYPTO defined (gcc)"
     scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
-    record_status tests/scripts/depends-hashes.pl
+    tests/scripts/depends-hashes.pl
 }
 
 component_test_depends_pkalgs () {
     msg "test/build: depends-pkalgs.pl (gcc)" # ~ 2 min
-    record_status tests/scripts/depends-pkalgs.pl
+    tests/scripts/depends-pkalgs.pl
 }
 
 component_test_depends_pkalgs_psa () {
     msg "test/build: depends-pkalgs.pl with MBEDTLS_USE_PSA_CRYPTO defined (gcc)"
     scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
-    record_status tests/scripts/depends-pkalgs.pl
+    tests/scripts/depends-pkalgs.pl
 }
 
 component_build_key_exchanges () {
     msg "test/build: key-exchanges (gcc)" # ~ 1 min
-    record_status tests/scripts/key-exchanges.pl
+    tests/scripts/key-exchanges.pl
 }
 
 component_build_default_make_gcc_and_cxx () {
@@ -1379,7 +1380,7 @@ component_build_default_make_gcc_and_cxx () {
     make CC=gcc CFLAGS='-Werror -Wall -Wextra -Os'
 
     msg "test: verify header list in cpp_dummy_build.cpp"
-    record_status check_headers_in_cpp
+    check_headers_in_cpp
 
     msg "build: Unix make, incremental g++"
     make TEST_CPP=1
@@ -1434,16 +1435,16 @@ component_test_no_use_psa_crypto_full_cmake_asan() {
     make test
 
     msg "test: ssl-opt.sh (full minus MBEDTLS_USE_PSA_CRYPTO)"
-    if_build_succeeded tests/ssl-opt.sh
+    tests/ssl-opt.sh
 
     msg "test: compat.sh default (full minus MBEDTLS_USE_PSA_CRYPTO)"
-    if_build_succeeded tests/compat.sh
+    tests/compat.sh
 
     msg "test: compat.sh DES & NULL (full minus MBEDTLS_USE_PSA_CRYPTO)"
-    if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '3DES\|DES-CBC3' -f 'NULL\|DES'
+    env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '3DES\|DES-CBC3' -f 'NULL\|DES'
 
     msg "test: compat.sh ARIA + ChachaPoly (full minus MBEDTLS_USE_PSA_CRYPTO)"
-    if_build_succeeded env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA'
+    env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA'
 }
 
 component_test_psa_crypto_config_basic() {
@@ -1916,7 +1917,7 @@ component_test_memory_buffer_allocator () {
 
     msg "test: ssl-opt.sh, MBEDTLS_MEMORY_BUFFER_ALLOC_C"
     # MBEDTLS_MEMORY_BUFFER_ALLOC is slow. Skip tests that tend to time out.
-    if_build_succeeded tests/ssl-opt.sh -e '^DTLS proxy'
+    tests/ssl-opt.sh -e '^DTLS proxy'
 }
 
 component_test_no_max_fragment_length () {
@@ -1927,7 +1928,7 @@ component_test_no_max_fragment_length () {
     make
 
     msg "test: ssl-opt.sh, MFL-related tests"
-    if_build_succeeded tests/ssl-opt.sh -f "Max fragment length"
+    tests/ssl-opt.sh -f "Max fragment length"
 }
 
 component_test_asan_remove_peer_certificate () {
@@ -1940,13 +1941,13 @@ component_test_asan_remove_peer_certificate () {
     make test
 
     msg "test: ssl-opt.sh, !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE"
-    if_build_succeeded tests/ssl-opt.sh
+    tests/ssl-opt.sh
 
     msg "test: compat.sh, !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE"
-    if_build_succeeded tests/compat.sh
+    tests/compat.sh
 
     msg "test: context-info.sh, !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE"
-    if_build_succeeded tests/context-info.sh
+    tests/context-info.sh
 }
 
 component_test_no_max_fragment_length_small_ssl_out_content_len () {
@@ -1958,10 +1959,10 @@ component_test_no_max_fragment_length_small_ssl_out_content_len () {
     make
 
     msg "test: MFL tests (disabled MFL extension case) & large packet tests"
-    if_build_succeeded tests/ssl-opt.sh -f "Max fragment length\|Large buffer"
+    tests/ssl-opt.sh -f "Max fragment length\|Large buffer"
 
     msg "test: context-info.sh (disabled MFL extension case)"
-    if_build_succeeded tests/context-info.sh
+    tests/context-info.sh
 }
 
 component_test_variable_ssl_in_out_buffer_len () {
@@ -1974,10 +1975,10 @@ component_test_variable_ssl_in_out_buffer_len () {
     make test
 
     msg "test: ssl-opt.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled"
-    if_build_succeeded tests/ssl-opt.sh
+    tests/ssl-opt.sh
 
     msg "test: compat.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled"
-    if_build_succeeded tests/compat.sh
+    tests/compat.sh
 }
 
 component_test_variable_ssl_in_out_buffer_len_CID () {
@@ -1992,10 +1993,10 @@ component_test_variable_ssl_in_out_buffer_len_CID () {
     make test
 
     msg "test: ssl-opt.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH and MBEDTLS_SSL_DTLS_CONNECTION_ID enabled"
-    if_build_succeeded tests/ssl-opt.sh
+    tests/ssl-opt.sh
 
     msg "test: compat.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH and MBEDTLS_SSL_DTLS_CONNECTION_ID enabled"
-    if_build_succeeded tests/compat.sh
+    tests/compat.sh
 }
 
 component_test_ssl_alloc_buffer_and_mfl () {
@@ -2012,7 +2013,7 @@ component_test_ssl_alloc_buffer_and_mfl () {
     make test
 
     msg "test: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH, MBEDTLS_MEMORY_BUFFER_ALLOC_C, MBEDTLS_MEMORY_DEBUG and MBEDTLS_SSL_MAX_FRAGMENT_LENGTH"
-    if_build_succeeded tests/ssl-opt.sh -f "Handshake memory usage"
+    tests/ssl-opt.sh -f "Handshake memory usage"
 }
 
 component_test_when_no_ciphersuites_have_mac () {
@@ -2026,7 +2027,7 @@ component_test_when_no_ciphersuites_have_mac () {
     make test
 
     msg "test ssl-opt.sh: !MBEDTLS_SSL_SOME_MODES_USE_MAC"
-    if_build_succeeded tests/ssl-opt.sh -f 'Default\|EtM' -e 'without EtM'
+    tests/ssl-opt.sh -f 'Default\|EtM' -e 'without EtM'
 }
 
 component_test_no_date_time () {
@@ -2062,7 +2063,7 @@ component_test_malloc_0_null () {
     msg "selftest: malloc(0) returns NULL (ASan+UBSan build)"
     # Just the calloc selftest. "make test" ran the others as part of the
     # test suites.
-    if_build_succeeded programs/test/selftest calloc
+    programs/test/selftest calloc
 
     msg "test ssl-opt.sh: malloc(0) returns NULL (ASan+UBSan build)"
     # Run a subset of the tests. The choice is a balance between coverage
@@ -2070,7 +2071,7 @@ component_test_malloc_0_null () {
     # The current choice is to skip tests whose description includes
     # "proxy", which is an approximation of skipping tests that use the
     # UDP proxy, which tend to be slower and flakier.
-    if_build_succeeded tests/ssl-opt.sh -e 'proxy'
+    tests/ssl-opt.sh -e 'proxy'
 }
 
 component_test_aes_fewer_tables () {
@@ -2261,7 +2262,7 @@ component_test_m32_o1 () {
     make test
 
     msg "test ssl-opt.sh, i386, make, gcc-O1"
-    if_build_succeeded tests/ssl-opt.sh
+    tests/ssl-opt.sh
 }
 support_test_m32_o1 () {
     support_test_m32_o0 "$@"
@@ -2276,11 +2277,11 @@ component_test_m32_everest () {
     make test
 
     msg "test: i386, Everest ECDH context - ECDH-related part of ssl-opt.sh (ASan build)" # ~ 5s
-    if_build_succeeded tests/ssl-opt.sh -f ECDH
+    tests/ssl-opt.sh -f ECDH
 
     msg "test: i386, Everest ECDH context - compat.sh with some ECDH ciphersuites (ASan build)" # ~ 3 min
     # Exclude some symmetric ciphers that are redundant here to gain time.
-    if_build_succeeded tests/compat.sh -f ECDH -V NO -e 'ARIA\|CAMELLIA\|CHACHA\|DES'
+    tests/compat.sh -f ECDH -V NO -e 'ARIA\|CAMELLIA\|CHACHA\|DES'
 }
 support_test_m32_everest () {
     support_test_m32_o0 "$@"
@@ -2378,7 +2379,7 @@ component_test_no_x509_info () {
     make test
 
     msg "test: ssl-opt.sh, full + MBEDTLS_X509_REMOVE_INFO" # ~ 1 min
-    if_build_succeeded tests/ssl-opt.sh
+    tests/ssl-opt.sh
 }
 
 component_build_arm_none_eabi_gcc () {
@@ -2419,7 +2420,7 @@ component_build_arm_none_eabi_gcc_no_udbl_division () {
     scripts/config.py set MBEDTLS_NO_UDBL_DIVISION
     make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -Wall -Wextra' lib
     echo "Checking that software 64-bit division is not required"
-    if_build_succeeded not grep __aeabi_uldiv library/*.o
+    not grep __aeabi_uldiv library/*.o
 }
 
 component_build_arm_none_eabi_gcc_no_64bit_multiplication () {
@@ -2428,7 +2429,7 @@ component_build_arm_none_eabi_gcc_no_64bit_multiplication () {
     scripts/config.py set MBEDTLS_NO_64BIT_MULTIPLICATION
     make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -O1 -march=armv6-m -mthumb' lib
     echo "Checking that software 64-bit multiplication is not required"
-    if_build_succeeded not grep __aeabi_lmul library/*.o
+    not grep __aeabi_lmul library/*.o
 }
 
 component_build_armcc () {
@@ -2496,13 +2497,13 @@ component_test_memsan () {
     make test
 
     msg "test: ssl-opt.sh (MSan)" # ~ 1 min
-    if_build_succeeded tests/ssl-opt.sh
+    tests/ssl-opt.sh
 
     # Optional part(s)
 
     if [ "$MEMORY" -gt 0 ]; then
         msg "test: compat.sh (MSan)" # ~ 6 min 20s
-        if_build_succeeded tests/compat.sh
+        tests/compat.sh
     fi
 }
 
@@ -2518,17 +2519,17 @@ component_test_valgrind () {
     # seem to receive signals under valgrind on OS X).
     if [ "$MEMORY" -gt 0 ]; then
         msg "test: ssl-opt.sh --memcheck (Release)"
-        if_build_succeeded tests/ssl-opt.sh --memcheck
+        tests/ssl-opt.sh --memcheck
     fi
 
     if [ "$MEMORY" -gt 1 ]; then
         msg "test: compat.sh --memcheck (Release)"
-        if_build_succeeded tests/compat.sh --memcheck
+        tests/compat.sh --memcheck
     fi
 
     if [ "$MEMORY" -gt 0 ]; then
         msg "test: context-info.sh --memcheck (Release)"
-        if_build_succeeded tests/context-info.sh --memcheck
+        tests/context-info.sh --memcheck
     fi
 }
 
@@ -2547,10 +2548,10 @@ component_test_cmake_out_of_source () {
     # "No such file or directory", which would indicate that some required
     # file is missing (ssl-opt.sh tolerates the absence of some files so
     # may exit with status 0 but emit errors).
-    if_build_succeeded ./tests/ssl-opt.sh -f 'Fallback SCSV: beginning of list' 2>ssl-opt.err
+    ./tests/ssl-opt.sh -f 'Fallback SCSV: beginning of list' 2>ssl-opt.err
     cat ssl-opt.err >&2
     # If ssl-opt.err is non-empty, record an error and keep going.
-    record_status [ ! -s ssl-opt.err ]
+    [ ! -s ssl-opt.err ]
     rm ssl-opt.err
     cd "$MBEDTLS_ROOT_DIR"
     rm -rf "$OUT_OF_SOURCE_DIR"
@@ -2564,7 +2565,7 @@ component_test_cmake_as_subdirectory () {
     cd programs/test/cmake_subproject
     cmake .
     make
-    if_build_succeeded ./cmake_subproject
+    ./cmake_subproject
 
     cd "$MBEDTLS_ROOT_DIR"
     unset MBEDTLS_ROOT_DIR
@@ -2577,7 +2578,7 @@ component_test_cmake_as_package () {
     cd programs/test/cmake_package
     cmake .
     make
-    if_build_succeeded ./cmake_package
+    ./cmake_package
 
     cd "$MBEDTLS_ROOT_DIR"
     unset MBEDTLS_ROOT_DIR
@@ -2590,7 +2591,7 @@ component_test_cmake_as_package_install () {
     cd programs/test/cmake_package_install
     cmake .
     make
-    if_build_succeeded ./cmake_package_install
+    ./cmake_package_install
 
     cd "$MBEDTLS_ROOT_DIR"
     unset MBEDTLS_ROOT_DIR
@@ -2615,9 +2616,9 @@ component_test_zeroize () {
         for compiler in clang gcc; do
             msg "test: $compiler $optimization_flag, mbedtls_platform_zeroize()"
             make programs CC="$compiler" DEBUG=1 CFLAGS="$optimization_flag"
-            if_build_succeeded gdb -ex "$gdb_disable_aslr" -x tests/scripts/test_zeroize.gdb -nw -batch -nx 2>&1 | tee test_zeroize.log
-            if_build_succeeded grep "The buffer was correctly zeroized" test_zeroize.log
-            if_build_succeeded not grep -i "error" test_zeroize.log
+            gdb -ex "$gdb_disable_aslr" -x tests/scripts/test_zeroize.gdb -nw -batch -nx 2>&1 | tee test_zeroize.log
+            grep "The buffer was correctly zeroized" test_zeroize.log
+            not grep -i "error" test_zeroize.log
             rm -f test_zeroize.log
             make clean
         done
@@ -2628,7 +2629,7 @@ component_test_zeroize () {
 
 component_check_python_files () {
     msg "Lint: Python scripts"
-    record_status tests/scripts/check-python-files.sh
+    tests/scripts/check-python-files.sh
 }
 
 component_check_generate_test_code () {
@@ -2636,7 +2637,7 @@ component_check_generate_test_code () {
     # unittest writes out mundane stuff like number or tests run on stderr.
     # Our convention is to reserve stderr for actual errors, and write
     # harmless info on stdout so it can be suppress with --quiet.
-    record_status ./tests/scripts/test_generate_test_code.py 2>&1
+    ./tests/scripts/test_generate_test_code.py 2>&1
 }
 
 ################################################################

From fec30cbe8c800dcc3615601eb2d6859de8d78da5 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Sat, 28 Mar 2020 19:34:23 +0100
Subject: [PATCH 098/966] Fix double reporting when the last command of a
 function fails

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 tests/scripts/all.sh | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 8b8e3dd590..cb3c8f2fb9 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -480,6 +480,11 @@ pre_setup_keep_going () {
     failure_count=0 # Number of failed components
     last_failure_status=0 # Last failure status in this component
 
+    # See err_trap
+    previous_failure_status=0
+    previous_failed_command=
+    previous_failure_funcall_depth=0
+
     start_red=
     end_color=
     if [ -t 1 ]; then
@@ -517,6 +522,21 @@ pre_setup_keep_going () {
         last_failure_status=$?
         failed_command=$BASH_COMMAND
 
+        if [[ $last_failure_status -eq $previous_failure_status &&
+              "$failed_command" == "$previous_failed_command" &&
+              ${#FUNCNAME[@]} == $((previous_failure_funcall_depth - 1)) ]]
+        then
+            # The same command failed twice in a row, but this time one level
+            # less deep in the function call stack. This happens when the last
+            # command of a function returns a nonzero status, and the function
+            # returns that same status. Ignore the second failure.
+            previous_failure_funcall_depth=${#FUNCNAME[@]}
+            return
+        fi
+        previous_failure_status=$last_failure_status
+        previous_failed_command=$failed_command
+        previous_failure_funcall_depth=${#FUNCNAME[@]}
+
         text="$current_section: $failed_command -> $last_failure_status"
         echo "${start_red}^^^^$text^^^^${end_color}" >&2
         echo "$text" >>"$failure_summary_file"

From a681c59d348f362bd18fcff72c694fc8ede98546 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Sat, 28 Mar 2020 21:27:40 +0100
Subject: [PATCH 099/966] Better not function

In the `not` function, in keep-going mode, arrange to report the
failing command (rather than `"$@"`).

Note that the `!` keyword should not be used, because failures with
`!` are not reported properly.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 tests/scripts/all.sh | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index cb3c8f2fb9..d95ca7b897 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -90,6 +90,9 @@
 #
 # Each component must start by invoking `msg` with a short informative message.
 #
+# Warning: due to the way bash detects errors, the failure of a command
+# inside 'if' or '!' is not detected. Use the 'not' function instead of '!'.
+#
 # Each component is executed in a separate shell process. The component
 # fails if any command in it returns a non-zero status.
 #
@@ -484,6 +487,7 @@ pre_setup_keep_going () {
     previous_failure_status=0
     previous_failed_command=
     previous_failure_funcall_depth=0
+    unset report_failed_command
 
     start_red=
     end_color=
@@ -508,7 +512,7 @@ pre_setup_keep_going () {
             "msg "*) false;;
             *[!A-Za-z]"test"|*[!A-Za-z]"test"[!A-Za-z]*) true;;
             "tests/"*) true;;
-            "grep "*|"not grep "*) true;;
+            "grep "*|"! grep "*) true;;
             *) false;;
         esac
     }
@@ -520,7 +524,7 @@ pre_setup_keep_going () {
         # Save $? (status of the failing command). This must be the very
         # first thing, before $? is overridden.
         last_failure_status=$?
-        failed_command=$BASH_COMMAND
+        failed_command=${report_failed_command-$BASH_COMMAND}
 
         if [[ $last_failure_status -eq $previous_failure_status &&
               "$failed_command" == "$previous_failed_command" &&
@@ -578,8 +582,14 @@ if_build_succeeded () {
     "$@"
 }
 
-not() {
-    ! "$@"
+# '! true' does not trigger the ERR trap. Arrange to trigger it, with
+# a reasonably informative error message (not just "$@").
+not () {
+    if "$@"; then
+        report_failed_command="! $*"
+        false
+        unset report_failed_command
+    fi
 }
 
 pre_setup_quiet_redirect () {

From b80f0d20ea063ff0a87ac52e58c8155faf53f8bd Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Sat, 28 Mar 2020 21:37:59 +0100
Subject: [PATCH 100/966] Complain if an unsupported component is explicitly
 requested

In all.sh, when an explicit list of components is specified, error out
if one of the components is not known or not supported. Patterns that
happen to match zero components are still effectively ignored.

Fix #2783

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 tests/scripts/all.sh | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index d95ca7b897..61b17e1022 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -444,6 +444,24 @@ pre_parse_command_line () {
         COMMAND_LINE_COMPONENTS="$COMMAND_LINE_COMPONENTS *_armcc*"
     fi
 
+    if [ $all_except -eq 0 ]; then
+        unsupported=0
+        for component in $COMMAND_LINE_COMPONENTS; do
+            case $component in
+                *[*?\[]*) continue;;
+            esac
+            case " $SUPPORTED_COMPONENTS " in
+                *" $component "*) :;;
+                *)
+                    echo >&2 "Component $component was explicitly requested, but is not known or not supported."
+                    unsupported=$((unsupported + 1));;
+            esac
+        done
+        if [ $unsupported -ne 0 ]; then
+            exit 2
+        fi
+    fi
+
     # Build the list of components to run.
     RUN_COMPONENTS=
     for component in $SUPPORTED_COMPONENTS; do

From c2e22ee27177c2041cdb047325db20df500796d4 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Sat, 28 Mar 2020 22:02:50 +0100
Subject: [PATCH 101/966] Remove code that is useless now that components run
 in a subshell

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 tests/scripts/all.sh | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 61b17e1022..6249977c82 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -267,10 +267,6 @@ EOF
 # remove built files as well as the cmake cache/config
 cleanup()
 {
-    if [ -n "${MBEDTLS_ROOT_DIR+set}" ]; then
-        cd "$MBEDTLS_ROOT_DIR"
-    fi
-
     command make clean
 
     # Remove CMake artefacts
@@ -2603,7 +2599,6 @@ component_test_cmake_out_of_source () {
     rm ssl-opt.err
     cd "$MBEDTLS_ROOT_DIR"
     rm -rf "$OUT_OF_SOURCE_DIR"
-    unset MBEDTLS_ROOT_DIR
 }
 
 component_test_cmake_as_subdirectory () {

From aca0b32132533acec4cbb9c64b5e64338bb04145 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Mon, 20 Apr 2020 13:21:27 +0200
Subject: [PATCH 102/966] Keep going after a shell "[" a.k.a. "test" fails

This is necessary to actually keep going and finish the
component-specific cleanup in component_test_cmake_out_of_source if
ssl-opt.err is non-empty.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 tests/scripts/all.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 6249977c82..afc1a49185 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -527,6 +527,7 @@ pre_setup_keep_going () {
             *[!A-Za-z]"test"|*[!A-Za-z]"test"[!A-Za-z]*) true;;
             "tests/"*) true;;
             "grep "*|"! grep "*) true;;
+            "test "*|"[ "*) true;;
             *) false;;
         esac
     }

From 88a07457c7e6dbe0c170a75110f84bad39f156c6 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Thu, 8 Jul 2021 19:03:50 +0200
Subject: [PATCH 103/966] Remove barely-used redirect functions

redirect_out was no longer used and redirect_err was only used to
quiet dd. Change the dd invocation to only print diagnostics on
error (on platforms where this is possible).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 tests/scripts/all.sh | 26 ++++++--------------------
 1 file changed, 6 insertions(+), 20 deletions(-)

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index afc1a49185..4614029ad0 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -607,24 +607,6 @@ not () {
     fi
 }
 
-pre_setup_quiet_redirect () {
-    if [ $QUIET -ne 1 ]; then
-        redirect_out () {
-            "$@"
-        }
-        redirect_err () {
-            "$@"
-        }
-    else
-        redirect_out () {
-            "$@" >/dev/null
-        }
-        redirect_err () {
-            "$@" 2>/dev/null
-        }
-    fi
-}
-
 pre_prepare_outcome_file () {
     case "$MBEDTLS_TEST_OUTCOME_FILE" in
       [!/]*) MBEDTLS_TEST_OUTCOME_FILE="$PWD/$MBEDTLS_TEST_OUTCOME_FILE";;
@@ -2726,7 +2708,12 @@ run_component () {
     # Unconditionally create a seedfile that's sufficiently long.
     # Do this before each component, because a previous component may
     # have messed it up or shortened it.
-    redirect_err dd if=/dev/urandom of=./tests/seedfile bs=64 count=1
+    local dd_cmd
+    dd_cmd=(dd if=/dev/urandom of=./tests/seedfile bs=64 count=1)
+    case $OSTYPE in
+        linux*|freebsd*|openbsd*|darwin*) dd_cmd+=(status=none)
+    esac
+    "${dd_cmd[@]}"
 
     # Run the component in a subshell
     if [ $KEEP_GOING -eq 1 ]; then
@@ -2774,7 +2761,6 @@ build_status=0
 if [ $KEEP_GOING -eq 1 ]; then
     pre_setup_keep_going
 fi
-pre_setup_quiet_redirect
 pre_prepare_outcome_file
 pre_print_configuration
 pre_check_tools

From 72385036420e9a072c0588ccd685f8f72cf6458d Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Thu, 8 Jul 2021 19:07:07 +0200
Subject: [PATCH 104/966] Heed --quiet when running make generated_files

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 tests/scripts/all.sh | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 4614029ad0..c3df05b724 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -713,7 +713,11 @@ pre_generate_files() {
     # since make doesn't have proper dependencies, remove any possibly outdate
     # file that might be around before generating fresh ones
     make neat
-    make generated_files
+    if [ $QUIET -eq 1 ]; then
+        make -s generated_files
+    else
+        make generated_files
+    fi
 }
 
 

From 03ab544832fceeb1d618fef1d4f2e44641a9eadc Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Fri, 9 Jul 2021 15:19:28 +0200
Subject: [PATCH 105/966] Generate cpp_cummy_build.cpp dynamically

Generate programs/test/cpp_dummy_build.cpp dynamically instead of
maintaining it manually. This removes the need to update it when the list of
headers changes.

Include all the headers unconditionally except for the ones that cannot be
included directly.

Support this dynamic generation both with make and with cmake.

Adapt all.sh accordingly. Remove the redundant C build from
component_build_default_make_gcc_and_cxx (it was also done in
component_test_default_out_of_box), leaving a component_test_make_cxx. Also
run the C++ program, because why not. Do this in the full configuration
which may catch a bit more problems in headers.

Fixes #2570 for good.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 programs/.gitignore                       |  1 +
 programs/Makefile                         |  7 +-
 programs/test/CMakeLists.txt              | 12 ++-
 programs/test/cpp_dummy_build.cpp         | 98 -----------------------
 programs/test/generate_cpp_dummy_build.sh | 85 ++++++++++++++++++++
 tests/scripts/all.sh                      | 22 ++---
 6 files changed, 109 insertions(+), 116 deletions(-)
 delete mode 100644 programs/test/cpp_dummy_build.cpp
 create mode 100755 programs/test/generate_cpp_dummy_build.sh

diff --git a/programs/.gitignore b/programs/.gitignore
index 83521a792b..d8eb6baa03 100644
--- a/programs/.gitignore
+++ b/programs/.gitignore
@@ -56,6 +56,7 @@ ssl/ssl_server
 ssl/ssl_server2
 test/benchmark
 test/cpp_dummy_build
+test/cpp_dummy_build.cpp
 test/ecp-bench
 test/query_compile_time_config
 test/selftest
diff --git a/programs/Makefile b/programs/Makefile
index 997c198716..977ae7e8b4 100644
--- a/programs/Makefile
+++ b/programs/Makefile
@@ -331,6 +331,10 @@ test/benchmark$(EXEXT): test/benchmark.c $(DEP)
 	echo "  CC    test/benchmark.c"
 	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/benchmark.c   $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
 
+test/cpp_dummy_build.cpp: test/generate_cpp_dummy_build.sh
+	echo "  Gen   test/cpp_dummy_build.cpp"
+	test/generate_cpp_dummy_build.sh
+
 test/cpp_dummy_build$(EXEXT): test/cpp_dummy_build.cpp $(DEP)
 	echo "  CXX   test/cpp_dummy_build.cpp"
 	$(CXX) $(LOCAL_CXXFLAGS) $(CXXFLAGS) test/cpp_dummy_build.cpp   $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
@@ -391,10 +395,11 @@ clean:
 ifndef WINDOWS
 	rm -f $(EXES)
 	-rm -f ssl/ssl_pthread_server$(EXEXT)
-	-rm -f test/cpp_dummy_build$(EXEXT)
+	-rm -f test/cpp_dummy_build.cpp test/cpp_dummy_build$(EXEXT)
 else
 	if exist *.o del /Q /F *.o
 	if exist *.exe del /Q /F *.exe
+	if exist test\cpp_dummy_build.cpp del /Q /F test\cpp_dummy_build.cpp
 endif
 	$(MAKE) -C fuzz clean
 
diff --git a/programs/test/CMakeLists.txt b/programs/test/CMakeLists.txt
index 807d1bc10b..a0a1b763cc 100644
--- a/programs/test/CMakeLists.txt
+++ b/programs/test/CMakeLists.txt
@@ -14,7 +14,17 @@ set(executables_mbedcrypto
 )
 
 if(TEST_CPP)
-    list(APPEND executables_mbedcrypto cpp_dummy_build)
+    set(cpp_dummy_build_cpp "${CMAKE_CURRENT_BINARY_DIR}/cpp_dummy_build.cpp")
+    set(generate_cpp_dummy_build "${CMAKE_CURRENT_SOURCE_DIR}/generate_cpp_dummy_build.sh")
+    add_custom_command(
+        OUTPUT "${cpp_dummy_build_cpp}"
+        COMMAND "${generate_cpp_dummy_build}" "${cpp_dummy_build_cpp}"
+        DEPENDS "${generate_cpp_dummy_build}"
+        WORKING_DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}"
+    )
+    add_executable(cpp_dummy_build "${cpp_dummy_build_cpp}")
+    target_include_directories(cpp_dummy_build PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../include)
+    target_link_libraries(cpp_dummy_build ${mbedcrypto_target})
 endif()
 
 foreach(exe IN LISTS executables_libs executables_mbedcrypto)
diff --git a/programs/test/cpp_dummy_build.cpp b/programs/test/cpp_dummy_build.cpp
deleted file mode 100644
index 7f1efe8dba..0000000000
--- a/programs/test/cpp_dummy_build.cpp
+++ /dev/null
@@ -1,98 +0,0 @@
-/*
- *  This program is a dummy C++ program to ensure Mbed TLS library header files
- *  can be included and built with a C++ compiler.
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#include "mbedtls/build_info.h"
-
-#include "mbedtls/aes.h"
-#include "mbedtls/aria.h"
-#include "mbedtls/asn1.h"
-#include "mbedtls/asn1write.h"
-#include "mbedtls/base64.h"
-#include "mbedtls/bignum.h"
-#include "mbedtls/camellia.h"
-#include "mbedtls/ccm.h"
-#include "mbedtls/chacha20.h"
-#include "mbedtls/chachapoly.h"
-#include "mbedtls/check_config.h"
-#include "mbedtls/cipher.h"
-#include "mbedtls/cmac.h"
-#include "mbedtls/config_psa.h"
-#include "mbedtls/ctr_drbg.h"
-#include "mbedtls/debug.h"
-#include "mbedtls/des.h"
-#include "mbedtls/dhm.h"
-#include "mbedtls/ecdh.h"
-#include "mbedtls/ecdsa.h"
-#include "mbedtls/ecjpake.h"
-#include "mbedtls/ecp.h"
-#include "mbedtls/entropy.h"
-#include "mbedtls/error.h"
-#include "mbedtls/gcm.h"
-#include "mbedtls/hkdf.h"
-#include "mbedtls/hmac_drbg.h"
-#include "mbedtls/md.h"
-#include "mbedtls/md5.h"
-#include "mbedtls/net_sockets.h"
-#include "mbedtls/nist_kw.h"
-#include "mbedtls/oid.h"
-#include "mbedtls/pem.h"
-#include "mbedtls/pk.h"
-#include "mbedtls/pkcs12.h"
-#include "mbedtls/pkcs5.h"
-#include "mbedtls/platform_time.h"
-#include "mbedtls/platform_util.h"
-#include "mbedtls/poly1305.h"
-#include "mbedtls/psa_util.h"
-#include "mbedtls/ripemd160.h"
-#include "mbedtls/rsa.h"
-#include "mbedtls/sha1.h"
-#include "mbedtls/sha256.h"
-#include "mbedtls/sha512.h"
-#include "mbedtls/ssl.h"
-#include "mbedtls/ssl_cache.h"
-#include "mbedtls/ssl_ciphersuites.h"
-#include "mbedtls/ssl_cookie.h"
-#include "mbedtls/ssl_ticket.h"
-#include "mbedtls/threading.h"
-#include "mbedtls/timing.h"
-#include "mbedtls/version.h"
-#include "mbedtls/x509.h"
-#include "mbedtls/x509_crl.h"
-#include "mbedtls/x509_crt.h"
-#include "mbedtls/x509_csr.h"
-
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#endif
-
-#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
-#include "mbedtls/memory_buffer_alloc.h"
-#endif
-
-#include "psa/crypto.h"
-#include "psa/crypto_se_driver.h"
-
-int main()
-{
-    mbedtls_platform_context *ctx = NULL;
-    mbedtls_platform_setup(ctx);
-    mbedtls_printf("CPP Build test\n");
-    mbedtls_platform_teardown(ctx);
-}
diff --git a/programs/test/generate_cpp_dummy_build.sh b/programs/test/generate_cpp_dummy_build.sh
new file mode 100755
index 0000000000..41adf149eb
--- /dev/null
+++ b/programs/test/generate_cpp_dummy_build.sh
@@ -0,0 +1,85 @@
+#!/bin/sh
+
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -e
+
+# Ensure a reproducible order for *.h
+export LC_ALL=C
+
+print_cpp () {
+  cat <<'EOF'
+/* Automatically generated file. Do not edit.
+ *
+ *  This program is a dummy C++ program to ensure Mbed TLS library header files
+ *  can be included and built with a C++ compiler.
+ *
+ *  Copyright The Mbed TLS Contributors
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+#include "mbedtls/build_info.h"
+
+EOF
+
+  for header in include/mbedtls/*.h include/psa/*.h; do
+    case ${header#include/} in
+      mbedtls/mbedtls_config.h) :;; # not meant for direct inclusion
+      psa/crypto_config.h) :;; # not meant for direct inclusion
+      # Some of the psa/crypto_*.h headers are not meant to be included directly.
+      # They do have include guards that make them no-ops if psa/crypto.h
+      # has been included before. Since psa/crypto.h comes before psa/crypto_*.h
+      # in the wildcard enumeration, we don't need to skip those headers.
+      *) echo "#include \"${header#include/}\"";;
+    esac
+  done
+
+  cat <<'EOF'
+
+int main()
+{
+    mbedtls_platform_context *ctx = NULL;
+    mbedtls_platform_setup(ctx);
+    mbedtls_printf("CPP Build test passed\n");
+    mbedtls_platform_teardown(ctx);
+}
+EOF
+}
+
+if [ -d include/mbedtls ]; then
+  :
+elif [ -d ../include/mbedtls ]; then
+  cd ..
+elif [ -d ../../include/mbedtls ]; then
+  cd ../..
+else
+  echo >&2 "This script must be run from an Mbed TLS source tree."
+  exit 3
+fi
+
+print_cpp >"${1:-programs/test/cpp_dummy_build.cpp}"
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index c3df05b724..8c75c9f052 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -368,14 +368,6 @@ check_tools()
     done
 }
 
-check_headers_in_cpp () {
-    ls include/mbedtls | grep "\.h$" >headers.txt
-    <programs/test/cpp_dummy_build.cpp sed -n 's/"$//; s!^#include "mbedtls/!!p' |
-    sort |
-    diff headers.txt -
-    rm headers.txt
-}
-
 pre_parse_command_line () {
     COMMAND_LINE_COMPONENTS=
     all_except=0
@@ -1406,15 +1398,13 @@ component_build_key_exchanges () {
     tests/scripts/key-exchanges.pl
 }
 
-component_build_default_make_gcc_and_cxx () {
-    msg "build: Unix make, -Os (gcc)" # ~ 30s
-    make CC=gcc CFLAGS='-Werror -Wall -Wextra -Os'
+component_test_make_cxx () {
+    msg "build: Unix make, full, gcc + g++"
+    scripts/config.py full
+    make TEST_CPP=1 lib programs
 
-    msg "test: verify header list in cpp_dummy_build.cpp"
-    check_headers_in_cpp
-
-    msg "build: Unix make, incremental g++"
-    make TEST_CPP=1
+    msg "test: cpp_dummy_build"
+    programs/test/cpp_dummy_build
 }
 
 component_build_module_alt () {

From f83eb82a4db16d49119b119c153f6fe9e005000f Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Mon, 30 Mar 2020 20:11:39 +0200
Subject: [PATCH 106/966] Don't restore *config.h before backing it up

Back up the config files at the beginning of all.sh, rather than before each
component. In particular, create the backup before running cleanup for the
first time. This fixes #3139 (all.sh using a config.h.bak from a previous
job), and makes all.sh more robust against accidentally using a modified
config.h midway through because a component messed with the backup.

Use a different extension (*.all.bak rather than *.bak) for the backups.
This is necessary to ensure that auxiliary scripts such as depends*.pl that
make their own backup don't remove all.sh's backup, which the code from this
commit does not support.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 tests/scripts/all.sh | 41 +++++++++++++++++++++++++++--------------
 1 file changed, 27 insertions(+), 14 deletions(-)

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 8c75c9f052..5c2ab2778d 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -129,9 +129,14 @@ pre_check_environment () {
 
 pre_initialize_variables () {
     CONFIG_H='include/mbedtls/mbedtls_config.h'
-    CONFIG_BAK="$CONFIG_H.bak"
     CRYPTO_CONFIG_H='include/psa/crypto_config.h'
-    CRYPTO_CONFIG_BAK="$CRYPTO_CONFIG_H.bak"
+
+    # Files that are clobbered by some jobs will be backed up. Use a different
+    # suffix from auxiliary scripts so that all.sh and auxiliary scripts can
+    # independently decide when to remove the backup file.
+    backup_suffix='.all.bak'
+    # Files clobbered by config.py
+    files_to_back_up="$CONFIG_H $CRYPTO_CONFIG_H"
 
     append_outcome=0
     MEMORY=0
@@ -295,13 +300,18 @@ cleanup()
     rm -f programs/test/cmake_package_install/Makefile
     rm -f programs/test/cmake_package_install/cmake_package_install
 
-    if [ -f "$CONFIG_BAK" ]; then
-        mv "$CONFIG_BAK" "$CONFIG_H"
-    fi
+    # Restore files that may have been clobbered by the job
+    for x in $files_to_back_up; do
+        cp -p "$x$backup_suffix" "$x"
+    done
+}
 
-    if [ -f "$CRYPTO_CONFIG_BAK" ]; then
-        mv "$CRYPTO_CONFIG_BAK" "$CRYPTO_CONFIG_H"
-    fi
+final_cleanup () {
+    cleanup
+
+    for x in $files_to_back_up; do
+        rm -f "$x$backup_suffix"
+    done
 }
 
 # Executed on exit. May be redefined depending on command line options.
@@ -310,7 +320,7 @@ final_report () {
 }
 
 fatal_signal () {
-    cleanup
+    final_cleanup
     final_report $1
     trap - $1
     kill -$1 $$
@@ -485,6 +495,12 @@ pre_check_git () {
     fi
 }
 
+pre_back_up () {
+    for x in $files_to_back_up; do
+        cp -p "$x" "$x$backup_suffix"
+    done
+}
+
 pre_setup_keep_going () {
     failure_count=0 # Number of failed components
     last_failure_status=0 # Last failure status in this component
@@ -2666,7 +2682,7 @@ component_check_generate_test_code () {
 
 post_report () {
     msg "Done, cleaning up"
-    cleanup
+    final_cleanup
 
     final_report
 }
@@ -2692,10 +2708,6 @@ pseudo_component_error_test () {
 
 # Run one component and clean up afterwards.
 run_component () {
-    # Back up the configuration in case the component modifies it.
-    # The cleanup function will restore it.
-    cp -p "$CONFIG_H" "$CONFIG_BAK"
-    cp -p "$CRYPTO_CONFIG_H" "$CRYPTO_CONFIG_BAK"
     current_component="$1"
     export MBEDTLS_TEST_CONFIGURATION="$current_component"
 
@@ -2750,6 +2762,7 @@ pre_initialize_variables
 pre_parse_command_line "$@"
 
 pre_check_git
+pre_back_up
 
 build_status=0
 if [ $KEEP_GOING -eq 1 ]; then

From 568f53a9d8734f8dc28f2a9c8fe86ef5267df0af Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Mon, 12 Jul 2021 18:16:01 +0200
Subject: [PATCH 107/966] Don't unconditionally restore **/Makefile

all.sh restores **/Makefile from git in case the version in the worktree was
from doing a cmake in-tree build. Instead of doing this unconditionally, do
it only if the toplevel Makefile seems to have been automatically
generated (by cmake or otherwise, e.g. by mbedtls-prepare-build). This way
all.sh no longer silently wipes changes made to Makefile but not committed yet.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 tests/scripts/all.sh | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 5c2ab2778d..7db9488eee 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -137,6 +137,8 @@ pre_initialize_variables () {
     backup_suffix='.all.bak'
     # Files clobbered by config.py
     files_to_back_up="$CONFIG_H $CRYPTO_CONFIG_H"
+    # Files clobbered by in-tree cmake
+    files_to_back_up="$files_to_back_up Makefile library/Makefile programs/Makefile tests/Makefile programs/fuzz/Makefile"
 
     append_outcome=0
     MEMORY=0
@@ -282,8 +284,6 @@ cleanup()
               -iname CMakeCache.txt \) -exec rm -f {} \+
     # Recover files overwritten by in-tree CMake builds
     rm -f include/Makefile include/mbedtls/Makefile programs/*/Makefile
-    git update-index --no-skip-worktree Makefile library/Makefile programs/Makefile tests/Makefile programs/fuzz/Makefile
-    git checkout -- Makefile library/Makefile programs/Makefile tests/Makefile programs/fuzz/Makefile
 
     # Remove any artifacts from the component_test_cmake_as_subdirectory test.
     rm -rf programs/test/cmake_subproject/build
@@ -495,6 +495,20 @@ pre_check_git () {
     fi
 }
 
+pre_restore_files () {
+    # If the makefiles have been generated by a framework such as cmake,
+    # restore them from git. If the makefiles look like modifications from
+    # the ones checked into git, take care not to modify them. Whatever
+    # this function leaves behind is what the script will restore before
+    # each component.
+    case "$(head -n1 Makefile)" in
+        *[Gg]enerated*)
+            git update-index --no-skip-worktree Makefile library/Makefile programs/Makefile tests/Makefile programs/fuzz/Makefile
+            git checkout -- Makefile library/Makefile programs/Makefile tests/Makefile programs/fuzz/Makefile
+            ;;
+    esac
+}
+
 pre_back_up () {
     for x in $files_to_back_up; do
         cp -p "$x" "$x$backup_suffix"
@@ -2762,6 +2776,7 @@ pre_initialize_variables
 pre_parse_command_line "$@"
 
 pre_check_git
+pre_restore_files
 pre_back_up
 
 build_status=0

From a561444561dec2313a99c3a6d6b560d0828f05c3 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Wed, 14 Jul 2021 14:54:11 +0100
Subject: [PATCH 108/966] Add missing space

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index a5027f386f..e14508353d 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3757,7 +3757,7 @@ static psa_status_t psa_aead_final_checks( psa_aead_operation_t *operation,
     if( operation->id == 0 || !operation->nonce_set )
         return( PSA_ERROR_BAD_STATE );
 
-    if( operation->lengths_set && (operation->ad_remaining != 0 ||
+    if( operation->lengths_set && ( operation->ad_remaining != 0 ||
                                    operation->body_remaining != 0 ) )
         return( PSA_ERROR_INVALID_ARGUMENT );
 

From 96b0173cec455571d89bb57d2c8b7c47500d9277 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Fri, 16 Jul 2021 17:00:26 +0100
Subject: [PATCH 109/966] Add common nonce checking to oneshot encrypt

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto_aead.c | 40 +++++++++++++++++++++++----------------
 1 file changed, 24 insertions(+), 16 deletions(-)

diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c
index f2096ce3f2..9ac26467f1 100644
--- a/library/psa_crypto_aead.c
+++ b/library/psa_crypto_aead.c
@@ -136,6 +136,22 @@ static psa_status_t psa_aead_setup(
     return( PSA_SUCCESS );
 }
 
+/* Perform common nonce length checks */
+static psa_status_t mbedtls_aead_check_nonce_length(
+    mbedtls_psa_aead_operation_t *operation,
+    size_t nonce_length )
+{
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
+    if( operation->alg == PSA_ALG_CHACHA20_POLY1305 )
+    {
+        if( nonce_length != 12 )
+            return( PSA_ERROR_NOT_SUPPORTED );
+    }
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
+
+    return PSA_SUCCESS;
+}
+
 psa_status_t mbedtls_psa_aead_encrypt(
     const psa_key_attributes_t *attributes,
     const uint8_t *key_buffer, size_t key_buffer_size,
@@ -164,6 +180,13 @@ psa_status_t mbedtls_psa_aead_encrypt(
     }
     tag = ciphertext + plaintext_length;
 
+    if( mbedtls_aead_check_nonce_length( &operation, nonce_length )
+        != PSA_SUCCESS )
+    {
+        status = PSA_ERROR_NOT_SUPPORTED;
+        goto exit;
+    }
+
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
     if( operation.alg == PSA_ALG_CCM )
     {
@@ -195,7 +218,7 @@ psa_status_t mbedtls_psa_aead_encrypt(
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
     if( operation.alg == PSA_ALG_CHACHA20_POLY1305 )
     {
-        if( nonce_length != 12 || operation.tag_length != 16 )
+        if( operation.tag_length != 16 )
         {
             status = PSA_ERROR_NOT_SUPPORTED;
             goto exit;
@@ -247,21 +270,6 @@ static psa_status_t psa_aead_unpadded_locate_tag( size_t tag_length,
     return( PSA_SUCCESS );
 }
 
-static psa_status_t mbedtls_aead_check_nonce_length(
-    mbedtls_psa_aead_operation_t *operation,
-    size_t nonce_length )
-{
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
-    if( operation->alg == PSA_ALG_CHACHA20_POLY1305 )
-    {
-        if( nonce_length != 12 )
-            return( PSA_ERROR_NOT_SUPPORTED );
-    }
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
-
-    return PSA_SUCCESS;
-}
-
 psa_status_t mbedtls_psa_aead_decrypt(
     const psa_key_attributes_t *attributes,
     const uint8_t *key_buffer, size_t key_buffer_size,

From 481be341ef1bee3a1a71bfb35b40dcfb72ca403e Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Fri, 16 Jul 2021 17:38:47 +0100
Subject: [PATCH 110/966] Make state tests more readable

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 tests/suites/test_suite_psa_crypto.function | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 502515f2a4..dfd0cfde47 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -3859,6 +3859,8 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data,
 
     psa_aead_abort( &operation );
 
+    /* ------------------------------------------------------- */
+
     operation = psa_aead_operation_init( );
 
     TEST_EQUAL( psa_aead_set_lengths( &operation, additional_data->len,
@@ -3867,6 +3869,8 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data,
 
     psa_aead_abort( &operation );
 
+    /* ------------------------------------------------------- */
+
     operation = psa_aead_operation_init( );
 
     TEST_EQUAL( psa_aead_update_ad( &operation, additional_data->x,
@@ -3875,6 +3879,8 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data,
 
     psa_aead_abort( &operation );
 
+    /* ------------------------------------------------------- */
+
     operation = psa_aead_operation_init( );
 
     TEST_EQUAL( psa_aead_update( &operation, input_data->x,
@@ -3884,6 +3890,8 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data,
 
     psa_aead_abort( &operation );
 
+    /* ------------------------------------------------------- */
+
     operation = psa_aead_operation_init( );
 
     TEST_EQUAL( psa_aead_finish( &operation, final_data,
@@ -3895,6 +3903,8 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data,
 
     psa_aead_abort( &operation );
 
+    /* ------------------------------------------------------- */
+
     operation = psa_aead_operation_init( );
 
     TEST_EQUAL( psa_aead_verify( &operation, final_data,
@@ -3917,6 +3927,8 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data,
 
     psa_aead_abort( &operation );
 
+    /* ------------------------------------------------------- */
+
     operation = psa_aead_operation_init( );
 
     PSA_ASSERT( psa_aead_decrypt_setup( &operation, key, alg ) );
@@ -3995,6 +4007,8 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data,
 
     psa_aead_abort( &operation );
 
+    /* ------------------------------------------------------- */
+
     operation = psa_aead_operation_init( );
 
     PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) );
@@ -4008,6 +4022,8 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data,
 
     psa_aead_abort( &operation );
 
+    /* ------------------------------------------------------- */
+
     operation = psa_aead_operation_init( );
 
     PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) );

From 374a2be58805d1e28f9493a20dc649ad69b8a621 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Fri, 16 Jul 2021 17:53:40 +0100
Subject: [PATCH 111/966] Add missing state test coverage

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 tests/suites/test_suite_psa_crypto.function | 70 +++++++++++++++++++++
 1 file changed, 70 insertions(+)

diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index dfd0cfde47..5f36230bfd 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -3938,6 +3938,28 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data,
 
     psa_aead_abort( &operation );
 
+    /* ------------------------------------------------------- */
+
+    operation = psa_aead_operation_init( );
+
+    PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) );
+
+    TEST_EQUAL( psa_aead_decrypt_setup( &operation, key, alg ),
+                PSA_ERROR_BAD_STATE );
+
+    psa_aead_abort( &operation );
+
+    /* ------------------------------------------------------- */
+
+    operation = psa_aead_operation_init( );
+
+    PSA_ASSERT( psa_aead_decrypt_setup( &operation, key, alg ) );
+
+    TEST_EQUAL( psa_aead_encrypt_setup( &operation, key, alg ),
+                PSA_ERROR_BAD_STATE );
+
+    psa_aead_abort( &operation );
+
     /* Test for not setting a nonce. */
 
     operation = psa_aead_operation_init( );
@@ -3963,6 +3985,54 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data,
 
     psa_aead_abort( &operation );
 
+    /* Test for double generating nonce. */
+
+    operation = psa_aead_operation_init( );
+
+    PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) );
+
+    PSA_ASSERT( psa_aead_generate_nonce( &operation, nonce_buffer,
+                                         PSA_AEAD_NONCE_MAX_SIZE,
+                                         &nonce_length ) );
+
+    TEST_EQUAL( psa_aead_generate_nonce( &operation, nonce_buffer,
+                                         PSA_AEAD_NONCE_MAX_SIZE,
+                                         &nonce_length ),
+                PSA_ERROR_BAD_STATE );
+
+
+    psa_aead_abort( &operation );
+
+    /* Test for generate nonce then set and vice versa */
+
+    operation = psa_aead_operation_init( );
+
+    PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) );
+
+    PSA_ASSERT( psa_aead_generate_nonce( &operation, nonce_buffer,
+                                         PSA_AEAD_NONCE_MAX_SIZE,
+                                         &nonce_length ) );
+
+    TEST_EQUAL( psa_aead_set_nonce( &operation, nonce->x, nonce->len ),
+                PSA_ERROR_BAD_STATE );
+
+    psa_aead_abort( &operation );
+
+    /* ------------------------------------------------------- */
+
+    operation = psa_aead_operation_init( );
+
+    PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) );
+
+    PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) );
+
+    TEST_EQUAL( psa_aead_generate_nonce( &operation, nonce_buffer,
+                                         PSA_AEAD_NONCE_MAX_SIZE,
+                                         &nonce_length ),
+                PSA_ERROR_BAD_STATE );
+
+    psa_aead_abort( &operation );
+
     /* Test for generating nonce in decrypt setup. */
 
     operation = psa_aead_operation_init( );

From d85f547b65b177d786598890742b48d3fd8b0987 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Fri, 16 Jul 2021 18:20:16 +0100
Subject: [PATCH 112/966] Add expected size to nonce generation test

Also add unneeded copy-paste in the test descriptions.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 tests/suites/test_suite_psa_crypto.data     | 14 +++++++-------
 tests/suites/test_suite_psa_crypto.function |  4 ++++
 2 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index f55deb022f..db94f53b35 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -2574,25 +2574,25 @@ PSA Multipart AEAD decrypt: invalid algorithm (ChaCha20)
 depends_on:MBEDTLS_CHACHA20_C
 aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_STREAM_CIPHER:"":"":1:"":1:0:"":PSA_ERROR_INVALID_ARGUMENT
 
-PSA Multipart Nonce Generation, AES - GCM, CAVS 14.0, IV = 12
+PSA Multipart Nonce Generation, AES - GCM, IV = 12
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_generate_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):12:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS
+aead_multipart_generate_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):12:12:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS
 
-PSA Multipart Nonce Generation, AES - GCM, CAVS 14.0, IV = 0
+PSA Multipart Nonce Generation, AES - GCM, IV = 0
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_generate_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):0:"":"":PSA_ERROR_BUFFER_TOO_SMALL
+aead_multipart_generate_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):0:0:"":"":PSA_ERROR_BUFFER_TOO_SMALL
 
 PSA Multipart Nonce Generation: ChaCha20 - Poly1305, IV = 12
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
-aead_multipart_generate_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:12:"50515253c0c1c2c3c4c5c6c7":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_SUCCESS
+aead_multipart_generate_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:12:12:"50515253c0c1c2c3c4c5c6c7":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_SUCCESS
 
 PSA Multipart Nonce Generation: ChaCha20 - Poly1305, IV = 8
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
-aead_multipart_generate_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:8:"":"":PSA_ERROR_BUFFER_TOO_SMALL
+aead_multipart_generate_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:8:0:"":"":PSA_ERROR_BUFFER_TOO_SMALL
 
 PSA Multipart Nonce Generation: ChaCha20 - Poly1305, IV = 0
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
-aead_multipart_generate_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:0:"":"":PSA_ERROR_BUFFER_TOO_SMALL
+aead_multipart_generate_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:0:0:"":"":PSA_ERROR_BUFFER_TOO_SMALL
 
 PSA Multipart State Checks, AES - GCM
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 5f36230bfd..b5fe5e74a6 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -3699,6 +3699,7 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data,
 void aead_multipart_generate_nonce( int key_type_arg, data_t *key_data,
                                     int alg_arg,
                                     int nonce_len,
+                                    int expected_generated_len_arg,
                                     data_t *additional_data,
                                     data_t *input_data,
                                     int expected_status_arg )
@@ -3712,6 +3713,7 @@ void aead_multipart_generate_nonce( int key_type_arg, data_t *key_data,
     psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     psa_status_t status = PSA_ERROR_GENERIC_ERROR;
     size_t nonce_generated_len = 0;
+    size_t expected_generated_len = expected_generated_len_arg;
     unsigned char *output_data = NULL;
     unsigned char *final_data = NULL;
     size_t output_size = 0;
@@ -3764,6 +3766,8 @@ void aead_multipart_generate_nonce( int key_type_arg, data_t *key_data,
 
     TEST_ASSERT( status == expected_status_arg );
 
+    TEST_EQUAL( nonce_generated_len, expected_generated_len );
+
     if( expected_status_arg == PSA_SUCCESS )
     {
 

From e0fcb3b99efc500f792d9fcdecc08af30d8e9e8c Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Fri, 16 Jul 2021 18:52:03 +0100
Subject: [PATCH 113/966] Add 'too big' tests for nonce generation

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 tests/suites/test_suite_psa_crypto.data     | 8 ++++++++
 tests/suites/test_suite_psa_crypto.function | 4 ++--
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index db94f53b35..5e16c8c079 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -2582,6 +2582,10 @@ PSA Multipart Nonce Generation, AES - GCM, IV = 0
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_generate_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):0:0:"":"":PSA_ERROR_BUFFER_TOO_SMALL
 
+PSA Multipart Nonce Generation, AES - GCM, IV = 16
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_generate_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):16:12:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS
+
 PSA Multipart Nonce Generation: ChaCha20 - Poly1305, IV = 12
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
 aead_multipart_generate_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:12:12:"50515253c0c1c2c3c4c5c6c7":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_SUCCESS
@@ -2594,6 +2598,10 @@ PSA Multipart Nonce Generation: ChaCha20 - Poly1305, IV = 0
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
 aead_multipart_generate_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:0:0:"":"":PSA_ERROR_BUFFER_TOO_SMALL
 
+PSA Multipart Nonce Generation: ChaCha20 - Poly1305, IV = 16
+depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
+aead_multipart_generate_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:16:12:"":"":PSA_SUCCESS
+
 PSA Multipart State Checks, AES - GCM
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_state_test:PSA_KEY_TYPE_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":PSA_ALG_GCM:"000102030405060708090A0B0C0D0E0F":"000102030405060708090A0B":"0C0D0E0F101112131415161718191A1B1C1D1E"
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index b5fe5e74a6..ac58b6edf3 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -3758,8 +3758,6 @@ void aead_multipart_generate_nonce( int key_type_arg, data_t *key_data,
 
     PSA_ASSERT( status );
 
-    TEST_ASSERT( nonce_len < PSA_AEAD_NONCE_MAX_SIZE );
-
     status = psa_aead_generate_nonce( &operation, nonce_buffer,
                                       nonce_len,
                                       &nonce_generated_len );
@@ -3768,6 +3766,8 @@ void aead_multipart_generate_nonce( int key_type_arg, data_t *key_data,
 
     TEST_EQUAL( nonce_generated_len, expected_generated_len );
 
+    TEST_ASSERT( nonce_generated_len < PSA_AEAD_NONCE_MAX_SIZE );
+
     if( expected_status_arg == PSA_SUCCESS )
     {
 

From 32925b9e5b3c67c754ca7f8fcb34abf56c5fe480 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Fri, 16 Jul 2021 18:56:12 +0100
Subject: [PATCH 114/966] Make sure unused parts of tag buffer are cleared

We already did this on failure, but make sure the buffer does not leak
what was in it previously on success

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index e14508353d..95f9740633 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3804,9 +3804,14 @@ psa_status_t psa_aead_finish( psa_aead_operation_t *operation,
 exit:
 
     /* In case the operation fails and the user fails to check for failure or
-     * the zero tag size, make sure the tag is set to something impossible. */
+     * the zero tag size, make sure the tag is set to something impossible.
+     * Even if the operation succeeds, make sure we set the rest of the
+     * buffer to something impossible to prevent potential leakage of
+     * anything previously placed in the same buffer.*/
     if( status != PSA_SUCCESS )
-        memset(tag, '!', tag_size);
+        memset( tag, '!', tag_size );
+    else if( *tag_length < tag_size )
+        memset( tag + *tag_length, '!', ( tag_size - *tag_length ) );
 
     psa_aead_abort( operation );
 

From 315628d91ab1f07327655cfc1aebe3b433078046 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Tue, 20 Jul 2021 18:25:54 +0100
Subject: [PATCH 115/966] Remove internal aead_verify endpoint

The internal verify endpoint was only calling the finish endpoint to get
a tag to compare against the tag passed in. Moved this logic to the
driver wrapper (still allowing a driver to call verify if required) and
removed the internal implementation endpoint.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto_aead.c            | 78 +---------------------------
 library/psa_crypto_aead.h            | 71 -------------------------
 library/psa_crypto_driver_wrappers.c | 28 ++++++++--
 3 files changed, 25 insertions(+), 152 deletions(-)

diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c
index 9ac26467f1..9f673596fd 100644
--- a/library/psa_crypto_aead.c
+++ b/library/psa_crypto_aead.c
@@ -607,18 +607,6 @@ psa_status_t mbedtls_psa_aead_update(
     return( status );
 }
 
-/* Common checks for both mbedtls_psa_aead_finish() and
-   mbedtls_psa_aead_verify() */
-static psa_status_t mbedtls_psa_aead_finish_checks(
-    mbedtls_psa_aead_operation_t *operation,
-    size_t tag_size )
-{
-    if( tag_size < operation->tag_length )
-        return ( PSA_ERROR_BUFFER_TOO_SMALL );
-
-    return ( PSA_SUCCESS );
-}
-
 /* Finish encrypting a message in a multipart AEAD operation. */
 psa_status_t mbedtls_psa_aead_finish(
     mbedtls_psa_aead_operation_t *operation,
@@ -632,10 +620,8 @@ psa_status_t mbedtls_psa_aead_finish(
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     size_t finish_output_size = 0;
 
-    status = mbedtls_psa_aead_finish_checks( operation, tag_size );
-
-    if( status != PSA_SUCCESS )
-        return status;
+    if( tag_size < operation->tag_length )
+        return( PSA_ERROR_BUFFER_TOO_SMALL );
 
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
     if( operation->alg == PSA_ALG_GCM )
@@ -672,66 +658,6 @@ psa_status_t mbedtls_psa_aead_finish(
     return ( status );
 }
 
-/* Finish authenticating and decrypting a message in a multipart AEAD
- * operation.*/
-psa_status_t mbedtls_psa_aead_verify(
-    mbedtls_psa_aead_operation_t *operation,
-    uint8_t *plaintext,
-    size_t plaintext_size,
-    size_t *plaintext_length,
-    const uint8_t *tag,
-    size_t tag_length )
-{
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-    size_t finish_output_size = 0;
-    int do_tag_check = 1;
-    uint8_t check_tag[PSA_AEAD_TAG_MAX_SIZE];
-
-    status = mbedtls_psa_aead_finish_checks( operation, tag_length );
-
-    if( status != PSA_SUCCESS )
-        return status;
-
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
-    if( operation->alg == PSA_ALG_GCM )
-        /* Call finish to get the tag for comparison */
-        status =  mbedtls_to_psa_error(
-           mbedtls_gcm_finish( &operation->ctx.gcm,
-                               plaintext, plaintext_size,
-                               check_tag, operation->tag_length ) );
-    else
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
-    if( operation->alg == PSA_ALG_CHACHA20_POLY1305 )
-        // call finish to get the tag for comparison.
-        status = mbedtls_to_psa_error(
-           mbedtls_chachapoly_finish( &operation->ctx.chachapoly,
-                                      check_tag ) );
-
-    else
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
-    {
-        ( void ) plaintext;
-        ( void ) plaintext_size;
-        ( void ) plaintext_length;
-        ( void ) tag;
-        ( void ) tag_length;
-
-        return ( PSA_ERROR_NOT_SUPPORTED );
-    }
-
-    if( status == PSA_SUCCESS )
-    {
-        *plaintext_length = finish_output_size;
-
-        if( do_tag_check && ( tag_length != operation->tag_length ||
-            mbedtls_psa_safer_memcmp(tag, check_tag, tag_length) != 0 ) )
-            status = PSA_ERROR_INVALID_SIGNATURE;
-    }
-
-    return ( status );
-}
-
 /* Abort an AEAD operation */
 psa_status_t mbedtls_psa_aead_abort(
    mbedtls_psa_aead_operation_t *operation )
diff --git a/library/psa_crypto_aead.h b/library/psa_crypto_aead.h
index c664f9f2bb..38202b6fb4 100644
--- a/library/psa_crypto_aead.h
+++ b/library/psa_crypto_aead.h
@@ -491,77 +491,6 @@ psa_status_t mbedtls_psa_aead_finish(
     size_t tag_size,
     size_t *tag_length );
 
-/** Finish authenticating and decrypting a message in an AEAD operation.
- *
- *  \note The signature of this function is that of a PSA driver
- *       aead_verify entry point. This function behaves as an aead_verify entry
- *       point as defined in the PSA driver interface specification for
- *       transparent drivers.
- *
- * The operation must have been set up by the PSA core with
- * mbedtls_psa_aead_decrypt_setup().
- *
- * This function finishes the authenticated decryption of the message
- * components:
- *
- * -  The additional data consisting of the concatenation of the inputs
- *    passed to preceding calls to mbedtls_psa_aead_update_ad().
- * -  The ciphertext consisting of the concatenation of the inputs passed to
- *    preceding calls to mbedtls_psa_aead_update().
- * -  The tag passed to this function call.
- *
- * If the authentication tag is correct, this function outputs any remaining
- * plaintext and reports success. If the authentication tag is not correct,
- * this function returns #PSA_ERROR_INVALID_SIGNATURE.
- *
- * Whether or not this function returns successfully, the PSA core subsequently
- * calls mbedtls_psa_aead_abort() to deactivate the operation.
- *
- * \note Implementations shall make the best effort to ensure that the
- * comparison between the actual tag and the expected tag is performed
- * in constant time.
- *
- * \param[in,out] operation     Active AEAD operation.
- * \param[out] plaintext        Buffer where the last part of the plaintext
- *                              is to be written. This is the remaining data
- *                              from previous calls to mbedtls_psa_aead_update()
- *                              that could not be processed until the end
- *                              of the input.
- * \param plaintext_size        Size of the \p plaintext buffer in bytes.
- *                              This must be appropriate for the selected
- *                              algorithm and key:
- *                              - A sufficient output size is
- *                                #PSA_AEAD_VERIFY_OUTPUT_SIZE(\c key_type,
- *                                \c alg) where \c key_type is the type of key
- *                                and \c alg is the algorithm that were used to
- *                                set up the operation.
- *                              - #PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE evaluates to
- *                                the maximum output size of any supported AEAD
- *                                algorithm.
- * \param[out] plaintext_length On success, the number of bytes of
- *                              returned plaintext.
- * \param[in] tag               Buffer containing the authentication tag.
- * \param tag_length            Size of the \p tag buffer in bytes.
- *
- * \retval #PSA_SUCCESS
- *         Success.
- * \retval #PSA_ERROR_INVALID_SIGNATURE
- *         The calculations were successful, but the authentication tag is
- *         not correct.
- * \retval #PSA_ERROR_BUFFER_TOO_SMALL
- *         The size of the \p tag buffer is too small.
- *         #PSA_AEAD_TAG_LENGTH(\c key_type, key_bits, \c alg) or
- *         #PSA_AEAD_TAG_MAX_SIZE can be used to determine the required \p tag
- *         buffer size.
- */
-psa_status_t mbedtls_psa_aead_verify(
-    mbedtls_psa_aead_operation_t *operation,
-    uint8_t *plaintext,
-    size_t plaintext_size,
-    size_t *plaintext_length,
-    const uint8_t *tag,
-    size_t tag_length );
-
 /** Abort an AEAD operation.
  *
  *  \note The signature of this function is that of a PSA driver
diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c
index 48410c0e1e..09fff0c6bd 100644
--- a/library/psa_crypto_driver_wrappers.c
+++ b/library/psa_crypto_driver_wrappers.c
@@ -1739,11 +1739,29 @@ psa_status_t psa_driver_wrapper_aead_verify(
     {
 #if defined(MBEDTLS_PSA_BUILTIN_AEAD)
         case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
-            return( mbedtls_psa_aead_verify( &operation->ctx.mbedtls_ctx,
-                                             plaintext,
-                                             plaintext_size,
-                                             plaintext_length,
-                                             tag, tag_length ) );
+            {
+                psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+                uint8_t check_tag[PSA_AEAD_TAG_MAX_SIZE];
+                size_t check_tag_length;
+
+                status = mbedtls_psa_aead_finish( &operation->ctx.mbedtls_ctx,
+                                                  plaintext,
+                                                  plaintext_size,
+                                                  plaintext_length,
+                                                  check_tag,
+                                                  tag_length,
+                                                  &check_tag_length );
+
+                if( status == PSA_SUCCESS )
+                {
+                    if( tag_length != check_tag_length ||
+                        mbedtls_psa_safer_memcmp( tag, check_tag, tag_length )
+                        != 0 )
+                        status = PSA_ERROR_INVALID_SIGNATURE;
+                }
+
+                return( status );
+            }
 
 #endif /* MBEDTLS_PSA_BUILTIN_AEAD */
 

From 97fd1bad8375d96a7901f828ef62799c8e7d64bc Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Wed, 21 Jul 2021 18:46:06 +0100
Subject: [PATCH 116/966] Convert over to using a single internal test func

Make all encrypt/decrypt tests use the same function. Cleanup arguments
that were poorly named and document internal function. Removed one test
as I didn't want to write another test purely for it, when its already
tested in one shot.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 tests/suites/test_suite_psa_crypto.data     | 187 +++----
 tests/suites/test_suite_psa_crypto.function | 531 ++++++++------------
 2 files changed, 263 insertions(+), 455 deletions(-)

diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index 5e16c8c079..8f9d6c4d6b 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -2312,224 +2312,166 @@ aead_multipart_encrypt:PSA_KEY_TYPE_AES:"2e6942d537f1a98444c2f9dbdb5d8db42a503a0
 
 PSA Multipart AEAD decrypt, AES-GCM, 144 bytes #1
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_SUCCESS
-
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1
 PSA Multipart AEAD decrypt, AES-GCM, 144 bytes #1 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_SUCCESS
-
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1
 PSA Multipart AEAD decrypt, AES-GCM, 144 bytes #2
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":0:"12495120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56":1:0:"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":PSA_SUCCESS
-
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":0:"12495120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56":1:0:"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":1
 PSA Multipart AEAD decrypt, AES-GCM, 144 bytes #2 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":0:"12495120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56":1:1:"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":PSA_SUCCESS
-
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":0:"12495120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56":1:1:"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":1
 PSA Multipart AEAD decrypt, AES-GCM, 144 bytes, T=4
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847f":1:0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_SUCCESS
-
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847f":1:0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1
 PSA Multipart AEAD decrypt, AES-GCM, 144 bytes, T=4 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847f":1:1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_SUCCESS
-
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847f":1:1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1
 PSA Multipart AEAD decrypt, AES-GCM, 144 bytes, T=15
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a":1:0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_SUCCESS
-
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a":1:0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1
 PSA Multipart AEAD decrypt, AES-GCM, 144 bytes, T=15 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a":1:1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_SUCCESS
-
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a":1:1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1
 PSA Multipart AEAD decrypt, AES-GCM, 144 bytes, T=16
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_SUCCESS
-
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1
 PSA Multipart AEAD decrypt, AES-GCM, 144 bytes, T=16 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_SUCCESS
-
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1
 PSA Multipart AEAD decrypt, AES-GCM, invalid signature
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":0:"12195120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56":1:0:"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":PSA_ERROR_INVALID_SIGNATURE
-
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":0:"12195120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56":1:0:"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":0
 PSA Multipart AEAD decrypt, AES-GCM, T=15 but passing 16 bytes
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_ERROR_INVALID_SIGNATURE
-
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":0
 PSA Multipart AEAD decrypt: AES-GCM, invalid tag length 0
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 0 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":0:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":1:0:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT
-
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 0 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":0:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":1:0:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":0
 PSA Multipart AEAD decrypt: AES-GCM, invalid tag length 2
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 2 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":0:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":1:0:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT
-
-PSA Multipart AEAD decrypt: AES-GCM, invalid tag length 18
-depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 18 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":0:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":1:0:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT
-
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 2 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":0:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":1:0:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":0
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=0, AAD=0, TAG=16
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"0e5d6e68f82f32bea3f0b69498c1a31ef6d955cd3d27a2a8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"caf72ee1e62e1001e8cfbc63":"":0:"db1a74ffb5f7de26f5742e0942b1b9cb":1:0:"":PSA_SUCCESS
-
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"0e5d6e68f82f32bea3f0b69498c1a31ef6d955cd3d27a2a8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"caf72ee1e62e1001e8cfbc63":"":0:"db1a74ffb5f7de26f5742e0942b1b9cb":1:0:"":1
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=0, AAD=0, TAG=16 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"0e5d6e68f82f32bea3f0b69498c1a31ef6d955cd3d27a2a8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"caf72ee1e62e1001e8cfbc63":"":0:"db1a74ffb5f7de26f5742e0942b1b9cb":1:1:"":PSA_SUCCESS
-
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"0e5d6e68f82f32bea3f0b69498c1a31ef6d955cd3d27a2a8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"caf72ee1e62e1001e8cfbc63":"":0:"db1a74ffb5f7de26f5742e0942b1b9cb":1:1:"":1
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=0, AAD=48, TAG=14
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e79fb7defce4f650402e6b521170686d3eb2a0b9514f3a64":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"40e0d2d836c0519e7042419b":"41c5b5d971c0723bc1b63a259fe7e06c2961de1241bc34c13965f43636e4da3da8c75ed5956abe3a42f3039af005925a":0:"434ff68f2436f48418fd69f52158":1:0:"":PSA_SUCCESS
-
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e79fb7defce4f650402e6b521170686d3eb2a0b9514f3a64":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"40e0d2d836c0519e7042419b":"41c5b5d971c0723bc1b63a259fe7e06c2961de1241bc34c13965f43636e4da3da8c75ed5956abe3a42f3039af005925a":0:"434ff68f2436f48418fd69f52158":1:0:"":1
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=0, AAD=48, TAG=14 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e79fb7defce4f650402e6b521170686d3eb2a0b9514f3a64":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"40e0d2d836c0519e7042419b":"41c5b5d971c0723bc1b63a259fe7e06c2961de1241bc34c13965f43636e4da3da8c75ed5956abe3a42f3039af005925a":0:"434ff68f2436f48418fd69f52158":1:1:"":PSA_SUCCESS
-
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e79fb7defce4f650402e6b521170686d3eb2a0b9514f3a64":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"40e0d2d836c0519e7042419b":"41c5b5d971c0723bc1b63a259fe7e06c2961de1241bc34c13965f43636e4da3da8c75ed5956abe3a42f3039af005925a":0:"434ff68f2436f48418fd69f52158":1:1:"":1
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=0, TAG=15
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e41d1f533d5b342ffe434b94b1372683bfd5d9d8cb79f9ee":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"5fe11a596dfcd3a305c1d711":"":0:"1847f64fff986476d1d2f758692f856da4a0ff98c0c1101694c84fd86680c9":1:0:"b03c2c20f758a93a8d1220232ad87098":PSA_SUCCESS
-
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e41d1f533d5b342ffe434b94b1372683bfd5d9d8cb79f9ee":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"5fe11a596dfcd3a305c1d711":"":0:"1847f64fff986476d1d2f758692f856da4a0ff98c0c1101694c84fd86680c9":1:0:"b03c2c20f758a93a8d1220232ad87098":1
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=0, TAG=15 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e41d1f533d5b342ffe434b94b1372683bfd5d9d8cb79f9ee":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"5fe11a596dfcd3a305c1d711":"":0:"1847f64fff986476d1d2f758692f856da4a0ff98c0c1101694c84fd86680c9":1:1:"b03c2c20f758a93a8d1220232ad87098":PSA_SUCCESS
-
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e41d1f533d5b342ffe434b94b1372683bfd5d9d8cb79f9ee":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"5fe11a596dfcd3a305c1d711":"":0:"1847f64fff986476d1d2f758692f856da4a0ff98c0c1101694c84fd86680c9":1:1:"b03c2c20f758a93a8d1220232ad87098":1
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=20, TAG=15
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"8e7da473c057a2a4669a0d22bf9b7c9913fba48930ca0c9b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"f9ff8ef80d76c50f9ca0e9ff":"f141bae18a1b54f065554fd34aa02c91c90f505c":0:"5deb093b6e7c766a64bb9d5170af1ff8bf130b64eebdce06a9bdb2cf1da15a":1:0:"b22b2dcdcc18adc30d16297b84b459d8":PSA_SUCCESS
-
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"8e7da473c057a2a4669a0d22bf9b7c9913fba48930ca0c9b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"f9ff8ef80d76c50f9ca0e9ff":"f141bae18a1b54f065554fd34aa02c91c90f505c":0:"5deb093b6e7c766a64bb9d5170af1ff8bf130b64eebdce06a9bdb2cf1da15a":1:0:"b22b2dcdcc18adc30d16297b84b459d8":1
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=20, TAG=15 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"8e7da473c057a2a4669a0d22bf9b7c9913fba48930ca0c9b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"f9ff8ef80d76c50f9ca0e9ff":"f141bae18a1b54f065554fd34aa02c91c90f505c":0:"5deb093b6e7c766a64bb9d5170af1ff8bf130b64eebdce06a9bdb2cf1da15a":1:1:"b22b2dcdcc18adc30d16297b84b459d8":PSA_SUCCESS
-
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"8e7da473c057a2a4669a0d22bf9b7c9913fba48930ca0c9b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"f9ff8ef80d76c50f9ca0e9ff":"f141bae18a1b54f065554fd34aa02c91c90f505c":0:"5deb093b6e7c766a64bb9d5170af1ff8bf130b64eebdce06a9bdb2cf1da15a":1:1:"b22b2dcdcc18adc30d16297b84b459d8":1
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=48, TAG=12
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"01bf150add51bb11623e3bfbebd62a7ea81c5b192b8eb6de":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"dfacbc6791b785d324c646b7":"e35412a625324257bef35399a7eacca34fec2d2d24166e6bb3e94d96f5c57599ded45e2a74503f07116caa1692398a07":0:"77579db3c6da769e17731faac4732d7cce65d960a49f94f6b583e54a":1:0:"7e5fd8b595ddc4753676107951d900e2":PSA_SUCCESS
-
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"01bf150add51bb11623e3bfbebd62a7ea81c5b192b8eb6de":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"dfacbc6791b785d324c646b7":"e35412a625324257bef35399a7eacca34fec2d2d24166e6bb3e94d96f5c57599ded45e2a74503f07116caa1692398a07":0:"77579db3c6da769e17731faac4732d7cce65d960a49f94f6b583e54a":1:0:"7e5fd8b595ddc4753676107951d900e2":1
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=48, TAG=12 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"01bf150add51bb11623e3bfbebd62a7ea81c5b192b8eb6de":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"dfacbc6791b785d324c646b7":"e35412a625324257bef35399a7eacca34fec2d2d24166e6bb3e94d96f5c57599ded45e2a74503f07116caa1692398a07":0:"77579db3c6da769e17731faac4732d7cce65d960a49f94f6b583e54a":1:1:"7e5fd8b595ddc4753676107951d900e2":PSA_SUCCESS
-
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"01bf150add51bb11623e3bfbebd62a7ea81c5b192b8eb6de":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"dfacbc6791b785d324c646b7":"e35412a625324257bef35399a7eacca34fec2d2d24166e6bb3e94d96f5c57599ded45e2a74503f07116caa1692398a07":0:"77579db3c6da769e17731faac4732d7cce65d960a49f94f6b583e54a":1:1:"7e5fd8b595ddc4753676107951d900e2":1
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=48, TAG=8
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"551266c4ed166fe1c43761927801ed50cb9c0b3864fc97df":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"e711afbeccd567f866340abb":"562d1697237ebc563941076d459727dfa094eb9ac00d30ed5836825d163dd27517c7660a01056b2d868c7fc5d0343830":0:"2b54cc27f6ee71882e8b1ead207d2b042d262e87eac97b58":1:0:"37245449db8f72b1ecdb420f629d3d80":PSA_SUCCESS
-
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"551266c4ed166fe1c43761927801ed50cb9c0b3864fc97df":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"e711afbeccd567f866340abb":"562d1697237ebc563941076d459727dfa094eb9ac00d30ed5836825d163dd27517c7660a01056b2d868c7fc5d0343830":0:"2b54cc27f6ee71882e8b1ead207d2b042d262e87eac97b58":1:0:"37245449db8f72b1ecdb420f629d3d80":1
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=48, TAG=8 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"551266c4ed166fe1c43761927801ed50cb9c0b3864fc97df":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"e711afbeccd567f866340abb":"562d1697237ebc563941076d459727dfa094eb9ac00d30ed5836825d163dd27517c7660a01056b2d868c7fc5d0343830":0:"2b54cc27f6ee71882e8b1ead207d2b042d262e87eac97b58":1:1:"37245449db8f72b1ecdb420f629d3d80":PSA_SUCCESS
-
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"551266c4ed166fe1c43761927801ed50cb9c0b3864fc97df":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"e711afbeccd567f866340abb":"562d1697237ebc563941076d459727dfa094eb9ac00d30ed5836825d163dd27517c7660a01056b2d868c7fc5d0343830":0:"2b54cc27f6ee71882e8b1ead207d2b042d262e87eac97b58":1:1:"37245449db8f72b1ecdb420f629d3d80":1
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=0, TAG=15
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"78fa4a2a5b5b1b1d9580ea527f2e1653e9336e15cc5462f5":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"98b774f7110e0bea624b487f":"":0:"a642aabed8b99e15e297ee705a40c3e2e506cb889727b327b7e044a8":1:0:"496909523f574b205d757659c5":PSA_SUCCESS
-
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"78fa4a2a5b5b1b1d9580ea527f2e1653e9336e15cc5462f5":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"98b774f7110e0bea624b487f":"":0:"a642aabed8b99e15e297ee705a40c3e2e506cb889727b327b7e044a8":1:0:"496909523f574b205d757659c5":1
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=0, TAG=15 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"78fa4a2a5b5b1b1d9580ea527f2e1653e9336e15cc5462f5":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"98b774f7110e0bea624b487f":"":0:"a642aabed8b99e15e297ee705a40c3e2e506cb889727b327b7e044a8":1:1:"496909523f574b205d757659c5":PSA_SUCCESS
-
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"78fa4a2a5b5b1b1d9580ea527f2e1653e9336e15cc5462f5":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"98b774f7110e0bea624b487f":"":0:"a642aabed8b99e15e297ee705a40c3e2e506cb889727b327b7e044a8":1:1:"496909523f574b205d757659c5":1
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=16, TAG=15
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"61f4c2e55d729c4657e503dfe2b604e2853675dbdeb0982a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"0c4d5548aa2d8d54964e1e63":"5affdf8886dabb14790aff3dbfcbdd80":0:"0d4eacc3db304f46cb7a9eba6ec105bf86d9dc0639b7cebbd5260f47":1:0:"b6e056de521a27266dffbc0d96":PSA_SUCCESS
-
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"61f4c2e55d729c4657e503dfe2b604e2853675dbdeb0982a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"0c4d5548aa2d8d54964e1e63":"5affdf8886dabb14790aff3dbfcbdd80":0:"0d4eacc3db304f46cb7a9eba6ec105bf86d9dc0639b7cebbd5260f47":1:0:"b6e056de521a27266dffbc0d96":1
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=16, TAG=15 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"61f4c2e55d729c4657e503dfe2b604e2853675dbdeb0982a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"0c4d5548aa2d8d54964e1e63":"5affdf8886dabb14790aff3dbfcbdd80":0:"0d4eacc3db304f46cb7a9eba6ec105bf86d9dc0639b7cebbd5260f47":1:1:"b6e056de521a27266dffbc0d96":PSA_SUCCESS
-
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"61f4c2e55d729c4657e503dfe2b604e2853675dbdeb0982a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"0c4d5548aa2d8d54964e1e63":"5affdf8886dabb14790aff3dbfcbdd80":0:"0d4eacc3db304f46cb7a9eba6ec105bf86d9dc0639b7cebbd5260f47":1:1:"b6e056de521a27266dffbc0d96":1
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=20, TAG=13
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"73245c4f115a74fe71d6fefb9094c57c75f28033a3c7372b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"536a82485999b93b0bb7ef24":"64dcad870a42eeec0730fd7a7e4154638a85d739":0:"29333e87bfe65d0e37da2936f695824d4e3f37fab3b8e2b868f6":1:0:"f6d56f8c86f27d957fa63aea22":PSA_SUCCESS
-
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"73245c4f115a74fe71d6fefb9094c57c75f28033a3c7372b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"536a82485999b93b0bb7ef24":"64dcad870a42eeec0730fd7a7e4154638a85d739":0:"29333e87bfe65d0e37da2936f695824d4e3f37fab3b8e2b868f6":1:0:"f6d56f8c86f27d957fa63aea22":1
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=20, TAG=13 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"73245c4f115a74fe71d6fefb9094c57c75f28033a3c7372b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"536a82485999b93b0bb7ef24":"64dcad870a42eeec0730fd7a7e4154638a85d739":0:"29333e87bfe65d0e37da2936f695824d4e3f37fab3b8e2b868f6":1:1:"f6d56f8c86f27d957fa63aea22":PSA_SUCCESS
-
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"73245c4f115a74fe71d6fefb9094c57c75f28033a3c7372b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"536a82485999b93b0bb7ef24":"64dcad870a42eeec0730fd7a7e4154638a85d739":0:"29333e87bfe65d0e37da2936f695824d4e3f37fab3b8e2b868f6":1:1:"f6d56f8c86f27d957fa63aea22":1
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=48, TAG=4
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"9002e74638e09dd1f091439518e1460cdd5905bd9e1a37ae":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"76c81a95d24be5c8bac63b50":"aa3ae4531aaac8f3eb07f748712c55a680bc8df5cf845edc66d09049500b41688b8023f5746879b45bdd586af29c4ede":0:"31bf37acbc53ca3fdbc9e5eaaebbb85a7f":1:0:"bd94b34511bc65ae47684805cb":PSA_SUCCESS
-
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"9002e74638e09dd1f091439518e1460cdd5905bd9e1a37ae":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"76c81a95d24be5c8bac63b50":"aa3ae4531aaac8f3eb07f748712c55a680bc8df5cf845edc66d09049500b41688b8023f5746879b45bdd586af29c4ede":0:"31bf37acbc53ca3fdbc9e5eaaebbb85a7f":1:0:"bd94b34511bc65ae47684805cb":1
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=48, TAG=4 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"9002e74638e09dd1f091439518e1460cdd5905bd9e1a37ae":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"76c81a95d24be5c8bac63b50":"aa3ae4531aaac8f3eb07f748712c55a680bc8df5cf845edc66d09049500b41688b8023f5746879b45bdd586af29c4ede":0:"31bf37acbc53ca3fdbc9e5eaaebbb85a7f":1:1:"bd94b34511bc65ae47684805cb":PSA_SUCCESS
-
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"9002e74638e09dd1f091439518e1460cdd5905bd9e1a37ae":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"76c81a95d24be5c8bac63b50":"aa3ae4531aaac8f3eb07f748712c55a680bc8df5cf845edc66d09049500b41688b8023f5746879b45bdd586af29c4ede":0:"31bf37acbc53ca3fdbc9e5eaaebbb85a7f":1:1:"bd94b34511bc65ae47684805cb":1
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=0, TAG=16
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f5a2b27c74355872eb3ef6c5feafaa740e6ae990d9d48c3bd9bb8235e589f010":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"58d2240f580a31c1d24948e9":"":0:"15e051a5e4a5f5da6cea92e2ebee5bac":1:0:"":PSA_SUCCESS
-
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f5a2b27c74355872eb3ef6c5feafaa740e6ae990d9d48c3bd9bb8235e589f010":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"58d2240f580a31c1d24948e9":"":0:"15e051a5e4a5f5da6cea92e2ebee5bac":1:0:"":1
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=0, TAG=16 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f5a2b27c74355872eb3ef6c5feafaa740e6ae990d9d48c3bd9bb8235e589f010":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"58d2240f580a31c1d24948e9":"":0:"15e051a5e4a5f5da6cea92e2ebee5bac":1:1:"":PSA_SUCCESS
-
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f5a2b27c74355872eb3ef6c5feafaa740e6ae990d9d48c3bd9bb8235e589f010":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"58d2240f580a31c1d24948e9":"":0:"15e051a5e4a5f5da6cea92e2ebee5bac":1:1:"":1
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=16, TAG=15
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"3395a1485315c5b5e6353acb05ae9499c440a2e9f5c57494662f827235ea314c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"3b7e632571602456b49880f0":"f283f80226dacb69c8af089ec6b59e81":0:"84c8beff4b0d160ee68ac613097f51":1:0:"":PSA_SUCCESS
-
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"3395a1485315c5b5e6353acb05ae9499c440a2e9f5c57494662f827235ea314c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"3b7e632571602456b49880f0":"f283f80226dacb69c8af089ec6b59e81":0:"84c8beff4b0d160ee68ac613097f51":1:0:"":1
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=16, TAG=15 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"3395a1485315c5b5e6353acb05ae9499c440a2e9f5c57494662f827235ea314c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"3b7e632571602456b49880f0":"f283f80226dacb69c8af089ec6b59e81":0:"84c8beff4b0d160ee68ac613097f51":1:1:"":PSA_SUCCESS
-
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"3395a1485315c5b5e6353acb05ae9499c440a2e9f5c57494662f827235ea314c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"3b7e632571602456b49880f0":"f283f80226dacb69c8af089ec6b59e81":0:"84c8beff4b0d160ee68ac613097f51":1:1:"":1
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=20, TAG=15
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4dc46ca55c1c1fcb4720c274c0e675c2ac5bf93d8dd5e951ca9f6b61f884edc9":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"6473ab77dc885127422f5594":"e2cf8172ab4cf77eba45cd2c8ff939b938080a90":0:"8d6351f18d873242204c20144e2b83":1:0:"":PSA_SUCCESS
-
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4dc46ca55c1c1fcb4720c274c0e675c2ac5bf93d8dd5e951ca9f6b61f884edc9":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"6473ab77dc885127422f5594":"e2cf8172ab4cf77eba45cd2c8ff939b938080a90":0:"8d6351f18d873242204c20144e2b83":1:0:"":1
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=20, TAG=15 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4dc46ca55c1c1fcb4720c274c0e675c2ac5bf93d8dd5e951ca9f6b61f884edc9":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"6473ab77dc885127422f5594":"e2cf8172ab4cf77eba45cd2c8ff939b938080a90":0:"8d6351f18d873242204c20144e2b83":1:1:"":PSA_SUCCESS
-
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4dc46ca55c1c1fcb4720c274c0e675c2ac5bf93d8dd5e951ca9f6b61f884edc9":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"6473ab77dc885127422f5594":"e2cf8172ab4cf77eba45cd2c8ff939b938080a90":0:"8d6351f18d873242204c20144e2b83":1:1:"":1
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=48, TAG=14
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a7f95798434f9a0fe6fd8acd30b8bad96dbdcfacee4594f01cbf26479be7d154":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"9ef5a77b02137b46e8461d09":"5595a16fa12d4dcdba6b128480dce2d39c1211c3fb6068cde6013f6a80dfcda5eb92af8879e40ee9c177fd0e446fc8ca":0:"3bfd3d99fe2063e8ef8255519fe0":1:0:"":PSA_SUCCESS
-
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a7f95798434f9a0fe6fd8acd30b8bad96dbdcfacee4594f01cbf26479be7d154":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"9ef5a77b02137b46e8461d09":"5595a16fa12d4dcdba6b128480dce2d39c1211c3fb6068cde6013f6a80dfcda5eb92af8879e40ee9c177fd0e446fc8ca":0:"3bfd3d99fe2063e8ef8255519fe0":1:0:"":1
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=48, TAG=14 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a7f95798434f9a0fe6fd8acd30b8bad96dbdcfacee4594f01cbf26479be7d154":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"9ef5a77b02137b46e8461d09":"5595a16fa12d4dcdba6b128480dce2d39c1211c3fb6068cde6013f6a80dfcda5eb92af8879e40ee9c177fd0e446fc8ca":0:"3bfd3d99fe2063e8ef8255519fe0":1:1:"":PSA_SUCCESS
-
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a7f95798434f9a0fe6fd8acd30b8bad96dbdcfacee4594f01cbf26479be7d154":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"9ef5a77b02137b46e8461d09":"5595a16fa12d4dcdba6b128480dce2d39c1211c3fb6068cde6013f6a80dfcda5eb92af8879e40ee9c177fd0e446fc8ca":0:"3bfd3d99fe2063e8ef8255519fe0":1:1:"":1
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=0, TAG=16
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4c8ebfe1444ec1b2d503c6986659af2c94fafe945f72c1e8486a5acfedb8a0f8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"473360e0ad24889959858995":"":0:"d2c78110ac7e8f107c0df0570bd7c90cc26a379b6d98ef2852ead8ce83a833a7":1:0:"7789b41cb3ee548814ca0b388c10b343":PSA_SUCCESS
-
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4c8ebfe1444ec1b2d503c6986659af2c94fafe945f72c1e8486a5acfedb8a0f8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"473360e0ad24889959858995":"":0:"d2c78110ac7e8f107c0df0570bd7c90cc26a379b6d98ef2852ead8ce83a833a7":1:0:"7789b41cb3ee548814ca0b388c10b343":1
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=0, TAG=16 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4c8ebfe1444ec1b2d503c6986659af2c94fafe945f72c1e8486a5acfedb8a0f8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"473360e0ad24889959858995":"":0:"d2c78110ac7e8f107c0df0570bd7c90cc26a379b6d98ef2852ead8ce83a833a7":1:1:"7789b41cb3ee548814ca0b388c10b343":PSA_SUCCESS
-
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4c8ebfe1444ec1b2d503c6986659af2c94fafe945f72c1e8486a5acfedb8a0f8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"473360e0ad24889959858995":"":0:"d2c78110ac7e8f107c0df0570bd7c90cc26a379b6d98ef2852ead8ce83a833a7":1:1:"7789b41cb3ee548814ca0b388c10b343":1
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=0, TAG=4
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"57805f98aae1b8b64bb49756529ab8181b3ada674a90c55422e9eb26c48bcd7b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"9735945d8ca161777206632a":"":0:"58375442ab1c0e6a8952c83d128d9fc5f45bb315":1:0:"4860116a6d2deb9bf794bfd6ac5bbbd6":PSA_SUCCESS
-
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"57805f98aae1b8b64bb49756529ab8181b3ada674a90c55422e9eb26c48bcd7b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"9735945d8ca161777206632a":"":0:"58375442ab1c0e6a8952c83d128d9fc5f45bb315":1:0:"4860116a6d2deb9bf794bfd6ac5bbbd6":1
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=0, TAG=4 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"57805f98aae1b8b64bb49756529ab8181b3ada674a90c55422e9eb26c48bcd7b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"9735945d8ca161777206632a":"":0:"58375442ab1c0e6a8952c83d128d9fc5f45bb315":1:1:"4860116a6d2deb9bf794bfd6ac5bbbd6":PSA_SUCCESS
-
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"57805f98aae1b8b64bb49756529ab8181b3ada674a90c55422e9eb26c48bcd7b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"9735945d8ca161777206632a":"":0:"58375442ab1c0e6a8952c83d128d9fc5f45bb315":1:1:"4860116a6d2deb9bf794bfd6ac5bbbd6":1
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=16, TAG=8
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f913bb823a1d0c10b0b72d56866907b893f2266f15de1abc17f93600824db55a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"d4fe686a14592b6ca1bd6b42":"e35d880c1c53688eb83869de9dd8a473":0:"35af9b502ea6b56269f896bf98affdd59c2aa418b38bc7fd":1:0:"ff426dd751190ff826e8b4a0792d746e":PSA_SUCCESS
-
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f913bb823a1d0c10b0b72d56866907b893f2266f15de1abc17f93600824db55a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"d4fe686a14592b6ca1bd6b42":"e35d880c1c53688eb83869de9dd8a473":0:"35af9b502ea6b56269f896bf98affdd59c2aa418b38bc7fd":1:0:"ff426dd751190ff826e8b4a0792d746e":1
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=16, TAG=8 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f913bb823a1d0c10b0b72d56866907b893f2266f15de1abc17f93600824db55a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"d4fe686a14592b6ca1bd6b42":"e35d880c1c53688eb83869de9dd8a473":0:"35af9b502ea6b56269f896bf98affdd59c2aa418b38bc7fd":1:1:"ff426dd751190ff826e8b4a0792d746e":PSA_SUCCESS
-
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f913bb823a1d0c10b0b72d56866907b893f2266f15de1abc17f93600824db55a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"d4fe686a14592b6ca1bd6b42":"e35d880c1c53688eb83869de9dd8a473":0:"35af9b502ea6b56269f896bf98affdd59c2aa418b38bc7fd":1:1:"ff426dd751190ff826e8b4a0792d746e":1
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=20, TAG=14
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"74e9d9d7cd0728cea94e169af485f21f9d2447e022f16008f803dcf5c4f7cc0c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"ecba39edc96667da726122c0":"ae9ab021f86f5b81bb2e0fcbd4b855e1501e9f82":0:"e5745ce0e02dbba05363b548c3ac7047eacca7e61db6f72fc9b9e5bdb2bb":1:0:"0a0b284515694188b6b6c15bc8a09036":PSA_SUCCESS
-
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"74e9d9d7cd0728cea94e169af485f21f9d2447e022f16008f803dcf5c4f7cc0c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"ecba39edc96667da726122c0":"ae9ab021f86f5b81bb2e0fcbd4b855e1501e9f82":0:"e5745ce0e02dbba05363b548c3ac7047eacca7e61db6f72fc9b9e5bdb2bb":1:0:"0a0b284515694188b6b6c15bc8a09036":1
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=20, TAG=14 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"74e9d9d7cd0728cea94e169af485f21f9d2447e022f16008f803dcf5c4f7cc0c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"ecba39edc96667da726122c0":"ae9ab021f86f5b81bb2e0fcbd4b855e1501e9f82":0:"e5745ce0e02dbba05363b548c3ac7047eacca7e61db6f72fc9b9e5bdb2bb":1:1:"0a0b284515694188b6b6c15bc8a09036":PSA_SUCCESS
-
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"74e9d9d7cd0728cea94e169af485f21f9d2447e022f16008f803dcf5c4f7cc0c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"ecba39edc96667da726122c0":"ae9ab021f86f5b81bb2e0fcbd4b855e1501e9f82":0:"e5745ce0e02dbba05363b548c3ac7047eacca7e61db6f72fc9b9e5bdb2bb":1:1:"0a0b284515694188b6b6c15bc8a09036":1
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=13, AAD=0, TAG=14
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"60667fce64b8c7169ddf45f335e46951248f69abc4e0f4f292d0ffe3dfd5219f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"1057322a39f08ef761c3c8fc":"":0:"501b033c841acb430c52d88fe9cb44c751f2f1641d1e801a534ac8":1:0:"f386b28e7eb4c2fb8eb5dc66a2":PSA_SUCCESS
-
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"60667fce64b8c7169ddf45f335e46951248f69abc4e0f4f292d0ffe3dfd5219f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"1057322a39f08ef761c3c8fc":"":0:"501b033c841acb430c52d88fe9cb44c751f2f1641d1e801a534ac8":1:0:"f386b28e7eb4c2fb8eb5dc66a2":1
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=13, AAD=0, TAG=14 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"60667fce64b8c7169ddf45f335e46951248f69abc4e0f4f292d0ffe3dfd5219f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"1057322a39f08ef761c3c8fc":"":0:"501b033c841acb430c52d88fe9cb44c751f2f1641d1e801a534ac8":1:1:"f386b28e7eb4c2fb8eb5dc66a2":PSA_SUCCESS
-
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"60667fce64b8c7169ddf45f335e46951248f69abc4e0f4f292d0ffe3dfd5219f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"1057322a39f08ef761c3c8fc":"":0:"501b033c841acb430c52d88fe9cb44c751f2f1641d1e801a534ac8":1:1:"f386b28e7eb4c2fb8eb5dc66a2":1
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=13, AAD=20, TAG=15
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e67590da399cbcdcddcc56110562ade8665b50287a8ab38e8b9ee7520531b560":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"2c36ab6b686a66fba1805196":"823493d42f4f60b2d1433ad75eccaafd7e7c7d12":0:"cff6b6f03c67152f3ce1030653d9bd9a6559f5b04b48d77c2a1fc364":1:0:"da1c61fbfcdb73445ad4c7d889":PSA_SUCCESS
-
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e67590da399cbcdcddcc56110562ade8665b50287a8ab38e8b9ee7520531b560":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"2c36ab6b686a66fba1805196":"823493d42f4f60b2d1433ad75eccaafd7e7c7d12":0:"cff6b6f03c67152f3ce1030653d9bd9a6559f5b04b48d77c2a1fc364":1:0:"da1c61fbfcdb73445ad4c7d889":1
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=13, AAD=20, TAG=15 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e67590da399cbcdcddcc56110562ade8665b50287a8ab38e8b9ee7520531b560":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"2c36ab6b686a66fba1805196":"823493d42f4f60b2d1433ad75eccaafd7e7c7d12":0:"cff6b6f03c67152f3ce1030653d9bd9a6559f5b04b48d77c2a1fc364":1:1:"da1c61fbfcdb73445ad4c7d889":PSA_SUCCESS
-
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e67590da399cbcdcddcc56110562ade8665b50287a8ab38e8b9ee7520531b560":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"2c36ab6b686a66fba1805196":"823493d42f4f60b2d1433ad75eccaafd7e7c7d12":0:"cff6b6f03c67152f3ce1030653d9bd9a6559f5b04b48d77c2a1fc364":1:1:"da1c61fbfcdb73445ad4c7d889":1
 PSA Multipart AEAD encrypt: ChaCha20-Poly1305 (RFC7539)
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
 aead_multipart_encrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":1:"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":1:0:"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691"
@@ -2548,32 +2490,25 @@ aead_multipart_encrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f90
 
 PSA Multipart AEAD decrypt: ChaCha20-Poly1305 (RFC7539, good tag)
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
-aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":1:"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":1:0:"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_SUCCESS
-
+aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":1:"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":1:0:"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":1
 PSA Multipart AEAD decrypt: ChaCha20-Poly1305 (RFC7539, good tag) (lengths set)
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
-aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":1:"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":1:1:"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_SUCCESS
-
+aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":1:"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":1:1:"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":1
 PSA Multipart AEAD decrypt: ChaCha20-Poly1305 (RFC7539, bad tag)
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
-aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":1:"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600690":1:0:"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_ERROR_INVALID_SIGNATURE
-
+aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":1:"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600690":1:0:"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":0
 PSA Multipart AEAD decrypt: ChaCha20-Poly1305 (good tag, zero-length input)
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
-aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"":1:"a0784d7a4716f3feb4f64e7f4b39bf04":1:0:"":PSA_SUCCESS
-
+aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"":1:"a0784d7a4716f3feb4f64e7f4b39bf04":1:0:"":1
 PSA Multipart AEAD decrypt: ChaCha20-Poly1305 (good tag, zero-length input) (lengths set)
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
-aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"":1:"a0784d7a4716f3feb4f64e7f4b39bf04":1:1:"":PSA_SUCCESS
-
+aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"":1:"a0784d7a4716f3feb4f64e7f4b39bf04":1:1:"":1
 PSA Multipart AEAD decrypt: invalid algorithm (CTR)
 depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CTR:"000102030405060708090A0B0C0D0E0F":"":0:"":1:0:"":PSA_ERROR_INVALID_ARGUMENT
-
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CTR:"000102030405060708090A0B0C0D0E0F":"":0:"":1:0:"":0
 PSA Multipart AEAD decrypt: invalid algorithm (ChaCha20)
 depends_on:MBEDTLS_CHACHA20_C
-aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_STREAM_CIPHER:"":"":1:"":1:0:"":PSA_ERROR_INVALID_ARGUMENT
-
+aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_STREAM_CIPHER:"":"":1:"":1:0:"":0
 PSA Multipart Nonce Generation, AES - GCM, IV = 12
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_generate_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):12:12:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index ac58b6edf3..fe9e0014db 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -264,16 +264,41 @@ typedef enum {
     DERIVE_KEY = 2
 } generate_method;
 
-static psa_status_t aead_multipart_encrypt_internal( int key_type_arg,
-                                                     data_t *key_data,
-                                                     int alg_arg,
-                                                     data_t *nonce,
-                                                     data_t *additional_data,
-                                                     int ad_part_len,
-                                                     data_t *input_data,
-                                                     int data_part_len,
-                                                     int test_set_lengths_arg,
-                                                     data_t *expected_result )
+/*!
+ * \brief                           Internal Function for AEAD multipart tests.
+ *
+ * \param key_type_arg              Type of key passed in
+ * \param key_data                  The encryption / decryption key data
+ * \param alg_arg                   The type of algorithm used
+ * \param nonce                     Nonce data
+ * \param additional_data           Additional data
+ * \param ad_part_len               If not -1, the length of chunks to
+ *                                  feed additional data in to be encrypted /
+ *                                  decrypted. If -1, no chunking.
+ * \param input_data                Data to encrypt / decrypt
+ * \param data_part_len             If not -1, the length of chunks to feed the
+ *                                  data in to be encrypted / decrypted. If -1,
+ *                                  no chunking
+ * \param do_set_lengths            If non-zero, then set lengths prior to
+ *                                  calling encryption / decryption.
+ * \param expected_output           Expected output
+ * \param expected_status_arg       Expected status
+ * \param is_encrypt                If non-zero this is an encryption operation.
+ *
+ * \return int                      Zero on failure, non-zero on success.
+ *
+ */
+static int aead_multipart_internal_func( int key_type_arg, data_t *key_data,
+                                         int alg_arg,
+                                         data_t *nonce,
+                                         data_t *additional_data,
+                                         int ad_part_len,
+                                         data_t *input_data,
+                                         int data_part_len,
+                                         int do_set_lengths,
+                                         data_t *expected_output,
+                                         int expect_valid_signature,
+                                         int is_encrypt )
 {
     mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
     psa_key_type_t key_type = key_type_arg;
@@ -282,23 +307,30 @@ static psa_status_t aead_multipart_encrypt_internal( int key_type_arg,
     unsigned char *output_data = NULL;
     unsigned char *part_data = NULL;
     unsigned char *final_data = NULL;
-    size_t output_size = 0;
-    size_t finish_output_size;
+    size_t data_true_size = 0;
     size_t part_data_size = 0;
+    size_t output_size = 0;
+    size_t final_output_size = 0;
     size_t output_length = 0;
     size_t key_bits = 0;
     size_t tag_length = 0;
-    size_t tag_size = 0;
-    uint8_t tag_buffer[PSA_AEAD_TAG_MAX_SIZE];
     uint32_t part_offset = 0;
     size_t part_length = 0;
     size_t output_part_length = 0;
+    size_t tag_size = 0;
+    uint8_t tag_buffer[PSA_AEAD_TAG_MAX_SIZE];
     psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     psa_status_t status = PSA_ERROR_GENERIC_ERROR;
 
+    int test_ok = 0;
+
     PSA_ASSERT( psa_crypto_init( ) );
 
-    psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT  );
+    if( is_encrypt )
+        psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT  );
+    else
+        psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT  );
+
     psa_set_key_algorithm( &attributes, alg );
     psa_set_key_type( &attributes, key_type );
 
@@ -310,23 +342,46 @@ static psa_status_t aead_multipart_encrypt_internal( int key_type_arg,
 
     tag_length = PSA_AEAD_TAG_LENGTH( key_type, key_bits, alg );
 
-    TEST_ASSERT( tag_length <= PSA_AEAD_TAG_MAX_SIZE );
+    if( is_encrypt )
+    {
+        /* Tag gets written at end of buffer. */
+        output_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg,
+                                                   ( input_data->len +
+                                                    tag_length ) );
+        data_true_size = input_data->len;
+    }
+    else
+    {
+        output_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg,
+                                                   ( input_data->len -
+                                                    tag_length ) );
 
-    output_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg,
-                                               ( input_data->len +
-                                                tag_length ) );
+        /* Do not want to attempt to decrypt tag. */
+        data_true_size = input_data->len - tag_length;
+    }
 
     ASSERT_ALLOC( output_data, output_size );
 
-    finish_output_size = PSA_AEAD_FINISH_OUTPUT_SIZE( key_type, alg );
+    if( is_encrypt )
+    {
+        final_output_size = PSA_AEAD_VERIFY_OUTPUT_SIZE( key_type, alg );
+        TEST_ASSERT( final_output_size <= PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE );
+    }
+    else
+    {
+        final_output_size = PSA_AEAD_FINISH_OUTPUT_SIZE( key_type, alg );
+        TEST_ASSERT( final_output_size <= PSA_AEAD_FINISH_OUTPUT_MAX_SIZE );
+    }
 
-    TEST_ASSERT( finish_output_size <= PSA_AEAD_FINISH_OUTPUT_MAX_SIZE );
-
-    ASSERT_ALLOC( final_data, finish_output_size );
+    ASSERT_ALLOC( final_data, final_output_size );
 
     operation = psa_aead_operation_init( );
 
-    status = psa_aead_encrypt_setup( &operation, key, alg );
+
+    if( is_encrypt )
+        status = psa_aead_encrypt_setup( &operation, key, alg );
+    else
+        status = psa_aead_decrypt_setup( &operation, key, alg );
 
     /* If the operation is not supported, just skip and not fail in case the
      * encryption involves a common limitation of cryptography hardwares and
@@ -341,10 +396,10 @@ static psa_status_t aead_multipart_encrypt_internal( int key_type_arg,
 
     PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) );
 
-    if( test_set_lengths_arg )
+    if( do_set_lengths )
     {
         PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len,
-                                          input_data->len ) );
+                                          data_true_size ) );
     }
 
     if( ad_part_len != -1 )
@@ -381,17 +436,17 @@ static psa_status_t aead_multipart_encrypt_internal( int key_type_arg,
     {
         /* Pass data in parts */
         part_data_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg,
-                                                    ( size_t ) data_part_len );
+                                                      ( size_t ) data_part_len );
 
         ASSERT_ALLOC( part_data, part_data_size );
 
         part_offset = 0;
 
-        while( part_offset < input_data->len )
+        while( part_offset < data_true_size )
         {
-            if( input_data->len - part_offset < ( uint32_t ) data_part_len )
+            if( ( data_true_size - part_offset ) < ( uint32_t ) data_part_len )
             {
-                part_length = input_data->len - part_offset;
+                part_length = ( data_true_size - part_offset );
             }
             else
             {
@@ -416,283 +471,79 @@ static psa_status_t aead_multipart_encrypt_internal( int key_type_arg,
     }
     else
     {
-        /* Pass whole data in one go */
+        /* Pass all data in one go. */
         PSA_ASSERT( psa_aead_update( &operation, input_data->x,
-                                     input_data->len, output_data,
+                                     data_true_size, output_data,
                                      output_size, &output_length ) );
     }
 
-    PSA_ASSERT( psa_aead_finish( &operation, final_data,
-                                 finish_output_size,
-                                 &output_part_length,
-                                 tag_buffer, tag_length,
-                                 &tag_size ) );
-
-    if( output_data && output_part_length )
+    if( is_encrypt )
+        PSA_ASSERT( psa_aead_finish( &operation, final_data,
+                                     final_output_size,
+                                     &output_part_length,
+                                     tag_buffer, tag_length,
+                                     &tag_size ) );
+    else
     {
-        memcpy( ( output_data + output_length ), final_data,
-                output_part_length );
+        status = psa_aead_verify( &operation, final_data,
+                                     final_output_size,
+                                     &output_part_length,
+                                     ( input_data->x + data_true_size ),
+                                     tag_length );
+
+        if( status != PSA_SUCCESS )
+        {
+            if( !expect_valid_signature )
+            {
+                /* Expected failure. */
+                test_ok = 1;
+                goto exit;
+            }
+            else
+                PSA_ASSERT( status );
+        }
     }
 
-    TEST_EQUAL( tag_length, tag_size );
+    if( output_data && output_part_length )
+        memcpy( ( output_data + output_length ), final_data,
+                output_part_length );
 
     output_length += output_part_length;
 
-    if( output_data && tag_length )
+
+    /* For all currently defined algorithms, PSA_AEAD_xxx_OUTPUT_SIZE
+     * should be exact.*/
+    if( is_encrypt )
     {
-        memcpy( ( output_data + output_length ), tag_buffer, tag_length );
+        TEST_EQUAL( tag_length, tag_size );
+
+        if( output_data && tag_length )
+            memcpy( ( output_data + output_length ), tag_buffer,
+                    tag_length );
+
+        output_length += tag_length;
+
+        TEST_EQUAL( output_length,
+                      PSA_AEAD_ENCRYPT_OUTPUT_SIZE( key_type, alg,
+                                                    input_data->len ) );
+        TEST_ASSERT( output_length <=
+                      PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE( input_data->len ) );
+    }
+    else
+    {
+       TEST_EQUAL( output_length,
+                      PSA_AEAD_DECRYPT_OUTPUT_SIZE( key_type, alg,
+                                                    input_data->len ) );
+       TEST_ASSERT( output_length <=
+                      PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE( input_data->len ) );
     }
 
-    output_length += tag_length;
 
-    /* For all currently defined algorithms, PSA_AEAD_ENCRYPT_OUTPUT_SIZE
-     * should be exact. */
-    TEST_EQUAL( output_length,
-                PSA_AEAD_ENCRYPT_OUTPUT_SIZE( key_type, alg,
-                                              input_data->len ) );
-    TEST_ASSERT( output_length <=
-                     PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE( input_data->len ) );
-
-    ASSERT_COMPARE( expected_result->x, expected_result->len,
+    ASSERT_COMPARE( expected_output->x, expected_output->len,
                     output_data, output_length );
 
-exit:
-    psa_destroy_key( key );
-    psa_aead_abort( &operation );
-    mbedtls_free( output_data );
-    mbedtls_free( part_data );
-    mbedtls_free( final_data );
-    PSA_DONE( );
 
-    return( status );
-}
-
-static void aead_multipart_decrypt_internal( int key_type_arg, data_t *key_data,
-                                             int alg_arg,
-                                             data_t *nonce,
-                                             data_t *additional_data,
-                                             int ad_part_len,
-                                             data_t *input_data,
-                                             int data_part_len,
-                                             int test_set_lengths_arg,
-                                             data_t *expected_data,
-                                             int expected_result_arg )
-{
-    mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
-    psa_key_type_t key_type = key_type_arg;
-    psa_algorithm_t alg = alg_arg;
-    psa_aead_operation_t operation;
-    unsigned char *output_data = NULL;
-    unsigned char *part_data = NULL;
-    unsigned char *final_data = NULL;
-    size_t part_data_size;
-    size_t output_size = 0;
-    size_t verify_output_size = 0;
-    size_t output_length = 0;
-    size_t key_bits = 0;
-    size_t tag_length = 0;
-    uint32_t part_offset = 0;
-    size_t part_length = 0;
-    size_t output_part_length = 0;
-    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
-    psa_status_t expected_result = expected_result_arg;
-    psa_status_t status = PSA_ERROR_GENERIC_ERROR;
-
-    PSA_ASSERT( psa_crypto_init( ) );
-
-    psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT  );
-    psa_set_key_algorithm( &attributes, alg );
-    psa_set_key_type( &attributes, key_type );
-
-    PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
-                                &key ) );
-
-    PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
-    key_bits = psa_get_key_bits( &attributes );
-
-    tag_length = PSA_AEAD_TAG_LENGTH( key_type, key_bits, alg );
-
-    output_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg,
-                                               ( input_data->len -
-                                                tag_length ) );
-
-    ASSERT_ALLOC( output_data, output_size );
-
-    verify_output_size = PSA_AEAD_VERIFY_OUTPUT_SIZE( key_type, alg );
-    TEST_ASSERT( verify_output_size <= PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE );
-    ASSERT_ALLOC( final_data, verify_output_size );
-
-    operation = psa_aead_operation_init( );
-
-    status = psa_aead_decrypt_setup( &operation, key, alg );
-
-    /* If the operation is not supported, just skip and not fail in case the
-     * encryption involves a common limitation of cryptography hardwares and
-     * an alternative implementation. */
-    if( status == PSA_ERROR_NOT_SUPPORTED )
-    {
-        MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 );
-        MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce->len );
-    }
-
-    if( status != PSA_SUCCESS )
-    {
-        TEST_EQUAL( status, expected_result_arg );
-        goto exit;
-    }
-
-    status = psa_aead_set_nonce( &operation, nonce->x, nonce->len );
-
-    if( status != PSA_SUCCESS )
-    {
-        TEST_EQUAL( status, expected_result_arg );
-        goto exit;
-    }
-
-    if( test_set_lengths_arg )
-    {
-        status = psa_aead_set_lengths( &operation, additional_data->len,
-                                       ( input_data->len - tag_length ) );
-
-        if( status != PSA_SUCCESS )
-        {
-            TEST_EQUAL( status, expected_result_arg );
-            goto exit;
-        }
-    }
-
-    if( ad_part_len != -1 )
-    {
-        part_offset = 0;
-
-        while( part_offset < additional_data->len )
-        {
-            if( additional_data->len - part_offset < ( uint32_t ) ad_part_len )
-            {
-                part_length = additional_data->len - part_offset;
-            }
-            else
-            {
-                part_length = ad_part_len;
-            }
-
-            status = psa_aead_update_ad( &operation,
-                                         additional_data->x + part_offset,
-                                         part_length );
-
-            if( status != PSA_SUCCESS )
-            {
-                TEST_EQUAL( status, expected_result_arg );
-                goto exit;
-            }
-
-            part_offset += part_length;
-        }
-    }
-    else
-    {
-        status = psa_aead_update_ad( &operation, additional_data->x,
-                                     additional_data->len );
-
-        if( status != PSA_SUCCESS )
-        {
-            TEST_EQUAL( status, expected_result_arg );
-            goto exit;
-        }
-    }
-
-    if( data_part_len != -1 )
-    {
-        /* Pass data in parts */
-        part_data_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg,
-                                                      ( size_t ) data_part_len );
-
-        ASSERT_ALLOC( part_data, part_data_size );
-
-        part_offset = 0;
-
-        while( part_offset < ( input_data->len - tag_length) )
-        {
-            if( (input_data->len - tag_length - part_offset ) <
-                    ( uint32_t ) data_part_len )
-            {
-                part_length = ( input_data->len - tag_length - part_offset );
-            }
-            else
-            {
-                part_length = data_part_len;
-            }
-
-            status = psa_aead_update( &operation,
-                                      ( input_data->x + part_offset ),
-                                      part_length, part_data,
-                                      part_data_size, &output_part_length );
-
-            if( status != PSA_SUCCESS )
-            {
-                TEST_EQUAL( status, expected_result_arg );
-                goto exit;
-            }
-
-            if( output_data && output_part_length )
-            {
-                memcpy( ( output_data + part_offset ), part_data,
-                        output_part_length );
-            }
-
-            part_offset += part_length;
-            output_length += output_part_length;
-        }
-    }
-    else
-    {
-        status = psa_aead_update( &operation, input_data->x,
-                                  ( input_data->len - tag_length ), output_data,
-                                  output_size, &output_length );
-
-        if( status != PSA_SUCCESS )
-        {
-            TEST_EQUAL( status, expected_result_arg );
-            goto exit;
-        }
-    }
-
-    status = psa_aead_verify( &operation, final_data,
-                              verify_output_size,
-                              &output_part_length,
-                              ( input_data->x + input_data->len - tag_length ),
-                              tag_length );
-
-    if( status != PSA_SUCCESS )
-    {
-        TEST_EQUAL( status, expected_result_arg );
-        goto exit;
-    }
-
-    if( output_data && output_part_length )
-    {
-        memcpy( ( output_data + output_length ), final_data,
-                output_part_length );
-    }
-
-    output_length += output_part_length;
-
-    if( expected_result != PSA_ERROR_INVALID_ARGUMENT )
-    {
-        /* For all currently defined algorithms, PSA_AEAD_DECRYPT_OUTPUT_SIZE
-         * should be exact. */
-        TEST_EQUAL( output_length,
-                    PSA_AEAD_DECRYPT_OUTPUT_SIZE( key_type, alg,
-                                                  input_data->len ) );
-        TEST_ASSERT( output_length <=
-                         PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE( input_data->len ) );
-    }
-
-    if( expected_result == PSA_SUCCESS )
-    {
-        ASSERT_COMPARE( expected_data->x, expected_data->len,
-                        output_data, output_length );
-    }
+    test_ok = 1;
 
 exit:
     psa_destroy_key( key );
@@ -701,6 +552,8 @@ exit:
     mbedtls_free( part_data );
     mbedtls_free( final_data );
     PSA_DONE( );
+
+    return( test_ok );
 }
 
 /* END_HEADER */
@@ -3596,43 +3449,53 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data,
                              int alg_arg,
                              data_t *nonce,
                              data_t *additional_data,
-                             int test_ad_mp_arg,
+                             int do_test_ad_chunked,
                              data_t *input_data,
-                             int test_data_mp_arg,
-                             int test_set_lengths_arg,
-                             data_t *expected_result_arg )
+                             int do_test_data_chunked,
+                             int do_set_lengths,
+                             data_t *expected_output )
 {
     size_t ad_part_len = 0;
     size_t data_part_len = 0;
 
-    if( test_ad_mp_arg == 1 )
+    TEST_ASSERT( do_test_ad_chunked || do_test_data_chunked );
+
+    /* Temporary whilst we have algorithms that cannot support chunking */
+    if( do_test_ad_chunked == 1 )
     {
         for( ad_part_len = 1; ad_part_len <= additional_data->len;
              ad_part_len++ )
         {
             mbedtls_test_set_step( ad_part_len );
 
-            aead_multipart_encrypt_internal( key_type_arg, key_data,
-                                             alg_arg,nonce,
-                                             additional_data,
-                                             ad_part_len,
-                                             input_data, -1,
-                                             test_set_lengths_arg,
-                                             expected_result_arg );
+            if( !aead_multipart_internal_func( key_type_arg, key_data,
+                                               alg_arg, nonce,
+                                               additional_data,
+                                               ad_part_len,
+                                               input_data, -1,
+                                               do_set_lengths,
+                                               expected_output,
+                                               1, 1 ) )
+                break;
         }
     }
 
-    if( test_data_mp_arg == 1 )
+    /* Temporary whilst we have algorithms that cannot support chunking */
+    if( do_test_data_chunked == 1 )
     {
         for( data_part_len = 1; data_part_len <= input_data->len;
              data_part_len++ )
         {
-            aead_multipart_encrypt_internal( key_type_arg, key_data,
-                                             alg_arg, nonce,
-                                             additional_data, -1,
-                                             input_data, data_part_len,
-                                             test_set_lengths_arg,
-                                             expected_result_arg );
+            mbedtls_test_set_step( 1000 + data_part_len );
+
+            if( !aead_multipart_internal_func( key_type_arg, key_data,
+                                               alg_arg, nonce,
+                                               additional_data, -1,
+                                               input_data, data_part_len,
+                                               do_set_lengths,
+                                               expected_output,
+                                               1, 1 ) )
+                break;
         }
     }
 
@@ -3648,44 +3511,54 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data,
                              int alg_arg,
                              data_t *nonce,
                              data_t *additional_data,
-                             int test_ad_mp_arg,
+                             int do_test_ad_chunked,
                              data_t *input_data,
-                             int test_data_mp_arg,
-                             int test_set_lengths_arg,
-                             data_t *expected_data,
-                             int expected_status )
+                             int do_test_data_chunked,
+                             int do_set_lengths,
+                             data_t *expected_output,
+                             int expect_valid_signature )
 {
     size_t ad_part_len = 0;
     size_t data_part_len = 0;
 
-    if( test_ad_mp_arg == 1 )
+    /* Temporary whilst we have algorithms that cannot support chunking */
+    if( do_test_ad_chunked == 1 )
     {
         for( ad_part_len = 1; ad_part_len <= additional_data->len;
              ad_part_len++ )
         {
             mbedtls_test_set_step( ad_part_len );
 
-            aead_multipart_decrypt_internal( key_type_arg, key_data,
-                                             alg_arg, nonce,
-                                             additional_data,
-                                             ad_part_len,
-                                             input_data, -1,
-                                             test_set_lengths_arg,
-                                             expected_data, expected_status );
+            if( !aead_multipart_internal_func( key_type_arg, key_data,
+                                               alg_arg, nonce,
+                                               additional_data,
+                                               ad_part_len,
+                                               input_data, -1,
+                                               do_set_lengths,
+                                               expected_output,
+                                               expect_valid_signature,
+                                               0 ) )
+                break;
         }
     }
 
-    if( test_data_mp_arg == 1 )
+    /* Temporary whilst we have algorithms that cannot support chunking */
+    if( do_test_data_chunked == 1 )
     {
         for( data_part_len = 1; data_part_len <= input_data->len;
              data_part_len++ )
         {
-            aead_multipart_decrypt_internal( key_type_arg, key_data,
-                                             alg_arg, nonce,
-                                             additional_data, -1,
-                                             input_data, data_part_len,
-                                             test_set_lengths_arg,
-                                             expected_data, expected_status );
+            mbedtls_test_set_step( 1000 + data_part_len );
+
+            if( !aead_multipart_internal_func( key_type_arg, key_data,
+                                               alg_arg, nonce,
+                                               additional_data, -1,
+                                               input_data, data_part_len,
+                                               do_set_lengths,
+                                               expected_output,
+                                               expect_valid_signature,
+                                               0 ) )
+                break;
         }
     }
 

From 243080ca7de46b576069e6285ddd0893ec055047 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Wed, 21 Jul 2021 19:01:17 +0100
Subject: [PATCH 117/966] Clarify comments on state test.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 tests/suites/test_suite_psa_crypto.function | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index fe9e0014db..c5567406a7 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -4002,7 +4002,8 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data,
 
     psa_aead_abort( &operation );
 
-    /* Test for not sending any additional data or data (encrypt) */
+    /* Test for not sending any additional data or data after setting non zero
+     * lengths for them. (encrypt) */
 
     operation = psa_aead_operation_init( );
 
@@ -4022,7 +4023,8 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data,
 
     psa_aead_abort( &operation );
 
-    /* Test for not sending any additional data or data (decrypt) */
+    /* Test for not sending any additional data or data after setting non-zero
+     * lengths for them. (decrypt) */
 
     operation = psa_aead_operation_init( );
 
@@ -4042,7 +4044,8 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data,
 
     psa_aead_abort( &operation );
 
-    /* Test for not sending any additional data. */
+    /* Test for not sending any additional data after setting a non-zero length
+     * for it. */
 
     operation = psa_aead_operation_init( );
 

From 329d5381a5fd7e55892eac6e5dabdd62512b7cbe Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Thu, 22 Jul 2021 17:10:45 +0100
Subject: [PATCH 118/966] Add 0 length part tests

Add tests to do zero length part, n length part until done, to exercise
the zero length edge case.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 tests/suites/test_suite_psa_crypto.function | 99 ++++++++++++++++++---
 1 file changed, 86 insertions(+), 13 deletions(-)

diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index c5567406a7..46f7a1d529 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -298,7 +298,8 @@ static int aead_multipart_internal_func( int key_type_arg, data_t *key_data,
                                          int do_set_lengths,
                                          data_t *expected_output,
                                          int expect_valid_signature,
-                                         int is_encrypt )
+                                         int is_encrypt,
+                                         int do_zero_parts )
 {
     mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
     psa_key_type_t key_type = key_type_arg;
@@ -323,6 +324,7 @@ static int aead_multipart_internal_func( int key_type_arg, data_t *key_data,
     psa_status_t status = PSA_ERROR_GENERIC_ERROR;
 
     int test_ok = 0;
+    uint32_t part_count = 0;
 
     PSA_ASSERT( psa_crypto_init( ) );
 
@@ -409,13 +411,21 @@ static int aead_multipart_internal_func( int key_type_arg, data_t *key_data,
 
         while( part_offset < additional_data->len )
         {
-            if( additional_data->len - part_offset < ( uint32_t ) ad_part_len )
+            if( do_zero_parts && part_count++ & 0x01 )
             {
-                part_length = additional_data->len - part_offset;
+                part_length = 0;
             }
             else
             {
-                part_length = ad_part_len;
+                if( additional_data->len - part_offset <
+                    ( uint32_t ) ad_part_len )
+                {
+                    part_length = additional_data->len - part_offset;
+                }
+                else
+                {
+                    part_length = ad_part_len;
+                }
             }
 
             PSA_ASSERT( psa_aead_update_ad( &operation,
@@ -444,13 +454,20 @@ static int aead_multipart_internal_func( int key_type_arg, data_t *key_data,
 
         while( part_offset < data_true_size )
         {
-            if( ( data_true_size - part_offset ) < ( uint32_t ) data_part_len )
+            if( do_zero_parts && part_count++ & 0x01 )
             {
-                part_length = ( data_true_size - part_offset );
+                part_length = 0;
             }
             else
             {
-                part_length = data_part_len;
+                if( ( data_true_size - part_offset ) < ( uint32_t ) data_part_len )
+                {
+                    part_length = ( data_true_size - part_offset );
+                }
+                else
+                {
+                    part_length = data_part_len;
+                }
             }
 
             PSA_ASSERT( psa_aead_update( &operation,
@@ -3468,6 +3485,7 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data,
         {
             mbedtls_test_set_step( ad_part_len );
 
+            /* Split ad into length(ad_part_len) parts. */
             if( !aead_multipart_internal_func( key_type_arg, key_data,
                                                alg_arg, nonce,
                                                additional_data,
@@ -3475,7 +3493,20 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data,
                                                input_data, -1,
                                                do_set_lengths,
                                                expected_output,
-                                               1, 1 ) )
+                                               1, 1, 0 ) )
+                break;
+
+            /* length(0) part, length(ad_part_len) part, length(0) part... */
+            mbedtls_test_set_step( 1000 + ad_part_len );
+
+            if( !aead_multipart_internal_func( key_type_arg, key_data,
+                                               alg_arg, nonce,
+                                               additional_data,
+                                               ad_part_len,
+                                               input_data, -1,
+                                               do_set_lengths,
+                                               expected_output,
+                                               1, 1, 1 ) )
                 break;
         }
     }
@@ -3486,7 +3517,8 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data,
         for( data_part_len = 1; data_part_len <= input_data->len;
              data_part_len++ )
         {
-            mbedtls_test_set_step( 1000 + data_part_len );
+            /* Split data into length(data_part_len) parts. */
+            mbedtls_test_set_step( 2000 + data_part_len );
 
             if( !aead_multipart_internal_func( key_type_arg, key_data,
                                                alg_arg, nonce,
@@ -3494,7 +3526,19 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data,
                                                input_data, data_part_len,
                                                do_set_lengths,
                                                expected_output,
-                                               1, 1 ) )
+                                               1, 1, 0 ) )
+                break;
+
+            /* length(0) part, length(data_part_len) part, length(0) part... */
+            mbedtls_test_set_step( 3000 + data_part_len );
+
+            if( !aead_multipart_internal_func( key_type_arg, key_data,
+                                               alg_arg, nonce,
+                                               additional_data, -1,
+                                               input_data, data_part_len,
+                                               do_set_lengths,
+                                               expected_output,
+                                               1, 1, 1 ) )
                 break;
         }
     }
@@ -3527,6 +3571,7 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data,
         for( ad_part_len = 1; ad_part_len <= additional_data->len;
              ad_part_len++ )
         {
+            /* Split ad into length(ad_part_len) parts. */
             mbedtls_test_set_step( ad_part_len );
 
             if( !aead_multipart_internal_func( key_type_arg, key_data,
@@ -3537,7 +3582,21 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data,
                                                do_set_lengths,
                                                expected_output,
                                                expect_valid_signature,
-                                               0 ) )
+                                               0, 0 ) )
+                break;
+
+            /* length(0) part, length(ad_part_len) part, length(0) part... */
+            mbedtls_test_set_step( 1000 + ad_part_len );
+
+            if( !aead_multipart_internal_func( key_type_arg, key_data,
+                                               alg_arg, nonce,
+                                               additional_data,
+                                               ad_part_len,
+                                               input_data, -1,
+                                               do_set_lengths,
+                                               expected_output,
+                                               expect_valid_signature,
+                                               0, 1 ) )
                 break;
         }
     }
@@ -3548,7 +3607,8 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data,
         for( data_part_len = 1; data_part_len <= input_data->len;
              data_part_len++ )
         {
-            mbedtls_test_set_step( 1000 + data_part_len );
+            /* Split data into length(data_part_len) parts. */
+            mbedtls_test_set_step( 2000 + data_part_len );
 
             if( !aead_multipart_internal_func( key_type_arg, key_data,
                                                alg_arg, nonce,
@@ -3557,7 +3617,20 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data,
                                                do_set_lengths,
                                                expected_output,
                                                expect_valid_signature,
-                                               0 ) )
+                                               0, 0 ) )
+                break;
+
+            /* length(0) part, length(data_part_len) part, length(0) part... */
+            mbedtls_test_set_step( 3000 + data_part_len );
+
+            if( !aead_multipart_internal_func( key_type_arg, key_data,
+                                               alg_arg, nonce,
+                                               additional_data, -1,
+                                               input_data, data_part_len,
+                                               do_set_lengths,
+                                               expected_output,
+                                               expect_valid_signature,
+                                               0, 1 ) )
                 break;
         }
     }

From ebf91638b5c6e5d53a77e0a9a12061108a6743b0 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Thu, 22 Jul 2021 17:54:42 +0100
Subject: [PATCH 119/966] Move set nonce / set length tests to positive test

Previous test in state test was not actually making sure that the
operatioon could be completed using set lengths / set nonce in either
order, thus changed the 'normal' encrypt / decrypt tests to run in
alternating order.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 tests/suites/test_suite_psa_crypto.function | 94 ++++++++-------------
 1 file changed, 36 insertions(+), 58 deletions(-)

diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 46f7a1d529..0e9917a432 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -299,7 +299,8 @@ static int aead_multipart_internal_func( int key_type_arg, data_t *key_data,
                                          data_t *expected_output,
                                          int expect_valid_signature,
                                          int is_encrypt,
-                                         int do_zero_parts )
+                                         int do_zero_parts,
+                                         int swap_set_functions )
 {
     mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
     psa_key_type_t key_type = key_type_arg;
@@ -396,12 +397,25 @@ static int aead_multipart_internal_func( int key_type_arg, data_t *key_data,
 
     PSA_ASSERT( status );
 
-    PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) );
-
-    if( do_set_lengths )
+    if( swap_set_functions )
     {
-        PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len,
-                                          data_true_size ) );
+        if( do_set_lengths )
+        {
+            PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len,
+                                              data_true_size ) );
+        }
+
+        PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) );
+    }
+    else
+    {
+        PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) );
+
+        if( do_set_lengths )
+        {
+            PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len,
+                                              data_true_size ) );
+        }
     }
 
     if( ad_part_len != -1 )
@@ -3493,7 +3507,8 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data,
                                                input_data, -1,
                                                do_set_lengths,
                                                expected_output,
-                                               1, 1, 0 ) )
+                                               1, 1, 0,
+                                               ( ad_part_len & 0x01 ) ) )
                 break;
 
             /* length(0) part, length(ad_part_len) part, length(0) part... */
@@ -3506,7 +3521,8 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data,
                                                input_data, -1,
                                                do_set_lengths,
                                                expected_output,
-                                               1, 1, 1 ) )
+                                               1, 1, 1,
+                                               ( ad_part_len & 0x01 ) ) )
                 break;
         }
     }
@@ -3526,7 +3542,8 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data,
                                                input_data, data_part_len,
                                                do_set_lengths,
                                                expected_output,
-                                               1, 1, 0 ) )
+                                               1, 1, 0,
+                                               ( data_part_len & 0x01 ) ) )
                 break;
 
             /* length(0) part, length(data_part_len) part, length(0) part... */
@@ -3538,7 +3555,8 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data,
                                                input_data, data_part_len,
                                                do_set_lengths,
                                                expected_output,
-                                               1, 1, 1 ) )
+                                               1, 1, 1,
+                                               ( data_part_len & 0x01 ) ) )
                 break;
         }
     }
@@ -3582,7 +3600,8 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data,
                                                do_set_lengths,
                                                expected_output,
                                                expect_valid_signature,
-                                               0, 0 ) )
+                                               0, 0,
+                                               ( ad_part_len & 0x01 ) ) )
                 break;
 
             /* length(0) part, length(ad_part_len) part, length(0) part... */
@@ -3596,7 +3615,8 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data,
                                                do_set_lengths,
                                                expected_output,
                                                expect_valid_signature,
-                                               0, 1 ) )
+                                               0, 1,
+                                               ( ad_part_len & 0x01 ) ) )
                 break;
         }
     }
@@ -3617,7 +3637,8 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data,
                                                do_set_lengths,
                                                expected_output,
                                                expect_valid_signature,
-                                               0, 0 ) )
+                                               0, 0,
+                                               ( data_part_len & 0x01 ) ) )
                 break;
 
             /* length(0) part, length(data_part_len) part, length(0) part... */
@@ -3630,7 +3651,8 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data,
                                                do_set_lengths,
                                                expected_output,
                                                expect_valid_signature,
-                                               0, 1 ) )
+                                               0, 1,
+                                               ( data_part_len & 0x01 ) ) )
                 break;
         }
     }
@@ -4013,50 +4035,6 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data,
 
     psa_aead_abort( &operation );
 
-    /* Test that generate/set nonce and set lengths are interchangeable (we
-     * already tested set nonce followed by set lengths above). */
-
-    operation = psa_aead_operation_init( );
-
-    PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) );
-
-    PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len,
-                                      input_data->len ) );
-
-    PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) );
-
-    psa_aead_abort( &operation );
-
-    /* ------------------------------------------------------- */
-
-    operation = psa_aead_operation_init( );
-
-    PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) );
-
-    PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len,
-                                      input_data->len ) );
-
-    PSA_ASSERT( psa_aead_generate_nonce( &operation, nonce_buffer,
-                                         PSA_AEAD_NONCE_MAX_SIZE,
-                                         &nonce_length ) );
-
-    psa_aead_abort( &operation );
-
-    /* ------------------------------------------------------- */
-
-    operation = psa_aead_operation_init( );
-
-    PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) );
-
-    PSA_ASSERT( psa_aead_generate_nonce( &operation, nonce_buffer,
-                                         PSA_AEAD_NONCE_MAX_SIZE,
-                                         &nonce_length ) );
-
-    PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len,
-                                      input_data->len ) );
-
-    psa_aead_abort( &operation );
-
     /* Test for setting lengths after already starting data. */
 
     operation = psa_aead_operation_init( );

From 99f548d974a48fcfe58aaf2666872bee146ffa30 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Thu, 22 Jul 2021 18:03:50 +0100
Subject: [PATCH 120/966] Fix format issues with check nonce size

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto_aead.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c
index 9f673596fd..5310702c68 100644
--- a/library/psa_crypto_aead.c
+++ b/library/psa_crypto_aead.c
@@ -296,7 +296,7 @@ psa_status_t mbedtls_psa_aead_decrypt(
         goto exit;
 
     if( mbedtls_aead_check_nonce_length( &operation, nonce_length )
-        != PSA_SUCCESS)
+        != PSA_SUCCESS )
     {
         status = PSA_ERROR_NOT_SUPPORTED;
         goto exit;
@@ -428,7 +428,7 @@ psa_status_t mbedtls_psa_aead_set_nonce(
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
     if( mbedtls_aead_check_nonce_length( operation, nonce_length )
-        != PSA_SUCCESS)
+        != PSA_SUCCESS )
     {
         return( PSA_ERROR_INVALID_ARGUMENT );
     }

From 2fe5db87d5702a4f34f6fd28acaa0f5961584e93 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Thu, 22 Jul 2021 18:10:43 +0100
Subject: [PATCH 121/966] Fix passing wrong tag size to GCM finish

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto_aead.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c
index 5310702c68..6af25ec78b 100644
--- a/library/psa_crypto_aead.c
+++ b/library/psa_crypto_aead.c
@@ -628,7 +628,7 @@ psa_status_t mbedtls_psa_aead_finish(
         status =  mbedtls_to_psa_error(
             mbedtls_gcm_finish( &operation->ctx.gcm,
                                 ciphertext, ciphertext_size,
-                                tag, tag_size ) );
+                                tag, operation->tag_length ) );
     else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)

From ed08cf884a6a8462a577dd0ac7ad9b8c4338921d Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Thu, 22 Jul 2021 18:48:24 +0100
Subject: [PATCH 122/966] Add safety check to chachapoly finish

Previous code checked that the buffer was big enough for the tag size
for the given algorithm, however chachapoly finish expects a 16 byte
buffer passed in, no matter what. If we start supporting smaller
chachapoly tags in the future, this could potentially end up in buffer
overflow, so add a safety check.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto_aead.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c
index 6af25ec78b..bcf3c43a5d 100644
--- a/library/psa_crypto_aead.c
+++ b/library/psa_crypto_aead.c
@@ -633,9 +633,18 @@ psa_status_t mbedtls_psa_aead_finish(
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
     if( operation->alg == PSA_ALG_CHACHA20_POLY1305 )
+    {
+        /* Belt and braces. Although the above tag_size check should have
+         * already done this, if we later start supporting smaller tag sizes
+         * for chachapoly, then passing a tag buffer smaller than 16 into here
+         * could cause a buffer overflow, so better safe than sorry. */
+        if( tag_size < 16 )
+            return( PSA_ERROR_BUFFER_TOO_SMALL );
+
         status = mbedtls_to_psa_error(
             mbedtls_chachapoly_finish( &operation->ctx.chachapoly,
                                        tag ) );
+    }
     else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
     {

From 26f4aef3a7f4ef0503862e199dcfe1f2ff4bf583 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Thu, 22 Jul 2021 21:47:27 +0100
Subject: [PATCH 123/966] Remove aead_verify call from test driver

Function was removed, but missed this reference.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 tests/src/drivers/test_driver_aead.c | 23 ++++++++++++++++++++---
 1 file changed, 20 insertions(+), 3 deletions(-)

diff --git a/tests/src/drivers/test_driver_aead.c b/tests/src/drivers/test_driver_aead.c
index 698353c5d6..5928e0e010 100644
--- a/tests/src/drivers/test_driver_aead.c
+++ b/tests/src/drivers/test_driver_aead.c
@@ -272,9 +272,26 @@ psa_status_t mbedtls_test_transparent_aead_verify(
     }
     else
     {
-        mbedtls_test_driver_aead_hooks.driver_status =
-            mbedtls_psa_aead_verify( operation, plaintext, plaintext_size,
-                                    plaintext_length, tag, tag_length );
+       uint8_t check_tag[PSA_AEAD_TAG_MAX_SIZE];
+       size_t check_tag_length;
+
+       mbedtls_test_driver_aead_hooks.driver_status =
+          mbedtls_psa_aead_finish( operation,
+                                   plaintext,
+                                   plaintext_size,
+                                   plaintext_length,
+                                   check_tag,
+                                   tag_length,
+                                   &check_tag_length );
+
+       if( mbedtls_test_driver_aead_hooks.driver_status == PSA_SUCCESS )
+       {
+          if( tag_length != check_tag_length ||
+              mbedtls_psa_safer_memcmp( tag, check_tag, tag_length )
+              != 0 )
+             mbedtls_test_driver_aead_hooks.driver_status =
+                                                    PSA_ERROR_INVALID_SIGNATURE;
+       }
     }
 
     return( mbedtls_test_driver_aead_hooks.driver_status );

From 41ffae17b1a1fea67a2dc925616bfa3586ad8a09 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Thu, 22 Jul 2021 21:52:01 +0100
Subject: [PATCH 124/966] Fix incorrect function documentation

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 tests/suites/test_suite_psa_crypto.function | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 0e9917a432..3312f674fc 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -282,8 +282,13 @@ typedef enum {
  * \param do_set_lengths            If non-zero, then set lengths prior to
  *                                  calling encryption / decryption.
  * \param expected_output           Expected output
- * \param expected_status_arg       Expected status
+ * \param expect_valid_signature    If non zero, we expect the signature to be
+ *                                  valid
  * \param is_encrypt                If non-zero this is an encryption operation.
+ * \param do_zero_parts             If non-zero, interleave zero length chunks
+ *                                  with normal length chunks
+ * \param swap_set_functions        If non-zero, swap the order of set lengths
+ *                                  and set nonce.
  *
  * \return int                      Zero on failure, non-zero on success.
  *

From 218dec824e6de919f229afa00731d185651aae09 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 23 Jul 2021 07:23:47 +0100
Subject: [PATCH 125/966] Document that returning 0 from the recv callback
 means EOF

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
---
 include/mbedtls/ssl.h | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 3a14a58307..bf44975c35 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -493,10 +493,11 @@ typedef int mbedtls_ssl_send_t( void *ctx,
  * \param buf      Buffer to write the received data to
  * \param len      Length of the receive buffer
  *
- * \return         The callback must return the number of bytes received,
- *                 or a non-zero error code.
- *                 If performing non-blocking I/O, \c MBEDTLS_ERR_SSL_WANT_READ
+ * \returns        If data has been received, the positive number of bytes received.
+ * \returns        \c 0 if the connection has been closed.
+ * \returns        If performing non-blocking I/O, \c MBEDTLS_ERR_SSL_WANT_READ
  *                 must be returned when the operation would block.
+ * \returns        Another negative error code on other kinds of failures.
  *
  * \note           The callback may receive fewer bytes than the length of the
  *                 buffer. It must always return the number of bytes actually

From 0a6a5694d94ec7df45cd776e4340210dbe0f5556 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Fri, 23 Jul 2021 15:29:21 +0100
Subject: [PATCH 126/966] Add missing include to PSA test driver

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 tests/src/drivers/test_driver_aead.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tests/src/drivers/test_driver_aead.c b/tests/src/drivers/test_driver_aead.c
index 5928e0e010..ac116ffb06 100644
--- a/tests/src/drivers/test_driver_aead.c
+++ b/tests/src/drivers/test_driver_aead.c
@@ -25,6 +25,7 @@
 
 #if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST)
 #include "psa_crypto_aead.h"
+#include "psa_crypto_core.h"
 
 #include "test/drivers/aead.h"
 

From ecce901907ebdc52b382c01d905740d8995c3826 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Fri, 23 Jul 2021 15:44:11 +0100
Subject: [PATCH 127/966] Change over to specific per algorith size checks

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto_aead.c | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c
index bcf3c43a5d..d877638ecf 100644
--- a/library/psa_crypto_aead.c
+++ b/library/psa_crypto_aead.c
@@ -568,13 +568,12 @@ psa_status_t mbedtls_psa_aead_update(
 
     update_output_length = input_length;
 
-    if( PSA_AEAD_UPDATE_OUTPUT_SIZE( operation->key_type, operation->alg,
-                                        input_length ) > output_size )
-        return ( PSA_ERROR_BUFFER_TOO_SMALL );
-
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
     if( operation->alg == PSA_ALG_GCM )
     {
+        if( output_size < input_length )
+            return( PSA_ERROR_BUFFER_TOO_SMALL );
+
         status =  mbedtls_to_psa_error(
             mbedtls_gcm_update( &operation->ctx.gcm,
                                 input, input_length,
@@ -586,6 +585,9 @@ psa_status_t mbedtls_psa_aead_update(
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
     if( operation->alg == PSA_ALG_CHACHA20_POLY1305 )
     {
+        if( output_size < input_length )
+            return( PSA_ERROR_BUFFER_TOO_SMALL );
+
         status = mbedtls_to_psa_error(
            mbedtls_chachapoly_update( &operation->ctx.chachapoly,
                                       input_length,
@@ -625,10 +627,15 @@ psa_status_t mbedtls_psa_aead_finish(
 
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
     if( operation->alg == PSA_ALG_GCM )
+    {
+        if( ciphertext_size < 15 )
+            return( PSA_ERROR_BUFFER_TOO_SMALL );
+
         status =  mbedtls_to_psa_error(
             mbedtls_gcm_finish( &operation->ctx.gcm,
                                 ciphertext, ciphertext_size,
                                 tag, operation->tag_length ) );
+    }
     else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)

From 863864a2f77ade5e94cca4c6afb19899debdb814 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Fri, 23 Jul 2021 17:28:31 +0100
Subject: [PATCH 128/966] Add multipart set nonce test

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 tests/suites/test_suite_psa_crypto.data     | 28 ++++++
 tests/suites/test_suite_psa_crypto.function | 98 +++++++++++++++++++++
 2 files changed, 126 insertions(+)

diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index 8f9d6c4d6b..ad54793cd4 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -2537,6 +2537,34 @@ PSA Multipart Nonce Generation: ChaCha20 - Poly1305, IV = 16
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
 aead_multipart_generate_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:16:12:"":"":PSA_SUCCESS
 
+PSA Multipart Set Nonce, AES - GCM, IV = 0
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):0:"":"":PSA_ERROR_INVALID_ARGUMENT
+
+PSA Multipart Set Nonce, AES - GCM, IV = 16
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):16:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS
+
+PSA Multipart Set Nonce, AES - GCM, IV = 20
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):20:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS
+
+PSA Multipart Set Nonce: ChaCha20 - Poly1305, IV = 12
+depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
+aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:12:"50515253c0c1c2c3c4c5c6c7":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_SUCCESS
+
+PSA Multipart Set Nonce: ChaCha20 - Poly1305, IV = 8
+depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
+aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:8:"":"":PSA_ERROR_INVALID_ARGUMENT
+
+PSA Multipart Set Nonce: ChaCha20 - Poly1305, IV = 0
+depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
+aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:0:"":"":PSA_ERROR_INVALID_ARGUMENT
+
+PSA Multipart Set Nonce: ChaCha20 - Poly1305, IV = 16
+depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
+aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:16:"":"":PSA_ERROR_INVALID_ARGUMENT
+
 PSA Multipart State Checks, AES - GCM
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_state_test:PSA_KEY_TYPE_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":PSA_ALG_GCM:"000102030405060708090A0B0C0D0E0F":"000102030405060708090A0B":"0C0D0E0F101112131415161718191A1B1C1D1E"
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 3312f674fc..0d9543d7b1 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -3766,6 +3766,104 @@ exit:
 }
 /* END_CASE */
 
+/* BEGIN_CASE */
+void aead_multipart_set_nonce( int key_type_arg, data_t *key_data,
+                               int alg_arg,
+                               int nonce_len,
+                               data_t *additional_data,
+                               data_t *input_data,
+                               int expected_status_arg )
+{
+
+    mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
+    psa_key_type_t key_type = key_type_arg;
+    psa_algorithm_t alg = alg_arg;
+    psa_aead_operation_t operation;
+    uint8_t *nonce_buffer = NULL;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+    psa_status_t status = PSA_ERROR_GENERIC_ERROR;
+    psa_status_t expected_status = expected_status_arg;
+    unsigned char *output_data = NULL;
+    unsigned char *final_data = NULL;
+    size_t output_size = 0;
+    size_t finish_output_size = 0;
+    size_t output_length = 0;
+    size_t tag_length = 0;
+    uint8_t tag_buffer[PSA_AEAD_TAG_MAX_SIZE];
+    int index = 0;
+
+    PSA_ASSERT( psa_crypto_init( ) );
+
+    psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT  );
+    psa_set_key_algorithm( &attributes, alg );
+    psa_set_key_type( &attributes, key_type );
+
+    PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+                                &key ) );
+
+    PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
+
+    output_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, input_data->len );
+
+    ASSERT_ALLOC( output_data, output_size );
+
+    finish_output_size = PSA_AEAD_FINISH_OUTPUT_SIZE( key_type, alg );
+
+    TEST_ASSERT( finish_output_size <= PSA_AEAD_FINISH_OUTPUT_MAX_SIZE );
+
+    ASSERT_ALLOC( final_data, finish_output_size );
+
+    operation = psa_aead_operation_init( );
+
+    status = psa_aead_encrypt_setup( &operation, key, alg );
+
+    /* If the operation is not supported, just skip and not fail in case the
+     * encryption involves a common limitation of cryptography hardwares and
+     * an alternative implementation. */
+    if( status == PSA_ERROR_NOT_SUPPORTED )
+    {
+        MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 );
+        MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce_len );
+    }
+
+    PSA_ASSERT( status );
+
+    ASSERT_ALLOC( nonce_buffer, nonce_len );
+
+    for( index = 0; index < nonce_len - 1; ++index)
+    {
+        nonce_buffer[index] = 'a' + index;
+    }
+
+    status = psa_aead_set_nonce( &operation, nonce_buffer, nonce_len );
+
+    TEST_ASSERT( status == expected_status );
+
+    if( expected_status == PSA_SUCCESS )
+    {
+        /* Ensure we can still complete operation. */
+
+        PSA_ASSERT( psa_aead_update_ad( &operation, additional_data->x,
+                                        additional_data->len ) );
+
+        PSA_ASSERT( psa_aead_update( &operation, input_data->x, input_data->len,
+                                     output_data, output_size, &output_length ) );
+
+        PSA_ASSERT( psa_aead_finish( &operation, final_data, finish_output_size,
+                                     &output_length, tag_buffer,
+                                     PSA_AEAD_TAG_MAX_SIZE, &tag_length ) );
+    }
+
+exit:
+    psa_destroy_key( key );
+    mbedtls_free( output_data );
+    mbedtls_free( final_data );
+    mbedtls_free( nonce_buffer );
+    psa_aead_abort( &operation );
+    PSA_DONE( );
+}
+/* END_CASE */
+
 /* BEGIN_CASE */
 void aead_multipart_state_test( int key_type_arg, data_t *key_data,
                                 int alg_arg,

From 56e4aa6ae20deb43e59d4d4e436f5377de3ef8a2 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Fri, 23 Jul 2021 17:36:48 +0100
Subject: [PATCH 129/966] Restore accidentally deleted blank lines

Script to generate test data was missing a '\n'

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 tests/suites/test_suite_psa_crypto.data | 61 +++++++++++++++++++++++++
 1 file changed, 61 insertions(+)

diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index ad54793cd4..5a696fd93b 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -2313,165 +2313,219 @@ aead_multipart_encrypt:PSA_KEY_TYPE_AES:"2e6942d537f1a98444c2f9dbdb5d8db42a503a0
 PSA Multipart AEAD decrypt, AES-GCM, 144 bytes #1
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1
+
 PSA Multipart AEAD decrypt, AES-GCM, 144 bytes #1 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1
+
 PSA Multipart AEAD decrypt, AES-GCM, 144 bytes #2
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_decrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":0:"12495120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56":1:0:"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":1
+
 PSA Multipart AEAD decrypt, AES-GCM, 144 bytes #2 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_decrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":0:"12495120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56":1:1:"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":1
+
 PSA Multipart AEAD decrypt, AES-GCM, 144 bytes, T=4
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847f":1:0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1
+
 PSA Multipart AEAD decrypt, AES-GCM, 144 bytes, T=4 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847f":1:1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1
+
 PSA Multipart AEAD decrypt, AES-GCM, 144 bytes, T=15
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a":1:0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1
+
 PSA Multipart AEAD decrypt, AES-GCM, 144 bytes, T=15 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a":1:1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1
+
 PSA Multipart AEAD decrypt, AES-GCM, 144 bytes, T=16
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1
+
 PSA Multipart AEAD decrypt, AES-GCM, 144 bytes, T=16 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1
+
 PSA Multipart AEAD decrypt, AES-GCM, invalid signature
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_decrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":0:"12195120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56":1:0:"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":0
+
 PSA Multipart AEAD decrypt, AES-GCM, T=15 but passing 16 bytes
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":0
+
 PSA Multipart AEAD decrypt: AES-GCM, invalid tag length 0
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 0 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":0:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":1:0:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":0
+
 PSA Multipart AEAD decrypt: AES-GCM, invalid tag length 2
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 2 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":0:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":1:0:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":0
+
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=0, AAD=0, TAG=16
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_decrypt:PSA_KEY_TYPE_AES:"0e5d6e68f82f32bea3f0b69498c1a31ef6d955cd3d27a2a8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"caf72ee1e62e1001e8cfbc63":"":0:"db1a74ffb5f7de26f5742e0942b1b9cb":1:0:"":1
+
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=0, AAD=0, TAG=16 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_decrypt:PSA_KEY_TYPE_AES:"0e5d6e68f82f32bea3f0b69498c1a31ef6d955cd3d27a2a8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"caf72ee1e62e1001e8cfbc63":"":0:"db1a74ffb5f7de26f5742e0942b1b9cb":1:1:"":1
+
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=0, AAD=48, TAG=14
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e79fb7defce4f650402e6b521170686d3eb2a0b9514f3a64":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"40e0d2d836c0519e7042419b":"41c5b5d971c0723bc1b63a259fe7e06c2961de1241bc34c13965f43636e4da3da8c75ed5956abe3a42f3039af005925a":0:"434ff68f2436f48418fd69f52158":1:0:"":1
+
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=0, AAD=48, TAG=14 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e79fb7defce4f650402e6b521170686d3eb2a0b9514f3a64":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"40e0d2d836c0519e7042419b":"41c5b5d971c0723bc1b63a259fe7e06c2961de1241bc34c13965f43636e4da3da8c75ed5956abe3a42f3039af005925a":0:"434ff68f2436f48418fd69f52158":1:1:"":1
+
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=0, TAG=15
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e41d1f533d5b342ffe434b94b1372683bfd5d9d8cb79f9ee":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"5fe11a596dfcd3a305c1d711":"":0:"1847f64fff986476d1d2f758692f856da4a0ff98c0c1101694c84fd86680c9":1:0:"b03c2c20f758a93a8d1220232ad87098":1
+
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=0, TAG=15 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e41d1f533d5b342ffe434b94b1372683bfd5d9d8cb79f9ee":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"5fe11a596dfcd3a305c1d711":"":0:"1847f64fff986476d1d2f758692f856da4a0ff98c0c1101694c84fd86680c9":1:1:"b03c2c20f758a93a8d1220232ad87098":1
+
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=20, TAG=15
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_decrypt:PSA_KEY_TYPE_AES:"8e7da473c057a2a4669a0d22bf9b7c9913fba48930ca0c9b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"f9ff8ef80d76c50f9ca0e9ff":"f141bae18a1b54f065554fd34aa02c91c90f505c":0:"5deb093b6e7c766a64bb9d5170af1ff8bf130b64eebdce06a9bdb2cf1da15a":1:0:"b22b2dcdcc18adc30d16297b84b459d8":1
+
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=20, TAG=15 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_decrypt:PSA_KEY_TYPE_AES:"8e7da473c057a2a4669a0d22bf9b7c9913fba48930ca0c9b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"f9ff8ef80d76c50f9ca0e9ff":"f141bae18a1b54f065554fd34aa02c91c90f505c":0:"5deb093b6e7c766a64bb9d5170af1ff8bf130b64eebdce06a9bdb2cf1da15a":1:1:"b22b2dcdcc18adc30d16297b84b459d8":1
+
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=48, TAG=12
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_decrypt:PSA_KEY_TYPE_AES:"01bf150add51bb11623e3bfbebd62a7ea81c5b192b8eb6de":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"dfacbc6791b785d324c646b7":"e35412a625324257bef35399a7eacca34fec2d2d24166e6bb3e94d96f5c57599ded45e2a74503f07116caa1692398a07":0:"77579db3c6da769e17731faac4732d7cce65d960a49f94f6b583e54a":1:0:"7e5fd8b595ddc4753676107951d900e2":1
+
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=48, TAG=12 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_decrypt:PSA_KEY_TYPE_AES:"01bf150add51bb11623e3bfbebd62a7ea81c5b192b8eb6de":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"dfacbc6791b785d324c646b7":"e35412a625324257bef35399a7eacca34fec2d2d24166e6bb3e94d96f5c57599ded45e2a74503f07116caa1692398a07":0:"77579db3c6da769e17731faac4732d7cce65d960a49f94f6b583e54a":1:1:"7e5fd8b595ddc4753676107951d900e2":1
+
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=48, TAG=8
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_decrypt:PSA_KEY_TYPE_AES:"551266c4ed166fe1c43761927801ed50cb9c0b3864fc97df":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"e711afbeccd567f866340abb":"562d1697237ebc563941076d459727dfa094eb9ac00d30ed5836825d163dd27517c7660a01056b2d868c7fc5d0343830":0:"2b54cc27f6ee71882e8b1ead207d2b042d262e87eac97b58":1:0:"37245449db8f72b1ecdb420f629d3d80":1
+
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=48, TAG=8 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_decrypt:PSA_KEY_TYPE_AES:"551266c4ed166fe1c43761927801ed50cb9c0b3864fc97df":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"e711afbeccd567f866340abb":"562d1697237ebc563941076d459727dfa094eb9ac00d30ed5836825d163dd27517c7660a01056b2d868c7fc5d0343830":0:"2b54cc27f6ee71882e8b1ead207d2b042d262e87eac97b58":1:1:"37245449db8f72b1ecdb420f629d3d80":1
+
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=0, TAG=15
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_decrypt:PSA_KEY_TYPE_AES:"78fa4a2a5b5b1b1d9580ea527f2e1653e9336e15cc5462f5":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"98b774f7110e0bea624b487f":"":0:"a642aabed8b99e15e297ee705a40c3e2e506cb889727b327b7e044a8":1:0:"496909523f574b205d757659c5":1
+
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=0, TAG=15 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_decrypt:PSA_KEY_TYPE_AES:"78fa4a2a5b5b1b1d9580ea527f2e1653e9336e15cc5462f5":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"98b774f7110e0bea624b487f":"":0:"a642aabed8b99e15e297ee705a40c3e2e506cb889727b327b7e044a8":1:1:"496909523f574b205d757659c5":1
+
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=16, TAG=15
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_decrypt:PSA_KEY_TYPE_AES:"61f4c2e55d729c4657e503dfe2b604e2853675dbdeb0982a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"0c4d5548aa2d8d54964e1e63":"5affdf8886dabb14790aff3dbfcbdd80":0:"0d4eacc3db304f46cb7a9eba6ec105bf86d9dc0639b7cebbd5260f47":1:0:"b6e056de521a27266dffbc0d96":1
+
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=16, TAG=15 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_decrypt:PSA_KEY_TYPE_AES:"61f4c2e55d729c4657e503dfe2b604e2853675dbdeb0982a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"0c4d5548aa2d8d54964e1e63":"5affdf8886dabb14790aff3dbfcbdd80":0:"0d4eacc3db304f46cb7a9eba6ec105bf86d9dc0639b7cebbd5260f47":1:1:"b6e056de521a27266dffbc0d96":1
+
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=20, TAG=13
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_decrypt:PSA_KEY_TYPE_AES:"73245c4f115a74fe71d6fefb9094c57c75f28033a3c7372b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"536a82485999b93b0bb7ef24":"64dcad870a42eeec0730fd7a7e4154638a85d739":0:"29333e87bfe65d0e37da2936f695824d4e3f37fab3b8e2b868f6":1:0:"f6d56f8c86f27d957fa63aea22":1
+
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=20, TAG=13 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_decrypt:PSA_KEY_TYPE_AES:"73245c4f115a74fe71d6fefb9094c57c75f28033a3c7372b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"536a82485999b93b0bb7ef24":"64dcad870a42eeec0730fd7a7e4154638a85d739":0:"29333e87bfe65d0e37da2936f695824d4e3f37fab3b8e2b868f6":1:1:"f6d56f8c86f27d957fa63aea22":1
+
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=48, TAG=4
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_decrypt:PSA_KEY_TYPE_AES:"9002e74638e09dd1f091439518e1460cdd5905bd9e1a37ae":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"76c81a95d24be5c8bac63b50":"aa3ae4531aaac8f3eb07f748712c55a680bc8df5cf845edc66d09049500b41688b8023f5746879b45bdd586af29c4ede":0:"31bf37acbc53ca3fdbc9e5eaaebbb85a7f":1:0:"bd94b34511bc65ae47684805cb":1
+
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=48, TAG=4 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_decrypt:PSA_KEY_TYPE_AES:"9002e74638e09dd1f091439518e1460cdd5905bd9e1a37ae":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"76c81a95d24be5c8bac63b50":"aa3ae4531aaac8f3eb07f748712c55a680bc8df5cf845edc66d09049500b41688b8023f5746879b45bdd586af29c4ede":0:"31bf37acbc53ca3fdbc9e5eaaebbb85a7f":1:1:"bd94b34511bc65ae47684805cb":1
+
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=0, TAG=16
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f5a2b27c74355872eb3ef6c5feafaa740e6ae990d9d48c3bd9bb8235e589f010":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"58d2240f580a31c1d24948e9":"":0:"15e051a5e4a5f5da6cea92e2ebee5bac":1:0:"":1
+
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=0, TAG=16 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f5a2b27c74355872eb3ef6c5feafaa740e6ae990d9d48c3bd9bb8235e589f010":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"58d2240f580a31c1d24948e9":"":0:"15e051a5e4a5f5da6cea92e2ebee5bac":1:1:"":1
+
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=16, TAG=15
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_decrypt:PSA_KEY_TYPE_AES:"3395a1485315c5b5e6353acb05ae9499c440a2e9f5c57494662f827235ea314c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"3b7e632571602456b49880f0":"f283f80226dacb69c8af089ec6b59e81":0:"84c8beff4b0d160ee68ac613097f51":1:0:"":1
+
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=16, TAG=15 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_decrypt:PSA_KEY_TYPE_AES:"3395a1485315c5b5e6353acb05ae9499c440a2e9f5c57494662f827235ea314c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"3b7e632571602456b49880f0":"f283f80226dacb69c8af089ec6b59e81":0:"84c8beff4b0d160ee68ac613097f51":1:1:"":1
+
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=20, TAG=15
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4dc46ca55c1c1fcb4720c274c0e675c2ac5bf93d8dd5e951ca9f6b61f884edc9":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"6473ab77dc885127422f5594":"e2cf8172ab4cf77eba45cd2c8ff939b938080a90":0:"8d6351f18d873242204c20144e2b83":1:0:"":1
+
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=20, TAG=15 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4dc46ca55c1c1fcb4720c274c0e675c2ac5bf93d8dd5e951ca9f6b61f884edc9":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"6473ab77dc885127422f5594":"e2cf8172ab4cf77eba45cd2c8ff939b938080a90":0:"8d6351f18d873242204c20144e2b83":1:1:"":1
+
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=48, TAG=14
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a7f95798434f9a0fe6fd8acd30b8bad96dbdcfacee4594f01cbf26479be7d154":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"9ef5a77b02137b46e8461d09":"5595a16fa12d4dcdba6b128480dce2d39c1211c3fb6068cde6013f6a80dfcda5eb92af8879e40ee9c177fd0e446fc8ca":0:"3bfd3d99fe2063e8ef8255519fe0":1:0:"":1
+
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=48, TAG=14 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a7f95798434f9a0fe6fd8acd30b8bad96dbdcfacee4594f01cbf26479be7d154":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"9ef5a77b02137b46e8461d09":"5595a16fa12d4dcdba6b128480dce2d39c1211c3fb6068cde6013f6a80dfcda5eb92af8879e40ee9c177fd0e446fc8ca":0:"3bfd3d99fe2063e8ef8255519fe0":1:1:"":1
+
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=0, TAG=16
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4c8ebfe1444ec1b2d503c6986659af2c94fafe945f72c1e8486a5acfedb8a0f8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"473360e0ad24889959858995":"":0:"d2c78110ac7e8f107c0df0570bd7c90cc26a379b6d98ef2852ead8ce83a833a7":1:0:"7789b41cb3ee548814ca0b388c10b343":1
+
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=0, TAG=16 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4c8ebfe1444ec1b2d503c6986659af2c94fafe945f72c1e8486a5acfedb8a0f8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"473360e0ad24889959858995":"":0:"d2c78110ac7e8f107c0df0570bd7c90cc26a379b6d98ef2852ead8ce83a833a7":1:1:"7789b41cb3ee548814ca0b388c10b343":1
+
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=0, TAG=4
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_decrypt:PSA_KEY_TYPE_AES:"57805f98aae1b8b64bb49756529ab8181b3ada674a90c55422e9eb26c48bcd7b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"9735945d8ca161777206632a":"":0:"58375442ab1c0e6a8952c83d128d9fc5f45bb315":1:0:"4860116a6d2deb9bf794bfd6ac5bbbd6":1
+
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=0, TAG=4 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_decrypt:PSA_KEY_TYPE_AES:"57805f98aae1b8b64bb49756529ab8181b3ada674a90c55422e9eb26c48bcd7b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"9735945d8ca161777206632a":"":0:"58375442ab1c0e6a8952c83d128d9fc5f45bb315":1:1:"4860116a6d2deb9bf794bfd6ac5bbbd6":1
+
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=16, TAG=8
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f913bb823a1d0c10b0b72d56866907b893f2266f15de1abc17f93600824db55a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"d4fe686a14592b6ca1bd6b42":"e35d880c1c53688eb83869de9dd8a473":0:"35af9b502ea6b56269f896bf98affdd59c2aa418b38bc7fd":1:0:"ff426dd751190ff826e8b4a0792d746e":1
+
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=16, TAG=8 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f913bb823a1d0c10b0b72d56866907b893f2266f15de1abc17f93600824db55a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"d4fe686a14592b6ca1bd6b42":"e35d880c1c53688eb83869de9dd8a473":0:"35af9b502ea6b56269f896bf98affdd59c2aa418b38bc7fd":1:1:"ff426dd751190ff826e8b4a0792d746e":1
+
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=20, TAG=14
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_decrypt:PSA_KEY_TYPE_AES:"74e9d9d7cd0728cea94e169af485f21f9d2447e022f16008f803dcf5c4f7cc0c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"ecba39edc96667da726122c0":"ae9ab021f86f5b81bb2e0fcbd4b855e1501e9f82":0:"e5745ce0e02dbba05363b548c3ac7047eacca7e61db6f72fc9b9e5bdb2bb":1:0:"0a0b284515694188b6b6c15bc8a09036":1
+
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=20, TAG=14 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_decrypt:PSA_KEY_TYPE_AES:"74e9d9d7cd0728cea94e169af485f21f9d2447e022f16008f803dcf5c4f7cc0c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"ecba39edc96667da726122c0":"ae9ab021f86f5b81bb2e0fcbd4b855e1501e9f82":0:"e5745ce0e02dbba05363b548c3ac7047eacca7e61db6f72fc9b9e5bdb2bb":1:1:"0a0b284515694188b6b6c15bc8a09036":1
+
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=13, AAD=0, TAG=14
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_decrypt:PSA_KEY_TYPE_AES:"60667fce64b8c7169ddf45f335e46951248f69abc4e0f4f292d0ffe3dfd5219f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"1057322a39f08ef761c3c8fc":"":0:"501b033c841acb430c52d88fe9cb44c751f2f1641d1e801a534ac8":1:0:"f386b28e7eb4c2fb8eb5dc66a2":1
+
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=13, AAD=0, TAG=14 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_decrypt:PSA_KEY_TYPE_AES:"60667fce64b8c7169ddf45f335e46951248f69abc4e0f4f292d0ffe3dfd5219f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"1057322a39f08ef761c3c8fc":"":0:"501b033c841acb430c52d88fe9cb44c751f2f1641d1e801a534ac8":1:1:"f386b28e7eb4c2fb8eb5dc66a2":1
+
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=13, AAD=20, TAG=15
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e67590da399cbcdcddcc56110562ade8665b50287a8ab38e8b9ee7520531b560":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"2c36ab6b686a66fba1805196":"823493d42f4f60b2d1433ad75eccaafd7e7c7d12":0:"cff6b6f03c67152f3ce1030653d9bd9a6559f5b04b48d77c2a1fc364":1:0:"da1c61fbfcdb73445ad4c7d889":1
+
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=13, AAD=20, TAG=15 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e67590da399cbcdcddcc56110562ade8665b50287a8ab38e8b9ee7520531b560":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"2c36ab6b686a66fba1805196":"823493d42f4f60b2d1433ad75eccaafd7e7c7d12":0:"cff6b6f03c67152f3ce1030653d9bd9a6559f5b04b48d77c2a1fc364":1:1:"da1c61fbfcdb73445ad4c7d889":1
+
 PSA Multipart AEAD encrypt: ChaCha20-Poly1305 (RFC7539)
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
 aead_multipart_encrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":1:"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":1:0:"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691"
@@ -2491,24 +2545,31 @@ aead_multipart_encrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f90
 PSA Multipart AEAD decrypt: ChaCha20-Poly1305 (RFC7539, good tag)
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
 aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":1:"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":1:0:"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":1
+
 PSA Multipart AEAD decrypt: ChaCha20-Poly1305 (RFC7539, good tag) (lengths set)
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
 aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":1:"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":1:1:"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":1
+
 PSA Multipart AEAD decrypt: ChaCha20-Poly1305 (RFC7539, bad tag)
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
 aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":1:"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600690":1:0:"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":0
+
 PSA Multipart AEAD decrypt: ChaCha20-Poly1305 (good tag, zero-length input)
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
 aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"":1:"a0784d7a4716f3feb4f64e7f4b39bf04":1:0:"":1
+
 PSA Multipart AEAD decrypt: ChaCha20-Poly1305 (good tag, zero-length input) (lengths set)
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
 aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"":1:"a0784d7a4716f3feb4f64e7f4b39bf04":1:1:"":1
+
 PSA Multipart AEAD decrypt: invalid algorithm (CTR)
 depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
 aead_multipart_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CTR:"000102030405060708090A0B0C0D0E0F":"":0:"":1:0:"":0
+
 PSA Multipart AEAD decrypt: invalid algorithm (ChaCha20)
 depends_on:MBEDTLS_CHACHA20_C
 aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_STREAM_CIPHER:"":"":1:"":1:0:"":0
+
 PSA Multipart Nonce Generation, AES - GCM, IV = 12
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_generate_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):12:12:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS

From 693bf312d94ad2ea364cd3902e9d944091b1c5be Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Fri, 23 Jul 2021 17:40:41 +0100
Subject: [PATCH 130/966] Fix _arg argument not being cast to correct type

Also change to TEST_EQUAL, as this is now possible.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 tests/suites/test_suite_psa_crypto.function | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 0d9543d7b1..5e4eaf85fa 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -3685,6 +3685,7 @@ void aead_multipart_generate_nonce( int key_type_arg, data_t *key_data,
     uint8_t nonce_buffer[PSA_AEAD_NONCE_MAX_SIZE];
     psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     psa_status_t status = PSA_ERROR_GENERIC_ERROR;
+    psa_status_t expected_status = expected_status_arg;
     size_t nonce_generated_len = 0;
     size_t expected_generated_len = expected_generated_len_arg;
     unsigned char *output_data = NULL;
@@ -3735,13 +3736,13 @@ void aead_multipart_generate_nonce( int key_type_arg, data_t *key_data,
                                       nonce_len,
                                       &nonce_generated_len );
 
-    TEST_ASSERT( status == expected_status_arg );
+    TEST_EQUAL( status, expected_status );
 
     TEST_EQUAL( nonce_generated_len, expected_generated_len );
 
     TEST_ASSERT( nonce_generated_len < PSA_AEAD_NONCE_MAX_SIZE );
 
-    if( expected_status_arg == PSA_SUCCESS )
+    if( expected_status == PSA_SUCCESS )
     {
 
         /* Ensure we can still complete operation. */
@@ -3837,7 +3838,7 @@ void aead_multipart_set_nonce( int key_type_arg, data_t *key_data,
 
     status = psa_aead_set_nonce( &operation, nonce_buffer, nonce_len );
 
-    TEST_ASSERT( status == expected_status );
+    TEST_EQUAL( status, expected_status );
 
     if( expected_status == PSA_SUCCESS )
     {

From 43fbda648db946113848588a4051b42df2794080 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Fri, 23 Jul 2021 18:30:59 +0100
Subject: [PATCH 131/966] Add test for update buffer size

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 tests/suites/test_suite_psa_crypto.data     | 16 ++++
 tests/suites/test_suite_psa_crypto.function | 86 +++++++++++++++++++++
 2 files changed, 102 insertions(+)

diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index 5a696fd93b..45d37b6c78 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -2626,6 +2626,22 @@ PSA Multipart Set Nonce: ChaCha20 - Poly1305, IV = 16
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
 aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:16:"":"":PSA_ERROR_INVALID_ARGUMENT
 
+PSA AEAD buffer test: AES - GCM, IN = 16, BUF = 10
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_update_buffer_test:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):10:"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":PSA_ERROR_BUFFER_TOO_SMALL
+
+PSA AEAD buffer test: AES - GCM, IN = 16, BUF = 16
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_update_buffer_test:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):16:"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":PSA_SUCCESS
+
+PSA AEAD buffer test: ChaCha20 - Poly1305 IN = 130, BUF = 10
+depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
+aead_multipart_update_buffer_test:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:10:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":PSA_ERROR_BUFFER_TOO_SMALL
+
+PSA AEAD buffer test: ChaCha20 - Poly1305 IN = 130, BUF = 130
+depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
+aead_multipart_update_buffer_test:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:130:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":PSA_SUCCESS
+
 PSA Multipart State Checks, AES - GCM
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_state_test:PSA_KEY_TYPE_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":PSA_ALG_GCM:"000102030405060708090A0B0C0D0E0F":"000102030405060708090A0B":"0C0D0E0F101112131415161718191A1B1C1D1E"
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 5e4eaf85fa..32be56e068 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -3865,6 +3865,92 @@ exit:
 }
 /* END_CASE */
 
+/* BEGIN_CASE */
+void aead_multipart_update_buffer_test( int key_type_arg, data_t *key_data,
+                                       int alg_arg,
+                                       int buffer_size,
+                                       data_t *nonce,
+                                       data_t *additional_data,
+                                       data_t *input_data,
+                                       int expected_status_arg )
+{
+
+    mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
+    psa_key_type_t key_type = key_type_arg;
+    psa_algorithm_t alg = alg_arg;
+    psa_aead_operation_t operation;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+    psa_status_t status = PSA_ERROR_GENERIC_ERROR;
+    psa_status_t expected_status = expected_status_arg;
+    unsigned char *output_data = NULL;
+    unsigned char *final_data = NULL;
+    size_t finish_output_size = 0;
+    size_t output_length = 0;
+    size_t tag_length = 0;
+    uint8_t tag_buffer[PSA_AEAD_TAG_MAX_SIZE];
+
+    PSA_ASSERT( psa_crypto_init( ) );
+
+    psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT  );
+    psa_set_key_algorithm( &attributes, alg );
+    psa_set_key_type( &attributes, key_type );
+
+    PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+                                &key ) );
+
+    PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
+
+    ASSERT_ALLOC( output_data, buffer_size );
+
+    finish_output_size = PSA_AEAD_FINISH_OUTPUT_SIZE( key_type, alg );
+
+    TEST_ASSERT( finish_output_size <= PSA_AEAD_FINISH_OUTPUT_MAX_SIZE );
+
+    ASSERT_ALLOC( final_data, finish_output_size );
+
+    operation = psa_aead_operation_init( );
+
+    status = psa_aead_encrypt_setup( &operation, key, alg );
+
+    /* If the operation is not supported, just skip and not fail in case the
+     * encryption involves a common limitation of cryptography hardwares and
+     * an alternative implementation. */
+    if( status == PSA_ERROR_NOT_SUPPORTED )
+    {
+        MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 );
+        MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce->len );
+    }
+
+    PSA_ASSERT( status );
+
+    PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) );
+
+    PSA_ASSERT( psa_aead_update_ad( &operation, additional_data->x,
+                                    additional_data->len ) );
+
+    status = psa_aead_update( &operation, input_data->x, input_data->len,
+                              output_data, buffer_size, &output_length );
+
+    TEST_EQUAL( status, expected_status );
+
+    if( expected_status == PSA_SUCCESS )
+    {
+        /* Ensure we can still complete operation. */
+        PSA_ASSERT( psa_aead_finish( &operation, final_data, finish_output_size,
+                                     &output_length, tag_buffer,
+                                     PSA_AEAD_TAG_MAX_SIZE, &tag_length ) );
+    }
+
+exit:
+    psa_destroy_key( key );
+    mbedtls_free( output_data );
+    mbedtls_free( final_data );
+    psa_aead_abort( &operation );
+    PSA_DONE( );
+}
+/* END_CASE */
+
+
 /* BEGIN_CASE */
 void aead_multipart_state_test( int key_type_arg, data_t *key_data,
                                 int alg_arg,

From 91b021e4c70e0ac7e9352f97d9c55cb29f4572d0 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Fri, 23 Jul 2021 18:52:31 +0100
Subject: [PATCH 132/966] Add finish buffer size test

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 tests/suites/test_suite_psa_crypto.data     | 21 +++++-
 tests/suites/test_suite_psa_crypto.function | 81 +++++++++++++++++++++
 2 files changed, 98 insertions(+), 4 deletions(-)

diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index 45d37b6c78..d223537900 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -2626,22 +2626,35 @@ PSA Multipart Set Nonce: ChaCha20 - Poly1305, IV = 16
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
 aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:16:"":"":PSA_ERROR_INVALID_ARGUMENT
 
-PSA AEAD buffer test: AES - GCM, IN = 16, BUF = 10
+PSA AEAD output buffer test: AES - GCM, IN = 16, BUF = 10
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_update_buffer_test:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):10:"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":PSA_ERROR_BUFFER_TOO_SMALL
 
-PSA AEAD buffer test: AES - GCM, IN = 16, BUF = 16
+PSA AEAD output buffer test: AES - GCM, IN = 16, BUF = 16
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_update_buffer_test:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):16:"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":PSA_SUCCESS
 
-PSA AEAD buffer test: ChaCha20 - Poly1305 IN = 130, BUF = 10
+PSA AEAD output buffer test: ChaCha20 - Poly1305 IN = 130, BUF = 10
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
 aead_multipart_update_buffer_test:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:10:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":PSA_ERROR_BUFFER_TOO_SMALL
 
-PSA AEAD buffer test: ChaCha20 - Poly1305 IN = 130, BUF = 130
+PSA AEAD output buffer test: ChaCha20 - Poly1305 IN = 130, BUF = 130
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
 aead_multipart_update_buffer_test:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:130:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":PSA_SUCCESS
 
+PSA AEAD finish buffer test: AES - GCM, BUF = 8
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_finish_buffer_test:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):8:"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":PSA_ERROR_BUFFER_TOO_SMALL
+
+PSA AEAD finish buffer test: AES - GCM, BUF = 15
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_finish_buffer_test:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):15:"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":PSA_SUCCESS
+
+PSA AEAD finish buffer test: ChaCha20 - Poly1305, BUF = 0
+depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
+aead_multipart_finish_buffer_test:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:0:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":PSA_SUCCESS
+
+
 PSA Multipart State Checks, AES - GCM
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_state_test:PSA_KEY_TYPE_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":PSA_ALG_GCM:"000102030405060708090A0B0C0D0E0F":"000102030405060708090A0B":"0C0D0E0F101112131415161718191A1B1C1D1E"
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 32be56e068..b8023eeb1a 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -3950,6 +3950,87 @@ exit:
 }
 /* END_CASE */
 
+/* BEGIN_CASE */
+void aead_multipart_finish_buffer_test( int key_type_arg, data_t *key_data,
+                                        int alg_arg,
+                                        int buffer_size,
+                                        data_t *nonce,
+                                        data_t *additional_data,
+                                        data_t *input_data,
+                                        int expected_status_arg )
+{
+
+    mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
+    psa_key_type_t key_type = key_type_arg;
+    psa_algorithm_t alg = alg_arg;
+    psa_aead_operation_t operation;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+    psa_status_t status = PSA_ERROR_GENERIC_ERROR;
+    psa_status_t expected_status = expected_status_arg;
+    unsigned char *output_data = NULL;
+    unsigned char *final_data = NULL;
+    size_t output_size = 0;
+    size_t output_length = 0;
+    size_t tag_length = 0;
+    uint8_t tag_buffer[PSA_AEAD_TAG_MAX_SIZE];
+
+    PSA_ASSERT( psa_crypto_init( ) );
+
+    psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT  );
+    psa_set_key_algorithm( &attributes, alg );
+    psa_set_key_type( &attributes, key_type );
+
+    PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+                                &key ) );
+
+    PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
+
+    output_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, input_data->len );
+
+    ASSERT_ALLOC( output_data, output_size );
+
+    TEST_ASSERT( buffer_size <= PSA_AEAD_FINISH_OUTPUT_MAX_SIZE );
+
+    ASSERT_ALLOC( final_data, buffer_size );
+
+    operation = psa_aead_operation_init( );
+
+    status = psa_aead_encrypt_setup( &operation, key, alg );
+
+    /* If the operation is not supported, just skip and not fail in case the
+     * encryption involves a common limitation of cryptography hardwares and
+     * an alternative implementation. */
+    if( status == PSA_ERROR_NOT_SUPPORTED )
+    {
+        MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 );
+        MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce->len );
+    }
+
+    PSA_ASSERT( status );
+
+    PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) );
+
+    PSA_ASSERT( psa_aead_update_ad( &operation, additional_data->x,
+                                    additional_data->len ) );
+
+    PSA_ASSERT( psa_aead_update( &operation, input_data->x, input_data->len,
+                              output_data, output_size, &output_length ) );
+
+    /* Ensure we can still complete operation. */
+    status = psa_aead_finish( &operation, final_data, buffer_size,
+                              &output_length, tag_buffer,
+                              PSA_AEAD_TAG_MAX_SIZE, &tag_length );
+
+    TEST_EQUAL( status, expected_status );
+
+exit:
+    psa_destroy_key( key );
+    mbedtls_free( output_data );
+    mbedtls_free( final_data );
+    psa_aead_abort( &operation );
+    PSA_DONE( );
+}
+/* END_CASE */
 
 /* BEGIN_CASE */
 void aead_multipart_state_test( int key_type_arg, data_t *key_data,

From bd25755d2a6f72961e4dd8925e324596978c4f6a Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Mon, 22 Mar 2021 06:59:27 +0000
Subject: [PATCH 133/966] Rename ssl_populate_transform() ->
 ssl_tls12_populate_transform()

In TLS 1.2 specific code, the internal helper functions
ssl_populate_transform() builds an SSL transform structure,
representing a specific record protection mechanism.

In preparation for a subsequent commit which will introduce
a similar helper function specific to TLS 1.3, this commmit
renames ssl_populate_transform() to ssl_tls12_populate_transform().

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
---
 library/ssl_misc.h |  3 ++-
 library/ssl_tls.c  | 48 +++++++++++++++++++++++-----------------------
 2 files changed, 26 insertions(+), 25 deletions(-)

diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index cc19f4723b..ca92d6893e 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -740,7 +740,8 @@ struct mbedtls_ssl_transform
 
 #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
     /* We need the Hello random bytes in order to re-derive keys from the
-     * Master Secret and other session info, see ssl_populate_transform() */
+     * Master Secret and other session info,
+     * see ssl_tls12_populate_transform() */
     unsigned char randbytes[64]; /*!< ServerHello.random+ClientHello.random */
 #endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */
 };
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index fe3b5e2e64..33f4e601c3 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -665,14 +665,14 @@ typedef int ssl_tls_prf_t(const unsigned char *, size_t, const char *,
  *        - MBEDTLS_SSL_EXPORT_KEYS: ssl->conf->{f,p}_export_keys
  *        - MBEDTLS_DEBUG_C: ssl->conf->{f,p}_dbg
  */
-static int ssl_populate_transform( mbedtls_ssl_transform *transform,
+static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
                                    int ciphersuite,
                                    const unsigned char master[48],
-#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
-#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) && \
+    defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
                                    int encrypt_then_mac,
-#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
-#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */
+#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC &&
+          MBEDTLS_SSL_SOME_SUITES_USE_MAC */
                                    ssl_tls_prf_t tls_prf,
                                    const unsigned char randbytes[64],
                                    int minor_ver,
@@ -1328,22 +1328,22 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
     }
 
     /* Populate transform structure */
-    ret = ssl_populate_transform( ssl->transform_negotiate,
-                                  ssl->session_negotiate->ciphersuite,
-                                  ssl->session_negotiate->master,
-#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
-#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
-                                  ssl->session_negotiate->encrypt_then_mac,
-#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
-#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */
-                                  ssl->handshake->tls_prf,
-                                  ssl->handshake->randbytes,
-                                  ssl->minor_ver,
-                                  ssl->conf->endpoint,
-                                  ssl );
+    ret = ssl_tls12_populate_transform( ssl->transform_negotiate,
+                                        ssl->session_negotiate->ciphersuite,
+                                        ssl->session_negotiate->master,
+#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) && \
+    defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+                                        ssl->session_negotiate->encrypt_then_mac,
+#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC &&
+          MBEDTLS_SSL_SOME_SUITES_USE_MAC */
+                                        ssl->handshake->tls_prf,
+                                        ssl->handshake->randbytes,
+                                        ssl->minor_ver,
+                                        ssl->conf->endpoint,
+                                        ssl );
     if( ret != 0 )
     {
-        MBEDTLS_SSL_DEBUG_RET( 1, "ssl_populate_transform", ret );
+        MBEDTLS_SSL_DEBUG_RET( 1, "ssl_tls12_populate_transform", ret );
         return( ret );
     }
 
@@ -5775,14 +5775,14 @@ static int ssl_context_load( mbedtls_ssl_context *ssl,
     if( (size_t)( end - p ) < sizeof( ssl->transform->randbytes ) )
         return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
 
-    ret = ssl_populate_transform( ssl->transform,
+    ret = ssl_tls12_populate_transform( ssl->transform,
                   ssl->session->ciphersuite,
                   ssl->session->master,
-#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
-#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) && \
+    defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
                   ssl->session->encrypt_then_mac,
-#endif
-#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */
+#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC &&
+          MBEDTLS_SSL_SOME_SUITES_USE_MAC */
                   ssl_tls12prf_from_cs( ssl->session->ciphersuite ),
                   p, /* currently pointing to randbytes */
                   MBEDTLS_SSL_MINOR_VERSION_3, /* (D)TLS 1.2 is forced */

From c94060c6417468bd0c5fd091f3a3aa4217bbb4bd Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Mon, 22 Mar 2021 07:50:44 +0000
Subject: [PATCH 134/966] Add TLS 1.3 specific key to SSL transform conversion
 function

This commit adds the TLS 1.3 specific internal function

```
  mbedtls_ssl_tls13_populate_transform()
```

which creates an instance of the SSL transform structure
`mbedtls_ssl_transform` representing a TLS 1.3 record protection
mechanism.

It is analogous to the existing internal helper function

```
   ssl_tls12_populate_transform()
```

which creates transform structures representing record
protection mechanisms in TLS 1.2 and earlier.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
---
 library/ssl_tls13_keys.c | 108 +++++++++++++++++++++++++++++++++++++++
 library/ssl_tls13_keys.h |  33 ++++++++++++
 2 files changed, 141 insertions(+)

diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index f1c8a12d86..28313130f7 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -699,4 +699,112 @@ exit:
     return( ret );
 }
 
+int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform,
+                                          int endpoint,
+                                          int ciphersuite,
+                                          mbedtls_ssl_key_set const *traffic_keys,
+                                          mbedtls_ssl_context *ssl /* DEBUG ONLY */ )
+{
+    int ret;
+    mbedtls_cipher_info_t const *cipher_info;
+    const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
+    unsigned char const *key_enc;
+    unsigned char const *iv_enc;
+    unsigned char const *key_dec;
+    unsigned char const *iv_dec;
+
+#if !defined(MBEDTLS_DEBUG_C)
+    ssl = NULL; /* make sure we don't use it except for those cases */
+    (void) ssl;
+#endif
+
+    ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( ciphersuite );
+
+    cipher_info = mbedtls_cipher_info_from_type( ciphersuite_info->cipher );
+    if( cipher_info == NULL )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    }
+
+    /*
+     * Setup cipher contexts in target transform
+     */
+
+    if( ( ret = mbedtls_cipher_setup( &transform->cipher_ctx_enc,
+                                      cipher_info ) ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup", ret );
+        return( ret );
+    }
+
+    if( ( ret = mbedtls_cipher_setup( &transform->cipher_ctx_dec,
+                                      cipher_info ) ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup", ret );
+        return( ret );
+    }
+
+#if defined(MBEDTLS_SSL_SRV_C)
+    if( endpoint == MBEDTLS_SSL_IS_SERVER )
+    {
+        key_enc = traffic_keys->server_write_key;
+        key_dec = traffic_keys->client_write_key;
+        iv_enc = traffic_keys->server_write_iv;
+        iv_dec = traffic_keys->client_write_iv;
+    }
+    else
+#endif /* MBEDTLS_SSL_SRV_C */
+#if defined(MBEDTLS_SSL_CLI_C)
+    if( endpoint == MBEDTLS_SSL_IS_CLIENT )
+    {
+        key_enc = traffic_keys->client_write_key;
+        key_dec = traffic_keys->server_write_key;
+        iv_enc = traffic_keys->client_write_iv;
+        iv_dec = traffic_keys->server_write_iv;
+    }
+    else
+#endif /* MBEDTLS_SSL_CLI_C */
+    {
+        /* should not happen */
+        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    }
+
+    memcpy( transform->iv_enc, iv_enc, traffic_keys->iv_len );
+    memcpy( transform->iv_dec, iv_dec, traffic_keys->iv_len );
+
+    if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx_enc,
+                                       key_enc, cipher_info->key_bitlen,
+                                       MBEDTLS_ENCRYPT ) ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret );
+        return( ret );
+    }
+
+    if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx_dec,
+                                       key_dec, cipher_info->key_bitlen,
+                                       MBEDTLS_DECRYPT ) ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret );
+        return( ret );
+    }
+
+    /*
+     * Setup other fields in SSL transform
+     */
+
+    if( ( ciphersuite_info->flags & MBEDTLS_CIPHERSUITE_SHORT_TAG ) != 0 )
+        transform->taglen  = 8;
+    else
+        transform->taglen  = 16;
+
+    transform->ivlen       = traffic_keys->iv_len;
+    transform->maclen      = 0;
+    transform->fixed_ivlen = transform->ivlen;
+    transform->minlen      = transform->taglen + 1;
+    transform->minor_ver   = MBEDTLS_SSL_MINOR_VERSION_4;
+
+    return( 0 );
+}
+
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h
index 3b96998aed..ca892b1665 100644
--- a/library/ssl_tls13_keys.h
+++ b/library/ssl_tls13_keys.h
@@ -498,4 +498,37 @@ int mbedtls_ssl_tls1_3_create_psk_binder( mbedtls_ssl_context *ssl,
                                unsigned char const *transcript,
                                unsigned char *result );
 
+/**
+ * \bref Setup an SSL transform structure representing the
+ *       record protection mechanism used by TLS 1.3
+ *
+ * \param transform    The SSL transform structure to be created. This must have
+ *                     been initialized through mbedtls_ssl_transform_init() and
+ *                     not used in any other way prior to calling this function.
+ *                     In particular, this function does not clean up the
+ *                     transform structure prior to installing the new keys.
+ * \param endpoint     Indicates whether the transform is for the client
+ *                     (value #MBEDTLS_SSL_IS_CLIENT) or the server
+ *                     (value #MBEDTLS_SSL_IS_SERVER).
+ * \param ciphersuite  The numerical identifier for the ciphersuite to use.
+ *                     This must be one of the identifiers listed in
+ *                     ssl_ciphersuites.h.
+ * \param traffic_keys The key material to use. No reference is stored in
+ *                     the SSL transform being generated, and the caller
+ *                     should destroy the key material afterwards.
+ * \param ssl          (Debug-only) The SSL context to use for debug output
+ *                     in case of failure. This parameter is only needed if
+ *                     #MBEDTLS_DEBUG_C is set, and is ignored otherwise.
+ *
+ * \return             \c 0 on success. In this case, \p transform is ready to
+ *                     be used with mbedtls_ssl_transform_decrypt() and
+ *                     mbedtls_ssl_transform_encrypt().
+ * \return             A negative error code on failure.
+ */
+int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform,
+                                          int endpoint,
+                                          int ciphersuite,
+                                          mbedtls_ssl_key_set const *traffic_keys,
+                                          mbedtls_ssl_context *ssl );
+
 #endif /* MBEDTLS_SSL_TLS1_3_KEYS_H */

From 79e2d1b6f6eb5c07370afe20c20af00a727a190b Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Mon, 22 Mar 2021 11:42:19 +0000
Subject: [PATCH 135/966] Fix AEAD additional data computation for TLS 1.3

The AEAD additional data (AAD) is computed differently in TLS 1.3
compared to TLS 1.2, but this change hasn't yet been reflected in
the codee, rendering the current implementation of

```
   mbedtls_ssl_{encrypt,decrypt}_buf()
```

not standard compliant.

This commit fixes this by adjusting the AAD extraction function
ssl_extract_add_data_from_record() and its call-sites.

Please see the documentation of the code for an explanation
of how the AAD has changed from TLS 1.2 to TLS 1.3.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
---
 library/ssl_msg.c | 53 ++++++++++++++++++++++++++++++++++++-----------
 1 file changed, 41 insertions(+), 12 deletions(-)

diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 76cc2b17d4..cf2eab56bf 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -384,7 +384,8 @@ static int ssl_parse_inner_plaintext( unsigned char const *content,
 static void ssl_extract_add_data_from_record( unsigned char* add_data,
                                               size_t *add_data_len,
                                               mbedtls_record *rec,
-                                              unsigned minor_ver )
+                                              unsigned minor_ver,
+                                              size_t taglen )
 {
     /* Quoting RFC 5246 (TLS 1.2):
      *
@@ -403,15 +404,37 @@ static void ssl_extract_add_data_from_record( unsigned char* add_data,
      *
      * For TLS 1.3, the record sequence number is dropped from the AAD
      * and encoded within the nonce of the AEAD operation instead.
+     * Moreover, the additional data involves the length of the TLS
+     * ciphertext, not the TLS plaintext as in earlier versions.
+     * Quoting RFC 8446 (TLS 1.3):
+     *
+     *      additional_data = TLSCiphertext.opaque_type ||
+     *                        TLSCiphertext.legacy_record_version ||
+     *                        TLSCiphertext.length
+     *
+     * We pass the tag length to this function in order to compute the
+     * ciphertext length from the inner plaintext length rec->data_len via
+     *
+     *     TLSCiphertext.length = TLSInnerPlaintext.length + taglen.
+     *
      */
 
     unsigned char *cur = add_data;
+    size_t ad_len_field = rec->data_len;
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
-    if( minor_ver != MBEDTLS_SSL_MINOR_VERSION_4 )
+    if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
+    {
+        /* In TLS 1.3, the AAD contains the length of the TLSCiphertext,
+         * which differs from the length of the TLSInnerPlaintext
+         * by the length of the authentication tag. */
+        ad_len_field += taglen;
+    }
+    else
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
     {
         ((void) minor_ver);
+        ((void) taglen);
         memcpy( cur, rec->ctr, sizeof( rec->ctr ) );
         cur += sizeof( rec->ctr );
     }
@@ -431,15 +454,15 @@ static void ssl_extract_add_data_from_record( unsigned char* add_data,
         *cur = rec->cid_len;
         cur++;
 
-        cur[0] = ( rec->data_len >> 8 ) & 0xFF;
-        cur[1] = ( rec->data_len >> 0 ) & 0xFF;
+        cur[0] = ( ad_len_field >> 8 ) & 0xFF;
+        cur[1] = ( ad_len_field >> 0 ) & 0xFF;
         cur += 2;
     }
     else
 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
     {
-        cur[0] = ( rec->data_len >> 8 ) & 0xFF;
-        cur[1] = ( rec->data_len >> 0 ) & 0xFF;
+        cur[0] = ( ad_len_field >> 8 ) & 0xFF;
+        cur[1] = ( ad_len_field >> 0 ) & 0xFF;
         cur += 2;
     }
 
@@ -646,7 +669,8 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
         unsigned char mac[MBEDTLS_SSL_MAC_ADD];
 
         ssl_extract_add_data_from_record( add_data, &add_data_len, rec,
-                                          transform->minor_ver );
+                                          transform->minor_ver,
+                                          transform->taglen );
 
         mbedtls_md_hmac_update( &transform->md_ctx_enc, add_data,
                                 add_data_len );
@@ -743,7 +767,8 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
          * This depends on the TLS version.
          */
         ssl_extract_add_data_from_record( add_data, &add_data_len, rec,
-                                          transform->minor_ver );
+                                          transform->minor_ver,
+                                          transform->taglen );
 
         MBEDTLS_SSL_DEBUG_BUF( 4, "IV used (internal)",
                                iv, transform->ivlen );
@@ -897,7 +922,8 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
             }
 
             ssl_extract_add_data_from_record( add_data, &add_data_len,
-                                              rec, transform->minor_ver );
+                                              rec, transform->minor_ver,
+                                              transform->taglen );
 
             MBEDTLS_SSL_DEBUG_MSG( 3, ( "using encrypt then mac" ) );
             MBEDTLS_SSL_DEBUG_BUF( 4, "MAC'd meta-data", add_data,
@@ -1304,7 +1330,8 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
          * This depends on the TLS version.
          */
         ssl_extract_add_data_from_record( add_data, &add_data_len, rec,
-                                          transform->minor_ver );
+                                          transform->minor_ver,
+                                          transform->taglen );
         MBEDTLS_SSL_DEBUG_BUF( 4, "additional data used for AEAD",
                                add_data, add_data_len );
 
@@ -1414,7 +1441,8 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
              * Further, we still know that data_len > minlen */
             rec->data_len -= transform->maclen;
             ssl_extract_add_data_from_record( add_data, &add_data_len, rec,
-                                              transform->minor_ver );
+                                              transform->minor_ver,
+                                              transform->taglen );
 
             /* Calculate expected MAC. */
             MBEDTLS_SSL_DEBUG_BUF( 4, "MAC'd meta-data", add_data,
@@ -1606,7 +1634,8 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
          */
         rec->data_len -= transform->maclen;
         ssl_extract_add_data_from_record( add_data, &add_data_len, rec,
-                                          transform->minor_ver );
+                                          transform->minor_ver,
+                                          transform->taglen );
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
         /*

From a77d005d39e78b55231311d034f2187eae8d5929 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Mon, 22 Mar 2021 15:16:33 +0000
Subject: [PATCH 136/966] Add known answer tests for TLS 1.3 record protection

This commit adds four known answer tests for TLS 1.3 record protection
from the following sources:

- RFC 8448 "Example Handshake Traces for TLS 1.3"
- tls13.ulfheim.net "The New Illustrated TLS Connection"

It extends the test coverage of the existing record protection tests
in the following ways:

- The existing record protection tests hand-craft record transform
  structures; the new tests use the function

     mbedtls_ssl_tls13_populate_transform()

  from library source to create an TLS 1.3 transform from raw
  key material and connection information.
- The existing record protection tests only check that encryption
  and decryption are inverse to each other; as such, they don't
  catch non-compliant implementations of encryption and decryption
  which happen to be inverse to each other. By adding a known answer
  test for TLS 1.3 record protection, can gain confidence that our
  implementation is indeed standards-compliant.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
---
 tests/suites/test_suite_ssl.data     | 55 ++++++++++++++++++
 tests/suites/test_suite_ssl.function | 86 ++++++++++++++++++++++++++++
 2 files changed, 141 insertions(+)

diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data
index 5d92469ad7..efedd06154 100644
--- a/tests/suites/test_suite_ssl.data
+++ b/tests/suites/test_suite_ssl.data
@@ -6021,6 +6021,61 @@ SSL TLS 1.3 Key schedule: Handshake secrets derivation helper
 # Vector from RFC 8448
 ssl_tls1_3_derive_handshake_secrets:MBEDTLS_MD_SHA256:"005cb112fd8eb4ccc623bb88a07c64b3ede1605363fc7d0df8c7ce4ff0fb4ae6":"f736cb34fe25e701551bee6fd24c1cc7102a7daf9405cb15d97aafe16f757d03":"2faac08f851d35fea3604fcb4de82dc62c9b164a70974d0462e27f1ab278700f":"fe927ae271312e8bf0275b581c54eef020450dc4ecffaa05a1a35d27518e7803"
 
+SSL TLS 1.3 Record Encryption, tls13.ulfheim.net Example #1
+# - Server App Key: 0b6d22c8ff68097ea871c672073773bf
+# - Server App IV:  1b13dd9f8d8f17091d34b349
+# - Client App Key: 49134b95328f279f0183860589ac6707
+# - Client App IV:  bc4dd5f7b98acff85466261d
+# - App data payload: 70696e67
+# - Complete record:  1703030015c74061535eb12f5f25a781957874742ab7fb305dd5
+ssl_tls1_3_record_protection:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_CLIENT:0:"0b6d22c8ff68097ea871c672073773bf":"1b13dd9f8d8f17091d34b349":"49134b95328f279f0183860589ac6707":"bc4dd5f7b98acff85466261d":"70696e67":"c74061535eb12f5f25a781957874742ab7fb305dd5"
+
+SSL TLS 1.3 Record Encryption, tls13.ulfheim.net Example #2
+# - Server App Key: 0b6d22c8ff68097ea871c672073773bf
+# - Server App IV:  1b13dd9f8d8f17091d34b349
+# - Client App Key: 49134b95328f279f0183860589ac6707
+# - Client App IV:  bc4dd5f7b98acff85466261d
+# - App data payload: 706f6e67
+# - Complete record:  1703030015370e5f168afa7fb16b663ecdfca3dbb81931a90ca7
+ssl_tls1_3_record_protection:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_SERVER:1:"0b6d22c8ff68097ea871c672073773bf":"1b13dd9f8d8f17091d34b349":"49134b95328f279f0183860589ac6707":"bc4dd5f7b98acff85466261d":"706f6e67":"370e5f168afa7fb16b663ecdfca3dbb81931a90ca7"
+
+SSL TLS 1.3 Record Encryption RFC 8448 Example #1
+# Application Data record sent by Client in 1-RTT example of RFC 8448, Section 3
+# - Server App Key: 9f 02 28 3b 6c 9c 07 ef c2 6b b9 f2 ac 92 e3 56
+# - Server App IV:  cf 78 2b 88 dd 83 54 9a ad f1 e9 84
+# - Client App Key: 17 42 2d da 59 6e d5 d9 ac d8 90 e3 c6 3f 50 51
+# - Client App IV:  5b 78 92 3d ee 08 57 90 33 e5 23 d9
+# - App data payload: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f
+#                     10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f
+#                     20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f
+#                     30 31
+# - Complete record:  17 03 03 00 43 a2 3f 70 54 b6 2c 94 d0 af fa fe
+#                     82 28 ba 55 cb ef ac ea 42 f9 14 aa 66 bc ab 3f
+#                     2b 98 19 a8 a5 b4 6b 39 5b d5 4a 9a 20 44 1e 2b
+#                     62 97 4e 1f 5a 62 92 a2 97 70 14 bd 1e 3d ea e6
+#                     3a ee bb 21 69 49 15 e4
+ssl_tls1_3_record_protection:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_CLIENT:0:"9f02283b6c9c07efc26bb9f2ac92e356":"cf782b88dd83549aadf1e984":"17422dda596ed5d9acd890e3c63f5051":"5b78923dee08579033e523d9":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031":"a23f7054b62c94d0affafe8228ba55cbefacea42f914aa66bcab3f2b9819a8a5b46b395bd54a9a20441e2b62974e1f5a6292a2977014bd1e3deae63aeebb21694915e4"
+
+SSL TLS 1.3 Record Encryption RFC 8448 Example #2
+# Application Data record sent by Server in 1-RTT example of RFC 8448, Section 3
+# - Server App Key: 9f 02 28 3b 6c 9c 07 ef c2 6b b9 f2 ac 92 e3 56
+# - Server App IV:  cf 78 2b 88 dd 83 54 9a ad f1 e9 84
+# - Client App Key: 17 42 2d da 59 6e d5 d9 ac d8 90 e3 c6 3f 50 51
+# - Client App IV:  5b 78 92 3d ee 08 57 90 33 e5 23 d9
+# - App data payload: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f
+#                     10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f
+#                     20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f
+#                     30 31
+# - Complete record:  17 03 03 00 43 2e 93 7e 11 ef 4a c7 40 e5 38 ad
+#                     36 00 5f c4 a4 69 32 fc 32 25 d0 5f 82 aa 1b 36
+#                     e3 0e fa f9 7d 90 e6 df fc 60 2d cb 50 1a 59 a8
+#                     fc c4 9c 4b f2 e5 f0 a2 1c 00 47 c2 ab f3 32 54
+#                     0d d0 32 e1 67 c2 95 5d
+ssl_tls1_3_record_protection:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_SERVER:1:"9f02283b6c9c07efc26bb9f2ac92e356":"cf782b88dd83549aadf1e984":"17422dda596ed5d9acd890e3c63f5051":"5b78923dee08579033e523d9":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031":"2e937e11ef4ac740e538ad36005fc4a46932fc3225d05f82aa1b36e30efaf97d90e6dffc602dcb501a59a8fcc49c4bf2e5f0a21c0047c2abf332540dd032e167c2955d"
+
+SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_NONE
+ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_NONE:"":"":"test tls_prf label":"":MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
+
 SSL TLS 1.3 Key schedule: Application secrets derivation helper
 # Vector from RFC 8448
 ssl_tls1_3_derive_application_secrets:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":"b0aeffc46a2cfe33114e6fd7d51f9f04b1ca3c497dab08934a774a9d9ad7dbf3":"2abbf2b8e381d23dbebe1dd2a7d16a8bf484cb4950d23fb7fb7fa8547062d9a1":"cc21f1bf8feb7dd5fa505bd9c4b468a9984d554a993dc49e6d285598fb672691":"3fd93d4ffddc98e64b14dd107aedf8ee4add23f4510f58a4592d0b201bee56b4"
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 081e8a45a6..a83d6e2bef 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -3943,6 +3943,92 @@ void ssl_tls1_3_create_psk_binder( int hash_alg,
 }
 /* END_CASE */
 
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
+void ssl_tls1_3_record_protection( int ciphersuite,
+                                   int endpoint,
+                                   int ctr,
+                                   data_t *server_write_key,
+                                   data_t *server_write_iv,
+                                   data_t *client_write_key,
+                                   data_t *client_write_iv,
+                                   data_t *plaintext,
+                                   data_t *ciphertext )
+{
+    mbedtls_ssl_key_set keys;
+    mbedtls_ssl_transform transform_send;
+    mbedtls_ssl_transform transform_recv;
+    mbedtls_record rec;
+    unsigned char *buf = NULL;
+    int other_endpoint;
+
+    TEST_ASSERT( endpoint == MBEDTLS_SSL_IS_CLIENT ||
+                 endpoint == MBEDTLS_SSL_IS_SERVER );
+
+    if( endpoint == MBEDTLS_SSL_IS_SERVER )
+        other_endpoint = MBEDTLS_SSL_IS_CLIENT;
+    if( endpoint == MBEDTLS_SSL_IS_CLIENT )
+        other_endpoint = MBEDTLS_SSL_IS_SERVER;
+
+    TEST_ASSERT( server_write_key->len == client_write_key->len );
+    TEST_ASSERT( server_write_iv->len  == client_write_iv->len  );
+
+    memcpy( keys.client_write_key,
+            client_write_key->x, client_write_key->len );
+    memcpy( keys.client_write_iv,
+            client_write_iv->x, client_write_iv->len );
+    memcpy( keys.server_write_key,
+            server_write_key->x, server_write_key->len );
+    memcpy( keys.server_write_iv,
+            server_write_iv->x, server_write_iv->len );
+
+    keys.key_len = server_write_key->len;
+    keys.iv_len  = server_write_iv->len;
+
+    mbedtls_ssl_transform_init( &transform_recv );
+    mbedtls_ssl_transform_init( &transform_send );
+
+    TEST_ASSERT( mbedtls_ssl_tls13_populate_transform(
+                     &transform_send, endpoint,
+                     ciphersuite, &keys, NULL ) == 0 );
+    TEST_ASSERT( mbedtls_ssl_tls13_populate_transform(
+                     &transform_recv, other_endpoint,
+                     ciphersuite, &keys, NULL ) == 0 );
+
+    ASSERT_ALLOC( buf, ciphertext->len );
+    rec.type   = MBEDTLS_SSL_MSG_APPLICATION_DATA;
+    mbedtls_ssl_write_version( MBEDTLS_SSL_MAJOR_VERSION_3,
+                               MBEDTLS_SSL_MINOR_VERSION_3,
+                               MBEDTLS_SSL_TRANSPORT_STREAM,
+                               rec.ver );
+
+    /* Copy plaintext into record structure */
+    rec.buf = buf;
+    rec.buf_len = ciphertext->len;
+    rec.data_offset = 0;
+    TEST_ASSERT( plaintext->len <= ciphertext->len );
+    memcpy( rec.buf + rec.data_offset, plaintext->x, plaintext->len );
+    rec.data_len = plaintext->len;
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+    rec.cid_len = 0;
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
+    memset( &rec.ctr[0], 0, 8 );
+    rec.ctr[7] = ctr;
+
+    TEST_ASSERT( mbedtls_ssl_encrypt_buf( NULL, &transform_send, &rec,
+                                          NULL, NULL ) == 0 );
+    ASSERT_COMPARE( rec.buf + rec.data_offset, rec.data_len,
+                    ciphertext->x, ciphertext->len );
+
+    TEST_ASSERT( mbedtls_ssl_decrypt_buf( NULL, &transform_recv, &rec ) == 0 );
+    ASSERT_COMPARE( rec.buf + rec.data_offset, rec.data_len,
+                    plaintext->x, plaintext->len );
+
+    mbedtls_ssl_transform_free( &transform_send );
+    mbedtls_ssl_transform_free( &transform_recv );
+}
+/* END_CASE */
+
 /* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
 void ssl_tls1_3_key_evolution( int hash_alg,
                                data_t *secret,

From 80e760e00642836a19e7c05efad3ac34a57230be Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 23 Mar 2021 06:00:21 +0000
Subject: [PATCH 137/966] Fix memory leak in TLS 1.3 record protection unit
 test

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
---
 tests/suites/test_suite_ssl.function | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index a83d6e2bef..554e7b86e2 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -4024,6 +4024,7 @@ void ssl_tls1_3_record_protection( int ciphersuite,
     ASSERT_COMPARE( rec.buf + rec.data_offset, rec.data_len,
                     plaintext->x, plaintext->len );
 
+    mbedtls_free( buf );
     mbedtls_ssl_transform_free( &transform_send );
     mbedtls_ssl_transform_free( &transform_recv );
 }

From 7887a77c2507bfbddd2238a0a1a06f9b19d7f64e Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 20 Apr 2021 05:27:57 +0100
Subject: [PATCH 138/966] Match parameter check in TLS 1.3 populate transform
 to 1.2 version

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
---
 library/ssl_tls13_keys.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index 28313130f7..0977cabb34 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -719,12 +719,19 @@ int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform,
 #endif
 
     ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( ciphersuite );
+    if( ciphersuite_info == NULL )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "ciphersuite info for %d not found",
+                                    ciphersuite ) );
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    }
 
     cipher_info = mbedtls_cipher_info_from_type( ciphersuite_info->cipher );
     if( cipher_info == NULL )
     {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "cipher info for %u not found",
+                                    ciphersuite_info->cipher ) );
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA )
     }
 
     /*

From edd5bf0a95d05d72c405be84011ea9638d2b966d Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 20 Apr 2021 05:32:16 +0100
Subject: [PATCH 139/966] Fix and document minimum length of record ciphertext
 in TLS 1.3

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
---
 library/ssl_tls13_keys.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index 0977cabb34..8270009c76 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -808,9 +808,15 @@ int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform,
     transform->ivlen       = traffic_keys->iv_len;
     transform->maclen      = 0;
     transform->fixed_ivlen = transform->ivlen;
-    transform->minlen      = transform->taglen + 1;
     transform->minor_ver   = MBEDTLS_SSL_MINOR_VERSION_4;
 
+    /* We add the true record content type (1 Byte) to the plaintext and
+     * then pad to the configured granularity. The mimimum length of the
+     * type-extended and padded plaintext is therefore the padding
+     * granularity. */
+    transform->minlen =
+        transform->taglen + MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY;
+
     return( 0 );
 }
 

From 41537452f495a7ee448a7bd4d0d5f566341263d6 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 20 Apr 2021 05:35:28 +0100
Subject: [PATCH 140/966] Add comment regarding the wire-version used in TLS
 1.3 records

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
---
 tests/suites/test_suite_ssl.function | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 554e7b86e2..2e09907228 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -3996,6 +3996,8 @@ void ssl_tls1_3_record_protection( int ciphersuite,
 
     ASSERT_ALLOC( buf, ciphertext->len );
     rec.type   = MBEDTLS_SSL_MSG_APPLICATION_DATA;
+
+    /* TLS 1.3 uses the version identifier from TLS 1.2 on the wire. */
     mbedtls_ssl_write_version( MBEDTLS_SSL_MAJOR_VERSION_3,
                                MBEDTLS_SSL_MINOR_VERSION_3,
                                MBEDTLS_SSL_TRANSPORT_STREAM,

From f62a730e80ebdc976d32b1d0f52078273ee1fb7f Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Wed, 21 Apr 2021 05:21:28 +0100
Subject: [PATCH 141/966] Add missing semicolon in TLS 1.3 transform generation
 code

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
---
 library/ssl_tls13_keys.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index 8270009c76..91384f281f 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -731,7 +731,7 @@ int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform,
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "cipher info for %u not found",
                                     ciphersuite_info->cipher ) );
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA )
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
     }
 
     /*

From c0da10dc3a491a4aab41503c12921e11fe7b9fb7 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Wed, 21 Apr 2021 05:32:23 +0100
Subject: [PATCH 142/966] Remove TLS 1.3 specific code from TLS <= 1.2
 transform generator

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
---
 library/ssl_tls.c | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 33f4e601c3..88a3e745ef 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -714,6 +714,15 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
     memcpy( transform->randbytes, randbytes, sizeof( transform->randbytes ) );
 #endif
 
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+    if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
+    {
+        /* At the moment, we keep TLS <= 1.2 and TLS 1.3 transform
+         * generation separate. This should never happen. */
+        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    }
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
+
     /*
      * Get various info structures
      */
@@ -806,19 +815,10 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
          *   sequence number).
          */
         transform->ivlen = 12;
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
-        if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
-        {
+        if( cipher_info->mode == MBEDTLS_MODE_CHACHAPOLY )
             transform->fixed_ivlen = 12;
-        }
         else
-#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
-        {
-            if( cipher_info->mode == MBEDTLS_MODE_CHACHAPOLY )
-                transform->fixed_ivlen = 12;
-            else
-                transform->fixed_ivlen = 4;
-        }
+            transform->fixed_ivlen = 4;
 
         /* Minimum length of encrypted record */
         explicit_ivlen = transform->ivlen - transform->fixed_ivlen;

From dfba065d80adc007e81288e3655de82dfefb56d5 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Sun, 1 Aug 2021 19:16:57 +0100
Subject: [PATCH 143/966] Adjust ssl_tls13_keys.c to consolidated CID/1.3
 padding granularity

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
---
 library/ssl_tls13_keys.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index 91384f281f..902f99ea81 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -815,7 +815,7 @@ int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform,
      * type-extended and padded plaintext is therefore the padding
      * granularity. */
     transform->minlen =
-        transform->taglen + MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY;
+        transform->taglen + MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY;
 
     return( 0 );
 }

From 1f91878281cdb680c98f33a3312d1fce56f45eba Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Sun, 1 Aug 2021 19:18:28 +0100
Subject: [PATCH 144/966] Specify padding granularity in TLS 1.3 record
 protection KATs

Still check that encryption and decryption are inverse to each other
if the granularity does not match the one used in the KAT.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
---
 tests/suites/test_suite_ssl.data     | 12 ++++++++----
 tests/suites/test_suite_ssl.function | 17 +++++++++++++----
 2 files changed, 21 insertions(+), 8 deletions(-)

diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data
index efedd06154..04f6e1d344 100644
--- a/tests/suites/test_suite_ssl.data
+++ b/tests/suites/test_suite_ssl.data
@@ -6028,7 +6028,8 @@ SSL TLS 1.3 Record Encryption, tls13.ulfheim.net Example #1
 # - Client App IV:  bc4dd5f7b98acff85466261d
 # - App data payload: 70696e67
 # - Complete record:  1703030015c74061535eb12f5f25a781957874742ab7fb305dd5
-ssl_tls1_3_record_protection:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_CLIENT:0:"0b6d22c8ff68097ea871c672073773bf":"1b13dd9f8d8f17091d34b349":"49134b95328f279f0183860589ac6707":"bc4dd5f7b98acff85466261d":"70696e67":"c74061535eb12f5f25a781957874742ab7fb305dd5"
+# - Padding used: No (== granularity 1)
+ssl_tls1_3_record_protection:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_CLIENT:0:1:"0b6d22c8ff68097ea871c672073773bf":"1b13dd9f8d8f17091d34b349":"49134b95328f279f0183860589ac6707":"bc4dd5f7b98acff85466261d":"70696e67":"c74061535eb12f5f25a781957874742ab7fb305dd5"
 
 SSL TLS 1.3 Record Encryption, tls13.ulfheim.net Example #2
 # - Server App Key: 0b6d22c8ff68097ea871c672073773bf
@@ -6037,7 +6038,8 @@ SSL TLS 1.3 Record Encryption, tls13.ulfheim.net Example #2
 # - Client App IV:  bc4dd5f7b98acff85466261d
 # - App data payload: 706f6e67
 # - Complete record:  1703030015370e5f168afa7fb16b663ecdfca3dbb81931a90ca7
-ssl_tls1_3_record_protection:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_SERVER:1:"0b6d22c8ff68097ea871c672073773bf":"1b13dd9f8d8f17091d34b349":"49134b95328f279f0183860589ac6707":"bc4dd5f7b98acff85466261d":"706f6e67":"370e5f168afa7fb16b663ecdfca3dbb81931a90ca7"
+# - Padding used: No (== granularity 1)
+ssl_tls1_3_record_protection:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_SERVER:1:1:"0b6d22c8ff68097ea871c672073773bf":"1b13dd9f8d8f17091d34b349":"49134b95328f279f0183860589ac6707":"bc4dd5f7b98acff85466261d":"706f6e67":"370e5f168afa7fb16b663ecdfca3dbb81931a90ca7"
 
 SSL TLS 1.3 Record Encryption RFC 8448 Example #1
 # Application Data record sent by Client in 1-RTT example of RFC 8448, Section 3
@@ -6054,7 +6056,8 @@ SSL TLS 1.3 Record Encryption RFC 8448 Example #1
 #                     2b 98 19 a8 a5 b4 6b 39 5b d5 4a 9a 20 44 1e 2b
 #                     62 97 4e 1f 5a 62 92 a2 97 70 14 bd 1e 3d ea e6
 #                     3a ee bb 21 69 49 15 e4
-ssl_tls1_3_record_protection:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_CLIENT:0:"9f02283b6c9c07efc26bb9f2ac92e356":"cf782b88dd83549aadf1e984":"17422dda596ed5d9acd890e3c63f5051":"5b78923dee08579033e523d9":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031":"a23f7054b62c94d0affafe8228ba55cbefacea42f914aa66bcab3f2b9819a8a5b46b395bd54a9a20441e2b62974e1f5a6292a2977014bd1e3deae63aeebb21694915e4"
+# - Padding used: No (== granularity 1)
+ssl_tls1_3_record_protection:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_CLIENT:0:1:"9f02283b6c9c07efc26bb9f2ac92e356":"cf782b88dd83549aadf1e984":"17422dda596ed5d9acd890e3c63f5051":"5b78923dee08579033e523d9":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031":"a23f7054b62c94d0affafe8228ba55cbefacea42f914aa66bcab3f2b9819a8a5b46b395bd54a9a20441e2b62974e1f5a6292a2977014bd1e3deae63aeebb21694915e4"
 
 SSL TLS 1.3 Record Encryption RFC 8448 Example #2
 # Application Data record sent by Server in 1-RTT example of RFC 8448, Section 3
@@ -6071,7 +6074,8 @@ SSL TLS 1.3 Record Encryption RFC 8448 Example #2
 #                     e3 0e fa f9 7d 90 e6 df fc 60 2d cb 50 1a 59 a8
 #                     fc c4 9c 4b f2 e5 f0 a2 1c 00 47 c2 ab f3 32 54
 #                     0d d0 32 e1 67 c2 95 5d
-ssl_tls1_3_record_protection:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_SERVER:1:"9f02283b6c9c07efc26bb9f2ac92e356":"cf782b88dd83549aadf1e984":"17422dda596ed5d9acd890e3c63f5051":"5b78923dee08579033e523d9":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031":"2e937e11ef4ac740e538ad36005fc4a46932fc3225d05f82aa1b36e30efaf97d90e6dffc602dcb501a59a8fcc49c4bf2e5f0a21c0047c2abf332540dd032e167c2955d"
+# - Padding used: No (== granularity 1)
+ssl_tls1_3_record_protection:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_SERVER:1:1:"9f02283b6c9c07efc26bb9f2ac92e356":"cf782b88dd83549aadf1e984":"17422dda596ed5d9acd890e3c63f5051":"5b78923dee08579033e523d9":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031":"2e937e11ef4ac740e538ad36005fc4a46932fc3225d05f82aa1b36e30efaf97d90e6dffc602dcb501a59a8fcc49c4bf2e5f0a21c0047c2abf332540dd032e167c2955d"
 
 SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_NONE
 ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_NONE:"":"":"test tls_prf label":"":MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 2e09907228..6d8a9e8671 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -3947,6 +3947,7 @@ void ssl_tls1_3_create_psk_binder( int hash_alg,
 void ssl_tls1_3_record_protection( int ciphersuite,
                                    int endpoint,
                                    int ctr,
+                                   int padding_used,
                                    data_t *server_write_key,
                                    data_t *server_write_iv,
                                    data_t *client_write_key,
@@ -3959,6 +3960,7 @@ void ssl_tls1_3_record_protection( int ciphersuite,
     mbedtls_ssl_transform transform_recv;
     mbedtls_record rec;
     unsigned char *buf = NULL;
+    size_t buf_len;
     int other_endpoint;
 
     TEST_ASSERT( endpoint == MBEDTLS_SSL_IS_CLIENT ||
@@ -3994,7 +3996,10 @@ void ssl_tls1_3_record_protection( int ciphersuite,
                      &transform_recv, other_endpoint,
                      ciphersuite, &keys, NULL ) == 0 );
 
-    ASSERT_ALLOC( buf, ciphertext->len );
+    /* Make sure we have enough space in the buffer even if
+     * we use more padding than the KAT. */
+    buf_len = ciphertext->len + MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY;
+    ASSERT_ALLOC( buf, buf_len );
     rec.type   = MBEDTLS_SSL_MSG_APPLICATION_DATA;
 
     /* TLS 1.3 uses the version identifier from TLS 1.2 on the wire. */
@@ -4005,7 +4010,7 @@ void ssl_tls1_3_record_protection( int ciphersuite,
 
     /* Copy plaintext into record structure */
     rec.buf = buf;
-    rec.buf_len = ciphertext->len;
+    rec.buf_len = buf_len;
     rec.data_offset = 0;
     TEST_ASSERT( plaintext->len <= ciphertext->len );
     memcpy( rec.buf + rec.data_offset, plaintext->x, plaintext->len );
@@ -4019,8 +4024,12 @@ void ssl_tls1_3_record_protection( int ciphersuite,
 
     TEST_ASSERT( mbedtls_ssl_encrypt_buf( NULL, &transform_send, &rec,
                                           NULL, NULL ) == 0 );
-    ASSERT_COMPARE( rec.buf + rec.data_offset, rec.data_len,
-                    ciphertext->x, ciphertext->len );
+
+    if( padding_used == MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY )
+    {
+        ASSERT_COMPARE( rec.buf + rec.data_offset, rec.data_len,
+                        ciphertext->x, ciphertext->len );
+    }
 
     TEST_ASSERT( mbedtls_ssl_decrypt_buf( NULL, &transform_recv, &rec ) == 0 );
     ASSERT_COMPARE( rec.buf + rec.data_offset, rec.data_len,

From 6c53ecc01db4212da1a8715afe1abc599a9c6f0d Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Sun, 1 Aug 2021 19:20:10 +0100
Subject: [PATCH 145/966] all.sh: Run basic TLS 1.3 with and without record
 padding

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
---
 tests/scripts/all.sh | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index f8e43c8714..5d2710cadc 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -2437,11 +2437,22 @@ component_build_armcc () {
 }
 
 component_test_tls13_experimental () {
-    msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled"
+    msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled, without padding"
     scripts/config.pl set MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
+    scripts/config.pl set MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 1
     CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
     make
-    msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled"
+    msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled, without padding"
+    make test
+}
+
+component_test_tls13_experimental_with_padding () {
+    msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled, with padding"
+    scripts/config.pl set MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
+    scripts/config.pl set MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 16
+    CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
+    make
+    msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled, with padding"
     make test
 }
 

From d7e4b2ce4267c681a72e31faa2611b3250ee1541 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Sun, 1 Aug 2021 20:13:06 +0100
Subject: [PATCH 146/966] Remove duplicated test from SSL test suite

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
---
 tests/suites/test_suite_ssl.data | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data
index 04f6e1d344..25eefb3ab9 100644
--- a/tests/suites/test_suite_ssl.data
+++ b/tests/suites/test_suite_ssl.data
@@ -6077,9 +6077,6 @@ SSL TLS 1.3 Record Encryption RFC 8448 Example #2
 # - Padding used: No (== granularity 1)
 ssl_tls1_3_record_protection:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_SERVER:1:1:"9f02283b6c9c07efc26bb9f2ac92e356":"cf782b88dd83549aadf1e984":"17422dda596ed5d9acd890e3c63f5051":"5b78923dee08579033e523d9":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031":"2e937e11ef4ac740e538ad36005fc4a46932fc3225d05f82aa1b36e30efaf97d90e6dffc602dcb501a59a8fcc49c4bf2e5f0a21c0047c2abf332540dd032e167c2955d"
 
-SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_NONE
-ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_NONE:"":"":"test tls_prf label":"":MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
-
 SSL TLS 1.3 Key schedule: Application secrets derivation helper
 # Vector from RFC 8448
 ssl_tls1_3_derive_application_secrets:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":"b0aeffc46a2cfe33114e6fd7d51f9f04b1ca3c497dab08934a774a9d9ad7dbf3":"2abbf2b8e381d23dbebe1dd2a7d16a8bf484cb4950d23fb7fb7fa8547062d9a1":"cc21f1bf8feb7dd5fa505bd9c4b468a9984d554a993dc49e6d285598fb672691":"3fd93d4ffddc98e64b14dd107aedf8ee4add23f4510f58a4592d0b201bee56b4"

From ec135544c81aa4c292f8b715244ac1b38682580b Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Mon, 2 Aug 2021 23:14:03 +0200
Subject: [PATCH 147/966] Clarify some comments

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 tests/scripts/all.sh | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 7db9488eee..73630c122e 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -2714,8 +2714,11 @@ pseudo_component_error_test () {
         echo "Expect three failing commands."
     fi
     error_test='this should not be used since the component runs in a subshell'
+    # Expected error: 'grep non_existent /dev/null -> 1'
     grep non_existent /dev/null
+    # Expected error: '! grep -q . tests/scripts/all.sh -> 1'
     not grep -q . "$0"
+    # Expected error: 'make unknown_target -> 2'
     make unknown_target
     false "this should not be executed"
 }
@@ -2735,8 +2738,11 @@ run_component () {
     esac
     "${dd_cmd[@]}"
 
-    # Run the component in a subshell
+    # Run the component in a subshell, with error trapping and output
+    # redirection set up based on the relevant options.
     if [ $KEEP_GOING -eq 1 ]; then
+        # We want to keep running if the subshell fails, so 'set -e' must
+        # be off when the subshell runs.
         set +e
     fi
     (

From 88a7c2b32e6cf289d8287186a20370aead8e6eb1 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Mon, 2 Aug 2021 23:28:00 +0200
Subject: [PATCH 148/966] Improve --error-test reporting

Count invocations from 1 to n instead of n to 1.

Explain how changing the loop variable would cause an error if the function
was not executed in a subshell.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 tests/scripts/all.sh | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 73630c122e..54b28b870f 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -2709,11 +2709,13 @@ post_report () {
 
 # Function invoked by --error-test to test error reporting.
 pseudo_component_error_test () {
-    msg "Testing error reporting $error_test"
+    msg "Testing error reporting $error_test_i"
     if [ $KEEP_GOING -ne 0 ]; then
         echo "Expect three failing commands."
     fi
-    error_test='this should not be used since the component runs in a subshell'
+    # If the component doesn't run in a subshell, changing error_test_i to an
+    # invalid integer will cause an error in the loop that runs this function.
+    error_test_i=this_should_not_be_used_since_the_component_runs_in_a_subshell
     # Expected error: 'grep non_existent /dev/null -> 1'
     grep non_existent /dev/null
     # Expected error: '! grep -q . tests/scripts/all.sh -> 1'
@@ -2796,10 +2798,10 @@ cleanup
 pre_generate_files
 
 # Run the requested tests.
-while [ $error_test -gt 0 ]; do
+for ((error_test_i=1; error_test_i <= error_test; error_test_i++)); do
     run_component pseudo_component_error_test
-    error_test=$((error_test - 1))
 done
+unset error_test_i
 for component in $RUN_COMPONENTS; do
     run_component "component_$component"
 done

From c111e2429287ba5f20708a4853541fd3cb4f0ae1 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Mon, 2 Aug 2021 23:29:53 +0200
Subject: [PATCH 149/966] Improve the detection of keep-going commands

Have simpler patterns related to 'test' (the central objective being to keep
going if 'make test' or 'tests/...' fails, but not if 'make tests' fails).

Add 'cd' as a can't-keep-going command.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 tests/scripts/all.sh | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 54b28b870f..6cdc922fe3 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -543,13 +543,19 @@ pre_setup_keep_going () {
     # Whether it makes sense to keep a component going after the specified
     # command fails (test command) or not (configure or build).
     # This doesn't have to be 100% accurate: all failures are recorded anyway.
+    # False positives result in running things that can't be expected to
+    # work. False negatives result in things not running after something else
+    # failed even though they might have given useful feedback.
     can_keep_going_after_failure () {
         case "$1" in
             "msg "*) false;;
-            *[!A-Za-z]"test"|*[!A-Za-z]"test"[!A-Za-z]*) true;;
-            "tests/"*) true;;
-            "grep "*|"! grep "*) true;;
-            "test "*|"[ "*) true;;
+            "cd "*) false;;
+            *make*[\ /]tests*) false;; # make tests, make CFLAGS=-I../tests, ...
+            *test*) true;; # make test, tests/stuff, env V=v tests/stuff, ...
+            *make*check*) true;;
+            "grep "*) true;;
+            "[ "*) true;;
+            "! "*) true;;
             *) false;;
         esac
     }

From b0302c4c7bdc684c5307040e9e8d8c314e245c48 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 3 Aug 2021 09:39:42 +0100
Subject: [PATCH 150/966] Move messaging related session reset into separate
 helper function

- Improves readability
- Will be useful when we introduce MPS as an alternative msg layer.
- Will be useful when we need to reset the messaging layer upon
  receipt of a HelloRetryRequest in TLS 1.3.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
---
 library/ssl_tls.c | 110 ++++++++++++++++++++++++----------------------
 1 file changed, 57 insertions(+), 53 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index fe3b5e2e64..c43f92a376 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -3231,9 +3231,9 @@ error:
  * If partial is non-zero, keep data in the input buffer and client ID.
  * (Use when a DTLS client reconnects from the same port.)
  */
-int mbedtls_ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial )
+static void ssl_session_reset_msg_layer( mbedtls_ssl_context *ssl,
+                                         int partial )
 {
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
     size_t in_buf_len = ssl->in_buf_len;
     size_t out_buf_len = ssl->out_buf_len;
@@ -3242,16 +3242,65 @@ int mbedtls_ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial )
     size_t out_buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN;
 #endif
 
-#if !defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) ||     \
-    !defined(MBEDTLS_SSL_SRV_C)
-    ((void) partial);
+#if !defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) || !defined(MBEDTLS_SSL_SRV_C)
+    partial = 0;
 #endif
 
-    ssl->state = MBEDTLS_SSL_HELLO_REQUEST;
-
     /* Cancel any possibly running timer */
     mbedtls_ssl_set_timer( ssl, 0 );
 
+    mbedtls_ssl_reset_in_out_pointers( ssl );
+
+    /* Reset incoming message parsing */
+    ssl->in_offt    = NULL;
+    ssl->nb_zero    = 0;
+    ssl->in_msgtype = 0;
+    ssl->in_msglen  = 0;
+    ssl->in_hslen   = 0;
+    ssl->keep_current_message = 0;
+    ssl->transform_in  = NULL;
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    ssl->next_record_offset = 0;
+    ssl->in_epoch = 0;
+#endif
+
+    /* Keep current datagram if partial == 1 */
+    if( partial == 0 )
+    {
+        ssl->in_left = 0;
+        memset( ssl->in_buf, 0, in_buf_len );
+    }
+
+    /* Reset outgoing message writing */
+    ssl->out_msgtype = 0;
+    ssl->out_msglen  = 0;
+    ssl->out_left    = 0;
+    memset( ssl->out_buf, 0, out_buf_len );
+    memset( ssl->cur_out_ctr, 0, sizeof( ssl->cur_out_ctr ) );
+    ssl->transform_out = NULL;
+
+#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
+    mbedtls_ssl_dtls_replay_reset( ssl );
+#endif
+
+    if( ssl->transform )
+    {
+        mbedtls_ssl_transform_free( ssl->transform );
+        mbedtls_free( ssl->transform );
+        ssl->transform = NULL;
+    }
+}
+
+int mbedtls_ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial )
+{
+    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+
+    ssl->state = MBEDTLS_SSL_HELLO_REQUEST;
+
+    ssl_session_reset_msg_layer( ssl, partial );
+
+    /* Reset renegotiation state */
 #if defined(MBEDTLS_SSL_RENEGOTIATION)
     ssl->renego_status = MBEDTLS_SSL_INITIAL_HANDSHAKE;
     ssl->renego_records_seen = 0;
@@ -3262,53 +3311,8 @@ int mbedtls_ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial )
 #endif
     ssl->secure_renegotiation = MBEDTLS_SSL_LEGACY_RENEGOTIATION;
 
-    ssl->in_offt = NULL;
-    mbedtls_ssl_reset_in_out_pointers( ssl );
-
-    ssl->in_msgtype = 0;
-    ssl->in_msglen = 0;
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-    ssl->next_record_offset = 0;
-    ssl->in_epoch = 0;
-#endif
-#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
-    mbedtls_ssl_dtls_replay_reset( ssl );
-#endif
-
-    ssl->in_hslen = 0;
-    ssl->nb_zero = 0;
-
-    ssl->keep_current_message = 0;
-
-    ssl->out_msgtype = 0;
-    ssl->out_msglen = 0;
-    ssl->out_left = 0;
-
-    memset( ssl->cur_out_ctr, 0, sizeof( ssl->cur_out_ctr ) );
-
-    ssl->transform_in = NULL;
-    ssl->transform_out = NULL;
-
-    ssl->session_in = NULL;
+    ssl->session_in  = NULL;
     ssl->session_out = NULL;
-
-    memset( ssl->out_buf, 0, out_buf_len );
-
-#if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && defined(MBEDTLS_SSL_SRV_C)
-    if( partial == 0 )
-#endif /* MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE && MBEDTLS_SSL_SRV_C */
-    {
-        ssl->in_left = 0;
-        memset( ssl->in_buf, 0, in_buf_len );
-    }
-
-    if( ssl->transform )
-    {
-        mbedtls_ssl_transform_free( ssl->transform );
-        mbedtls_free( ssl->transform );
-        ssl->transform = NULL;
-    }
-
     if( ssl->session )
     {
         mbedtls_ssl_session_free( ssl->session );

From 3a6c76937adce329cbc85fe5001cc7e533545b8d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Tue, 18 Aug 2020 10:28:51 +0200
Subject: [PATCH 151/966] Add arm-linux-gnueabi-gcc build to all.sh
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Currently it can't be mandatory, since we can't install the required toolchain
on Jenkins right away.

Also, while at it, remove `SHELL='sh -x'` from the other arm5vte component; it
was a leftover from debugging.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
---
 tests/scripts/all.sh | 28 ++++++++++++++++++++++++----
 1 file changed, 24 insertions(+), 4 deletions(-)

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index f8e43c8714..7570b1128f 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -161,6 +161,7 @@ pre_initialize_variables () {
     : ${ARMC5_BIN_DIR:=/usr/bin}
     : ${ARMC6_BIN_DIR:=/usr/bin}
     : ${ARM_NONE_EABI_GCC_PREFIX:=arm-none-eabi-}
+    : ${ARM_LINUX_GNUEABI_GCC_PREFIX:=arm-linux-gnueabi-}
 
     # if MAKEFLAGS is not set add the -j option to speed up invocations of make
     if [ -z "${MAKEFLAGS+set}" ]; then
@@ -230,6 +231,9 @@ General options:
      --arm-none-eabi-gcc-prefix=<string>
                         Prefix for a cross-compiler for arm-none-eabi
                         (default: "${ARM_NONE_EABI_GCC_PREFIX}")
+     --arm-linux-gnueabi-gcc-prefix=<string>
+                        Prefix for a cross-compiler for arm-linux-gnueabi
+                        (default: "${ARM_LINUX_GNUEABI_GCC_PREFIX}")
      --armcc            Run ARM Compiler builds (on by default).
      --except           Exclude the COMPONENTs listed on the command line,
                         instead of running only those.
@@ -387,6 +391,7 @@ pre_parse_command_line () {
         case "$1" in
             --append-outcome) append_outcome=1;;
             --arm-none-eabi-gcc-prefix) shift; ARM_NONE_EABI_GCC_PREFIX="$1";;
+            --arm-linux-gnueabi-gcc-prefix) shift; ARM_LINUX_GNUEABI_GCC_PREFIX="$1";;
             --armcc) no_armcc=;;
             --armc5-bin-dir) shift; ARMC5_BIN_DIR="$1";;
             --armc6-bin-dir) shift; ARMC6_BIN_DIR="$1";;
@@ -2369,14 +2374,29 @@ component_build_arm_none_eabi_gcc () {
     ${ARM_NONE_EABI_GCC_PREFIX}size library/*.o
 }
 
-component_build_arm_none_eabi_gcc_arm5vte () {
-    msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -march=arm5vte" # ~ 10s
+component_build_arm_linux_gnueabi_gcc_arm5vte () {
+    msg "build: ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc -march=arm5vte" # ~ 10s
     scripts/config.py baremetal
     # Build for a target platform that's close to what Debian uses
     # for its "armel" distribution (https://wiki.debian.org/ArmEabiPort).
     # See https://github.com/ARMmbed/mbedtls/pull/2169 and comments.
-    # It would be better to build with arm-linux-gnueabi-gcc but
-    # we don't have that on our CI at this time.
+    # Build everything including programs, see for example
+    # https://github.com/ARMmbed/mbedtls/pull/3449#issuecomment-675313720
+    make CC="${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc" AR="${ARM_LINUX_GNUEABI_GCC_PREFIX}ar" CFLAGS='-Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te'
+
+    msg "size: ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc -march=armv5te -O1"
+    ${ARM_LINUX_GNUEABI_GCC_PREFIX}size library/*.o
+}
+support_build_arm_linux_gnueabi_gcc_arm5vte () {
+    type ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc >/dev/null 2>&1
+}
+
+component_build_arm_none_eabi_gcc_arm5vte () {
+    msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -march=arm5vte" # ~ 10s
+    scripts/config.py baremetal
+    # This is an imperfect substitute for
+    # component_build_arm_linux_gnueabi_gcc_arm5vte
+    # in case the gcc-arm-linux-gnueabihf toolchain is not available
     make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" CFLAGS='-std=c99 -Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te' SHELL='sh -x' lib
 
     msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -march=armv5te -O1"

From efd14bf9bd5bfa686d6f422a317f946ad472f5bf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Tue, 18 Aug 2020 10:31:36 +0200
Subject: [PATCH 152/966] Enable arm-linux-gnueabi-gcc build on Travis
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
---
 .travis.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.travis.yml b/.travis.yml
index 48faa4846c..8fa0b343e4 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -14,6 +14,7 @@ jobs:
           - graphviz
           - gcc-arm-none-eabi
           - libnewlib-arm-none-eabi
+          - gcc-arm-linux-gnueabi
       language: python # Needed to get pip for Python 3
       python: 3.5 # version from Ubuntu 16.04
       install:
@@ -22,7 +23,7 @@ jobs:
         - tests/scripts/all.sh -k 'check_*'
         - tests/scripts/all.sh -k test_default_out_of_box
         - tests/scripts/all.sh -k test_ref_configs
-        - tests/scripts/all.sh -k build_arm_none_eabi_gcc_arm5vte build_arm_none_eabi_gcc_m0plus
+        - tests/scripts/all.sh -k build_arm_linux_gnueabi_gcc_arm5vte build_arm_none_eabi_gcc_m0plus
 
     - name: full configuration
       script:

From ae505eeeed006c907bf05697eac8c7e8fd38aee4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Tue, 6 Jul 2021 09:44:59 +0200
Subject: [PATCH 153/966] Fix missing dependency on Travis
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Was getting errors like:

In file included from /usr/include/limits.h:25:0,
                 from /usr/lib/gcc-cross/arm-linux-gnueabi/5/include-fixed/limits.h:168,
                 from /usr/lib/gcc-cross/arm-linux-gnueabi/5/include-fixed/syslimits.h:7,
                 from /usr/lib/gcc-cross/arm-linux-gnueabi/5/include-fixed/limits.h:34,
                 from ../include/mbedtls/check_config.h:30,
                 from ../include/mbedtls/build_info.h:81,
                 from common.h:26,
                 from asn1write.c:20:
/usr/include/features.h:367:25: fatal error: sys/cdefs.h: No such file or directory

There are two packages to choose from: armhf or armel. Since the comment
in all.sh says we're trying to be close to Debian's "armel"
architecture, choose that, and fix a comment that was mentioning
gnueabihf for no apparent reason.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
---
 .travis.yml          | 1 +
 tests/scripts/all.sh | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/.travis.yml b/.travis.yml
index 8fa0b343e4..39ae19c190 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -15,6 +15,7 @@ jobs:
           - gcc-arm-none-eabi
           - libnewlib-arm-none-eabi
           - gcc-arm-linux-gnueabi
+          - libc6-dev-armel-cross
       language: python # Needed to get pip for Python 3
       python: 3.5 # version from Ubuntu 16.04
       install:
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 7570b1128f..e103c9a3de 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -2396,7 +2396,7 @@ component_build_arm_none_eabi_gcc_arm5vte () {
     scripts/config.py baremetal
     # This is an imperfect substitute for
     # component_build_arm_linux_gnueabi_gcc_arm5vte
-    # in case the gcc-arm-linux-gnueabihf toolchain is not available
+    # in case the gcc-arm-linux-gnueabi toolchain is not available
     make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" CFLAGS='-std=c99 -Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te' SHELL='sh -x' lib
 
     msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -march=armv5te -O1"

From 1d475b63981742afe9a90b2e70330111c8b65c3d Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Tue, 3 Aug 2021 13:43:36 +0200
Subject: [PATCH 154/966] Disable wildcards when checking for unsupported
 components

Otherwise $COMMAND_LINE_COMPONENTS would try to expand wildcard patterns
based on files in the current directory.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 tests/scripts/all.sh | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 6cdc922fe3..4dfbaec668 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -444,7 +444,9 @@ pre_parse_command_line () {
 
     if [ $all_except -eq 0 ]; then
         unsupported=0
+        set -f
         for component in $COMMAND_LINE_COMPONENTS; do
+            set +f
             case $component in
                 *[*?\[]*) continue;;
             esac
@@ -455,6 +457,7 @@ pre_parse_command_line () {
                     unsupported=$((unsupported + 1));;
             esac
         done
+        set +f
         if [ $unsupported -ne 0 ]; then
             exit 2
         fi

From bf66e2cc8ffdd17c954d10fcc1431e41214aff7f Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Tue, 3 Aug 2021 13:44:28 +0200
Subject: [PATCH 155/966] Documentation improvements

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 tests/scripts/all.sh | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 4dfbaec668..2dc13756a8 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -271,7 +271,9 @@ Tool path options:
 EOF
 }
 
-# remove built files as well as the cmake cache/config
+# Cleanup before/after running a component.
+# Remove built files as well as the cmake cache/config.
+# Does not remove generated source files.
 cleanup()
 {
     command make clean
@@ -306,6 +308,8 @@ cleanup()
     done
 }
 
+# Final cleanup when this script exits (except when exiting on a failure
+# in non-keep-going mode).
 final_cleanup () {
     cleanup
 
@@ -442,11 +446,14 @@ pre_parse_command_line () {
         COMMAND_LINE_COMPONENTS="$COMMAND_LINE_COMPONENTS *_armcc*"
     fi
 
+    # Error out if an explicitly requested component doesn't exist.
     if [ $all_except -eq 0 ]; then
         unsupported=0
         set -f
         for component in $COMMAND_LINE_COMPONENTS; do
             set +f
+            # If the requested name includes a wildcard character, don't
+            # check it. Accept wildcard patterns that don't match anything.
             case $component in
                 *[*?\[]*) continue;;
             esac

From 3cbd69c4d42df872ba3bec1fe511a0183255da74 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Thu, 5 Aug 2021 15:10:27 +0200
Subject: [PATCH 156/966] Switch to 4-space indentation

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 programs/test/generate_cpp_dummy_build.sh | 37 ++++++++++++-----------
 1 file changed, 19 insertions(+), 18 deletions(-)

diff --git a/programs/test/generate_cpp_dummy_build.sh b/programs/test/generate_cpp_dummy_build.sh
index 41adf149eb..9e16348b52 100755
--- a/programs/test/generate_cpp_dummy_build.sh
+++ b/programs/test/generate_cpp_dummy_build.sh
@@ -21,7 +21,7 @@ set -e
 export LC_ALL=C
 
 print_cpp () {
-  cat <<'EOF'
+    cat <<'EOF'
 /* Automatically generated file. Do not edit.
  *
  *  This program is a dummy C++ program to ensure Mbed TLS library header files
@@ -47,19 +47,20 @@ print_cpp () {
 
 EOF
 
-  for header in include/mbedtls/*.h include/psa/*.h; do
-    case ${header#include/} in
-      mbedtls/mbedtls_config.h) :;; # not meant for direct inclusion
-      psa/crypto_config.h) :;; # not meant for direct inclusion
-      # Some of the psa/crypto_*.h headers are not meant to be included directly.
-      # They do have include guards that make them no-ops if psa/crypto.h
-      # has been included before. Since psa/crypto.h comes before psa/crypto_*.h
-      # in the wildcard enumeration, we don't need to skip those headers.
-      *) echo "#include \"${header#include/}\"";;
-    esac
-  done
+    for header in include/mbedtls/*.h include/psa/*.h; do
+        case ${header#include/} in
+            mbedtls/mbedtls_config.h) :;; # not meant for direct inclusion
+            psa/crypto_config.h) :;; # not meant for direct inclusion
+            # Some of the psa/crypto_*.h headers are not meant to be included
+            # directly. They do have include guards that make them no-ops if
+            # psa/crypto.h has been included before. Since psa/crypto.h comes
+            # before psa/crypto_*.h in the wildcard enumeration, we don't need
+            # to skip those headers.
+            *) echo "#include \"${header#include/}\"";;
+        esac
+    done
 
-  cat <<'EOF'
+    cat <<'EOF'
 
 int main()
 {
@@ -72,14 +73,14 @@ EOF
 }
 
 if [ -d include/mbedtls ]; then
-  :
+    :
 elif [ -d ../include/mbedtls ]; then
-  cd ..
+    cd ..
 elif [ -d ../../include/mbedtls ]; then
-  cd ../..
+    cd ../..
 else
-  echo >&2 "This script must be run from an Mbed TLS source tree."
-  exit 3
+    echo >&2 "This script must be run from an Mbed TLS source tree."
+    exit 3
 fi
 
 print_cpp >"${1:-programs/test/cpp_dummy_build.cpp}"

From 7530163f3b003e4851a48cb5661b1b1d4dbf6e6a Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Thu, 5 Aug 2021 15:10:47 +0200
Subject: [PATCH 157/966] Make --quiet more effective when running make
 generated_files

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 tests/scripts/all.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 2dc13756a8..7e8b2c3c20 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -752,7 +752,7 @@ pre_generate_files() {
     # file that might be around before generating fresh ones
     make neat
     if [ $QUIET -eq 1 ]; then
-        make -s generated_files
+        make generated_files >/dev/null
     else
         make generated_files
     fi

From 86f6129067b7f2f6f6ff7aa1e1af69660e8f2d9a Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Thu, 5 Aug 2021 15:11:33 +0200
Subject: [PATCH 158/966] Documentation improvement

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 tests/scripts/all.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 7e8b2c3c20..6c322e29fc 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -242,7 +242,7 @@ General options:
                         (default: "${ARM_NONE_EABI_GCC_PREFIX}")
      --armcc            Run ARM Compiler builds (on by default).
      --error-test       Error test mode: run a failing function in addition
-                        to any specified component.
+                        to any specified component. May be repeated.
      --except           Exclude the COMPONENTs listed on the command line,
                         instead of running only those.
      --no-append-outcome    Write a new outcome file and analyze it (default).

From 91e890e2fcefca43836dc174ad37906a6d6c996f Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Thu, 5 Aug 2021 15:13:57 +0200
Subject: [PATCH 159/966] Add documentation

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 programs/test/generate_cpp_dummy_build.sh | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/programs/test/generate_cpp_dummy_build.sh b/programs/test/generate_cpp_dummy_build.sh
index 9e16348b52..94e911515d 100755
--- a/programs/test/generate_cpp_dummy_build.sh
+++ b/programs/test/generate_cpp_dummy_build.sh
@@ -1,5 +1,18 @@
 #!/bin/sh
 
+DEFAULT_OUTPUT_FILE=programs/test/cpp_dummy_build.cpp
+
+if [ "$1" = "--help" ]; then
+    cat <<EOF
+Usage: $0 [OUTPUT]
+Generate a C++ dummy build program that includes all the headers.
+OUTPUT defaults to "programs/test/cpp_dummy_build.cpp".
+Run this program from the root of an Mbed TLS directory tree or from
+its "programs" or "programs/test" subdirectory.
+EOF
+    exit
+fi
+
 # Copyright The Mbed TLS Contributors
 # SPDX-License-Identifier: Apache-2.0
 #
@@ -83,4 +96,4 @@ else
     exit 3
 fi
 
-print_cpp >"${1:-programs/test/cpp_dummy_build.cpp}"
+print_cpp >"${1:-$DEFAULT_OUTPUT_FILE}"

From 03af67891194788791572fe892eb5d49c0ab9202 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Fri, 6 Aug 2021 11:35:17 +0200
Subject: [PATCH 160/966] Documentation improvements

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 tests/scripts/all.sh | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 6c322e29fc..26a5b7e5de 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -203,6 +203,8 @@ pre_initialize_variables () {
 # Test whether the component $1 is included in the command line patterns.
 is_component_included()
 {
+    # Temporarily disable wildcard expansion so that $COMMAND_LINE_COMPONENTS
+    # only does word splitting.
     set -f
     for pattern in $COMMAND_LINE_COMPONENTS; do
         set +f
@@ -449,6 +451,8 @@ pre_parse_command_line () {
     # Error out if an explicitly requested component doesn't exist.
     if [ $all_except -eq 0 ]; then
         unsupported=0
+        # Temporarily disable wildcard expansion so that $COMMAND_LINE_COMPONENTS
+        # only does word splitting.
         set -f
         for component in $COMMAND_LINE_COMPONENTS; do
             set +f
@@ -552,6 +556,9 @@ pre_setup_keep_going () {
 
     # Whether it makes sense to keep a component going after the specified
     # command fails (test command) or not (configure or build).
+    # This function normally receives the failing simple command
+    # ($BASH_COMMAND) as an argument, but if $report_failed_command is set,
+    # this is passed instead.
     # This doesn't have to be 100% accurate: all failures are recorded anyway.
     # False positives result in running things that can't be expected to
     # work. False negatives result in things not running after something else

From 80ddb991c2eab48bf5ed1d91ac0cb4a05facd143 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Fri, 6 Aug 2021 11:51:59 +0200
Subject: [PATCH 161/966] Add --restore option to clean up but not necessarily
 run components

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 tests/scripts/all.sh | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 26a5b7e5de..f963e4bf03 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -243,6 +243,9 @@ General options:
                         Prefix for a cross-compiler for arm-none-eabi
                         (default: "${ARM_NONE_EABI_GCC_PREFIX}")
      --armcc            Run ARM Compiler builds (on by default).
+     --restore          First clean up the build tree, restoring backed up
+                        files. Do not run any components unless they are
+                        explicitly specified.
      --error-test       Error test mode: run a failing function in addition
                         to any specified component. May be repeated.
      --except           Exclude the COMPONENTs listed on the command line,
@@ -388,6 +391,7 @@ pre_parse_command_line () {
     COMMAND_LINE_COMPONENTS=
     all_except=0
     error_test=0
+    restore_first=0
     no_armcc=
 
     # Note that legacy options are ignored instead of being omitted from this
@@ -426,6 +430,7 @@ pre_parse_command_line () {
             --quiet|-q) QUIET=1;;
             --random-seed) unset SEED;;
             --release-test|-r) SEED=$RELEASE_SEED;;
+            --restore) restore_first=1;;
             --seed|-s) shift; SEED="$1";;
             -*)
                 echo >&2 "Unknown option: $1"
@@ -438,7 +443,7 @@ pre_parse_command_line () {
     done
 
     # With no list of components, run everything.
-    if [ -z "$COMMAND_LINE_COMPONENTS" ]; then
+    if [ -z "$COMMAND_LINE_COMPONENTS" ] && [ $restore_first -eq 0 ]; then
         all_except=1
     fi
 

From d5802926d983a09230cafa9b7b1f601c44a814af Mon Sep 17 00:00:00 2001
From: Darryl Green <darryl.green@arm.com>
Date: Tue, 8 May 2018 15:30:59 +0100
Subject: [PATCH 162/966] Rewrite check-names.sh in python

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
---
 tests/scripts/check-names.py | 276 +++++++++++++++++++++++++++++++++++
 1 file changed, 276 insertions(+)
 create mode 100755 tests/scripts/check-names.py

diff --git a/tests/scripts/check-names.py b/tests/scripts/check-names.py
new file mode 100755
index 0000000000..6af6f8d545
--- /dev/null
+++ b/tests/scripts/check-names.py
@@ -0,0 +1,276 @@
+#!/usr/bin/env python3
+"""
+This file is part of Mbed TLS (https://tls.mbed.org)
+
+Copyright (c) 2018, Arm Limited, All Rights Reserved
+
+Purpose
+
+This script confirms that the naming of all symbols and identifiers in mbed
+TLS are consistent with the house style and are also self-consistent.
+"""
+import os
+import sys
+import traceback
+import re
+import shutil
+import subprocess
+import logging
+
+
+class NameCheck(object):
+    def __init__(self):
+        self.log = None
+        self.setup_logger()
+        self.check_repo_path()
+        self.return_code = 0
+        self.excluded_files = ["compat-1.3.h"]
+        self.header_files = self.get_files(os.path.join("include", "mbedtls"))
+        self.library_files = self.get_files("library")
+        self.macros = []
+        self.MBED_names = []
+        self.enum_consts = []
+        self.identifiers = []
+        self.actual_macros = []
+        self.symbols = []
+        self.macro_pattern = r"#define (?P<macro>\w+)"
+        self.MBED_pattern = r"\bMBED.+?_[A-Z0-9_]*"
+        self.symbol_pattern = r"^\S+( [0-9A-Fa-f]+)* . _*(?P<symbol>\w+)"
+        self.identifier_check_pattern = r"^mbedtls_[0-9a-z_]*[0-9a-z]$"
+        self.decls_pattern = (
+            r"^(extern \"C\"|(typedef )?(struct|enum)( {)?$|};?$|$)"
+        )
+        self.macro_const_check_pattern = (
+            r"^MBEDTLS_[0-9A-Z_]*[0-9A-Z]$|^YOTTA_[0-9A-Z_]*[0-9A-Z]$"
+        )
+        self.typo_check_pattern = r"XXX|__|_$|^MBEDTLS_.*CONFIG_FILE$"
+        self.non_macros = (
+            "asm", "inline", "EMIT", "_CRT_SECURE_NO_DEPRECATE", "MULADDC_"
+        )
+
+    def set_return_code(self, return_code):
+        if return_code > self.return_code:
+            self.return_code = return_code
+
+    def setup_logger(self):
+        self.log = logging.getLogger()
+        self.log.setLevel(logging.INFO)
+        self.log.addHandler(logging.StreamHandler())
+
+    def check_repo_path(self):
+        current_dir = os.path.realpath('.')
+        root_dir = os.path.dirname(os.path.dirname(
+            os.path.dirname(os.path.realpath(__file__))))
+        if current_dir != root_dir:
+            raise Exception("Must be run from Mbed TLS root")
+
+    def get_files(self, directory):
+        filenames = []
+        for root, dirs, files in sorted(os.walk(directory)):
+            for filename in sorted(files):
+                if (filename not in self.excluded_files and
+                        filename.endswith((".c", ".h"))):
+                    filenames.append(os.path.join(root, filename))
+        return filenames
+
+    def get_macros(self):
+        for header_file in self.header_files:
+            with open(header_file, "r") as header:
+                for line in iter(header.readline, ""):
+                    macro = re.search(self.macro_pattern, line)
+                    if (macro and not
+                            macro.group("macro").startswith(self.non_macros)):
+                        self.macros.append((macro.group("macro"), header_file))
+        self.macros = list(set(self.macros))
+
+    def get_MBED_names(self):
+        for file_group in [self.header_files, self.library_files]:
+            for filename in file_group:
+                with open(filename, "r") as f:
+                    for line in iter(f.readline, ""):
+                        mbed_names = re.findall(self.MBED_pattern, line)
+                        if mbed_names:
+                            for name in mbed_names:
+                                self.MBED_names.append((name, filename))
+        self.MBED_names = list(set(self.MBED_names))
+
+    def get_enum_consts(self):
+        for header_file in self.header_files:
+            state = 0
+            with open(header_file, "r") as header:
+                for line in iter(header.readline, ""):
+                    if state is 0 and re.match(r"^(typedef )?enum {", line):
+                        state = 1
+                    elif state is 0 and re.match(r"^(typedef )?enum", line):
+                        state = 2
+                    elif state is 2 and re.match(r"^{", line):
+                        state = 1
+                    elif state is 1 and re.match(r"^}", line):
+                        state = 0
+                    elif state is 1:
+                        enum_const = re.match(r"^\s*(?P<enum_const>\w+)", line)
+                        if enum_const:
+                            self.enum_consts.append(
+                                (enum_const.group("enum_const"), header_file)
+                            )
+
+    def line_contains_declaration(self, line):
+        return (re.match(r"^[^ /#{]", line)
+                and not re.match(self.decls_pattern, line))
+
+    def get_identifier_from_declaration(self, declaration):
+        identifier = re.search(
+            r"([a-zA-Z_][a-zA-Z0-9_]*)\(|"
+            r"\(\*(.+)\)\(|"
+            r"(\w+)\W*$",
+            declaration
+        )
+        if identifier:
+            for group in identifier.groups():
+                if group:
+                    return group
+        self.log.error(declaration)
+        raise Exception("No identifier found")
+
+    def get_identifiers(self):
+        for header_file in self.header_files:
+            with open(header_file, "r") as header:
+                for line in iter(header.readline, ""):
+                    if self.line_contains_declaration(line):
+                        self.identifiers.append(
+                            (self.get_identifier_from_declaration(line),
+                             header_file)
+                        )
+
+    def get_symbols(self):
+        try:
+            shutil.copy("include/mbedtls/config.h",
+                        "include/mbedtls/config.h.bak")
+            subprocess.run(
+                ["perl", "scripts/config.pl", "full"],
+                encoding=sys.stdout.encoding,
+                check=True
+            )
+            my_environment = os.environ.copy()
+            my_environment["CFLAGS"] = "-fno-asynchronous-unwind-tables"
+            subprocess.run(
+                ["make", "clean", "lib"],
+                env=my_environment,
+                encoding=sys.stdout.encoding,
+                stdout=subprocess.PIPE,
+                stderr=subprocess.STDOUT,
+                check=True
+            )
+            shutil.move("include/mbedtls/config.h.bak",
+                        "include/mbedtls/config.h")
+            nm_output = ""
+            for lib in ["library/libmbedcrypto.a",
+                        "library/libmbedtls.a",
+                        "library/libmbedx509.a"]:
+                nm_output += subprocess.run(
+                    ["nm", "-og", lib],
+                    encoding=sys.stdout.encoding,
+                    stdout=subprocess.PIPE,
+                    stderr=subprocess.STDOUT,
+                    check=True
+                ).stdout
+            for line in nm_output.splitlines():
+                if not re.match(r"^\S+: +U |^$|^\S+:$", line):
+                    symbol = re.match(self.symbol_pattern, line)
+                    if symbol:
+                        self.symbols.append(symbol.group('symbol'))
+                    else:
+                        self.log.error(line)
+            self.symbols.sort()
+            subprocess.run(
+                ["make", "clean"],
+                encoding=sys.stdout.encoding,
+                check=True
+            )
+        except subprocess.CalledProcessError as error:
+            self.log.error(error)
+            self.set_return_code(2)
+
+    def check_symbols_declared_in_header(self):
+        identifiers = [x[0] for x in self.identifiers]
+        bad_names = []
+        for symbol in self.symbols:
+            if symbol not in identifiers:
+                bad_names.append(symbol)
+        if bad_names:
+            self.set_return_code(1)
+            self.log.info("Names of identifiers: FAIL")
+            for name in bad_names:
+                self.log.info(name)
+        else:
+            self.log.info("Names of identifiers: PASS")
+
+    def check_group(self, group_to_check, check_pattern, name):
+        bad_names = []
+        for item in group_to_check:
+            if not re.match(check_pattern, item[0]):
+                bad_names.append("{} - {}".format(item[0], item[1]))
+        if bad_names:
+            self.set_return_code(1)
+            self.log.info("Names of {}: FAIL".format(name))
+            for name in bad_names:
+                self.log.info(name)
+        else:
+            self.log.info("Names of {}: PASS".format(name))
+
+    def check_for_typos(self):
+        bad_names = []
+        all_caps_names = list(set(
+            [x[0] for x in self.actual_macros + self.enum_consts]
+        ))
+        for name in self.MBED_names:
+            if name[0] not in all_caps_names:
+                if not re.search(self.typo_check_pattern, name[0]):
+                    bad_names.append("{} - {}".format(name[0], name[1]))
+        if bad_names:
+            self.set_return_code(1)
+            self.log.info("Likely typos: FAIL")
+            for name in bad_names:
+                self.log.info(name)
+        else:
+            self.log.info("Likely typos: PASS")
+
+    def get_names_from_source_code(self):
+        self.log.info("Analysing source code...")
+        self.get_macros()
+        self.get_enum_consts()
+        self.get_identifiers()
+        self.get_symbols()
+        self.get_MBED_names()
+        self.actual_macros = list(set(self.macros) - set(self.identifiers))
+        self.log.info("{} macros".format(len(self.macros)))
+        self.log.info("{} enum-consts".format(len(self.enum_consts)))
+        self.log.info("{} identifiers".format(len(self.identifiers)))
+        self.log.info("{} exported-symbols".format(len(self.symbols)))
+
+    def check_names(self):
+        self.check_symbols_declared_in_header()
+        for group, check_pattern, name in [
+                (self.actual_macros, self.macro_const_check_pattern,
+                 "actual-macros"),
+                (self.enum_consts, self.macro_const_check_pattern,
+                 "enum-consts"),
+                (self.identifiers, self.identifier_check_pattern,
+                 "identifiers")]:
+            self.check_group(group, check_pattern, name)
+        self.check_for_typos()
+
+
+def run_main():
+    try:
+        name_check = NameCheck()
+        name_check.get_names_from_source_code()
+        name_check.check_names()
+        sys.exit(name_check.return_code)
+    except Exception:
+        traceback.print_exc()
+        sys.exit(2)
+
+
+if __name__ == "__main__":
+    run_main()

From 4e9b51bc1830dd898f86b2f3a7fbd2318e3ddc7e Mon Sep 17 00:00:00 2001
From: Darryl Green <dargre02@C02Q8431FVH8.local>
Date: Wed, 16 May 2018 22:32:41 +0100
Subject: [PATCH 163/966] Update scripts to use check-names.py

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
---
 .travis.yml                   | 2 +-
 tests/git-scripts/pre-push.sh | 2 +-
 tests/scripts/all.sh          | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index fa01e5a24c..06495e4eb0 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -8,7 +8,7 @@ script:
 - tests/scripts/recursion.pl library/*.c
 - tests/scripts/check-generated-files.sh
 - tests/scripts/check-doxy-blocks.pl
-- tests/scripts/check-names.sh
+- tests/scripts/check-names.py
 - tests/scripts/doxygen.sh
 - cmake -D CMAKE_BUILD_TYPE:String="Check" .
 - make
diff --git a/tests/git-scripts/pre-push.sh b/tests/git-scripts/pre-push.sh
index ee54a6cffe..2058a57f91 100755
--- a/tests/git-scripts/pre-push.sh
+++ b/tests/git-scripts/pre-push.sh
@@ -43,5 +43,5 @@ run_test()
 }
 
 run_test ./tests/scripts/check-doxy-blocks.pl
-run_test ./tests/scripts/check-names.sh
+run_test ./tests/scripts/check-names.py
 run_test ./tests/scripts/check-generated-files.sh
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index e6c7549e6a..851287f104 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -415,7 +415,7 @@ tests/scripts/check-doxy-blocks.pl
 
 msg "test/build: declared and exported names" # < 3s
 cleanup
-tests/scripts/check-names.sh
+tests/scripts/check-names.py
 
 msg "test: doxygen warnings" # ~ 3s
 cleanup

From a783d9c5ef2eb5c83a241c2d37f3423a1201529f Mon Sep 17 00:00:00 2001
From: Darryl Green <darryl.green@arm.com>
Date: Thu, 17 May 2018 09:21:06 +0100
Subject: [PATCH 164/966] Remove check-names.sh and sub-scripts it used

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
---
 tests/scripts/check-names.sh      | 93 -------------------------------
 tests/scripts/list-enum-consts.pl | 35 ------------
 tests/scripts/list-identifiers.sh | 34 -----------
 tests/scripts/list-macros.sh      | 16 ------
 tests/scripts/list-symbols.sh     | 26 ---------
 5 files changed, 204 deletions(-)
 delete mode 100755 tests/scripts/check-names.sh
 delete mode 100755 tests/scripts/list-enum-consts.pl
 delete mode 100755 tests/scripts/list-identifiers.sh
 delete mode 100755 tests/scripts/list-macros.sh
 delete mode 100755 tests/scripts/list-symbols.sh

diff --git a/tests/scripts/check-names.sh b/tests/scripts/check-names.sh
deleted file mode 100755
index 4c66440e25..0000000000
--- a/tests/scripts/check-names.sh
+++ /dev/null
@@ -1,93 +0,0 @@
-#!/bin/sh
-#
-# This file is part of mbed TLS (https://tls.mbed.org)
-#
-# Copyright (c) 2015-2016, ARM Limited, All Rights Reserved
-#
-# Purpose
-#
-# This script confirms that the naming of all symbols and identifiers in mbed
-# TLS are consistent with the house style and are also self-consistent.
-#
-set -eu
-
-if grep --version|head -n1|grep GNU >/dev/null; then :; else
-    echo "This script requires GNU grep.">&2
-    exit 1
-fi
-
-printf "Analysing source code...\n"
-
-tests/scripts/list-macros.sh
-tests/scripts/list-enum-consts.pl
-tests/scripts/list-identifiers.sh
-tests/scripts/list-symbols.sh
-
-FAIL=0
-
-printf "\nExported symbols declared in header: "
-UNDECLARED=$( diff exported-symbols identifiers | sed -n -e 's/^< //p' )
-if [ "x$UNDECLARED" = "x" ]; then
-    echo "PASS"
-else
-    echo "FAIL"
-    echo "$UNDECLARED"
-    FAIL=1
-fi
-
-diff macros identifiers | sed -n -e 's/< //p' > actual-macros
-
-for THING in actual-macros enum-consts; do
-    printf "Names of $THING: "
-    test -r $THING
-    BAD=$( grep -v '^MBEDTLS_[0-9A-Z_]*[0-9A-Z]$\|^YOTTA_[0-9A-Z_]*[0-9A-Z]$' $THING || true )
-    if [ "x$BAD" = "x" ]; then
-        echo "PASS"
-    else
-        echo "FAIL"
-        echo "$BAD"
-        FAIL=1
-    fi
-done
-
-for THING in identifiers; do
-    printf "Names of $THING: "
-    test -r $THING
-    BAD=$( grep -v '^mbedtls_[0-9a-z_]*[0-9a-z]$' $THING || true )
-    if [ "x$BAD" = "x" ]; then
-        echo "PASS"
-    else
-        echo "FAIL"
-        echo "$BAD"
-        FAIL=1
-    fi
-done
-
-printf "Likely typos: "
-sort -u actual-macros enum-consts > _caps
-HEADERS=$( ls include/mbedtls/*.h | egrep -v 'compat-1\.3\.h' )
-NL='
-'
-sed -n 's/MBED..._[A-Z0-9_]*/\'"$NL"'&\'"$NL"/gp \
-    $HEADERS library/*.c \
-    | grep MBEDTLS | sort -u > _MBEDTLS_XXX
-TYPOS=$( diff _caps _MBEDTLS_XXX | sed -n 's/^> //p' \
-            | egrep -v 'XXX|__|_$|^MBEDTLS_.*CONFIG_FILE$' || true )
-rm _MBEDTLS_XXX _caps
-if [ "x$TYPOS" = "x" ]; then
-    echo "PASS"
-else
-    echo "FAIL"
-    echo "$TYPOS"
-    FAIL=1
-fi
-
-printf "\nOverall: "
-if [ "$FAIL" -eq 0 ]; then
-    rm macros actual-macros enum-consts identifiers exported-symbols
-    echo "PASSED"
-    exit 0
-else
-    echo "FAILED"
-    exit 1
-fi
diff --git a/tests/scripts/list-enum-consts.pl b/tests/scripts/list-enum-consts.pl
deleted file mode 100755
index 633e3fdf9e..0000000000
--- a/tests/scripts/list-enum-consts.pl
+++ /dev/null
@@ -1,35 +0,0 @@
-#!/usr/bin/perl
-
-use warnings;
-use strict;
-
-use utf8;
-use open qw(:std utf8);
-
--d 'include/mbedtls' or die "$0: must be run from root\n";
-
-@ARGV = grep { ! /compat-1\.3\.h/ } <include/mbedtls/*.h>;
-
-my @consts;
-my $state = 'out';
-while (<>)
-{
-    if( $state eq 'out' and /^(typedef )?enum \{/ ) {
-        $state = 'in';
-    } elsif( $state eq 'out' and /^(typedef )?enum/ ) {
-        $state = 'start';
-    } elsif( $state eq 'start' and /{/ ) {
-        $state = 'in';
-    } elsif( $state eq 'in' and /}/ ) {
-        $state = 'out';
-    } elsif( $state eq 'in' ) {
-        s/=.*//; s!/\*.*!!; s/,.*//; s/\s+//g; chomp;
-        push @consts, $_ if $_;
-    }
-}
-
-open my $fh, '>', 'enum-consts' or die;
-print $fh "$_\n" for sort @consts;
-close $fh or die;
-
-printf "%8d enum-consts\n", scalar @consts;
diff --git a/tests/scripts/list-identifiers.sh b/tests/scripts/list-identifiers.sh
deleted file mode 100755
index 130d9d63f6..0000000000
--- a/tests/scripts/list-identifiers.sh
+++ /dev/null
@@ -1,34 +0,0 @@
-#!/bin/sh
-
-set -eu
-
-if [ -d include/mbedtls ]; then :; else
-    echo "$0: must be run from root" >&2
-    exit 1
-fi
-
-HEADERS=$( ls include/mbedtls/*.h | egrep -v 'compat-1\.3\.h|bn_mul' )
-
-rm -f identifiers
-
-grep '^[^ /#{]' $HEADERS | \
-    sed -e 's/^[^:]*://' | \
-    egrep -v '^(extern "C"|(typedef )?(struct|enum)( {)?$|};?$)' \
-    > _decls
-
-if true; then
-sed -n -e 's/.* \**\([a-zA-Z_][a-zA-Z0-9_]*\)(.*/\1/p' \
-       -e 's/.*(\*\(.*\))(.*/\1/p' _decls
-grep -v '(' _decls | sed -e 's/\([a-zA-Z0-9_]*\)[;[].*/\1/' -e 's/.* \**//'
-fi > _identifiers
-
-if [ $( wc -l < _identifiers ) -eq $( wc -l < _decls ) ]; then
-    rm _decls
-    egrep -v '^(u?int(16|32|64)_t)$' _identifiers | sort > identifiers
-    rm _identifiers
-else
-    echo "$0: oops, lost some identifiers" 2>&1
-    exit 1
-fi
-
-wc -l identifiers
diff --git a/tests/scripts/list-macros.sh b/tests/scripts/list-macros.sh
deleted file mode 100755
index 3c84adba63..0000000000
--- a/tests/scripts/list-macros.sh
+++ /dev/null
@@ -1,16 +0,0 @@
-#!/bin/sh
-
-set -eu
-
-if [ -d include/mbedtls ]; then :; else
-    echo "$0: must be run from root" >&2
-    exit 1
-fi
-
-HEADERS=$( ls include/mbedtls/*.h | egrep -v 'compat-1\.3\.h' )
-
-sed -n -e 's/.*#define \([a-zA-Z0-9_]*\).*/\1/p' $HEADERS \
-    | egrep -v '^(asm|inline|EMIT|_CRT_SECURE_NO_DEPRECATE)$|^MULADDC_' \
-    | sort -u > macros
-
-wc -l macros
diff --git a/tests/scripts/list-symbols.sh b/tests/scripts/list-symbols.sh
deleted file mode 100755
index c258719429..0000000000
--- a/tests/scripts/list-symbols.sh
+++ /dev/null
@@ -1,26 +0,0 @@
-#!/bin/sh
-
-set -eu
-
-if [ -d include/mbedtls ]; then :; else
-    echo "$0: must be run from root" >&2
-    exit 1
-fi
-
-if grep -i cmake Makefile >/dev/null; then
-    echo "$0: not compatible with cmake" >&2
-    exit 1
-fi
-
-cp include/mbedtls/config.h include/mbedtls/config.h.bak
-scripts/config.pl full
-CFLAGS=-fno-asynchronous-unwind-tables make clean lib >/dev/null 2>&1
-mv include/mbedtls/config.h.bak include/mbedtls/config.h
-if uname | grep -F Darwin >/dev/null; then
-    nm -gUj library/libmbed*.a 2>/dev/null | sed -n -e 's/^_//p'
-elif uname | grep -F Linux >/dev/null; then
-    nm -og library/libmbed*.a | grep -v '^[^ ]*: *U \|^$\|^[^ ]*:$' | sed 's/^[^ ]* . //'
-fi | sort > exported-symbols
-make clean
-
-wc -l exported-symbols

From 6c79b5dce728e3754c6e6886a7c153705cfc6ce6 Mon Sep 17 00:00:00 2001
From: Darryl Green <darryl.green@arm.com>
Date: Thu, 17 May 2018 14:14:50 +0100
Subject: [PATCH 165/966] Keep compatibility with python versions prior to 3.5

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
---
 tests/scripts/check-names.py | 26 ++++++++++----------------
 1 file changed, 10 insertions(+), 16 deletions(-)

diff --git a/tests/scripts/check-names.py b/tests/scripts/check-names.py
index 6af6f8d545..8a8e2dbbe6 100755
--- a/tests/scripts/check-names.py
+++ b/tests/scripts/check-names.py
@@ -1,4 +1,4 @@
-#!/usr/bin/env python3
+#!/usr/bin/env python2
 """
 This file is part of Mbed TLS (https://tls.mbed.org)
 
@@ -146,20 +146,17 @@ class NameCheck(object):
         try:
             shutil.copy("include/mbedtls/config.h",
                         "include/mbedtls/config.h.bak")
-            subprocess.run(
+            subprocess.check_output(
                 ["perl", "scripts/config.pl", "full"],
-                encoding=sys.stdout.encoding,
-                check=True
+                universal_newlines=True,
             )
             my_environment = os.environ.copy()
             my_environment["CFLAGS"] = "-fno-asynchronous-unwind-tables"
-            subprocess.run(
+            subprocess.check_output(
                 ["make", "clean", "lib"],
                 env=my_environment,
-                encoding=sys.stdout.encoding,
-                stdout=subprocess.PIPE,
+                universal_newlines=True,
                 stderr=subprocess.STDOUT,
-                check=True
             )
             shutil.move("include/mbedtls/config.h.bak",
                         "include/mbedtls/config.h")
@@ -167,13 +164,11 @@ class NameCheck(object):
             for lib in ["library/libmbedcrypto.a",
                         "library/libmbedtls.a",
                         "library/libmbedx509.a"]:
-                nm_output += subprocess.run(
+                nm_output += subprocess.check_output(
                     ["nm", "-og", lib],
-                    encoding=sys.stdout.encoding,
-                    stdout=subprocess.PIPE,
+                    universal_newlines=True,
                     stderr=subprocess.STDOUT,
-                    check=True
-                ).stdout
+                )
             for line in nm_output.splitlines():
                 if not re.match(r"^\S+: +U |^$|^\S+:$", line):
                     symbol = re.match(self.symbol_pattern, line)
@@ -182,10 +177,9 @@ class NameCheck(object):
                     else:
                         self.log.error(line)
             self.symbols.sort()
-            subprocess.run(
+            subprocess.check_output(
                 ["make", "clean"],
-                encoding=sys.stdout.encoding,
-                check=True
+                universal_newlines=True,
             )
         except subprocess.CalledProcessError as error:
             self.log.error(error)

From 3963967ebc4bf0b61b1d5fea26680cbc56fe29b1 Mon Sep 17 00:00:00 2001
From: Yuto Takano <yuto.takano@arm.com>
Date: Thu, 5 Aug 2021 19:47:48 +0100
Subject: [PATCH 166/966] Restructure check-names.py with more verbose error
 messages

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
---
 tests/scripts/check-names.py | 596 +++++++++++++++++++++++++----------
 1 file changed, 429 insertions(+), 167 deletions(-)

diff --git a/tests/scripts/check-names.py b/tests/scripts/check-names.py
index 8a8e2dbbe6..431bcbb5c9 100755
--- a/tests/scripts/check-names.py
+++ b/tests/scripts/check-names.py
@@ -1,14 +1,27 @@
-#!/usr/bin/env python2
+#!/usr/bin/env python3
+#
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 """
-This file is part of Mbed TLS (https://tls.mbed.org)
-
-Copyright (c) 2018, Arm Limited, All Rights Reserved
-
-Purpose
-
-This script confirms that the naming of all symbols and identifiers in mbed
-TLS are consistent with the house style and are also self-consistent.
+This script confirms that the naming of all symbols and identifiers in Mbed TLS
+are consistent with the house style and are also self-consistent.
 """
+
+import argparse
+import textwrap
 import os
 import sys
 import traceback
@@ -17,47 +30,89 @@ import shutil
 import subprocess
 import logging
 
+# Naming patterns to check against
+MACRO_PATTERN = r"^MBEDTLS_[0-9A-Z_]*[0-9A-Z]$|^YOTTA_[0-9A-Z_]*[0-9A-Z]$"
+IDENTIFIER_PATTERN = r"^mbedtls_[0-9a-z_]*[0-9a-z]$"
+
+class Match(object):
+    def __init__(self, filename, line, pos, name):
+        self.filename = filename
+        self.line = line
+        self.pos = pos
+        self.name = name
+    
+    def __str__(self):
+        return self.name
+
+class Problem(object):
+    def __init__(self):
+        self.textwrapper = textwrap.TextWrapper()
+        self.textwrapper.initial_indent = "  * "
+        self.textwrapper.subsequent_indent = "    "
+
+class SymbolNotInHeader(Problem):
+    def __init__(self, symbol_name):
+        self.symbol_name = symbol_name
+        Problem.__init__(self)
+
+    def __str__(self):
+        return self.textwrapper.fill(
+            "'{0}' was found as an available symbol in the output of nm, "
+            "however it was not declared in any header files."
+            .format(self.symbol_name))
+
+class PatternMismatch(Problem):
+    def __init__(self, pattern, match):
+        self.pattern = pattern
+        self.match = match
+        Problem.__init__(self)
+    
+    def __str__(self):
+        return self.textwrapper.fill(
+            "{0}: '{1}' does not match the required pattern '{2}'."
+            .format(self.match.filename, self.match.name, self.pattern))
+
+class Typo(Problem):
+    def __init__(self, match):
+        self.match = match
+        Problem.__init__(self)
+    
+    def __str__(self):
+        return self.textwrapper.fill(
+            "{0}: '{1}' looks like a typo. It was not found in any macros or "
+            "any enums. If this is not a typo, put //no-check-names after it."
+            .format(self.match.filename, self.match.name))
 
 class NameCheck(object):
     def __init__(self):
         self.log = None
-        self.setup_logger()
         self.check_repo_path()
         self.return_code = 0
         self.excluded_files = ["compat-1.3.h"]
-        self.header_files = self.get_files(os.path.join("include", "mbedtls"))
-        self.library_files = self.get_files("library")
-        self.macros = []
-        self.MBED_names = []
-        self.enum_consts = []
-        self.identifiers = []
-        self.actual_macros = []
-        self.symbols = []
-        self.macro_pattern = r"#define (?P<macro>\w+)"
-        self.MBED_pattern = r"\bMBED.+?_[A-Z0-9_]*"
-        self.symbol_pattern = r"^\S+( [0-9A-Fa-f]+)* . _*(?P<symbol>\w+)"
-        self.identifier_check_pattern = r"^mbedtls_[0-9a-z_]*[0-9a-z]$"
-        self.decls_pattern = (
-            r"^(extern \"C\"|(typedef )?(struct|enum)( {)?$|};?$|$)"
-        )
-        self.macro_const_check_pattern = (
-            r"^MBEDTLS_[0-9A-Z_]*[0-9A-Z]$|^YOTTA_[0-9A-Z_]*[0-9A-Z]$"
-        )
         self.typo_check_pattern = r"XXX|__|_$|^MBEDTLS_.*CONFIG_FILE$"
-        self.non_macros = (
-            "asm", "inline", "EMIT", "_CRT_SECURE_NO_DEPRECATE", "MULADDC_"
-        )
 
     def set_return_code(self, return_code):
         if return_code > self.return_code:
             self.return_code = return_code
 
-    def setup_logger(self):
+    def setup_logger(self, verbose=False):
+        """
+        Set up a logger and set the change the default logging level from
+        WARNING to INFO. Loggers are better than print statements since their 
+        verbosity can be controlled.
+        """
         self.log = logging.getLogger()
-        self.log.setLevel(logging.INFO)
+        if verbose:
+            self.log.setLevel(logging.DEBUG)
+        else:
+            self.log.setLevel(logging.INFO)
         self.log.addHandler(logging.StreamHandler())
 
     def check_repo_path(self):
+        """
+        Check that the current working directory is the project root, and throw
+        an exception if not.
+        """
         current_dir = os.path.realpath('.')
         root_dir = os.path.dirname(os.path.dirname(
             os.path.dirname(os.path.realpath(__file__))))
@@ -73,32 +128,81 @@ class NameCheck(object):
                     filenames.append(os.path.join(root, filename))
         return filenames
 
-    def get_macros(self):
-        for header_file in self.header_files:
+    def parse_macros(self, header_files):
+        """
+        Parse all macros defined by #define preprocessor directives.
+
+        Args:
+            header_files: A list of filepaths to look through.
+        
+        Returns:
+            A list of Match objects for the macros.
+        """
+        MACRO_REGEX = r"#define (?P<macro>\w+)"
+        NON_MACROS = (
+            "asm", "inline", "EMIT", "_CRT_SECURE_NO_DEPRECATE", "MULADDC_"
+        )
+
+        macros = []
+
+        for header_file in header_files:
             with open(header_file, "r") as header:
-                for line in iter(header.readline, ""):
-                    macro = re.search(self.macro_pattern, line)
-                    if (macro and not
-                            macro.group("macro").startswith(self.non_macros)):
-                        self.macros.append((macro.group("macro"), header_file))
-        self.macros = list(set(self.macros))
+                for line in header:
+                    macro = re.search(MACRO_REGEX, line)
+                    if (macro and
+                        not macro.group("macro").startswith(NON_MACROS)):
+                        macros.append(Match(
+                            header_file,
+                            line,
+                            (macro.start(), macro.end()),
+                            macro.group("macro")))
 
-    def get_MBED_names(self):
-        for file_group in [self.header_files, self.library_files]:
-            for filename in file_group:
-                with open(filename, "r") as f:
-                    for line in iter(f.readline, ""):
-                        mbed_names = re.findall(self.MBED_pattern, line)
-                        if mbed_names:
-                            for name in mbed_names:
-                                self.MBED_names.append((name, filename))
-        self.MBED_names = list(set(self.MBED_names))
+        return macros
 
-    def get_enum_consts(self):
-        for header_file in self.header_files:
+    def parse_MBED_names(self, header_files, library_files):
+        """
+        Parse all words in the file that begin with MBED. Includes macros.
+
+        Args:
+            header_files: A list of filepaths to look through.
+            library_files: A list of filepaths to look through.
+        
+        Returns:
+            A list of Match objects for words beginning with MBED.
+        """
+        MBED_names = []
+        
+        for filename in header_files + library_files:
+            with open(filename, "r") as fp:
+                for line in fp:
+                    for name in re.finditer(r"\bMBED.+?_[A-Z0-9_]*", line):
+                        MBED_names.append(Match(
+                            filename,
+                            line,
+                            (name.start(), name.end()),
+                            name.group(0)
+                            ))
+
+        return MBED_names
+
+    def parse_enum_consts(self, header_files):
+        """
+        Parse all enum value constants that are declared.
+
+        Args:
+            header_files: A list of filepaths to look through.
+
+        Returns:
+            A list of (enum constants, containing filename).
+        """
+
+        enum_consts = []
+
+        for header_file in header_files:
+            # Emulate a finite state machine to parse enum declarations.
             state = 0
             with open(header_file, "r") as header:
-                for line in iter(header.readline, ""):
+                for line in header:
                     if state is 0 and re.match(r"^(typedef )?enum {", line):
                         state = 1
                     elif state is 0 and re.match(r"^(typedef )?enum", line):
@@ -110,156 +214,314 @@ class NameCheck(object):
                     elif state is 1:
                         enum_const = re.match(r"^\s*(?P<enum_const>\w+)", line)
                         if enum_const:
-                            self.enum_consts.append(
-                                (enum_const.group("enum_const"), header_file)
-                            )
+                            enum_consts.append(Match(
+                                header_file,
+                                line,
+                                (enum_const.start(), enum_const.end()),
+                                enum_const.group("enum_const")))
+        
+        return enum_consts
 
-    def line_contains_declaration(self, line):
-        return (re.match(r"^[^ /#{]", line)
-                and not re.match(self.decls_pattern, line))
+    def parse_identifiers(self, header_files):
+        """
+        Parse all lines of a header where a function identifier is declared,
+        based on some huersitics. Assumes every line that is not a comment or a
+        preprocessor directive contains some identifier.
 
-    def get_identifier_from_declaration(self, declaration):
-        identifier = re.search(
-            r"([a-zA-Z_][a-zA-Z0-9_]*)\(|"
-            r"\(\*(.+)\)\(|"
-            r"(\w+)\W*$",
-            declaration
+        Args:
+            header_files: A list of filepaths to look through.
+        
+        Returns:
+            A list of (identifier, containing filename)
+        """
+        EXCLUDED_DECLARATIONS = (
+            r"^(extern \"C\"|(typedef )?(struct|enum)( {)?$|};?$|$)"
         )
-        if identifier:
-            for group in identifier.groups():
-                if group:
-                    return group
-        self.log.error(declaration)
-        raise Exception("No identifier found")
 
-    def get_identifiers(self):
-        for header_file in self.header_files:
+        identifiers = []
+
+        for header_file in header_files:
             with open(header_file, "r") as header:
-                for line in iter(header.readline, ""):
-                    if self.line_contains_declaration(line):
-                        self.identifiers.append(
-                            (self.get_identifier_from_declaration(line),
-                             header_file)
-                        )
+                in_block_comment = False
 
-    def get_symbols(self):
+                for line in header:
+                    # Skip parsing this line if it begins or ends a block
+                    # comment, and set the state machine's state.
+                    if re.search(r"/\*", line):
+                        in_block_comment = True
+                        continue
+                    elif re.search(r"\*/", line) and in_block_comment:
+                        in_block_comment = False
+                        continue
+                    
+                    # Skip parsing this line if it's a line comment, or if it
+                    # begins with a preprocessor directive
+                    if in_block_comment or re.match(r"(//|#)", line):
+                        continue
+
+                    if re.match(EXCLUDED_DECLARATIONS, line):
+                        continue
+                
+                    identifier = re.search(
+                        # Matches: "mbedtls_aes_init("
+                        r"([a-zA-Z_][a-zA-Z0-9_]*)\(|"
+                        # Matches: "(*f_rng)("
+                        r"\(\*(.+)\)\(|"
+                        # TODO: unknown purpose
+                        r"(\w+)\W*$",
+                        line
+                    )
+
+                    if identifier:
+                        for group in identifier.groups():
+                            if group:
+                                identifiers.append(Match(
+                                    header_file,
+                                    line,
+                                    (identifier.start(), identifier.end()),
+                                    identifier.group(0)))
+
+        return identifiers
+
+    def parse_symbols(self):
+        """
+        Compile the Mbed TLS libraries, and parse the TLS, Crypto, and x509
+        object files using nm to retrieve the list of referenced symbols.
+        
+        Returns:
+            A list of unique symbols defined and used in the libraries.
+        """
+
+        symbols = []
+
+        # Back up the config and atomically compile with the full configratuion.
+        shutil.copy("include/mbedtls/mbedtls_config.h",
+                    "include/mbedtls/mbedtls_config.h.bak")        
         try:
-            shutil.copy("include/mbedtls/config.h",
-                        "include/mbedtls/config.h.bak")
-            subprocess.check_output(
+            subprocess.run(
                 ["perl", "scripts/config.pl", "full"],
-                universal_newlines=True,
+                encoding=sys.stdout.encoding,
+                check=True
             )
             my_environment = os.environ.copy()
             my_environment["CFLAGS"] = "-fno-asynchronous-unwind-tables"
-            subprocess.check_output(
+            subprocess.run(
                 ["make", "clean", "lib"],
                 env=my_environment,
-                universal_newlines=True,
+                encoding=sys.stdout.encoding,
+                stdout=subprocess.PIPE,
                 stderr=subprocess.STDOUT,
+                check=True
             )
-            shutil.move("include/mbedtls/config.h.bak",
-                        "include/mbedtls/config.h")
-            nm_output = ""
-            for lib in ["library/libmbedcrypto.a",
-                        "library/libmbedtls.a",
-                        "library/libmbedx509.a"]:
-                nm_output += subprocess.check_output(
-                    ["nm", "-og", lib],
-                    universal_newlines=True,
-                    stderr=subprocess.STDOUT,
-                )
-            for line in nm_output.splitlines():
-                if not re.match(r"^\S+: +U |^$|^\S+:$", line):
-                    symbol = re.match(self.symbol_pattern, line)
-                    if symbol:
-                        self.symbols.append(symbol.group('symbol'))
-                    else:
-                        self.log.error(line)
-            self.symbols.sort()
-            subprocess.check_output(
+
+            # Perform object file analysis using nm
+            symbols = self.parse_symbols_from_nm(
+                ["library/libmbedcrypto.a",
+                "library/libmbedtls.a",
+                "library/libmbedx509.a"])
+
+            symbols.sort()
+
+            subprocess.run(
                 ["make", "clean"],
-                universal_newlines=True,
+                encoding=sys.stdout.encoding,
+                check=True
             )
         except subprocess.CalledProcessError as error:
             self.log.error(error)
             self.set_return_code(2)
+        finally:
+            shutil.move("include/mbedtls/mbedtls_config.h.bak",
+                        "include/mbedtls/mbedtls_config.h")
+
+        return symbols
+
+    def parse_symbols_from_nm(self, object_files):
+        """
+        Run nm to retrieve the list of referenced symbols in each object file.
+        Does not return the position data since it is of no use.
+
+        Returns:
+            A list of unique symbols defined and used in any of the object files.
+        """
+        UNDEFINED_SYMBOL = r"^\S+: +U |^$|^\S+:$"
+        VALID_SYMBOL = r"^\S+( [0-9A-Fa-f]+)* . _*(?P<symbol>\w+)"
+
+        symbols = []
+
+        nm_output = ""
+        for lib in object_files:
+            nm_output += subprocess.run(
+                ["nm", "-og", lib],
+                encoding=sys.stdout.encoding,
+                stdout=subprocess.PIPE,
+                stderr=subprocess.STDOUT,
+                check=True
+            ).stdout
+        for line in nm_output.splitlines():
+            if not re.match(UNDEFINED_SYMBOL, line):
+                symbol = re.match(VALID_SYMBOL, line)
+                if symbol:
+                    symbols.append(symbol.group('symbol'))
+                else:
+                    self.log.error(line)
+        
+        return symbols
+
+    def parse_names_in_source(self):
+        """
+        Calls each parsing function to retrieve various elements of the code,
+        together with their source location. Puts the parsed values in the
+        internal variable self.parse_result.
+        """
+        self.log.info("Parsing source code...")
+
+        m_headers = self.get_files(os.path.join("include", "mbedtls"))
+        libraries = self.get_files("library")
+        
+        all_macros = self.parse_macros(m_headers)
+        enum_consts = self.parse_enum_consts(m_headers)
+        identifiers = self.parse_identifiers(m_headers)
+        symbols = self.parse_symbols()
+        mbed_names = self.parse_MBED_names(m_headers, libraries)
+        
+        # Remove identifier macros like mbedtls_printf or mbedtls_calloc
+        macros = list(set(all_macros) - set(identifiers))
+
+        self.log.info("Found:")
+        self.log.info("  {} Macros".format(len(all_macros)))
+        self.log.info("  {} Enum Constants".format(len(enum_consts)))
+        self.log.info("  {} Identifiers".format(len(identifiers)))
+        self.log.info("  {} Exported Symbols".format(len(symbols)))
+        self.log.info("Analysing...")
+
+        self.parse_result = {
+            "macros": macros,
+            "enum_consts": enum_consts,
+            "identifiers": identifiers,
+            "symbols": symbols,
+            "mbed_names": mbed_names
+        }
+
+    def perform_checks(self):
+        """
+        Perform each check in order, output its PASS/FAIL status. Maintain an
+        overall test status, and output that at the end.
+        """
+        problems = 0
+
+        problems += self.check_symbols_declared_in_header()
+
+        pattern_checks = [
+            ("macros", MACRO_PATTERN),
+            ("enum_consts", MACRO_PATTERN),
+            ("identifiers", IDENTIFIER_PATTERN)]
+        for group, check_pattern in pattern_checks:
+            problems += self.check_match_pattern(group, check_pattern)
+
+        problems += self.check_for_typos()
+
+        self.log.info("=============")
+        if problems > 0:
+            self.log.info("FAIL: {0} problem(s) to fix".format(str(problems)))
+        else:
+            self.log.info("PASS")
 
     def check_symbols_declared_in_header(self):
-        identifiers = [x[0] for x in self.identifiers]
-        bad_names = []
-        for symbol in self.symbols:
-            if symbol not in identifiers:
-                bad_names.append(symbol)
-        if bad_names:
-            self.set_return_code(1)
-            self.log.info("Names of identifiers: FAIL")
-            for name in bad_names:
-                self.log.info(name)
-        else:
-            self.log.info("Names of identifiers: PASS")
+        """
+        Perform a check that all detected symbols in the library object files
+        are properly declared in headers.
+        
+        Outputs to the logger the PASS/FAIL status, followed by the location of
+        problems.
 
-    def check_group(self, group_to_check, check_pattern, name):
-        bad_names = []
-        for item in group_to_check:
-            if not re.match(check_pattern, item[0]):
-                bad_names.append("{} - {}".format(item[0], item[1]))
-        if bad_names:
+        Returns the number of problems that needs fixing.
+        """
+        problems = []
+        for symbol in self.parse_result["symbols"]:
+            found_symbol_declared = False
+            for identifier_match in self.parse_result["identifiers"]:
+                if symbol == identifier_match.name:
+                    found_symbol_declared = True
+                    break
+            
+            if not found_symbol_declared:
+                problems.append(SymbolNotInHeader(symbol))
+
+        if problems:
             self.set_return_code(1)
-            self.log.info("Names of {}: FAIL".format(name))
-            for name in bad_names:
-                self.log.info(name)
+            self.log.info("All symbols in header: FAIL")
+            for problem in problems:
+                self.log.info(str(problem) + "\n")
         else:
-            self.log.info("Names of {}: PASS".format(name))
+            self.log.info("All symbols in header: PASS")
+        
+        return len(problems)
+
+    def check_match_pattern(self, group_to_check, check_pattern):
+        problems = []
+        for item_match in self.parse_result[group_to_check]:
+            if not re.match(check_pattern, item_match.name):
+                problems.append(PatternMismatch(check_pattern, item_match))
+        
+        if problems:
+            self.set_return_code(1)
+            self.log.info("Naming patterns of {}: FAIL".format(group_to_check))
+            for problem in problems:
+                self.log.info(str(problem) + "\n")
+        else:
+            self.log.info("Naming patterns of {}: PASS".format(group_to_check))
+        
+        return len(problems)
 
     def check_for_typos(self):
-        bad_names = []
-        all_caps_names = list(set(
-            [x[0] for x in self.actual_macros + self.enum_consts]
+        problems = []
+        all_caps_names = list(set([
+            match.name for match
+            in self.parse_result["macros"] + self.parse_result["enum_consts"]]
         ))
-        for name in self.MBED_names:
-            if name[0] not in all_caps_names:
-                if not re.search(self.typo_check_pattern, name[0]):
-                    bad_names.append("{} - {}".format(name[0], name[1]))
-        if bad_names:
+
+        TYPO_EXCLUSION = r"XXX|__|_$|^MBEDTLS_.*CONFIG_FILE$"
+
+        for name_match in self.parse_result["mbed_names"]:
+            if name_match.name not in all_caps_names:
+                if not re.search(TYPO_EXCLUSION, name_match.name):
+                    problems.append(Typo(name_match))
+
+        if problems:
             self.set_return_code(1)
             self.log.info("Likely typos: FAIL")
-            for name in bad_names:
-                self.log.info(name)
+            for problem in problems:
+                self.log.info(str(problem) + "\n")
         else:
             self.log.info("Likely typos: PASS")
+        
+        return len(problems)
 
-    def get_names_from_source_code(self):
-        self.log.info("Analysing source code...")
-        self.get_macros()
-        self.get_enum_consts()
-        self.get_identifiers()
-        self.get_symbols()
-        self.get_MBED_names()
-        self.actual_macros = list(set(self.macros) - set(self.identifiers))
-        self.log.info("{} macros".format(len(self.macros)))
-        self.log.info("{} enum-consts".format(len(self.enum_consts)))
-        self.log.info("{} identifiers".format(len(self.identifiers)))
-        self.log.info("{} exported-symbols".format(len(self.symbols)))
+def main():
+    """
+    Main function, parses command-line arguments.
+    """
 
-    def check_names(self):
-        self.check_symbols_declared_in_header()
-        for group, check_pattern, name in [
-                (self.actual_macros, self.macro_const_check_pattern,
-                 "actual-macros"),
-                (self.enum_consts, self.macro_const_check_pattern,
-                 "enum-consts"),
-                (self.identifiers, self.identifier_check_pattern,
-                 "identifiers")]:
-            self.check_group(group, check_pattern, name)
-        self.check_for_typos()
+    parser = argparse.ArgumentParser(
+        formatter_class=argparse.RawDescriptionHelpFormatter,
+        description=(
+            "This script confirms that the naming of all symbols and identifiers "
+            "in Mbed TLS are consistent with the house style and are also "
+            "self-consistent.\n\n"
+            "Expected to be run from the MbedTLS root directory."))
 
+    parser.add_argument("-v", "--verbose",
+                        action="store_true",
+                        help="enable script debug outputs")
+    
+    args = parser.parse_args()
 
-def run_main():
     try:
         name_check = NameCheck()
-        name_check.get_names_from_source_code()
-        name_check.check_names()
+        name_check.setup_logger(verbose=args.verbose)
+        name_check.parse_names_in_source()
+        name_check.perform_checks()
         sys.exit(name_check.return_code)
     except Exception:
         traceback.print_exc()
@@ -267,4 +529,4 @@ def run_main():
 
 
 if __name__ == "__main__":
-    run_main()
+    main()

From c1838937f1278bffa807313d46d43037cdad3899 Mon Sep 17 00:00:00 2001
From: Yuto Takano <yuto.takano@arm.com>
Date: Thu, 5 Aug 2021 19:52:09 +0100
Subject: [PATCH 167/966] Also check PSA: Python port of
 2d9d6db60f5fd0a4993d90e47f39462647624ad6

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
---
 tests/scripts/check-names.py | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/tests/scripts/check-names.py b/tests/scripts/check-names.py
index 431bcbb5c9..e14d140c47 100755
--- a/tests/scripts/check-names.py
+++ b/tests/scripts/check-names.py
@@ -32,7 +32,7 @@ import logging
 
 # Naming patterns to check against
 MACRO_PATTERN = r"^MBEDTLS_[0-9A-Z_]*[0-9A-Z]$|^YOTTA_[0-9A-Z_]*[0-9A-Z]$"
-IDENTIFIER_PATTERN = r"^mbedtls_[0-9a-z_]*[0-9a-z]$"
+IDENTIFIER_PATTERN = r"^(mbedtls|psa)_[0-9a-z_]*[0-9a-z]$"
 
 class Match(object):
     def __init__(self, filename, line, pos, name):
@@ -377,11 +377,12 @@ class NameCheck(object):
         self.log.info("Parsing source code...")
 
         m_headers = self.get_files(os.path.join("include", "mbedtls"))
+        p_headers = self.get_files(os.path.join("include", "psa"))
         libraries = self.get_files("library")
         
-        all_macros = self.parse_macros(m_headers)
+        all_macros = self.parse_macros(m_headers + ["configs/config-default.h"])
         enum_consts = self.parse_enum_consts(m_headers)
-        identifiers = self.parse_identifiers(m_headers)
+        identifiers = self.parse_identifiers(m_headers + p_headers)
         symbols = self.parse_symbols()
         mbed_names = self.parse_MBED_names(m_headers, libraries)
         

From ed91cf003a07dfaec7dcb66bd4e0eb412c848671 Mon Sep 17 00:00:00 2001
From: Yuto Takano <yuto.takano@arm.com>
Date: Thu, 5 Aug 2021 19:52:43 +0100
Subject: [PATCH 168/966] Remove Yotta: Python port of
 3ad2efdc82a3d15f373b9d12e6764efec3577b55

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
---
 tests/scripts/check-names.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/scripts/check-names.py b/tests/scripts/check-names.py
index e14d140c47..9467ec47ca 100755
--- a/tests/scripts/check-names.py
+++ b/tests/scripts/check-names.py
@@ -31,7 +31,7 @@ import subprocess
 import logging
 
 # Naming patterns to check against
-MACRO_PATTERN = r"^MBEDTLS_[0-9A-Z_]*[0-9A-Z]$|^YOTTA_[0-9A-Z_]*[0-9A-Z]$"
+MACRO_PATTERN = r"^MBEDTLS_[0-9A-Z_]*[0-9A-Z]$"
 IDENTIFIER_PATTERN = r"^(mbedtls|psa)_[0-9a-z_]*[0-9a-z]$"
 
 class Match(object):

From bb7dca495fca9f2750529b40b99019417a49b849 Mon Sep 17 00:00:00 2001
From: Yuto Takano <yuto.takano@arm.com>
Date: Thu, 5 Aug 2021 19:57:58 +0100
Subject: [PATCH 169/966] Work with PSA constants: Python port of
 03091d1114450dd19a10215094682f14761540d9

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
---
 tests/scripts/check-names.py | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/tests/scripts/check-names.py b/tests/scripts/check-names.py
index 9467ec47ca..03b6a58030 100755
--- a/tests/scripts/check-names.py
+++ b/tests/scripts/check-names.py
@@ -31,7 +31,7 @@ import subprocess
 import logging
 
 # Naming patterns to check against
-MACRO_PATTERN = r"^MBEDTLS_[0-9A-Z_]*[0-9A-Z]$"
+MACRO_PATTERN = r"^(MBEDTLS|PSA)_[0-9A-Z_]*[0-9A-Z]$"
 IDENTIFIER_PATTERN = r"^(mbedtls|psa)_[0-9a-z_]*[0-9a-z]$"
 
 class Match(object):
@@ -159,20 +159,19 @@ class NameCheck(object):
 
         return macros
 
-    def parse_MBED_names(self, header_files, library_files):
+    def parse_MBED_names(self, files):
         """
         Parse all words in the file that begin with MBED. Includes macros.
 
         Args:
-            header_files: A list of filepaths to look through.
-            library_files: A list of filepaths to look through.
+            files: A list of filepaths to look through.
         
         Returns:
             A list of Match objects for words beginning with MBED.
         """
         MBED_names = []
         
-        for filename in header_files + library_files:
+        for filename in files:
             with open(filename, "r") as fp:
                 for line in fp:
                     for name in re.finditer(r"\bMBED.+?_[A-Z0-9_]*", line):
@@ -380,11 +379,12 @@ class NameCheck(object):
         p_headers = self.get_files(os.path.join("include", "psa"))
         libraries = self.get_files("library")
         
-        all_macros = self.parse_macros(m_headers + ["configs/config-default.h"])
+        all_macros = self.parse_macros(
+            m_headers + p_headers)
         enum_consts = self.parse_enum_consts(m_headers)
         identifiers = self.parse_identifiers(m_headers + p_headers)
         symbols = self.parse_symbols()
-        mbed_names = self.parse_MBED_names(m_headers, libraries)
+        mbed_names = self.parse_MBED_names(m_headers + p_headers + libraries)
         
         # Remove identifier macros like mbedtls_printf or mbedtls_calloc
         macros = list(set(all_macros) - set(identifiers))

From fa950ae3448effe05031428423dbcca91d356758 Mon Sep 17 00:00:00 2001
From: Yuto Takano <yuto.takano@arm.com>
Date: Thu, 5 Aug 2021 20:03:44 +0100
Subject: [PATCH 170/966] Look in 3rdparty: Python port of
 8a0f5bb3c11196a5bc0df6393a47e56c40adb7ac

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
---
 tests/scripts/check-names.py | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/tests/scripts/check-names.py b/tests/scripts/check-names.py
index 03b6a58030..52854858d2 100755
--- a/tests/scripts/check-names.py
+++ b/tests/scripts/check-names.py
@@ -377,14 +377,19 @@ class NameCheck(object):
 
         m_headers = self.get_files(os.path.join("include", "mbedtls"))
         p_headers = self.get_files(os.path.join("include", "psa"))
-        libraries = self.get_files("library")
+        t_headers = ["3rdparty/everest/include/everest/everest.h",
+                     "3rdparty/everest/include/everest/x25519.h"]
+        libraries = self.get_files("library") + [
+            "3rdparty/everest/library/everest.c",
+            "3rdparty/everest/library/x25519.c"]
         
         all_macros = self.parse_macros(
-            m_headers + p_headers)
-        enum_consts = self.parse_enum_consts(m_headers)
-        identifiers = self.parse_identifiers(m_headers + p_headers)
+            m_headers + p_headers + t_headers)
+        enum_consts = self.parse_enum_consts(m_headers + t_headers)
+        identifiers = self.parse_identifiers(m_headers + p_headers + t_headers)
         symbols = self.parse_symbols()
-        mbed_names = self.parse_MBED_names(m_headers + p_headers + libraries)
+        mbed_names = self.parse_MBED_names(
+            m_headers + p_headers + t_headers + libraries)
         
         # Remove identifier macros like mbedtls_printf or mbedtls_calloc
         macros = list(set(all_macros) - set(identifiers))

From c763cc368fc27a3124a0af828153fd93bc5821a9 Mon Sep 17 00:00:00 2001
From: Yuto Takano <yuto.takano@arm.com>
Date: Thu, 5 Aug 2021 20:06:34 +0100
Subject: [PATCH 171/966] Check for double underscores: Python port of
 712f7a804e391737b0e9d2593abe291f4ccb0303

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
---
 tests/scripts/check-names.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/tests/scripts/check-names.py b/tests/scripts/check-names.py
index 52854858d2..35fda61149 100755
--- a/tests/scripts/check-names.py
+++ b/tests/scripts/check-names.py
@@ -469,6 +469,8 @@ class NameCheck(object):
         for item_match in self.parse_result[group_to_check]:
             if not re.match(check_pattern, item_match.name):
                 problems.append(PatternMismatch(check_pattern, item_match))
+            if re.match(r".*__.*", item_match.name):
+                problems.append(PatternMismatch("double underscore", item_match))
         
         if problems:
             self.set_return_code(1)

From 157444c24d84a0a7d05aeb926f1919b87c9ec342 Mon Sep 17 00:00:00 2001
From: Yuto Takano <yuto.takano@arm.com>
Date: Thu, 5 Aug 2021 20:10:45 +0100
Subject: [PATCH 172/966] Add library header files: Python port of
 65a6fa3e2669cb02af5399d0f60b5bed3e62a9be

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
---
 tests/scripts/check-names.py | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/tests/scripts/check-names.py b/tests/scripts/check-names.py
index 35fda61149..f494f7666c 100755
--- a/tests/scripts/check-names.py
+++ b/tests/scripts/check-names.py
@@ -119,12 +119,12 @@ class NameCheck(object):
         if current_dir != root_dir:
             raise Exception("Must be run from Mbed TLS root")
 
-    def get_files(self, directory):
+    def get_files(self, extension, directory):
         filenames = []
         for root, dirs, files in sorted(os.walk(directory)):
             for filename in sorted(files):
                 if (filename not in self.excluded_files and
-                        filename.endswith((".c", ".h"))):
+                        filename.endswith("." + extension)):
                     filenames.append(os.path.join(root, filename))
         return filenames
 
@@ -375,21 +375,22 @@ class NameCheck(object):
         """
         self.log.info("Parsing source code...")
 
-        m_headers = self.get_files(os.path.join("include", "mbedtls"))
-        p_headers = self.get_files(os.path.join("include", "psa"))
+        m_headers = self.get_files("h", os.path.join("include", "mbedtls"))
+        p_headers = self.get_files("h", os.path.join("include", "psa"))
         t_headers = ["3rdparty/everest/include/everest/everest.h",
                      "3rdparty/everest/include/everest/x25519.h"]
-        libraries = self.get_files("library") + [
+        l_headers = self.get_files("h", "library")
+        libraries = self.get_files("c", "library") + [
             "3rdparty/everest/library/everest.c",
             "3rdparty/everest/library/x25519.c"]
         
         all_macros = self.parse_macros(
-            m_headers + p_headers + t_headers)
+            m_headers + p_headers + t_headers + l_headers)
         enum_consts = self.parse_enum_consts(m_headers + t_headers)
         identifiers = self.parse_identifiers(m_headers + p_headers + t_headers)
         symbols = self.parse_symbols()
         mbed_names = self.parse_MBED_names(
-            m_headers + p_headers + t_headers + libraries)
+            m_headers + p_headers + t_headers + l_headers + libraries)
         
         # Remove identifier macros like mbedtls_printf or mbedtls_calloc
         macros = list(set(all_macros) - set(identifiers))

From e503d61b998205caa04c2a6b1e1604f969e00254 Mon Sep 17 00:00:00 2001
From: Yuto Takano <yuto.takano@arm.com>
Date: Thu, 5 Aug 2021 20:14:05 +0100
Subject: [PATCH 173/966] Remove 1.3 to 2.0 helpers: Python port of
 7d48b2821808e964ab594462e419fbed0e015729

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
---
 tests/scripts/check-names.py | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/tests/scripts/check-names.py b/tests/scripts/check-names.py
index f494f7666c..46cb00e224 100755
--- a/tests/scripts/check-names.py
+++ b/tests/scripts/check-names.py
@@ -88,8 +88,7 @@ class NameCheck(object):
         self.log = None
         self.check_repo_path()
         self.return_code = 0
-        self.excluded_files = ["compat-1.3.h"]
-        self.typo_check_pattern = r"XXX|__|_$|^MBEDTLS_.*CONFIG_FILE$"
+        self.excluded_files = ["bn_mul"]
 
     def set_return_code(self, return_code):
         if return_code > self.return_code:

From c62b4084a2ae3977f21354da3b7d4dda781cc3bf Mon Sep 17 00:00:00 2001
From: Yuto Takano <yuto.takano@arm.com>
Date: Thu, 5 Aug 2021 20:17:07 +0100
Subject: [PATCH 174/966] Per-line opt-out of typo check: Python port of
 b6837761815e1a8f6f475be4575824fc386a08dd

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
---
 tests/scripts/check-names.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/tests/scripts/check-names.py b/tests/scripts/check-names.py
index 46cb00e224..f480a830e7 100755
--- a/tests/scripts/check-names.py
+++ b/tests/scripts/check-names.py
@@ -173,6 +173,10 @@ class NameCheck(object):
         for filename in files:
             with open(filename, "r") as fp:
                 for line in fp:
+                    # Ignore any names that are deliberately opted-out
+                    if re.search(r"// *no-check-names", line):
+                        continue
+                    
                     for name in re.finditer(r"\bMBED.+?_[A-Z0-9_]*", line):
                         MBED_names.append(Match(
                             filename,

From 062289c6578c75f04744cd69d96a883d44ae55f4 Mon Sep 17 00:00:00 2001
From: Yuto Takano <yuto.takano@arm.com>
Date: Thu, 5 Aug 2021 20:19:57 +0100
Subject: [PATCH 175/966] Invoke config.py instead of pl: Python port of
 5d46f6a89b25603f0a77466c618213200c328510

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
---
 tests/scripts/check-names.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/scripts/check-names.py b/tests/scripts/check-names.py
index f480a830e7..2bb1b02010 100755
--- a/tests/scripts/check-names.py
+++ b/tests/scripts/check-names.py
@@ -301,7 +301,7 @@ class NameCheck(object):
                     "include/mbedtls/mbedtls_config.h.bak")        
         try:
             subprocess.run(
-                ["perl", "scripts/config.pl", "full"],
+                ["perl", "scripts/config.py", "full"],
                 encoding=sys.stdout.encoding,
                 check=True
             )

From e77f699ed554b010b80f5f2acf5994772e6f77be Mon Sep 17 00:00:00 2001
From: Yuto Takano <yuto.takano@arm.com>
Date: Thu, 5 Aug 2021 20:22:59 +0100
Subject: [PATCH 176/966] Exclude FStar and Hacl: Python port of
 9b33e7d7d7426e3d7f27cd7d206765ae33e3e61f

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
---
 tests/scripts/check-names.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/tests/scripts/check-names.py b/tests/scripts/check-names.py
index 2bb1b02010..2d1eb83593 100755
--- a/tests/scripts/check-names.py
+++ b/tests/scripts/check-names.py
@@ -348,6 +348,7 @@ class NameCheck(object):
         """
         UNDEFINED_SYMBOL = r"^\S+: +U |^$|^\S+:$"
         VALID_SYMBOL = r"^\S+( [0-9A-Fa-f]+)* . _*(?P<symbol>\w+)"
+        EXCLUSIONS = ("FStar", "Hacl")
 
         symbols = []
 
@@ -363,8 +364,8 @@ class NameCheck(object):
         for line in nm_output.splitlines():
             if not re.match(UNDEFINED_SYMBOL, line):
                 symbol = re.match(VALID_SYMBOL, line)
-                if symbol:
-                    symbols.append(symbol.group('symbol'))
+                if symbol and not symbol.group("symbol").startswith(EXCLUSIONS):
+                    symbols.append(symbol.group("symbol"))
                 else:
                     self.log.error(line)
         

From 56e3a5caa6c7d16ddca230b09cf8e13d97712b52 Mon Sep 17 00:00:00 2001
From: Yuto Takano <yuto.takano@arm.com>
Date: Thu, 5 Aug 2021 20:29:42 +0100
Subject: [PATCH 177/966] Add test driver symbols: Python port of
 7f13fa2454282b21930045a3f4f9a2835d80425e

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
---
 tests/scripts/check-names.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/tests/scripts/check-names.py b/tests/scripts/check-names.py
index 2d1eb83593..c3da69e448 100755
--- a/tests/scripts/check-names.py
+++ b/tests/scripts/check-names.py
@@ -383,13 +383,14 @@ class NameCheck(object):
         p_headers = self.get_files("h", os.path.join("include", "psa"))
         t_headers = ["3rdparty/everest/include/everest/everest.h",
                      "3rdparty/everest/include/everest/x25519.h"]
+        d_headers = self.get_files("h", os.path.join("tests", "include", "test", "drivers"))
         l_headers = self.get_files("h", "library")
         libraries = self.get_files("c", "library") + [
             "3rdparty/everest/library/everest.c",
             "3rdparty/everest/library/x25519.c"]
         
         all_macros = self.parse_macros(
-            m_headers + p_headers + t_headers + l_headers)
+            m_headers + p_headers + t_headers + l_headers + d_headers)
         enum_consts = self.parse_enum_consts(m_headers + t_headers)
         identifiers = self.parse_identifiers(m_headers + p_headers + t_headers)
         symbols = self.parse_symbols()

From 17220988dcb2ca4d75bec0b8cb0963fba7366a44 Mon Sep 17 00:00:00 2001
From: Yuto Takano <yuto.takano@arm.com>
Date: Thu, 5 Aug 2021 20:30:18 +0100
Subject: [PATCH 178/966] Parse identifiers from library headers: Python port
 of d9eee3b417c2e8f63dd10d835ab9a9472242c2ed

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
---
 tests/scripts/check-names.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/scripts/check-names.py b/tests/scripts/check-names.py
index c3da69e448..5b8159681c 100755
--- a/tests/scripts/check-names.py
+++ b/tests/scripts/check-names.py
@@ -392,7 +392,7 @@ class NameCheck(object):
         all_macros = self.parse_macros(
             m_headers + p_headers + t_headers + l_headers + d_headers)
         enum_consts = self.parse_enum_consts(m_headers + t_headers)
-        identifiers = self.parse_identifiers(m_headers + p_headers + t_headers)
+        identifiers = self.parse_identifiers(m_headers + p_headers + t_headers + l_headers)
         symbols = self.parse_symbols()
         mbed_names = self.parse_MBED_names(
             m_headers + p_headers + t_headers + l_headers + libraries)

From 0fd48f793907f0b053334303074e42cdcc80eb5f Mon Sep 17 00:00:00 2001
From: Yuto Takano <yuto.takano@arm.com>
Date: Thu, 5 Aug 2021 20:32:55 +0100
Subject: [PATCH 179/966] Python port of
 7cc4c68eb63a24f9cbf814254cd537df819958e5

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
---
 tests/scripts/check-names.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/scripts/check-names.py b/tests/scripts/check-names.py
index 5b8159681c..96838f2f30 100755
--- a/tests/scripts/check-names.py
+++ b/tests/scripts/check-names.py
@@ -213,7 +213,7 @@ class NameCheck(object):
                         state = 1
                     elif state is 1 and re.match(r"^}", line):
                         state = 0
-                    elif state is 1:
+                    elif state is 1 and not re.match(r"^#", line):
                         enum_const = re.match(r"^\s*(?P<enum_const>\w+)", line)
                         if enum_const:
                             enum_consts.append(Match(

From fe02684049e6036ffa1e3cd98570381a8710c0fc Mon Sep 17 00:00:00 2001
From: Yuto Takano <yuto.takano@arm.com>
Date: Thu, 5 Aug 2021 20:34:24 +0100
Subject: [PATCH 180/966] Python port of
 f6643ccd90694ae99d05541990b78738a8444ab0

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
---
 tests/scripts/check-names.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/scripts/check-names.py b/tests/scripts/check-names.py
index 96838f2f30..531ff3508f 100755
--- a/tests/scripts/check-names.py
+++ b/tests/scripts/check-names.py
@@ -391,7 +391,7 @@ class NameCheck(object):
         
         all_macros = self.parse_macros(
             m_headers + p_headers + t_headers + l_headers + d_headers)
-        enum_consts = self.parse_enum_consts(m_headers + t_headers)
+        enum_consts = self.parse_enum_consts(m_headers + l_headers + t_headers)
         identifiers = self.parse_identifiers(m_headers + p_headers + t_headers + l_headers)
         symbols = self.parse_symbols()
         mbed_names = self.parse_MBED_names(

From 6f38ab3bcac69624ad78ab152d0fd0dbe52662fb Mon Sep 17 00:00:00 2001
From: Yuto Takano <yuto.takano@arm.com>
Date: Thu, 5 Aug 2021 21:07:14 +0100
Subject: [PATCH 181/966] Fix legacy troublesome regex

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
---
 tests/scripts/check-names.py | 14 +++++---------
 1 file changed, 5 insertions(+), 9 deletions(-)

diff --git a/tests/scripts/check-names.py b/tests/scripts/check-names.py
index 531ff3508f..0d14429f23 100755
--- a/tests/scripts/check-names.py
+++ b/tests/scripts/check-names.py
@@ -237,7 +237,7 @@ class NameCheck(object):
             A list of (identifier, containing filename)
         """
         EXCLUDED_DECLARATIONS = (
-            r"^(extern \"C\"|(typedef )?(struct|enum)( {)?$|};?$|$)"
+            r"^(extern \"C\"|(typedef )?(struct|union|enum)( {)?$|};?$|$)"
         )
 
         identifiers = []
@@ -258,19 +258,15 @@ class NameCheck(object):
                     
                     # Skip parsing this line if it's a line comment, or if it
                     # begins with a preprocessor directive
-                    if in_block_comment or re.match(r"(//|#)", line):
+                    if in_block_comment or re.match(r"^(//|#)", line):
                         continue
 
                     if re.match(EXCLUDED_DECLARATIONS, line):
                         continue
-                
+
                     identifier = re.search(
                         # Matches: "mbedtls_aes_init("
-                        r"([a-zA-Z_][a-zA-Z0-9_]*)\(|"
-                        # Matches: "(*f_rng)("
-                        r"\(\*(.+)\)\(|"
-                        # TODO: unknown purpose
-                        r"(\w+)\W*$",
+                        r"([a-zA-Z_][a-zA-Z0-9_]*)\(",
                         line
                     )
 
@@ -281,7 +277,7 @@ class NameCheck(object):
                                     header_file,
                                     line,
                                     (identifier.start(), identifier.end()),
-                                    identifier.group(0)))
+                                    identifier.group(1)))
 
         return identifiers
 

From 81528c058a9e23fe78cbebac903beb63f9eebc55 Mon Sep 17 00:00:00 2001
From: Yuto Takano <yuto.takano@arm.com>
Date: Fri, 6 Aug 2021 16:22:06 +0100
Subject: [PATCH 182/966] Add documentation, fix identifier parsing

- Add documentation to all classes and functions that were
  not self-explanatory.
- Fix the parsing of identifiers, so it now behaves identically
  to the original shell script. Detects the same amount of identifiers.
- Fix macro parsing so MBEDTLS_PSA_ACCEL didn't error out
- Reformat output to be comprehensible

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
---
 tests/scripts/check-names.py | 467 +++++++++++++++++++++++------------
 1 file changed, 312 insertions(+), 155 deletions(-)

diff --git a/tests/scripts/check-names.py b/tests/scripts/check-names.py
index 0d14429f23..828702b172 100755
--- a/tests/scripts/check-names.py
+++ b/tests/scripts/check-names.py
@@ -17,7 +17,14 @@
 
 """
 This script confirms that the naming of all symbols and identifiers in Mbed TLS
-are consistent with the house style and are also self-consistent.
+are consistent with the house style and are also self-consistent. It performs
+the following checks:
+
+- All exported and available symbols in the library object files, are explicitly
+  declared in the header files.
+- All macros, constants, and identifiers (function names, struct names, etc)
+  follow the required pattern.
+- Typo checking: All words that begin with MBED exist as macros or constants.
 """
 
 import argparse
@@ -30,27 +37,50 @@ import shutil
 import subprocess
 import logging
 
-# Naming patterns to check against
+# Naming patterns to check against. These are defined outside the NameCheck
+# class for ease of modification.
 MACRO_PATTERN = r"^(MBEDTLS|PSA)_[0-9A-Z_]*[0-9A-Z]$"
+CONSTANTS_PATTERN = MACRO_PATTERN
 IDENTIFIER_PATTERN = r"^(mbedtls|psa)_[0-9a-z_]*[0-9a-z]$"
 
 class Match(object):
+    """
+    A class representing a match, together with its found position.
+
+    Fields:
+    * filename: the file that the match was in.
+    * line: the full line containing the match.
+    * pos: a tuple of (start, end) positions on the line where the match is.
+    * name: the match itself.
+    """
     def __init__(self, filename, line, pos, name):
         self.filename = filename
         self.line = line
         self.pos = pos
         self.name = name
-    
-    def __str__(self):
-        return self.name
 
 class Problem(object):
+    """
+    A parent class representing a form of static analysis error.
+
+    Fields:
+    * textwrapper: a TextWrapper instance to format problems nicely.
+    """
     def __init__(self):
         self.textwrapper = textwrap.TextWrapper()
-        self.textwrapper.initial_indent = "  * "
-        self.textwrapper.subsequent_indent = "    "
+        self.textwrapper.width = 80
+        self.textwrapper.initial_indent = "    * "
+        self.textwrapper.subsequent_indent = "      "
 
 class SymbolNotInHeader(Problem):
+    """
+    A problem that occurs when an exported/available symbol in the object file
+    is not explicitly declared in header files. Created with
+    NameCheck.check_symbols_declared_in_header()
+
+    Fields:
+    * symbol_name: the name of the symbol.
+    """
     def __init__(self, symbol_name):
         self.symbol_name = symbol_name
         Problem.__init__(self)
@@ -62,21 +92,36 @@ class SymbolNotInHeader(Problem):
             .format(self.symbol_name))
 
 class PatternMismatch(Problem):
+    """
+    A problem that occurs when something doesn't match the expected pattern.
+    Created with NameCheck.check_match_pattern()
+
+    Fields:
+    * pattern: the expected regex pattern
+    * match: the Match object in question
+    """
     def __init__(self, pattern, match):
         self.pattern = pattern
         self.match = match
         Problem.__init__(self)
-    
+
     def __str__(self):
         return self.textwrapper.fill(
             "{0}: '{1}' does not match the required pattern '{2}'."
             .format(self.match.filename, self.match.name, self.pattern))
 
 class Typo(Problem):
+    """
+    A problem that occurs when a word using MBED doesn't appear to be defined as
+    constants nor enum values. Created with NameCheck.check_for_typos()
+
+    Fields:
+    * match: the Match object of the MBED name in question.
+    """
     def __init__(self, match):
         self.match = match
         Problem.__init__(self)
-    
+
     def __str__(self):
         return self.textwrapper.fill(
             "{0}: '{1}' looks like a typo. It was not found in any macros or "
@@ -84,11 +129,15 @@ class Typo(Problem):
             .format(self.match.filename, self.match.name))
 
 class NameCheck(object):
+    """
+    Representation of the core name checking operation performed by this script.
+    Shares a common logger, common excluded filenames, and a shared return_code.
+    """
     def __init__(self):
         self.log = None
         self.check_repo_path()
         self.return_code = 0
-        self.excluded_files = ["bn_mul"]
+        self.excluded_files = ["bn_mul", "compat-2.x.h"]
 
     def set_return_code(self, return_code):
         if return_code > self.return_code:
@@ -97,7 +146,7 @@ class NameCheck(object):
     def setup_logger(self, verbose=False):
         """
         Set up a logger and set the change the default logging level from
-        WARNING to INFO. Loggers are better than print statements since their 
+        WARNING to INFO. Loggers are better than print statements since their
         verbosity can be controlled.
         """
         self.log = logging.getLogger()
@@ -119,6 +168,16 @@ class NameCheck(object):
             raise Exception("Must be run from Mbed TLS root")
 
     def get_files(self, extension, directory):
+        """
+        Get all files that end with .extension in the specified directory
+        recursively.
+
+        Args:
+        * extension: the file extension to search for, without the dot
+        * directory: the directory to recursively search for
+
+        Returns a List of relative filepaths.
+        """
         filenames = []
         for root, dirs, files in sorted(os.walk(directory)):
             for filename in sorted(files):
@@ -127,15 +186,65 @@ class NameCheck(object):
                     filenames.append(os.path.join(root, filename))
         return filenames
 
+    def parse_names_in_source(self):
+        """
+        Calls each parsing function to retrieve various elements of the code,
+        together with their source location. Puts the parsed values in the
+        internal variable self.parse_result.
+        """
+        self.log.info("Parsing source code...")
+
+        m_headers = self.get_files("h", os.path.join("include", "mbedtls"))
+        p_headers = self.get_files("h", os.path.join("include", "psa"))
+        t_headers = ["3rdparty/everest/include/everest/everest.h",
+                     "3rdparty/everest/include/everest/x25519.h"]
+        d_headers = self.get_files("h", os.path.join("tests", "include", "test", "drivers"))
+        l_headers = self.get_files("h", "library")
+        libraries = self.get_files("c", "library") + [
+            "3rdparty/everest/library/everest.c",
+            "3rdparty/everest/library/x25519.c"]
+
+        all_macros = self.parse_macros(
+            m_headers + p_headers + t_headers + l_headers + d_headers)
+        enum_consts = self.parse_enum_consts(
+            m_headers + l_headers + t_headers)
+        identifiers = self.parse_identifiers(
+            m_headers + p_headers + t_headers + l_headers)
+        mbed_names = self.parse_MBED_names(
+            m_headers + p_headers + t_headers + l_headers + libraries)
+        symbols = self.parse_symbols()
+
+        # Remove identifier macros like mbedtls_printf or mbedtls_calloc
+        identifiers_justname = [x.name for x in identifiers]
+        actual_macros = []
+        for macro in all_macros:
+            if macro.name not in identifiers_justname:
+                actual_macros.append(macro)
+
+        self.log.debug("Found:")
+        self.log.debug("  {} Macros".format(len(all_macros)))
+        self.log.debug("  {} Non-identifier Macros".format(len(actual_macros)))
+        self.log.debug("  {} Enum Constants".format(len(enum_consts)))
+        self.log.debug("  {} Identifiers".format(len(identifiers)))
+        self.log.debug("  {} Exported Symbols".format(len(symbols)))
+        self.log.info("Analysing...")
+
+        self.parse_result = {
+            "macros": actual_macros,
+            "enum_consts": enum_consts,
+            "identifiers": identifiers,
+            "symbols": symbols,
+            "mbed_names": mbed_names
+        }
+
     def parse_macros(self, header_files):
         """
         Parse all macros defined by #define preprocessor directives.
 
         Args:
-            header_files: A list of filepaths to look through.
-        
-        Returns:
-            A list of Match objects for the macros.
+        * header_files: A List of filepaths to look through.
+
+        Returns a List of Match objects for the found macros.
         """
         MACRO_REGEX = r"#define (?P<macro>\w+)"
         NON_MACROS = (
@@ -147,36 +256,36 @@ class NameCheck(object):
         for header_file in header_files:
             with open(header_file, "r") as header:
                 for line in header:
-                    macro = re.search(MACRO_REGEX, line)
-                    if (macro and
-                        not macro.group("macro").startswith(NON_MACROS)):
-                        macros.append(Match(
-                            header_file,
-                            line,
-                            (macro.start(), macro.end()),
-                            macro.group("macro")))
+                    for macro in re.finditer(MACRO_REGEX, line):
+                        if not macro.group("macro").startswith(NON_MACROS):
+                            macros.append(Match(
+                                header_file,
+                                line,
+                                (macro.start(), macro.end()),
+                                macro.group("macro")))
 
         return macros
 
     def parse_MBED_names(self, files):
         """
         Parse all words in the file that begin with MBED. Includes macros.
+        There have been typos of TLS, hence the broader check than MBEDTLS.
 
         Args:
-            files: A list of filepaths to look through.
-        
-        Returns:
-            A list of Match objects for words beginning with MBED.
+        * files: a List of filepaths to look through.
+
+        Returns a List of Match objects for words beginning with MBED.
         """
         MBED_names = []
-        
+
         for filename in files:
             with open(filename, "r") as fp:
                 for line in fp:
-                    # Ignore any names that are deliberately opted-out
-                    if re.search(r"// *no-check-names", line):
+                    # Ignore any names that are deliberately opted-out or in
+                    # legacy error directives
+                    if re.search(r"// *no-check-names|#error", line):
                         continue
-                    
+
                     for name in re.finditer(r"\bMBED.+?_[A-Z0-9_]*", line):
                         MBED_names.append(Match(
                             filename,
@@ -192,16 +301,18 @@ class NameCheck(object):
         Parse all enum value constants that are declared.
 
         Args:
-            header_files: A list of filepaths to look through.
+        * header_files: A List of filepaths to look through.
 
-        Returns:
-            A list of (enum constants, containing filename).
+        Returns a List of Match objects for the findings.
         """
 
         enum_consts = []
 
         for header_file in header_files:
             # Emulate a finite state machine to parse enum declarations.
+            # 0 = not in enum
+            # 1 = inside enum
+            # 2 = almost inside enum
             state = 0
             with open(header_file, "r") as header:
                 for line in header:
@@ -221,23 +332,28 @@ class NameCheck(object):
                                 line,
                                 (enum_const.start(), enum_const.end()),
                                 enum_const.group("enum_const")))
-        
+
         return enum_consts
 
     def parse_identifiers(self, header_files):
         """
         Parse all lines of a header where a function identifier is declared,
-        based on some huersitics. Assumes every line that is not a comment or a
-        preprocessor directive contains some identifier.
+        based on some huersitics. Highly dependent on formatting style.
 
         Args:
-            header_files: A list of filepaths to look through.
-        
-        Returns:
-            A list of (identifier, containing filename)
+        * header_files: A List of filepaths to look through.
+
+        Returns a List of Match objects with identifiers.
         """
-        EXCLUDED_DECLARATIONS = (
-            r"^(extern \"C\"|(typedef )?(struct|union|enum)( {)?$|};?$|$)"
+        EXCLUDED_LINES = (
+            r"^("
+               r"extern \"C\"|"
+               r"(typedef )?(struct|union|enum)( {)?$|"
+               r"};?$|"
+               r"$|"
+               r"//|"
+               r"#"
+            r")"
         )
 
         identifiers = []
@@ -245,39 +361,69 @@ class NameCheck(object):
         for header_file in header_files:
             with open(header_file, "r") as header:
                 in_block_comment = False
+                previous_line = None
 
                 for line in header:
-                    # Skip parsing this line if it begins or ends a block
-                    # comment, and set the state machine's state.
+                    # Skip parsing this line if a block comment ends on it,
+                    # but don't skip if it has just started -- there is a chance
+                    # it ends on the same line.
                     if re.search(r"/\*", line):
-                        in_block_comment = True
-                        continue
-                    elif re.search(r"\*/", line) and in_block_comment:
-                        in_block_comment = False
-                        continue
-                    
-                    # Skip parsing this line if it's a line comment, or if it
-                    # begins with a preprocessor directive
-                    if in_block_comment or re.match(r"^(//|#)", line):
+                        in_block_comment = not in_block_comment
+                    if re.search(r"\*/", line):
+                        in_block_comment = not in_block_comment
                         continue
 
-                    if re.match(EXCLUDED_DECLARATIONS, line):
+                    if in_block_comment:
+                        previous_line = None
+                        continue
+
+                    if re.match(EXCLUDED_LINES, line):
+                        previous_line = None
+                        continue
+
+                    # Match "^something something$", with optional inline/static
+                    # This *might* be a function with its argument brackets on
+                    # the next line, or a struct declaration, so keep note of it
+                    if re.match(
+                        r"(inline |static |typedef )*\w+ \w+$",
+                        line):
+                        previous_line = line
+                        continue
+
+                    # If previous line seemed to start an unfinished declaration
+                    # (as above), and this line begins with a bracket, concat
+                    # them and treat them as one line.
+                    if previous_line and re.match(" *[\({]", line):
+                        line = previous_line.strip() + line.strip()
+                        previous_line = None
+
+                    # Skip parsing if line has a space in front = hueristic to
+                    # skip function argument lines (highly subject to formatting
+                    # changes)
+                    if line[0] == " ":
                         continue
 
                     identifier = re.search(
-                        # Matches: "mbedtls_aes_init("
-                        r"([a-zA-Z_][a-zA-Z0-9_]*)\(",
+                        # Match something(
+                        r".* \**(\w+)\(|"
+                        # Match (*something)(
+                        r".*\( *\* *(\w+) *\) *\(|"
+                        # Match names of named data structures
+                        r"(?:typedef +)?(?:struct|union|enum) +(\w+)(?: *{)?$|"
+                        # Match names of typedef instances, after closing bracket
+                        r"}? *(\w+)[;[].*",
                         line
                     )
 
                     if identifier:
+                        # Find the group that matched, and append it
                         for group in identifier.groups():
                             if group:
                                 identifiers.append(Match(
                                     header_file,
                                     line,
                                     (identifier.start(), identifier.end()),
-                                    identifier.group(1)))
+                                    group))
 
         return identifiers
 
@@ -285,19 +431,23 @@ class NameCheck(object):
         """
         Compile the Mbed TLS libraries, and parse the TLS, Crypto, and x509
         object files using nm to retrieve the list of referenced symbols.
-        
-        Returns:
-            A list of unique symbols defined and used in the libraries.
-        """
+        Exceptions thrown here are rethrown because they would be critical
+        errors that void several tests, and thus needs to halt the program. This
+        is explicitly done for clarity.
 
+        Returns a List of unique symbols defined and used in the libraries.
+        """
+        self.log.info("Compiling...")
         symbols = []
 
         # Back up the config and atomically compile with the full configratuion.
         shutil.copy("include/mbedtls/mbedtls_config.h",
-                    "include/mbedtls/mbedtls_config.h.bak")        
+                    "include/mbedtls/mbedtls_config.h.bak")
         try:
+            # Use check=True in all subprocess calls so that failures are raised
+            # as exceptions and logged.
             subprocess.run(
-                ["perl", "scripts/config.py", "full"],
+                ["python3", "scripts/config.py", "full"],
                 encoding=sys.stdout.encoding,
                 check=True
             )
@@ -326,8 +476,8 @@ class NameCheck(object):
                 check=True
             )
         except subprocess.CalledProcessError as error:
-            self.log.error(error)
             self.set_return_code(2)
+            raise error
         finally:
             shutil.move("include/mbedtls/mbedtls_config.h.bak",
                         "include/mbedtls/mbedtls_config.h")
@@ -339,8 +489,11 @@ class NameCheck(object):
         Run nm to retrieve the list of referenced symbols in each object file.
         Does not return the position data since it is of no use.
 
-        Returns:
-            A list of unique symbols defined and used in any of the object files.
+        Args:
+        * object_files: a List of compiled object files to search through.
+
+        Returns a List of unique symbols defined and used in any of the object
+        files.
         """
         UNDEFINED_SYMBOL = r"^\S+: +U |^$|^\S+:$"
         VALID_SYMBOL = r"^\S+( [0-9A-Fa-f]+)* . _*(?P<symbol>\w+)"
@@ -348,6 +501,7 @@ class NameCheck(object):
 
         symbols = []
 
+        # Gather all outputs of nm
         nm_output = ""
         for lib in object_files:
             nm_output += subprocess.run(
@@ -357,6 +511,7 @@ class NameCheck(object):
                 stderr=subprocess.STDOUT,
                 check=True
             ).stdout
+
         for line in nm_output.splitlines():
             if not re.match(UNDEFINED_SYMBOL, line):
                 symbol = re.match(VALID_SYMBOL, line)
@@ -364,86 +519,49 @@ class NameCheck(object):
                     symbols.append(symbol.group("symbol"))
                 else:
                     self.log.error(line)
-        
+
         return symbols
 
-    def parse_names_in_source(self):
-        """
-        Calls each parsing function to retrieve various elements of the code,
-        together with their source location. Puts the parsed values in the
-        internal variable self.parse_result.
-        """
-        self.log.info("Parsing source code...")
-
-        m_headers = self.get_files("h", os.path.join("include", "mbedtls"))
-        p_headers = self.get_files("h", os.path.join("include", "psa"))
-        t_headers = ["3rdparty/everest/include/everest/everest.h",
-                     "3rdparty/everest/include/everest/x25519.h"]
-        d_headers = self.get_files("h", os.path.join("tests", "include", "test", "drivers"))
-        l_headers = self.get_files("h", "library")
-        libraries = self.get_files("c", "library") + [
-            "3rdparty/everest/library/everest.c",
-            "3rdparty/everest/library/x25519.c"]
-        
-        all_macros = self.parse_macros(
-            m_headers + p_headers + t_headers + l_headers + d_headers)
-        enum_consts = self.parse_enum_consts(m_headers + l_headers + t_headers)
-        identifiers = self.parse_identifiers(m_headers + p_headers + t_headers + l_headers)
-        symbols = self.parse_symbols()
-        mbed_names = self.parse_MBED_names(
-            m_headers + p_headers + t_headers + l_headers + libraries)
-        
-        # Remove identifier macros like mbedtls_printf or mbedtls_calloc
-        macros = list(set(all_macros) - set(identifiers))
-
-        self.log.info("Found:")
-        self.log.info("  {} Macros".format(len(all_macros)))
-        self.log.info("  {} Enum Constants".format(len(enum_consts)))
-        self.log.info("  {} Identifiers".format(len(identifiers)))
-        self.log.info("  {} Exported Symbols".format(len(symbols)))
-        self.log.info("Analysing...")
-
-        self.parse_result = {
-            "macros": macros,
-            "enum_consts": enum_consts,
-            "identifiers": identifiers,
-            "symbols": symbols,
-            "mbed_names": mbed_names
-        }
-
-    def perform_checks(self):
+    def perform_checks(self, show_problems: True):
         """
         Perform each check in order, output its PASS/FAIL status. Maintain an
         overall test status, and output that at the end.
+
+        Args:
+        * show_problems: whether to show the problematic examples.
         """
+        self.log.info("=============")
         problems = 0
 
-        problems += self.check_symbols_declared_in_header()
+        problems += self.check_symbols_declared_in_header(show_problems)
 
         pattern_checks = [
             ("macros", MACRO_PATTERN),
-            ("enum_consts", MACRO_PATTERN),
+            ("enum_consts", CONSTANTS_PATTERN),
             ("identifiers", IDENTIFIER_PATTERN)]
         for group, check_pattern in pattern_checks:
-            problems += self.check_match_pattern(group, check_pattern)
+            problems += self.check_match_pattern(
+                show_problems, group, check_pattern)
 
-        problems += self.check_for_typos()
+        problems += self.check_for_typos(show_problems)
 
         self.log.info("=============")
         if problems > 0:
             self.log.info("FAIL: {0} problem(s) to fix".format(str(problems)))
+            if not show_problems:
+                self.log.info("Remove --quiet to show the problems.")
         else:
             self.log.info("PASS")
 
-    def check_symbols_declared_in_header(self):
+    def check_symbols_declared_in_header(self, show_problems):
         """
         Perform a check that all detected symbols in the library object files
         are properly declared in headers.
-        
-        Outputs to the logger the PASS/FAIL status, followed by the location of
-        problems.
 
-        Returns the number of problems that needs fixing.
+        Args:
+        * show_problems: whether to show the problematic examples.
+
+        Returns the number of problems that need fixing.
         """
         problems = []
         for symbol in self.parse_result["symbols"]:
@@ -452,39 +570,48 @@ class NameCheck(object):
                 if symbol == identifier_match.name:
                     found_symbol_declared = True
                     break
-            
+
             if not found_symbol_declared:
                 problems.append(SymbolNotInHeader(symbol))
 
-        if problems:
-            self.set_return_code(1)
-            self.log.info("All symbols in header: FAIL")
-            for problem in problems:
-                self.log.info(str(problem) + "\n")
-        else:
-            self.log.info("All symbols in header: PASS")
-        
+        self.output_check_result("All symbols in header", problems, show_problems)
         return len(problems)
 
-    def check_match_pattern(self, group_to_check, check_pattern):
+
+    def check_match_pattern(self, show_problems, group_to_check, check_pattern):
+        """
+        Perform a check that all items of a group conform to a regex pattern.
+
+        Args:
+        * show_problems: whether to show the problematic examples.
+        * group_to_check: string key to index into self.parse_result.
+        * check_pattern: the regex to check against.
+
+        Returns the number of problems that need fixing.
+        """
         problems = []
         for item_match in self.parse_result[group_to_check]:
             if not re.match(check_pattern, item_match.name):
                 problems.append(PatternMismatch(check_pattern, item_match))
             if re.match(r".*__.*", item_match.name):
                 problems.append(PatternMismatch("double underscore", item_match))
-        
-        if problems:
-            self.set_return_code(1)
-            self.log.info("Naming patterns of {}: FAIL".format(group_to_check))
-            for problem in problems:
-                self.log.info(str(problem) + "\n")
-        else:
-            self.log.info("Naming patterns of {}: PASS".format(group_to_check))
-        
+
+        self.output_check_result(
+            "Naming patterns of {}".format(group_to_check),
+            problems,
+            show_problems)
         return len(problems)
 
-    def check_for_typos(self):
+    def check_for_typos(self, show_problems):
+        """
+        Perform a check that all words in the soure code beginning with MBED are
+        either defined as macros, or as enum constants.
+
+        Args:
+        * show_problems: whether to show the problematic examples.
+
+        Returns the number of problems that need fixing.
+        """
         problems = []
         all_caps_names = list(set([
             match.name for match
@@ -494,23 +621,45 @@ class NameCheck(object):
         TYPO_EXCLUSION = r"XXX|__|_$|^MBEDTLS_.*CONFIG_FILE$"
 
         for name_match in self.parse_result["mbed_names"]:
-            if name_match.name not in all_caps_names:
-                if not re.search(TYPO_EXCLUSION, name_match.name):
+            found = name_match.name in all_caps_names
+
+            # Since MBEDTLS_PSA_ACCEL_XXX defines are defined by the
+            # PSA driver, they will not exist as macros. However, they
+            # should still be checked for typos using the equivalent
+            # BUILTINs that exist.
+            if "MBEDTLS_PSA_ACCEL_" in name_match.name:
+                found = name_match.name.replace(
+                    "MBEDTLS_PSA_ACCEL_",
+                    "MBEDTLS_PSA_BUILTIN_") in all_caps_names
+
+            if not found and not re.search(TYPO_EXCLUSION, name_match.name):
                     problems.append(Typo(name_match))
 
+        self.output_check_result("Likely typos", problems, show_problems)
+        return len(problems)
+
+    def output_check_result(self, name, problems, show_problems):
+        """
+        Write out the PASS/FAIL status of a performed check depending on whether
+        there were problems.
+
+        Args:
+        * show_problems: whether to show the problematic examples.
+        """
         if problems:
             self.set_return_code(1)
-            self.log.info("Likely typos: FAIL")
-            for problem in problems:
-                self.log.info(str(problem) + "\n")
+            self.log.info("{}: FAIL".format(name))
+            if show_problems:
+                self.log.info("")
+                for problem in problems:
+                    self.log.warn(str(problem) + "\n")
         else:
-            self.log.info("Likely typos: PASS")
-        
-        return len(problems)
+            self.log.info("{}: PASS".format(name))
 
 def main():
     """
-    Main function, parses command-line arguments.
+    Perform argument parsing, and create an instance of NameCheck to begin the
+    core operation.
     """
 
     parser = argparse.ArgumentParser(
@@ -523,20 +672,28 @@ def main():
 
     parser.add_argument("-v", "--verbose",
                         action="store_true",
-                        help="enable script debug outputs")
-    
+                        help="show parse results")
+
+    parser.add_argument("-q", "--quiet",
+                        action="store_true",
+                        help="hide unnecessary text and problematic examples")
+
     args = parser.parse_args()
 
     try:
         name_check = NameCheck()
         name_check.setup_logger(verbose=args.verbose)
         name_check.parse_names_in_source()
-        name_check.perform_checks()
+        name_check.perform_checks(show_problems=not args.quiet)
+        sys.exit(name_check.return_code)
+    except subprocess.CalledProcessError as error:
+        traceback.print_exc()
+        print("!! Compilation faced a critical error, "
+              "check-names can't continue further.")
         sys.exit(name_check.return_code)
     except Exception:
         traceback.print_exc()
         sys.exit(2)
 
-
 if __name__ == "__main__":
     main()

From 201f9e85cad648db01895af6e79084a064bdab8a Mon Sep 17 00:00:00 2001
From: Yuto Takano <yuto.takano@arm.com>
Date: Fri, 6 Aug 2021 16:36:54 +0100
Subject: [PATCH 183/966] Make use of -v to log some debug information

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
---
 tests/scripts/check-names.py | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/tests/scripts/check-names.py b/tests/scripts/check-names.py
index 828702b172..e3863cfc8d 100755
--- a/tests/scripts/check-names.py
+++ b/tests/scripts/check-names.py
@@ -141,6 +141,7 @@ class NameCheck(object):
 
     def set_return_code(self, return_code):
         if return_code > self.return_code:
+            self.log.debug("Setting new return code to {}".format(return_code))
             self.return_code = return_code
 
     def setup_logger(self, verbose=False):
@@ -252,7 +253,7 @@ class NameCheck(object):
         )
 
         macros = []
-
+        self.log.debug("Looking for macros in {} files".format(len(header_files)))
         for header_file in header_files:
             with open(header_file, "r") as header:
                 for line in header:
@@ -277,7 +278,7 @@ class NameCheck(object):
         Returns a List of Match objects for words beginning with MBED.
         """
         MBED_names = []
-
+        self.log.debug("Looking for MBED names in {} files".format(len(files)))
         for filename in files:
             with open(filename, "r") as fp:
                 for line in fp:
@@ -307,7 +308,7 @@ class NameCheck(object):
         """
 
         enum_consts = []
-
+        self.log.debug("Looking for enum consts in {} files".format(len(header_files)))
         for header_file in header_files:
             # Emulate a finite state machine to parse enum declarations.
             # 0 = not in enum
@@ -357,7 +358,7 @@ class NameCheck(object):
         )
 
         identifiers = []
-
+        self.log.debug("Looking for identifiers in {} files".format(len(header_files)))
         for header_file in header_files:
             with open(header_file, "r") as header:
                 in_block_comment = False
@@ -593,6 +594,7 @@ class NameCheck(object):
         for item_match in self.parse_result[group_to_check]:
             if not re.match(check_pattern, item_match.name):
                 problems.append(PatternMismatch(check_pattern, item_match))
+            # Double underscore is a reserved identifier, never to be used
             if re.match(r".*__.*", item_match.name):
                 problems.append(PatternMismatch("double underscore", item_match))
 
@@ -633,7 +635,7 @@ class NameCheck(object):
                     "MBEDTLS_PSA_BUILTIN_") in all_caps_names
 
             if not found and not re.search(TYPO_EXCLUSION, name_match.name):
-                    problems.append(Typo(name_match))
+                problems.append(Typo(name_match))
 
         self.output_check_result("Likely typos", problems, show_problems)
         return len(problems)

From 5939a2a4de08e4c1be482532d329411af823294e Mon Sep 17 00:00:00 2001
From: Yuto Takano <yuto.takano@arm.com>
Date: Fri, 6 Aug 2021 16:40:30 +0100
Subject: [PATCH 184/966] Check environment by verifying other dirs' existence

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
---
 tests/scripts/check-names.py | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/tests/scripts/check-names.py b/tests/scripts/check-names.py
index e3863cfc8d..b9e028bdd3 100755
--- a/tests/scripts/check-names.py
+++ b/tests/scripts/check-names.py
@@ -162,11 +162,10 @@ class NameCheck(object):
         Check that the current working directory is the project root, and throw
         an exception if not.
         """
-        current_dir = os.path.realpath('.')
-        root_dir = os.path.dirname(os.path.dirname(
-            os.path.dirname(os.path.realpath(__file__))))
-        if current_dir != root_dir:
-            raise Exception("Must be run from Mbed TLS root")
+        if (not os.path.isdir("include") or
+            not os.path.isdir("tests") or
+            not os.path.isdir("library")):
+            raise Exception("This script must be run from Mbed TLS root")
 
     def get_files(self, extension, directory):
         """

From d24e037dd1742af979d046cff4be0ea583f3791c Mon Sep 17 00:00:00 2001
From: Yuto Takano <yuto.takano@arm.com>
Date: Fri, 6 Aug 2021 16:42:33 +0100
Subject: [PATCH 185/966] Warn user if files are excluded from search

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
---
 tests/scripts/check-names.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/tests/scripts/check-names.py b/tests/scripts/check-names.py
index b9e028bdd3..406810b8c4 100755
--- a/tests/scripts/check-names.py
+++ b/tests/scripts/check-names.py
@@ -193,6 +193,10 @@ class NameCheck(object):
         internal variable self.parse_result.
         """
         self.log.info("Parsing source code...")
+        self.log.debug(
+            "The following files are excluded from the search: {}"
+            .format(str(self.excluded_files))
+        )
 
         m_headers = self.get_files("h", os.path.join("include", "mbedtls"))
         p_headers = self.get_files("h", os.path.join("include", "psa"))

From 5c1acf2735c103c70251df2d389a152138ae0e8f Mon Sep 17 00:00:00 2001
From: Yuto Takano <yuto.takano@arm.com>
Date: Fri, 6 Aug 2021 16:44:08 +0100
Subject: [PATCH 186/966] Match macros with spaces between # and define

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
---
 tests/scripts/check-names.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/scripts/check-names.py b/tests/scripts/check-names.py
index 406810b8c4..7286cb751e 100755
--- a/tests/scripts/check-names.py
+++ b/tests/scripts/check-names.py
@@ -250,7 +250,7 @@ class NameCheck(object):
 
         Returns a List of Match objects for the found macros.
         """
-        MACRO_REGEX = r"#define (?P<macro>\w+)"
+        MACRO_REGEX = r"# *define +(?P<macro>\w+)"
         NON_MACROS = (
             "asm", "inline", "EMIT", "_CRT_SECURE_NO_DEPRECATE", "MULADDC_"
         )

From 13ecd996fc87e9da03fd0b4013e00f2be8e00394 Mon Sep 17 00:00:00 2001
From: Yuto Takano <yuto.takano@arm.com>
Date: Fri, 6 Aug 2021 16:56:52 +0100
Subject: [PATCH 187/966] Improve regex to adapt to flexible spaces

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
---
 tests/scripts/check-names.py | 21 ++++++++++++---------
 1 file changed, 12 insertions(+), 9 deletions(-)

diff --git a/tests/scripts/check-names.py b/tests/scripts/check-names.py
index 7286cb751e..100001beeb 100755
--- a/tests/scripts/check-names.py
+++ b/tests/scripts/check-names.py
@@ -320,16 +320,19 @@ class NameCheck(object):
             state = 0
             with open(header_file, "r") as header:
                 for line in header:
-                    if state is 0 and re.match(r"^(typedef )?enum {", line):
+                    # Match typedefs and brackets only when they are at the
+                    # beginning of the line -- if they are indented, they might
+                    # be sub-structures within structs, etc.
+                    if state is 0 and re.match(r"^(typedef +)?enum +{", line):
                         state = 1
-                    elif state is 0 and re.match(r"^(typedef )?enum", line):
+                    elif state is 0 and re.match(r"^(typedef +)?enum", line):
                         state = 2
                     elif state is 2 and re.match(r"^{", line):
                         state = 1
                     elif state is 1 and re.match(r"^}", line):
                         state = 0
-                    elif state is 1 and not re.match(r"^#", line):
-                        enum_const = re.match(r"^\s*(?P<enum_const>\w+)", line)
+                    elif state is 1 and not re.match(r" *#", line):
+                        enum_const = re.match(r" *(?P<enum_const>\w+)", line)
                         if enum_const:
                             enum_consts.append(Match(
                                 header_file,
@@ -351,9 +354,9 @@ class NameCheck(object):
         """
         EXCLUDED_LINES = (
             r"^("
-               r"extern \"C\"|"
-               r"(typedef )?(struct|union|enum)( {)?$|"
-               r"};?$|"
+               r"extern +\"C\"|"
+               r"(typedef +)?(struct|union|enum)( *{)?$|"
+               r"} *;?$|"
                r"$|"
                r"//|"
                r"#"
@@ -389,7 +392,7 @@ class NameCheck(object):
                     # This *might* be a function with its argument brackets on
                     # the next line, or a struct declaration, so keep note of it
                     if re.match(
-                        r"(inline |static |typedef )*\w+ \w+$",
+                        r"(inline +|static +|typedef +)*\w+ +\w+$",
                         line):
                         previous_line = line
                         continue
@@ -408,7 +411,7 @@ class NameCheck(object):
                         continue
 
                     identifier = re.search(
-                        # Match something(
+                        # Match " something(" or " *something(". function calls.
                         r".* \**(\w+)\(|"
                         # Match (*something)(
                         r".*\( *\* *(\w+) *\) *\(|"

From 159255ab7bacc519b4364b8ff9f23ed0d9e88744 Mon Sep 17 00:00:00 2001
From: Yuto Takano <yuto.takano@arm.com>
Date: Fri, 6 Aug 2021 17:00:28 +0100
Subject: [PATCH 188/966] Document dependency on nm

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
---
 tests/scripts/check-names.py | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/tests/scripts/check-names.py b/tests/scripts/check-names.py
index 100001beeb..659eda9039 100755
--- a/tests/scripts/check-names.py
+++ b/tests/scripts/check-names.py
@@ -17,11 +17,13 @@
 
 """
 This script confirms that the naming of all symbols and identifiers in Mbed TLS
-are consistent with the house style and are also self-consistent. It performs
-the following checks:
+are consistent with the house style and are also self-consistent. It only runs
+on Linux and macOS since it depends on nm.
+
+The script performs the following checks:
 
 - All exported and available symbols in the library object files, are explicitly
-  declared in the header files.
+  declared in the header files. This uses the nm command.
 - All macros, constants, and identifiers (function names, struct names, etc)
   follow the required pattern.
 - Typo checking: All words that begin with MBED exist as macros or constants.

From a4e751257a27af4fd8277d37c4c85e852b3429c0 Mon Sep 17 00:00:00 2001
From: Yuto Takano <yuto.takano@arm.com>
Date: Fri, 6 Aug 2021 17:23:28 +0100
Subject: [PATCH 189/966] Output line number, line, and position of error

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
---
 tests/scripts/check-names.py | 43 ++++++++++++++++++++++++++++++------
 1 file changed, 36 insertions(+), 7 deletions(-)

diff --git a/tests/scripts/check-names.py b/tests/scripts/check-names.py
index 659eda9039..5213bf4da3 100755
--- a/tests/scripts/check-names.py
+++ b/tests/scripts/check-names.py
@@ -52,15 +52,23 @@ class Match(object):
     Fields:
     * filename: the file that the match was in.
     * line: the full line containing the match.
+    * line_no: the line number of the file.
     * pos: a tuple of (start, end) positions on the line where the match is.
     * name: the match itself.
     """
-    def __init__(self, filename, line, pos, name):
+    def __init__(self, filename, line, line_no, pos, name):
         self.filename = filename
         self.line = line
+        self.line_no = line_no
         self.pos = pos
         self.name = name
 
+    def __str__(self):
+        return (
+            "       |\n" +
+            "       | {}".format(self.line) +
+            "       | " + self.pos[0] * " " + (self.pos[1] - self.pos[0]) * "^"
+        )
 class Problem(object):
     """
     A parent class representing a form of static analysis error.
@@ -71,7 +79,7 @@ class Problem(object):
     def __init__(self):
         self.textwrapper = textwrap.TextWrapper()
         self.textwrapper.width = 80
-        self.textwrapper.initial_indent = "    * "
+        self.textwrapper.initial_indent = "    > "
         self.textwrapper.subsequent_indent = "      "
 
 class SymbolNotInHeader(Problem):
@@ -109,8 +117,12 @@ class PatternMismatch(Problem):
 
     def __str__(self):
         return self.textwrapper.fill(
-            "{0}: '{1}' does not match the required pattern '{2}'."
-            .format(self.match.filename, self.match.name, self.pattern))
+            "{0}:{1}: '{2}' does not match the required pattern '{3}'."
+            .format(
+                self.match.filename,
+                self.match.line_no,
+                self.match.name,
+                self.pattern)) + "\n" + str(self.match)
 
 class Typo(Problem):
     """
@@ -125,10 +137,15 @@ class Typo(Problem):
         Problem.__init__(self)
 
     def __str__(self):
+        match_len = self.match.pos[1] - self.match.pos[0]
         return self.textwrapper.fill(
-            "{0}: '{1}' looks like a typo. It was not found in any macros or "
-            "any enums. If this is not a typo, put //no-check-names after it."
-            .format(self.match.filename, self.match.name))
+            "{0}:{1}: '{2}' looks like a typo. It was not found in any "
+            "macros or any enums. If this is not a typo, put "
+            "//no-check-names after it."
+            .format(
+                self.match.filename,
+                self.match.line_no,
+                self.match.name)) + "\n" + str(self.match)
 
 class NameCheck(object):
     """
@@ -261,12 +278,15 @@ class NameCheck(object):
         self.log.debug("Looking for macros in {} files".format(len(header_files)))
         for header_file in header_files:
             with open(header_file, "r") as header:
+                line_no = 0
                 for line in header:
+                    line_no += 1
                     for macro in re.finditer(MACRO_REGEX, line):
                         if not macro.group("macro").startswith(NON_MACROS):
                             macros.append(Match(
                                 header_file,
                                 line,
+                                line_no,
                                 (macro.start(), macro.end()),
                                 macro.group("macro")))
 
@@ -286,7 +306,9 @@ class NameCheck(object):
         self.log.debug("Looking for MBED names in {} files".format(len(files)))
         for filename in files:
             with open(filename, "r") as fp:
+                line_no = 0
                 for line in fp:
+                    line_no += 1
                     # Ignore any names that are deliberately opted-out or in
                     # legacy error directives
                     if re.search(r"// *no-check-names|#error", line):
@@ -296,6 +318,7 @@ class NameCheck(object):
                         MBED_names.append(Match(
                             filename,
                             line,
+                            line_no,
                             (name.start(), name.end()),
                             name.group(0)
                             ))
@@ -321,7 +344,9 @@ class NameCheck(object):
             # 2 = almost inside enum
             state = 0
             with open(header_file, "r") as header:
+                line_no = 0
                 for line in header:
+                    line_no += 1
                     # Match typedefs and brackets only when they are at the
                     # beginning of the line -- if they are indented, they might
                     # be sub-structures within structs, etc.
@@ -339,6 +364,7 @@ class NameCheck(object):
                             enum_consts.append(Match(
                                 header_file,
                                 line,
+                                line_no,
                                 (enum_const.start(), enum_const.end()),
                                 enum_const.group("enum_const")))
 
@@ -369,10 +395,12 @@ class NameCheck(object):
         self.log.debug("Looking for identifiers in {} files".format(len(header_files)))
         for header_file in header_files:
             with open(header_file, "r") as header:
+                line_no = 0
                 in_block_comment = False
                 previous_line = None
 
                 for line in header:
+                    line_no += 1
                     # Skip parsing this line if a block comment ends on it,
                     # but don't skip if it has just started -- there is a chance
                     # it ends on the same line.
@@ -431,6 +459,7 @@ class NameCheck(object):
                                 identifiers.append(Match(
                                     header_file,
                                     line,
+                                    line_no,
                                     (identifier.start(), identifier.end()),
                                     group))
 

From 8f457cf2227151c7b1239167d586226e396fe337 Mon Sep 17 00:00:00 2001
From: Yuto Takano <yuto.takano@arm.com>
Date: Fri, 6 Aug 2021 17:54:58 +0100
Subject: [PATCH 190/966] Use enumerate() to get line numbers

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
---
 tests/scripts/check-names.py | 16 ++++------------
 1 file changed, 4 insertions(+), 12 deletions(-)

diff --git a/tests/scripts/check-names.py b/tests/scripts/check-names.py
index 5213bf4da3..07e29458cb 100755
--- a/tests/scripts/check-names.py
+++ b/tests/scripts/check-names.py
@@ -278,9 +278,7 @@ class NameCheck(object):
         self.log.debug("Looking for macros in {} files".format(len(header_files)))
         for header_file in header_files:
             with open(header_file, "r") as header:
-                line_no = 0
-                for line in header:
-                    line_no += 1
+                for line_no, line in enumerate(header):
                     for macro in re.finditer(MACRO_REGEX, line):
                         if not macro.group("macro").startswith(NON_MACROS):
                             macros.append(Match(
@@ -306,9 +304,7 @@ class NameCheck(object):
         self.log.debug("Looking for MBED names in {} files".format(len(files)))
         for filename in files:
             with open(filename, "r") as fp:
-                line_no = 0
-                for line in fp:
-                    line_no += 1
+                for line_no, line in enumerate(fp):
                     # Ignore any names that are deliberately opted-out or in
                     # legacy error directives
                     if re.search(r"// *no-check-names|#error", line):
@@ -344,9 +340,7 @@ class NameCheck(object):
             # 2 = almost inside enum
             state = 0
             with open(header_file, "r") as header:
-                line_no = 0
-                for line in header:
-                    line_no += 1
+                for line_no, line in enumerate(header):
                     # Match typedefs and brackets only when they are at the
                     # beginning of the line -- if they are indented, they might
                     # be sub-structures within structs, etc.
@@ -395,12 +389,10 @@ class NameCheck(object):
         self.log.debug("Looking for identifiers in {} files".format(len(header_files)))
         for header_file in header_files:
             with open(header_file, "r") as header:
-                line_no = 0
                 in_block_comment = False
                 previous_line = None
 
-                for line in header:
-                    line_no += 1
+                for line_no, line in enumerate(header):
                     # Skip parsing this line if a block comment ends on it,
                     # but don't skip if it has just started -- there is a chance
                     # it ends on the same line.

From cfc9e4a275072d9e2e7dabc9a09bbdd005e1cdfa Mon Sep 17 00:00:00 2001
From: Yuto Takano <yuto.takano@arm.com>
Date: Fri, 6 Aug 2021 20:02:32 +0100
Subject: [PATCH 191/966] Change identifier regex to better support multiline
 declarations

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
---
 tests/scripts/check-names.py | 35 +++++++++++++++++++++--------------
 1 file changed, 21 insertions(+), 14 deletions(-)

diff --git a/tests/scripts/check-names.py b/tests/scripts/check-names.py
index 07e29458cb..8ee50702fb 100755
--- a/tests/scripts/check-names.py
+++ b/tests/scripts/check-names.py
@@ -410,20 +410,21 @@ class NameCheck(object):
                         previous_line = None
                         continue
 
-                    # Match "^something something$", with optional inline/static
-                    # This *might* be a function with its argument brackets on
-                    # the next line, or a struct declaration, so keep note of it
-                    if re.match(
-                        r"(inline +|static +|typedef +)*\w+ +\w+$",
-                        line):
-                        previous_line = line
+                    # If the line contains only space-separated alphanumeric
+                    # characters (or underscore, asterisk, or, open bracket),
+                    # and nothing else, high chance it's a declaration that
+                    # continues on the next line
+                    if re.match(r"^([\w\*\(]+\s+)+$", line):
+                        if previous_line:
+                            previous_line += " " + line
+                        else:
+                            previous_line = line
                         continue
 
                     # If previous line seemed to start an unfinished declaration
-                    # (as above), and this line begins with a bracket, concat
-                    # them and treat them as one line.
-                    if previous_line and re.match(" *[\({]", line):
-                        line = previous_line.strip() + line.strip()
+                    # (as above), concat and treat them as one.
+                    if previous_line:
+                        line = previous_line.strip() + " " + line.strip()
                         previous_line = None
 
                     # Skip parsing if line has a space in front = hueristic to
@@ -433,9 +434,15 @@ class NameCheck(object):
                         continue
 
                     identifier = re.search(
-                        # Match " something(" or " *something(". function calls.
-                        r".* \**(\w+)\(|"
-                        # Match (*something)(
+                        # Match " something(a" or " *something(a". Functions.
+                        # Assumptions:
+                        # - function definition from return type to one of its
+                        #   arguments is all on one line (enforced by the above
+                        #   previous_line concat)
+                        # - function definition line only contains alphanumeric,
+                        #   asterisk, underscore, and open bracket
+                        r".* \**(\w+) *\( *\w|"
+                        # Match "(*something)(". Flexible with spaces.
                         r".*\( *\* *(\w+) *\) *\(|"
                         # Match names of named data structures
                         r"(?:typedef +)?(?:struct|union|enum) +(\w+)(?: *{)?$|"

From 25eeb7b935418fdbd4c6b63cd724e9eaff468703 Mon Sep 17 00:00:00 2001
From: Yuto Takano <yuto.takano@arm.com>
Date: Fri, 6 Aug 2021 21:27:59 +0100
Subject: [PATCH 192/966] Output subprocess stdout if it errored

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
---
 tests/scripts/check-names.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tests/scripts/check-names.py b/tests/scripts/check-names.py
index 8ee50702fb..3310ae2a03 100755
--- a/tests/scripts/check-names.py
+++ b/tests/scripts/check-names.py
@@ -513,6 +513,7 @@ class NameCheck(object):
                 check=True
             )
         except subprocess.CalledProcessError as error:
+            self.log.debug(error.output)
             self.set_return_code(2)
             raise error
         finally:

From 9e0e0e9980788278eb8d41bfccf16a69bf21a252 Mon Sep 17 00:00:00 2001
From: Yuto Takano <yuto.takano@arm.com>
Date: Fri, 6 Aug 2021 22:01:37 +0100
Subject: [PATCH 193/966] Fix Pylint-detected function argument syntax error

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
---
 tests/scripts/check-names.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/scripts/check-names.py b/tests/scripts/check-names.py
index 3310ae2a03..349e66bdff 100755
--- a/tests/scripts/check-names.py
+++ b/tests/scripts/check-names.py
@@ -560,7 +560,7 @@ class NameCheck(object):
 
         return symbols
 
-    def perform_checks(self, show_problems: True):
+    def perform_checks(self, show_problems=True):
         """
         Perform each check in order, output its PASS/FAIL status. Maintain an
         overall test status, and output that at the end.

From d93fa37aa67bb6dfa153292eb7ce47e178ebb0d6 Mon Sep 17 00:00:00 2001
From: Yuto Takano <yuto.takano@arm.com>
Date: Fri, 6 Aug 2021 23:05:55 +0100
Subject: [PATCH 194/966] Address all pylint issues to follow style

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
---
 tests/scripts/check-names.py | 234 +++++++++++++++++------------------
 1 file changed, 113 insertions(+), 121 deletions(-)

diff --git a/tests/scripts/check-names.py b/tests/scripts/check-names.py
index 349e66bdff..7863569909 100755
--- a/tests/scripts/check-names.py
+++ b/tests/scripts/check-names.py
@@ -45,21 +45,20 @@ MACRO_PATTERN = r"^(MBEDTLS|PSA)_[0-9A-Z_]*[0-9A-Z]$"
 CONSTANTS_PATTERN = MACRO_PATTERN
 IDENTIFIER_PATTERN = r"^(mbedtls|psa)_[0-9a-z_]*[0-9a-z]$"
 
-class Match(object):
+class Match(): # pylint: disable=too-few-public-methods
     """
     A class representing a match, together with its found position.
 
     Fields:
     * filename: the file that the match was in.
     * line: the full line containing the match.
-    * line_no: the line number of the file.
-    * pos: a tuple of (start, end) positions on the line where the match is.
+    * pos: a tuple of (line_no, start, end) positions on the file line where the
+           match is.
     * name: the match itself.
     """
-    def __init__(self, filename, line, line_no, pos, name):
+    def __init__(self, filename, line, pos, name):
         self.filename = filename
         self.line = line
-        self.line_no = line_no
         self.pos = pos
         self.name = name
 
@@ -67,9 +66,10 @@ class Match(object):
         return (
             "       |\n" +
             "       | {}".format(self.line) +
-            "       | " + self.pos[0] * " " + (self.pos[1] - self.pos[0]) * "^"
+            "       | " + self.pos[1] * " " + (self.pos[2] - self.pos[1]) * "^"
         )
-class Problem(object):
+
+class Problem(): # pylint: disable=too-few-public-methods
     """
     A parent class representing a form of static analysis error.
 
@@ -82,7 +82,7 @@ class Problem(object):
         self.textwrapper.initial_indent = "    > "
         self.textwrapper.subsequent_indent = "      "
 
-class SymbolNotInHeader(Problem):
+class SymbolNotInHeader(Problem): # pylint: disable=too-few-public-methods
     """
     A problem that occurs when an exported/available symbol in the object file
     is not explicitly declared in header files. Created with
@@ -101,7 +101,7 @@ class SymbolNotInHeader(Problem):
             "however it was not declared in any header files."
             .format(self.symbol_name))
 
-class PatternMismatch(Problem):
+class PatternMismatch(Problem): # pylint: disable=too-few-public-methods
     """
     A problem that occurs when something doesn't match the expected pattern.
     Created with NameCheck.check_match_pattern()
@@ -120,11 +120,11 @@ class PatternMismatch(Problem):
             "{0}:{1}: '{2}' does not match the required pattern '{3}'."
             .format(
                 self.match.filename,
-                self.match.line_no,
+                self.match.pos[0],
                 self.match.name,
                 self.pattern)) + "\n" + str(self.match)
 
-class Typo(Problem):
+class Typo(Problem): # pylint: disable=too-few-public-methods
     """
     A problem that occurs when a word using MBED doesn't appear to be defined as
     constants nor enum values. Created with NameCheck.check_for_typos()
@@ -137,26 +137,25 @@ class Typo(Problem):
         Problem.__init__(self)
 
     def __str__(self):
-        match_len = self.match.pos[1] - self.match.pos[0]
         return self.textwrapper.fill(
             "{0}:{1}: '{2}' looks like a typo. It was not found in any "
             "macros or any enums. If this is not a typo, put "
             "//no-check-names after it."
             .format(
                 self.match.filename,
-                self.match.line_no,
+                self.match.pos[0],
                 self.match.name)) + "\n" + str(self.match)
 
-class NameCheck(object):
+class NameCheck():
     """
     Representation of the core name checking operation performed by this script.
     Shares a common logger, common excluded filenames, and a shared return_code.
     """
     def __init__(self):
         self.log = None
-        self.check_repo_path()
         self.return_code = 0
         self.excluded_files = ["bn_mul", "compat-2.x.h"]
+        self.parse_result = {}
 
     def set_return_code(self, return_code):
         if return_code > self.return_code:
@@ -176,16 +175,6 @@ class NameCheck(object):
             self.log.setLevel(logging.INFO)
         self.log.addHandler(logging.StreamHandler())
 
-    def check_repo_path(self):
-        """
-        Check that the current working directory is the project root, and throw
-        an exception if not.
-        """
-        if (not os.path.isdir("include") or
-            not os.path.isdir("tests") or
-            not os.path.isdir("library")):
-            raise Exception("This script must be run from Mbed TLS root")
-
     def get_files(self, extension, directory):
         """
         Get all files that end with .extension in the specified directory
@@ -198,7 +187,7 @@ class NameCheck(object):
         Returns a List of relative filepaths.
         """
         filenames = []
-        for root, dirs, files in sorted(os.walk(directory)):
+        for root, _, files in sorted(os.walk(directory)):
             for filename in sorted(files):
                 if (filename not in self.excluded_files and
                         filename.endswith("." + extension)):
@@ -233,7 +222,7 @@ class NameCheck(object):
             m_headers + l_headers + t_headers)
         identifiers = self.parse_identifiers(
             m_headers + p_headers + t_headers + l_headers)
-        mbed_names = self.parse_MBED_names(
+        mbed_words = self.parse_mbed_words(
             m_headers + p_headers + t_headers + l_headers + libraries)
         symbols = self.parse_symbols()
 
@@ -257,7 +246,7 @@ class NameCheck(object):
             "enum_consts": enum_consts,
             "identifiers": identifiers,
             "symbols": symbols,
-            "mbed_names": mbed_names
+            "mbed_words": mbed_words
         }
 
     def parse_macros(self, header_files):
@@ -269,28 +258,29 @@ class NameCheck(object):
 
         Returns a List of Match objects for the found macros.
         """
-        MACRO_REGEX = r"# *define +(?P<macro>\w+)"
-        NON_MACROS = (
+        macro_regex = re.compile(r"# *define +(?P<macro>\w+)")
+        exclusions = (
             "asm", "inline", "EMIT", "_CRT_SECURE_NO_DEPRECATE", "MULADDC_"
         )
 
-        macros = []
         self.log.debug("Looking for macros in {} files".format(len(header_files)))
+
+        macros = []
+
         for header_file in header_files:
             with open(header_file, "r") as header:
                 for line_no, line in enumerate(header):
-                    for macro in re.finditer(MACRO_REGEX, line):
-                        if not macro.group("macro").startswith(NON_MACROS):
+                    for macro in macro_regex.finditer(line):
+                        if not macro.group("macro").startswith(exclusions):
                             macros.append(Match(
                                 header_file,
                                 line,
-                                line_no,
-                                (macro.start(), macro.end()),
+                                (line_no, macro.start(), macro.end()),
                                 macro.group("macro")))
 
         return macros
 
-    def parse_MBED_names(self, files):
+    def parse_mbed_words(self, files):
         """
         Parse all words in the file that begin with MBED. Includes macros.
         There have been typos of TLS, hence the broader check than MBEDTLS.
@@ -300,26 +290,28 @@ class NameCheck(object):
 
         Returns a List of Match objects for words beginning with MBED.
         """
-        MBED_names = []
+        mbed_regex = re.compile(r"\bMBED.+?_[A-Z0-9_]*")
+        exclusions = re.compile(r"// *no-check-names|#error")
+
         self.log.debug("Looking for MBED names in {} files".format(len(files)))
+
+        mbed_words = []
+
         for filename in files:
             with open(filename, "r") as fp:
                 for line_no, line in enumerate(fp):
-                    # Ignore any names that are deliberately opted-out or in
-                    # legacy error directives
-                    if re.search(r"// *no-check-names|#error", line):
+                    if exclusions.search(line):
                         continue
 
-                    for name in re.finditer(r"\bMBED.+?_[A-Z0-9_]*", line):
-                        MBED_names.append(Match(
+                    for name in mbed_regex.finditer(line):
+                        mbed_words.append(Match(
                             filename,
                             line,
-                            line_no,
-                            (name.start(), name.end()),
+                            (line_no, name.start(), name.end()),
                             name.group(0)
                             ))
 
-        return MBED_names
+        return mbed_words
 
     def parse_enum_consts(self, header_files):
         """
@@ -330,9 +322,10 @@ class NameCheck(object):
 
         Returns a List of Match objects for the findings.
         """
+        self.log.debug("Looking for enum consts in {} files".format(len(header_files)))
 
         enum_consts = []
-        self.log.debug("Looking for enum consts in {} files".format(len(header_files)))
+
         for header_file in header_files:
             # Emulate a finite state machine to parse enum declarations.
             # 0 = not in enum
@@ -344,22 +337,21 @@ class NameCheck(object):
                     # Match typedefs and brackets only when they are at the
                     # beginning of the line -- if they are indented, they might
                     # be sub-structures within structs, etc.
-                    if state is 0 and re.match(r"^(typedef +)?enum +{", line):
+                    if state == 0 and re.match(r"^(typedef +)?enum +{", line):
                         state = 1
-                    elif state is 0 and re.match(r"^(typedef +)?enum", line):
+                    elif state == 0 and re.match(r"^(typedef +)?enum", line):
                         state = 2
-                    elif state is 2 and re.match(r"^{", line):
+                    elif state == 2 and re.match(r"^{", line):
                         state = 1
-                    elif state is 1 and re.match(r"^}", line):
+                    elif state == 1 and re.match(r"^}", line):
                         state = 0
-                    elif state is 1 and not re.match(r" *#", line):
+                    elif state == 1 and not re.match(r" *#", line):
                         enum_const = re.match(r" *(?P<enum_const>\w+)", line)
                         if enum_const:
                             enum_consts.append(Match(
                                 header_file,
                                 line,
-                                line_no,
-                                (enum_const.start(), enum_const.end()),
+                                (line_no, enum_const.start(), enum_const.end()),
                                 enum_const.group("enum_const")))
 
         return enum_consts
@@ -374,23 +366,37 @@ class NameCheck(object):
 
         Returns a List of Match objects with identifiers.
         """
-        EXCLUDED_LINES = (
-            r"^("
-               r"extern +\"C\"|"
-               r"(typedef +)?(struct|union|enum)( *{)?$|"
-               r"} *;?$|"
-               r"$|"
-               r"//|"
-               r"#"
-            r")"
-        )
+        identifier_regex = re.compile(
+            # Match " something(a" or " *something(a". Functions.
+            # Assumptions:
+            # - function definition from return type to one of its arguments is
+            #   all on one line (enforced by the previous_line concat below)
+            # - function definition line only contains alphanumeric, asterisk,
+            #   underscore, and open bracket
+            r".* \**(\w+) *\( *\w|"
+            # Match "(*something)(". Flexible with spaces.
+            r".*\( *\* *(\w+) *\) *\(|"
+            # Match names of named data structures.
+            r"(?:typedef +)?(?:struct|union|enum) +(\w+)(?: *{)?$|"
+            # Match names of typedef instances, after closing bracket.
+            r"}? *(\w+)[;[].*")
+        exclusion_lines = re.compile(r"^("
+            r"extern +\"C\"|"
+            r"(typedef +)?(struct|union|enum)( *{)?$|"
+            r"} *;?$|"
+            r"$|"
+            r"//|"
+            r"#"
+            r")")
+
+        self.log.debug("Looking for identifiers in {} files".format(len(header_files)))
 
         identifiers = []
-        self.log.debug("Looking for identifiers in {} files".format(len(header_files)))
+
         for header_file in header_files:
             with open(header_file, "r") as header:
                 in_block_comment = False
-                previous_line = None
+                previous_line = ""
 
                 for line_no, line in enumerate(header):
                     # Skip parsing this line if a block comment ends on it,
@@ -403,11 +409,11 @@ class NameCheck(object):
                         continue
 
                     if in_block_comment:
-                        previous_line = None
+                        previous_line = ""
                         continue
 
-                    if re.match(EXCLUDED_LINES, line):
-                        previous_line = None
+                    if exclusion_lines.match(line):
+                        previous_line = ""
                         continue
 
                     # If the line contains only space-separated alphanumeric
@@ -415,17 +421,14 @@ class NameCheck(object):
                     # and nothing else, high chance it's a declaration that
                     # continues on the next line
                     if re.match(r"^([\w\*\(]+\s+)+$", line):
-                        if previous_line:
-                            previous_line += " " + line
-                        else:
-                            previous_line = line
+                        previous_line += line
                         continue
 
                     # If previous line seemed to start an unfinished declaration
                     # (as above), concat and treat them as one.
                     if previous_line:
                         line = previous_line.strip() + " " + line.strip()
-                        previous_line = None
+                        previous_line = ""
 
                     # Skip parsing if line has a space in front = hueristic to
                     # skip function argument lines (highly subject to formatting
@@ -433,23 +436,7 @@ class NameCheck(object):
                     if line[0] == " ":
                         continue
 
-                    identifier = re.search(
-                        # Match " something(a" or " *something(a". Functions.
-                        # Assumptions:
-                        # - function definition from return type to one of its
-                        #   arguments is all on one line (enforced by the above
-                        #   previous_line concat)
-                        # - function definition line only contains alphanumeric,
-                        #   asterisk, underscore, and open bracket
-                        r".* \**(\w+) *\( *\w|"
-                        # Match "(*something)(". Flexible with spaces.
-                        r".*\( *\* *(\w+) *\) *\(|"
-                        # Match names of named data structures
-                        r"(?:typedef +)?(?:struct|union|enum) +(\w+)(?: *{)?$|"
-                        # Match names of typedef instances, after closing bracket
-                        r"}? *(\w+)[;[].*",
-                        line
-                    )
+                    identifier = identifier_regex.search(line)
 
                     if identifier:
                         # Find the group that matched, and append it
@@ -458,8 +445,7 @@ class NameCheck(object):
                                 identifiers.append(Match(
                                     header_file,
                                     line,
-                                    line_no,
-                                    (identifier.start(), identifier.end()),
+                                    (line_no, identifier.start(), identifier.end()),
                                     group))
 
         return identifiers
@@ -502,10 +488,8 @@ class NameCheck(object):
             # Perform object file analysis using nm
             symbols = self.parse_symbols_from_nm(
                 ["library/libmbedcrypto.a",
-                "library/libmbedtls.a",
-                "library/libmbedx509.a"])
-
-            symbols.sort()
+                 "library/libmbedtls.a",
+                 "library/libmbedx509.a"])
 
             subprocess.run(
                 ["make", "clean"],
@@ -533,9 +517,9 @@ class NameCheck(object):
         Returns a List of unique symbols defined and used in any of the object
         files.
         """
-        UNDEFINED_SYMBOL = r"^\S+: +U |^$|^\S+:$"
-        VALID_SYMBOL = r"^\S+( [0-9A-Fa-f]+)* . _*(?P<symbol>\w+)"
-        EXCLUSIONS = ("FStar", "Hacl")
+        nm_undefined_regex = re.compile(r"^\S+: +U |^$|^\S+:$")
+        nm_valid_regex = re.compile(r"^\S+( [0-9A-Fa-f]+)* . _*(?P<symbol>\w+)")
+        nm_exclusions = ("FStar", "Hacl")
 
         symbols = []
 
@@ -551,9 +535,10 @@ class NameCheck(object):
             ).stdout
 
         for line in nm_output.splitlines():
-            if not re.match(UNDEFINED_SYMBOL, line):
-                symbol = re.match(VALID_SYMBOL, line)
-                if symbol and not symbol.group("symbol").startswith(EXCLUSIONS):
+            if not nm_undefined_regex.match(line):
+                symbol = nm_valid_regex.match(line)
+                if (symbol and not symbol.group("symbol").startswith(
+                       nm_exclusions)):
                     symbols.append(symbol.group("symbol"))
                 else:
                     self.log.error(line)
@@ -573,10 +558,9 @@ class NameCheck(object):
 
         problems += self.check_symbols_declared_in_header(show_problems)
 
-        pattern_checks = [
-            ("macros", MACRO_PATTERN),
-            ("enum_consts", CONSTANTS_PATTERN),
-            ("identifiers", IDENTIFIER_PATTERN)]
+        pattern_checks = [("macros", MACRO_PATTERN),
+                          ("enum_consts", CONSTANTS_PATTERN),
+                          ("identifiers", IDENTIFIER_PATTERN)]
         for group, check_pattern in pattern_checks:
             problems += self.check_match_pattern(
                 show_problems, group, check_pattern)
@@ -602,6 +586,7 @@ class NameCheck(object):
         Returns the number of problems that need fixing.
         """
         problems = []
+
         for symbol in self.parse_result["symbols"]:
             found_symbol_declared = False
             for identifier_match in self.parse_result["identifiers"]:
@@ -628,6 +613,7 @@ class NameCheck(object):
         Returns the number of problems that need fixing.
         """
         problems = []
+
         for item_match in self.parse_result[group_to_check]:
             if not re.match(check_pattern, item_match.name):
                 problems.append(PatternMismatch(check_pattern, item_match))
@@ -652,14 +638,15 @@ class NameCheck(object):
         Returns the number of problems that need fixing.
         """
         problems = []
-        all_caps_names = list(set([
-            match.name for match
-            in self.parse_result["macros"] + self.parse_result["enum_consts"]]
-        ))
 
-        TYPO_EXCLUSION = r"XXX|__|_$|^MBEDTLS_.*CONFIG_FILE$"
+        # Set comprehension, equivalent to a list comprehension inside set()
+        all_caps_names = {
+            match.name
+            for match
+            in self.parse_result["macros"] + self.parse_result["enum_consts"]}
+        typo_exclusion = re.compile(r"XXX|__|_$|^MBEDTLS_.*CONFIG_FILE$")
 
-        for name_match in self.parse_result["mbed_names"]:
+        for name_match in self.parse_result["mbed_words"]:
             found = name_match.name in all_caps_names
 
             # Since MBEDTLS_PSA_ACCEL_XXX defines are defined by the
@@ -671,7 +658,7 @@ class NameCheck(object):
                     "MBEDTLS_PSA_ACCEL_",
                     "MBEDTLS_PSA_BUILTIN_") in all_caps_names
 
-            if not found and not re.search(TYPO_EXCLUSION, name_match.name):
+            if not found and not typo_exclusion.search(name_match.name):
                 problems.append(Typo(name_match))
 
         self.output_check_result("Likely typos", problems, show_problems)
@@ -691,16 +678,25 @@ class NameCheck(object):
             if show_problems:
                 self.log.info("")
                 for problem in problems:
-                    self.log.warn(str(problem) + "\n")
+                    self.log.warning("{}\n".format(str(problem)))
         else:
             self.log.info("{}: PASS".format(name))
 
+def check_repo_path():
+    """
+    Check that the current working directory is the project root, and throw
+    an exception if not.
+    """
+    if (not os.path.isdir("include") or
+            not os.path.isdir("tests") or
+            not os.path.isdir("library")):
+        raise Exception("This script must be run from Mbed TLS root")
+
 def main():
     """
     Perform argument parsing, and create an instance of NameCheck to begin the
     core operation.
     """
-
     parser = argparse.ArgumentParser(
         formatter_class=argparse.RawDescriptionHelpFormatter,
         description=(
@@ -720,17 +716,13 @@ def main():
     args = parser.parse_args()
 
     try:
+        check_repo_path()
         name_check = NameCheck()
         name_check.setup_logger(verbose=args.verbose)
         name_check.parse_names_in_source()
         name_check.perform_checks(show_problems=not args.quiet)
         sys.exit(name_check.return_code)
-    except subprocess.CalledProcessError as error:
-        traceback.print_exc()
-        print("!! Compilation faced a critical error, "
-              "check-names can't continue further.")
-        sys.exit(name_check.return_code)
-    except Exception:
+    except Exception: # pylint: disable=broad-except
         traceback.print_exc()
         sys.exit(2)
 

From bcc3d99cc10561fd40f8c1eba585a9cf4f8bd123 Mon Sep 17 00:00:00 2001
From: Yuto Takano <yuto.takano@arm.com>
Date: Fri, 6 Aug 2021 23:14:58 +0100
Subject: [PATCH 195/966] Fix compatibiliy with Python 3.5 on the CI

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
---
 tests/scripts/check-names.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/tests/scripts/check-names.py b/tests/scripts/check-names.py
index 7863569909..b1835c6801 100755
--- a/tests/scripts/check-names.py
+++ b/tests/scripts/check-names.py
@@ -471,7 +471,7 @@ class NameCheck():
             # as exceptions and logged.
             subprocess.run(
                 ["python3", "scripts/config.py", "full"],
-                encoding=sys.stdout.encoding,
+                universal_newlines=True,
                 check=True
             )
             my_environment = os.environ.copy()
@@ -479,7 +479,7 @@ class NameCheck():
             subprocess.run(
                 ["make", "clean", "lib"],
                 env=my_environment,
-                encoding=sys.stdout.encoding,
+                universal_newlines=True,
                 stdout=subprocess.PIPE,
                 stderr=subprocess.STDOUT,
                 check=True
@@ -493,7 +493,7 @@ class NameCheck():
 
             subprocess.run(
                 ["make", "clean"],
-                encoding=sys.stdout.encoding,
+                universal_newlines=True,
                 check=True
             )
         except subprocess.CalledProcessError as error:
@@ -528,7 +528,7 @@ class NameCheck():
         for lib in object_files:
             nm_output += subprocess.run(
                 ["nm", "-og", lib],
-                encoding=sys.stdout.encoding,
+                universal_newlines=True,
                 stdout=subprocess.PIPE,
                 stderr=subprocess.STDOUT,
                 check=True

From 381fda8550212a6250a7dbb6b1a56300674cd9e6 Mon Sep 17 00:00:00 2001
From: Yuto Takano <yuto.takano@arm.com>
Date: Fri, 6 Aug 2021 23:37:20 +0100
Subject: [PATCH 196/966] Print line number next to problem in check-names

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
---
 tests/scripts/check-names.py | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/tests/scripts/check-names.py b/tests/scripts/check-names.py
index b1835c6801..5878bfa498 100755
--- a/tests/scripts/check-names.py
+++ b/tests/scripts/check-names.py
@@ -63,10 +63,15 @@ class Match(): # pylint: disable=too-few-public-methods
         self.name = name
 
     def __str__(self):
+        ln_str = str(self.pos[0])
+        gutter_len = max(4, len(ln_str))
+        gutter = (gutter_len - len(ln_str)) * " " + ln_str
+        underline = self.pos[1] * " " + (self.pos[2] - self.pos[1]) * "^"
+
         return (
-            "       |\n" +
-            "       | {}".format(self.line) +
-            "       | " + self.pos[1] * " " + (self.pos[2] - self.pos[1]) * "^"
+            " {0} |\n".format(gutter_len * " ") +
+            " {0} | {1}".format(gutter, self.line) +
+            " {0} | {1}".format(gutter_len * " ", underline)
         )
 
 class Problem(): # pylint: disable=too-few-public-methods

From a083d15eddbe0c55b91ce5289dd672b6490452e0 Mon Sep 17 00:00:00 2001
From: Yuto Takano <yuto.takano@arm.com>
Date: Sat, 7 Aug 2021 00:25:59 +0100
Subject: [PATCH 197/966] Specify file open encoding as utf-8 in check-names

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
---
 tests/scripts/check-names.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/tests/scripts/check-names.py b/tests/scripts/check-names.py
index 5878bfa498..f47d7e6c52 100755
--- a/tests/scripts/check-names.py
+++ b/tests/scripts/check-names.py
@@ -273,7 +273,7 @@ class NameCheck():
         macros = []
 
         for header_file in header_files:
-            with open(header_file, "r") as header:
+            with open(header_file, "r", encoding="utf-8") as header:
                 for line_no, line in enumerate(header):
                     for macro in macro_regex.finditer(line):
                         if not macro.group("macro").startswith(exclusions):
@@ -303,7 +303,7 @@ class NameCheck():
         mbed_words = []
 
         for filename in files:
-            with open(filename, "r") as fp:
+            with open(filename, "r", encoding="utf-8") as fp:
                 for line_no, line in enumerate(fp):
                     if exclusions.search(line):
                         continue
@@ -337,7 +337,7 @@ class NameCheck():
             # 1 = inside enum
             # 2 = almost inside enum
             state = 0
-            with open(header_file, "r") as header:
+            with open(header_file, "r", encoding="utf-8") as header:
                 for line_no, line in enumerate(header):
                     # Match typedefs and brackets only when they are at the
                     # beginning of the line -- if they are indented, they might
@@ -399,7 +399,7 @@ class NameCheck():
         identifiers = []
 
         for header_file in header_files:
-            with open(header_file, "r") as header:
+            with open(header_file, "r", encoding="utf-8") as header:
                 in_block_comment = False
                 previous_line = ""
 

From 12a7ecda5afa649d43a388dd280c116f5505d071 Mon Sep 17 00:00:00 2001
From: Yuto Takano <yuto.takano@arm.com>
Date: Sat, 7 Aug 2021 00:40:29 +0100
Subject: [PATCH 198/966] Fix further pylint issues picked up by Travis CI

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
---
 tests/scripts/check-names.py | 19 +++++++++----------
 1 file changed, 9 insertions(+), 10 deletions(-)

diff --git a/tests/scripts/check-names.py b/tests/scripts/check-names.py
index f47d7e6c52..81fd5ffb84 100755
--- a/tests/scripts/check-names.py
+++ b/tests/scripts/check-names.py
@@ -386,13 +386,13 @@ class NameCheck():
             # Match names of typedef instances, after closing bracket.
             r"}? *(\w+)[;[].*")
         exclusion_lines = re.compile(r"^("
-            r"extern +\"C\"|"
-            r"(typedef +)?(struct|union|enum)( *{)?$|"
-            r"} *;?$|"
-            r"$|"
-            r"//|"
-            r"#"
-            r")")
+                                     r"extern +\"C\"|"
+                                     r"(typedef +)?(struct|union|enum)( *{)?$|"
+                                     r"} *;?$|"
+                                     r"$|"
+                                     r"//|"
+                                     r"#"
+                                     r")")
 
         self.log.debug("Looking for identifiers in {} files".format(len(header_files)))
 
@@ -524,7 +524,7 @@ class NameCheck():
         """
         nm_undefined_regex = re.compile(r"^\S+: +U |^$|^\S+:$")
         nm_valid_regex = re.compile(r"^\S+( [0-9A-Fa-f]+)* . _*(?P<symbol>\w+)")
-        nm_exclusions = ("FStar", "Hacl")
+        exclusions = ("FStar", "Hacl")
 
         symbols = []
 
@@ -542,8 +542,7 @@ class NameCheck():
         for line in nm_output.splitlines():
             if not nm_undefined_regex.match(line):
                 symbol = nm_valid_regex.match(line)
-                if (symbol and not symbol.group("symbol").startswith(
-                       nm_exclusions)):
+                if (symbol and not symbol.group("symbol").startswith(exclusions)):
                     symbols.append(symbol.group("symbol"))
                 else:
                     self.log.error(line)

From b47b504418e146dc0fae6be266bbdfd71a2d9827 Mon Sep 17 00:00:00 2001
From: Yuto Takano <yuto.takano@arm.com>
Date: Sat, 7 Aug 2021 00:42:54 +0100
Subject: [PATCH 199/966] Improve comments in parse_mbed_words()

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
---
 tests/scripts/check-names.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/tests/scripts/check-names.py b/tests/scripts/check-names.py
index 81fd5ffb84..228ab4c646 100755
--- a/tests/scripts/check-names.py
+++ b/tests/scripts/check-names.py
@@ -287,14 +287,15 @@ class NameCheck():
 
     def parse_mbed_words(self, files):
         """
-        Parse all words in the file that begin with MBED. Includes macros.
-        There have been typos of TLS, hence the broader check than MBEDTLS.
+        Parse all words in the file that begin with MBED, in and out of macros,
+        comments, anything.
 
         Args:
         * files: a List of filepaths to look through.
 
         Returns a List of Match objects for words beginning with MBED.
         """
+        # Typos of TLS are common, hence the broader check below than MBEDTLS.
         mbed_regex = re.compile(r"\bMBED.+?_[A-Z0-9_]*")
         exclusions = re.compile(r"// *no-check-names|#error")
 

From 55614b51f11d992266e552be9b0b41185d777a10 Mon Sep 17 00:00:00 2001
From: Yuto Takano <yuto.takano@arm.com>
Date: Sat, 7 Aug 2021 01:00:18 +0100
Subject: [PATCH 200/966] Use --quiet to hide explanations and show only
 minimal necessary info

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
---
 tests/scripts/check-names.py | 88 +++++++++++++++++++++---------------
 1 file changed, 52 insertions(+), 36 deletions(-)

diff --git a/tests/scripts/check-names.py b/tests/scripts/check-names.py
index 228ab4c646..509b4353af 100755
--- a/tests/scripts/check-names.py
+++ b/tests/scripts/check-names.py
@@ -71,7 +71,7 @@ class Match(): # pylint: disable=too-few-public-methods
         return (
             " {0} |\n".format(gutter_len * " ") +
             " {0} | {1}".format(gutter, self.line) +
-            " {0} | {1}".format(gutter_len * " ", underline)
+            " {0} | {1}\n".format(gutter_len * " ", underline)
         )
 
 class Problem(): # pylint: disable=too-few-public-methods
@@ -96,11 +96,15 @@ class SymbolNotInHeader(Problem): # pylint: disable=too-few-public-methods
     Fields:
     * symbol_name: the name of the symbol.
     """
-    def __init__(self, symbol_name):
+    def __init__(self, symbol_name, quiet=False):
         self.symbol_name = symbol_name
+        self.quiet = quiet
         Problem.__init__(self)
 
     def __str__(self):
+        if self.quiet:
+            return "{0}".format(self.symbol_name)
+
         return self.textwrapper.fill(
             "'{0}' was found as an available symbol in the output of nm, "
             "however it was not declared in any header files."
@@ -115,12 +119,20 @@ class PatternMismatch(Problem): # pylint: disable=too-few-public-methods
     * pattern: the expected regex pattern
     * match: the Match object in question
     """
-    def __init__(self, pattern, match):
+    def __init__(self, pattern, match, quiet=False):
         self.pattern = pattern
         self.match = match
+        self.quiet = quiet
         Problem.__init__(self)
 
     def __str__(self):
+        if self.quiet:
+            return ("{0}:{1}:{3}"
+                    .format(
+                        self.match.filename,
+                        self.match.pos[0],
+                        self.match.name))
+
         return self.textwrapper.fill(
             "{0}:{1}: '{2}' does not match the required pattern '{3}'."
             .format(
@@ -137,11 +149,19 @@ class Typo(Problem): # pylint: disable=too-few-public-methods
     Fields:
     * match: the Match object of the MBED name in question.
     """
-    def __init__(self, match):
+    def __init__(self, match, quiet=False):
         self.match = match
+        self.quiet = quiet
         Problem.__init__(self)
 
     def __str__(self):
+        if self.quiet:
+            return ("{0}:{1}:{2}"
+                    .format(
+                        self.match.filename,
+                        self.match.pos[0],
+                        self.match.name))
+
         return self.textwrapper.fill(
             "{0}:{1}: '{2}' looks like a typo. It was not found in any "
             "macros or any enums. If this is not a typo, put "
@@ -550,43 +570,42 @@ class NameCheck():
 
         return symbols
 
-    def perform_checks(self, show_problems=True):
+    def perform_checks(self, quiet=False):
         """
         Perform each check in order, output its PASS/FAIL status. Maintain an
         overall test status, and output that at the end.
 
         Args:
-        * show_problems: whether to show the problematic examples.
+        * quiet: whether to hide detailed problem explanation.
         """
         self.log.info("=============")
         problems = 0
 
-        problems += self.check_symbols_declared_in_header(show_problems)
+        problems += self.check_symbols_declared_in_header(quiet)
 
         pattern_checks = [("macros", MACRO_PATTERN),
                           ("enum_consts", CONSTANTS_PATTERN),
                           ("identifiers", IDENTIFIER_PATTERN)]
         for group, check_pattern in pattern_checks:
-            problems += self.check_match_pattern(
-                show_problems, group, check_pattern)
+            problems += self.check_match_pattern(quiet, group, check_pattern)
 
-        problems += self.check_for_typos(show_problems)
+        problems += self.check_for_typos(quiet)
 
         self.log.info("=============")
         if problems > 0:
             self.log.info("FAIL: {0} problem(s) to fix".format(str(problems)))
-            if not show_problems:
-                self.log.info("Remove --quiet to show the problems.")
+            if quiet:
+                self.log.info("Remove --quiet to see explanations.")
         else:
             self.log.info("PASS")
 
-    def check_symbols_declared_in_header(self, show_problems):
+    def check_symbols_declared_in_header(self, quiet):
         """
         Perform a check that all detected symbols in the library object files
         are properly declared in headers.
 
         Args:
-        * show_problems: whether to show the problematic examples.
+        * quiet: whether to hide detailed problem explanation.
 
         Returns the number of problems that need fixing.
         """
@@ -600,18 +619,18 @@ class NameCheck():
                     break
 
             if not found_symbol_declared:
-                problems.append(SymbolNotInHeader(symbol))
+                problems.append(SymbolNotInHeader(symbol, quiet=quiet))
 
-        self.output_check_result("All symbols in header", problems, show_problems)
+        self.output_check_result("All symbols in header", problems)
         return len(problems)
 
 
-    def check_match_pattern(self, show_problems, group_to_check, check_pattern):
+    def check_match_pattern(self, quiet, group_to_check, check_pattern):
         """
         Perform a check that all items of a group conform to a regex pattern.
 
         Args:
-        * show_problems: whether to show the problematic examples.
+        * quiet: whether to hide detailed problem explanation.
         * group_to_check: string key to index into self.parse_result.
         * check_pattern: the regex to check against.
 
@@ -624,21 +643,23 @@ class NameCheck():
                 problems.append(PatternMismatch(check_pattern, item_match))
             # Double underscore is a reserved identifier, never to be used
             if re.match(r".*__.*", item_match.name):
-                problems.append(PatternMismatch("double underscore", item_match))
+                problems.append(PatternMismatch(
+                    "double underscore",
+                    item_match,
+                    quiet=quiet))
 
         self.output_check_result(
             "Naming patterns of {}".format(group_to_check),
-            problems,
-            show_problems)
+            problems)
         return len(problems)
 
-    def check_for_typos(self, show_problems):
+    def check_for_typos(self, quiet):
         """
         Perform a check that all words in the soure code beginning with MBED are
         either defined as macros, or as enum constants.
 
         Args:
-        * show_problems: whether to show the problematic examples.
+        * quiet: whether to hide detailed problem explanation.
 
         Returns the number of problems that need fixing.
         """
@@ -664,26 +685,21 @@ class NameCheck():
                     "MBEDTLS_PSA_BUILTIN_") in all_caps_names
 
             if not found and not typo_exclusion.search(name_match.name):
-                problems.append(Typo(name_match))
+                problems.append(Typo(name_match, quiet=quiet))
 
-        self.output_check_result("Likely typos", problems, show_problems)
+        self.output_check_result("Likely typos", problems)
         return len(problems)
 
-    def output_check_result(self, name, problems, show_problems):
+    def output_check_result(self, name, problems):
         """
         Write out the PASS/FAIL status of a performed check depending on whether
         there were problems.
-
-        Args:
-        * show_problems: whether to show the problematic examples.
         """
         if problems:
             self.set_return_code(1)
-            self.log.info("{}: FAIL".format(name))
-            if show_problems:
-                self.log.info("")
-                for problem in problems:
-                    self.log.warning("{}\n".format(str(problem)))
+            self.log.info("{}: FAIL\n".format(name))
+            for problem in problems:
+                self.log.warning(str(problem))
         else:
             self.log.info("{}: PASS".format(name))
 
@@ -716,7 +732,7 @@ def main():
 
     parser.add_argument("-q", "--quiet",
                         action="store_true",
-                        help="hide unnecessary text and problematic examples")
+                        help="hide unnecessary text, explanations, and highlighs")
 
     args = parser.parse_args()
 
@@ -725,7 +741,7 @@ def main():
         name_check = NameCheck()
         name_check.setup_logger(verbose=args.verbose)
         name_check.parse_names_in_source()
-        name_check.perform_checks(show_problems=not args.quiet)
+        name_check.perform_checks(quiet=args.quiet)
         sys.exit(name_check.return_code)
     except Exception: # pylint: disable=broad-except
         traceback.print_exc()

From f3cce8b0e1bb5df423e4c4bf46ac1cd5d5387300 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Sat, 7 Aug 2021 14:29:49 +0100
Subject: [PATCH 201/966] Add handshake message writing variant that doesn't
 update checksum

The helper `mbedtls_ssl_write_handshake_msg` writes a handshake message
and updates the handshake transcript.

With TLS 1.3, we need finer control over the checksum: updating
at message granularity is not sufficient. To allow for manual maintenance
of the checksum in those cases, refine `mbedtls_ssl_write_handshake_msg()`
into `mbedtls_ssl_write_handshake_msg_ext()` which takes a parameter
determining whether the checksum should be updated.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
---
 library/ssl_misc.h | 8 +++++++-
 library/ssl_msg.c  | 5 +++--
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index cc19f4723b..e4966f0198 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -971,7 +971,13 @@ int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl,
                              unsigned update_hs_digest );
 int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want );
 
-int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_write_handshake_msg_ext( mbedtls_ssl_context *ssl,
+                                         int update_checksum );
+static inline int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl )
+{
+    return( mbedtls_ssl_write_handshake_msg_ext( ssl, 1 /* update checksum */ ) );
+}
+
 int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush );
 int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl );
 
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 76cc2b17d4..fe26eaaf29 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -2360,7 +2360,8 @@ void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl )
  *      (including handshake headers but excluding record headers)
  *   - ssl->out_msg: the record contents (handshake headers + content)
  */
-int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_write_handshake_msg_ext( mbedtls_ssl_context *ssl,
+                                         int update_checksum )
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     const size_t hs_len = ssl->out_msglen - 4;
@@ -2469,7 +2470,7 @@ int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl )
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 
         /* Update running hashes of handshake messages seen */
-        if( hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST )
+        if( hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST && update_checksum != 0 )
             ssl->handshake->update_checksum( ssl, ssl->out_msg, ssl->out_msglen );
     }
 

From fc54dfb0d662301de595fc5e8a9c83a8d766bd35 Mon Sep 17 00:00:00 2001
From: Yuto Takano <yuto.takano@arm.com>
Date: Sat, 7 Aug 2021 17:18:28 +0100
Subject: [PATCH 202/966] Move check_repo_path into NameCheck as staticmethod

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
---
 tests/scripts/check-names.py | 26 +++++++++++++++-----------
 1 file changed, 15 insertions(+), 11 deletions(-)

diff --git a/tests/scripts/check-names.py b/tests/scripts/check-names.py
index 509b4353af..b8a12885f1 100755
--- a/tests/scripts/check-names.py
+++ b/tests/scripts/check-names.py
@@ -27,6 +27,9 @@ The script performs the following checks:
 - All macros, constants, and identifiers (function names, struct names, etc)
   follow the required pattern.
 - Typo checking: All words that begin with MBED exist as macros or constants.
+
+Returns 0 on success, 1 on test failure, and 2 if there is a script error or a
+subprocess error. Must be run from Mbed TLS root.
 """
 
 import argparse
@@ -178,6 +181,7 @@ class NameCheck():
     """
     def __init__(self):
         self.log = None
+        self.check_repo_path()
         self.return_code = 0
         self.excluded_files = ["bn_mul", "compat-2.x.h"]
         self.parse_result = {}
@@ -187,6 +191,15 @@ class NameCheck():
             self.log.debug("Setting new return code to {}".format(return_code))
             self.return_code = return_code
 
+    @staticmethod
+    def check_repo_path():
+        """
+        Check that the current working directory is the project root, and throw
+        an exception if not.
+        """
+        if not all(os.path.isdir(d) for d in ["include", "library", "tests"]):
+            raise Exception("This script must be run from Mbed TLS root")
+
     def setup_logger(self, verbose=False):
         """
         Set up a logger and set the change the default logging level from
@@ -596,6 +609,8 @@ class NameCheck():
             self.log.info("FAIL: {0} problem(s) to fix".format(str(problems)))
             if quiet:
                 self.log.info("Remove --quiet to see explanations.")
+            else:
+                self.log.info("Use --quiet for minimal output.")
         else:
             self.log.info("PASS")
 
@@ -703,16 +718,6 @@ class NameCheck():
         else:
             self.log.info("{}: PASS".format(name))
 
-def check_repo_path():
-    """
-    Check that the current working directory is the project root, and throw
-    an exception if not.
-    """
-    if (not os.path.isdir("include") or
-            not os.path.isdir("tests") or
-            not os.path.isdir("library")):
-        raise Exception("This script must be run from Mbed TLS root")
-
 def main():
     """
     Perform argument parsing, and create an instance of NameCheck to begin the
@@ -737,7 +742,6 @@ def main():
     args = parser.parse_args()
 
     try:
-        check_repo_path()
         name_check = NameCheck()
         name_check.setup_logger(verbose=args.verbose)
         name_check.parse_names_in_source()

From 6fececf192e653a37fe100ae931fcad874c0ee7b Mon Sep 17 00:00:00 2001
From: Yuto Takano <yuto.takano@arm.com>
Date: Sat, 7 Aug 2021 17:28:23 +0100
Subject: [PATCH 203/966] Comment why  is used

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
---
 tests/scripts/check-names.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/tests/scripts/check-names.py b/tests/scripts/check-names.py
index b8a12885f1..5fe85b7bd6 100755
--- a/tests/scripts/check-names.py
+++ b/tests/scripts/check-names.py
@@ -540,6 +540,8 @@ class NameCheck():
             self.set_return_code(2)
             raise error
         finally:
+            # Put back the original config regardless of there being errors.
+            # Works also for keyboard interrupts.
             shutil.move("include/mbedtls/mbedtls_config.h.bak",
                         "include/mbedtls/mbedtls_config.h")
 

From 41934dd20a71fc474f0bd4f6cb754b09b48bd52f Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Sat, 7 Aug 2021 19:13:43 +0100
Subject: [PATCH 204/966] Share preparatory code between client and server
 handshake steps

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
---
 library/ssl_cli.c | 15 ---------------
 library/ssl_srv.c | 15 ---------------
 library/ssl_tls.c | 32 ++++++++++++++++++++++++++++++--
 3 files changed, 30 insertions(+), 32 deletions(-)

diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index e0a1c24ec1..59c5460429 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -4210,23 +4210,8 @@ int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl )
 {
     int ret = 0;
 
-    if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER || ssl->handshake == NULL )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "client state: %d", ssl->state ) );
 
-    if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 )
-        return( ret );
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
-        ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING )
-    {
-        if( ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 )
-            return( ret );
-    }
-#endif /* MBEDTLS_SSL_PROTO_DTLS */
-
     /* Change state now, so that it is right in mbedtls_ssl_read_record(), used
      * by DTLS for dropping out-of-sequence ChangeCipherSpec records */
 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index d82ec0471f..3d6739342d 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -4258,23 +4258,8 @@ int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl )
 {
     int ret = 0;
 
-    if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER || ssl->handshake == NULL )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "server state: %d", ssl->state ) );
 
-    if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 )
-        return( ret );
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
-        ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING )
-    {
-        if( ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 )
-            return( ret );
-    }
-#endif /* MBEDTLS_SSL_PROTO_DTLS */
-
     switch( ssl->state )
     {
         case MBEDTLS_SSL_HELLO_REQUEST:
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index bb5ddc470e..bf87fe56dc 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -5076,12 +5076,40 @@ int mbedtls_ssl_session_load( mbedtls_ssl_session *session,
 /*
  * Perform a single step of the SSL handshake
  */
+static int ssl_prepare_handshake_step( mbedtls_ssl_context *ssl )
+{
+    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+
+    if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 )
+        return( ret );
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+        ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING )
+    {
+        if( ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 )
+            return( ret );
+    }
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+
+    return( ret );
+}
+
 int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl )
 {
-    int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
+    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    if( ssl == NULL || ssl->conf == NULL )
+    if( ssl            == NULL                       ||
+        ssl->conf      == NULL                       ||
+        ssl->handshake == NULL                       ||
+        ssl->state     == MBEDTLS_SSL_HANDSHAKE_OVER )
+    {
         return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    }
+
+    ret = ssl_prepare_handshake_step( ssl );
+    if( ret != 0 )
+        return( ret );
 
 #if defined(MBEDTLS_SSL_CLI_C)
     if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )

From 51efcb143da3e25a9bcda904c3830c69b5a69c51 Mon Sep 17 00:00:00 2001
From: Yuto Takano <yuto.takano@arm.com>
Date: Mon, 9 Aug 2021 11:54:12 +0100
Subject: [PATCH 205/966] Rename check-names.py to check_names.py

This is necessary to import check_names from other scripts, which
will inevitably happen in the next few commits to implement the equivalent
of `list-identifiers.sh --internal`.

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
---
 tests/scripts/all.sh                             | 2 +-
 tests/scripts/{check-names.py => check_names.py} | 0
 2 files changed, 1 insertion(+), 1 deletion(-)
 rename tests/scripts/{check-names.py => check_names.py} (100%)

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index efcb5543e1..cbb337ffac 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -733,7 +733,7 @@ component_check_changelog () {
 
 component_check_names () {
     msg "Check: declared and exported names (builds the library)" # < 3s
-    record_status tests/scripts/check-names.py -v
+    record_status tests/scripts/check_names.py -v
 }
 
 component_check_test_cases () {
diff --git a/tests/scripts/check-names.py b/tests/scripts/check_names.py
similarity index 100%
rename from tests/scripts/check-names.py
rename to tests/scripts/check_names.py

From 977e07f5c8248cc27c36035685ba82faee0ac01a Mon Sep 17 00:00:00 2001
From: Yuto Takano <yuto.takano@arm.com>
Date: Mon, 9 Aug 2021 11:56:15 +0100
Subject: [PATCH 206/966] Use glob in get_files(), call setup_logger on init

glob is more flexible and simplifies the function arguments drastically.
It is also much more intuitive to extend in the future when the filepaths
need to be extended or changed.

setup_logger had to be called as the first thing after instantiation, so
this commit simplify makes it automatic.

Several clarification comments are added too.

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
---
 tests/scripts/check_names.py | 66 +++++++++++++++++++++---------------
 1 file changed, 38 insertions(+), 28 deletions(-)

diff --git a/tests/scripts/check_names.py b/tests/scripts/check_names.py
index 5fe85b7bd6..c129def4ed 100755
--- a/tests/scripts/check_names.py
+++ b/tests/scripts/check_names.py
@@ -33,6 +33,7 @@ subprocess error. Must be run from Mbed TLS root.
 """
 
 import argparse
+import glob
 import textwrap
 import os
 import sys
@@ -177,13 +178,19 @@ class Typo(Problem): # pylint: disable=too-few-public-methods
 class NameCheck():
     """
     Representation of the core name checking operation performed by this script.
-    Shares a common logger, common excluded filenames, and a shared return_code.
+    Shares a common logger, and a shared return code.
     """
-    def __init__(self):
+    def __init__(self, verbose=False):
         self.log = None
         self.check_repo_path()
         self.return_code = 0
+
+        self.setup_logger(verbose)
+
+        # Globally excluded filenames
         self.excluded_files = ["bn_mul", "compat-2.x.h"]
+
+        # Will contain the parse result after a comprehensive parse
         self.parse_result = {}
 
     def set_return_code(self, return_code):
@@ -213,30 +220,30 @@ class NameCheck():
             self.log.setLevel(logging.INFO)
         self.log.addHandler(logging.StreamHandler())
 
-    def get_files(self, extension, directory):
+    def get_files(self, wildcard):
         """
-        Get all files that end with .extension in the specified directory
-        recursively.
+        Get all files that match a UNIX-style wildcard recursively. While the
+        script is designed only for use on UNIX/macOS (due to nm), this function
+        would work fine on Windows even with forward slashes in the wildcard.
 
         Args:
-        * extension: the file extension to search for, without the dot
-        * directory: the directory to recursively search for
+        * wildcard: shell-style wildcards to match filepaths against.
 
         Returns a List of relative filepaths.
         """
-        filenames = []
-        for root, _, files in sorted(os.walk(directory)):
-            for filename in sorted(files):
-                if (filename not in self.excluded_files and
-                        filename.endswith("." + extension)):
-                    filenames.append(os.path.join(root, filename))
-        return filenames
+        accumulator = []
+
+        for filepath in glob.iglob(wildcard, recursive=True):
+            if os.path.basename(filepath) not in self.excluded_files:
+                accumulator.append(filepath)
+        return accumulator
 
     def parse_names_in_source(self):
         """
-        Calls each parsing function to retrieve various elements of the code,
-        together with their source location. Puts the parsed values in the
-        internal variable self.parse_result.
+        Comprehensive function to call each parsing function and retrieve
+        various elements of the code, together with their source location.
+        Puts the parsed values in the internal variable self.parse_result, so
+        they can be used from perform_checks().
         """
         self.log.info("Parsing source code...")
         self.log.debug(
@@ -244,13 +251,13 @@ class NameCheck():
             .format(str(self.excluded_files))
         )
 
-        m_headers = self.get_files("h", os.path.join("include", "mbedtls"))
-        p_headers = self.get_files("h", os.path.join("include", "psa"))
+        m_headers = self.get_files("include/mbedtls/*.h")
+        p_headers = self.get_files("include/psa/*.h")
         t_headers = ["3rdparty/everest/include/everest/everest.h",
                      "3rdparty/everest/include/everest/x25519.h"]
-        d_headers = self.get_files("h", os.path.join("tests", "include", "test", "drivers"))
-        l_headers = self.get_files("h", "library")
-        libraries = self.get_files("c", "library") + [
+        d_headers = self.get_files("tests/include/test/drivers/*.h")
+        l_headers = self.get_files("library/*.h")
+        libraries = self.get_files("library/*.c") + [
             "3rdparty/everest/library/everest.c",
             "3rdparty/everest/library/x25519.c"]
 
@@ -589,6 +596,7 @@ class NameCheck():
         """
         Perform each check in order, output its PASS/FAIL status. Maintain an
         overall test status, and output that at the end.
+        Assumes parse_names_in_source() was called before this.
 
         Args:
         * quiet: whether to hide detailed problem explanation.
@@ -620,6 +628,7 @@ class NameCheck():
         """
         Perform a check that all detected symbols in the library object files
         are properly declared in headers.
+        Assumes parse_names_in_source() was called before this.
 
         Args:
         * quiet: whether to hide detailed problem explanation.
@@ -645,6 +654,7 @@ class NameCheck():
     def check_match_pattern(self, quiet, group_to_check, check_pattern):
         """
         Perform a check that all items of a group conform to a regex pattern.
+        Assumes parse_names_in_source() was called before this.
 
         Args:
         * quiet: whether to hide detailed problem explanation.
@@ -674,6 +684,7 @@ class NameCheck():
         """
         Perform a check that all words in the soure code beginning with MBED are
         either defined as macros, or as enum constants.
+        Assumes parse_names_in_source() was called before this.
 
         Args:
         * quiet: whether to hide detailed problem explanation.
@@ -725,7 +736,7 @@ def main():
     Perform argument parsing, and create an instance of NameCheck to begin the
     core operation.
     """
-    parser = argparse.ArgumentParser(
+    argparser = argparse.ArgumentParser(
         formatter_class=argparse.RawDescriptionHelpFormatter,
         description=(
             "This script confirms that the naming of all symbols and identifiers "
@@ -733,19 +744,18 @@ def main():
             "self-consistent.\n\n"
             "Expected to be run from the MbedTLS root directory."))
 
-    parser.add_argument("-v", "--verbose",
+    argparser.add_argument("-v", "--verbose",
                         action="store_true",
                         help="show parse results")
 
-    parser.add_argument("-q", "--quiet",
+    argparser.add_argument("-q", "--quiet",
                         action="store_true",
                         help="hide unnecessary text, explanations, and highlighs")
 
-    args = parser.parse_args()
+    args = argparser.parse_args()
 
     try:
-        name_check = NameCheck()
-        name_check.setup_logger(verbose=args.verbose)
+        name_check = NameCheck(verbose=args.verbose)
         name_check.parse_names_in_source()
         name_check.perform_checks(quiet=args.quiet)
         sys.exit(name_check.return_code)

From 68d241211b4e18334f0e959204888a07c790cade Mon Sep 17 00:00:00 2001
From: Yuto Takano <yuto.takano@arm.com>
Date: Mon, 9 Aug 2021 12:10:31 +0100
Subject: [PATCH 207/966] Create list_internal_identifiers.py

This is the equivalent of `list-identifiers.sh --internal`, which is
useful for generating an exclusion file for ABI/API checking.

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
---
 tests/scripts/list_internal_identifiers.py | 64 ++++++++++++++++++++++
 1 file changed, 64 insertions(+)
 create mode 100755 tests/scripts/list_internal_identifiers.py

diff --git a/tests/scripts/list_internal_identifiers.py b/tests/scripts/list_internal_identifiers.py
new file mode 100755
index 0000000000..d58cb3f051
--- /dev/null
+++ b/tests/scripts/list_internal_identifiers.py
@@ -0,0 +1,64 @@
+#!/usr/bin/env python3
+#
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+"""
+This script generates a file called _identifiers that contains all Mbed TLS
+identifiers found on internal headers. This is the equivalent of what was
+previously `list-identifiers.sh --internal`, and is useful for generating an
+exclusion file list for ABI/API checking, since we do not promise compatibility
+for them.
+
+It uses the NameCeck class from check_names.py to perform the parsing.
+
+Returns 0 on success, 1 if there is a script error.
+Must be run from Mbed TLS root.
+"""
+
+import argparse
+import traceback
+import sys
+from check_names import NameCheck
+
+def main():
+    parser = argparse.ArgumentParser(
+        formatter_class=argparse.RawDescriptionHelpFormatter,
+        description=(
+            "This script writes a list of parsed identifiers in internal "
+            "headers to \"_identifiers\". This is useful for generating a list "
+            "of names to exclude from ABI checking. "))
+
+    parser.parse_args()
+
+    try:
+        name_check = NameCheck()
+        internal_headers = (
+            name_check.get_files("include/mbedtls/*_internal.h") +
+            name_check.get_files("library/*.h")
+        )
+
+        result = name_check.parse_identifiers(internal_headers)
+
+        identifiers = ["{}\n".format(match.name) for match in result]
+        with open("_identifiers", "w", encoding="utf-8") as f:
+            f.writelines(identifiers)
+
+    except Exception: # pylint: disable=broad-except
+        traceback.print_exc()
+        sys.exit(1)
+
+if __name__ == "__main__":
+    main()

From d70d446d6925f24872c751038431db66df47b47b Mon Sep 17 00:00:00 2001
From: Yuto Takano <yuto.takano@arm.com>
Date: Mon, 9 Aug 2021 12:45:51 +0100
Subject: [PATCH 208/966] Improve code style consistency in check_names.py

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
---
 tests/scripts/check_names.py | 236 ++++++++++++++++++++---------------
 1 file changed, 133 insertions(+), 103 deletions(-)

diff --git a/tests/scripts/check_names.py b/tests/scripts/check_names.py
index c129def4ed..32eac3c749 100755
--- a/tests/scripts/check_names.py
+++ b/tests/scripts/check_names.py
@@ -81,11 +81,9 @@ class Match(): # pylint: disable=too-few-public-methods
 class Problem(): # pylint: disable=too-few-public-methods
     """
     A parent class representing a form of static analysis error.
-
-    Fields:
-    * textwrapper: a TextWrapper instance to format problems nicely.
     """
     def __init__(self):
+        self.quiet = False
         self.textwrapper = textwrap.TextWrapper()
         self.textwrapper.width = 80
         self.textwrapper.initial_indent = "    > "
@@ -100,9 +98,8 @@ class SymbolNotInHeader(Problem): # pylint: disable=too-few-public-methods
     Fields:
     * symbol_name: the name of the symbol.
     """
-    def __init__(self, symbol_name, quiet=False):
+    def __init__(self, symbol_name):
         self.symbol_name = symbol_name
-        self.quiet = quiet
         Problem.__init__(self)
 
     def __str__(self):
@@ -123,19 +120,17 @@ class PatternMismatch(Problem): # pylint: disable=too-few-public-methods
     * pattern: the expected regex pattern
     * match: the Match object in question
     """
-    def __init__(self, pattern, match, quiet=False):
+    def __init__(self, pattern, match):
         self.pattern = pattern
         self.match = match
-        self.quiet = quiet
         Problem.__init__(self)
 
     def __str__(self):
         if self.quiet:
-            return ("{0}:{1}:{3}"
-                    .format(
-                        self.match.filename,
-                        self.match.pos[0],
-                        self.match.name))
+            return (
+                "{0}:{1}:{3}"
+                .format(self.match.filename, self.match.pos[0], self.match.name)
+            )
 
         return self.textwrapper.fill(
             "{0}:{1}: '{2}' does not match the required pattern '{3}'."
@@ -143,7 +138,9 @@ class PatternMismatch(Problem): # pylint: disable=too-few-public-methods
                 self.match.filename,
                 self.match.pos[0],
                 self.match.name,
-                self.pattern)) + "\n" + str(self.match)
+                self.pattern
+            )
+        ) + "\n" + str(self.match)
 
 class Typo(Problem): # pylint: disable=too-few-public-methods
     """
@@ -153,27 +150,23 @@ class Typo(Problem): # pylint: disable=too-few-public-methods
     Fields:
     * match: the Match object of the MBED name in question.
     """
-    def __init__(self, match, quiet=False):
+    def __init__(self, match):
         self.match = match
-        self.quiet = quiet
         Problem.__init__(self)
 
     def __str__(self):
         if self.quiet:
-            return ("{0}:{1}:{2}"
-                    .format(
-                        self.match.filename,
-                        self.match.pos[0],
-                        self.match.name))
+            return (
+                "{0}:{1}:{2}"
+                .format(self.match.filename, self.match.pos[0], self.match.name)
+            )
 
         return self.textwrapper.fill(
             "{0}:{1}: '{2}' looks like a typo. It was not found in any "
             "macros or any enums. If this is not a typo, put "
             "//no-check-names after it."
-            .format(
-                self.match.filename,
-                self.match.pos[0],
-                self.match.name)) + "\n" + str(self.match)
+            .format(self.match.filename, self.match.pos[0], self.match.name)
+        ) + "\n" + str(self.match)
 
 class NameCheck():
     """
@@ -184,7 +177,6 @@ class NameCheck():
         self.log = None
         self.check_repo_path()
         self.return_code = 0
-
         self.setup_logger(verbose)
 
         # Globally excluded filenames
@@ -193,11 +185,6 @@ class NameCheck():
         # Will contain the parse result after a comprehensive parse
         self.parse_result = {}
 
-    def set_return_code(self, return_code):
-        if return_code > self.return_code:
-            self.log.debug("Setting new return code to {}".format(return_code))
-            self.return_code = return_code
-
     @staticmethod
     def check_repo_path():
         """
@@ -207,6 +194,11 @@ class NameCheck():
         if not all(os.path.isdir(d) for d in ["include", "library", "tests"]):
             raise Exception("This script must be run from Mbed TLS root")
 
+    def set_return_code(self, return_code):
+        if return_code > self.return_code:
+            self.log.debug("Setting new return code to {}".format(return_code))
+            self.return_code = return_code
+
     def setup_logger(self, verbose=False):
         """
         Set up a logger and set the change the default logging level from
@@ -247,28 +239,35 @@ class NameCheck():
         """
         self.log.info("Parsing source code...")
         self.log.debug(
-            "The following files are excluded from the search: {}"
+            "The following filenames are excluded from the search: {}"
             .format(str(self.excluded_files))
         )
 
         m_headers = self.get_files("include/mbedtls/*.h")
         p_headers = self.get_files("include/psa/*.h")
-        t_headers = ["3rdparty/everest/include/everest/everest.h",
-                     "3rdparty/everest/include/everest/x25519.h"]
+        t_headers = [
+            "3rdparty/everest/include/everest/everest.h",
+            "3rdparty/everest/include/everest/x25519.h"
+        ]
         d_headers = self.get_files("tests/include/test/drivers/*.h")
         l_headers = self.get_files("library/*.h")
         libraries = self.get_files("library/*.c") + [
             "3rdparty/everest/library/everest.c",
-            "3rdparty/everest/library/x25519.c"]
+            "3rdparty/everest/library/x25519.c"
+        ]
 
         all_macros = self.parse_macros(
-            m_headers + p_headers + t_headers + l_headers + d_headers)
+            m_headers + p_headers + t_headers + l_headers + d_headers
+        )
         enum_consts = self.parse_enum_consts(
-            m_headers + l_headers + t_headers)
+            m_headers + l_headers + t_headers
+        )
         identifiers = self.parse_identifiers(
-            m_headers + p_headers + t_headers + l_headers)
+            m_headers + p_headers + t_headers + l_headers
+        )
         mbed_words = self.parse_mbed_words(
-            m_headers + p_headers + t_headers + l_headers + libraries)
+            m_headers + p_headers + t_headers + l_headers + libraries
+        )
         symbols = self.parse_symbols()
 
         # Remove identifier macros like mbedtls_printf or mbedtls_calloc
@@ -279,7 +278,7 @@ class NameCheck():
                 actual_macros.append(macro)
 
         self.log.debug("Found:")
-        self.log.debug("  {} Macros".format(len(all_macros)))
+        self.log.debug("  {} Total Macros".format(len(all_macros)))
         self.log.debug("  {} Non-identifier Macros".format(len(actual_macros)))
         self.log.debug("  {} Enum Constants".format(len(enum_consts)))
         self.log.debug("  {} Identifiers".format(len(identifiers)))
@@ -294,12 +293,12 @@ class NameCheck():
             "mbed_words": mbed_words
         }
 
-    def parse_macros(self, header_files):
+    def parse_macros(self, files):
         """
         Parse all macros defined by #define preprocessor directives.
 
         Args:
-        * header_files: A List of filepaths to look through.
+        * files: A List of filepaths to look through.
 
         Returns a List of Match objects for the found macros.
         """
@@ -308,20 +307,22 @@ class NameCheck():
             "asm", "inline", "EMIT", "_CRT_SECURE_NO_DEPRECATE", "MULADDC_"
         )
 
-        self.log.debug("Looking for macros in {} files".format(len(header_files)))
+        self.log.debug("Looking for macros in {} files".format(len(files)))
 
         macros = []
 
-        for header_file in header_files:
+        for header_file in files:
             with open(header_file, "r", encoding="utf-8") as header:
                 for line_no, line in enumerate(header):
                     for macro in macro_regex.finditer(line):
-                        if not macro.group("macro").startswith(exclusions):
-                            macros.append(Match(
-                                header_file,
-                                line,
-                                (line_no, macro.start(), macro.end()),
-                                macro.group("macro")))
+                        if macro.group("macro").startswith(exclusions):
+                            continue
+
+                        macros.append(Match(
+                            header_file,
+                            line,
+                            (line_no, macro.start(), macro.end()),
+                            macro.group("macro")))
 
         return macros
 
@@ -359,20 +360,23 @@ class NameCheck():
 
         return mbed_words
 
-    def parse_enum_consts(self, header_files):
+    def parse_enum_consts(self, files):
         """
         Parse all enum value constants that are declared.
 
         Args:
-        * header_files: A List of filepaths to look through.
+        * files: A List of filepaths to look through.
 
         Returns a List of Match objects for the findings.
         """
-        self.log.debug("Looking for enum consts in {} files".format(len(header_files)))
+        self.log.debug(
+            "Looking for enum consts in {} files"
+            .format(len(files))
+        )
 
         enum_consts = []
 
-        for header_file in header_files:
+        for header_file in files:
             # Emulate a finite state machine to parse enum declarations.
             # 0 = not in enum
             # 1 = inside enum
@@ -393,22 +397,26 @@ class NameCheck():
                         state = 0
                     elif state == 1 and not re.match(r" *#", line):
                         enum_const = re.match(r" *(?P<enum_const>\w+)", line)
-                        if enum_const:
-                            enum_consts.append(Match(
-                                header_file,
-                                line,
-                                (line_no, enum_const.start(), enum_const.end()),
-                                enum_const.group("enum_const")))
+                        if not enum_const:
+                            continue
+
+                        enum_consts.append(Match(
+                            header_file,
+                            line,
+                            (line_no, enum_const.start(), enum_const.end()),
+                            enum_const.group("enum_const")))
 
         return enum_consts
 
-    def parse_identifiers(self, header_files):
+    def parse_identifiers(self, files):
         """
         Parse all lines of a header where a function identifier is declared,
         based on some huersitics. Highly dependent on formatting style.
+        Note: .match() checks at the beginning of the string (implicit ^), while
+        .search() checks throughout.
 
         Args:
-        * header_files: A List of filepaths to look through.
+        * files: A List of filepaths to look through.
 
         Returns a List of Match objects with identifiers.
         """
@@ -425,23 +433,31 @@ class NameCheck():
             # Match names of named data structures.
             r"(?:typedef +)?(?:struct|union|enum) +(\w+)(?: *{)?$|"
             # Match names of typedef instances, after closing bracket.
-            r"}? *(\w+)[;[].*")
-        exclusion_lines = re.compile(r"^("
-                                     r"extern +\"C\"|"
-                                     r"(typedef +)?(struct|union|enum)( *{)?$|"
-                                     r"} *;?$|"
-                                     r"$|"
-                                     r"//|"
-                                     r"#"
-                                     r")")
+            r"}? *(\w+)[;[].*"
+        )
+        exclusion_lines = re.compile(
+            r"^("
+            r"extern +\"C\"|"
+            r"(typedef +)?(struct|union|enum)( *{)?$|"
+            r"} *;?$|"
+            r"$|"
+            r"//|"
+            r"#"
+            r")"
+        )
 
-        self.log.debug("Looking for identifiers in {} files".format(len(header_files)))
+        self.log.debug(
+            "Looking for identifiers in {} files"
+            .format(len(files))
+        )
 
         identifiers = []
 
-        for header_file in header_files:
+        for header_file in files:
             with open(header_file, "r", encoding="utf-8") as header:
                 in_block_comment = False
+                # The previous line varibale is used for concatenating lines
+                # when identifiers are formatted and spread across multiple.
                 previous_line = ""
 
                 for line_no, line in enumerate(header):
@@ -484,15 +500,19 @@ class NameCheck():
 
                     identifier = identifier_regex.search(line)
 
-                    if identifier:
-                        # Find the group that matched, and append it
-                        for group in identifier.groups():
-                            if group:
-                                identifiers.append(Match(
-                                    header_file,
-                                    line,
-                                    (line_no, identifier.start(), identifier.end()),
-                                    group))
+                    if not identifier:
+                        continue
+
+                    # Find the group that matched, and append it
+                    for group in identifier.groups():
+                        if not group:
+                            continue
+
+                        identifiers.append(Match(
+                            header_file,
+                            line,
+                            (line_no, identifier.start(), identifier.end()),
+                            group))
 
         return identifiers
 
@@ -510,8 +530,10 @@ class NameCheck():
         symbols = []
 
         # Back up the config and atomically compile with the full configratuion.
-        shutil.copy("include/mbedtls/mbedtls_config.h",
-                    "include/mbedtls/mbedtls_config.h.bak")
+        shutil.copy(
+            "include/mbedtls/mbedtls_config.h",
+            "include/mbedtls/mbedtls_config.h.bak"
+        )
         try:
             # Use check=True in all subprocess calls so that failures are raised
             # as exceptions and logged.
@@ -532,10 +554,11 @@ class NameCheck():
             )
 
             # Perform object file analysis using nm
-            symbols = self.parse_symbols_from_nm(
-                ["library/libmbedcrypto.a",
-                 "library/libmbedtls.a",
-                 "library/libmbedx509.a"])
+            symbols = self.parse_symbols_from_nm([
+                "library/libmbedcrypto.a",
+                "library/libmbedtls.a",
+                "library/libmbedx509.a"
+            ])
 
             subprocess.run(
                 ["make", "clean"],
@@ -549,8 +572,10 @@ class NameCheck():
         finally:
             # Put back the original config regardless of there being errors.
             # Works also for keyboard interrupts.
-            shutil.move("include/mbedtls/mbedtls_config.h.bak",
-                        "include/mbedtls/mbedtls_config.h")
+            shutil.move(
+                "include/mbedtls/mbedtls_config.h.bak",
+                "include/mbedtls/mbedtls_config.h"
+            )
 
         return symbols
 
@@ -606,9 +631,11 @@ class NameCheck():
 
         problems += self.check_symbols_declared_in_header(quiet)
 
-        pattern_checks = [("macros", MACRO_PATTERN),
-                          ("enum_consts", CONSTANTS_PATTERN),
-                          ("identifiers", IDENTIFIER_PATTERN)]
+        pattern_checks = [
+            ("macros", MACRO_PATTERN),
+            ("enum_consts", CONSTANTS_PATTERN),
+            ("identifiers", IDENTIFIER_PATTERN)
+        ]
         for group, check_pattern in pattern_checks:
             problems += self.check_match_pattern(quiet, group, check_pattern)
 
@@ -645,12 +672,11 @@ class NameCheck():
                     break
 
             if not found_symbol_declared:
-                problems.append(SymbolNotInHeader(symbol, quiet=quiet))
+                problems.append(SymbolNotInHeader(symbol))
 
-        self.output_check_result("All symbols in header", problems)
+        self.output_check_result(quiet, "All symbols in header", problems)
         return len(problems)
 
-
     def check_match_pattern(self, quiet, group_to_check, check_pattern):
         """
         Perform a check that all items of a group conform to a regex pattern.
@@ -670,12 +696,10 @@ class NameCheck():
                 problems.append(PatternMismatch(check_pattern, item_match))
             # Double underscore is a reserved identifier, never to be used
             if re.match(r".*__.*", item_match.name):
-                problems.append(PatternMismatch(
-                    "double underscore",
-                    item_match,
-                    quiet=quiet))
+                problems.append(PatternMismatch("double underscore", item_match))
 
         self.output_check_result(
+            quiet,
             "Naming patterns of {}".format(group_to_check),
             problems)
         return len(problems)
@@ -693,7 +717,7 @@ class NameCheck():
         """
         problems = []
 
-        # Set comprehension, equivalent to a list comprehension inside set()
+        # Set comprehension, equivalent to a list comprehension wrapped by set()
         all_caps_names = {
             match.name
             for match
@@ -713,20 +737,26 @@ class NameCheck():
                     "MBEDTLS_PSA_BUILTIN_") in all_caps_names
 
             if not found and not typo_exclusion.search(name_match.name):
-                problems.append(Typo(name_match, quiet=quiet))
+                problems.append(Typo(name_match))
 
-        self.output_check_result("Likely typos", problems)
+        self.output_check_result(quiet, "Likely typos", problems)
         return len(problems)
 
-    def output_check_result(self, name, problems):
+    def output_check_result(self, quiet, name, problems):
         """
         Write out the PASS/FAIL status of a performed check depending on whether
         there were problems.
+
+        Args:
+        * quiet: whether to hide detailed problem explanation.
+        * name: the name of the test
+        * problems: a List of encountered Problems
         """
         if problems:
             self.set_return_code(1)
             self.log.info("{}: FAIL\n".format(name))
             for problem in problems:
+                problem.quiet = quiet
                 self.log.warning(str(problem))
         else:
             self.log.info("{}: PASS".format(name))

From f005c3369ac17be7860e4256ff2d497354d12338 Mon Sep 17 00:00:00 2001
From: Yuto Takano <yuto.takano@arm.com>
Date: Mon, 9 Aug 2021 13:56:36 +0100
Subject: [PATCH 209/966] Change variable name argparser to parser

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
---
 tests/scripts/check_names.py | 25 ++++++++++++++-----------
 1 file changed, 14 insertions(+), 11 deletions(-)

diff --git a/tests/scripts/check_names.py b/tests/scripts/check_names.py
index 32eac3c749..ce03b8a661 100755
--- a/tests/scripts/check_names.py
+++ b/tests/scripts/check_names.py
@@ -766,23 +766,26 @@ def main():
     Perform argument parsing, and create an instance of NameCheck to begin the
     core operation.
     """
-    argparser = argparse.ArgumentParser(
+    parser = argparse.ArgumentParser(
         formatter_class=argparse.RawDescriptionHelpFormatter,
         description=(
             "This script confirms that the naming of all symbols and identifiers "
             "in Mbed TLS are consistent with the house style and are also "
             "self-consistent.\n\n"
-            "Expected to be run from the MbedTLS root directory."))
+            "Expected to be run from the MbedTLS root directory.")
+    )
+    parser.add_argument(
+        "-v", "--verbose",
+        action="store_true",
+        help="show parse results"
+    )
+    parser.add_argument(
+        "-q", "--quiet",
+        action="store_true",
+        help="hide unnecessary text, explanations, and highlighs"
+    )
 
-    argparser.add_argument("-v", "--verbose",
-                        action="store_true",
-                        help="show parse results")
-
-    argparser.add_argument("-q", "--quiet",
-                        action="store_true",
-                        help="hide unnecessary text, explanations, and highlighs")
-
-    args = argparser.parse_args()
+    args = parser.parse_args()
 
     try:
         name_check = NameCheck(verbose=args.verbose)

From 8e9a219310b498465cbf172e239e81317850118f Mon Sep 17 00:00:00 2001
From: Yuto Takano <yuto.takano@arm.com>
Date: Mon, 9 Aug 2021 14:48:53 +0100
Subject: [PATCH 210/966] Improve ease of specifying which files to look in
 (check_names)

- Instead of os.path.join, use glob patterns (supports Windows too)
- Instead of creating the lists beforehand (which adds messiness), pass glob
  expessions to functions and let them memoise it.
- Add support for excluding based on glob patterns, which isn't used now but
  could come in handy.

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
---
 tests/scripts/check_names.py               | 140 ++++++++++++---------
 tests/scripts/list_internal_identifiers.py |  10 +-
 2 files changed, 84 insertions(+), 66 deletions(-)

diff --git a/tests/scripts/check_names.py b/tests/scripts/check_names.py
index ce03b8a661..37a8be325d 100755
--- a/tests/scripts/check_names.py
+++ b/tests/scripts/check_names.py
@@ -179,8 +179,11 @@ class NameCheck():
         self.return_code = 0
         self.setup_logger(verbose)
 
+        # Memo for storing "glob expression": set(filepaths)
+        self.files = {}
+
         # Globally excluded filenames
-        self.excluded_files = ["bn_mul", "compat-2.x.h"]
+        self.excluded_files = ["**/bn_mul", "**/compat-2.x.h"]
 
         # Will contain the parse result after a comprehensive parse
         self.parse_result = {}
@@ -212,23 +215,46 @@ class NameCheck():
             self.log.setLevel(logging.INFO)
         self.log.addHandler(logging.StreamHandler())
 
-    def get_files(self, wildcard):
+    def get_files(self, include_wildcards, exclude_wildcards):
         """
-        Get all files that match a UNIX-style wildcard recursively. While the
-        script is designed only for use on UNIX/macOS (due to nm), this function
-        would work fine on Windows even with forward slashes in the wildcard.
+        Get all files that match any of the UNIX-style wildcards. While the
+        check_names script is designed only for use on UNIX/macOS (due to nm),
+        this function alone would work fine on Windows even with forward slashes
+        in the wildcard.
 
         Args:
-        * wildcard: shell-style wildcards to match filepaths against.
+        * include_wildcards: a List of shell-style wildcards to match filepaths.
+        * exclude_wildacrds: a List of shell-style wildcards to exclude.
 
         Returns a List of relative filepaths.
         """
-        accumulator = []
+        accumulator = set()
 
-        for filepath in glob.iglob(wildcard, recursive=True):
-            if os.path.basename(filepath) not in self.excluded_files:
-                accumulator.append(filepath)
-        return accumulator
+        # exclude_wildcards may be None. Also, consider the global exclusions.
+        exclude_wildcards = (exclude_wildcards or []) + self.excluded_files
+
+        # Perform set union on the glob results. Memoise individual sets.
+        for include_wildcard in include_wildcards:
+            if include_wildcard not in self.files:
+                self.files[include_wildcard] = set(glob.glob(
+                    include_wildcard,
+                    recursive=True
+                ))
+
+            accumulator = accumulator.union(self.files[include_wildcard])
+
+        # Perform set difference to exclude. Also use the same memo since their
+        # behaviour is pretty much identical and it can benefit from the cache.
+        for exclude_wildcard in exclude_wildcards:
+            if exclude_wildcard not in self.files:
+                self.files[exclude_wildcard] = set(glob.glob(
+                    exclude_wildcard,
+                    recursive=True
+                ))
+
+            accumulator = accumulator.difference(self.files[exclude_wildcard])
+
+        return list(accumulator)
 
     def parse_names_in_source(self):
         """
@@ -243,31 +269,37 @@ class NameCheck():
             .format(str(self.excluded_files))
         )
 
-        m_headers = self.get_files("include/mbedtls/*.h")
-        p_headers = self.get_files("include/psa/*.h")
-        t_headers = [
+        all_macros = self.parse_macros([
+            "include/mbedtls/*.h",
+            "include/psa/*.h",
+            "library/*.h",
+            "tests/include/test/drivers/*.h",
             "3rdparty/everest/include/everest/everest.h",
             "3rdparty/everest/include/everest/x25519.h"
-        ]
-        d_headers = self.get_files("tests/include/test/drivers/*.h")
-        l_headers = self.get_files("library/*.h")
-        libraries = self.get_files("library/*.c") + [
+        ])
+        enum_consts = self.parse_enum_consts([
+            "include/mbedtls/*.h",
+            "library/*.h",
+            "3rdparty/everest/include/everest/everest.h",
+            "3rdparty/everest/include/everest/x25519.h"
+        ])
+        identifiers = self.parse_identifiers([
+            "include/mbedtls/*.h",
+            "include/psa/*.h",
+            "library/*.h",
+            "3rdparty/everest/include/everest/everest.h",
+            "3rdparty/everest/include/everest/x25519.h"
+        ])
+        mbed_words = self.parse_mbed_words([
+            "include/mbedtls/*.h",
+            "include/psa/*.h",
+            "library/*.h",
+            "3rdparty/everest/include/everest/everest.h",
+            "3rdparty/everest/include/everest/x25519.h",
+            "library/*.c",
             "3rdparty/everest/library/everest.c",
             "3rdparty/everest/library/x25519.c"
-        ]
-
-        all_macros = self.parse_macros(
-            m_headers + p_headers + t_headers + l_headers + d_headers
-        )
-        enum_consts = self.parse_enum_consts(
-            m_headers + l_headers + t_headers
-        )
-        identifiers = self.parse_identifiers(
-            m_headers + p_headers + t_headers + l_headers
-        )
-        mbed_words = self.parse_mbed_words(
-            m_headers + p_headers + t_headers + l_headers + libraries
-        )
+        ])
         symbols = self.parse_symbols()
 
         # Remove identifier macros like mbedtls_printf or mbedtls_calloc
@@ -284,7 +316,6 @@ class NameCheck():
         self.log.debug("  {} Identifiers".format(len(identifiers)))
         self.log.debug("  {} Exported Symbols".format(len(symbols)))
         self.log.info("Analysing...")
-
         self.parse_result = {
             "macros": actual_macros,
             "enum_consts": enum_consts,
@@ -293,12 +324,13 @@ class NameCheck():
             "mbed_words": mbed_words
         }
 
-    def parse_macros(self, files):
+    def parse_macros(self, include, exclude=None):
         """
         Parse all macros defined by #define preprocessor directives.
 
         Args:
-        * files: A List of filepaths to look through.
+        * include: A List of glob expressions to look for files through.
+        * exclude: A List of glob expressions for excluding files.
 
         Returns a List of Match objects for the found macros.
         """
@@ -307,11 +339,9 @@ class NameCheck():
             "asm", "inline", "EMIT", "_CRT_SECURE_NO_DEPRECATE", "MULADDC_"
         )
 
-        self.log.debug("Looking for macros in {} files".format(len(files)))
-
         macros = []
 
-        for header_file in files:
+        for header_file in self.get_files(include, exclude):
             with open(header_file, "r", encoding="utf-8") as header:
                 for line_no, line in enumerate(header):
                     for macro in macro_regex.finditer(line):
@@ -326,13 +356,14 @@ class NameCheck():
 
         return macros
 
-    def parse_mbed_words(self, files):
+    def parse_mbed_words(self, include, exclude=None):
         """
         Parse all words in the file that begin with MBED, in and out of macros,
         comments, anything.
 
         Args:
-        * files: a List of filepaths to look through.
+        * include: A List of glob expressions to look for files through.
+        * exclude: A List of glob expressions for excluding files.
 
         Returns a List of Match objects for words beginning with MBED.
         """
@@ -340,11 +371,9 @@ class NameCheck():
         mbed_regex = re.compile(r"\bMBED.+?_[A-Z0-9_]*")
         exclusions = re.compile(r"// *no-check-names|#error")
 
-        self.log.debug("Looking for MBED names in {} files".format(len(files)))
-
         mbed_words = []
 
-        for filename in files:
+        for filename in self.get_files(include, exclude):
             with open(filename, "r", encoding="utf-8") as fp:
                 for line_no, line in enumerate(fp):
                     if exclusions.search(line):
@@ -360,23 +389,19 @@ class NameCheck():
 
         return mbed_words
 
-    def parse_enum_consts(self, files):
+    def parse_enum_consts(self, include, exclude=None):
         """
         Parse all enum value constants that are declared.
 
         Args:
-        * files: A List of filepaths to look through.
+        * include: A List of glob expressions to look for files through.
+        * exclude: A List of glob expressions for excluding files.
 
         Returns a List of Match objects for the findings.
         """
-        self.log.debug(
-            "Looking for enum consts in {} files"
-            .format(len(files))
-        )
-
         enum_consts = []
 
-        for header_file in files:
+        for header_file in self.get_files(include, exclude):
             # Emulate a finite state machine to parse enum declarations.
             # 0 = not in enum
             # 1 = inside enum
@@ -408,7 +433,7 @@ class NameCheck():
 
         return enum_consts
 
-    def parse_identifiers(self, files):
+    def parse_identifiers(self, include, exclude=None):
         """
         Parse all lines of a header where a function identifier is declared,
         based on some huersitics. Highly dependent on formatting style.
@@ -416,7 +441,8 @@ class NameCheck():
         .search() checks throughout.
 
         Args:
-        * files: A List of filepaths to look through.
+        * include: A List of glob expressions to look for files through.
+        * exclude: A List of glob expressions for excluding files.
 
         Returns a List of Match objects with identifiers.
         """
@@ -445,15 +471,9 @@ class NameCheck():
             r"#"
             r")"
         )
-
-        self.log.debug(
-            "Looking for identifiers in {} files"
-            .format(len(files))
-        )
-
         identifiers = []
 
-        for header_file in files:
+        for header_file in self.get_files(include, exclude):
             with open(header_file, "r", encoding="utf-8") as header:
                 in_block_comment = False
                 # The previous line varibale is used for concatenating lines
diff --git a/tests/scripts/list_internal_identifiers.py b/tests/scripts/list_internal_identifiers.py
index d58cb3f051..75b1646aa1 100755
--- a/tests/scripts/list_internal_identifiers.py
+++ b/tests/scripts/list_internal_identifiers.py
@@ -45,12 +45,10 @@ def main():
 
     try:
         name_check = NameCheck()
-        internal_headers = (
-            name_check.get_files("include/mbedtls/*_internal.h") +
-            name_check.get_files("library/*.h")
-        )
-
-        result = name_check.parse_identifiers(internal_headers)
+        result = name_check.parse_identifiers([
+            "include/mbedtls/*_internal.h",
+            "library/*.h"
+        ])
 
         identifiers = ["{}\n".format(match.name) for match in result]
         with open("_identifiers", "w", encoding="utf-8") as f:

From 50953433a440dc0c2d377d0bc0289716a92d2edd Mon Sep 17 00:00:00 2001
From: Yuto Takano <yuto.takano@arm.com>
Date: Mon, 9 Aug 2021 14:54:36 +0100
Subject: [PATCH 211/966] Bring back logging of number of files

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
---
 tests/scripts/check_names.py | 27 ++++++++++++++++++---------
 1 file changed, 18 insertions(+), 9 deletions(-)

diff --git a/tests/scripts/check_names.py b/tests/scripts/check_names.py
index 37a8be325d..9a7f3918e6 100755
--- a/tests/scripts/check_names.py
+++ b/tests/scripts/check_names.py
@@ -265,7 +265,7 @@ class NameCheck():
         """
         self.log.info("Parsing source code...")
         self.log.debug(
-            "The following filenames are excluded from the search: {}"
+            "The following files are excluded from the search: {}"
             .format(str(self.excluded_files))
         )
 
@@ -339,9 +339,11 @@ class NameCheck():
             "asm", "inline", "EMIT", "_CRT_SECURE_NO_DEPRECATE", "MULADDC_"
         )
 
-        macros = []
+        files = self.get_files(include, exclude)
+        self.log.debug("Looking for macros in {} files".format(len(files)))
 
-        for header_file in self.get_files(include, exclude):
+        macros = []
+        for header_file in files:
             with open(header_file, "r", encoding="utf-8") as header:
                 for line_no, line in enumerate(header):
                     for macro in macro_regex.finditer(line):
@@ -371,9 +373,11 @@ class NameCheck():
         mbed_regex = re.compile(r"\bMBED.+?_[A-Z0-9_]*")
         exclusions = re.compile(r"// *no-check-names|#error")
 
-        mbed_words = []
+        files = self.get_files(include, exclude)
+        self.log.debug("Looking for MBED words in {} files".format(len(files)))
 
-        for filename in self.get_files(include, exclude):
+        mbed_words = []
+        for filename in files:
             with open(filename, "r", encoding="utf-8") as fp:
                 for line_no, line in enumerate(fp):
                     if exclusions.search(line):
@@ -399,9 +403,11 @@ class NameCheck():
 
         Returns a List of Match objects for the findings.
         """
-        enum_consts = []
+        files = self.get_files(include, exclude)
+        self.log.debug("Looking for enum consts in {} files".format(len(files)))
 
-        for header_file in self.get_files(include, exclude):
+        enum_consts = []
+        for header_file in files:
             # Emulate a finite state machine to parse enum declarations.
             # 0 = not in enum
             # 1 = inside enum
@@ -471,9 +477,12 @@ class NameCheck():
             r"#"
             r")"
         )
-        identifiers = []
 
-        for header_file in self.get_files(include, exclude):
+        files = self.get_files(include, exclude)
+        self.log.debug("Looking for identifiers in {} files".format(len(files)))
+
+        identifiers = []
+        for header_file in files:
             with open(header_file, "r", encoding="utf-8") as header:
                 in_block_comment = False
                 # The previous line varibale is used for concatenating lines

From 55c6c87d951823b31e353a6bad5d7cc2e7957557 Mon Sep 17 00:00:00 2001
From: Yuto Takano <yuto.takano@arm.com>
Date: Mon, 9 Aug 2021 15:35:19 +0100
Subject: [PATCH 212/966] Separate code parsing and name checking in two
 classes

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
---
 tests/scripts/check_names.py               | 191 +++++++++++----------
 tests/scripts/list_internal_identifiers.py |   5 +-
 2 files changed, 99 insertions(+), 97 deletions(-)

diff --git a/tests/scripts/check_names.py b/tests/scripts/check_names.py
index 9a7f3918e6..957701433a 100755
--- a/tests/scripts/check_names.py
+++ b/tests/scripts/check_names.py
@@ -20,16 +20,26 @@ This script confirms that the naming of all symbols and identifiers in Mbed TLS
 are consistent with the house style and are also self-consistent. It only runs
 on Linux and macOS since it depends on nm.
 
-The script performs the following checks:
+It contains two major Python classes, CodeParser and NameChecker. They both have
+a comprehensive "run-all" function (comprehensive_parse() and perform_checks())
+but the individual functions can also be used for specific needs.
+
+CodeParser makes heavy use of regular expressions to parse the code, and is
+dependent on the current code formatting. Many Python C parser libraries require
+preprocessed C code, which means no macro parsing. Compiler tools are also not
+very helpful when we want the exact location in the original source (which
+becomes impossible when e.g. comments are stripped).
+
+NameChecker performs the following checks:
 
 - All exported and available symbols in the library object files, are explicitly
   declared in the header files. This uses the nm command.
 - All macros, constants, and identifiers (function names, struct names, etc)
-  follow the required pattern.
+  follow the required regex pattern.
 - Typo checking: All words that begin with MBED exist as macros or constants.
 
-Returns 0 on success, 1 on test failure, and 2 if there is a script error or a
-subprocess error. Must be run from Mbed TLS root.
+The script returns 0 on success, 1 on test failure, and 2 if there is a script
+error error. Must be run from Mbed TLS root.
 """
 
 import argparse
@@ -168,16 +178,15 @@ class Typo(Problem): # pylint: disable=too-few-public-methods
             .format(self.match.filename, self.match.pos[0], self.match.name)
         ) + "\n" + str(self.match)
 
-class NameCheck():
+class CodeParser():
     """
-    Representation of the core name checking operation performed by this script.
-    Shares a common logger, and a shared return code.
+    Class for retrieving files and parsing the code. This can be used
+    independently of the checks that NameChecker performs, for example for
+    list_internal_identifiers.py.
     """
-    def __init__(self, verbose=False):
-        self.log = None
+    def __init__(self, log):
+        self.log = log
         self.check_repo_path()
-        self.return_code = 0
-        self.setup_logger(verbose)
 
         # Memo for storing "glob expression": set(filepaths)
         self.files = {}
@@ -185,9 +194,6 @@ class NameCheck():
         # Globally excluded filenames
         self.excluded_files = ["**/bn_mul", "**/compat-2.x.h"]
 
-        # Will contain the parse result after a comprehensive parse
-        self.parse_result = {}
-
     @staticmethod
     def check_repo_path():
         """
@@ -197,71 +203,12 @@ class NameCheck():
         if not all(os.path.isdir(d) for d in ["include", "library", "tests"]):
             raise Exception("This script must be run from Mbed TLS root")
 
-    def set_return_code(self, return_code):
-        if return_code > self.return_code:
-            self.log.debug("Setting new return code to {}".format(return_code))
-            self.return_code = return_code
-
-    def setup_logger(self, verbose=False):
+    def comprehensive_parse(self):
         """
-        Set up a logger and set the change the default logging level from
-        WARNING to INFO. Loggers are better than print statements since their
-        verbosity can be controlled.
-        """
-        self.log = logging.getLogger()
-        if verbose:
-            self.log.setLevel(logging.DEBUG)
-        else:
-            self.log.setLevel(logging.INFO)
-        self.log.addHandler(logging.StreamHandler())
+        Comprehensive ("default") function to call each parsing function and
+        retrieve various elements of the code, together with the source location.
 
-    def get_files(self, include_wildcards, exclude_wildcards):
-        """
-        Get all files that match any of the UNIX-style wildcards. While the
-        check_names script is designed only for use on UNIX/macOS (due to nm),
-        this function alone would work fine on Windows even with forward slashes
-        in the wildcard.
-
-        Args:
-        * include_wildcards: a List of shell-style wildcards to match filepaths.
-        * exclude_wildacrds: a List of shell-style wildcards to exclude.
-
-        Returns a List of relative filepaths.
-        """
-        accumulator = set()
-
-        # exclude_wildcards may be None. Also, consider the global exclusions.
-        exclude_wildcards = (exclude_wildcards or []) + self.excluded_files
-
-        # Perform set union on the glob results. Memoise individual sets.
-        for include_wildcard in include_wildcards:
-            if include_wildcard not in self.files:
-                self.files[include_wildcard] = set(glob.glob(
-                    include_wildcard,
-                    recursive=True
-                ))
-
-            accumulator = accumulator.union(self.files[include_wildcard])
-
-        # Perform set difference to exclude. Also use the same memo since their
-        # behaviour is pretty much identical and it can benefit from the cache.
-        for exclude_wildcard in exclude_wildcards:
-            if exclude_wildcard not in self.files:
-                self.files[exclude_wildcard] = set(glob.glob(
-                    exclude_wildcard,
-                    recursive=True
-                ))
-
-            accumulator = accumulator.difference(self.files[exclude_wildcard])
-
-        return list(accumulator)
-
-    def parse_names_in_source(self):
-        """
-        Comprehensive function to call each parsing function and retrieve
-        various elements of the code, together with their source location.
-        Puts the parsed values in the internal variable self.parse_result, so
-        they can be used from perform_checks().
+        Returns a dict of parsed item key to the corresponding List of Matches.
         """
         self.log.info("Parsing source code...")
         self.log.debug(
@@ -315,8 +262,7 @@ class NameCheck():
         self.log.debug("  {} Enum Constants".format(len(enum_consts)))
         self.log.debug("  {} Identifiers".format(len(identifiers)))
         self.log.debug("  {} Exported Symbols".format(len(symbols)))
-        self.log.info("Analysing...")
-        self.parse_result = {
+        return {
             "macros": actual_macros,
             "enum_consts": enum_consts,
             "identifiers": identifiers,
@@ -324,6 +270,47 @@ class NameCheck():
             "mbed_words": mbed_words
         }
 
+    def get_files(self, include_wildcards, exclude_wildcards):
+        """
+        Get all files that match any of the UNIX-style wildcards. While the
+        check_names script is designed only for use on UNIX/macOS (due to nm),
+        this function alone would work fine on Windows even with forward slashes
+        in the wildcard.
+
+        Args:
+        * include_wildcards: a List of shell-style wildcards to match filepaths.
+        * exclude_wildcards: a List of shell-style wildcards to exclude.
+
+        Returns a List of relative filepaths.
+        """
+        accumulator = set()
+
+        # exclude_wildcards may be None. Also, consider the global exclusions.
+        exclude_wildcards = (exclude_wildcards or []) + self.excluded_files
+
+        # Perform set union on the glob results. Memoise individual sets.
+        for include_wildcard in include_wildcards:
+            if include_wildcard not in self.files:
+                self.files[include_wildcard] = set(glob.glob(
+                    include_wildcard,
+                    recursive=True
+                ))
+
+            accumulator = accumulator.union(self.files[include_wildcard])
+
+        # Perform set difference to exclude. Also use the same memo since their
+        # behaviour is pretty much identical and it can benefit from the cache.
+        for exclude_wildcard in exclude_wildcards:
+            if exclude_wildcard not in self.files:
+                self.files[exclude_wildcard] = set(glob.glob(
+                    exclude_wildcard,
+                    recursive=True
+                ))
+
+            accumulator = accumulator.difference(self.files[exclude_wildcard])
+
+        return list(accumulator)
+
     def parse_macros(self, include, exclude=None):
         """
         Parse all macros defined by #define preprocessor directives.
@@ -456,11 +443,11 @@ class NameCheck():
             # Match " something(a" or " *something(a". Functions.
             # Assumptions:
             # - function definition from return type to one of its arguments is
-            #   all on one line (enforced by the previous_line concat below)
+            #   all on one line
             # - function definition line only contains alphanumeric, asterisk,
             #   underscore, and open bracket
             r".* \**(\w+) *\( *\w|"
-            # Match "(*something)(". Flexible with spaces.
+            # Match "(*something)(".
             r".*\( *\* *(\w+) *\) *\(|"
             # Match names of named data structures.
             r"(?:typedef +)?(?:struct|union|enum) +(\w+)(?: *{)?$|"
@@ -485,7 +472,7 @@ class NameCheck():
         for header_file in files:
             with open(header_file, "r", encoding="utf-8") as header:
                 in_block_comment = False
-                # The previous line varibale is used for concatenating lines
+                # The previous line variable is used for concatenating lines
                 # when identifiers are formatted and spread across multiple.
                 previous_line = ""
 
@@ -596,7 +583,6 @@ class NameCheck():
             )
         except subprocess.CalledProcessError as error:
             self.log.debug(error.output)
-            self.set_return_code(2)
             raise error
         finally:
             # Put back the original config regardless of there being errors.
@@ -614,7 +600,7 @@ class NameCheck():
         Does not return the position data since it is of no use.
 
         Args:
-        * object_files: a List of compiled object files to search through.
+        * object_files: a List of compiled object filepaths to search through.
 
         Returns a List of unique symbols defined and used in any of the object
         files.
@@ -646,18 +632,24 @@ class NameCheck():
 
         return symbols
 
+class NameChecker():
+    """
+    Representation of the core name checking operation performed by this script.
+    """
+    def __init__(self, parse_result, log):
+        self.parse_result = parse_result
+        self.log = log
+
     def perform_checks(self, quiet=False):
         """
-        Perform each check in order, output its PASS/FAIL status. Maintain an
-        overall test status, and output that at the end.
-        Assumes parse_names_in_source() was called before this.
+        A comprehensive checker that performs each check in order, and outputs
+        a final verdict.
 
         Args:
         * quiet: whether to hide detailed problem explanation.
         """
         self.log.info("=============")
         problems = 0
-
         problems += self.check_symbols_declared_in_header(quiet)
 
         pattern_checks = [
@@ -677,8 +669,10 @@ class NameCheck():
                 self.log.info("Remove --quiet to see explanations.")
             else:
                 self.log.info("Use --quiet for minimal output.")
+            return 1
         else:
             self.log.info("PASS")
+            return 0
 
     def check_symbols_declared_in_header(self, quiet):
         """
@@ -782,7 +776,6 @@ class NameCheck():
         * problems: a List of encountered Problems
         """
         if problems:
-            self.set_return_code(1)
             self.log.info("{}: FAIL\n".format(name))
             for problem in problems:
                 problem.quiet = quiet
@@ -792,8 +785,8 @@ class NameCheck():
 
 def main():
     """
-    Perform argument parsing, and create an instance of NameCheck to begin the
-    core operation.
+    Perform argument parsing, and create an instance of CodeParser and
+    NameChecker to begin the core operation.
     """
     parser = argparse.ArgumentParser(
         formatter_class=argparse.RawDescriptionHelpFormatter,
@@ -816,14 +809,22 @@ def main():
 
     args = parser.parse_args()
 
+    # Configure the global logger, which is then passed to the classes below
+    log = logging.getLogger()
+    log.setLevel(logging.DEBUG if args.verbose else logging.INFO)
+    log.addHandler(logging.StreamHandler())
+
     try:
-        name_check = NameCheck(verbose=args.verbose)
-        name_check.parse_names_in_source()
-        name_check.perform_checks(quiet=args.quiet)
-        sys.exit(name_check.return_code)
+        code_parser = CodeParser(log)
+        parse_result = code_parser.comprehensive_parse()
     except Exception: # pylint: disable=broad-except
         traceback.print_exc()
         sys.exit(2)
 
+    name_checker = NameChecker(parse_result, log)
+    return_code = name_checker.perform_checks(quiet=args.quiet)
+
+    sys.exit(return_code)
+
 if __name__ == "__main__":
     main()
diff --git a/tests/scripts/list_internal_identifiers.py b/tests/scripts/list_internal_identifiers.py
index 75b1646aa1..64a4c3531b 100755
--- a/tests/scripts/list_internal_identifiers.py
+++ b/tests/scripts/list_internal_identifiers.py
@@ -29,9 +29,10 @@ Must be run from Mbed TLS root.
 """
 
 import argparse
+import logging
 import traceback
 import sys
-from check_names import NameCheck
+from check_names import CodeParser
 
 def main():
     parser = argparse.ArgumentParser(
@@ -44,7 +45,7 @@ def main():
     parser.parse_args()
 
     try:
-        name_check = NameCheck()
+        name_check = CodeParser(logging.getLogger())
         result = name_check.parse_identifiers([
             "include/mbedtls/*_internal.h",
             "library/*.h"

From 7bfac1d7fe9bc5c13a55e87a2352ea44b88cba84 Mon Sep 17 00:00:00 2001
From: Yuto Takano <yuto.takano@arm.com>
Date: Mon, 9 Aug 2021 15:49:25 +0100
Subject: [PATCH 213/966] Fix incorrect reference to NameCheck in script
 docstring

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
---
 tests/scripts/list_internal_identifiers.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/tests/scripts/list_internal_identifiers.py b/tests/scripts/list_internal_identifiers.py
index 64a4c3531b..822486ae42 100755
--- a/tests/scripts/list_internal_identifiers.py
+++ b/tests/scripts/list_internal_identifiers.py
@@ -22,9 +22,9 @@ previously `list-identifiers.sh --internal`, and is useful for generating an
 exclusion file list for ABI/API checking, since we do not promise compatibility
 for them.
 
-It uses the NameCeck class from check_names.py to perform the parsing.
+It uses the CodeParser class from check_names.py to perform the parsing.
 
-Returns 0 on success, 1 if there is a script error.
+The script returns 0 on success, 1 if there is a script error.
 Must be run from Mbed TLS root.
 """
 
@@ -40,7 +40,7 @@ def main():
         description=(
             "This script writes a list of parsed identifiers in internal "
             "headers to \"_identifiers\". This is useful for generating a list "
-            "of names to exclude from ABI checking. "))
+            "of names to exclude from API/ABI compatibility checking. "))
 
     parser.parse_args()
 

From b6bbbb174da33a860b5556e989e334f8d7eee7b3 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 10 Aug 2021 09:00:14 +0100
Subject: [PATCH 214/966] Fix typo in documentation of ssl->transform_out

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
---
 include/mbedtls/ssl.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 221cee3379..639e3d962a 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1329,7 +1329,7 @@ struct mbedtls_ssl_context
      * Record layer transformations
      */
     mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_in);        /*!<  current transform params (in)   */
-    mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_out);       /*!<  current transform params (in)   */
+    mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_out);       /*!<  current transform params (out)  */
     mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform);           /*!<  negotiated transform params     */
     mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_negotiate); /*!<  transform params in negotiation */
 

From 0e719ff34144a71d60e1c4e14d63565cb15673bf Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 10 Aug 2021 09:24:08 +0100
Subject: [PATCH 215/966] Improve the documentation of legacy msg layer
 transforms

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
---
 include/mbedtls/ssl.h | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 639e3d962a..dc4782e65b 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1328,10 +1328,18 @@ struct mbedtls_ssl_context
     /*
      * Record layer transformations
      */
-    mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_in);        /*!<  current transform params (in)   */
-    mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_out);       /*!<  current transform params (out)  */
-    mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform);           /*!<  negotiated transform params     */
-    mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_negotiate); /*!<  transform params in negotiation */
+    mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_in);        /*!<  current transform params (in)
+                                                                  *    This is always a reference,
+                                                                  *    never an owning pointer.        */
+    mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_out);       /*!<  current transform params (out)
+                                                                  *    This is always a reference,
+                                                                  *    never an owning pointer.        */
+    mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform);           /*!<  negotiated transform params
+                                                                  *    This pointer owns the transform
+                                                                  *    it references.                  */
+    mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_negotiate); /*!<  transform params in negotiation
+                                                                  *    This pointer owns the transform
+                                                                  *    it references.                  */
 
     /*
      * Timers

From 3aa186f9462f6afd2943980863f37d8a608dbaa5 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 10 Aug 2021 09:24:19 +0100
Subject: [PATCH 216/966] Add transforms to be used for TLS 1.3

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
---
 include/mbedtls/ssl.h |  6 ++++++
 library/ssl_misc.h    |  7 +++++++
 library/ssl_tls.c     | 12 ++++++++++++
 3 files changed, 25 insertions(+)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index dc4782e65b..34353daffb 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1341,6 +1341,12 @@ struct mbedtls_ssl_context
                                                                   *    This pointer owns the transform
                                                                   *    it references.                  */
 
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+    /* The application data transform in TLS 1.3.
+     * This pointer owns the transform it references. */
+    mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_application);
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
+
     /*
      * Timers
      */
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index cc19f4723b..174bad88b5 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -562,6 +562,13 @@ struct mbedtls_ssl_handshake_params
     uint16_t mtu;                       /*!<  Handshake mtu, used to fragment outgoing messages */
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+    /* TLS 1.3 transforms for 0-RTT and encrypted handshake messages.
+     * Those pointers own the transforms they reference. */
+    mbedtls_ssl_transform *transform_handshake;
+    mbedtls_ssl_transform *transform_earlydata;
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
+
     /*
      * Checksum contexts
      */
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index bb5ddc470e..8316d252b7 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -5393,6 +5393,13 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl )
     handle_buffer_resizing( ssl, 1, mbedtls_ssl_get_input_buflen( ssl ),
                                     mbedtls_ssl_get_output_buflen( ssl ) );
 #endif
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+    mbedtls_free( handshake->transform_earlydata );
+    mbedtls_free( handshake->transform_handshake );
+    handshake->transform_earlydata = NULL;
+    handshake->transform_handshake = NULL;
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
 }
 
 void mbedtls_ssl_session_free( mbedtls_ssl_session *session )
@@ -6091,6 +6098,11 @@ void mbedtls_ssl_free( mbedtls_ssl_context *ssl )
         mbedtls_free( ssl->session_negotiate );
     }
 
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+    mbedtls_ssl_transform_free( ssl->transform_application );
+    mbedtls_free( ssl->transform_application );
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
+
     if( ssl->session )
     {
         mbedtls_ssl_session_free( ssl->session );

From 7828ca2ea435464a5bbd2cc6f948684ced2d82c5 Mon Sep 17 00:00:00 2001
From: Yuto Takano <yuto.takano@arm.com>
Date: Tue, 10 Aug 2021 11:26:15 +0100
Subject: [PATCH 217/966] Fix typos pointed out by check_names

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
---
 include/mbedtls/config_psa.h     | 2 +-
 include/mbedtls/mbedtls_config.h | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h
index 9080cd19bc..3b01b78d29 100644
--- a/include/mbedtls/config_psa.h
+++ b/include/mbedtls/config_psa.h
@@ -586,7 +586,7 @@ extern "C" {
 #define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN 1
 #define PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1
 #define PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW 1
-#endif /* MBEDTLSS_PKCS1_V15 */
+#endif /* MBEDTLS_PKCS1_V15 */
 #if defined(MBEDTLS_PKCS1_V21)
 #define MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP 1
 #define PSA_WANT_ALG_RSA_OAEP 1
diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index a60db7e930..ecf10bbf52 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@@ -3179,7 +3179,7 @@
  * Maximum number of heap-allocated bytes for the purpose of
  * DTLS handshake message reassembly and future message buffering.
  *
- * This should be at least 9/8 * MBEDTLSSL_IN_CONTENT_LEN
+ * This should be at least 9/8 * MBEDTLS_SSL_IN_CONTENT_LEN
  * to account for a reassembled handshake message of maximum size,
  * together with its reassembly bitmap.
  *

From 206b022ad0e192ce759d7ca3ebf596294ccba4b5 Mon Sep 17 00:00:00 2001
From: Yuto Takano <yuto.takano@arm.com>
Date: Tue, 10 Aug 2021 11:30:43 +0100
Subject: [PATCH 218/966] Fix off-by-one error in string formatting in Python

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
---
 tests/scripts/check_names.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/scripts/check_names.py b/tests/scripts/check_names.py
index 957701433a..591389b960 100755
--- a/tests/scripts/check_names.py
+++ b/tests/scripts/check_names.py
@@ -138,7 +138,7 @@ class PatternMismatch(Problem): # pylint: disable=too-few-public-methods
     def __str__(self):
         if self.quiet:
             return (
-                "{0}:{1}:{3}"
+                "{0}:{1}:{2}"
                 .format(self.match.filename, self.match.pos[0], self.match.name)
             )
 

From 89d469cdb4c576ceb74008ede2345879245d0f4a Mon Sep 17 00:00:00 2001
From: Mateusz Starzyk <mateusz.starzyk@mobica.com>
Date: Tue, 22 Jun 2021 16:24:28 +0200
Subject: [PATCH 219/966] Move working variables to ccm context structure

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
---
 include/mbedtls/ccm.h | 10 +++++
 library/ccm.c         | 98 +++++++++++++++++++++----------------------
 2 files changed, 58 insertions(+), 50 deletions(-)

diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h
index b3adecc4fb..2b9909e1a6 100644
--- a/include/mbedtls/ccm.h
+++ b/include/mbedtls/ccm.h
@@ -77,6 +77,16 @@ extern "C" {
 typedef struct mbedtls_ccm_context
 {
     mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx);    /*!< The cipher context used. */
+    unsigned char MBEDTLS_PRIVATE(b)[16];    /*!< The B working buffer */
+    unsigned char MBEDTLS_PRIVATE(y)[16];    /*!< The Y working buffer */
+    unsigned char MBEDTLS_PRIVATE(ctr)[16];  /*!< The counter buffer */
+    unsigned char MBEDTLS_PRIVATE(q);        /*!< The Q working value */
+    size_t MBEDTLS_PRIVATE(plaintext_len);   /*!< The counter buffer */
+    int MBEDTLS_PRIVATE(mode);               /*!< The operation to perform:
+                                                #MBEDTLS_CCM_ENCRYPT or
+                                                #MBEDTLS_CCM_DECRYPT or
+                                                #MBEDTLS_CCM_STAR_ENCRYPT or
+                                                #MBEDTLS_CCM_STAR_DECRYPT. */
 }
 mbedtls_ccm_context;
 
diff --git a/library/ccm.c b/library/ccm.c
index 424ee77b69..686eda5437 100644
--- a/library/ccm.c
+++ b/library/ccm.c
@@ -117,11 +117,11 @@ void mbedtls_ccm_free( mbedtls_ccm_context *ctx )
  * Update the CBC-MAC state in y using a block in b
  * (Always using b as the source helps the compiler optimise a bit better.)
  */
-#define UPDATE_CBC_MAC                                                      \
-    for( i = 0; i < 16; i++ )                                               \
-        y[i] ^= b[i];                                                       \
-                                                                            \
-    if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, y, 16, y, &olen ) ) != 0 ) \
+#define UPDATE_CBC_MAC                                                                        \
+    for( i = 0; i < 16; i++ )                                                                 \
+        ctx->y[i] ^= ctx->b[i];                                                               \
+                                                                                              \
+    if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen ) ) != 0 ) \
         return( ret );
 
 /*
@@ -130,16 +130,16 @@ void mbedtls_ccm_free( mbedtls_ccm_context *ctx )
  * This avoids allocating one more 16 bytes buffer while allowing src == dst.
  */
 #define CTR_CRYPT( dst, src, len  )                                            \
-    do                                                                  \
-    {                                                                   \
-        if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, ctr,       \
-                                           16, b, &olen ) ) != 0 )      \
-        {                                                               \
-            return( ret );                                              \
-        }                                                               \
-                                                                        \
-        for( i = 0; i < (len); i++ )                                    \
-            (dst)[i] = (src)[i] ^ b[i];                                 \
+    do                                                                         \
+    {                                                                          \
+        if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, ctx->ctr,         \
+                                           16, ctx->b, &olen ) ) != 0 )        \
+        {                                                                      \
+            return( ret );                                                     \
+        }                                                                      \
+                                                                               \
+        for( i = 0; i < (len); i++ )                                           \
+            (dst)[i] = (src)[i] ^ ctx->b[i];                                   \
     } while( 0 )
 
 /*
@@ -153,14 +153,12 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length,
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char i;
-    unsigned char q;
     size_t len_left, olen;
-    unsigned char b[16];
-    unsigned char y[16];
-    unsigned char ctr[16];
     const unsigned char *src;
     unsigned char *dst;
 
+    ctx->mode = mode;
+
     /*
      * Check length requirements: SP800-38C A.1
      * Additional requirement: a < 2^16 - 2^8 to simplify the code.
@@ -178,7 +176,7 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length,
     if( add_len >= 0xFF00 )
         return( MBEDTLS_ERR_CCM_BAD_INPUT );
 
-    q = 16 - 1 - (unsigned char) iv_len;
+    ctx->q = 16 - 1 - (unsigned char) iv_len;
 
     /*
      * First block B_0:
@@ -192,22 +190,22 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length,
      * 5 .. 3   (t - 2) / 2
      * 2 .. 0   q - 1
      */
-    b[0] = 0;
-    b[0] |= ( add_len > 0 ) << 6;
-    b[0] |= ( ( tag_len - 2 ) / 2 ) << 3;
-    b[0] |= q - 1;
+    ctx->b[0] = 0;
+    ctx->b[0] |= ( add_len > 0 ) << 6;
+    ctx->b[0] |= ( ( tag_len - 2 ) / 2 ) << 3;
+    ctx->b[0] |= ctx->q - 1;
 
-    memcpy( b + 1, iv, iv_len );
+    memcpy( ctx->b + 1, iv, iv_len );
 
-    for( i = 0, len_left = length; i < q; i++, len_left >>= 8 )
-        b[15-i] = (unsigned char)( len_left & 0xFF );
+    for( i = 0, len_left = length; i < ctx->q; i++, len_left >>= 8 )
+        ctx->b[15-i] = (unsigned char)( len_left & 0xFF );
 
     if( len_left > 0 )
         return( MBEDTLS_ERR_CCM_BAD_INPUT );
 
 
     /* Start CBC-MAC with first block */
-    memset( y, 0, 16 );
+    memset( ctx->y, 0, 16 );
     UPDATE_CBC_MAC;
 
     /*
@@ -220,12 +218,12 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length,
         len_left = add_len;
         src = add;
 
-        memset( b, 0, 16 );
-        b[0] = (unsigned char)( ( add_len >> 8 ) & 0xFF );
-        b[1] = (unsigned char)( ( add_len      ) & 0xFF );
+        memset( ctx->b, 0, 16 );
+        ctx->b[0] = (unsigned char)( ( add_len >> 8 ) & 0xFF );
+        ctx->b[1] = (unsigned char)( ( add_len      ) & 0xFF );
 
         use_len = len_left < 16 - 2 ? len_left : 16 - 2;
-        memcpy( b + 2, src, use_len );
+        memcpy( ctx->b + 2, src, use_len );
         len_left -= use_len;
         src += use_len;
 
@@ -235,8 +233,8 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length,
         {
             use_len = len_left > 16 ? 16 : len_left;
 
-            memset( b, 0, 16 );
-            memcpy( b, src, use_len );
+            memset( ctx->b, 0, 16 );
+            memcpy( ctx->b, src, use_len );
             UPDATE_CBC_MAC;
 
             len_left -= use_len;
@@ -254,10 +252,10 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length,
      * 7 .. 3   0
      * 2 .. 0   q - 1
      */
-    ctr[0] = q - 1;
-    memcpy( ctr + 1, iv, iv_len );
-    memset( ctr + 1 + iv_len, 0, q );
-    ctr[15] = 1;
+    ctx->ctr[0] = ctx->q - 1;
+    memcpy( ctx->ctr + 1, iv, iv_len );
+    memset( ctx->ctr + 1 + iv_len, 0, ctx->q );
+    ctx->ctr[15] = 1;
 
     /*
      * Authenticate and {en,de}crypt the message.
@@ -273,19 +271,19 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length,
     {
         size_t use_len = len_left > 16 ? 16 : len_left;
 
-        if( mode == CCM_ENCRYPT )
+        if( ctx->mode == CCM_ENCRYPT )
         {
-            memset( b, 0, 16 );
-            memcpy( b, src, use_len );
+            memset( ctx->b, 0, 16 );
+            memcpy( ctx->b, src, use_len );
             UPDATE_CBC_MAC;
         }
 
         CTR_CRYPT( dst, src, use_len );
 
-        if( mode == CCM_DECRYPT )
+        if( ctx->mode == CCM_DECRYPT )
         {
-            memset( b, 0, 16 );
-            memcpy( b, dst, use_len );
+            memset( ctx->b, 0, 16 );
+            memcpy( ctx->b, dst, use_len );
             UPDATE_CBC_MAC;
         }
 
@@ -297,19 +295,19 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length,
          * Increment counter.
          * No need to check for overflow thanks to the length check above.
          */
-        for( i = 0; i < q; i++ )
-            if( ++ctr[15-i] != 0 )
+        for( i = 0; i < ctx->q; i++ )
+            if( ++(ctx->ctr)[15-i] != 0 )
                 break;
     }
 
     /*
      * Authentication: reset counter and crypt/mask internal tag
      */
-    for( i = 0; i < q; i++ )
-        ctr[15-i] = 0;
+    for( i = 0; i < ctx->q; i++ )
+        ctx->ctr[15-i] = 0;
 
-    CTR_CRYPT( y, y, 16 );
-    memcpy( tag, y, tag_len );
+    CTR_CRYPT( ctx->y, ctx->y, 16 );
+    memcpy( tag, ctx->y, tag_len );
 
     return( 0 );
 }

From 793692cbcb296042cc1d5a35b39536e8dc59cdbf Mon Sep 17 00:00:00 2001
From: Mateusz Starzyk <mateusz.starzyk@mobica.com>
Date: Tue, 22 Jun 2021 20:34:20 +0200
Subject: [PATCH 220/966] Split ccm_auth function.

Move logic to ccm_starts, ccm_set_lengths, ccm_update_ad,
ccm_update and ccm_finish
Use separate variable to track context state.
Encode first block only if both mbedtls_ccm_starts() and
mbedtls_ccm_set_lengths() were called.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
---
 include/mbedtls/ccm.h |   3 +
 library/ccm.c         | 225 ++++++++++++++++++++++++++++++++----------
 2 files changed, 178 insertions(+), 50 deletions(-)

diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h
index 2b9909e1a6..f9f8000fba 100644
--- a/include/mbedtls/ccm.h
+++ b/include/mbedtls/ccm.h
@@ -87,6 +87,9 @@ typedef struct mbedtls_ccm_context
                                                 #MBEDTLS_CCM_DECRYPT or
                                                 #MBEDTLS_CCM_STAR_ENCRYPT or
                                                 #MBEDTLS_CCM_STAR_DECRYPT. */
+    int MBEDTLS_PRIVATE(state);              /*!< Working value holding context's
+                                                  state. Used for chunked data
+                                                  input */
 }
 mbedtls_ccm_context;
 
diff --git a/library/ccm.c b/library/ccm.c
index 686eda5437..a2ca98600c 100644
--- a/library/ccm.c
+++ b/library/ccm.c
@@ -142,22 +142,105 @@ void mbedtls_ccm_free( mbedtls_ccm_context *ctx )
             (dst)[i] = (src)[i] ^ ctx->b[i];                                   \
     } while( 0 )
 
-/*
- * Authenticated encryption or decryption
- */
-static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length,
-                           const unsigned char *iv, size_t iv_len,
-                           const unsigned char *add, size_t add_len,
-                           const unsigned char *input, unsigned char *output,
-                           unsigned char *tag, size_t tag_len )
+#define CCM_STATE__CLEAR                0
+#define CCM_STATE__STARTED              0x0001
+#define CCM_STATE__LENGHTS_SET          0x0002
+
+static void mbedtls_ccm_clear_state(mbedtls_ccm_context *ctx) {
+    ctx->state = CCM_STATE__CLEAR;
+    memset( ctx->b, 0, 16);
+    memset( ctx->y, 0, 16);
+    memset( ctx->ctr, 0, 16);
+}
+
+static int mbedtls_ccm_calculate_first_block(mbedtls_ccm_context *ctx)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char i;
     size_t len_left, olen;
-    const unsigned char *src;
-    unsigned char *dst;
+
+    /* length calulcation can be done only after both
+     * mbedtls_ccm_starts() and mbedtls_ccm_set_lengths() have been executed
+     */
+    if( !(ctx->state & CCM_STATE__STARTED) || !(ctx->state & CCM_STATE__LENGHTS_SET) )
+        return 0;
+
+    /*
+     * First block B_0:
+     * 0        .. 0        flags           - set by: mbedtls_ccm_starts() and mbedtls_ccm_set_lenghts()
+     * 1        .. iv_len   nonce (aka iv)  - set by: mbedtls_ccm_starts()
+     * iv_len+1 .. 15       length          - set by: mbedtls_ccm_calculate_first_block()
+     */
+    for( i = 0, len_left = ctx->plaintext_len; i < ctx->q; i++, len_left >>= 8 )
+        ctx->b[15-i] = (unsigned char)( len_left & 0xFF );
+
+    if( len_left > 0 )
+        return( MBEDTLS_ERR_CCM_BAD_INPUT );
+
+    /* Start CBC-MAC with first block*/
+    UPDATE_CBC_MAC;
+
+    return (0);
+}
+
+int mbedtls_ccm_starts( mbedtls_ccm_context *ctx,
+                        int mode,
+                        const unsigned char *iv,
+                        size_t iv_len )
+{
+    int ret;
+
+    /* Also implies q is within bounds */
+    if( iv_len < 7 || iv_len > 13 )
+        return( MBEDTLS_ERR_CCM_BAD_INPUT );
 
     ctx->mode = mode;
+    ctx->q = 16 - 1 - (unsigned char) iv_len;
+
+    /*
+     * Prepare counter block for encryption:
+     * 0        .. 0        flags
+     * 1        .. iv_len   nonce (aka iv)
+     * iv_len+1 .. 15       counter (initially 1)
+     *
+     * With flags as (bits):
+     * 7 .. 3   0
+     * 2 .. 0   q - 1
+     */
+    memset( ctx->ctr, 0, 16);
+    ctx->ctr[0] = ctx->q - 1;
+    memcpy( ctx->ctr + 1, iv, iv_len );
+    memset( ctx->ctr + 1 + iv_len, 0, ctx->q );
+    ctx->ctr[15] = 1;
+
+    /*
+     * First block B_0:
+     * 0        .. 0        flags           - set by: mbedtls_ccm_starts() and mbedtls_ccm_set_lenghts()
+     * 1        .. iv_len   nonce (aka iv)  - set by: mbedtls_ccm_starts()
+     * iv_len+1 .. 15       length          - set by: mbedtls_ccm_calculate_first_block()
+     *
+     * With flags as (bits):
+     * 7        0
+     * 6        add present?                - set by: mbedtls_ccm_set_lengths()
+     * 5 .. 3   (t - 2) / 2                 - set by: mbedtls_ccm_set_lengths()
+     * 2 .. 0   q - 1                       - set by: mbedtls_ccm_starts()
+     */
+    ctx->b[0] |= ctx->q - 1;
+
+    memcpy( ctx->b + 1, iv, iv_len );
+
+    ctx->state |= CCM_STATE__STARTED;
+    ret = mbedtls_ccm_calculate_first_block(ctx);
+
+    return ret;
+}
+
+int mbedtls_ccm_set_lengths( mbedtls_ccm_context *ctx,
+                             size_t total_ad_len,
+                             size_t plaintext_len,
+                             size_t tag_len )
+{
+    int ret;
 
     /*
      * Check length requirements: SP800-38C A.1
@@ -169,44 +252,40 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length,
     if( tag_len == 2 || tag_len > 16 || tag_len % 2 != 0 )
         return( MBEDTLS_ERR_CCM_BAD_INPUT );
 
-    /* Also implies q is within bounds */
-    if( iv_len < 7 || iv_len > 13 )
+    if( total_ad_len >= 0xFF00 )
         return( MBEDTLS_ERR_CCM_BAD_INPUT );
 
-    if( add_len >= 0xFF00 )
-        return( MBEDTLS_ERR_CCM_BAD_INPUT );
-
-    ctx->q = 16 - 1 - (unsigned char) iv_len;
-
     /*
      * First block B_0:
-     * 0        .. 0        flags
-     * 1        .. iv_len   nonce (aka iv)
-     * iv_len+1 .. 15       length
+     * 0        .. 0        flags           - set by: mbedtls_ccm_starts() and mbedtls_ccm_set_lenghts()
+     * 1        .. iv_len   nonce (aka iv)  - set by: mbedtls_ccm_starts()
+     * iv_len+1 .. 15       length          - set by: mbedtls_ccm_calculate_first_block()
      *
      * With flags as (bits):
      * 7        0
-     * 6        add present?
-     * 5 .. 3   (t - 2) / 2
-     * 2 .. 0   q - 1
+     * 6        add present?                - set by: mbedtls_ccm_set_lengths()
+     * 5 .. 3   (t - 2) / 2                 - set by: mbedtls_ccm_set_lengths()
+     * 2 .. 0   q - 1                       - set by: mbedtls_ccm_starts()
      */
-    ctx->b[0] = 0;
-    ctx->b[0] |= ( add_len > 0 ) << 6;
+    ctx->b[0] |= ( total_ad_len > 0 ) << 6;
     ctx->b[0] |= ( ( tag_len - 2 ) / 2 ) << 3;
-    ctx->b[0] |= ctx->q - 1;
 
-    memcpy( ctx->b + 1, iv, iv_len );
+    ctx->plaintext_len = plaintext_len;
 
-    for( i = 0, len_left = length; i < ctx->q; i++, len_left >>= 8 )
-        ctx->b[15-i] = (unsigned char)( len_left & 0xFF );
+    ctx->state |= CCM_STATE__LENGHTS_SET;
+    ret = mbedtls_ccm_calculate_first_block(ctx);
 
-    if( len_left > 0 )
-        return( MBEDTLS_ERR_CCM_BAD_INPUT );
+    return ret;
+}
 
-
-    /* Start CBC-MAC with first block */
-    memset( ctx->y, 0, 16 );
-    UPDATE_CBC_MAC;
+int mbedtls_ccm_update_ad( mbedtls_ccm_context *ctx,
+                           const unsigned char *add,
+                           size_t add_len )
+{
+    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+    unsigned char i;
+    size_t len_left, olen;
+    const unsigned char *src;
 
     /*
      * If there is additional data, update CBC-MAC with
@@ -242,20 +321,24 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length,
         }
     }
 
-    /*
-     * Prepare counter block for encryption:
-     * 0        .. 0        flags
-     * 1        .. iv_len   nonce (aka iv)
-     * iv_len+1 .. 15       counter (initially 1)
-     *
-     * With flags as (bits):
-     * 7 .. 3   0
-     * 2 .. 0   q - 1
-     */
-    ctx->ctr[0] = ctx->q - 1;
-    memcpy( ctx->ctr + 1, iv, iv_len );
-    memset( ctx->ctr + 1 + iv_len, 0, ctx->q );
-    ctx->ctr[15] = 1;
+    return (0);
+}
+
+int mbedtls_ccm_update( mbedtls_ccm_context *ctx,
+                        const unsigned char *input, size_t input_len,
+                        unsigned char *output, size_t output_size,
+                        size_t *output_len )
+{
+    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+    unsigned char i;
+    size_t len_left, olen;
+    const unsigned char *src;
+    unsigned char *dst;
+
+    if( output_size < input_len )
+        return( MBEDTLS_ERR_CCM_BAD_INPUT );
+    CCM_VALIDATE_RET( output_length != NULL );
+    *output_len = input_len;
 
     /*
      * Authenticate and {en,de}crypt the message.
@@ -263,7 +346,7 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length,
      * The only difference between encryption and decryption is
      * the respective order of authentication and {en,de}cryption.
      */
-    len_left = length;
+    len_left = input_len;
     src = input;
     dst = output;
 
@@ -300,6 +383,16 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length,
                 break;
     }
 
+    return (0);
+}
+
+int mbedtls_ccm_finish( mbedtls_ccm_context *ctx,
+                        unsigned char *tag, size_t tag_len )
+{
+    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+    unsigned char i;
+    size_t olen;
+
     /*
      * Authentication: reset counter and crypt/mask internal tag
      */
@@ -308,6 +401,38 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length,
 
     CTR_CRYPT( ctx->y, ctx->y, 16 );
     memcpy( tag, ctx->y, tag_len );
+    mbedtls_ccm_clear_state(ctx);
+
+    return( 0 );
+}
+
+/*
+ * Authenticated encryption or decryption
+ */
+static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length,
+                           const unsigned char *iv, size_t iv_len,
+                           const unsigned char *add, size_t add_len,
+                           const unsigned char *input, unsigned char *output,
+                           unsigned char *tag, size_t tag_len )
+{
+    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+    size_t olen;
+
+    if( ( ret = mbedtls_ccm_starts( ctx, mode, iv, iv_len ) ) != 0 )
+        return( ret );
+
+    if( ( ret = mbedtls_ccm_set_lengths( ctx, add_len, length, tag_len ) ) != 0 )
+        return( ret );
+
+    if( ( ret = mbedtls_ccm_update_ad( ctx, add, add_len ) ) != 0 )
+        return( ret );
+
+    if( ( ret = mbedtls_ccm_update( ctx, input, length,
+                                    output, length, &olen ) ) != 0 )
+        return( ret );
+
+    if( ( ret = mbedtls_ccm_finish( ctx, tag, tag_len ) ) != 0 )
+        return( ret );
 
     return( 0 );
 }

From 88c4d624f80582d7b242912ce65c37cc8382f39c Mon Sep 17 00:00:00 2001
From: Mateusz Starzyk <mateusz.starzyk@mobica.com>
Date: Mon, 5 Jul 2021 17:09:16 +0200
Subject: [PATCH 221/966] Clear context state if previous operation failed.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
---
 library/ccm.c | 32 +++++++++++++++++++++-----------
 1 file changed, 21 insertions(+), 11 deletions(-)

diff --git a/library/ccm.c b/library/ccm.c
index a2ca98600c..34531a4162 100644
--- a/library/ccm.c
+++ b/library/ccm.c
@@ -122,7 +122,10 @@ void mbedtls_ccm_free( mbedtls_ccm_context *ctx )
         ctx->y[i] ^= ctx->b[i];                                                               \
                                                                                               \
     if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen ) ) != 0 ) \
-        return( ret );
+    {                                                                                         \
+        ctx->state |= CCM_STATE__ERROR;                                                       \
+        return( ret );                                                                        \
+    }                                                                                         \
 
 /*
  * Encrypt or decrypt a partial block with CTR
@@ -135,6 +138,7 @@ void mbedtls_ccm_free( mbedtls_ccm_context *ctx )
         if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, ctx->ctr,         \
                                            16, ctx->b, &olen ) ) != 0 )        \
         {                                                                      \
+            ctx->state |= CCM_STATE__ERROR;                                    \
             return( ret );                                                     \
         }                                                                      \
                                                                                \
@@ -145,6 +149,7 @@ void mbedtls_ccm_free( mbedtls_ccm_context *ctx )
 #define CCM_STATE__CLEAR                0
 #define CCM_STATE__STARTED              0x0001
 #define CCM_STATE__LENGHTS_SET          0x0002
+#define CCM_STATE__ERROR                0x0004
 
 static void mbedtls_ccm_clear_state(mbedtls_ccm_context *ctx) {
     ctx->state = CCM_STATE__CLEAR;
@@ -175,7 +180,10 @@ static int mbedtls_ccm_calculate_first_block(mbedtls_ccm_context *ctx)
         ctx->b[15-i] = (unsigned char)( len_left & 0xFF );
 
     if( len_left > 0 )
+    {
+        ctx->state |= CCM_STATE__ERROR;
         return( MBEDTLS_ERR_CCM_BAD_INPUT );
+    }
 
     /* Start CBC-MAC with first block*/
     UPDATE_CBC_MAC;
@@ -188,12 +196,15 @@ int mbedtls_ccm_starts( mbedtls_ccm_context *ctx,
                         const unsigned char *iv,
                         size_t iv_len )
 {
-    int ret;
-
     /* Also implies q is within bounds */
     if( iv_len < 7 || iv_len > 13 )
         return( MBEDTLS_ERR_CCM_BAD_INPUT );
 
+    if( ctx->state & CCM_STATE__ERROR )
+    {
+        mbedtls_ccm_clear_state(ctx);
+    }
+
     ctx->mode = mode;
     ctx->q = 16 - 1 - (unsigned char) iv_len;
 
@@ -230,9 +241,7 @@ int mbedtls_ccm_starts( mbedtls_ccm_context *ctx,
     memcpy( ctx->b + 1, iv, iv_len );
 
     ctx->state |= CCM_STATE__STARTED;
-    ret = mbedtls_ccm_calculate_first_block(ctx);
-
-    return ret;
+    return mbedtls_ccm_calculate_first_block(ctx);
 }
 
 int mbedtls_ccm_set_lengths( mbedtls_ccm_context *ctx,
@@ -240,8 +249,6 @@ int mbedtls_ccm_set_lengths( mbedtls_ccm_context *ctx,
                              size_t plaintext_len,
                              size_t tag_len )
 {
-    int ret;
-
     /*
      * Check length requirements: SP800-38C A.1
      * Additional requirement: a < 2^16 - 2^8 to simplify the code.
@@ -255,6 +262,11 @@ int mbedtls_ccm_set_lengths( mbedtls_ccm_context *ctx,
     if( total_ad_len >= 0xFF00 )
         return( MBEDTLS_ERR_CCM_BAD_INPUT );
 
+    if( ctx->state & CCM_STATE__ERROR )
+    {
+        mbedtls_ccm_clear_state(ctx);
+    }
+
     /*
      * First block B_0:
      * 0        .. 0        flags           - set by: mbedtls_ccm_starts() and mbedtls_ccm_set_lenghts()
@@ -273,9 +285,7 @@ int mbedtls_ccm_set_lengths( mbedtls_ccm_context *ctx,
     ctx->plaintext_len = plaintext_len;
 
     ctx->state |= CCM_STATE__LENGHTS_SET;
-    ret = mbedtls_ccm_calculate_first_block(ctx);
-
-    return ret;
+    return mbedtls_ccm_calculate_first_block(ctx);
 }
 
 int mbedtls_ccm_update_ad( mbedtls_ccm_context *ctx,

From eb2ca96d69e564385f4830e0fb32bc2714375544 Mon Sep 17 00:00:00 2001
From: Mateusz Starzyk <mateusz.starzyk@mobica.com>
Date: Tue, 6 Jul 2021 12:45:11 +0200
Subject: [PATCH 222/966] Store set lenghts in ccm context.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
---
 include/mbedtls/ccm.h |  5 ++++-
 library/ccm.c         | 45 +++++++++++++++----------------------------
 2 files changed, 20 insertions(+), 30 deletions(-)

diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h
index f9f8000fba..813959be0b 100644
--- a/include/mbedtls/ccm.h
+++ b/include/mbedtls/ccm.h
@@ -81,7 +81,10 @@ typedef struct mbedtls_ccm_context
     unsigned char MBEDTLS_PRIVATE(y)[16];    /*!< The Y working buffer */
     unsigned char MBEDTLS_PRIVATE(ctr)[16];  /*!< The counter buffer */
     unsigned char MBEDTLS_PRIVATE(q);        /*!< The Q working value */
-    size_t MBEDTLS_PRIVATE(plaintext_len);   /*!< The counter buffer */
+    size_t MBEDTLS_PRIVATE(plaintext_len);   /*!< Total plaintext length */
+    size_t MBEDTLS_PRIVATE(add_len);         /*!< Total authentication data length */
+    size_t MBEDTLS_PRIVATE(tag_len);         /*!< Total tag length */
+    size_t MBEDTLS_PRIVATE(processed);       /*!< How many bytes of input data were processed (chunked input) */
     int MBEDTLS_PRIVATE(mode);               /*!< The operation to perform:
                                                 #MBEDTLS_CCM_ENCRYPT or
                                                 #MBEDTLS_CCM_DECRYPT or
diff --git a/library/ccm.c b/library/ccm.c
index 34531a4162..36b1e91583 100644
--- a/library/ccm.c
+++ b/library/ccm.c
@@ -172,10 +172,20 @@ static int mbedtls_ccm_calculate_first_block(mbedtls_ccm_context *ctx)
 
     /*
      * First block B_0:
-     * 0        .. 0        flags           - set by: mbedtls_ccm_starts() and mbedtls_ccm_set_lenghts()
+     * 0        .. 0        flags
      * 1        .. iv_len   nonce (aka iv)  - set by: mbedtls_ccm_starts()
-     * iv_len+1 .. 15       length          - set by: mbedtls_ccm_calculate_first_block()
+     * iv_len+1 .. 15       length
+     *
+     * With flags as (bits):
+     * 7        0
+     * 6        add present?
+     * 5 .. 3   (t - 2) / 2
+     * 2 .. 0   q - 1
      */
+    ctx->b[0] |= ( ctx->add_len > 0 ) << 6;
+    ctx->b[0] |= ( ( ctx->tag_len - 2 ) / 2 ) << 3;
+    ctx->b[0] |= ctx->q - 1;
+
     for( i = 0, len_left = ctx->plaintext_len; i < ctx->q; i++, len_left >>= 8 )
         ctx->b[15-i] = (unsigned char)( len_left & 0xFF );
 
@@ -225,19 +235,8 @@ int mbedtls_ccm_starts( mbedtls_ccm_context *ctx,
     ctx->ctr[15] = 1;
 
     /*
-     * First block B_0:
-     * 0        .. 0        flags           - set by: mbedtls_ccm_starts() and mbedtls_ccm_set_lenghts()
-     * 1        .. iv_len   nonce (aka iv)  - set by: mbedtls_ccm_starts()
-     * iv_len+1 .. 15       length          - set by: mbedtls_ccm_calculate_first_block()
-     *
-     * With flags as (bits):
-     * 7        0
-     * 6        add present?                - set by: mbedtls_ccm_set_lengths()
-     * 5 .. 3   (t - 2) / 2                 - set by: mbedtls_ccm_set_lengths()
-     * 2 .. 0   q - 1                       - set by: mbedtls_ccm_starts()
+     * See mbedtls_ccm_calculate_first_block() for B block layout description
      */
-    ctx->b[0] |= ctx->q - 1;
-
     memcpy( ctx->b + 1, iv, iv_len );
 
     ctx->state |= CCM_STATE__STARTED;
@@ -267,22 +266,10 @@ int mbedtls_ccm_set_lengths( mbedtls_ccm_context *ctx,
         mbedtls_ccm_clear_state(ctx);
     }
 
-    /*
-     * First block B_0:
-     * 0        .. 0        flags           - set by: mbedtls_ccm_starts() and mbedtls_ccm_set_lenghts()
-     * 1        .. iv_len   nonce (aka iv)  - set by: mbedtls_ccm_starts()
-     * iv_len+1 .. 15       length          - set by: mbedtls_ccm_calculate_first_block()
-     *
-     * With flags as (bits):
-     * 7        0
-     * 6        add present?                - set by: mbedtls_ccm_set_lengths()
-     * 5 .. 3   (t - 2) / 2                 - set by: mbedtls_ccm_set_lengths()
-     * 2 .. 0   q - 1                       - set by: mbedtls_ccm_starts()
-     */
-    ctx->b[0] |= ( total_ad_len > 0 ) << 6;
-    ctx->b[0] |= ( ( tag_len - 2 ) / 2 ) << 3;
-
     ctx->plaintext_len = plaintext_len;
+    ctx->add_len = total_ad_len;
+    ctx->tag_len = tag_len;
+    ctx->processed = 0;
 
     ctx->state |= CCM_STATE__LENGHTS_SET;
     return mbedtls_ccm_calculate_first_block(ctx);

From 33392450b75dac7a45c523f67b1ea6b7bcd43e4c Mon Sep 17 00:00:00 2001
From: Mateusz Starzyk <mateusz.starzyk@mobica.com>
Date: Tue, 6 Jul 2021 15:38:35 +0200
Subject: [PATCH 223/966] Add chunked auth data support

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
---
 library/ccm.c | 59 ++++++++++++++++++++++++++-------------------------
 1 file changed, 30 insertions(+), 29 deletions(-)

diff --git a/library/ccm.c b/library/ccm.c
index 36b1e91583..0a886a0e10 100644
--- a/library/ccm.c
+++ b/library/ccm.c
@@ -281,43 +281,44 @@ int mbedtls_ccm_update_ad( mbedtls_ccm_context *ctx,
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char i;
-    size_t len_left, olen;
-    const unsigned char *src;
+    size_t olen, use_len, offset;
 
-    /*
-     * If there is additional data, update CBC-MAC with
-     * add_len, add, 0 (padding to a block boundary)
-     */
-    if( add_len > 0 )
+    if( ctx->add_len > 0 && add_len > 0)
     {
-        size_t use_len;
-        len_left = add_len;
-        src = add;
-
-        memset( ctx->b, 0, 16 );
-        ctx->b[0] = (unsigned char)( ( add_len >> 8 ) & 0xFF );
-        ctx->b[1] = (unsigned char)( ( add_len      ) & 0xFF );
-
-        use_len = len_left < 16 - 2 ? len_left : 16 - 2;
-        memcpy( ctx->b + 2, src, use_len );
-        len_left -= use_len;
-        src += use_len;
-
-        UPDATE_CBC_MAC;
-
-        while( len_left > 0 )
+        if( ctx->processed == 0 )
         {
-            use_len = len_left > 16 ? 16 : len_left;
-
             memset( ctx->b, 0, 16 );
-            memcpy( ctx->b, src, use_len );
-            UPDATE_CBC_MAC;
+            ctx->b[0] = (unsigned char)( ( ctx->add_len >> 8 ) & 0xFF );
+            ctx->b[1] = (unsigned char)( ( ctx->add_len      ) & 0xFF );
 
-            len_left -= use_len;
-            src += use_len;
+            ctx->processed += 2;
+        }
+
+        while( add_len > 0 )
+        {
+            offset = ctx->processed % 16;
+
+            use_len = 16 - offset;
+
+            if( use_len > add_len )
+                use_len = add_len;
+
+            memcpy( ctx->b + offset, add, use_len );
+            ctx->processed += use_len;
+            add_len -= use_len;
+            add += use_len;
+
+            if( use_len + offset == 16 || ctx->processed - 2 == ctx->add_len )
+            {
+                UPDATE_CBC_MAC;
+                memset( ctx->b, 0, 16 );
+            }
         }
     }
 
+    if( ctx->processed - 2 == ctx->add_len )
+        ctx->processed = 0; // prepare for mbedtls_ccm_update()
+
     return (0);
 }
 

From 2ad7d8e1ffcaa1b431db6e994206798987ea779e Mon Sep 17 00:00:00 2001
From: Mateusz Starzyk <mateusz.starzyk@mobica.com>
Date: Wed, 7 Jul 2021 11:05:45 +0200
Subject: [PATCH 224/966] Replace CCM_CRYPT macro with a more versatile static
 function.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
---
 library/ccm.c | 59 ++++++++++++++++++++++++++++-----------------------
 1 file changed, 32 insertions(+), 27 deletions(-)

diff --git a/library/ccm.c b/library/ccm.c
index 0a886a0e10..ae5fa34252 100644
--- a/library/ccm.c
+++ b/library/ccm.c
@@ -108,14 +108,11 @@ void mbedtls_ccm_free( mbedtls_ccm_context *ctx )
     mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ccm_context ) );
 }
 
-/*
- * Macros for common operations.
- * Results in smaller compiled code than static inline functions.
- */
-
 /*
  * Update the CBC-MAC state in y using a block in b
  * (Always using b as the source helps the compiler optimise a bit better.)
+ *
+ * Macro results in smaller compiled code than static inline functions.
  */
 #define UPDATE_CBC_MAC                                                                        \
     for( i = 0; i < 16; i++ )                                                                 \
@@ -127,30 +124,37 @@ void mbedtls_ccm_free( mbedtls_ccm_context *ctx )
         return( ret );                                                                        \
     }                                                                                         \
 
-/*
- * Encrypt or decrypt a partial block with CTR
- * Warning: using b for temporary storage! src and dst must not be b!
- * This avoids allocating one more 16 bytes buffer while allowing src == dst.
- */
-#define CTR_CRYPT( dst, src, len  )                                            \
-    do                                                                         \
-    {                                                                          \
-        if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, ctx->ctr,         \
-                                           16, ctx->b, &olen ) ) != 0 )        \
-        {                                                                      \
-            ctx->state |= CCM_STATE__ERROR;                                    \
-            return( ret );                                                     \
-        }                                                                      \
-                                                                               \
-        for( i = 0; i < (len); i++ )                                           \
-            (dst)[i] = (src)[i] ^ ctx->b[i];                                   \
-    } while( 0 )
-
 #define CCM_STATE__CLEAR                0
 #define CCM_STATE__STARTED              0x0001
 #define CCM_STATE__LENGHTS_SET          0x0002
 #define CCM_STATE__ERROR                0x0004
 
+/*
+ * Encrypt or decrypt a partial block with CTR
+ */
+static int mbedtls_ccm_crypt( mbedtls_ccm_context *ctx,
+                              size_t offset, size_t use_len,
+                              const unsigned char *input,
+                              unsigned char *output )
+{
+    size_t i;
+    size_t olen = 0;
+    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+    unsigned char tmp_buf[16] = {0};
+
+    if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, ctx->ctr, 16, tmp_buf,
+                                       &olen ) ) != 0 )
+    {
+        ctx->state |= CCM_STATE__ERROR;                                    \
+        return ret;
+    }
+
+    for( i = 0; i < use_len; i++ )
+        output[i] = input[i] ^ tmp_buf[offset + i];
+
+    return ret;
+}
+
 static void mbedtls_ccm_clear_state(mbedtls_ccm_context *ctx) {
     ctx->state = CCM_STATE__CLEAR;
     memset( ctx->b, 0, 16);
@@ -359,7 +363,7 @@ int mbedtls_ccm_update( mbedtls_ccm_context *ctx,
             UPDATE_CBC_MAC;
         }
 
-        CTR_CRYPT( dst, src, use_len );
+        mbedtls_ccm_crypt( ctx, 0, use_len, src, dst );
 
         if( ctx->mode == CCM_DECRYPT )
         {
@@ -389,7 +393,6 @@ int mbedtls_ccm_finish( mbedtls_ccm_context *ctx,
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char i;
-    size_t olen;
 
     /*
      * Authentication: reset counter and crypt/mask internal tag
@@ -397,7 +400,9 @@ int mbedtls_ccm_finish( mbedtls_ccm_context *ctx,
     for( i = 0; i < ctx->q; i++ )
         ctx->ctr[15-i] = 0;
 
-    CTR_CRYPT( ctx->y, ctx->y, 16 );
+    ret = mbedtls_ccm_crypt( ctx, 0, 16, ctx->y, ctx->y );
+    if( ret != 0 )
+        return ret;
     memcpy( tag, ctx->y, tag_len );
     mbedtls_ccm_clear_state(ctx);
 

From 6a15bcf61be1e6691c9209a0ecc4a32f63e248ae Mon Sep 17 00:00:00 2001
From: Mateusz Starzyk <mateusz.starzyk@mobica.com>
Date: Wed, 7 Jul 2021 13:41:30 +0200
Subject: [PATCH 225/966] Add support for chunked plaintext/cyphertext input.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
---
 library/ccm.c | 96 ++++++++++++++++++++++++++++-----------------------
 1 file changed, 52 insertions(+), 44 deletions(-)

diff --git a/library/ccm.c b/library/ccm.c
index ae5fa34252..4b1b499ad1 100644
--- a/library/ccm.c
+++ b/library/ccm.c
@@ -333,59 +333,67 @@ int mbedtls_ccm_update( mbedtls_ccm_context *ctx,
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char i;
-    size_t len_left, olen;
-    const unsigned char *src;
-    unsigned char *dst;
+    size_t use_len, offset, olen;
 
     if( output_size < input_len )
         return( MBEDTLS_ERR_CCM_BAD_INPUT );
     CCM_VALIDATE_RET( output_length != NULL );
     *output_len = input_len;
 
-    /*
-     * Authenticate and {en,de}crypt the message.
-     *
-     * The only difference between encryption and decryption is
-     * the respective order of authentication and {en,de}cryption.
-     */
-    len_left = input_len;
-    src = input;
-    dst = output;
-
-    while( len_left > 0 )
+    if( ctx->processed == 0 )
     {
-        size_t use_len = len_left > 16 ? 16 : len_left;
-
-        if( ctx->mode == CCM_ENCRYPT )
-        {
-            memset( ctx->b, 0, 16 );
-            memcpy( ctx->b, src, use_len );
-            UPDATE_CBC_MAC;
-        }
-
-        mbedtls_ccm_crypt( ctx, 0, use_len, src, dst );
-
-        if( ctx->mode == CCM_DECRYPT )
-        {
-            memset( ctx->b, 0, 16 );
-            memcpy( ctx->b, dst, use_len );
-            UPDATE_CBC_MAC;
-        }
-
-        dst += use_len;
-        src += use_len;
-        len_left -= use_len;
-
-        /*
-         * Increment counter.
-         * No need to check for overflow thanks to the length check above.
-         */
-        for( i = 0; i < ctx->q; i++ )
-            if( ++(ctx->ctr)[15-i] != 0 )
-                break;
+        memset( ctx->b, 0, 16 );
     }
 
-    return (0);
+    while ( input_len > 0 )
+    {
+        offset = ctx->processed % 16;
+
+        use_len = 16 - offset;
+
+        if( use_len > input_len )
+            use_len = input_len;
+
+        ctx->processed += use_len;
+        memcpy( ctx->b + offset, input, use_len );
+
+        if( use_len + offset == 16 || ctx->processed == ctx->plaintext_len )
+        {
+            if( ctx->mode == CCM_ENCRYPT )
+            {
+                UPDATE_CBC_MAC;
+                ret = mbedtls_ccm_crypt( ctx, 0, use_len, ctx->b, output );
+                if( ret != 0 )
+                    return ret;
+                memset( ctx->b, 0, 16 );
+            }
+
+            if( ctx->mode == CCM_DECRYPT )
+            {
+                ret = mbedtls_ccm_crypt( ctx, 0, use_len, ctx->b, output );
+                if( ret != 0 )
+                    return ret;
+                memset( ctx->b, 0, 16 );
+                memcpy( ctx->b, output, use_len );
+                UPDATE_CBC_MAC;
+                memset( ctx->b, 0, 16 );
+            }
+
+            input_len -= use_len;
+            input += use_len;
+            output += use_len;
+
+            /*
+            * Increment counter.
+            * No need to check for overflow thanks to the length check above.
+            */
+            for( i = 0; i < ctx->q; i++ )
+                if( ++(ctx->ctr)[15-i] != 0 )
+                    break;
+        }
+    }
+
+    return 0;
 }
 
 int mbedtls_ccm_finish( mbedtls_ccm_context *ctx,

From 05e92d67bbe15f30c9ad74c123362e1701125dad Mon Sep 17 00:00:00 2001
From: Mateusz Starzyk <mateusz.starzyk@mobica.com>
Date: Fri, 9 Jul 2021 12:44:07 +0200
Subject: [PATCH 226/966] Fix crypt mode configuration. Validate parameters in
 chunked input functions.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
---
 library/ccm.c | 107 ++++++++++++++++++++++++++++----------------------
 1 file changed, 60 insertions(+), 47 deletions(-)

diff --git a/library/ccm.c b/library/ccm.c
index 4b1b499ad1..4f7ebfa827 100644
--- a/library/ccm.c
+++ b/library/ccm.c
@@ -52,8 +52,6 @@
 #define CCM_VALIDATE( cond ) \
     MBEDTLS_INTERNAL_VALIDATE( cond )
 
-#define CCM_ENCRYPT 0
-#define CCM_DECRYPT 1
 
 /*
  * Initialize context
@@ -174,6 +172,10 @@ static int mbedtls_ccm_calculate_first_block(mbedtls_ccm_context *ctx)
     if( !(ctx->state & CCM_STATE__STARTED) || !(ctx->state & CCM_STATE__LENGHTS_SET) )
         return 0;
 
+    if( ctx->tag_len == 0 && \
+        ( ctx->mode == MBEDTLS_CCM_ENCRYPT || ctx->mode == MBEDTLS_CCM_DECRYPT ) )
+        return( MBEDTLS_ERR_CCM_BAD_INPUT );
+
     /*
      * First block B_0:
      * 0        .. 0        flags
@@ -210,6 +212,13 @@ int mbedtls_ccm_starts( mbedtls_ccm_context *ctx,
                         const unsigned char *iv,
                         size_t iv_len )
 {
+    CCM_VALIDATE_RET( ctx != NULL );
+    CCM_VALIDATE_RET( iv != NULL );
+    CCM_VALIDATE_RET( mode == MBEDTLS_CCM_DECRYPT      || \
+                      mode == MBEDTLS_CCM_STAR_DECRYPT || \
+                      mode == MBEDTLS_CCM_ENCRYPT      || \
+                      mode == MBEDTLS_CCM_STAR_ENCRYPT );
+
     /* Also implies q is within bounds */
     if( iv_len < 7 || iv_len > 13 )
         return( MBEDTLS_ERR_CCM_BAD_INPUT );
@@ -252,6 +261,8 @@ int mbedtls_ccm_set_lengths( mbedtls_ccm_context *ctx,
                              size_t plaintext_len,
                              size_t tag_len )
 {
+    CCM_VALIDATE_RET( ctx != NULL );
+
     /*
      * Check length requirements: SP800-38C A.1
      * Additional requirement: a < 2^16 - 2^8 to simplify the code.
@@ -283,6 +294,8 @@ int mbedtls_ccm_update_ad( mbedtls_ccm_context *ctx,
                            const unsigned char *add,
                            size_t add_len )
 {
+    CCM_VALIDATE_RET( ctx->add_len == 0 || add != NULL );
+
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char i;
     size_t olen, use_len, offset;
@@ -331,6 +344,9 @@ int mbedtls_ccm_update( mbedtls_ccm_context *ctx,
                         unsigned char *output, size_t output_size,
                         size_t *output_len )
 {
+    CCM_VALIDATE_RET( ctx->plaintext_len == 0 || input != NULL );
+    CCM_VALIDATE_RET( ctx->plaintext_len == 0 || output != NULL );
+
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char i;
     size_t use_len, offset, olen;
@@ -359,7 +375,8 @@ int mbedtls_ccm_update( mbedtls_ccm_context *ctx,
 
         if( use_len + offset == 16 || ctx->processed == ctx->plaintext_len )
         {
-            if( ctx->mode == CCM_ENCRYPT )
+            if( ctx->mode == MBEDTLS_CCM_ENCRYPT || \
+                ctx->mode == MBEDTLS_CCM_STAR_ENCRYPT )
             {
                 UPDATE_CBC_MAC;
                 ret = mbedtls_ccm_crypt( ctx, 0, use_len, ctx->b, output );
@@ -368,7 +385,8 @@ int mbedtls_ccm_update( mbedtls_ccm_context *ctx,
                 memset( ctx->b, 0, 16 );
             }
 
-            if( ctx->mode == CCM_DECRYPT )
+            if( ctx->mode == MBEDTLS_CCM_DECRYPT || \
+                ctx->mode == MBEDTLS_CCM_STAR_DECRYPT )
             {
                 ret = mbedtls_ccm_crypt( ctx, 0, use_len, ctx->b, output );
                 if( ret != 0 )
@@ -402,6 +420,7 @@ int mbedtls_ccm_finish( mbedtls_ccm_context *ctx,
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char i;
 
+    CCM_VALIDATE_RET( tag_len == 0 || tag != NULL );
     /*
      * Authentication: reset counter and crypt/mask internal tag
      */
@@ -457,13 +476,7 @@ int mbedtls_ccm_star_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
                          const unsigned char *input, unsigned char *output,
                          unsigned char *tag, size_t tag_len )
 {
-    CCM_VALIDATE_RET( ctx != NULL );
-    CCM_VALIDATE_RET( iv != NULL );
-    CCM_VALIDATE_RET( add_len == 0 || add != NULL );
-    CCM_VALIDATE_RET( length == 0 || input != NULL );
-    CCM_VALIDATE_RET( length == 0 || output != NULL );
-    CCM_VALIDATE_RET( tag_len == 0 || tag != NULL );
-    return( ccm_auth_crypt( ctx, CCM_ENCRYPT, length, iv, iv_len,
+    return( ccm_auth_crypt( ctx, MBEDTLS_CCM_STAR_ENCRYPT, length, iv, iv_len,
                             add, add_len, input, output, tag, tag_len ) );
 }
 
@@ -473,17 +486,25 @@ int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
                          const unsigned char *input, unsigned char *output,
                          unsigned char *tag, size_t tag_len )
 {
-    CCM_VALIDATE_RET( ctx != NULL );
-    CCM_VALIDATE_RET( iv != NULL );
-    CCM_VALIDATE_RET( add_len == 0 || add != NULL );
-    CCM_VALIDATE_RET( length == 0 || input != NULL );
-    CCM_VALIDATE_RET( length == 0 || output != NULL );
-    CCM_VALIDATE_RET( tag_len == 0 || tag != NULL );
-    if( tag_len == 0 )
-        return( MBEDTLS_ERR_CCM_BAD_INPUT );
+    return( ccm_auth_crypt( ctx, MBEDTLS_CCM_ENCRYPT, length, iv, iv_len,
+                            add, add_len, input, output, tag, tag_len ) );
+}
 
-    return( mbedtls_ccm_star_encrypt_and_tag( ctx, length, iv, iv_len, add,
-                add_len, input, output, tag, tag_len ) );
+static int mbedtls_ccm_compare_tags(const unsigned char *tag1, const unsigned char *tag2, size_t tag_len)
+{
+    unsigned char i;
+    int diff;
+
+    /* Check tag in "constant-time" */
+    for( diff = 0, i = 0; i < tag_len; i++ )
+        diff |= tag1[i] ^ tag2[i];
+
+    if( diff != 0 )
+    {
+        return( MBEDTLS_ERR_CCM_AUTH_FAILED );
+    }
+
+    return( 0 );
 }
 
 /*
@@ -497,31 +518,18 @@ int mbedtls_ccm_star_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char check_tag[16];
-    unsigned char i;
-    int diff;
 
-    CCM_VALIDATE_RET( ctx != NULL );
-    CCM_VALIDATE_RET( iv != NULL );
-    CCM_VALIDATE_RET( add_len == 0 || add != NULL );
-    CCM_VALIDATE_RET( length == 0 || input != NULL );
-    CCM_VALIDATE_RET( length == 0 || output != NULL );
-    CCM_VALIDATE_RET( tag_len == 0 || tag != NULL );
-
-    if( ( ret = ccm_auth_crypt( ctx, CCM_DECRYPT, length,
+    if( ( ret = ccm_auth_crypt( ctx, MBEDTLS_CCM_STAR_DECRYPT, length,
                                 iv, iv_len, add, add_len,
                                 input, output, check_tag, tag_len ) ) != 0 )
     {
         return( ret );
     }
 
-    /* Check tag in "constant-time" */
-    for( diff = 0, i = 0; i < tag_len; i++ )
-        diff |= tag[i] ^ check_tag[i];
-
-    if( diff != 0 )
+    if( ( ret = mbedtls_ccm_compare_tags( tag, check_tag, tag_len ) ) != 0 )
     {
         mbedtls_platform_zeroize( output, length );
-        return( MBEDTLS_ERR_CCM_AUTH_FAILED );
+        return( ret );
     }
 
     return( 0 );
@@ -533,18 +541,23 @@ int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
                       const unsigned char *input, unsigned char *output,
                       const unsigned char *tag, size_t tag_len )
 {
-    CCM_VALIDATE_RET( ctx != NULL );
-    CCM_VALIDATE_RET( iv != NULL );
-    CCM_VALIDATE_RET( add_len == 0 || add != NULL );
-    CCM_VALIDATE_RET( length == 0 || input != NULL );
-    CCM_VALIDATE_RET( length == 0 || output != NULL );
-    CCM_VALIDATE_RET( tag_len == 0 || tag != NULL );
+    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+    unsigned char check_tag[16];
 
-    if( tag_len == 0 )
-        return( MBEDTLS_ERR_CCM_BAD_INPUT );
+    if( ( ret = ccm_auth_crypt( ctx, MBEDTLS_CCM_DECRYPT, length,
+                                iv, iv_len, add, add_len,
+                                input, output, check_tag, tag_len ) ) != 0 )
+    {
+        return( ret );
+    }
 
-    return( mbedtls_ccm_star_auth_decrypt( ctx, length, iv, iv_len, add,
-                add_len, input, output, tag, tag_len ) );
+    if( ( ret = mbedtls_ccm_compare_tags( tag, check_tag, tag_len ) ) != 0 )
+    {
+        mbedtls_platform_zeroize( output, length );
+        return( ret );
+    }
+
+    return( 0 );
 }
 #endif /* !MBEDTLS_CCM_ALT */
 

From 20bac2fbe4ac0e002f4e622634cd858925c258c7 Mon Sep 17 00:00:00 2001
From: Mateusz Starzyk <mateusz.starzyk@mobica.com>
Date: Mon, 12 Jul 2021 14:52:44 +0200
Subject: [PATCH 227/966] Fix chunked ccm update.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
---
 library/ccm.c | 71 ++++++++++++++++++++++++++++-----------------------
 1 file changed, 39 insertions(+), 32 deletions(-)

diff --git a/library/ccm.c b/library/ccm.c
index 4f7ebfa827..5450e408c1 100644
--- a/library/ccm.c
+++ b/library/ccm.c
@@ -373,42 +373,49 @@ int mbedtls_ccm_update( mbedtls_ccm_context *ctx,
         ctx->processed += use_len;
         memcpy( ctx->b + offset, input, use_len );
 
+        if( ctx->mode == MBEDTLS_CCM_ENCRYPT || \
+            ctx->mode == MBEDTLS_CCM_STAR_ENCRYPT )
+        {
+            if( use_len + offset == 16 || ctx->processed == ctx->plaintext_len )
+            {
+                UPDATE_CBC_MAC;
+            }
+            ret = mbedtls_ccm_crypt( ctx, offset, use_len, ctx->b + offset, output );
+            if( ret != 0 )
+                return ret;
+        }
+
+        if( ctx->mode == MBEDTLS_CCM_DECRYPT || \
+            ctx->mode == MBEDTLS_CCM_STAR_DECRYPT )
+        {
+            ret = mbedtls_ccm_crypt( ctx, offset, use_len, ctx->b + offset, output );
+            if( ret != 0 )
+                return ret;
+
+            for( i = 0; i < use_len; i++ )
+                ctx->y[i + offset] ^= output[i];
+
+            if( use_len + offset == 16 || ctx->processed == ctx->plaintext_len )
+            {
+                if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen ) ) != 0 )
+                {
+                    ctx->state |= CCM_STATE__ERROR;
+                    return( ret );
+                }
+            }
+        }
+
         if( use_len + offset == 16 || ctx->processed == ctx->plaintext_len )
         {
-            if( ctx->mode == MBEDTLS_CCM_ENCRYPT || \
-                ctx->mode == MBEDTLS_CCM_STAR_ENCRYPT )
-            {
-                UPDATE_CBC_MAC;
-                ret = mbedtls_ccm_crypt( ctx, 0, use_len, ctx->b, output );
-                if( ret != 0 )
-                    return ret;
-                memset( ctx->b, 0, 16 );
-            }
-
-            if( ctx->mode == MBEDTLS_CCM_DECRYPT || \
-                ctx->mode == MBEDTLS_CCM_STAR_DECRYPT )
-            {
-                ret = mbedtls_ccm_crypt( ctx, 0, use_len, ctx->b, output );
-                if( ret != 0 )
-                    return ret;
-                memset( ctx->b, 0, 16 );
-                memcpy( ctx->b, output, use_len );
-                UPDATE_CBC_MAC;
-                memset( ctx->b, 0, 16 );
-            }
-
-            input_len -= use_len;
-            input += use_len;
-            output += use_len;
-
-            /*
-            * Increment counter.
-            * No need to check for overflow thanks to the length check above.
-            */
             for( i = 0; i < ctx->q; i++ )
-                if( ++(ctx->ctr)[15-i] != 0 )
-                    break;
+            if( ++(ctx->ctr)[15-i] != 0 )
+                break;
+            memset( ctx->b, 0, 16 );
         }
+
+        input_len -= use_len;
+        input += use_len;
+        output += use_len;
     }
 
     return 0;

From 25a3dfe7dd3ba598b79e70d1d407081810dec8a1 Mon Sep 17 00:00:00 2001
From: Mateusz Starzyk <mateusz.starzyk@mobica.com>
Date: Mon, 12 Jul 2021 14:53:45 +0200
Subject: [PATCH 228/966] Add multipart tests for ccm suite.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
---
 tests/suites/test_suite_ccm.function | 114 +++++++++++++++++++++++++--
 1 file changed, 108 insertions(+), 6 deletions(-)

diff --git a/tests/suites/test_suite_ccm.function b/tests/suites/test_suite_ccm.function
index 840583c5ca..77ecf689b5 100644
--- a/tests/suites/test_suite_ccm.function
+++ b/tests/suites/test_suite_ccm.function
@@ -1,5 +1,64 @@
 /* BEGIN_HEADER */
 #include "mbedtls/ccm.h"
+
+/* Use the multipart interface to process the encrypted data in two parts
+ * and check that the output matches the expected output.
+ * The context must have been set up with the key. */
+static int check_multipart( mbedtls_ccm_context *ctx,
+                            int mode,
+                            const data_t *iv,
+                            const data_t *add,
+                            const data_t *input,
+                            const data_t *expected_output,
+                            const data_t *tag,
+                            size_t n1,
+                            size_t n1_add)
+{
+    int ok = 0;
+    uint8_t *output = NULL;
+    size_t n2 = input->len - n1;
+    size_t n2_add = add->len - n1_add;
+    size_t olen;
+
+    /* Sanity checks on the test data */
+    TEST_ASSERT( n1 <= input->len );
+    TEST_ASSERT( n1_add <= add->len );
+    TEST_EQUAL( input->len, expected_output->len );
+    TEST_EQUAL( 0, mbedtls_ccm_starts( ctx, mode, iv->x, iv->len ) );
+    TEST_EQUAL( 0, mbedtls_ccm_set_lengths( ctx, add->len, input->len, tag->len ) );
+    TEST_EQUAL( 0, mbedtls_ccm_update_ad( ctx, add->x, n1_add) );
+    TEST_EQUAL( 0, mbedtls_ccm_update_ad( ctx, add->x + n1_add, n2_add ) );
+
+    /* Allocate a tight buffer for each update call. This way, if the function
+     * tries to write beyond the advertised required buffer size, this will
+     * count as an overflow for memory sanitizers and static checkers. */
+    ASSERT_ALLOC( output, n1 );
+    olen = 0xdeadbeef;
+    TEST_EQUAL( 0, mbedtls_ccm_update( ctx, input->x, n1, output, n1, &olen ) );
+    TEST_EQUAL( n1, olen );
+    ASSERT_COMPARE( output, olen, expected_output->x, n1 );
+    mbedtls_free( output );
+    output = NULL;
+
+    ASSERT_ALLOC( output, n2 );
+    olen = 0xdeadbeef;
+    TEST_EQUAL( 0, mbedtls_ccm_update( ctx, input->x + n1, n2, output, n2, &olen ) );
+    TEST_EQUAL( n2, olen );
+    ASSERT_COMPARE( output, olen, expected_output->x + n1, n2 );
+    mbedtls_free( output );
+    output = NULL;
+
+    ASSERT_ALLOC( output, tag->len );
+    TEST_EQUAL( 0, mbedtls_ccm_finish( ctx, output, tag->len ) );
+    ASSERT_COMPARE( output, tag->len, tag->x, tag->len );
+    mbedtls_free( output );
+    output = NULL;
+
+    ok = 1;
+exit:
+    mbedtls_free( output );
+    return( ok );
+}
 /* END_HEADER */
 
 /* BEGIN_DEPENDENCIES
@@ -123,6 +182,7 @@ void mbedtls_ccm_encrypt_and_tag( int cipher_id, data_t * key,
 {
     mbedtls_ccm_context ctx;
     size_t tag_len;
+    size_t n1, n1_add;
     uint8_t * msg_n_tag = (uint8_t *)malloc( result->len + 2 );
 
     mbedtls_ccm_init( &ctx );
@@ -143,6 +203,25 @@ void mbedtls_ccm_encrypt_and_tag( int cipher_id, data_t * key,
     /* Check we didn't write past the end */
     TEST_ASSERT( msg_n_tag[result->len] == 0 && msg_n_tag[result->len + 1] == 0 );
 
+    const data_t encrypted_expected = { .x = result->x,
+                                        .len = msg->len };
+    const data_t tag_expected = { .x = result->x + msg->len,
+                                  .len = tag_len };
+
+    for( n1 = 0; n1 <= msg->len; n1 += 1 )
+    {
+        for( n1_add = 0; n1_add <= add->len; n1_add += 1 )
+        {
+            mbedtls_test_set_step( n1 * 10000 + n1_add );
+            if( !check_multipart( &ctx, MBEDTLS_CCM_ENCRYPT,
+                                  iv, add, msg,
+                                  &encrypted_expected,
+                                  &tag_expected,
+                                  n1, n1_add ) )
+                goto exit;
+        }
+    }
+
 exit:
     mbedtls_ccm_free( &ctx );
     free( msg_n_tag );
@@ -157,6 +236,7 @@ void mbedtls_ccm_auth_decrypt( int cipher_id, data_t * key,
 {
     unsigned char tag[16];
     mbedtls_ccm_context ctx;
+    size_t n1, n1_add;
 
     mbedtls_ccm_init( &ctx );
 
@@ -165,28 +245,50 @@ void mbedtls_ccm_auth_decrypt( int cipher_id, data_t * key,
     msg->len -= tag_len;
     memcpy( tag, msg->x + msg->len, tag_len );
 
+    uint8_t * io_msg = (uint8_t *)malloc( msg->len + 2 );
+    memset( io_msg, 0, msg->len + 2 );
+    memcpy( io_msg, msg->x, msg->len );
+
     TEST_ASSERT( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ) == 0 );
 
     /* Test with input == output */
     TEST_ASSERT( mbedtls_ccm_auth_decrypt( &ctx, msg->len, iv->x, iv->len, add->x, add->len,
-                 msg->x, msg->x, msg->x + msg->len, tag_len ) == result );
+                 io_msg, io_msg, tag, tag_len ) == result );
+
+    /* Check we didn't write past the end */
+    TEST_ASSERT( io_msg[msg->len] == 0 && io_msg[msg->len + 1] == 0 );
 
     if( result == 0 )
     {
-        TEST_ASSERT( memcmp( msg->x, expected_msg->x, expected_msg->len ) == 0 );
+        TEST_ASSERT( memcmp( io_msg, expected_msg->x, expected_msg->len ) == 0 );
+
+        const data_t tag_expected = { .x = tag,
+                                      .len = tag_len };
+
+        for( n1 = 0; n1 <= msg->len; n1 += 1 )
+        {
+            for( n1_add = 0; n1_add <= add->len; n1_add += 1 )
+            {
+                mbedtls_test_set_step( n1 * 10000 + n1_add );
+                if( !check_multipart( &ctx, MBEDTLS_CCM_DECRYPT,
+                                iv, add, msg,
+                                expected_msg,
+                                &tag_expected,
+                                n1, n1_add ) )
+                    goto exit;
+           }
+        }
     }
     else
     {
         size_t i;
 
         for( i = 0; i < msg->len; i++ )
-            TEST_ASSERT( msg->x[i] == 0 );
+            TEST_ASSERT( io_msg[i] == 0 );
     }
 
-    /* Check we didn't write past the end (where the original tag is) */
-    TEST_ASSERT( memcmp( msg->x + msg->len, tag, tag_len ) == 0 );
-
 exit:
+    free(io_msg);
     mbedtls_ccm_free( &ctx );
 }
 /* END_CASE */

From 663055f78464a27f9470ed04142eb975554cf4ec Mon Sep 17 00:00:00 2001
From: Mateusz Starzyk <mateusz.starzyk@mobica.com>
Date: Mon, 12 Jul 2021 19:13:52 +0200
Subject: [PATCH 229/966] Remove UPDATE_CBC macro and working b buffer.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
---
 include/mbedtls/ccm.h |  1 -
 library/ccm.c         | 74 +++++++++++++++++++------------------------
 2 files changed, 33 insertions(+), 42 deletions(-)

diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h
index 813959be0b..72dfd3d6c4 100644
--- a/include/mbedtls/ccm.h
+++ b/include/mbedtls/ccm.h
@@ -77,7 +77,6 @@ extern "C" {
 typedef struct mbedtls_ccm_context
 {
     mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx);    /*!< The cipher context used. */
-    unsigned char MBEDTLS_PRIVATE(b)[16];    /*!< The B working buffer */
     unsigned char MBEDTLS_PRIVATE(y)[16];    /*!< The Y working buffer */
     unsigned char MBEDTLS_PRIVATE(ctr)[16];  /*!< The counter buffer */
     unsigned char MBEDTLS_PRIVATE(q);        /*!< The Q working value */
diff --git a/library/ccm.c b/library/ccm.c
index 5450e408c1..399a936e93 100644
--- a/library/ccm.c
+++ b/library/ccm.c
@@ -106,22 +106,6 @@ void mbedtls_ccm_free( mbedtls_ccm_context *ctx )
     mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ccm_context ) );
 }
 
-/*
- * Update the CBC-MAC state in y using a block in b
- * (Always using b as the source helps the compiler optimise a bit better.)
- *
- * Macro results in smaller compiled code than static inline functions.
- */
-#define UPDATE_CBC_MAC                                                                        \
-    for( i = 0; i < 16; i++ )                                                                 \
-        ctx->y[i] ^= ctx->b[i];                                                               \
-                                                                                              \
-    if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen ) ) != 0 ) \
-    {                                                                                         \
-        ctx->state |= CCM_STATE__ERROR;                                                       \
-        return( ret );                                                                        \
-    }                                                                                         \
-
 #define CCM_STATE__CLEAR                0
 #define CCM_STATE__STARTED              0x0001
 #define CCM_STATE__LENGHTS_SET          0x0002
@@ -155,7 +139,6 @@ static int mbedtls_ccm_crypt( mbedtls_ccm_context *ctx,
 
 static void mbedtls_ccm_clear_state(mbedtls_ccm_context *ctx) {
     ctx->state = CCM_STATE__CLEAR;
-    memset( ctx->b, 0, 16);
     memset( ctx->y, 0, 16);
     memset( ctx->ctr, 0, 16);
 }
@@ -177,7 +160,7 @@ static int mbedtls_ccm_calculate_first_block(mbedtls_ccm_context *ctx)
         return( MBEDTLS_ERR_CCM_BAD_INPUT );
 
     /*
-     * First block B_0:
+     * First block:
      * 0        .. 0        flags
      * 1        .. iv_len   nonce (aka iv)  - set by: mbedtls_ccm_starts()
      * iv_len+1 .. 15       length
@@ -188,12 +171,12 @@ static int mbedtls_ccm_calculate_first_block(mbedtls_ccm_context *ctx)
      * 5 .. 3   (t - 2) / 2
      * 2 .. 0   q - 1
      */
-    ctx->b[0] |= ( ctx->add_len > 0 ) << 6;
-    ctx->b[0] |= ( ( ctx->tag_len - 2 ) / 2 ) << 3;
-    ctx->b[0] |= ctx->q - 1;
+    ctx->y[0] |= ( ctx->add_len > 0 ) << 6;
+    ctx->y[0] |= ( ( ctx->tag_len - 2 ) / 2 ) << 3;
+    ctx->y[0] |= ctx->q - 1;
 
     for( i = 0, len_left = ctx->plaintext_len; i < ctx->q; i++, len_left >>= 8 )
-        ctx->b[15-i] = (unsigned char)( len_left & 0xFF );
+        ctx->y[15-i] = (unsigned char)( len_left & 0xFF );
 
     if( len_left > 0 )
     {
@@ -202,7 +185,11 @@ static int mbedtls_ccm_calculate_first_block(mbedtls_ccm_context *ctx)
     }
 
     /* Start CBC-MAC with first block*/
-    UPDATE_CBC_MAC;
+    if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen ) ) != 0 )
+    {
+        ctx->state |= CCM_STATE__ERROR;
+        return( ret );
+    }
 
     return (0);
 }
@@ -248,9 +235,9 @@ int mbedtls_ccm_starts( mbedtls_ccm_context *ctx,
     ctx->ctr[15] = 1;
 
     /*
-     * See mbedtls_ccm_calculate_first_block() for B block layout description
+     * See mbedtls_ccm_calculate_first_block() for block layout description
      */
-    memcpy( ctx->b + 1, iv, iv_len );
+    memcpy( ctx->y + 1, iv, iv_len );
 
     ctx->state |= CCM_STATE__STARTED;
     return mbedtls_ccm_calculate_first_block(ctx);
@@ -304,9 +291,8 @@ int mbedtls_ccm_update_ad( mbedtls_ccm_context *ctx,
     {
         if( ctx->processed == 0 )
         {
-            memset( ctx->b, 0, 16 );
-            ctx->b[0] = (unsigned char)( ( ctx->add_len >> 8 ) & 0xFF );
-            ctx->b[1] = (unsigned char)( ( ctx->add_len      ) & 0xFF );
+            ctx->y[0] ^= (unsigned char)( ( ctx->add_len >> 8 ) & 0xFF );
+            ctx->y[1] ^= (unsigned char)( ( ctx->add_len      ) & 0xFF );
 
             ctx->processed += 2;
         }
@@ -320,15 +306,20 @@ int mbedtls_ccm_update_ad( mbedtls_ccm_context *ctx,
             if( use_len > add_len )
                 use_len = add_len;
 
-            memcpy( ctx->b + offset, add, use_len );
+            for( i = 0; i < use_len; i++ )
+                ctx->y[i + offset] ^= add[i];
+
             ctx->processed += use_len;
             add_len -= use_len;
             add += use_len;
 
             if( use_len + offset == 16 || ctx->processed - 2 == ctx->add_len )
             {
-                UPDATE_CBC_MAC;
-                memset( ctx->b, 0, 16 );
+                if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen ) ) != 0 )
+                {
+                    ctx->state |= CCM_STATE__ERROR;
+                    return( ret );
+                }
             }
         }
     }
@@ -356,11 +347,6 @@ int mbedtls_ccm_update( mbedtls_ccm_context *ctx,
     CCM_VALIDATE_RET( output_length != NULL );
     *output_len = input_len;
 
-    if( ctx->processed == 0 )
-    {
-        memset( ctx->b, 0, 16 );
-    }
-
     while ( input_len > 0 )
     {
         offset = ctx->processed % 16;
@@ -371,16 +357,23 @@ int mbedtls_ccm_update( mbedtls_ccm_context *ctx,
             use_len = input_len;
 
         ctx->processed += use_len;
-        memcpy( ctx->b + offset, input, use_len );
 
         if( ctx->mode == MBEDTLS_CCM_ENCRYPT || \
             ctx->mode == MBEDTLS_CCM_STAR_ENCRYPT )
         {
+            for( i = 0; i < use_len; i++ )
+                ctx->y[i + offset] ^= input[i];
+
             if( use_len + offset == 16 || ctx->processed == ctx->plaintext_len )
             {
-                UPDATE_CBC_MAC;
+                if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen ) ) != 0 )
+                {
+                    ctx->state |= CCM_STATE__ERROR;
+                    return( ret );
+                }
             }
-            ret = mbedtls_ccm_crypt( ctx, offset, use_len, ctx->b + offset, output );
+
+            ret = mbedtls_ccm_crypt( ctx, offset, use_len, input, output );
             if( ret != 0 )
                 return ret;
         }
@@ -388,7 +381,7 @@ int mbedtls_ccm_update( mbedtls_ccm_context *ctx,
         if( ctx->mode == MBEDTLS_CCM_DECRYPT || \
             ctx->mode == MBEDTLS_CCM_STAR_DECRYPT )
         {
-            ret = mbedtls_ccm_crypt( ctx, offset, use_len, ctx->b + offset, output );
+            ret = mbedtls_ccm_crypt( ctx, offset, use_len, input, output );
             if( ret != 0 )
                 return ret;
 
@@ -410,7 +403,6 @@ int mbedtls_ccm_update( mbedtls_ccm_context *ctx,
             for( i = 0; i < ctx->q; i++ )
             if( ++(ctx->ctr)[15-i] != 0 )
                 break;
-            memset( ctx->b, 0, 16 );
         }
 
         input_len -= use_len;

From 29ec75b34e9f34aac91524308966b0631f9c05b5 Mon Sep 17 00:00:00 2001
From: Mateusz Starzyk <mateusz.starzyk@mobica.com>
Date: Tue, 13 Jul 2021 12:26:17 +0200
Subject: [PATCH 230/966] Add multipart testing to CCM* tests.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
---
 tests/suites/test_suite_ccm.function | 52 ++++++++++++++++++++++++++++
 1 file changed, 52 insertions(+)

diff --git a/tests/suites/test_suite_ccm.function b/tests/suites/test_suite_ccm.function
index 77ecf689b5..72c707ea0d 100644
--- a/tests/suites/test_suite_ccm.function
+++ b/tests/suites/test_suite_ccm.function
@@ -304,6 +304,7 @@ void mbedtls_ccm_star_encrypt_and_tag( int cipher_id,
     unsigned char result[50];
     mbedtls_ccm_context ctx;
     size_t iv_len, tag_len;
+    size_t n1, n1_add;
     int ret;
 
     mbedtls_ccm_init( &ctx );
@@ -338,6 +339,31 @@ void mbedtls_ccm_star_encrypt_and_tag( int cipher_id,
     TEST_ASSERT( result[expected_result->len] == 0 &&
                  result[expected_result->len + 1] == 0 );
 
+    if( ret == 0 )
+    {
+        const data_t iv_data = { .x = iv,
+                                 .len = iv_len };
+
+        const data_t encrypted_expected = { .x = expected_result->x,
+                                            .len = msg->len };
+        const data_t tag_expected = { .x = expected_result->x + msg->len,
+                                      .len = tag_len };
+
+        for( n1 = 0; n1 <= msg->len; n1 += 1 )
+        {
+            for( n1_add = 0; n1_add <= add->len; n1_add += 1 )
+            {
+                mbedtls_test_set_step( n1 * 10000 + n1_add );
+                if( !check_multipart( &ctx, MBEDTLS_CCM_STAR_ENCRYPT,
+                                      &iv_data, add, msg,
+                                      &encrypted_expected,
+                                      &tag_expected,
+                                      n1, n1_add ) )
+                    goto exit;
+            }
+        }
+    }
+
 exit:
     mbedtls_ccm_free( &ctx );
 }
@@ -354,6 +380,7 @@ void mbedtls_ccm_star_auth_decrypt( int cipher_id,
     unsigned char result[50];
     mbedtls_ccm_context ctx;
     size_t iv_len, tag_len;
+    size_t n1, n1_add;
     int ret;
 
     mbedtls_ccm_init( &ctx );
@@ -389,6 +416,31 @@ void mbedtls_ccm_star_auth_decrypt( int cipher_id,
     TEST_EQUAL( result[msg->len], '+' );
     TEST_EQUAL( result[msg->len + 1], '+' );
 
+    if( ret == 0 )
+    {
+        msg->len -= tag_len;
+
+        const data_t iv_data = { .x = iv,
+                                 .len = iv_len };
+
+        const data_t tag_expected = { .x = msg->x + msg->len,
+                                      .len = tag_len };
+
+        for( n1 = 0; n1 <= msg->len; n1 += 1 )
+        {
+            for( n1_add = 0; n1_add <= add->len; n1_add += 1 )
+            {
+                mbedtls_test_set_step( n1 * 10000 + n1_add );
+                if( !check_multipart( &ctx, MBEDTLS_CCM_STAR_DECRYPT,
+                                &iv_data, add, msg,
+                                expected_result,
+                                &tag_expected,
+                                n1, n1_add ) )
+                    goto exit;
+           }
+        }
+    }
+
 exit:
     mbedtls_ccm_free( &ctx );
 }

From 27a1bef89d6b238473751f48a66335a7d2850aad Mon Sep 17 00:00:00 2001
From: Mateusz Starzyk <mateusz.starzyk@mobica.com>
Date: Tue, 13 Jul 2021 15:33:19 +0200
Subject: [PATCH 231/966] Tidy up test functions.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
---
 tests/suites/test_suite_ccm.function | 216 ++++++++++++++-------------
 1 file changed, 114 insertions(+), 102 deletions(-)

diff --git a/tests/suites/test_suite_ccm.function b/tests/suites/test_suite_ccm.function
index 72c707ea0d..25cc49b8d2 100644
--- a/tests/suites/test_suite_ccm.function
+++ b/tests/suites/test_suite_ccm.function
@@ -48,7 +48,10 @@ static int check_multipart( mbedtls_ccm_context *ctx,
     mbedtls_free( output );
     output = NULL;
 
-    ASSERT_ALLOC( output, tag->len );
+    if( tag->len == 0 )
+        ASSERT_ALLOC( output, 16 );
+    else
+        ASSERT_ALLOC( output, tag->len );
     TEST_EQUAL( 0, mbedtls_ccm_finish( ctx, output, tag->len ) );
     ASSERT_COMPARE( output, tag->len, tag->x, tag->len );
     mbedtls_free( output );
@@ -181,32 +184,34 @@ void mbedtls_ccm_encrypt_and_tag( int cipher_id, data_t * key,
                                   data_t * add, data_t * result )
 {
     mbedtls_ccm_context ctx;
-    size_t tag_len;
     size_t n1, n1_add;
-    uint8_t * msg_n_tag = (uint8_t *)malloc( result->len + 2 );
+    uint8_t* io_msg_buf = NULL;
+    uint8_t* tag_buf = NULL;
+    const size_t expected_tag_len = result->len - msg->len;
+    const uint8_t* expected_tag = result->x + msg->len;
+
+    /* Prepare input/output message buffer */
+    ASSERT_ALLOC( io_msg_buf, msg->len );
+    if( msg->len != 0 )
+        memcpy( io_msg_buf, msg->x, msg->len );
+
+    /* Prepare tag buffer */
+    ASSERT_ALLOC( tag_buf, expected_tag_len );
 
     mbedtls_ccm_init( &ctx );
-
-    memset( msg_n_tag, 0, result->len + 2 );
-    memcpy( msg_n_tag, msg->x, msg->len );
-
-    tag_len = result->len - msg->len;
-
-    TEST_ASSERT( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ) == 0 );
-
+    TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 );
     /* Test with input == output */
-    TEST_ASSERT( mbedtls_ccm_encrypt_and_tag( &ctx, msg->len, iv->x, iv->len, add->x, add->len,
-                 msg_n_tag, msg_n_tag, msg_n_tag + msg->len, tag_len ) == 0 );
+    TEST_EQUAL( mbedtls_ccm_encrypt_and_tag( &ctx, msg->len, iv->x, iv->len, add->x, add->len,
+                io_msg_buf, io_msg_buf, tag_buf, expected_tag_len ), 0);
 
-    TEST_ASSERT( memcmp( msg_n_tag, result->x, result->len ) == 0 );
-
-    /* Check we didn't write past the end */
-    TEST_ASSERT( msg_n_tag[result->len] == 0 && msg_n_tag[result->len + 1] == 0 );
+    ASSERT_COMPARE( io_msg_buf, msg->len, result->x, msg->len );
+    ASSERT_COMPARE( tag_buf, expected_tag_len, expected_tag, expected_tag_len );
 
+    /* Prepare data_t structers for multipart testing */
     const data_t encrypted_expected = { .x = result->x,
                                         .len = msg->len };
-    const data_t tag_expected = { .x = result->x + msg->len,
-                                  .len = tag_len };
+    const data_t tag_expected = { .x = (uint8_t*) expected_tag, /* cast to conform with data_t x type */
+                                  .len = expected_tag_len };
 
     for( n1 = 0; n1 <= msg->len; n1 += 1 )
     {
@@ -224,54 +229,53 @@ void mbedtls_ccm_encrypt_and_tag( int cipher_id, data_t * key,
 
 exit:
     mbedtls_ccm_free( &ctx );
-    free( msg_n_tag );
+    mbedtls_free( io_msg_buf );
+    mbedtls_free( tag_buf );
 }
 /* END_CASE */
 
 /* BEGIN_CASE */
 void mbedtls_ccm_auth_decrypt( int cipher_id, data_t * key,
                                data_t * msg, data_t * iv,
-                               data_t * add, int tag_len, int result,
+                               data_t * add, int expected_tag_len, int result,
                                data_t * expected_msg )
 {
-    unsigned char tag[16];
     mbedtls_ccm_context ctx;
     size_t n1, n1_add;
 
+    const size_t expected_msg_len = msg->len - expected_tag_len;
+    const uint8_t* expected_tag = msg->x + expected_msg_len;
+
+    /* Prepare input/output message buffer */
+    uint8_t* io_msg_buf = NULL;
+    ASSERT_ALLOC( io_msg_buf, expected_msg_len );
+    if( expected_msg_len )
+        memcpy( io_msg_buf, msg->x, expected_msg_len );
+
     mbedtls_ccm_init( &ctx );
-
-    memset( tag, 0x00, sizeof( tag ) );
-
-    msg->len -= tag_len;
-    memcpy( tag, msg->x + msg->len, tag_len );
-
-    uint8_t * io_msg = (uint8_t *)malloc( msg->len + 2 );
-    memset( io_msg, 0, msg->len + 2 );
-    memcpy( io_msg, msg->x, msg->len );
-
-    TEST_ASSERT( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ) == 0 );
-
+    TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 );
     /* Test with input == output */
-    TEST_ASSERT( mbedtls_ccm_auth_decrypt( &ctx, msg->len, iv->x, iv->len, add->x, add->len,
-                 io_msg, io_msg, tag, tag_len ) == result );
-
-    /* Check we didn't write past the end */
-    TEST_ASSERT( io_msg[msg->len] == 0 && io_msg[msg->len + 1] == 0 );
+    TEST_EQUAL( mbedtls_ccm_auth_decrypt( &ctx, expected_msg_len, iv->x, iv->len, add->x, add->len,
+                io_msg_buf, io_msg_buf, expected_tag, expected_tag_len ), result );
 
     if( result == 0 )
     {
-        TEST_ASSERT( memcmp( io_msg, expected_msg->x, expected_msg->len ) == 0 );
+        ASSERT_COMPARE( io_msg_buf, expected_msg_len, expected_msg->x, expected_msg_len );
 
-        const data_t tag_expected = { .x = tag,
-                                      .len = tag_len };
+         /* Prepare data_t structers for multipart testing */
+        const data_t encrypted = { .x = msg->x,
+                                   .len = expected_msg_len };
 
-        for( n1 = 0; n1 <= msg->len; n1 += 1 )
+        const data_t tag_expected = { .x = (uint8_t*) expected_tag,
+                                      .len = expected_tag_len };
+
+        for( n1 = 0; n1 <= expected_msg_len; n1 += 1 )
         {
             for( n1_add = 0; n1_add <= add->len; n1_add += 1 )
             {
                 mbedtls_test_set_step( n1 * 10000 + n1_add );
                 if( !check_multipart( &ctx, MBEDTLS_CCM_DECRYPT,
-                                iv, add, msg,
+                                iv, add, &encrypted,
                                 expected_msg,
                                 &tag_expected,
                                 n1, n1_add ) )
@@ -283,12 +287,12 @@ void mbedtls_ccm_auth_decrypt( int cipher_id, data_t * key,
     {
         size_t i;
 
-        for( i = 0; i < msg->len; i++ )
-            TEST_ASSERT( io_msg[i] == 0 );
+        for( i = 0; i < expected_msg_len; i++ )
+            TEST_EQUAL( io_msg_buf[i], 0 );
     }
 
 exit:
-    free(io_msg);
+    mbedtls_free(io_msg_buf);
     mbedtls_ccm_free( &ctx );
 }
 /* END_CASE */
@@ -301,21 +305,32 @@ void mbedtls_ccm_star_encrypt_and_tag( int cipher_id,
                             data_t *expected_result, int output_ret )
 {
     unsigned char iv[13];
-    unsigned char result[50];
     mbedtls_ccm_context ctx;
-    size_t iv_len, tag_len;
+    size_t iv_len, expected_tag_len;
     size_t n1, n1_add;
-    int ret;
+    uint8_t* io_msg_buf = NULL;
+    uint8_t* tag_buf = NULL;
 
-    mbedtls_ccm_init( &ctx );
-
-    memset( result, 0x00, sizeof( result ) );
+    const uint8_t* expected_tag = expected_result->x + msg->len;
 
+    /* Calculate tag length */
     if( sec_level % 4 == 0)
-        tag_len = 0;
+        expected_tag_len = 0;
     else
-        tag_len = 1 << ( sec_level % 4 + 1);
+        expected_tag_len = 1 << ( sec_level % 4 + 1);
 
+    /* Prepare input/output message buffer */
+    ASSERT_ALLOC( io_msg_buf, msg->len );
+    if( msg->len )
+        memcpy( io_msg_buf, msg->x, msg->len );
+
+    /* Prepare tag buffer */
+    if( expected_tag_len == 0 )
+        ASSERT_ALLOC( tag_buf, 16 );
+    else
+        ASSERT_ALLOC( tag_buf, expected_tag_len );
+
+    /* Calculate iv */
     TEST_ASSERT( source_address->len == 8 );
     TEST_ASSERT( frame_counter->len == 4 );
     memcpy( iv, source_address->x, source_address->len );
@@ -323,31 +338,26 @@ void mbedtls_ccm_star_encrypt_and_tag( int cipher_id,
     iv[source_address->len + frame_counter->len] = sec_level;
     iv_len = sizeof( iv );
 
-    TEST_ASSERT( mbedtls_ccm_setkey( &ctx, cipher_id,
-                                     key->x, key->len * 8 ) == 0 );
+    mbedtls_ccm_init( &ctx );
+    TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id,
+                                     key->x, key->len * 8 ), 0 );
+    /* Test with input == output */
+    TEST_EQUAL( mbedtls_ccm_star_encrypt_and_tag( &ctx, msg->len, iv, iv_len,
+                                            add->x, add->len, io_msg_buf,
+                                            io_msg_buf, tag_buf, expected_tag_len), output_ret );
 
-    ret = mbedtls_ccm_star_encrypt_and_tag( &ctx, msg->len, iv, iv_len,
-                                            add->x, add->len, msg->x,
-                                            result, result + msg->len, tag_len );
+    ASSERT_COMPARE( io_msg_buf, msg->len, expected_result->x, msg->len );
+    ASSERT_COMPARE( tag_buf, expected_tag_len, expected_tag, expected_tag_len );
 
-    TEST_ASSERT( ret == output_ret );
-
-    TEST_ASSERT( memcmp( result,
-                         expected_result->x, expected_result->len ) == 0 );
-
-    /* Check we didn't write past the end */
-    TEST_ASSERT( result[expected_result->len] == 0 &&
-                 result[expected_result->len + 1] == 0 );
-
-    if( ret == 0 )
+    if( output_ret == 0 )
     {
         const data_t iv_data = { .x = iv,
                                  .len = iv_len };
 
         const data_t encrypted_expected = { .x = expected_result->x,
                                             .len = msg->len };
-        const data_t tag_expected = { .x = expected_result->x + msg->len,
-                                      .len = tag_len };
+        const data_t tag_expected = { .x = (uint8_t*)expected_tag,
+                                      .len = expected_tag_len };
 
         for( n1 = 0; n1 <= msg->len; n1 += 1 )
         {
@@ -366,6 +376,8 @@ void mbedtls_ccm_star_encrypt_and_tag( int cipher_id,
 
 exit:
     mbedtls_ccm_free( &ctx );
+    mbedtls_free( io_msg_buf );
+    mbedtls_free( tag_buf );
 }
 /* END_CASE */
 
@@ -377,22 +389,27 @@ void mbedtls_ccm_star_auth_decrypt( int cipher_id,
                             data_t *expected_result, int output_ret )
 {
     unsigned char iv[13];
-    unsigned char result[50];
     mbedtls_ccm_context ctx;
-    size_t iv_len, tag_len;
+    size_t iv_len, expected_tag_len;
     size_t n1, n1_add;
-    int ret;
-
-    mbedtls_ccm_init( &ctx );
-
-    memset( iv, 0x00, sizeof( iv ) );
-    memset( result, '+', sizeof( result ) );
 
+    /* Calculate tag length */
     if( sec_level % 4 == 0)
-        tag_len = 0;
+        expected_tag_len = 0;
     else
-        tag_len = 1 << ( sec_level % 4 + 1);
+        expected_tag_len = 1 << ( sec_level % 4 + 1);
 
+    const size_t expected_msg_len = msg->len - expected_tag_len;
+    const uint8_t* expected_tag = msg->x + expected_msg_len;
+
+    /* Prepare input/output message buffer */
+    uint8_t* io_msg_buf = NULL;
+    ASSERT_ALLOC( io_msg_buf, expected_msg_len );
+    if( expected_msg_len )
+        memcpy( io_msg_buf, msg->x, expected_msg_len );
+
+    /* Calculate iv */
+    memset( iv, 0x00, sizeof( iv ) );
     TEST_ASSERT( source_address->len == 8 );
     TEST_ASSERT( frame_counter->len == 4 );
     memcpy( iv, source_address->x, source_address->len );
@@ -400,39 +417,33 @@ void mbedtls_ccm_star_auth_decrypt( int cipher_id,
     iv[source_address->len + frame_counter->len] = sec_level;
     iv_len = sizeof( iv );
 
+    mbedtls_ccm_init( &ctx );
     TEST_ASSERT( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ) == 0 );
+    /* Test with input == output */
+    TEST_EQUAL( mbedtls_ccm_star_auth_decrypt( &ctx, expected_msg_len, iv, iv_len,
+                                         add->x, add->len, io_msg_buf, io_msg_buf,
+                                         expected_tag, expected_tag_len ), output_ret );
 
-    ret = mbedtls_ccm_star_auth_decrypt( &ctx, msg->len - tag_len, iv, iv_len,
-                                         add->x, add->len, msg->x, result,
-                                         msg->x + msg->len - tag_len, tag_len );
+    ASSERT_COMPARE( io_msg_buf, expected_msg_len, expected_result->x, expected_msg_len );
 
-    TEST_ASSERT( ret == output_ret );
-
-    TEST_ASSERT( memcmp( result, expected_result->x,
-                                 expected_result->len ) == 0 );
-
-    /* Check we didn't write past the end (where the original tag is) */
-    TEST_ASSERT( ( msg->len + 2 ) <= sizeof( result ) );
-    TEST_EQUAL( result[msg->len], '+' );
-    TEST_EQUAL( result[msg->len + 1], '+' );
-
-    if( ret == 0 )
+    if( output_ret == 0 )
     {
-        msg->len -= tag_len;
-
         const data_t iv_data = { .x = iv,
                                  .len = iv_len };
 
-        const data_t tag_expected = { .x = msg->x + msg->len,
-                                      .len = tag_len };
+        const data_t encrypted = { .x = msg->x,
+                                   .len = expected_msg_len} ;
 
-        for( n1 = 0; n1 <= msg->len; n1 += 1 )
+        const data_t tag_expected = { .x = (uint8_t*) expected_tag,
+                                      .len = expected_tag_len };
+
+        for( n1 = 0; n1 <= expected_msg_len; n1 += 1 )
         {
             for( n1_add = 0; n1_add <= add->len; n1_add += 1 )
             {
                 mbedtls_test_set_step( n1 * 10000 + n1_add );
                 if( !check_multipart( &ctx, MBEDTLS_CCM_STAR_DECRYPT,
-                                &iv_data, add, msg,
+                                &iv_data, add, &encrypted,
                                 expected_result,
                                 &tag_expected,
                                 n1, n1_add ) )
@@ -443,5 +454,6 @@ void mbedtls_ccm_star_auth_decrypt( int cipher_id,
 
 exit:
     mbedtls_ccm_free( &ctx );
+    mbedtls_free( io_msg_buf );
 }
 /* END_CASE */

From de7a83da0d571e97364dbf9fd3571d1fd316a2a0 Mon Sep 17 00:00:00 2001
From: Mateusz Starzyk <mateusz.starzyk@mobica.com>
Date: Wed, 14 Jul 2021 12:39:14 +0200
Subject: [PATCH 232/966] Add changelog for chunked CCM implementation.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
---
 ChangeLog.d/chunked_ccm.txt | 8 ++++++++
 1 file changed, 8 insertions(+)
 create mode 100644 ChangeLog.d/chunked_ccm.txt

diff --git a/ChangeLog.d/chunked_ccm.txt b/ChangeLog.d/chunked_ccm.txt
new file mode 100644
index 0000000000..4e3065f906
--- /dev/null
+++ b/ChangeLog.d/chunked_ccm.txt
@@ -0,0 +1,8 @@
+Changes
+   * Implement multi-part CCM API.
+     The multi-part functions: mbedtls_ccm_starts(), mbedtls_ccm_set_lengths(),
+     mbedtls_ccm_update_ad(), mbedtls_ccm_update(), mbedtls_ccm_finish()
+     were introduced in mbedTLS 3.0 release, however their implementation was
+     postponed util now.
+     Implemented functions support chunked data input for both CCM and CCM*
+     algorithms.

From 4df9ac4882b467c2bd06eec87c144cf024c0f0af Mon Sep 17 00:00:00 2001
From: Mateusz Starzyk <mateusz.starzyk@mobica.com>
Date: Tue, 27 Jul 2021 13:47:23 +0200
Subject: [PATCH 233/966] Reorganize ccm context structure.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
---
 include/mbedtls/ccm.h | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h
index 72dfd3d6c4..c903e68fd3 100644
--- a/include/mbedtls/ccm.h
+++ b/include/mbedtls/ccm.h
@@ -76,19 +76,19 @@ extern "C" {
  */
 typedef struct mbedtls_ccm_context
 {
-    mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx);    /*!< The cipher context used. */
     unsigned char MBEDTLS_PRIVATE(y)[16];    /*!< The Y working buffer */
     unsigned char MBEDTLS_PRIVATE(ctr)[16];  /*!< The counter buffer */
-    unsigned char MBEDTLS_PRIVATE(q);        /*!< The Q working value */
+    mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx);    /*!< The cipher context used. */
     size_t MBEDTLS_PRIVATE(plaintext_len);   /*!< Total plaintext length */
     size_t MBEDTLS_PRIVATE(add_len);         /*!< Total authentication data length */
     size_t MBEDTLS_PRIVATE(tag_len);         /*!< Total tag length */
     size_t MBEDTLS_PRIVATE(processed);       /*!< How many bytes of input data were processed (chunked input) */
-    int MBEDTLS_PRIVATE(mode);               /*!< The operation to perform:
-                                                #MBEDTLS_CCM_ENCRYPT or
-                                                #MBEDTLS_CCM_DECRYPT or
-                                                #MBEDTLS_CCM_STAR_ENCRYPT or
-                                                #MBEDTLS_CCM_STAR_DECRYPT. */
+    unsigned char MBEDTLS_PRIVATE(q);        /*!< The Q working value */
+    unsigned char MBEDTLS_PRIVATE(mode);     /*!< The operation to perform:
+                                                  #MBEDTLS_CCM_ENCRYPT or
+                                                  #MBEDTLS_CCM_DECRYPT or
+                                                  #MBEDTLS_CCM_STAR_ENCRYPT or
+                                                  #MBEDTLS_CCM_STAR_DECRYPT. */
     int MBEDTLS_PRIVATE(state);              /*!< Working value holding context's
                                                   state. Used for chunked data
                                                   input */

From a9cbdfbb349a3bed44ad7241472e938e944278f5 Mon Sep 17 00:00:00 2001
From: Mateusz Starzyk <mateusz.starzyk@mobica.com>
Date: Tue, 27 Jul 2021 13:49:54 +0200
Subject: [PATCH 234/966] Replace ccm status flags with bitshifts.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
---
 library/ccm.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/library/ccm.c b/library/ccm.c
index 399a936e93..be1671c04c 100644
--- a/library/ccm.c
+++ b/library/ccm.c
@@ -107,9 +107,9 @@ void mbedtls_ccm_free( mbedtls_ccm_context *ctx )
 }
 
 #define CCM_STATE__CLEAR                0
-#define CCM_STATE__STARTED              0x0001
-#define CCM_STATE__LENGHTS_SET          0x0002
-#define CCM_STATE__ERROR                0x0004
+#define CCM_STATE__STARTED              (1 << 0)
+#define CCM_STATE__LENGHTS_SET          (1 << 1)
+#define CCM_STATE__ERROR                (1 << 2)
 
 /*
  * Encrypt or decrypt a partial block with CTR

From c52220d775aba3a30a1a64035aacb448cb6e58d3 Mon Sep 17 00:00:00 2001
From: Mateusz Starzyk <mateusz.starzyk@mobica.com>
Date: Tue, 27 Jul 2021 13:54:55 +0200
Subject: [PATCH 235/966] Clear temporary buffer after block crypt operation.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
---
 library/ccm.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/library/ccm.c b/library/ccm.c
index be1671c04c..425872dc32 100644
--- a/library/ccm.c
+++ b/library/ccm.c
@@ -127,13 +127,15 @@ static int mbedtls_ccm_crypt( mbedtls_ccm_context *ctx,
     if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, ctx->ctr, 16, tmp_buf,
                                        &olen ) ) != 0 )
     {
-        ctx->state |= CCM_STATE__ERROR;                                    \
+        ctx->state |= CCM_STATE__ERROR;           
+        mbedtls_platform_zeroize(tmp_buf, sizeof(tmp_buf));
         return ret;
     }
 
     for( i = 0; i < use_len; i++ )
         output[i] = input[i] ^ tmp_buf[offset + i];
 
+    mbedtls_platform_zeroize(tmp_buf, sizeof(tmp_buf));
     return ret;
 }
 

From ca9dc8d1d742b5e5f193c5b8f70709fe3c043ee4 Mon Sep 17 00:00:00 2001
From: Mateusz Starzyk <mateusz.starzyk@mobica.com>
Date: Tue, 27 Jul 2021 14:03:53 +0200
Subject: [PATCH 236/966] Rename ccm_calculate_first_block function.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
---
 library/ccm.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/library/ccm.c b/library/ccm.c
index 425872dc32..d8c65b552e 100644
--- a/library/ccm.c
+++ b/library/ccm.c
@@ -145,7 +145,7 @@ static void mbedtls_ccm_clear_state(mbedtls_ccm_context *ctx) {
     memset( ctx->ctr, 0, 16);
 }
 
-static int mbedtls_ccm_calculate_first_block(mbedtls_ccm_context *ctx)
+static int ccm_calculate_first_block_if_ready(mbedtls_ccm_context *ctx)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char i;
@@ -237,12 +237,12 @@ int mbedtls_ccm_starts( mbedtls_ccm_context *ctx,
     ctx->ctr[15] = 1;
 
     /*
-     * See mbedtls_ccm_calculate_first_block() for block layout description
+     * See ccm_calculate_first_block_if_ready() for block layout description
      */
     memcpy( ctx->y + 1, iv, iv_len );
 
     ctx->state |= CCM_STATE__STARTED;
-    return mbedtls_ccm_calculate_first_block(ctx);
+    return ccm_calculate_first_block_if_ready(ctx);
 }
 
 int mbedtls_ccm_set_lengths( mbedtls_ccm_context *ctx,
@@ -276,7 +276,7 @@ int mbedtls_ccm_set_lengths( mbedtls_ccm_context *ctx,
     ctx->processed = 0;
 
     ctx->state |= CCM_STATE__LENGHTS_SET;
-    return mbedtls_ccm_calculate_first_block(ctx);
+    return ccm_calculate_first_block_if_ready(ctx);
 }
 
 int mbedtls_ccm_update_ad( mbedtls_ccm_context *ctx,

From 5d97601e81af90dc92bc9577d2515f7849a25837 Mon Sep 17 00:00:00 2001
From: Mateusz Starzyk <mateusz.starzyk@mobica.com>
Date: Tue, 27 Jul 2021 14:12:30 +0200
Subject: [PATCH 237/966] Remove ccm input validation.

VALIDATE and VALIDATE_RET macros are obsolete.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
---
 library/ccm.c | 25 -------------------------
 1 file changed, 25 deletions(-)

diff --git a/library/ccm.c b/library/ccm.c
index d8c65b552e..80a795fc1d 100644
--- a/library/ccm.c
+++ b/library/ccm.c
@@ -47,18 +47,12 @@
 
 #if !defined(MBEDTLS_CCM_ALT)
 
-#define CCM_VALIDATE_RET( cond ) \
-    MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CCM_BAD_INPUT )
-#define CCM_VALIDATE( cond ) \
-    MBEDTLS_INTERNAL_VALIDATE( cond )
-
 
 /*
  * Initialize context
  */
 void mbedtls_ccm_init( mbedtls_ccm_context *ctx )
 {
-    CCM_VALIDATE( ctx != NULL );
     memset( ctx, 0, sizeof( mbedtls_ccm_context ) );
 }
 
@@ -70,9 +64,6 @@ int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx,
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     const mbedtls_cipher_info_t *cipher_info;
 
-    CCM_VALIDATE_RET( ctx != NULL );
-    CCM_VALIDATE_RET( key != NULL );
-
     cipher_info = mbedtls_cipher_info_from_values( cipher, keybits,
                                                    MBEDTLS_MODE_ECB );
     if( cipher_info == NULL )
@@ -201,13 +192,6 @@ int mbedtls_ccm_starts( mbedtls_ccm_context *ctx,
                         const unsigned char *iv,
                         size_t iv_len )
 {
-    CCM_VALIDATE_RET( ctx != NULL );
-    CCM_VALIDATE_RET( iv != NULL );
-    CCM_VALIDATE_RET( mode == MBEDTLS_CCM_DECRYPT      || \
-                      mode == MBEDTLS_CCM_STAR_DECRYPT || \
-                      mode == MBEDTLS_CCM_ENCRYPT      || \
-                      mode == MBEDTLS_CCM_STAR_ENCRYPT );
-
     /* Also implies q is within bounds */
     if( iv_len < 7 || iv_len > 13 )
         return( MBEDTLS_ERR_CCM_BAD_INPUT );
@@ -250,8 +234,6 @@ int mbedtls_ccm_set_lengths( mbedtls_ccm_context *ctx,
                              size_t plaintext_len,
                              size_t tag_len )
 {
-    CCM_VALIDATE_RET( ctx != NULL );
-
     /*
      * Check length requirements: SP800-38C A.1
      * Additional requirement: a < 2^16 - 2^8 to simplify the code.
@@ -283,8 +265,6 @@ int mbedtls_ccm_update_ad( mbedtls_ccm_context *ctx,
                            const unsigned char *add,
                            size_t add_len )
 {
-    CCM_VALIDATE_RET( ctx->add_len == 0 || add != NULL );
-
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char i;
     size_t olen, use_len, offset;
@@ -337,16 +317,12 @@ int mbedtls_ccm_update( mbedtls_ccm_context *ctx,
                         unsigned char *output, size_t output_size,
                         size_t *output_len )
 {
-    CCM_VALIDATE_RET( ctx->plaintext_len == 0 || input != NULL );
-    CCM_VALIDATE_RET( ctx->plaintext_len == 0 || output != NULL );
-
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char i;
     size_t use_len, offset, olen;
 
     if( output_size < input_len )
         return( MBEDTLS_ERR_CCM_BAD_INPUT );
-    CCM_VALIDATE_RET( output_length != NULL );
     *output_len = input_len;
 
     while ( input_len > 0 )
@@ -421,7 +397,6 @@ int mbedtls_ccm_finish( mbedtls_ccm_context *ctx,
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char i;
 
-    CCM_VALIDATE_RET( tag_len == 0 || tag != NULL );
     /*
      * Authentication: reset counter and crypt/mask internal tag
      */

From 2d5652aceed0a4d3a15d949baae6cbc939ce4d75 Mon Sep 17 00:00:00 2001
From: Mateusz Starzyk <mateusz.starzyk@mobica.com>
Date: Tue, 27 Jul 2021 16:07:54 +0200
Subject: [PATCH 238/966] Move ccm error state handling.

Remove error clearing from ccm_starts() and ccm_set_lengths().
Add error check in ccm_update_ad(), ccm_update() and ccm_finish().

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
---
 library/ccm.c | 27 ++++++++++++++++-----------
 1 file changed, 16 insertions(+), 11 deletions(-)

diff --git a/library/ccm.c b/library/ccm.c
index 80a795fc1d..1247f8d377 100644
--- a/library/ccm.c
+++ b/library/ccm.c
@@ -118,7 +118,7 @@ static int mbedtls_ccm_crypt( mbedtls_ccm_context *ctx,
     if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, ctx->ctr, 16, tmp_buf,
                                        &olen ) ) != 0 )
     {
-        ctx->state |= CCM_STATE__ERROR;           
+        ctx->state |= CCM_STATE__ERROR;
         mbedtls_platform_zeroize(tmp_buf, sizeof(tmp_buf));
         return ret;
     }
@@ -196,11 +196,6 @@ int mbedtls_ccm_starts( mbedtls_ccm_context *ctx,
     if( iv_len < 7 || iv_len > 13 )
         return( MBEDTLS_ERR_CCM_BAD_INPUT );
 
-    if( ctx->state & CCM_STATE__ERROR )
-    {
-        mbedtls_ccm_clear_state(ctx);
-    }
-
     ctx->mode = mode;
     ctx->q = 16 - 1 - (unsigned char) iv_len;
 
@@ -247,11 +242,6 @@ int mbedtls_ccm_set_lengths( mbedtls_ccm_context *ctx,
     if( total_ad_len >= 0xFF00 )
         return( MBEDTLS_ERR_CCM_BAD_INPUT );
 
-    if( ctx->state & CCM_STATE__ERROR )
-    {
-        mbedtls_ccm_clear_state(ctx);
-    }
-
     ctx->plaintext_len = plaintext_len;
     ctx->add_len = total_ad_len;
     ctx->tag_len = tag_len;
@@ -269,6 +259,11 @@ int mbedtls_ccm_update_ad( mbedtls_ccm_context *ctx,
     unsigned char i;
     size_t olen, use_len, offset;
 
+    if( ctx->state & CCM_STATE__ERROR )
+    {
+        return ret;
+    }
+
     if( ctx->add_len > 0 && add_len > 0)
     {
         if( ctx->processed == 0 )
@@ -321,6 +316,11 @@ int mbedtls_ccm_update( mbedtls_ccm_context *ctx,
     unsigned char i;
     size_t use_len, offset, olen;
 
+    if( ctx->state & CCM_STATE__ERROR )
+    {
+        return ret;
+    }
+
     if( output_size < input_len )
         return( MBEDTLS_ERR_CCM_BAD_INPUT );
     *output_len = input_len;
@@ -397,6 +397,11 @@ int mbedtls_ccm_finish( mbedtls_ccm_context *ctx,
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char i;
 
+    if( ctx->state & CCM_STATE__ERROR )
+    {
+        return ret;
+    }
+
     /*
      * Authentication: reset counter and crypt/mask internal tag
      */

From 36d3b89c84a46726eba6040b945724ec78bfffee Mon Sep 17 00:00:00 2001
From: Mateusz Starzyk <mateusz.starzyk@mobica.com>
Date: Wed, 28 Jul 2021 14:14:58 +0200
Subject: [PATCH 239/966] Verify input data lengths.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
---
 library/ccm.c | 43 ++++++++++++++++++++++++++++++++++++++-----
 1 file changed, 38 insertions(+), 5 deletions(-)

diff --git a/library/ccm.c b/library/ccm.c
index 1247f8d377..a6ba77435c 100644
--- a/library/ccm.c
+++ b/library/ccm.c
@@ -100,7 +100,8 @@ void mbedtls_ccm_free( mbedtls_ccm_context *ctx )
 #define CCM_STATE__CLEAR                0
 #define CCM_STATE__STARTED              (1 << 0)
 #define CCM_STATE__LENGHTS_SET          (1 << 1)
-#define CCM_STATE__ERROR                (1 << 2)
+#define CCM_STATE__AUTH_DATA_FINISHED   (1 << 2)
+#define CCM_STATE__ERROR                (1 << 4)
 
 /*
  * Encrypt or decrypt a partial block with CTR
@@ -264,15 +265,29 @@ int mbedtls_ccm_update_ad( mbedtls_ccm_context *ctx,
         return ret;
     }
 
-    if( ctx->add_len > 0 && add_len > 0)
+    if( ctx->add_len > 0 && add_len > 0 )
     {
+        if( ctx->state & CCM_STATE__AUTH_DATA_FINISHED )
+        {
+            return ret;
+        }
+
         if( ctx->processed == 0 )
         {
+            if ( add_len > ctx->add_len )
+            {
+                return MBEDTLS_ERR_CCM_BAD_INPUT;
+            }
+
             ctx->y[0] ^= (unsigned char)( ( ctx->add_len >> 8 ) & 0xFF );
             ctx->y[1] ^= (unsigned char)( ( ctx->add_len      ) & 0xFF );
 
             ctx->processed += 2;
         }
+        else if ( ctx->processed - 2 + add_len > ctx->add_len )
+        {
+            return MBEDTLS_ERR_CCM_BAD_INPUT;
+        }
 
         while( add_len > 0 )
         {
@@ -299,10 +314,13 @@ int mbedtls_ccm_update_ad( mbedtls_ccm_context *ctx,
                 }
             }
         }
-    }
 
-    if( ctx->processed - 2 == ctx->add_len )
-        ctx->processed = 0; // prepare for mbedtls_ccm_update()
+        if( ctx->processed - 2 == ctx->add_len )
+        {
+            ctx->state |= CCM_STATE__AUTH_DATA_FINISHED;
+            ctx->processed = 0; // prepare for mbedtls_ccm_update()
+        }
+    }
 
     return (0);
 }
@@ -321,6 +339,11 @@ int mbedtls_ccm_update( mbedtls_ccm_context *ctx,
         return ret;
     }
 
+    if( ctx->processed + input_len > ctx->plaintext_len )
+    {
+        return MBEDTLS_ERR_CCM_BAD_INPUT;
+    }
+
     if( output_size < input_len )
         return( MBEDTLS_ERR_CCM_BAD_INPUT );
     *output_len = input_len;
@@ -402,6 +425,16 @@ int mbedtls_ccm_finish( mbedtls_ccm_context *ctx,
         return ret;
     }
 
+    if( ctx->add_len > 0 && !( ctx->state & CCM_STATE__AUTH_DATA_FINISHED ) )
+    {
+        return ret;
+    }
+
+    if( ctx->plaintext_len > 0 && ctx->processed != ctx->plaintext_len )
+    {
+        return ret;
+    }
+
     /*
      * Authentication: reset counter and crypt/mask internal tag
      */

From 22f7a35ca4de9bca49aa2e994eaa87460b3abe77 Mon Sep 17 00:00:00 2001
From: Mateusz Starzyk <mateusz.starzyk@mobica.com>
Date: Wed, 28 Jul 2021 15:08:47 +0200
Subject: [PATCH 240/966] Do not use output buffer for internal XOR during
 decryption.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
---
 include/mbedtls/ccm.h |  2 ++
 library/ccm.c         | 56 ++++++++++++++++++++++++++++++++++---------
 2 files changed, 47 insertions(+), 11 deletions(-)

diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h
index c903e68fd3..06aa6a8884 100644
--- a/include/mbedtls/ccm.h
+++ b/include/mbedtls/ccm.h
@@ -61,6 +61,8 @@
 #define MBEDTLS_ERR_CCM_BAD_INPUT       -0x000D
 /** Authenticated decryption failed. */
 #define MBEDTLS_ERR_CCM_AUTH_FAILED     -0x000F
+/** Memory allocation failed */
+#define MBEDTLS_ERR_CCM_ALLOC_FAILED    -0x0011
 
 #ifdef __cplusplus
 extern "C" {
diff --git a/library/ccm.c b/library/ccm.c
index a6ba77435c..3663a769da 100644
--- a/library/ccm.c
+++ b/library/ccm.c
@@ -36,14 +36,17 @@
 
 #include <string.h>
 
-#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C)
 #if defined(MBEDTLS_PLATFORM_C)
 #include "mbedtls/platform.h"
 #else
+#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C)
 #include <stdio.h>
 #define mbedtls_printf printf
-#endif /* MBEDTLS_PLATFORM_C */
 #endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */
+#include <stdlib.h>
+#define mbedtls_calloc    calloc
+#define mbedtls_free       free
+#endif /* MBEDTLS_PLATFORM_C */
 
 #if !defined(MBEDTLS_CCM_ALT)
 
@@ -330,13 +333,16 @@ int mbedtls_ccm_update( mbedtls_ccm_context *ctx,
                         unsigned char *output, size_t output_size,
                         size_t *output_len )
 {
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+    int ret;
     unsigned char i;
     size_t use_len, offset, olen;
 
+    const size_t local_output_len = input_len;
+    unsigned char* local_output = NULL;
+
     if( ctx->state & CCM_STATE__ERROR )
     {
-        return ret;
+        return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     }
 
     if( ctx->processed + input_len > ctx->plaintext_len )
@@ -344,10 +350,24 @@ int mbedtls_ccm_update( mbedtls_ccm_context *ctx,
         return MBEDTLS_ERR_CCM_BAD_INPUT;
     }
 
+    /* Local output is used for decryption only. */
+    if( ctx->mode == MBEDTLS_CCM_DECRYPT || \
+        ctx->mode == MBEDTLS_CCM_STAR_DECRYPT )
+    {
+        local_output = mbedtls_calloc( local_output_len, sizeof( *local_output) );
+        if( local_output == NULL )
+        {
+            ctx->state |= CCM_STATE__ERROR;
+            return MBEDTLS_ERR_CCM_ALLOC_FAILED;
+        }
+    }
+
     if( output_size < input_len )
         return( MBEDTLS_ERR_CCM_BAD_INPUT );
     *output_len = input_len;
 
+    ret = 0;
+
     while ( input_len > 0 )
     {
         offset = ctx->processed % 16;
@@ -370,31 +390,37 @@ int mbedtls_ccm_update( mbedtls_ccm_context *ctx,
                 if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen ) ) != 0 )
                 {
                     ctx->state |= CCM_STATE__ERROR;
-                    return( ret );
+                    goto exit;
                 }
             }
 
             ret = mbedtls_ccm_crypt( ctx, offset, use_len, input, output );
             if( ret != 0 )
-                return ret;
+                goto exit;
         }
 
         if( ctx->mode == MBEDTLS_CCM_DECRYPT || \
             ctx->mode == MBEDTLS_CCM_STAR_DECRYPT )
         {
-            ret = mbedtls_ccm_crypt( ctx, offset, use_len, input, output );
+            /* Write decrypted data to local_output to avoid using output variable as
+             * input in the XOR operation for Y.
+             */
+            ret = mbedtls_ccm_crypt( ctx, offset, use_len, input, local_output );
             if( ret != 0 )
-                return ret;
+                goto exit;
 
             for( i = 0; i < use_len; i++ )
-                ctx->y[i + offset] ^= output[i];
+                ctx->y[i + offset] ^= local_output[i];
+
+            memcpy( output, local_output, use_len );
+            mbedtls_platform_zeroize( local_output, local_output_len );
 
             if( use_len + offset == 16 || ctx->processed == ctx->plaintext_len )
             {
                 if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen ) ) != 0 )
                 {
                     ctx->state |= CCM_STATE__ERROR;
-                    return( ret );
+                    goto exit;
                 }
             }
         }
@@ -411,7 +437,15 @@ int mbedtls_ccm_update( mbedtls_ccm_context *ctx,
         output += use_len;
     }
 
-    return 0;
+exit:
+    if( ctx->mode == MBEDTLS_CCM_DECRYPT || \
+        ctx->mode == MBEDTLS_CCM_STAR_DECRYPT )
+    {
+        mbedtls_platform_zeroize( local_output, local_output_len );
+        mbedtls_free( local_output );
+    }
+
+    return ret;
 }
 
 int mbedtls_ccm_finish( mbedtls_ccm_context *ctx,

From eb395c00c9253aa6552128d0da1e05002df30aa1 Mon Sep 17 00:00:00 2001
From: Mateusz Starzyk <mateusz.starzyk@mobica.com>
Date: Wed, 28 Jul 2021 15:10:54 +0200
Subject: [PATCH 241/966] Move 'Authenticated decryption' comment.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
---
 library/ccm.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/library/ccm.c b/library/ccm.c
index 3663a769da..51cee939f3 100644
--- a/library/ccm.c
+++ b/library/ccm.c
@@ -538,6 +538,9 @@ int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
                             add, add_len, input, output, tag, tag_len ) );
 }
 
+/*
+ * Authenticated decryption
+ */
 static int mbedtls_ccm_compare_tags(const unsigned char *tag1, const unsigned char *tag2, size_t tag_len)
 {
     unsigned char i;
@@ -555,9 +558,6 @@ static int mbedtls_ccm_compare_tags(const unsigned char *tag1, const unsigned ch
     return( 0 );
 }
 
-/*
- * Authenticated decryption
- */
 int mbedtls_ccm_star_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
                       const unsigned char *iv, size_t iv_len,
                       const unsigned char *add, size_t add_len,

From 1bda9451ef395c35b99255625fc647287e4ecc8e Mon Sep 17 00:00:00 2001
From: Mateusz Starzyk <mateusz.starzyk@mobica.com>
Date: Wed, 28 Jul 2021 15:21:46 +0200
Subject: [PATCH 242/966] Factor out common code from ccm decrypt functions.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
---
 library/ccm.c | 43 ++++++++++++++++++++-----------------------
 1 file changed, 20 insertions(+), 23 deletions(-)

diff --git a/library/ccm.c b/library/ccm.c
index 51cee939f3..a14e025ded 100644
--- a/library/ccm.c
+++ b/library/ccm.c
@@ -558,16 +558,16 @@ static int mbedtls_ccm_compare_tags(const unsigned char *tag1, const unsigned ch
     return( 0 );
 }
 
-int mbedtls_ccm_star_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
-                      const unsigned char *iv, size_t iv_len,
-                      const unsigned char *add, size_t add_len,
-                      const unsigned char *input, unsigned char *output,
-                      const unsigned char *tag, size_t tag_len )
+static int ccm_auth_decrypt( mbedtls_ccm_context *ctx, int mode, size_t length,
+                             const unsigned char *iv, size_t iv_len,
+                             const unsigned char *add, size_t add_len,
+                             const unsigned char *input, unsigned char *output,
+                             const unsigned char *tag, size_t tag_len )
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char check_tag[16];
 
-    if( ( ret = ccm_auth_crypt( ctx, MBEDTLS_CCM_STAR_DECRYPT, length,
+    if( ( ret = ccm_auth_crypt( ctx, mode, length,
                                 iv, iv_len, add, add_len,
                                 input, output, check_tag, tag_len ) ) != 0 )
     {
@@ -583,29 +583,26 @@ int mbedtls_ccm_star_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
     return( 0 );
 }
 
+int mbedtls_ccm_star_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
+                      const unsigned char *iv, size_t iv_len,
+                      const unsigned char *add, size_t add_len,
+                      const unsigned char *input, unsigned char *output,
+                      const unsigned char *tag, size_t tag_len )
+{
+    return ccm_auth_decrypt( ctx, MBEDTLS_CCM_STAR_DECRYPT, length,
+                             iv, iv_len, add, add_len,
+                             input, output, tag, tag_len );
+}
+
 int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
                       const unsigned char *iv, size_t iv_len,
                       const unsigned char *add, size_t add_len,
                       const unsigned char *input, unsigned char *output,
                       const unsigned char *tag, size_t tag_len )
 {
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    unsigned char check_tag[16];
-
-    if( ( ret = ccm_auth_crypt( ctx, MBEDTLS_CCM_DECRYPT, length,
-                                iv, iv_len, add, add_len,
-                                input, output, check_tag, tag_len ) ) != 0 )
-    {
-        return( ret );
-    }
-
-    if( ( ret = mbedtls_ccm_compare_tags( tag, check_tag, tag_len ) ) != 0 )
-    {
-        mbedtls_platform_zeroize( output, length );
-        return( ret );
-    }
-
-    return( 0 );
+    return ccm_auth_decrypt( ctx, MBEDTLS_CCM_DECRYPT, length,
+                             iv, iv_len, add, add_len,
+                             input, output, tag, tag_len );
 }
 #endif /* !MBEDTLS_CCM_ALT */
 

From c8bdf36a728989cab1b81f0dbcd856f75ea4fdda Mon Sep 17 00:00:00 2001
From: Mateusz Starzyk <mateusz.starzyk@mobica.com>
Date: Wed, 28 Jul 2021 15:39:51 +0200
Subject: [PATCH 243/966] Validate tag pointer in ccm function.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
---
 library/ccm.c                        | 3 ++-
 tests/suites/test_suite_ccm.function | 5 +----
 2 files changed, 3 insertions(+), 5 deletions(-)

diff --git a/library/ccm.c b/library/ccm.c
index a14e025ded..af26de8d4f 100644
--- a/library/ccm.c
+++ b/library/ccm.c
@@ -478,7 +478,8 @@ int mbedtls_ccm_finish( mbedtls_ccm_context *ctx,
     ret = mbedtls_ccm_crypt( ctx, 0, 16, ctx->y, ctx->y );
     if( ret != 0 )
         return ret;
-    memcpy( tag, ctx->y, tag_len );
+    if( tag != NULL )
+        memcpy( tag, ctx->y, tag_len );
     mbedtls_ccm_clear_state(ctx);
 
     return( 0 );
diff --git a/tests/suites/test_suite_ccm.function b/tests/suites/test_suite_ccm.function
index 25cc49b8d2..21f0699b4a 100644
--- a/tests/suites/test_suite_ccm.function
+++ b/tests/suites/test_suite_ccm.function
@@ -48,10 +48,7 @@ static int check_multipart( mbedtls_ccm_context *ctx,
     mbedtls_free( output );
     output = NULL;
 
-    if( tag->len == 0 )
-        ASSERT_ALLOC( output, 16 );
-    else
-        ASSERT_ALLOC( output, tag->len );
+    ASSERT_ALLOC( output, tag->len );
     TEST_EQUAL( 0, mbedtls_ccm_finish( ctx, output, tag->len ) );
     ASSERT_COMPARE( output, tag->len, tag->x, tag->len );
     mbedtls_free( output );

From 87889069477435c8f5cfd2a13db6f62df08cf233 Mon Sep 17 00:00:00 2001
From: Mateusz Starzyk <mateusz.starzyk@mobica.com>
Date: Thu, 29 Jul 2021 14:08:18 +0200
Subject: [PATCH 244/966] Add CCM test for edge cases.

Cover:
- not calling auth data update
- not calling cipher text update
- exceeding configured auth data length
- exceeding configured cipher text length

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
---
 tests/suites/test_suite_ccm.data     |  64 +++++++++++++++
 tests/suites/test_suite_ccm.function | 111 +++++++++++++++++++++++++++
 2 files changed, 175 insertions(+)

diff --git a/tests/suites/test_suite_ccm.data b/tests/suites/test_suite_ccm.data
index a14d4be252..382d2180f2 100644
--- a/tests/suites/test_suite_ccm.data
+++ b/tests/suites/test_suite_ccm.data
@@ -1517,3 +1517,67 @@ mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_CAMELLIA:"D75C2778078CA93D971F96FD
 CCM-Camellia encrypt and tag RFC 5528 #24
 depends_on:MBEDTLS_CAMELLIA_C
 mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_CAMELLIA:"D75C2778078CA93D971F96FDE720F4CD":"9DC9EDAE2FF5DF8636E8C6DE0EED55F7867E33337D":"003B8FD8D3A937B160B6A31C1C":"A4D499F78419728C19178B0C":"4B198156393B0F7796086AAFB454F8C3F034CCA966945F1FCEA7E11BEE6A2F"
+
+CCM encrypt, skip auth NIST VADT AES-128 (P=24, N=13, A=0, T=16)
+depends_on:MBEDTLS_AES_C
+mbedtls_ccm_skip_auth:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_ENCRYPT:"d24a3d3dde8c84830280cb87abad0bb3":"7c86135ed9c2a515aaae0e9a208133897269220f30870006":"f1100035bb24a8d26004e0e24b":"1faeb0ee2ca2cd52f0aa3966578344f24e69b742c4ab37ab":"1123301219c70599b7c373ad4b3ad67b"
+
+CCM* encrypt, skip auth NIST VADT AES-128 (P=24, N=13, A=0, T=16)
+depends_on:MBEDTLS_AES_C
+mbedtls_ccm_skip_auth:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_ENCRYPT:"d24a3d3dde8c84830280cb87abad0bb3":"7c86135ed9c2a515aaae0e9a208133897269220f30870006":"f1100035bb24a8d26004e0e24b":"1faeb0ee2ca2cd52f0aa3966578344f24e69b742c4ab37ab":"1123301219c70599b7c373ad4b3ad67b"
+
+CCM decrypt, skip auth NIST DVPT AES-192 (P=24, N=7, A=0, T=4)
+depends_on:MBEDTLS_AES_C
+mbedtls_ccm_skip_auth:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_DECRYPT:"19ebfde2d5468ba0a3031bde629b11fd4094afcb205393fa":"411986d04d6463100bff03f7d0bde7ea2c3488784378138c":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22":"ddc93a54"
+
+CCM* decrypt, skip auth NIST DVPT AES-192 (P=24, N=7, A=0, T=4)
+depends_on:MBEDTLS_AES_C
+mbedtls_ccm_skip_auth:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_DECRYPT:"19ebfde2d5468ba0a3031bde629b11fd4094afcb205393fa":"411986d04d6463100bff03f7d0bde7ea2c3488784378138c":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22":"ddc93a54"
+
+CCM encrypt, skip cipher NIST VPT AES-128 #1 (P=0, N=13, A=32, T=16)
+depends_on:MBEDTLS_AES_C
+mbedtls_ccm_skip_cipher:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_ENCRYPT:"2ebf60f0969013a54a3dedb19d20f6c8":"1de8c5e21f9db33123ff870add":"e1de6c6119d7db471136285d10b47a450221b16978569190ef6a22b055295603":"0ead29ef205fbb86d11abe5ed704b880"
+
+CCM* encrypt, skip cipher NIST VPT AES-128 #1 (P=0, N=13, A=32, T=16)
+depends_on:MBEDTLS_AES_C
+mbedtls_ccm_skip_cipher:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_ENCRYPT:"2ebf60f0969013a54a3dedb19d20f6c8":"1de8c5e21f9db33123ff870add":"e1de6c6119d7db471136285d10b47a450221b16978569190ef6a22b055295603":"0ead29ef205fbb86d11abe5ed704b880"
+
+CCM decrypt, skip cipher NIST DVPT AES-256 #23 (P=0, N=13, A=32, T=16)
+depends_on:MBEDTLS_AES_C
+mbedtls_ccm_skip_cipher:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_DECRYPT:"8c5cf3457ff22228c39c051c4e05ed4093657eb303f859a9d4b0f8be0127d88a":"a544218dadd3c10583db49cf39":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e09a1005e024f6907":"867b0d87cf6e0f718200a97b4f6d5ad5"
+
+CCM* decrypt, skip cipher NIST DVPT AES-256 #23 (P=0, N=13, A=32, T=16)
+depends_on:MBEDTLS_AES_C
+mbedtls_ccm_skip_cipher:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_DECRYPT:"8c5cf3457ff22228c39c051c4e05ed4093657eb303f859a9d4b0f8be0127d88a":"a544218dadd3c10583db49cf39":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e09a1005e024f6907":"867b0d87cf6e0f718200a97b4f6d5ad5"
+
+CCM encrypt, overflow auth NIST VADT AES-192 #14 (P=24, N=13, A=13, T=16)
+depends_on:MBEDTLS_AES_C
+mbedtls_ccm_overflow_auth:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_ENCRYPT:"b5f43f3ae38a6165f0f990abe9ee50cd9ad7e847a0a51731":"13501aebda19a9bf1b5ffaa42a":"ead4c45ff9db54f9902a6de181"
+
+CCM encrypt, overflow cipher NIST VADT AES-192 #14 (P=24, N=13, A=13, T=16)
+depends_on:MBEDTLS_AES_C
+mbedtls_ccm_overflow_cipher:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_ENCRYPT:"b5f43f3ae38a6165f0f990abe9ee50cd9ad7e847a0a51731":"3726c1aaf85ee8099a7ebd3268700e07d4b3f292c65bba34":"13501aebda19a9bf1b5ffaa42a":"ead4c45ff9db54f9902a6de181"
+
+CCM decrypt, overflow auth NIST VADT AES-192 #14 (P=24, N=13, A=13, T=16)
+depends_on:MBEDTLS_AES_C
+mbedtls_ccm_overflow_auth:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_DECRYPT:"b5f43f3ae38a6165f0f990abe9ee50cd9ad7e847a0a51731":"13501aebda19a9bf1b5ffaa42a":"ead4c45ff9db54f9902a6de181"
+
+CCM decrypt, overflow cipher NIST VADT AES-192 #14 (P=24, N=13, A=13, T=16)
+depends_on:MBEDTLS_AES_C
+mbedtls_ccm_overflow_cipher:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_DECRYPT:"b5f43f3ae38a6165f0f990abe9ee50cd9ad7e847a0a51731":"3726c1aaf85ee8099a7ebd3268700e07d4b3f292c65bba34":"13501aebda19a9bf1b5ffaa42a":"ead4c45ff9db54f9902a6de181"
+
+CCM* encrypt, overflow auth NIST VADT AES-192 #14 (P=24, N=13, A=13, T=16)
+depends_on:MBEDTLS_AES_C
+mbedtls_ccm_overflow_auth:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_ENCRYPT:"b5f43f3ae38a6165f0f990abe9ee50cd9ad7e847a0a51731":"13501aebda19a9bf1b5ffaa42a":"ead4c45ff9db54f9902a6de181"
+
+CCM* encrypt, overflow cipher NIST VADT AES-192 #14 (P=24, N=13, A=13, T=16)
+depends_on:MBEDTLS_AES_C
+mbedtls_ccm_overflow_cipher:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_ENCRYPT:"b5f43f3ae38a6165f0f990abe9ee50cd9ad7e847a0a51731":"3726c1aaf85ee8099a7ebd3268700e07d4b3f292c65bba34":"13501aebda19a9bf1b5ffaa42a":"ead4c45ff9db54f9902a6de181"
+
+CCM* decrypt, overflow auth NIST VADT AES-192 #14 (P=24, N=13, A=13, T=16)
+depends_on:MBEDTLS_AES_C
+mbedtls_ccm_overflow_auth:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_DECRYPT:"b5f43f3ae38a6165f0f990abe9ee50cd9ad7e847a0a51731":"13501aebda19a9bf1b5ffaa42a":"ead4c45ff9db54f9902a6de181"
+
+CCM* decrypt, overflow cipher NIST VADT AES-192 #14 (P=24, N=13, A=13, T=16)
+depends_on:MBEDTLS_AES_C
+mbedtls_ccm_overflow_cipher:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_DECRYPT:"b5f43f3ae38a6165f0f990abe9ee50cd9ad7e847a0a51731":"3726c1aaf85ee8099a7ebd3268700e07d4b3f292c65bba34":"13501aebda19a9bf1b5ffaa42a":"ead4c45ff9db54f9902a6de181"
diff --git a/tests/suites/test_suite_ccm.function b/tests/suites/test_suite_ccm.function
index 21f0699b4a..347f189777 100644
--- a/tests/suites/test_suite_ccm.function
+++ b/tests/suites/test_suite_ccm.function
@@ -454,3 +454,114 @@ exit:
     mbedtls_free( io_msg_buf );
 }
 /* END_CASE */
+
+/* BEGIN_CASE */
+void mbedtls_ccm_skip_auth( int cipher_id, int mode,
+                            data_t * key, data_t * msg, data_t * iv,
+                            data_t * result, data_t * tag )
+{
+    mbedtls_ccm_context ctx;
+    uint8_t *output = NULL;
+    size_t olen;
+
+    /* Sanity checks on the test data */
+    TEST_EQUAL( msg->len, result->len );
+
+    mbedtls_ccm_init( &ctx );
+    TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 );
+    TEST_EQUAL( 0, mbedtls_ccm_starts( &ctx, mode, iv->x, iv->len ) );
+    TEST_EQUAL( 0, mbedtls_ccm_set_lengths( &ctx, 0, msg->len, tag->len ) );
+
+    ASSERT_ALLOC( output, result->len );
+    olen = 0xdeadbeef;
+    TEST_EQUAL( 0, mbedtls_ccm_update( &ctx, msg->x, msg->len, output, result->len, &olen ) );
+    TEST_EQUAL( result->len, olen );
+    ASSERT_COMPARE( output, olen, result->x, result->len );
+    mbedtls_free( output );
+    output = NULL;
+
+    ASSERT_ALLOC( output, tag->len );
+    TEST_EQUAL( 0, mbedtls_ccm_finish( &ctx, output, tag->len ) );
+    ASSERT_COMPARE( output, tag->len, tag->x, tag->len );
+    mbedtls_free( output );
+    output = NULL;
+
+exit:
+    mbedtls_free( output );
+    mbedtls_ccm_free( &ctx );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void mbedtls_ccm_skip_cipher( int cipher_id, int mode,
+                              data_t * key, data_t * iv, data_t* add,
+                              data_t * tag )
+{
+    mbedtls_ccm_context ctx;
+    uint8_t *output = NULL;
+
+    mbedtls_ccm_init( &ctx );
+    TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 );
+    TEST_EQUAL( 0, mbedtls_ccm_starts( &ctx, mode, iv->x, iv->len ) );
+    TEST_EQUAL( 0, mbedtls_ccm_set_lengths( &ctx, add->len, 0, tag->len ) );
+
+    TEST_EQUAL( 0, mbedtls_ccm_update_ad( &ctx, add->x, add->len) );
+
+    ASSERT_ALLOC( output, tag->len );
+    TEST_EQUAL( 0, mbedtls_ccm_finish( &ctx, output, tag->len ) );
+    ASSERT_COMPARE( output, tag->len, tag->x, tag->len );
+    mbedtls_free( output );
+    output = NULL;
+
+exit:
+    mbedtls_free( output );
+    mbedtls_ccm_free( &ctx );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void mbedtls_ccm_overflow_auth( int cipher_id, int mode,
+                                 data_t * key, data_t * iv,
+                                 data_t * add )
+{
+    mbedtls_ccm_context ctx;
+
+    mbedtls_ccm_init( &ctx );
+    TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 );
+    TEST_EQUAL( 0, mbedtls_ccm_starts( &ctx, mode, iv->x, iv->len ) );
+    // use hardcoded values for msg length and tag length. They are not a part of this test
+    // set half of auth data length to provoke an overflow
+    TEST_EQUAL( 0, mbedtls_ccm_set_lengths( &ctx, add->len / 2, 16, 16 ) );
+
+    TEST_EQUAL( MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_update_ad( &ctx, add->x, add->len) );
+exit:
+    mbedtls_ccm_free( &ctx );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void mbedtls_ccm_overflow_cipher( int cipher_id, int mode,
+                                  data_t * key, data_t * msg, data_t * iv,
+                                  data_t * add )
+{
+    mbedtls_ccm_context ctx;
+    uint8_t *output = NULL;
+    size_t olen;
+
+    mbedtls_ccm_init( &ctx );
+    TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 );
+    TEST_EQUAL( 0, mbedtls_ccm_starts( &ctx, mode, iv->x, iv->len ) );
+    // use hardcoded value for tag length. It is a not a part of this test
+    // set half of msg length to provoke an overflow
+    TEST_EQUAL( 0, mbedtls_ccm_set_lengths( &ctx, add->len, msg->len / 2, 16 ) );
+
+    TEST_EQUAL( 0, mbedtls_ccm_update_ad( &ctx, add->x, add->len) );
+
+    ASSERT_ALLOC( output, msg->len );
+    TEST_EQUAL( MBEDTLS_ERR_CCM_BAD_INPUT, \
+                mbedtls_ccm_update( &ctx, msg->x, msg->len, output, msg->len, &olen ) );
+exit:
+    mbedtls_free( output );
+    mbedtls_ccm_free( &ctx );
+}
+/* END_CASE */

From ceb5bc6150877c658f3572cb74448b8a343229b4 Mon Sep 17 00:00:00 2001
From: Mateusz Starzyk <mateusz.starzyk@mobica.com>
Date: Fri, 30 Jul 2021 14:36:22 +0200
Subject: [PATCH 245/966] Fix typos.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
---
 tests/suites/test_suite_ccm.function | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/suites/test_suite_ccm.function b/tests/suites/test_suite_ccm.function
index 347f189777..39e0b0b532 100644
--- a/tests/suites/test_suite_ccm.function
+++ b/tests/suites/test_suite_ccm.function
@@ -204,7 +204,7 @@ void mbedtls_ccm_encrypt_and_tag( int cipher_id, data_t * key,
     ASSERT_COMPARE( io_msg_buf, msg->len, result->x, msg->len );
     ASSERT_COMPARE( tag_buf, expected_tag_len, expected_tag, expected_tag_len );
 
-    /* Prepare data_t structers for multipart testing */
+    /* Prepare data_t structures for multipart testing */
     const data_t encrypted_expected = { .x = result->x,
                                         .len = msg->len };
     const data_t tag_expected = { .x = (uint8_t*) expected_tag, /* cast to conform with data_t x type */
@@ -259,7 +259,7 @@ void mbedtls_ccm_auth_decrypt( int cipher_id, data_t * key,
     {
         ASSERT_COMPARE( io_msg_buf, expected_msg_len, expected_msg->x, expected_msg_len );
 
-         /* Prepare data_t structers for multipart testing */
+         /* Prepare data_t structures for multipart testing */
         const data_t encrypted = { .x = msg->x,
                                    .len = expected_msg_len };
 

From c562788068ed9186807aa2c857954f925dd9644d Mon Sep 17 00:00:00 2001
From: Mateusz Starzyk <mateusz.starzyk@mobica.com>
Date: Mon, 2 Aug 2021 11:49:58 +0200
Subject: [PATCH 246/966] Fix local buffer allocation conditions.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
---
 library/ccm.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/library/ccm.c b/library/ccm.c
index af26de8d4f..20e9414acc 100644
--- a/library/ccm.c
+++ b/library/ccm.c
@@ -351,8 +351,9 @@ int mbedtls_ccm_update( mbedtls_ccm_context *ctx,
     }
 
     /* Local output is used for decryption only. */
-    if( ctx->mode == MBEDTLS_CCM_DECRYPT || \
-        ctx->mode == MBEDTLS_CCM_STAR_DECRYPT )
+    if( local_output_len > 0 && \
+        ( ctx->mode == MBEDTLS_CCM_DECRYPT || \
+          ctx->mode == MBEDTLS_CCM_STAR_DECRYPT ) )
     {
         local_output = mbedtls_calloc( local_output_len, sizeof( *local_output) );
         if( local_output == NULL )

From f337850738ca8d77dd0d31514fdb451381f6bd38 Mon Sep 17 00:00:00 2001
From: Mateusz Starzyk <mateusz.starzyk@mobica.com>
Date: Mon, 9 Aug 2021 11:32:11 +0200
Subject: [PATCH 247/966] Use const size buffer for local output in CCM
 decryption.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
---
 include/mbedtls/ccm.h |  2 --
 library/ccm.c         | 28 +++-------------------------
 2 files changed, 3 insertions(+), 27 deletions(-)

diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h
index 06aa6a8884..c903e68fd3 100644
--- a/include/mbedtls/ccm.h
+++ b/include/mbedtls/ccm.h
@@ -61,8 +61,6 @@
 #define MBEDTLS_ERR_CCM_BAD_INPUT       -0x000D
 /** Authenticated decryption failed. */
 #define MBEDTLS_ERR_CCM_AUTH_FAILED     -0x000F
-/** Memory allocation failed */
-#define MBEDTLS_ERR_CCM_ALLOC_FAILED    -0x0011
 
 #ifdef __cplusplus
 extern "C" {
diff --git a/library/ccm.c b/library/ccm.c
index 20e9414acc..13582d2a0e 100644
--- a/library/ccm.c
+++ b/library/ccm.c
@@ -43,9 +43,6 @@
 #include <stdio.h>
 #define mbedtls_printf printf
 #endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */
-#include <stdlib.h>
-#define mbedtls_calloc    calloc
-#define mbedtls_free       free
 #endif /* MBEDTLS_PLATFORM_C */
 
 #if !defined(MBEDTLS_CCM_ALT)
@@ -337,8 +334,7 @@ int mbedtls_ccm_update( mbedtls_ccm_context *ctx,
     unsigned char i;
     size_t use_len, offset, olen;
 
-    const size_t local_output_len = input_len;
-    unsigned char* local_output = NULL;
+    unsigned char local_output[16];
 
     if( ctx->state & CCM_STATE__ERROR )
     {
@@ -350,19 +346,6 @@ int mbedtls_ccm_update( mbedtls_ccm_context *ctx,
         return MBEDTLS_ERR_CCM_BAD_INPUT;
     }
 
-    /* Local output is used for decryption only. */
-    if( local_output_len > 0 && \
-        ( ctx->mode == MBEDTLS_CCM_DECRYPT || \
-          ctx->mode == MBEDTLS_CCM_STAR_DECRYPT ) )
-    {
-        local_output = mbedtls_calloc( local_output_len, sizeof( *local_output) );
-        if( local_output == NULL )
-        {
-            ctx->state |= CCM_STATE__ERROR;
-            return MBEDTLS_ERR_CCM_ALLOC_FAILED;
-        }
-    }
-
     if( output_size < input_len )
         return( MBEDTLS_ERR_CCM_BAD_INPUT );
     *output_len = input_len;
@@ -414,7 +397,7 @@ int mbedtls_ccm_update( mbedtls_ccm_context *ctx,
                 ctx->y[i + offset] ^= local_output[i];
 
             memcpy( output, local_output, use_len );
-            mbedtls_platform_zeroize( local_output, local_output_len );
+            mbedtls_platform_zeroize( local_output, 16 );
 
             if( use_len + offset == 16 || ctx->processed == ctx->plaintext_len )
             {
@@ -439,12 +422,7 @@ int mbedtls_ccm_update( mbedtls_ccm_context *ctx,
     }
 
 exit:
-    if( ctx->mode == MBEDTLS_CCM_DECRYPT || \
-        ctx->mode == MBEDTLS_CCM_STAR_DECRYPT )
-    {
-        mbedtls_platform_zeroize( local_output, local_output_len );
-        mbedtls_free( local_output );
-    }
+    mbedtls_platform_zeroize( local_output, 16 );
 
     return ret;
 }

From 4f2dd8aada0f75717db1ff9c0139de71f93a0321 Mon Sep 17 00:00:00 2001
From: Mateusz Starzyk <mateusz.starzyk@mobica.com>
Date: Mon, 9 Aug 2021 15:37:47 +0200
Subject: [PATCH 248/966] Fix errors returned by CCM functions.

Add new error code for calling functions in wrong order.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
---
 include/mbedtls/ccm.h |  2 ++
 library/ccm.c         | 10 +++++-----
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h
index c903e68fd3..d478414395 100644
--- a/include/mbedtls/ccm.h
+++ b/include/mbedtls/ccm.h
@@ -61,6 +61,8 @@
 #define MBEDTLS_ERR_CCM_BAD_INPUT       -0x000D
 /** Authenticated decryption failed. */
 #define MBEDTLS_ERR_CCM_AUTH_FAILED     -0x000F
+/** CCM functions called in the wrong sequence. */
+#define MBEDTLS_ERR_CCM_BAD_SEQUENCE    -0x0011
 
 #ifdef __cplusplus
 extern "C" {
diff --git a/library/ccm.c b/library/ccm.c
index 13582d2a0e..33c631a87a 100644
--- a/library/ccm.c
+++ b/library/ccm.c
@@ -269,7 +269,7 @@ int mbedtls_ccm_update_ad( mbedtls_ccm_context *ctx,
     {
         if( ctx->state & CCM_STATE__AUTH_DATA_FINISHED )
         {
-            return ret;
+            return MBEDTLS_ERR_CCM_BAD_SEQUENCE;
         }
 
         if( ctx->processed == 0 )
@@ -430,22 +430,22 @@ exit:
 int mbedtls_ccm_finish( mbedtls_ccm_context *ctx,
                         unsigned char *tag, size_t tag_len )
 {
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+    int ret;
     unsigned char i;
 
     if( ctx->state & CCM_STATE__ERROR )
     {
-        return ret;
+        return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     }
 
     if( ctx->add_len > 0 && !( ctx->state & CCM_STATE__AUTH_DATA_FINISHED ) )
     {
-        return ret;
+        return MBEDTLS_ERR_CCM_BAD_SEQUENCE;
     }
 
     if( ctx->plaintext_len > 0 && ctx->processed != ctx->plaintext_len )
     {
-        return ret;
+        return MBEDTLS_ERR_CCM_BAD_SEQUENCE;
     }
 
     /*

From 62d22f9782dd68876353feb23889210ebb9a7efc Mon Sep 17 00:00:00 2001
From: Mateusz Starzyk <mateusz.starzyk@mobica.com>
Date: Mon, 9 Aug 2021 15:53:41 +0200
Subject: [PATCH 249/966] Use additional state in CCM to track auth data input.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
---
 library/ccm.c | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/library/ccm.c b/library/ccm.c
index 33c631a87a..7574bdcf62 100644
--- a/library/ccm.c
+++ b/library/ccm.c
@@ -100,7 +100,8 @@ void mbedtls_ccm_free( mbedtls_ccm_context *ctx )
 #define CCM_STATE__CLEAR                0
 #define CCM_STATE__STARTED              (1 << 0)
 #define CCM_STATE__LENGHTS_SET          (1 << 1)
-#define CCM_STATE__AUTH_DATA_FINISHED   (1 << 2)
+#define CCM_STATE__AUTH_DATA_STARTED    (1 << 2)
+#define CCM_STATE__AUTH_DATA_FINISHED   (1 << 3)
 #define CCM_STATE__ERROR                (1 << 4)
 
 /*
@@ -272,7 +273,7 @@ int mbedtls_ccm_update_ad( mbedtls_ccm_context *ctx,
             return MBEDTLS_ERR_CCM_BAD_SEQUENCE;
         }
 
-        if( ctx->processed == 0 )
+        if( !(ctx->state & CCM_STATE__AUTH_DATA_STARTED) )
         {
             if ( add_len > ctx->add_len )
             {
@@ -282,17 +283,17 @@ int mbedtls_ccm_update_ad( mbedtls_ccm_context *ctx,
             ctx->y[0] ^= (unsigned char)( ( ctx->add_len >> 8 ) & 0xFF );
             ctx->y[1] ^= (unsigned char)( ( ctx->add_len      ) & 0xFF );
 
-            ctx->processed += 2;
+            ctx->state |= CCM_STATE__AUTH_DATA_STARTED;
         }
-        else if ( ctx->processed - 2 + add_len > ctx->add_len )
+        else if ( ctx->processed + add_len > ctx->add_len )
         {
             return MBEDTLS_ERR_CCM_BAD_INPUT;
         }
 
         while( add_len > 0 )
         {
-            offset = ctx->processed % 16;
-
+            offset = (ctx->processed + 2) % 16; /* account for y[0] and y[1]
+                                                 * holding total auth data length */
             use_len = 16 - offset;
 
             if( use_len > add_len )
@@ -305,7 +306,7 @@ int mbedtls_ccm_update_ad( mbedtls_ccm_context *ctx,
             add_len -= use_len;
             add += use_len;
 
-            if( use_len + offset == 16 || ctx->processed - 2 == ctx->add_len )
+            if( use_len + offset == 16 || ctx->processed == ctx->add_len )
             {
                 if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen ) ) != 0 )
                 {
@@ -315,7 +316,7 @@ int mbedtls_ccm_update_ad( mbedtls_ccm_context *ctx,
             }
         }
 
-        if( ctx->processed - 2 == ctx->add_len )
+        if( ctx->processed == ctx->add_len )
         {
             ctx->state |= CCM_STATE__AUTH_DATA_FINISHED;
             ctx->processed = 0; // prepare for mbedtls_ccm_update()

From b73c3ec1bc5f8e885421af5352a6f57455900137 Mon Sep 17 00:00:00 2001
From: Mateusz Starzyk <mateusz.starzyk@mobica.com>
Date: Mon, 9 Aug 2021 15:55:38 +0200
Subject: [PATCH 250/966] Restore MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED as
 default ret.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
---
 library/ccm.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/library/ccm.c b/library/ccm.c
index 7574bdcf62..b7c8f6d4d9 100644
--- a/library/ccm.c
+++ b/library/ccm.c
@@ -331,7 +331,7 @@ int mbedtls_ccm_update( mbedtls_ccm_context *ctx,
                         unsigned char *output, size_t output_size,
                         size_t *output_len )
 {
-    int ret;
+    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char i;
     size_t use_len, offset, olen;
 
@@ -431,7 +431,7 @@ exit:
 int mbedtls_ccm_finish( mbedtls_ccm_context *ctx,
                         unsigned char *tag, size_t tag_len )
 {
-    int ret;
+    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char i;
 
     if( ctx->state & CCM_STATE__ERROR )

From a42f9537b53411effa79b0b14591f131ee2a2ebc Mon Sep 17 00:00:00 2001
From: Mateusz Starzyk <mateusz.starzyk@mobica.com>
Date: Mon, 9 Aug 2021 16:00:24 +0200
Subject: [PATCH 251/966] Improve documentation for CCM's `processed` variable.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
---
 include/mbedtls/ccm.h | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h
index d478414395..8aacfce55e 100644
--- a/include/mbedtls/ccm.h
+++ b/include/mbedtls/ccm.h
@@ -84,7 +84,12 @@ typedef struct mbedtls_ccm_context
     size_t MBEDTLS_PRIVATE(plaintext_len);   /*!< Total plaintext length */
     size_t MBEDTLS_PRIVATE(add_len);         /*!< Total authentication data length */
     size_t MBEDTLS_PRIVATE(tag_len);         /*!< Total tag length */
-    size_t MBEDTLS_PRIVATE(processed);       /*!< How many bytes of input data were processed (chunked input) */
+    size_t MBEDTLS_PRIVATE(processed);       /*!< Track how many bytes of input data
+                                                  were processed (chunked input).
+                                                  Used indepenedantly for both auth data
+                                                  and plaintext/ciphertext.
+                                                  This variable is set to zero after
+                                                  auth data input is finished. */
     unsigned char MBEDTLS_PRIVATE(q);        /*!< The Q working value */
     unsigned char MBEDTLS_PRIVATE(mode);     /*!< The operation to perform:
                                                   #MBEDTLS_CCM_ENCRYPT or

From 2f1754916c7a478f44aa430d086412925fd6b35e Mon Sep 17 00:00:00 2001
From: Mateusz Starzyk <mateusz.starzyk@mobica.com>
Date: Mon, 9 Aug 2021 16:05:14 +0200
Subject: [PATCH 252/966] Improve comment on local_output.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
---
 library/ccm.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/library/ccm.c b/library/ccm.c
index b7c8f6d4d9..1e88f90679 100644
--- a/library/ccm.c
+++ b/library/ccm.c
@@ -387,7 +387,10 @@ int mbedtls_ccm_update( mbedtls_ccm_context *ctx,
         if( ctx->mode == MBEDTLS_CCM_DECRYPT || \
             ctx->mode == MBEDTLS_CCM_STAR_DECRYPT )
         {
-            /* Write decrypted data to local_output to avoid using output variable as
+            /* Since output may be in shared memory, we cannot be sure that
+             * it will contain what we wrote to it. Therefore, we should avoid using
+             * it as input to any operations.
+             * Write decrypted data to local_output to avoid using output variable as
              * input in the XOR operation for Y.
              */
             ret = mbedtls_ccm_crypt( ctx, offset, use_len, input, local_output );

From bccbf88bc3843f36a851ab6c7a02cd5c46129456 Mon Sep 17 00:00:00 2001
From: Mateusz Starzyk <mateusz.starzyk@mobica.com>
Date: Mon, 9 Aug 2021 16:12:46 +0200
Subject: [PATCH 253/966] Rename CCM test functions.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
---
 tests/suites/test_suite_ccm.data     | 64 ++++++++++++++--------------
 tests/suites/test_suite_ccm.function |  8 ++--
 2 files changed, 36 insertions(+), 36 deletions(-)

diff --git a/tests/suites/test_suite_ccm.data b/tests/suites/test_suite_ccm.data
index 382d2180f2..ff92e5fd78 100644
--- a/tests/suites/test_suite_ccm.data
+++ b/tests/suites/test_suite_ccm.data
@@ -1518,66 +1518,66 @@ CCM-Camellia encrypt and tag RFC 5528 #24
 depends_on:MBEDTLS_CAMELLIA_C
 mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_CAMELLIA:"D75C2778078CA93D971F96FDE720F4CD":"9DC9EDAE2FF5DF8636E8C6DE0EED55F7867E33337D":"003B8FD8D3A937B160B6A31C1C":"A4D499F78419728C19178B0C":"4B198156393B0F7796086AAFB454F8C3F034CCA966945F1FCEA7E11BEE6A2F"
 
-CCM encrypt, skip auth NIST VADT AES-128 (P=24, N=13, A=0, T=16)
+CCM encrypt, skip ad NIST VADT AES-128 (P=24, N=13, A=0, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_skip_auth:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_ENCRYPT:"d24a3d3dde8c84830280cb87abad0bb3":"7c86135ed9c2a515aaae0e9a208133897269220f30870006":"f1100035bb24a8d26004e0e24b":"1faeb0ee2ca2cd52f0aa3966578344f24e69b742c4ab37ab":"1123301219c70599b7c373ad4b3ad67b"
+mbedtls_ccm_skip_ad:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_ENCRYPT:"d24a3d3dde8c84830280cb87abad0bb3":"7c86135ed9c2a515aaae0e9a208133897269220f30870006":"f1100035bb24a8d26004e0e24b":"1faeb0ee2ca2cd52f0aa3966578344f24e69b742c4ab37ab":"1123301219c70599b7c373ad4b3ad67b"
 
-CCM* encrypt, skip auth NIST VADT AES-128 (P=24, N=13, A=0, T=16)
+CCM* encrypt, skip ad NIST VADT AES-128 (P=24, N=13, A=0, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_skip_auth:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_ENCRYPT:"d24a3d3dde8c84830280cb87abad0bb3":"7c86135ed9c2a515aaae0e9a208133897269220f30870006":"f1100035bb24a8d26004e0e24b":"1faeb0ee2ca2cd52f0aa3966578344f24e69b742c4ab37ab":"1123301219c70599b7c373ad4b3ad67b"
+mbedtls_ccm_skip_ad:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_ENCRYPT:"d24a3d3dde8c84830280cb87abad0bb3":"7c86135ed9c2a515aaae0e9a208133897269220f30870006":"f1100035bb24a8d26004e0e24b":"1faeb0ee2ca2cd52f0aa3966578344f24e69b742c4ab37ab":"1123301219c70599b7c373ad4b3ad67b"
 
-CCM decrypt, skip auth NIST DVPT AES-192 (P=24, N=7, A=0, T=4)
+CCM decrypt, skip ad NIST DVPT AES-192 (P=24, N=7, A=0, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_skip_auth:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_DECRYPT:"19ebfde2d5468ba0a3031bde629b11fd4094afcb205393fa":"411986d04d6463100bff03f7d0bde7ea2c3488784378138c":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22":"ddc93a54"
+mbedtls_ccm_skip_ad:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_DECRYPT:"19ebfde2d5468ba0a3031bde629b11fd4094afcb205393fa":"411986d04d6463100bff03f7d0bde7ea2c3488784378138c":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22":"ddc93a54"
 
-CCM* decrypt, skip auth NIST DVPT AES-192 (P=24, N=7, A=0, T=4)
+CCM* decrypt, skip ad NIST DVPT AES-192 (P=24, N=7, A=0, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_skip_auth:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_DECRYPT:"19ebfde2d5468ba0a3031bde629b11fd4094afcb205393fa":"411986d04d6463100bff03f7d0bde7ea2c3488784378138c":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22":"ddc93a54"
+mbedtls_ccm_skip_ad:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_DECRYPT:"19ebfde2d5468ba0a3031bde629b11fd4094afcb205393fa":"411986d04d6463100bff03f7d0bde7ea2c3488784378138c":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22":"ddc93a54"
 
-CCM encrypt, skip cipher NIST VPT AES-128 #1 (P=0, N=13, A=32, T=16)
+CCM encrypt, skip update NIST VPT AES-128 #1 (P=0, N=13, A=32, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_skip_cipher:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_ENCRYPT:"2ebf60f0969013a54a3dedb19d20f6c8":"1de8c5e21f9db33123ff870add":"e1de6c6119d7db471136285d10b47a450221b16978569190ef6a22b055295603":"0ead29ef205fbb86d11abe5ed704b880"
+mbedtls_ccm_skip_update:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_ENCRYPT:"2ebf60f0969013a54a3dedb19d20f6c8":"1de8c5e21f9db33123ff870add":"e1de6c6119d7db471136285d10b47a450221b16978569190ef6a22b055295603":"0ead29ef205fbb86d11abe5ed704b880"
 
-CCM* encrypt, skip cipher NIST VPT AES-128 #1 (P=0, N=13, A=32, T=16)
+CCM* encrypt, skip update NIST VPT AES-128 #1 (P=0, N=13, A=32, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_skip_cipher:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_ENCRYPT:"2ebf60f0969013a54a3dedb19d20f6c8":"1de8c5e21f9db33123ff870add":"e1de6c6119d7db471136285d10b47a450221b16978569190ef6a22b055295603":"0ead29ef205fbb86d11abe5ed704b880"
+mbedtls_ccm_skip_update:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_ENCRYPT:"2ebf60f0969013a54a3dedb19d20f6c8":"1de8c5e21f9db33123ff870add":"e1de6c6119d7db471136285d10b47a450221b16978569190ef6a22b055295603":"0ead29ef205fbb86d11abe5ed704b880"
 
-CCM decrypt, skip cipher NIST DVPT AES-256 #23 (P=0, N=13, A=32, T=16)
+CCM decrypt, skip update NIST DVPT AES-256 #23 (P=0, N=13, A=32, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_skip_cipher:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_DECRYPT:"8c5cf3457ff22228c39c051c4e05ed4093657eb303f859a9d4b0f8be0127d88a":"a544218dadd3c10583db49cf39":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e09a1005e024f6907":"867b0d87cf6e0f718200a97b4f6d5ad5"
+mbedtls_ccm_skip_update:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_DECRYPT:"8c5cf3457ff22228c39c051c4e05ed4093657eb303f859a9d4b0f8be0127d88a":"a544218dadd3c10583db49cf39":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e09a1005e024f6907":"867b0d87cf6e0f718200a97b4f6d5ad5"
 
-CCM* decrypt, skip cipher NIST DVPT AES-256 #23 (P=0, N=13, A=32, T=16)
+CCM* decrypt, skip update NIST DVPT AES-256 #23 (P=0, N=13, A=32, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_skip_cipher:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_DECRYPT:"8c5cf3457ff22228c39c051c4e05ed4093657eb303f859a9d4b0f8be0127d88a":"a544218dadd3c10583db49cf39":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e09a1005e024f6907":"867b0d87cf6e0f718200a97b4f6d5ad5"
+mbedtls_ccm_skip_update:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_DECRYPT:"8c5cf3457ff22228c39c051c4e05ed4093657eb303f859a9d4b0f8be0127d88a":"a544218dadd3c10583db49cf39":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e09a1005e024f6907":"867b0d87cf6e0f718200a97b4f6d5ad5"
 
-CCM encrypt, overflow auth NIST VADT AES-192 #14 (P=24, N=13, A=13, T=16)
+CCM encrypt, overflow ad NIST VADT AES-192 #14 (P=24, N=13, A=13, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_overflow_auth:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_ENCRYPT:"b5f43f3ae38a6165f0f990abe9ee50cd9ad7e847a0a51731":"13501aebda19a9bf1b5ffaa42a":"ead4c45ff9db54f9902a6de181"
+mbedtls_ccm_overflow_ad:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_ENCRYPT:"b5f43f3ae38a6165f0f990abe9ee50cd9ad7e847a0a51731":"13501aebda19a9bf1b5ffaa42a":"ead4c45ff9db54f9902a6de181"
 
-CCM encrypt, overflow cipher NIST VADT AES-192 #14 (P=24, N=13, A=13, T=16)
+CCM encrypt, overflow update NIST VADT AES-192 #14 (P=24, N=13, A=13, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_overflow_cipher:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_ENCRYPT:"b5f43f3ae38a6165f0f990abe9ee50cd9ad7e847a0a51731":"3726c1aaf85ee8099a7ebd3268700e07d4b3f292c65bba34":"13501aebda19a9bf1b5ffaa42a":"ead4c45ff9db54f9902a6de181"
+mbedtls_ccm_overflow_update:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_ENCRYPT:"b5f43f3ae38a6165f0f990abe9ee50cd9ad7e847a0a51731":"3726c1aaf85ee8099a7ebd3268700e07d4b3f292c65bba34":"13501aebda19a9bf1b5ffaa42a":"ead4c45ff9db54f9902a6de181"
 
-CCM decrypt, overflow auth NIST VADT AES-192 #14 (P=24, N=13, A=13, T=16)
+CCM decrypt, overflow ad NIST VADT AES-192 #14 (P=24, N=13, A=13, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_overflow_auth:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_DECRYPT:"b5f43f3ae38a6165f0f990abe9ee50cd9ad7e847a0a51731":"13501aebda19a9bf1b5ffaa42a":"ead4c45ff9db54f9902a6de181"
+mbedtls_ccm_overflow_ad:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_DECRYPT:"b5f43f3ae38a6165f0f990abe9ee50cd9ad7e847a0a51731":"13501aebda19a9bf1b5ffaa42a":"ead4c45ff9db54f9902a6de181"
 
-CCM decrypt, overflow cipher NIST VADT AES-192 #14 (P=24, N=13, A=13, T=16)
+CCM decrypt, overflow update NIST VADT AES-192 #14 (P=24, N=13, A=13, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_overflow_cipher:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_DECRYPT:"b5f43f3ae38a6165f0f990abe9ee50cd9ad7e847a0a51731":"3726c1aaf85ee8099a7ebd3268700e07d4b3f292c65bba34":"13501aebda19a9bf1b5ffaa42a":"ead4c45ff9db54f9902a6de181"
+mbedtls_ccm_overflow_update:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_DECRYPT:"b5f43f3ae38a6165f0f990abe9ee50cd9ad7e847a0a51731":"3726c1aaf85ee8099a7ebd3268700e07d4b3f292c65bba34":"13501aebda19a9bf1b5ffaa42a":"ead4c45ff9db54f9902a6de181"
 
-CCM* encrypt, overflow auth NIST VADT AES-192 #14 (P=24, N=13, A=13, T=16)
+CCM* encrypt, overflow ad NIST VADT AES-192 #14 (P=24, N=13, A=13, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_overflow_auth:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_ENCRYPT:"b5f43f3ae38a6165f0f990abe9ee50cd9ad7e847a0a51731":"13501aebda19a9bf1b5ffaa42a":"ead4c45ff9db54f9902a6de181"
+mbedtls_ccm_overflow_ad:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_ENCRYPT:"b5f43f3ae38a6165f0f990abe9ee50cd9ad7e847a0a51731":"13501aebda19a9bf1b5ffaa42a":"ead4c45ff9db54f9902a6de181"
 
-CCM* encrypt, overflow cipher NIST VADT AES-192 #14 (P=24, N=13, A=13, T=16)
+CCM* encrypt, overflow update NIST VADT AES-192 #14 (P=24, N=13, A=13, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_overflow_cipher:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_ENCRYPT:"b5f43f3ae38a6165f0f990abe9ee50cd9ad7e847a0a51731":"3726c1aaf85ee8099a7ebd3268700e07d4b3f292c65bba34":"13501aebda19a9bf1b5ffaa42a":"ead4c45ff9db54f9902a6de181"
+mbedtls_ccm_overflow_update:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_ENCRYPT:"b5f43f3ae38a6165f0f990abe9ee50cd9ad7e847a0a51731":"3726c1aaf85ee8099a7ebd3268700e07d4b3f292c65bba34":"13501aebda19a9bf1b5ffaa42a":"ead4c45ff9db54f9902a6de181"
 
-CCM* decrypt, overflow auth NIST VADT AES-192 #14 (P=24, N=13, A=13, T=16)
+CCM* decrypt, overflow ad NIST VADT AES-192 #14 (P=24, N=13, A=13, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_overflow_auth:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_DECRYPT:"b5f43f3ae38a6165f0f990abe9ee50cd9ad7e847a0a51731":"13501aebda19a9bf1b5ffaa42a":"ead4c45ff9db54f9902a6de181"
+mbedtls_ccm_overflow_ad:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_DECRYPT:"b5f43f3ae38a6165f0f990abe9ee50cd9ad7e847a0a51731":"13501aebda19a9bf1b5ffaa42a":"ead4c45ff9db54f9902a6de181"
 
-CCM* decrypt, overflow cipher NIST VADT AES-192 #14 (P=24, N=13, A=13, T=16)
+CCM* decrypt, overflow update NIST VADT AES-192 #14 (P=24, N=13, A=13, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_overflow_cipher:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_DECRYPT:"b5f43f3ae38a6165f0f990abe9ee50cd9ad7e847a0a51731":"3726c1aaf85ee8099a7ebd3268700e07d4b3f292c65bba34":"13501aebda19a9bf1b5ffaa42a":"ead4c45ff9db54f9902a6de181"
+mbedtls_ccm_overflow_update:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_DECRYPT:"b5f43f3ae38a6165f0f990abe9ee50cd9ad7e847a0a51731":"3726c1aaf85ee8099a7ebd3268700e07d4b3f292c65bba34":"13501aebda19a9bf1b5ffaa42a":"ead4c45ff9db54f9902a6de181"
diff --git a/tests/suites/test_suite_ccm.function b/tests/suites/test_suite_ccm.function
index 39e0b0b532..028ab896e7 100644
--- a/tests/suites/test_suite_ccm.function
+++ b/tests/suites/test_suite_ccm.function
@@ -456,7 +456,7 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_ccm_skip_auth( int cipher_id, int mode,
+void mbedtls_ccm_skip_ad( int cipher_id, int mode,
                             data_t * key, data_t * msg, data_t * iv,
                             data_t * result, data_t * tag )
 {
@@ -493,7 +493,7 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_ccm_skip_cipher( int cipher_id, int mode,
+void mbedtls_ccm_skip_update( int cipher_id, int mode,
                               data_t * key, data_t * iv, data_t* add,
                               data_t * tag )
 {
@@ -520,7 +520,7 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_ccm_overflow_auth( int cipher_id, int mode,
+void mbedtls_ccm_overflow_ad( int cipher_id, int mode,
                                  data_t * key, data_t * iv,
                                  data_t * add )
 {
@@ -540,7 +540,7 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_ccm_overflow_cipher( int cipher_id, int mode,
+void mbedtls_ccm_overflow_update( int cipher_id, int mode,
                                   data_t * key, data_t * msg, data_t * iv,
                                   data_t * add )
 {

From f442de69ebb3aa5db2d642382a0b7b9604937ef3 Mon Sep 17 00:00:00 2001
From: Mateusz Starzyk <mateusz.starzyk@mobica.com>
Date: Tue, 10 Aug 2021 13:36:43 +0200
Subject: [PATCH 254/966] Add tests for CCM corner cases.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
---
 tests/suites/test_suite_ccm.data     |  64 ++++++++++++++++
 tests/suites/test_suite_ccm.function | 108 +++++++++++++++++++++++++++
 2 files changed, 172 insertions(+)

diff --git a/tests/suites/test_suite_ccm.data b/tests/suites/test_suite_ccm.data
index ff92e5fd78..5d23e6a74c 100644
--- a/tests/suites/test_suite_ccm.data
+++ b/tests/suites/test_suite_ccm.data
@@ -1554,30 +1554,94 @@ CCM encrypt, overflow ad NIST VADT AES-192 #14 (P=24, N=13, A=13, T=16)
 depends_on:MBEDTLS_AES_C
 mbedtls_ccm_overflow_ad:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_ENCRYPT:"b5f43f3ae38a6165f0f990abe9ee50cd9ad7e847a0a51731":"13501aebda19a9bf1b5ffaa42a":"ead4c45ff9db54f9902a6de181"
 
+CCM encrypt, incomplete ad NIST VADT AES-192 #14 (P=24, N=13, A=13, T=16)
+depends_on:MBEDTLS_AES_C
+mbedtls_ccm_incomplete_ad:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_ENCRYPT:"b5f43f3ae38a6165f0f990abe9ee50cd9ad7e847a0a51731":"13501aebda19a9bf1b5ffaa42a":"ead4c45ff9db54f9902a6de181"
+
+CCM encrypt, full ad and overflow NIST VADT AES-192 #14 (P=24, N=13, A=13, T=16)
+depends_on:MBEDTLS_AES_C
+mbedtls_ccm_full_ad_and_overflow:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_ENCRYPT:"b5f43f3ae38a6165f0f990abe9ee50cd9ad7e847a0a51731":"13501aebda19a9bf1b5ffaa42a":"ead4c45ff9db54f9902a6de181"
+
 CCM encrypt, overflow update NIST VADT AES-192 #14 (P=24, N=13, A=13, T=16)
 depends_on:MBEDTLS_AES_C
 mbedtls_ccm_overflow_update:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_ENCRYPT:"b5f43f3ae38a6165f0f990abe9ee50cd9ad7e847a0a51731":"3726c1aaf85ee8099a7ebd3268700e07d4b3f292c65bba34":"13501aebda19a9bf1b5ffaa42a":"ead4c45ff9db54f9902a6de181"
 
+CCM encrypt, incomplete update NIST VADT AES-192 #14 (P=24, N=13, A=13, T=16)
+depends_on:MBEDTLS_AES_C
+mbedtls_ccm_incomplete_update:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_ENCRYPT:"b5f43f3ae38a6165f0f990abe9ee50cd9ad7e847a0a51731":"3726c1aaf85ee8099a7ebd3268700e07d4b3f292c65bba34":"13501aebda19a9bf1b5ffaa42a":"ead4c45ff9db54f9902a6de181"
+
+CCM encrypt, full update and overflow NIST VADT AES-192 #14 (P=24, N=13, A=13, T=16)
+depends_on:MBEDTLS_AES_C
+mbedtls_ccm_full_update_and_overflow:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_ENCRYPT:"b5f43f3ae38a6165f0f990abe9ee50cd9ad7e847a0a51731":"3726c1aaf85ee8099a7ebd3268700e07d4b3f292c65bba34":"13501aebda19a9bf1b5ffaa42a":"ead4c45ff9db54f9902a6de181"
+
 CCM decrypt, overflow ad NIST VADT AES-192 #14 (P=24, N=13, A=13, T=16)
 depends_on:MBEDTLS_AES_C
 mbedtls_ccm_overflow_ad:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_DECRYPT:"b5f43f3ae38a6165f0f990abe9ee50cd9ad7e847a0a51731":"13501aebda19a9bf1b5ffaa42a":"ead4c45ff9db54f9902a6de181"
 
+CCM decrypt, incomplete ad NIST VADT AES-192 #14 (P=24, N=13, A=13, T=16)
+depends_on:MBEDTLS_AES_C
+mbedtls_ccm_incomplete_ad:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_DECRYPT:"b5f43f3ae38a6165f0f990abe9ee50cd9ad7e847a0a51731":"13501aebda19a9bf1b5ffaa42a":"ead4c45ff9db54f9902a6de181"
+
+CCM decrypt, full ad and overflow NIST VADT AES-192 #14 (P=24, N=13, A=13, T=16)
+depends_on:MBEDTLS_AES_C
+mbedtls_ccm_full_ad_and_overflow:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_DECRYPT:"b5f43f3ae38a6165f0f990abe9ee50cd9ad7e847a0a51731":"13501aebda19a9bf1b5ffaa42a":"ead4c45ff9db54f9902a6de181"
+
 CCM decrypt, overflow update NIST VADT AES-192 #14 (P=24, N=13, A=13, T=16)
 depends_on:MBEDTLS_AES_C
 mbedtls_ccm_overflow_update:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_DECRYPT:"b5f43f3ae38a6165f0f990abe9ee50cd9ad7e847a0a51731":"3726c1aaf85ee8099a7ebd3268700e07d4b3f292c65bba34":"13501aebda19a9bf1b5ffaa42a":"ead4c45ff9db54f9902a6de181"
 
+CCM decrypt, incomplete update NIST VADT AES-192 #14 (P=24, N=13, A=13, T=16)
+depends_on:MBEDTLS_AES_C
+mbedtls_ccm_incomplete_update:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_DECRYPT:"b5f43f3ae38a6165f0f990abe9ee50cd9ad7e847a0a51731":"3726c1aaf85ee8099a7ebd3268700e07d4b3f292c65bba34":"13501aebda19a9bf1b5ffaa42a":"ead4c45ff9db54f9902a6de181"
+
+CCM decrypt, full update and overflow NIST VADT AES-192 #14 (P=24, N=13, A=13, T=16)
+depends_on:MBEDTLS_AES_C
+mbedtls_ccm_full_update_and_overflow:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_DECRYPT:"b5f43f3ae38a6165f0f990abe9ee50cd9ad7e847a0a51731":"3726c1aaf85ee8099a7ebd3268700e07d4b3f292c65bba34":"13501aebda19a9bf1b5ffaa42a":"ead4c45ff9db54f9902a6de181"
+
 CCM* encrypt, overflow ad NIST VADT AES-192 #14 (P=24, N=13, A=13, T=16)
 depends_on:MBEDTLS_AES_C
 mbedtls_ccm_overflow_ad:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_ENCRYPT:"b5f43f3ae38a6165f0f990abe9ee50cd9ad7e847a0a51731":"13501aebda19a9bf1b5ffaa42a":"ead4c45ff9db54f9902a6de181"
 
+CCM* encrypt, incomplete ad NIST VADT AES-192 #14 (P=24, N=13, A=13, T=16)
+depends_on:MBEDTLS_AES_C
+mbedtls_ccm_incomplete_ad:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_ENCRYPT:"b5f43f3ae38a6165f0f990abe9ee50cd9ad7e847a0a51731":"13501aebda19a9bf1b5ffaa42a":"ead4c45ff9db54f9902a6de181"
+
+CCM* encrypt, full ad and overflow NIST VADT AES-192 #14 (P=24, N=13, A=13, T=16)
+depends_on:MBEDTLS_AES_C
+mbedtls_ccm_full_ad_and_overflow:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_ENCRYPT:"b5f43f3ae38a6165f0f990abe9ee50cd9ad7e847a0a51731":"13501aebda19a9bf1b5ffaa42a":"ead4c45ff9db54f9902a6de181"
+
 CCM* encrypt, overflow update NIST VADT AES-192 #14 (P=24, N=13, A=13, T=16)
 depends_on:MBEDTLS_AES_C
 mbedtls_ccm_overflow_update:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_ENCRYPT:"b5f43f3ae38a6165f0f990abe9ee50cd9ad7e847a0a51731":"3726c1aaf85ee8099a7ebd3268700e07d4b3f292c65bba34":"13501aebda19a9bf1b5ffaa42a":"ead4c45ff9db54f9902a6de181"
 
+CCM* encrypt, incomplete update NIST VADT AES-192 #14 (P=24, N=13, A=13, T=16)
+depends_on:MBEDTLS_AES_C
+mbedtls_ccm_incomplete_update:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_ENCRYPT:"b5f43f3ae38a6165f0f990abe9ee50cd9ad7e847a0a51731":"3726c1aaf85ee8099a7ebd3268700e07d4b3f292c65bba34":"13501aebda19a9bf1b5ffaa42a":"ead4c45ff9db54f9902a6de181"
+
+CCM* encrypt, full update and overflow NIST VADT AES-192 #14 (P=24, N=13, A=13, T=16)
+depends_on:MBEDTLS_AES_C
+mbedtls_ccm_full_update_and_overflow:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_ENCRYPT:"b5f43f3ae38a6165f0f990abe9ee50cd9ad7e847a0a51731":"3726c1aaf85ee8099a7ebd3268700e07d4b3f292c65bba34":"13501aebda19a9bf1b5ffaa42a":"ead4c45ff9db54f9902a6de181"
+
 CCM* decrypt, overflow ad NIST VADT AES-192 #14 (P=24, N=13, A=13, T=16)
 depends_on:MBEDTLS_AES_C
 mbedtls_ccm_overflow_ad:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_DECRYPT:"b5f43f3ae38a6165f0f990abe9ee50cd9ad7e847a0a51731":"13501aebda19a9bf1b5ffaa42a":"ead4c45ff9db54f9902a6de181"
 
+CCM* decrypt, incomplete ad NIST VADT AES-192 #14 (P=24, N=13, A=13, T=16)
+depends_on:MBEDTLS_AES_C
+mbedtls_ccm_incomplete_ad:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_DECRYPT:"b5f43f3ae38a6165f0f990abe9ee50cd9ad7e847a0a51731":"13501aebda19a9bf1b5ffaa42a":"ead4c45ff9db54f9902a6de181"
+
+CCM* decrypt, full ad and overflow NIST VADT AES-192 #14 (P=24, N=13, A=13, T=16)
+depends_on:MBEDTLS_AES_C
+mbedtls_ccm_full_ad_and_overflow:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_DECRYPT:"b5f43f3ae38a6165f0f990abe9ee50cd9ad7e847a0a51731":"13501aebda19a9bf1b5ffaa42a":"ead4c45ff9db54f9902a6de181"
+
 CCM* decrypt, overflow update NIST VADT AES-192 #14 (P=24, N=13, A=13, T=16)
 depends_on:MBEDTLS_AES_C
 mbedtls_ccm_overflow_update:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_DECRYPT:"b5f43f3ae38a6165f0f990abe9ee50cd9ad7e847a0a51731":"3726c1aaf85ee8099a7ebd3268700e07d4b3f292c65bba34":"13501aebda19a9bf1b5ffaa42a":"ead4c45ff9db54f9902a6de181"
+
+CCM* decrypt, incomplete update NIST VADT AES-192 #14 (P=24, N=13, A=13, T=16)
+depends_on:MBEDTLS_AES_C
+mbedtls_ccm_incomplete_update:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_DECRYPT:"b5f43f3ae38a6165f0f990abe9ee50cd9ad7e847a0a51731":"3726c1aaf85ee8099a7ebd3268700e07d4b3f292c65bba34":"13501aebda19a9bf1b5ffaa42a":"ead4c45ff9db54f9902a6de181"
+
+CCM* decrypt, full update and overflow NIST VADT AES-192 #14 (P=24, N=13, A=13, T=16)
+depends_on:MBEDTLS_AES_C
+mbedtls_ccm_full_update_and_overflow:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_DECRYPT:"b5f43f3ae38a6165f0f990abe9ee50cd9ad7e847a0a51731":"3726c1aaf85ee8099a7ebd3268700e07d4b3f292c65bba34":"13501aebda19a9bf1b5ffaa42a":"ead4c45ff9db54f9902a6de181"
diff --git a/tests/suites/test_suite_ccm.function b/tests/suites/test_suite_ccm.function
index 028ab896e7..74893bb294 100644
--- a/tests/suites/test_suite_ccm.function
+++ b/tests/suites/test_suite_ccm.function
@@ -539,6 +539,53 @@ exit:
 }
 /* END_CASE */
 
+/* BEGIN_CASE */
+void mbedtls_ccm_incomplete_ad( int cipher_id, int mode,
+                                data_t * key, data_t * iv, data_t* add )
+{
+    mbedtls_ccm_context ctx;
+    uint8_t *output = NULL;
+
+    mbedtls_ccm_init( &ctx );
+    TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 );
+    TEST_EQUAL( 0, mbedtls_ccm_starts( &ctx, mode, iv->x, iv->len ) );
+    // use hardcoded values for msg length and tag length. They are not a part of this test
+    TEST_EQUAL( 0, mbedtls_ccm_set_lengths( &ctx, add->len, 0, 16 ) );
+
+    TEST_EQUAL( 0, mbedtls_ccm_update_ad( &ctx, add->x, add->len/2) );
+
+    ASSERT_ALLOC( output, 16 );
+    TEST_EQUAL( MBEDTLS_ERR_CCM_BAD_SEQUENCE, mbedtls_ccm_finish( &ctx, output, 16 ) );
+
+exit:
+    mbedtls_free( output );
+    mbedtls_ccm_free( &ctx );
+}
+/* END_CASE */
+
+
+/* BEGIN_CASE */
+void mbedtls_ccm_full_ad_and_overflow( int cipher_id, int mode,
+                                       data_t * key, data_t * iv,
+                                       data_t * add )
+{
+    mbedtls_ccm_context ctx;
+
+    mbedtls_ccm_init( &ctx );
+    TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 );
+    TEST_EQUAL( 0, mbedtls_ccm_starts( &ctx, mode, iv->x, iv->len ) );
+    // use hardcoded values for msg length and tag length. They are not a part of this test
+    TEST_EQUAL( 0, mbedtls_ccm_set_lengths( &ctx, add->len, 16, 16 ) );
+
+    // pass full auth data
+    TEST_EQUAL( 0, mbedtls_ccm_update_ad( &ctx, add->x, add->len) );
+    // pass 1 extra byte
+    TEST_EQUAL( MBEDTLS_ERR_CCM_BAD_SEQUENCE, mbedtls_ccm_update_ad( &ctx, add->x, 1) );
+exit:
+    mbedtls_ccm_free( &ctx );
+}
+/* END_CASE */
+
 /* BEGIN_CASE */
 void mbedtls_ccm_overflow_update( int cipher_id, int mode,
                                   data_t * key, data_t * msg, data_t * iv,
@@ -565,3 +612,64 @@ exit:
     mbedtls_ccm_free( &ctx );
 }
 /* END_CASE */
+
+/* BEGIN_CASE */
+void mbedtls_ccm_incomplete_update( int cipher_id, int mode,
+                                    data_t * key, data_t * msg, data_t * iv,
+                                    data_t * add )
+{
+    mbedtls_ccm_context ctx;
+    uint8_t *output = NULL;
+    size_t olen;
+
+    mbedtls_ccm_init( &ctx );
+    TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 );
+    TEST_EQUAL( 0, mbedtls_ccm_starts( &ctx, mode, iv->x, iv->len ) );
+    // use hardcoded value for tag length. It is not a part of this test
+    TEST_EQUAL( 0, mbedtls_ccm_set_lengths( &ctx, add->len, msg->len, 16 ) );
+
+    TEST_EQUAL( 0, mbedtls_ccm_update_ad( &ctx, add->x, add->len) );
+
+    ASSERT_ALLOC( output, msg->len );
+    olen = 0xdeadbeef;
+    TEST_EQUAL( 0, mbedtls_ccm_update( &ctx, msg->x, msg->len/2, output, msg->len, &olen ) );
+    mbedtls_free( output );
+    output = NULL;
+
+    ASSERT_ALLOC( output, 16 );
+    TEST_EQUAL( MBEDTLS_ERR_CCM_BAD_SEQUENCE, mbedtls_ccm_finish( &ctx, output, 16 ) );
+
+exit:
+    mbedtls_free( output );
+    mbedtls_ccm_free( &ctx );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void mbedtls_ccm_full_update_and_overflow( int cipher_id, int mode,
+                                           data_t * key, data_t * msg, data_t * iv,
+                                           data_t * add )
+{
+    mbedtls_ccm_context ctx;
+    uint8_t *output = NULL;
+    size_t olen;
+
+    mbedtls_ccm_init( &ctx );
+    TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 );
+    TEST_EQUAL( 0, mbedtls_ccm_starts( &ctx, mode, iv->x, iv->len ) );
+    // use hardcoded value for tag length. It is a not a part of this test
+    TEST_EQUAL( 0, mbedtls_ccm_set_lengths( &ctx, add->len, msg->len, 16 ) );
+
+    TEST_EQUAL( 0, mbedtls_ccm_update_ad( &ctx, add->x, add->len) );
+
+    ASSERT_ALLOC( output, msg->len );
+    // pass full text
+    TEST_EQUAL( 0, mbedtls_ccm_update( &ctx, msg->x, msg->len, output, msg->len, &olen ) );
+    // pass 1 extra byte
+    TEST_EQUAL( MBEDTLS_ERR_CCM_BAD_INPUT, \
+                mbedtls_ccm_update( &ctx, msg->x, 1, output, 1, &olen ) );
+exit:
+    mbedtls_free( output );
+    mbedtls_ccm_free( &ctx );
+}
+/* END_CASE */

From 8fb1754e1ab4408fad3496abe52fdc61fb0d0e81 Mon Sep 17 00:00:00 2001
From: Mateusz Starzyk <mateusz.starzyk@mobica.com>
Date: Tue, 10 Aug 2021 13:45:19 +0200
Subject: [PATCH 255/966] Add short description for CCM test functions.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
---
 tests/suites/test_suite_ccm.function | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/tests/suites/test_suite_ccm.function b/tests/suites/test_suite_ccm.function
index 74893bb294..d9c397c68e 100644
--- a/tests/suites/test_suite_ccm.function
+++ b/tests/suites/test_suite_ccm.function
@@ -455,6 +455,7 @@ exit:
 }
 /* END_CASE */
 
+/* Skip auth data, provide full text */
 /* BEGIN_CASE */
 void mbedtls_ccm_skip_ad( int cipher_id, int mode,
                             data_t * key, data_t * msg, data_t * iv,
@@ -492,6 +493,7 @@ exit:
 }
 /* END_CASE */
 
+/* Provide auth data, skip full text */
 /* BEGIN_CASE */
 void mbedtls_ccm_skip_update( int cipher_id, int mode,
                               data_t * key, data_t * iv, data_t* add,
@@ -519,6 +521,7 @@ exit:
 }
 /* END_CASE */
 
+/* Provide too much auth data */
 /* BEGIN_CASE */
 void mbedtls_ccm_overflow_ad( int cipher_id, int mode,
                                  data_t * key, data_t * iv,
@@ -539,6 +542,7 @@ exit:
 }
 /* END_CASE */
 
+/* Provide incomplete auth data and finish */
 /* BEGIN_CASE */
 void mbedtls_ccm_incomplete_ad( int cipher_id, int mode,
                                 data_t * key, data_t * iv, data_t* add )
@@ -563,7 +567,8 @@ exit:
 }
 /* END_CASE */
 
-
+/* Provide complete auth data on first update_ad.
+ * Provide unexpected auth data on second update_ad */
 /* BEGIN_CASE */
 void mbedtls_ccm_full_ad_and_overflow( int cipher_id, int mode,
                                        data_t * key, data_t * iv,
@@ -586,6 +591,7 @@ exit:
 }
 /* END_CASE */
 
+/* Provide too much plaintext/ciphertext */
 /* BEGIN_CASE */
 void mbedtls_ccm_overflow_update( int cipher_id, int mode,
                                   data_t * key, data_t * msg, data_t * iv,
@@ -613,6 +619,7 @@ exit:
 }
 /* END_CASE */
 
+/* Provide incomplete plaintext/ciphertext and finish */
 /* BEGIN_CASE */
 void mbedtls_ccm_incomplete_update( int cipher_id, int mode,
                                     data_t * key, data_t * msg, data_t * iv,
@@ -645,6 +652,8 @@ exit:
 }
 /* END_CASE */
 
+/* Provide full plaintext/ciphertext of first update
+ * Provide unexpected plaintext/ciphertext on second update */
 /* BEGIN_CASE */
 void mbedtls_ccm_full_update_and_overflow( int cipher_id, int mode,
                                            data_t * key, data_t * msg, data_t * iv,

From 551265f8798eb843ee61063b34d42add44dd9bb7 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 10 Aug 2021 13:03:48 +0100
Subject: [PATCH 256/966] Add TLS 1.3 IANA signature-algorithm values

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
---
 include/mbedtls/ssl.h | 35 +++++++++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 221cee3379..3090f9313c 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -337,6 +337,41 @@
 #define MBEDTLS_SSL_SIG_RSA                  1
 #define MBEDTLS_SSL_SIG_ECDSA                3
 
+/*
+ * TLS 1.3 signature algorithms
+ * RFC 8446, Section 4.2.2
+ */
+
+/* RSASSA-PKCS1-v1_5 algorithms */
+#define MBEDTLS_TLS13_SIG_RSA_PKCS1_SHA256 0x0401
+#define MBEDTLS_TLS13_SIG_RSA_PKCS1_SHA384 0x0501
+#define MBEDTLS_TLS13_SIG_RSA_PKCS1_SHA512 0x0601
+
+/* ECDSA algorithms */
+#define MBEDTLS_TLS13_SIG_ECDSA_SECP256R1_SHA256 0x0403
+#define MBEDTLS_TLS13_SIG_ECDSA_SECP384R1_SHA384 0x0503
+#define MBEDTLS_TLS13_SIG_ECDSA_SECP521R1_SHA512 0x0603
+
+/* RSASSA-PSS algorithms with public key OID rsaEncryption */
+#define MBEDTLS_TLS13_SIG_RSA_PSS_RSAE_SHA256 0x0804
+#define MBEDTLS_TLS13_SIG_RSA_PSS_RSAE_SHA384 0x0805
+#define MBEDTLS_TLS13_SIG_RSA_PSS_RSAE_SHA512 0x0806
+
+/* EdDSA algorithms */
+#define MBEDTLS_TLS13_SIG_ED25519 0x0807
+#define MBEDTLS_TLS13_SIG_ED448 0x0808
+
+/* RSASSA-PSS algorithms with public key OID RSASSA-PSS  */
+#define MBEDTLS_TLS13_SIG_RSA_PSS_PSS_SHA256 0x0809
+#define MBEDTLS_TLS13_SIG_RSA_PSS_PSS_SHA384 0x080A
+#define MBEDTLS_TLS13_SIG_RSA_PSS_PSS_SHA512 0x080B
+
+/* LEGACY ALGORITHMS */
+#define MBEDTLS_TLS13_SIG_RSA_PKCS1_SHA1 0x0201
+#define MBEDTLS_TLS13_SIG_ECDSA_SHA1     0x0203
+
+#define MBEDTLS_TLS13_SIG_NONE 0x0
+
 /*
  * Client Certificate Types
  * RFC 5246 section 7.4.4 plus RFC 4492 section 5.5

From e0f5227550f7798aeff2ce2933d184aaa10fad89 Mon Sep 17 00:00:00 2001
From: Mateusz Starzyk <mateusz.starzyk@mobica.com>
Date: Tue, 10 Aug 2021 13:55:47 +0200
Subject: [PATCH 257/966] Add CCM test for calling finish without any input.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
---
 tests/suites/test_suite_ccm.data     | 12 ++++++++++++
 tests/suites/test_suite_ccm.function | 24 ++++++++++++++++++++++++
 2 files changed, 36 insertions(+)

diff --git a/tests/suites/test_suite_ccm.data b/tests/suites/test_suite_ccm.data
index 5d23e6a74c..91aa98bd43 100644
--- a/tests/suites/test_suite_ccm.data
+++ b/tests/suites/test_suite_ccm.data
@@ -1645,3 +1645,15 @@ mbedtls_ccm_incomplete_update:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_DECRYPT:"b5
 CCM* decrypt, full update and overflow NIST VADT AES-192 #14 (P=24, N=13, A=13, T=16)
 depends_on:MBEDTLS_AES_C
 mbedtls_ccm_full_update_and_overflow:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_DECRYPT:"b5f43f3ae38a6165f0f990abe9ee50cd9ad7e847a0a51731":"3726c1aaf85ee8099a7ebd3268700e07d4b3f292c65bba34":"13501aebda19a9bf1b5ffaa42a":"ead4c45ff9db54f9902a6de181"
+
+CCM encrypt, instant finish NIST VADT AES-192 #14 (P=24, N=13, A=13, T=16)
+mbedtls_ccm_instant_finish:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_ENCRYPT:"b5f43f3ae38a6165f0f990abe9ee50cd9ad7e847a0a51731":"13501aebda19a9bf1b5ffaa42a"
+
+CCM decrypt, instant finish NIST VADT AES-192 #14 (P=24, N=13, A=13, T=16)
+mbedtls_ccm_instant_finish:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_DECRYPT:"b5f43f3ae38a6165f0f990abe9ee50cd9ad7e847a0a51731":"13501aebda19a9bf1b5ffaa42a"
+
+CCM* encrypt, instant finish NIST VADT AES-192 #14 (P=24, N=13, A=13, T=16)
+mbedtls_ccm_instant_finish:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_ENCRYPT:"b5f43f3ae38a6165f0f990abe9ee50cd9ad7e847a0a51731":"13501aebda19a9bf1b5ffaa42a"
+
+CCM* decrypt, instant finish NIST VADT AES-192 #14 (P=24, N=13, A=13, T=16)
+mbedtls_ccm_instant_finish:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_DECRYPT:"b5f43f3ae38a6165f0f990abe9ee50cd9ad7e847a0a51731":"13501aebda19a9bf1b5ffaa42a"
diff --git a/tests/suites/test_suite_ccm.function b/tests/suites/test_suite_ccm.function
index d9c397c68e..48c4fe919d 100644
--- a/tests/suites/test_suite_ccm.function
+++ b/tests/suites/test_suite_ccm.function
@@ -682,3 +682,27 @@ exit:
     mbedtls_ccm_free( &ctx );
 }
 /* END_CASE */
+
+/* Finish without passing any auth data or plaintext/ciphertext input */
+/* BEGIN_CASE */
+void mbedtls_ccm_instant_finish( int cipher_id, int mode,
+                                 data_t * key, data_t * iv )
+{
+    mbedtls_ccm_context ctx;
+    uint8_t *output = NULL;
+
+    mbedtls_ccm_init( &ctx );
+    TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 );
+    TEST_EQUAL( 0, mbedtls_ccm_starts( &ctx, mode, iv->x, iv->len ) );
+    // use hardcoded values for add length, msg length and tag length.
+    // They are not a part of this test
+    TEST_EQUAL( 0, mbedtls_ccm_set_lengths( &ctx, 16, 16, 16 ) );
+
+    ASSERT_ALLOC( output, 16 );
+    TEST_EQUAL( MBEDTLS_ERR_CCM_BAD_SEQUENCE, mbedtls_ccm_finish( &ctx, output, 16 ) );
+
+exit:
+    mbedtls_free( output );
+    mbedtls_ccm_free( &ctx );
+}
+/* END_CASE */

From 1cd6e0021f14d9f1b5015c8851781a0e07ffabec Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 10 Aug 2021 13:27:10 +0100
Subject: [PATCH 258/966] Add experimental API for configuration of TLS 1.3 sig
 algs

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
---
 include/mbedtls/ssl.h | 17 +++++++++++++++++
 library/ssl_tls.c     | 16 ++++++++++++++++
 2 files changed, 33 insertions(+)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 3090f9313c..c62f730b3e 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1182,6 +1182,10 @@ struct mbedtls_ssl_config
 
 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
     const int *MBEDTLS_PRIVATE(sig_hashes);          /*!< allowed signature hashes           */
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+    const uint16_t* MBEDTLS_PRIVATE(tls13_sig_algs); /*!< allowed signature algorithms in TLS 1.3 */
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
 #endif
 
 #if defined(MBEDTLS_ECP_C)
@@ -3026,6 +3030,19 @@ void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf,
  */
 void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf,
                                   const int *hashes );
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+/**
+ * \brief          Configure allowed signature algorithms for use in TLS 1.3
+ *
+ * \param conf     The SSL configuration to use.
+ * \param sig_algs A 0-terminated list of IANA values for TLS 1.3 signature algorithms,
+ *                 with the most preferred algorithm listed first. Supported values
+ *                 are available as \c MBEDTLS_TLS13_SIG_XXX.
+ */
+void mbedtls_ssl_conf_sig_algs( mbedtls_ssl_config *conf,
+                                const uint16_t* sig_algs );
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
 #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
 
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 923c671a7b..e2fb9b66fb 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -3933,6 +3933,22 @@ void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf,
 {
     conf->sig_hashes = hashes;
 }
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+/**
+ * \brief          Configure allowed signature algorithms for use in TLS 1.3
+ *
+ * \param conf     The SSL configuration to use.
+ * \param sig_algs A 0-terminated list of IANA values for TLS 1.3 signature algorithms,
+ *                 with the most preferred algorithm listed first. Supported values
+ *                 are available as \c MBEDTLS_TLS13_SIG_XXX.
+ */
+void mbedtls_ssl_conf_sig_algs( mbedtls_ssl_config *conf,
+                                const uint16_t* sig_algs )
+{
+    conf->tls13_sig_algs = sig_algs;
+}
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
 #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
 
 #if defined(MBEDTLS_ECP_C)

From 11ceadd382b1edb83031b4fcb10af3fcd11997fd Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 10 Aug 2021 13:36:41 +0100
Subject: [PATCH 259/966] Add cmdline param for TLS 1.3 sig alg config to
 ssl_{client,server}2

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
---
 programs/ssl/ssl_client2.c | 90 ++++++++++++++++++++++++++++++++++++--
 programs/ssl/ssl_server2.c | 89 ++++++++++++++++++++++++++++++++++++-
 2 files changed, 174 insertions(+), 5 deletions(-)

diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 86c314c35d..17b1ccf939 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -88,6 +88,7 @@ int main( void )
 #define DFL_TICKETS             MBEDTLS_SSL_SESSION_TICKETS_ENABLED
 #define DFL_ALPN_STRING         NULL
 #define DFL_CURVES              NULL
+#define DFL_SIG_ALGS            NULL
 #define DFL_TRANSPORT           MBEDTLS_SSL_TRANSPORT_STREAM
 #define DFL_HS_TO_MIN           0
 #define DFL_HS_TO_MAX           0
@@ -269,6 +270,15 @@ int main( void )
 #define USAGE_CURVES ""
 #endif
 
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) && \
+    defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#define USAGE_SIG_ALGS \
+    "    sig_algs=a,b,c,d      default: \"default\" (library default)\n"  \
+    "                          example: \"ecdsa_secp256r1_sha256,ecdsa_secp384r1_sha384\"\n"
+#else
+#define USAGE_SIG_ALGS ""
+#endif
+
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
 #define USAGE_DTLS \
     "    dtls=%%d             default: 0 (TLS)\n"                           \
@@ -393,6 +403,7 @@ int main( void )
     USAGE_ETM                                               \
     USAGE_REPRODUCIBLE                                      \
     USAGE_CURVES                                            \
+    USAGE_SIG_ALGS                                         \
     USAGE_DHMLEN                                            \
     "\n"
 
@@ -417,9 +428,9 @@ int main( void )
     USAGE_SERIALIZATION                                     \
     " acceptable ciphersuite names:\n"
 
-#define ALPN_LIST_SIZE  10
-#define CURVE_LIST_SIZE 20
-
+#define ALPN_LIST_SIZE    10
+#define CURVE_LIST_SIZE   20
+#define SIG_ALG_LIST_SIZE  5
 
 /*
  * global options
@@ -472,6 +483,7 @@ struct options
     int reconnect_hard;         /* unexpectedly reconnect from the same port */
     int tickets;                /* enable / disable session tickets         */
     const char *curves;         /* list of supported elliptic curves        */
+    const char *sig_algs;       /* supported TLS 1.3 signature algorithms   */
     const char *alpn_string;    /* ALPN supported protocols                 */
     int transport;              /* TLS or DTLS?                             */
     uint32_t hs_to_min;         /* Initial value of DTLS handshake timer    */
@@ -631,6 +643,12 @@ int main( int argc, char *argv[] )
     mbedtls_net_context server_fd;
     io_ctx_t io_ctx;
 
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) && \
+    defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+    uint16_t sig_alg_list[SIG_ALG_LIST_SIZE];
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL &&
+          MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+
     unsigned char buf[MAX_REQUEST_SIZE + 1];
 
 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
@@ -833,6 +851,7 @@ int main( int argc, char *argv[] )
     opt.tickets             = DFL_TICKETS;
     opt.alpn_string         = DFL_ALPN_STRING;
     opt.curves              = DFL_CURVES;
+    opt.sig_algs            = DFL_SIG_ALGS;
     opt.transport           = DFL_TRANSPORT;
     opt.hs_to_min           = DFL_HS_TO_MIN;
     opt.hs_to_max           = DFL_HS_TO_MAX;
@@ -1063,6 +1082,12 @@ int main( int argc, char *argv[] )
         }
         else if( strcmp( p, "curves" ) == 0 )
             opt.curves = q;
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) && \
+    defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+        else if( strcmp( p, "sig_algs" ) == 0 )
+            opt.sig_algs = q;
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL &&
+          MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
         else if( strcmp( p, "etm" ) == 0 )
         {
             switch( atoi( q ) )
@@ -1450,6 +1475,60 @@ int main( int argc, char *argv[] )
     }
 #endif /* MBEDTLS_ECP_C */
 
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) && \
+    defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+    if( opt.sig_algs != NULL )
+    {
+        p = (char *) opt.sig_algs;
+        i = 0;
+
+        /* Leave room for a final NULL in signature algorithm list */
+        while( i < SIG_ALG_LIST_SIZE - 1 && *p != '\0' )
+        {
+            q = p;
+
+            /* Terminate the current string */
+            while( *p != ',' && *p != '\0' )
+                p++;
+            if( *p == ',' )
+                *p++ = '\0';
+
+            if( strcmp( q, "ecdsa_secp256r1_sha256" ) == 0 )
+            {
+                sig_alg_list[i++] = MBEDTLS_TLS13_SIG_ECDSA_SECP256R1_SHA256;
+            }
+            else if( strcmp( q, "ecdsa_secp384r1_sha384" ) == 0 )
+            {
+                sig_alg_list[i++] = MBEDTLS_TLS13_SIG_ECDSA_SECP384R1_SHA384;
+            }
+            else if( strcmp( q, "ecdsa_secp521r1_sha512" ) == 0 )
+            {
+                sig_alg_list[i++] = MBEDTLS_TLS13_SIG_ECDSA_SECP521R1_SHA512;
+            }
+            else
+            {
+                mbedtls_printf( "unknown signature algorithm %s\n", q );
+                mbedtls_printf( "supported signature algorithms: " );
+                mbedtls_printf( "ecdsa_secp256r1_sha256 " );
+                mbedtls_printf( "ecdsa_secp384r1_sha384 " );
+                mbedtls_printf( "ecdsa_secp521r1_sha512 " );
+                mbedtls_printf( "\n" );
+                goto exit;
+            }
+        }
+
+        if( i == ( SIG_ALG_LIST_SIZE - 1 ) && *p != '\0' )
+        {
+            mbedtls_printf( "signature algorithm list too long, maximum %d",
+                            SIG_ALG_LIST_SIZE - 1 );
+            goto exit;
+        }
+
+        sig_alg_list[i] = MBEDTLS_TLS13_SIG_NONE;
+    }
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL &&
+          MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+
 #if defined(MBEDTLS_SSL_ALPN)
     if( opt.alpn_string != NULL )
     {
@@ -1785,6 +1864,11 @@ int main( int argc, char *argv[] )
     }
 #endif
 
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+    if( opt.sig_algs != NULL )
+        mbedtls_ssl_conf_sig_algs( &conf, sig_alg_list );
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
+
 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
     if( opt.psk_opaque != 0 )
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 83bd617c68..c7110e850e 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -119,6 +119,7 @@ int main( void )
 #define DFL_SNI                 NULL
 #define DFL_ALPN_STRING         NULL
 #define DFL_CURVES              NULL
+#define DFL_SIG_ALGS            NULL
 #define DFL_DHM_FILE            NULL
 #define DFL_TRANSPORT           MBEDTLS_SSL_TRANSPORT_STREAM
 #define DFL_COOKIES             1
@@ -418,6 +419,15 @@ int main( void )
 #define USAGE_CURVES ""
 #endif
 
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) && \
+    defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#define USAGE_SIG_ALGS \
+    "    sig_algs=a,b,c,d      default: \"default\" (library default)\n"  \
+    "                          example: \"ecdsa_secp256r1_sha256,ecdsa_secp384r1_sha384\"\n"
+#else
+#define USAGE_SIG_ALGS ""
+#endif
+
 #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
 #define USAGE_SERIALIZATION \
     "    serialize=%%d        default: 0 (do not serialize/deserialize)\n"     \
@@ -484,6 +494,7 @@ int main( void )
     USAGE_EMS                                               \
     USAGE_ETM                                               \
     USAGE_CURVES                                            \
+    USAGE_SIG_ALGS                                          \
     "\n"
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
@@ -509,8 +520,9 @@ int main( void )
     USAGE_SERIALIZATION                                     \
     " acceptable ciphersuite names:\n"
 
-#define ALPN_LIST_SIZE  10
-#define CURVE_LIST_SIZE 20
+#define ALPN_LIST_SIZE    10
+#define CURVE_LIST_SIZE   20
+#define SIG_ALG_LIST_SIZE 5
 
 #define PUT_UINT64_BE(out_be,in_le,i)                                   \
 {                                                                       \
@@ -583,6 +595,7 @@ struct options
     int cache_timeout;          /* expiration delay of session cache entries */
     char *sni;                  /* string describing sni information        */
     const char *curves;         /* list of supported elliptic curves        */
+    const char *sig_algs;       /* supported TLS 1.3 signature algorithms   */
     const char *alpn_string;    /* ALPN supported protocols                 */
     const char *dhm_file;       /* the file with the DH parameters          */
     int extended_ms;            /* allow negotiation of extended MS?        */
@@ -1326,6 +1339,12 @@ int main( int argc, char *argv[] )
     size_t context_buf_len = 0;
 #endif
 
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) && \
+    defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+    uint16_t sig_alg_list[SIG_ALG_LIST_SIZE];
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL &&
+          MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+
     int i;
     char *p, *q;
     const int *list;
@@ -1498,6 +1517,7 @@ int main( int argc, char *argv[] )
     opt.sni                 = DFL_SNI;
     opt.alpn_string         = DFL_ALPN_STRING;
     opt.curves              = DFL_CURVES;
+    opt.sig_algs            = DFL_SIG_ALGS;
     opt.dhm_file            = DFL_DHM_FILE;
     opt.transport           = DFL_TRANSPORT;
     opt.cookies             = DFL_COOKIES;
@@ -1665,6 +1685,12 @@ int main( int argc, char *argv[] )
         }
         else if( strcmp( p, "curves" ) == 0 )
             opt.curves = q;
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) && \
+    defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+        else if( strcmp( p, "sig_algs" ) == 0 )
+            opt.sig_algs = q;
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL && && \
+          MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
         else if( strcmp( p, "renegotiation" ) == 0 )
         {
             opt.renegotiation = (atoi( q )) ?
@@ -2172,6 +2198,60 @@ int main( int argc, char *argv[] )
     }
 #endif /* MBEDTLS_ECP_C */
 
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) && \
+    defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+    if( opt.sig_algs != NULL )
+    {
+        p = (char *) opt.sig_algs;
+        i = 0;
+
+        /* Leave room for a final NULL in signature algorithm list */
+        while( i < SIG_ALG_LIST_SIZE - 1 && *p != '\0' )
+        {
+            q = p;
+
+            /* Terminate the current string */
+            while( *p != ',' && *p != '\0' )
+                p++;
+            if( *p == ',' )
+                *p++ = '\0';
+
+            if( strcmp( q, "ecdsa_secp256r1_sha256" ) == 0 )
+            {
+                sig_alg_list[i++] = MBEDTLS_TLS13_SIG_ECDSA_SECP256R1_SHA256;
+            }
+            else if( strcmp( q, "ecdsa_secp384r1_sha384" ) == 0 )
+            {
+                sig_alg_list[i++] = MBEDTLS_TLS13_SIG_ECDSA_SECP384R1_SHA384;
+            }
+            else if( strcmp( q, "ecdsa_secp521r1_sha512" ) == 0 )
+            {
+                sig_alg_list[i++] = MBEDTLS_TLS13_SIG_ECDSA_SECP521R1_SHA512;
+            }
+            else
+            {
+                mbedtls_printf( "unknown signature algorithm %s\n", q );
+                mbedtls_printf( "supported signature algorithms: " );
+                mbedtls_printf( "ecdsa_secp256r1_sha256 " );
+                mbedtls_printf( "ecdsa_secp384r1_sha384 " );
+                mbedtls_printf( "ecdsa_secp521r1_sha512 " );
+                mbedtls_printf( "\n" );
+                goto exit;
+            }
+        }
+
+        if( i == ( SIG_ALG_LIST_SIZE - 1 ) && *p != '\0' )
+        {
+            mbedtls_printf( "signature algorithm list too long, maximum %d",
+                            SIG_ALG_LIST_SIZE - 1 );
+            goto exit;
+        }
+
+        sig_alg_list[i] = MBEDTLS_TLS13_SIG_NONE;
+    }
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL &&
+          MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+
 #if defined(MBEDTLS_SSL_ALPN)
     if( opt.alpn_string != NULL )
     {
@@ -2750,6 +2830,11 @@ int main( int argc, char *argv[] )
     }
 #endif
 
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+    if( opt.sig_algs != NULL )
+        mbedtls_ssl_conf_sig_algs( &conf, sig_alg_list );
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
+
 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
 
     if( strlen( opt.psk ) != 0 && strlen( opt.psk_identity ) != 0 )

From 9c6aa7bb9a37ad694de9493941b422f8d4e85887 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 10 Aug 2021 13:50:43 +0100
Subject: [PATCH 260/966] Add default values for TLS 1.3 SigAlg configuration

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
---
 library/ssl_tls.c | 42 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index e2fb9b66fb..4843e423dd 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -6277,6 +6277,41 @@ static int ssl_preset_suiteb_hashes[] = {
     MBEDTLS_MD_SHA384,
     MBEDTLS_MD_NONE
 };
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+static uint16_t ssl_preset_default_sig_algs[] = {
+    /* ECDSA algorithms */
+#if defined(MBEDTLS_ECDSA_C)
+#if defined(MBEDTLS_SHA256_C) && defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
+    MBEDTLS_TLS13_SIG_ECDSA_SECP256R1_SHA256,
+#endif /* MBEDTLS_SHA256_C && MBEDTLS_ECP_DP_SECP256R1_ENABLED */
+#if defined(MBEDTLS_SHA512_C) && defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
+    MBEDTLS_TLS13_SIG_ECDSA_SECP384R1_SHA384,
+#endif /* MBEDTLS_SHA512_C && MBEDTLS_ECP_DP_SECP384R1_ENABLED */
+#if defined(MBEDTLS_SHA512_C) && defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
+    MBEDTLS_TLS13_SIG_ECDSA_SECP521R1_SHA512,
+#endif /* MBEDTLS_SHA512_C && MBEDTLS_ECP_DP_SECP521R1_ENABLED */
+#endif /* MBEDTLS_ECDSA_C */
+    /* RSA algorithms */
+#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
+    MBEDTLS_TLS13_SIG_RSA_PSS_RSAE_SHA256,
+#endif
+    MBEDTLS_TLS13_SIG_NONE
+};
+
+static uint16_t ssl_preset_suiteb_sig_algs[] = {
+    /* ECDSA algorithms */
+#if defined(MBEDTLS_ECDSA_C)
+#if defined(MBEDTLS_SHA256_C) && defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
+    MBEDTLS_TLS13_SIG_ECDSA_SECP256R1_SHA256,
+#endif /* MBEDTLS_SHA256_C && MBEDTLS_ECP_DP_SECP256R1_ENABLED */
+#if defined(MBEDTLS_SHA512_C) && defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
+    MBEDTLS_TLS13_SIG_ECDSA_SECP384R1_SHA384,
+#endif /* MBEDTLS_SHA512_C && MBEDTLS_ECP_DP_SECP384R1_ENABLED */
+#endif /* MBEDTLS_ECDSA_C */
+    MBEDTLS_TLS13_SIG_NONE
+};
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
 #endif
 
 #if defined(MBEDTLS_ECP_C)
@@ -6391,6 +6426,9 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
 
 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
             conf->sig_hashes = ssl_preset_suiteb_hashes;
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+            conf->tls13_sig_algs = ssl_preset_suiteb_sig_algs;
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
 #endif
 
 #if defined(MBEDTLS_ECP_C)
@@ -6427,6 +6465,10 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
             conf->sig_hashes = ssl_preset_default_hashes;
 #endif
 
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+            conf->tls13_sig_algs = ssl_preset_default_sig_algs;
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
+
 #if defined(MBEDTLS_ECP_C)
             conf->curve_list = ssl_preset_default_curves;
 #endif

From ac72fac465b720c55b472e38cfa7664890bfbc32 Mon Sep 17 00:00:00 2001
From: Yuto Takano <yuto.takano@arm.com>
Date: Tue, 10 Aug 2021 15:09:16 +0100
Subject: [PATCH 261/966] Put back list-identifiers.sh as a thin wrapper around
 the python script

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
---
 tests/scripts/list-identifiers.sh          | 66 ++++++++++++++++++++++
 tests/scripts/list_internal_identifiers.py |  7 ++-
 2 files changed, 70 insertions(+), 3 deletions(-)
 create mode 100755 tests/scripts/list-identifiers.sh

diff --git a/tests/scripts/list-identifiers.sh b/tests/scripts/list-identifiers.sh
new file mode 100755
index 0000000000..49ecc93ef7
--- /dev/null
+++ b/tests/scripts/list-identifiers.sh
@@ -0,0 +1,66 @@
+#!/bin/bash
+#
+# Create a file named identifiers containing identifiers from internal header
+# files, based on the --internal flag.
+# Outputs the line count of the file to stdout.
+# A very thin wrapper around list_internal_identifiers.py for backwards
+# compatibility.
+# Must be run from Mbed TLS root.
+#
+# Usage: list-identifiers.sh [ -i | --internal ]
+#
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -eu
+
+if [ -d include/mbedtls ]; then :; else
+    echo "$0: Must be run from Mbed TLS root" >&2
+    exit 1
+fi
+
+INTERNAL=""
+
+until [ -z "${1-}" ]
+do
+  case "$1" in
+    -i|--internal)
+      INTERNAL="1"
+      ;;
+    *)
+      # print error
+      echo "Unknown argument: '$1'"
+      exit 1
+      ;;
+  esac
+  shift
+done
+
+if [ $INTERNAL ]
+then
+    tests/scripts/list_internal_identifiers.py
+    wc -l identifiers
+else
+    cat <<EOF
+Sorry, this script has to be called with --internal.
+
+This script exists solely for backwards compatibility for the previous ieration
+of list-identifiers.sh, of which only the --internal option remains in use. It
+is a thin wrapper around list_internal_identifiers.py.
+
+check-names.sh, which used to depend on this script, has been replaced with
+check_names.py and is now self-complete.
+EOF
+fi
\ No newline at end of file
diff --git a/tests/scripts/list_internal_identifiers.py b/tests/scripts/list_internal_identifiers.py
index 822486ae42..f18491bad9 100755
--- a/tests/scripts/list_internal_identifiers.py
+++ b/tests/scripts/list_internal_identifiers.py
@@ -16,7 +16,7 @@
 # limitations under the License.
 
 """
-This script generates a file called _identifiers that contains all Mbed TLS
+This script generates a file called identifiers that contains all Mbed TLS
 identifiers found on internal headers. This is the equivalent of what was
 previously `list-identifiers.sh --internal`, and is useful for generating an
 exclusion file list for ABI/API checking, since we do not promise compatibility
@@ -39,7 +39,7 @@ def main():
         formatter_class=argparse.RawDescriptionHelpFormatter,
         description=(
             "This script writes a list of parsed identifiers in internal "
-            "headers to \"_identifiers\". This is useful for generating a list "
+            "headers to \"identifiers\". This is useful for generating a list "
             "of names to exclude from API/ABI compatibility checking. "))
 
     parser.parse_args()
@@ -50,9 +50,10 @@ def main():
             "include/mbedtls/*_internal.h",
             "library/*.h"
         ])
+        result.sort(key=lambda x: x.name)
 
         identifiers = ["{}\n".format(match.name) for match in result]
-        with open("_identifiers", "w", encoding="utf-8") as f:
+        with open("identifiers", "w", encoding="utf-8") as f:
             f.writelines(identifiers)
 
     except Exception: # pylint: disable=broad-except

From d73cec1e090382d8366e963c2747212bf3712e07 Mon Sep 17 00:00:00 2001
From: Yuto Takano <yuto.takano@arm.com>
Date: Tue, 10 Aug 2021 15:45:28 +0100
Subject: [PATCH 262/966] Add newline at end of list-identifiers.sh

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
---
 tests/scripts/list-identifiers.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/scripts/list-identifiers.sh b/tests/scripts/list-identifiers.sh
index 49ecc93ef7..781c609fc1 100755
--- a/tests/scripts/list-identifiers.sh
+++ b/tests/scripts/list-identifiers.sh
@@ -63,4 +63,4 @@ is a thin wrapper around list_internal_identifiers.py.
 check-names.sh, which used to depend on this script, has been replaced with
 check_names.py and is now self-complete.
 EOF
-fi
\ No newline at end of file
+fi

From deb68ce2d1935024d24cf85e1ef78528143b917f Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 10 Aug 2021 16:04:05 +0100
Subject: [PATCH 263/966] Fix guard around TLS 1.3 SigAlg configuration

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
---
 library/ssl_tls.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 4843e423dd..07d468ca72 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -6463,11 +6463,10 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
 
 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
             conf->sig_hashes = ssl_preset_default_hashes;
-#endif
-
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
             conf->tls13_sig_algs = ssl_preset_default_sig_algs;
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
 
 #if defined(MBEDTLS_ECP_C)
             conf->curve_list = ssl_preset_default_curves;

From 0402979ed39530a894812d9b9361de943bd8530f Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Tue, 10 Aug 2021 16:45:37 +0800
Subject: [PATCH 264/966] Add openssl/gnutls tls1.3 feature tests.

Add functions and test cases to make sure
tls1.3 is available in openssl/gnutls

Change-Id: I797d15117a8de96614f392e6bb2ed16b6d71ba69
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 tests/ssl-opt.sh | 77 ++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 77 insertions(+)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 01265ae9b3..9ee6b761db 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -77,6 +77,14 @@ else
     O_LEGACY_CLI=false
 fi
 
+if [ -n "${OPENSSL_NEXT:-}" ]; then
+    O_NEXT_SRV="$OPENSSL_NEXT s_server -www -cert data_files/server5.crt -key data_files/server5.key"
+    O_NEXT_CLI="echo 'GET / HTTP/1.0' | $OPENSSL_NEXT s_client"
+else
+    O_NEXT_SRV=false
+    O_NEXT_CLI=false
+fi
+
 if [ -n "${GNUTLS_NEXT_SERV:-}" ]; then
     G_NEXT_SRV="$GNUTLS_NEXT_SERV --x509certfile data_files/server5.crt --x509keyfile data_files/server5.key"
 else
@@ -346,6 +354,57 @@ requires_openssl_legacy() {
     fi
 }
 
+requires_openssl_next() {
+    if [ -z "${OPENSSL_NEXT_AVAILABLE:-}" ]; then
+        if which "${OPENSSL_NEXT:-}" >/dev/null 2>&1; then
+            OPENSSL_NEXT_AVAILABLE="YES"
+        else
+            OPENSSL_NEXT_AVAILABLE="NO"
+        fi
+    fi
+    if [ "$OPENSSL_NEXT_AVAILABLE" = "NO" ]; then
+        SKIP_NEXT="YES"
+    fi
+}
+
+# skip next test if tls1_3 is not available
+requires_openssl_tls1_3() {
+    requires_openssl_next
+    if [ "$OPENSSL_NEXT_AVAILABLE" = "NO" ]; then
+        OPENSSL_TLS1_3_AVAILABLE="NO"
+    fi
+    if [ -z "${OPENSSL_TLS1_3_AVAILABLE:-}" ]; then
+        if $OPENSSL_NEXT s_client -help 2>&1 | grep tls1_3 >/dev/null
+        then
+            OPENSSL_TLS1_3_AVAILABLE="YES"
+        else
+            OPENSSL_TLS1_3_AVAILABLE="NO"
+        fi
+    fi
+    if [ "$OPENSSL_TLS1_3_AVAILABLE" = "NO" ]; then
+        SKIP_NEXT="YES"
+    fi
+}
+
+# skip next test if tls1_3 is not available
+requires_gnutls_tls1_3() {
+    requires_gnutls_next
+    if [ "$GNUTLS_NEXT_AVAILABLE" = "NO" ]; then
+        GNUTLS_TLS1_3_AVAILABLE="NO"
+    fi
+    if [ -z "${GNUTLS_TLS1_3_AVAILABLE:-}" ]; then
+        if $GNUTLS_NEXT_CLI -l 2>&1 | grep VERS-TLS1.3 >/dev/null
+        then
+            GNUTLS_TLS1_3_AVAILABLE="YES"
+        else
+            GNUTLS_TLS1_3_AVAILABLE="NO"
+        fi
+    fi
+    if [ "$GNUTLS_TLS1_3_AVAILABLE" = "NO" ]; then
+        SKIP_NEXT="YES"
+    fi
+}
+
 # skip next test if IPv6 isn't available on this host
 requires_ipv6() {
     if [ -z "${HAS_IPV6:-}" ]; then
@@ -8487,6 +8546,24 @@ run_test    "export keys functionality" \
             -c "EAP-TLS IV is:" \
             -s "EAP-TLS IV is:"
 
+# openssl feature tests: check if tls1.3 exists.
+requires_openssl_tls1_3
+run_test    "TLS1.3: Test openssl tls1_3 feature" \
+            "$O_NEXT_SRV -tls1_3 -msg" \
+            "$O_NEXT_CLI -tls1_3 -msg" \
+            0 \
+            -c "TLS 1.3" \
+            -s "TLS 1.3"
+
+# gnutls feature tests: check if tls1.3 exists.
+requires_gnutls_tls1_3
+run_test    "TLS1.3: Test gnutls tls1_3 feature" \
+            "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3" \
+            "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V" \
+            0 \
+            -s "Version: TLS1.3" \
+            -c "Version: TLS1.3"
+
 # TLS1.3 test cases
 # TODO: remove or rewrite this test case if #4832 is resolved.
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2

From e043d15d75e81fef9c93aba0639a7dba165b4062 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Thu, 12 Aug 2021 06:22:32 +0100
Subject: [PATCH 265/966] Turn comments of 1.3 record transforms into Doxygen
 documentation

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
---
 include/mbedtls/ssl.h | 4 ++--
 library/ssl_misc.h    | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 34353daffb..960a262e43 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1342,8 +1342,8 @@ struct mbedtls_ssl_context
                                                                   *    it references.                  */
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
-    /* The application data transform in TLS 1.3.
-     * This pointer owns the transform it references. */
+    /*! The application data transform in TLS 1.3.
+     *  This pointer owns the transform it references. */
     mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_application);
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
 
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 174bad88b5..0b64e010bc 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -563,8 +563,8 @@ struct mbedtls_ssl_handshake_params
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
-    /* TLS 1.3 transforms for 0-RTT and encrypted handshake messages.
-     * Those pointers own the transforms they reference. */
+    /*! TLS 1.3 transforms for 0-RTT and encrypted handshake messages.
+     *  Those pointers own the transforms they reference. */
     mbedtls_ssl_transform *transform_handshake;
     mbedtls_ssl_transform *transform_earlydata;
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */

From 8ca26923eb71d7ea9615c468bac6f75fa5341eaa Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 23 Jul 2021 19:24:23 +0100
Subject: [PATCH 266/966] Add TLS 1.3 ciphersuites

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
---
 include/mbedtls/ssl_ciphersuites.h |  7 ++++
 library/ssl_ciphersuites.c         | 56 ++++++++++++++++++++++++++++++
 2 files changed, 63 insertions(+)

diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h
index 812560c8a1..18e7c98767 100644
--- a/include/mbedtls/ssl_ciphersuites.h
+++ b/include/mbedtls/ssl_ciphersuites.h
@@ -256,6 +256,13 @@ extern "C" {
 #define MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256     0xCCAD /**< TLS 1.2 */
 #define MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256     0xCCAE /**< TLS 1.2 */
 
+/* RFC 8446, Appendix B.4 */
+#define MBEDTLS_TLS1_3_AES_128_GCM_SHA256                     0x1301 /**< TLS 1.3 */
+#define MBEDTLS_TLS1_3_AES_256_GCM_SHA384                     0x1302 /**< TLS 1.3 */
+#define MBEDTLS_TLS1_3_CHACHA20_POLY1305_SHA256               0x1303 /**< TLS 1.3 */
+#define MBEDTLS_TLS1_3_AES_128_CCM_SHA256                     0x1304 /**< TLS 1.3 */
+#define MBEDTLS_TLS1_3_AES_128_CCM_8_SHA256                   0x1305 /**< TLS 1.3 */
+
 /* Reminder: update mbedtls_ssl_premaster_secret when adding a new key exchange.
  * Reminder: update MBEDTLS_KEY_EXCHANGE__xxx below
  */
diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c
index a3ee157d50..1df1b26b2c 100644
--- a/library/ssl_ciphersuites.c
+++ b/library/ssl_ciphersuites.c
@@ -52,6 +52,15 @@ static const int ciphersuite_preference[] =
 #if defined(MBEDTLS_SSL_CIPHERSUITES)
     MBEDTLS_SSL_CIPHERSUITES,
 #else
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+    /* TLS 1.3 ciphersuites */
+    MBEDTLS_TLS1_3_AES_128_GCM_SHA256,
+    MBEDTLS_TLS1_3_AES_256_GCM_SHA384,
+    MBEDTLS_TLS1_3_CHACHA20_POLY1305_SHA256,
+    MBEDTLS_TLS1_3_AES_128_CCM_SHA256,
+    MBEDTLS_TLS1_3_AES_128_CCM_8_SHA256,
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
+
     /* Chacha-Poly ephemeral suites */
     MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
     MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
@@ -283,6 +292,53 @@ static const int ciphersuite_preference[] =
 
 static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
 {
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+#if defined(MBEDTLS_AES_C)
+#if defined(MBEDTLS_GCM_C)
+#if defined(MBEDTLS_SHA512_C)
+    { MBEDTLS_TLS1_3_AES_256_GCM_SHA384, "TLS1-3-AES-256-GCM-SHA384",
+    MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384,
+    MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
+    MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_4,
+    MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_4,
+    0 },
+#endif /* MBEDTLS_SHA512_C */
+#if defined(MBEDTLS_SHA256_C)
+    { MBEDTLS_TLS1_3_AES_128_GCM_SHA256, "TLS1-3-AES-128-GCM-SHA256",
+    MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256,
+    MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
+    MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_4,
+    MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_4,
+    0 },
+#endif /* MBEDTLS_SHA256_C */
+#endif /* MBEDTLS_GCM_C */
+#if defined(MBEDTLS_CCM_C) && defined(MBEDTLS_SHA256_C)
+    { MBEDTLS_TLS1_3_AES_128_CCM_SHA256, "TLS1-3-AES-128-CCM-SHA256",
+    MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256,
+    MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
+    MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_4,
+    MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_4,
+    0 },
+    { MBEDTLS_TLS1_3_AES_128_CCM_8_SHA256, "TLS1-3-AES-128-CCM-8-SHA256",
+    MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256,
+    MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
+    MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_4,
+    MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_4,
+    MBEDTLS_CIPHERSUITE_SHORT_TAG },
+#endif /* MBEDTLS_SHA256_C && MBEDTLS_CCM_C */
+#endif /* MBEDTLS_AES_C */
+#if defined(MBEDTLS_CHACHAPOLY_C) && defined(MBEDTLS_SHA256_C)
+    { MBEDTLS_TLS1_3_CHACHA20_POLY1305_SHA256,
+      "TLS1-3-CHACHA20-POLY1305-SHA256",
+      MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
+      MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_4,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_4,
+          0 // field not used in TLS 1.3 implementation
+    },
+#endif /* MBEDTLS_CHACHAPOLY_C && MBEDTLS_SHA256_C */
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
+
 #if defined(MBEDTLS_CHACHAPOLY_C) && \
     defined(MBEDTLS_SHA256_C) && \
     defined(MBEDTLS_SSL_PROTO_TLS1_2)

From e486b2d7bb5dda556590562fad909dc2c2b66642 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 23 Jul 2021 19:24:30 +0100
Subject: [PATCH 267/966] Document use of mbedtls_ssl_conf_ciphersuites() for
 TLS 1.3

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
---
 include/mbedtls/ssl.h | 36 ++++++++++++++++++++++++++++++------
 1 file changed, 30 insertions(+), 6 deletions(-)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 221cee3379..f49bf2d98a 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -2521,21 +2521,45 @@ int mbedtls_ssl_session_save( const mbedtls_ssl_session *session,
  *                      order. First in the list has the highest preference.
  *                      (Overrides all version-specific lists)
  *
- *                      The ciphersuites array is not copied, and must remain
- *                      valid for the lifetime of the ssl_config.
+ *                      For TLS 1.2, the notion of ciphersuite determines both
+ *                      the key exchange mechanism and the suite of symmetric
+ *                      algorithms to be used during and after the handshake.
  *
- *                      Note: By default, the server chooses its preferred
+ *                      For TLS 1.3 (in development), the notion of ciphersuite
+ *                      only determines the suite of symmetric algorithmc to be
+ *                      used during and after the handshake, while key exchange
+ *                      mechanisms are configured separately.
+ *
+ *                      In Mbed TLS, ciphersuites for both TLS 1.2 and TLS 1.3
+ *                      are configured via this function. For users of TLS 1.3,
+ *                      there will be separate API for the configuration of key
+ *                      exchange mechanisms.
+ *
+ *                      The list of ciphersuites passed to this function may
+ *                      contain a mixture of TLS 1.2 and TLS 1.3 ciphersuite
+ *                      identifiers. This is useful if negotiation of TLS 1.3
+ *                      should be attempted, but a fallback to TLS 1.2 would
+ *                      be tolerated.
+ *
+ * \note                By default, the server chooses its preferred
  *                      ciphersuite among those that the client supports. If
  *                      mbedtls_ssl_conf_preference_order() is called to prefer
  *                      the client's preferences, the server instead chooses
  *                      the client's preferred ciphersuite among those that
  *                      the server supports.
  *
- * \param conf          SSL configuration
- * \param ciphersuites  0-terminated list of allowed ciphersuites
+ * \warning             The ciphersuites array \p ciphersuites is not copied.
+ *                      It must remain valid for the lifetime the SSL
+ *                      configuration \p conf.
+ *
+ * \param conf          The SSL configuration to modify.
+ * \param ciphersuites  A 0-terminated list of IANA identifiers of supported
+ *                      ciphersuites, accessible through \c MBEDTLS_TLS_XXX
+ *                      and \c MBEDTLS_TLS1_3_XXX macros defined in
+ *                      ssl_ciphersuites.h.
  */
 void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf,
-                                   const int *ciphersuites );
+                                    const int *ciphersuites );
 
 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
 #define MBEDTLS_SSL_UNEXPECTED_CID_IGNORE 0

From ae336852c59973c4642a10009b9db3160cc71215 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Sat, 24 Jul 2021 05:27:16 +0100
Subject: [PATCH 268/966] Add ssl-opt.sh run to TLS 1.3 test in all.sh

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
---
 tests/scripts/all.sh | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 5d2710cadc..16926390c4 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -2454,6 +2454,8 @@ component_test_tls13_experimental_with_padding () {
     make
     msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled, with padding"
     make test
+    msg "ssl-opt.sh (TLS 1.3 experimental)"
+    if_build_succeeded tests/ssl-opt.sh
 }
 
 component_build_mingw () {

From e2defad0bb9c72acc104e8f07b6c7ec252f4aa51 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Sat, 24 Jul 2021 05:59:17 +0100
Subject: [PATCH 269/966] Fix indentation of pre-existing code-block in
 ssl_tls.c

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
---
 library/ssl_tls.c | 26 +++++++++++++-------------
 1 file changed, 13 insertions(+), 13 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 2306c712c7..97bb7b6470 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -6337,20 +6337,20 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
 #endif
 
 #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C)
-            if( endpoint == MBEDTLS_SSL_IS_SERVER )
-            {
-                const unsigned char dhm_p[] =
-                    MBEDTLS_DHM_RFC3526_MODP_2048_P_BIN;
-                const unsigned char dhm_g[] =
-                    MBEDTLS_DHM_RFC3526_MODP_2048_G_BIN;
+    if( endpoint == MBEDTLS_SSL_IS_SERVER )
+    {
+        const unsigned char dhm_p[] =
+            MBEDTLS_DHM_RFC3526_MODP_2048_P_BIN;
+        const unsigned char dhm_g[] =
+            MBEDTLS_DHM_RFC3526_MODP_2048_G_BIN;
 
-                if ( ( ret = mbedtls_ssl_conf_dh_param_bin( conf,
-                                               dhm_p, sizeof( dhm_p ),
-                                               dhm_g, sizeof( dhm_g ) ) ) != 0 )
-                {
-                    return( ret );
-                }
-            }
+        if ( ( ret = mbedtls_ssl_conf_dh_param_bin( conf,
+                                                    dhm_p, sizeof( dhm_p ),
+                                                    dhm_g, sizeof( dhm_g ) ) ) != 0 )
+        {
+            return( ret );
+        }
+    }
 #endif
 
     /*

From 71f1ed66c2a6c5177be777871b058a11a650795a Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Sat, 24 Jul 2021 06:01:47 +0100
Subject: [PATCH 270/966] Add identifiers and API for configuration of TLS 1.3
 key exchanges

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
---
 include/mbedtls/ssl.h | 76 +++++++++++++++++++++++++++++++++++++++++++
 library/ssl_tls.c     | 15 +++++++++
 2 files changed, 91 insertions(+)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index f49bf2d98a..029fa42926 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -169,6 +169,30 @@
 /** Invalid value in SSL config */
 #define MBEDTLS_ERR_SSL_BAD_CONFIG                        -0x5E80
 
+/*
+ * TLS 1.3 Key Exchange Modes
+ *
+ * Mbed TLS internal identifiers for use with the SSL configuration API
+ * mbedtls_ssl_conf_tls13_key_exchange_modes().
+ */
+
+#define MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_NONE           0
+#define MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK            ( 1u << 0 )
+#define MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_EPHEMERAL  ( 1u << 1 )
+#define MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL      ( 1u << 2 )
+
+/* Convenience macros for sets of key exchanges. */
+#define MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_ALL                         \
+    ( MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK              |            \
+      MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_EPHEMERAL    |            \
+      MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL )
+#define MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_ALL                     \
+    ( MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK              |            \
+      MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_EPHEMERAL    )
+#define MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL_ALL               \
+    ( MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL        |            \
+      MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_EPHEMERAL    )
+
 /*
  * Various constants
  */
@@ -1069,6 +1093,11 @@ struct mbedtls_ssl_config
     /** Allowed ciphersuites for (D)TLS 1.2 (0-terminated)                  */
     const int *MBEDTLS_PRIVATE(ciphersuite_list);
 
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+    /** Allowed TLS 1.3 key exchange modes.                                 */
+    int MBEDTLS_PRIVATE(tls13_kex_modes);
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
+
     /** Callback for printing debug output                                  */
     void (*MBEDTLS_PRIVATE(f_dbg))(void *, int, const char *, int, const char *);
     void *MBEDTLS_PRIVATE(p_dbg);                    /*!< context for the debug function     */
@@ -2561,6 +2590,53 @@ int mbedtls_ssl_session_save( const mbedtls_ssl_session *session,
 void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf,
                                     const int *ciphersuites );
 
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+/**
+ * \brief Set the supported key exchange modes for TLS 1.3 connections.
+ *
+ *        In contrast to TLS 1.2, the ciphersuite concept in TLS 1.3 does not
+ *        include the choice of key exchange mechanism. It is therefore not
+ *        covered by the API mbedtls_ssl_conf_ciphersuites(). See the
+ *        documentation of mbedtls_ssl_conf_ciphersuites() for more
+ *        information on the ciphersuite concept in TLS 1.2 and TLS 1.3.
+ *
+ *        The present function is specific to TLS 1.3 and allows users to
+ *        configure the set of supported key exchange mechanisms in TLS 1.3.
+ *
+ * \param conf       The SSL configuration the change should apply to.
+ * \param kex_modes  A bitwise combination of one or more of the following:
+ *                   - MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK
+ *                     This flag enables pure-PSK key exchanges.
+ *                   - MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_EPHEMERAL
+ *                     This flag enables combined PSK-ephemeral key exchanges.
+ *                   - MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL
+ *                     This flag enables pure-ephemeral key exchanges.
+ *                   For convenience, the following pre-defined macros are
+ *                   available for combinations of the above:
+ *                   - MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_ALL
+ *                     Includes all of pure-PSK, PSK-ephemeral and pure-ephemeral.
+ *                   - MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_ALL
+ *                     Includes both pure-PSK and combined PSK-ephemeral
+ *                     key exchanges, but excludes pure-ephemeral key exchanges.
+ *                   - MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL_ALL
+ *                     Includes both pure-ephemeral and combined PSK-ephemeral
+ *                     key exchanges.
+ *
+ * \note  If a PSK-based key exchange mode shall be supported, applications
+ *        must also use the APIs mbedtls_ssl_conf_psk() or
+ *        mbedtls_ssl_conf_psk_cb() or mbedtls_ssl_conf_psk_opaque()
+ *        to configure the PSKs to be used.
+ *
+ * \note  If an ECDHE-based key exchange mode shall be supported,
+ *        server-side applications must also provide a certificate via
+ *        mbedtls_ssl_conf_own_cert().
+ *
+ */
+
+void mbedtls_ssl_conf_tls13_key_exchange_modes( mbedtls_ssl_config* conf,
+                                                const int kex_modes );
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
+
 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
 #define MBEDTLS_SSL_UNEXPECTED_CID_IGNORE 0
 #define MBEDTLS_SSL_UNEXPECTED_CID_FAIL   1
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 97bb7b6470..4933980cd9 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -3548,6 +3548,14 @@ void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf,
     conf->ciphersuite_list = ciphersuites;
 }
 
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+void mbedtls_ssl_conf_tls13_key_exchange_modes( mbedtls_ssl_config* conf,
+                                                const int kex_modes )
+{
+    conf->tls13_kex_modes = kex_modes;
+}
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
+
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
 void mbedtls_ssl_conf_cert_profile( mbedtls_ssl_config *conf,
                                     const mbedtls_x509_crt_profile *profile )
@@ -6353,6 +6361,13 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
     }
 #endif
 
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+    /*
+     * Allow all TLS 1.3 key exchange modes by default.
+     */
+    conf->tls13_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_ALL;
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
+
     /*
      * Preset-specific defaults
      */

From 2c0f697fbc74795152932466d2c47e0813459724 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Sat, 24 Jul 2021 06:27:16 +0100
Subject: [PATCH 271/966] Support TLS 1.3 key exchange config in
 ssl_client2/ssl_server2

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
---
 programs/ssl/ssl_client2.c | 56 ++++++++++++++++++++++++++++++++------
 programs/ssl/ssl_server2.c | 30 ++++++++++++++++++++
 2 files changed, 77 insertions(+), 9 deletions(-)

diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 86c314c35d..f40897397c 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -65,6 +65,7 @@ int main( void )
 #define DFL_ECJPAKE_PW          NULL
 #define DFL_EC_MAX_OPS          -1
 #define DFL_FORCE_CIPHER        0
+#define DFL_TLS13_KEX_MODES     MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_ALL
 #define DFL_RENEGOTIATION       MBEDTLS_SSL_RENEGOTIATION_DISABLED
 #define DFL_ALLOW_LEGACY        -2
 #define DFL_RENEGOTIATE         0
@@ -335,6 +336,14 @@ int main( void )
 #define USAGE_SERIALIZATION ""
 #endif
 
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+#define USAGE_TLS13_KEY_EXCHANGE_MODES \
+    "    tls13_kex_modes=%%s   default: all\n"     \
+    "                          options: psk, psk_ephemeral, ephemeral, psk_all, all\n"
+#else
+#define USAGE_TLS13_KEY_EXCHANGE_MODES ""
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
+
 /* USAGE is arbitrarily split to stay under the portable string literal
  * length limit: 4095 bytes in C99. */
 #define USAGE1 \
@@ -403,18 +412,19 @@ int main( void )
 #endif /* !MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
 
 #define USAGE4 \
-    "    allow_sha1=%%d       default: 0\n"                             \
-    "    min_version=%%s      default: (library default: tls1_2)\n"       \
-    "    max_version=%%s      default: (library default: tls1_2)\n"     \
-    "    force_version=%%s    default: \"\" (none)\n"       \
+    "    allow_sha1=%%d       default: 0\n"                                   \
+    "    min_version=%%s      default: (library default: tls1_2)\n"           \
+    "    max_version=%%s      default: (library default: tls1_2)\n"           \
+    "    force_version=%%s    default: \"\" (none)\n"                         \
     "                        options: tls1_2, dtls1_2" TLS1_3_VERSION_OPTIONS \
-    "\n\n"                                                    \
-    "    force_ciphersuite=<name>    default: all enabled\n"\
-    "    query_config=<name>         return 0 if the specified\n"       \
+    "\n\n"                                                                    \
+    "    force_ciphersuite=<name>    default: all enabled\n"                  \
+    USAGE_TLS13_KEY_EXCHANGE_MODES                                            \
+    "    query_config=<name>         return 0 if the specified\n"             \
     "                                configuration macro is defined and 1\n"  \
     "                                otherwise. The expansion of the macro\n" \
-    "                                is printed if it is defined\n"     \
-    USAGE_SERIALIZATION                                     \
+    "                                is printed if it is defined\n"           \
+    USAGE_SERIALIZATION                                                       \
     " acceptable ciphersuite names:\n"
 
 #define ALPN_LIST_SIZE  10
@@ -453,6 +463,9 @@ struct options
     const char *ecjpake_pw;     /* the EC J-PAKE password                   */
     int ec_max_ops;             /* EC consecutive operations limit          */
     int force_ciphersuite[2];   /* protocol/ciphersuite to use, or all      */
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+    int tls13_kex_modes;        /* supported TLS 1.3 key exchange modes     */
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
     int renegotiation;          /* enable / disable renegotiation           */
     int allow_legacy;           /* allow legacy renegotiation               */
     int renegotiate;            /* attempt renegotiation?                   */
@@ -814,6 +827,9 @@ int main( int argc, char *argv[] )
     opt.ecjpake_pw          = DFL_ECJPAKE_PW;
     opt.ec_max_ops          = DFL_EC_MAX_OPS;
     opt.force_ciphersuite[0]= DFL_FORCE_CIPHER;
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+    opt.tls13_kex_modes     = DFL_TLS13_KEX_MODES;
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
     opt.renegotiation       = DFL_RENEGOTIATION;
     opt.allow_legacy        = DFL_ALLOW_LEGACY;
     opt.renegotiate         = DFL_RENEGOTIATE;
@@ -1072,6 +1088,24 @@ int main( int argc, char *argv[] )
                 default: goto usage;
             }
         }
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+        else if( strcmp( p, "tls13_kex_modes" ) == 0 )
+        {
+            if( strcmp( q, "psk_pure" ) == 0 )
+                opt.tls13_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK;
+            else if( strcmp(q, "psk_ephemeral" ) == 0 )
+                opt.tls13_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_EPHEMERAL;
+            else if( strcmp(q, "ephemeral_pure" ) == 0 )
+                opt.tls13_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL;
+            else if( strcmp(q, "ephemeral_all" ) == 0 )
+                opt.tls13_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL_ALL;
+            else if( strcmp( q, "psk_all" ) == 0 )
+                opt.tls13_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_ALL;
+            else if( strcmp( q, "all" ) == 0 )
+                opt.tls13_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_ALL;
+            else goto usage;
+        }
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
         else if( strcmp( p, "min_version" ) == 0 )
         {
             if( strcmp( q, "tls1_2" ) == 0 ||
@@ -1748,6 +1782,10 @@ int main( int argc, char *argv[] )
     if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )
         mbedtls_ssl_conf_ciphersuites( &conf, opt.force_ciphersuite );
 
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+    mbedtls_ssl_conf_tls13_key_exchange_modes( &conf, opt.tls13_kex_modes );
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
+
     if( opt.allow_legacy != DFL_ALLOW_LEGACY )
         mbedtls_ssl_conf_legacy_renegotiation( &conf, opt.allow_legacy );
 #if defined(MBEDTLS_SSL_RENEGOTIATION)
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 83bd617c68..25cdb40c77 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -95,6 +95,7 @@ int main( void )
 #define DFL_ECJPAKE_PW          NULL
 #define DFL_PSK_LIST            NULL
 #define DFL_FORCE_CIPHER        0
+#define DFL_TLS13_KEX_MODES     MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_ALL
 #define DFL_RENEGOTIATION       MBEDTLS_SSL_RENEGOTIATION_DISABLED
 #define DFL_ALLOW_LEGACY        -2
 #define DFL_RENEGOTIATE         0
@@ -564,6 +565,9 @@ struct options
     char *psk_list;             /* list of PSK id/key pairs for callback    */
     const char *ecjpake_pw;     /* the EC J-PAKE password                   */
     int force_ciphersuite[2];   /* protocol/ciphersuite to use, or all      */
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+    int tls13_kex_modes;        /* supported TLS 1.3 key exchange modes     */
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
     int renegotiation;          /* enable / disable renegotiation           */
     int allow_legacy;           /* allow legacy renegotiation               */
     int renegotiate;            /* attempt renegotiation?                   */
@@ -1478,6 +1482,9 @@ int main( int argc, char *argv[] )
     opt.psk_list            = DFL_PSK_LIST;
     opt.ecjpake_pw          = DFL_ECJPAKE_PW;
     opt.force_ciphersuite[0]= DFL_FORCE_CIPHER;
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+    opt.tls13_kex_modes     = DFL_TLS13_KEX_MODES;
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
     opt.renegotiation       = DFL_RENEGOTIATION;
     opt.allow_legacy        = DFL_ALLOW_LEGACY;
     opt.renegotiate         = DFL_RENEGOTIATE;
@@ -1714,6 +1721,25 @@ int main( int argc, char *argv[] )
             if( opt.exchanges < 0 )
                 goto usage;
         }
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+        else if( strcmp( p, "tls13_kex_modes" ) == 0 )
+        {
+            if( strcmp( q, "psk_pure" ) == 0 )
+                opt.tls13_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK;
+            else if( strcmp(q, "psk_ephemeral" ) == 0 )
+                opt.tls13_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_EPHEMERAL;
+            else if( strcmp(q, "ephemeral_pure" ) == 0 )
+                opt.tls13_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL;
+            else if( strcmp(q, "ephemeral_all" ) == 0 )
+                opt.tls13_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL_ALL;
+            else if( strcmp( q, "psk_all" ) == 0 )
+                opt.tls13_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_ALL;
+            else if( strcmp( q, "all" ) == 0 )
+                opt.tls13_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_ALL;
+            else goto usage;
+        }
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
+
         else if( strcmp( p, "min_version" ) == 0 )
         {
             if( strcmp( q, "tls1_2" ) == 0 ||
@@ -2610,6 +2636,10 @@ int main( int argc, char *argv[] )
     if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )
         mbedtls_ssl_conf_ciphersuites( &conf, opt.force_ciphersuite );
 
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+    mbedtls_ssl_conf_tls13_key_exchange_modes( &conf, opt.tls13_kex_modes );
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
+
     if( opt.allow_legacy != DFL_ALLOW_LEGACY )
         mbedtls_ssl_conf_legacy_renegotiation( &conf, opt.allow_legacy );
 #if defined(MBEDTLS_SSL_RENEGOTIATION)

From 932064d6603ef632d525e329a30c339934bd38b3 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Sat, 24 Jul 2021 06:45:50 +0100
Subject: [PATCH 272/966] Add ssl-opt.sh tests for ssl_client/server TLS 1.3
 kex parameters

Those tests are so far only checking that ssl_client2/ssl_server2
recognize the arguments, nothing more.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
---
 tests/ssl-opt.sh | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 01265ae9b3..56c4a5fba7 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -1453,6 +1453,40 @@ run_test    "SHA-256 allowed by default in client certificate" \
             "$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha256.crt" \
             0
 
+# Dummy TLS 1.3 test
+# Currently only checking that passing TLS 1.3 key exchange modes to
+# ssl_client2/ssl_server2 example programs works.
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
+run_test    "TLS 1.3, key exchange mode parameter passing: PSK only" \
+            "$P_SRV tls13_kex_modes=psk_pure" \
+            "$P_CLI tls13_kex_modes=psk_pure" \
+            0
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
+run_test    "TLS 1.3, key exchange mode parameter passing: PSK-ephemeral only" \
+            "$P_SRV tls13_kex_modes=psk_ephemeral" \
+            "$P_CLI tls13_kex_modes=psk_ephemeral" \
+            0
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
+run_test    "TLS 1.3, key exchange mode parameter passing: Pure-ephemeral only" \
+            "$P_SRV tls13_kex_modes=ephemeral_pure" \
+            "$P_CLI tls13_kex_modes=ephemeral_pure" \
+            0
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
+run_test    "TLS 1.3, key exchange mode parameter passing: All ephemeral" \
+            "$P_SRV tls13_kex_modes=ephemeral_all" \
+            "$P_CLI tls13_kex_modes=ephemeral_all" \
+            0
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
+run_test    "TLS 1.3, key exchange mode parameter passing: All PSK" \
+            "$P_SRV tls13_kex_modes=psk_all" \
+            "$P_CLI tls13_kex_modes=psk_all" \
+            0
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
+run_test    "TLS 1.3, key exchange mode parameter passing: All" \
+            "$P_SRV tls13_kex_modes=all" \
+            "$P_CLI tls13_kex_modes=all" \
+            0
+
 # Tests for datagram packing
 run_test    "DTLS: multiple records in same datagram, client and server" \
             "$P_SRV dtls=1 dgram_packing=1 debug_level=2" \

From a2535931acfb8ad0b0b3aa977ce4a740b00711c9 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Mon, 2 Aug 2021 21:20:54 +0100
Subject: [PATCH 273/966] Add Doxygen documentation for TLS 1.3 key exchange
 macros

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
---
 include/mbedtls/ssl.h | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 029fa42926..327184c2de 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -176,22 +176,27 @@
  * mbedtls_ssl_conf_tls13_key_exchange_modes().
  */
 
-#define MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_NONE           0
-#define MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK            ( 1u << 0 )
-#define MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_EPHEMERAL  ( 1u << 1 )
-#define MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL      ( 1u << 2 )
+#define MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK            ( 1u << 0 ) /*!< Pure-PSK TLS 1.3 key exchange,
+                                                                        *   encompassing both externally agreed PSKs
+                                                                        *   as well as resumption PSKs. */
+#define MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL      ( 1u << 1 ) /*!< Pure-Ephemeral TLS 1.3 key exchanges,
+                                                                        *   including for example ECDHE and DHE
+                                                                        *   key exchanges. */
+#define MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_EPHEMERAL  ( 1u << 2 ) /*!< PSK-Ephemeral TLS 1.3 key exchanges,
+                                                                        *   using both a PSK and an ephemeral
+                                                                        *   key exchange. */
 
 /* Convenience macros for sets of key exchanges. */
 #define MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_ALL                         \
     ( MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK              |            \
       MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_EPHEMERAL    |            \
-      MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL )
+      MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL )        /*!< All TLS 1.3 key exchanges           */
 #define MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_ALL                     \
     ( MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK              |            \
-      MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_EPHEMERAL    )
+      MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_EPHEMERAL    ) /*!< All PSK-based TLS 1.3 key exchanges */
 #define MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL_ALL               \
     ( MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL        |            \
-      MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_EPHEMERAL    )
+      MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_EPHEMERAL    ) /*!< All ephemeral TLS 1.3 key exchanges */
 
 /*
  * Various constants

From d4fa9bc7104d9996da72e2b1af2e6ccc6bb06806 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Mon, 2 Aug 2021 21:21:05 +0100
Subject: [PATCH 274/966] Remove outdated mentioning of version-specific
 ciphersuite config

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
---
 include/mbedtls/ssl.h | 1 -
 1 file changed, 1 deletion(-)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 327184c2de..997cd686d8 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -2553,7 +2553,6 @@ int mbedtls_ssl_session_save( const mbedtls_ssl_session *session,
 /**
  * \brief               Set the list of allowed ciphersuites and the preference
  *                      order. First in the list has the highest preference.
- *                      (Overrides all version-specific lists)
  *
  *                      For TLS 1.2, the notion of ciphersuite determines both
  *                      the key exchange mechanism and the suite of symmetric

From 674f9480cf97f12d5cc26955c3f3b2a359f6e8a6 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Mon, 2 Aug 2021 21:21:19 +0100
Subject: [PATCH 275/966] Fix typo: algorithmc -> algorithms

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
---
 include/mbedtls/ssl.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 997cd686d8..5d0cf3edb5 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -2559,7 +2559,7 @@ int mbedtls_ssl_session_save( const mbedtls_ssl_session *session,
  *                      algorithms to be used during and after the handshake.
  *
  *                      For TLS 1.3 (in development), the notion of ciphersuite
- *                      only determines the suite of symmetric algorithmc to be
+ *                      only determines the suite of symmetric algorithms to be
  *                      used during and after the handshake, while key exchange
  *                      mechanisms are configured separately.
  *

From 5d045a8b89a34b8dc5e8f68f478eacb5156c2a82 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Mon, 2 Aug 2021 21:21:30 +0100
Subject: [PATCH 276/966] Stick to 'ephemeral' instead of ECDHE for TLS 1.3 key
 exchanges

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
---
 include/mbedtls/ssl.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 5d0cf3edb5..70dc501c0b 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -2631,7 +2631,7 @@ void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf,
  *        mbedtls_ssl_conf_psk_cb() or mbedtls_ssl_conf_psk_opaque()
  *        to configure the PSKs to be used.
  *
- * \note  If an ECDHE-based key exchange mode shall be supported,
+ * \note  If a pure-ephemeral key exchange mode shall be supported,
  *        server-side applications must also provide a certificate via
  *        mbedtls_ssl_conf_own_cert().
  *

From 30319f1f889863afd60a87a292602992297d3c6c Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Mon, 2 Aug 2021 21:21:55 +0100
Subject: [PATCH 277/966] Remove misplaced comment in TLS 1.3 ciphersuite
 definitions

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
---
 library/ssl_ciphersuites.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c
index 1df1b26b2c..9a416c811d 100644
--- a/library/ssl_ciphersuites.c
+++ b/library/ssl_ciphersuites.c
@@ -334,8 +334,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
       MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_4,
       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_4,
-          0 // field not used in TLS 1.3 implementation
-    },
+      0 },
 #endif /* MBEDTLS_CHACHAPOLY_C && MBEDTLS_SHA256_C */
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
 

From cfa4d4b3f5b229ec8491d9bb72435d306db6039f Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Mon, 2 Aug 2021 21:22:06 +0100
Subject: [PATCH 278/966] ssl_client2: Adjust usage string to recognized cmd
 line parameter

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
---
 programs/ssl/ssl_client2.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index f40897397c..223b7bff2f 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -339,7 +339,7 @@ int main( void )
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
 #define USAGE_TLS13_KEY_EXCHANGE_MODES \
     "    tls13_kex_modes=%%s   default: all\n"     \
-    "                          options: psk, psk_ephemeral, ephemeral, psk_all, all\n"
+    "                          options: psk_pure, psk_ephemeral, ephemeral_pure, ephemeral_all, psk_all, all\n"
 #else
 #define USAGE_TLS13_KEY_EXCHANGE_MODES ""
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */

From a9e4e6fd6f3648400b5f26913cfec349a91570b7 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Mon, 2 Aug 2021 21:22:28 +0100
Subject: [PATCH 279/966] ssl_server2: Add usage string for TLS 1.3 key
 exchange modes

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
---
 programs/ssl/ssl_server2.c | 28 +++++++++++++++++++---------
 1 file changed, 19 insertions(+), 9 deletions(-)

diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 25cdb40c77..87558f54cb 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -433,6 +433,15 @@ int main( void )
 #define USAGE_SERIALIZATION ""
 #endif
 
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+#define USAGE_TLS13_KEY_EXCHANGE_MODES \
+    "    tls13_kex_modes=%%s   default: all\n"     \
+    "                          options: psk_pure, psk_ephemeral, ephemeral_pure, ephemeral_all, psk_all, all\n"
+#else
+#define USAGE_TLS13_KEY_EXCHANGE_MODES ""
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
+
+
 /* USAGE is arbitrarily split to stay under the portable string literal
  * length limit: 4095 bytes in C99. */
 #define USAGE1 \
@@ -496,18 +505,19 @@ int main( void )
 #define USAGE4 \
     USAGE_SSL_ASYNC                                         \
     USAGE_SNI                                               \
-    "    allow_sha1=%%d       default: 0\n"                             \
-    "    min_version=%%s      default: (library default: tls1_2)\n"       \
-    "    max_version=%%s      default: (library default: tls1_2)\n"     \
-    "    force_version=%%s    default: \"\" (none)\n"       \
+    "    allow_sha1=%%d       default: 0\n"                                   \
+    "    min_version=%%s      default: (library default: tls1_2)\n"           \
+    "    max_version=%%s      default: (library default: tls1_2)\n"           \
+    "    force_version=%%s    default: \"\" (none)\n"                         \
     "                        options: tls1_2, dtls1_2" TLS1_3_VERSION_OPTIONS \
-    "\n\n"                                                                \
-    "    force_ciphersuite=<name>    default: all enabled\n"            \
-    "    query_config=<name>         return 0 if the specified\n"       \
+    "\n\n"                                                                    \
+    "    force_ciphersuite=<name>    default: all enabled\n"                  \
+    USAGE_TLS13_KEY_EXCHANGE_MODES                                            \
+    "    query_config=<name>         return 0 if the specified\n"             \
     "                                configuration macro is defined and 1\n"  \
     "                                otherwise. The expansion of the macro\n" \
-    "                                is printed if it is defined\n"     \
-    USAGE_SERIALIZATION                                     \
+    "                                is printed if it is defined\n"           \
+    USAGE_SERIALIZATION                                                       \
     " acceptable ciphersuite names:\n"
 
 #define ALPN_LIST_SIZE  10

From 7dd2f504b3ebeda92cdf7e80135db2026b0356bd Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Sat, 24 Apr 2021 13:35:41 +0200
Subject: [PATCH 280/966] Allow configuring MBEDTLS_TLS_EXT_CID at compile time

The numerical identifier of the CID extension hasn't been settled yet
and different implementations use values from different drafts. Allow
configuring the value at compile time.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 ChangeLog.d/tls_ext_cid-config.txt |  3 +++
 include/mbedtls/mbedtls_config.h   | 11 +++++++++++
 include/mbedtls/ssl.h              |  8 +++++++-
 3 files changed, 21 insertions(+), 1 deletion(-)
 create mode 100644 ChangeLog.d/tls_ext_cid-config.txt

diff --git a/ChangeLog.d/tls_ext_cid-config.txt b/ChangeLog.d/tls_ext_cid-config.txt
new file mode 100644
index 0000000000..b7b1e72443
--- /dev/null
+++ b/ChangeLog.d/tls_ext_cid-config.txt
@@ -0,0 +1,3 @@
+Features
+   * The identifier of the CID TLS extension can be configured by defining
+     MBEDTLS_TLS_EXT_CID at compile time.
diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index a60db7e930..d470c0054b 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@@ -3194,6 +3194,17 @@
 //#define MBEDTLS_PSK_MAX_LEN               32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */
 //#define MBEDTLS_SSL_COOKIE_TIMEOUT        60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */
 
+/** \def MBEDTLS_TLS_EXT_CID
+ *
+ * At the time of writing, the CID extension has not been assigned its
+ * final value. Set this configuration option to make Mbed TLS use a
+ * different value.
+ *
+ * A future minor revision of Mbed TLS may change the default value of
+ * this option to match evolving standards and usage.
+ */
+//#define MBEDTLS_TLS_EXT_CID                        254
+
 /**
  * Complete list of ciphersuites to use, in order of preference.
  *
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 221cee3379..167d741a03 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -425,8 +425,14 @@
 
 /* The value of the CID extension is still TBD as of
  * draft-ietf-tls-dtls-connection-id-05
- * (https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05) */
+ * (https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05).
+ *
+ * A future minor revision of Mbed TLS may change the default value of
+ * this option to match evolving standards and usage.
+ */
+#if !defined(MBEDTLS_TLS_EXT_CID)
 #define MBEDTLS_TLS_EXT_CID                        254 /* TBD */
+#endif
 
 #define MBEDTLS_TLS_EXT_ECJPAKE_KKPP               256 /* experimental */
 

From fb86ac70f5ca4c19d39bf219c9dcd1499db2c281 Mon Sep 17 00:00:00 2001
From: Yuto Takano <yuto.takano@arm.com>
Date: Mon, 16 Aug 2021 10:32:40 +0100
Subject: [PATCH 281/966] Comment Match.__str__ and use format() to simplify
 calculation

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
---
 tests/scripts/check_names.py | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/tests/scripts/check_names.py b/tests/scripts/check_names.py
index 591389b960..5dc38fc523 100755
--- a/tests/scripts/check_names.py
+++ b/tests/scripts/check_names.py
@@ -77,15 +77,16 @@ class Match(): # pylint: disable=too-few-public-methods
         self.name = name
 
     def __str__(self):
-        ln_str = str(self.pos[0])
-        gutter_len = max(4, len(ln_str))
-        gutter = (gutter_len - len(ln_str)) * " " + ln_str
+        """
+        Return a formatted code listing representation of the erroneous line.
+        """
+        gutter = format(self.pos[0], "4d")
         underline = self.pos[1] * " " + (self.pos[2] - self.pos[1]) * "^"
 
         return (
-            " {0} |\n".format(gutter_len * " ") +
+            " {0} |\n".format(" " * len(gutter)) +
             " {0} | {1}".format(gutter, self.line) +
-            " {0} | {1}\n".format(gutter_len * " ", underline)
+            " {0} | {1}\n".format(" " * len(gutter), underline)
         )
 
 class Problem(): # pylint: disable=too-few-public-methods

From 8246eb8fb61dd577625f2a35f0aa200154757f15 Mon Sep 17 00:00:00 2001
From: Yuto Takano <yuto.takano@arm.com>
Date: Mon, 16 Aug 2021 10:37:24 +0100
Subject: [PATCH 282/966] Fix English typos in comments of check_names and
 list-identifiers

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
---
 tests/scripts/check_names.py      | 9 +++++----
 tests/scripts/list-identifiers.sh | 6 +++---
 2 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/tests/scripts/check_names.py b/tests/scripts/check_names.py
index 5dc38fc523..113854c28c 100755
--- a/tests/scripts/check_names.py
+++ b/tests/scripts/check_names.py
@@ -39,7 +39,7 @@ NameChecker performs the following checks:
 - Typo checking: All words that begin with MBED exist as macros or constants.
 
 The script returns 0 on success, 1 on test failure, and 2 if there is a script
-error error. Must be run from Mbed TLS root.
+error. It must be run from Mbed TLS root.
 """
 
 import argparse
@@ -429,8 +429,9 @@ class CodeParser():
 
     def parse_identifiers(self, include, exclude=None):
         """
-        Parse all lines of a header where a function identifier is declared,
-        based on some huersitics. Highly dependent on formatting style.
+        Parse all lines of a header where a function/enum/struct/union/typedef
+        identifier is declared, based on some heuristics. Highly dependent on
+        formatting style.
         Note: .match() checks at the beginning of the string (implicit ^), while
         .search() checks throughout.
 
@@ -509,7 +510,7 @@ class CodeParser():
                         line = previous_line.strip() + " " + line.strip()
                         previous_line = ""
 
-                    # Skip parsing if line has a space in front = hueristic to
+                    # Skip parsing if line has a space in front = heuristic to
                     # skip function argument lines (highly subject to formatting
                     # changes)
                     if line[0] == " ":
diff --git a/tests/scripts/list-identifiers.sh b/tests/scripts/list-identifiers.sh
index 781c609fc1..9b930802f5 100755
--- a/tests/scripts/list-identifiers.sh
+++ b/tests/scripts/list-identifiers.sh
@@ -56,9 +56,9 @@ else
     cat <<EOF
 Sorry, this script has to be called with --internal.
 
-This script exists solely for backwards compatibility for the previous ieration
-of list-identifiers.sh, of which only the --internal option remains in use. It
-is a thin wrapper around list_internal_identifiers.py.
+This script exists solely for backwards compatibility with the previous
+iteration of list-identifiers.sh, of which only the --internal option remains in
+use. It is a thin wrapper around list_internal_identifiers.py.
 
 check-names.sh, which used to depend on this script, has been replaced with
 check_names.py and is now self-complete.

From 165700c914cd46e5c71d8ee9e6854fb80b642031 Mon Sep 17 00:00:00 2001
From: Yuto Takano <yuto.takano@arm.com>
Date: Mon, 16 Aug 2021 10:39:24 +0100
Subject: [PATCH 283/966] Remove unnecessary try/catch in
 list_internal_identifiers

The try/catch was used to catch Exceptions and exit with code 1,
a legacy from check_names.py which uses the pattern to exit with
code 2. But code 1 is the default for the Python runtime anyway,
so it is redundant and can be removed.

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
---
 tests/scripts/list_internal_identifiers.py | 23 +++++++++-------------
 1 file changed, 9 insertions(+), 14 deletions(-)

diff --git a/tests/scripts/list_internal_identifiers.py b/tests/scripts/list_internal_identifiers.py
index f18491bad9..d1b55138f1 100755
--- a/tests/scripts/list_internal_identifiers.py
+++ b/tests/scripts/list_internal_identifiers.py
@@ -44,21 +44,16 @@ def main():
 
     parser.parse_args()
 
-    try:
-        name_check = CodeParser(logging.getLogger())
-        result = name_check.parse_identifiers([
-            "include/mbedtls/*_internal.h",
-            "library/*.h"
-        ])
-        result.sort(key=lambda x: x.name)
+    name_check = CodeParser(logging.getLogger())
+    result = name_check.parse_identifiers([
+        "include/mbedtls/*_internal.h",
+        "library/*.h"
+    ])
+    result.sort(key=lambda x: x.name)
 
-        identifiers = ["{}\n".format(match.name) for match in result]
-        with open("identifiers", "w", encoding="utf-8") as f:
-            f.writelines(identifiers)
-
-    except Exception: # pylint: disable=broad-except
-        traceback.print_exc()
-        sys.exit(1)
+    identifiers = ["{}\n".format(match.name) for match in result]
+    with open("identifiers", "w", encoding="utf-8") as f:
+        f.writelines(identifiers)
 
 if __name__ == "__main__":
     main()

From 9d9c6dc46e00889c93f565da6d6fe08490414444 Mon Sep 17 00:00:00 2001
From: Yuto Takano <yuto.takano@arm.com>
Date: Mon, 16 Aug 2021 10:43:45 +0100
Subject: [PATCH 284/966] Align the item counts in check_names for ease of
 reading

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
---
 tests/scripts/check_names.py | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/tests/scripts/check_names.py b/tests/scripts/check_names.py
index 113854c28c..b12f406443 100755
--- a/tests/scripts/check_names.py
+++ b/tests/scripts/check_names.py
@@ -258,11 +258,12 @@ class CodeParser():
                 actual_macros.append(macro)
 
         self.log.debug("Found:")
-        self.log.debug("  {} Total Macros".format(len(all_macros)))
-        self.log.debug("  {} Non-identifier Macros".format(len(actual_macros)))
-        self.log.debug("  {} Enum Constants".format(len(enum_consts)))
-        self.log.debug("  {} Identifiers".format(len(identifiers)))
-        self.log.debug("  {} Exported Symbols".format(len(symbols)))
+        # Aligns the counts on the assumption that none exceeds 4 digits
+        self.log.debug("  {:4} Total Macros".format(len(all_macros)))
+        self.log.debug("  {:4} Non-identifier Macros".format(len(actual_macros)))
+        self.log.debug("  {:4} Enum Constants".format(len(enum_consts)))
+        self.log.debug("  {:4} Identifiers".format(len(identifiers)))
+        self.log.debug("  {:4} Exported Symbols".format(len(symbols)))
         return {
             "macros": actual_macros,
             "enum_consts": enum_consts,

From 90bc026913b50e7ebe200ac9a2935367b774e485 Mon Sep 17 00:00:00 2001
From: Yuto Takano <yuto.takano@arm.com>
Date: Mon, 16 Aug 2021 11:34:10 +0100
Subject: [PATCH 285/966] Exclusively use re.search() to avoid confusion with
 .match()

Also fix newline being removed when lines were concatenated

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
---
 tests/scripts/check_names.py | 42 +++++++++++++++++-------------------
 1 file changed, 20 insertions(+), 22 deletions(-)

diff --git a/tests/scripts/check_names.py b/tests/scripts/check_names.py
index b12f406443..c0fc20fccc 100755
--- a/tests/scripts/check_names.py
+++ b/tests/scripts/check_names.py
@@ -407,16 +407,16 @@ class CodeParser():
                     # Match typedefs and brackets only when they are at the
                     # beginning of the line -- if they are indented, they might
                     # be sub-structures within structs, etc.
-                    if state == 0 and re.match(r"^(typedef +)?enum +{", line):
+                    if state == 0 and re.search(r"^(typedef +)?enum +{", line):
                         state = 1
-                    elif state == 0 and re.match(r"^(typedef +)?enum", line):
+                    elif state == 0 and re.search(r"^(typedef +)?enum", line):
                         state = 2
-                    elif state == 2 and re.match(r"^{", line):
+                    elif state == 2 and re.search(r"^{", line):
                         state = 1
-                    elif state == 1 and re.match(r"^}", line):
+                    elif state == 1 and re.search(r"^}", line):
                         state = 0
-                    elif state == 1 and not re.match(r" *#", line):
-                        enum_const = re.match(r" *(?P<enum_const>\w+)", line)
+                    elif state == 1 and not re.search(r"^ *#", line):
+                        enum_const = re.search(r"^ *(?P<enum_const>\w+)", line)
                         if not enum_const:
                             continue
 
@@ -433,8 +433,6 @@ class CodeParser():
         Parse all lines of a header where a function/enum/struct/union/typedef
         identifier is declared, based on some heuristics. Highly dependent on
         formatting style.
-        Note: .match() checks at the beginning of the string (implicit ^), while
-        .search() checks throughout.
 
         Args:
         * include: A List of glob expressions to look for files through.
@@ -459,12 +457,12 @@ class CodeParser():
         )
         exclusion_lines = re.compile(
             r"^("
-            r"extern +\"C\"|"
-            r"(typedef +)?(struct|union|enum)( *{)?$|"
-            r"} *;?$|"
-            r"$|"
-            r"//|"
-            r"#"
+                r"extern +\"C\"|"
+                r"(typedef +)?(struct|union|enum)( *{)?$|"
+                r"} *;?$|"
+                r"$|"
+                r"//|"
+                r"#"
             r")"
         )
 
@@ -493,7 +491,7 @@ class CodeParser():
                         previous_line = ""
                         continue
 
-                    if exclusion_lines.match(line):
+                    if exclusion_lines.search(line):
                         previous_line = ""
                         continue
 
@@ -501,14 +499,14 @@ class CodeParser():
                     # characters (or underscore, asterisk, or, open bracket),
                     # and nothing else, high chance it's a declaration that
                     # continues on the next line
-                    if re.match(r"^([\w\*\(]+\s+)+$", line):
+                    if re.search(r"^([\w\*\(]+\s+)+$", line):
                         previous_line += line
                         continue
 
                     # If previous line seemed to start an unfinished declaration
                     # (as above), concat and treat them as one.
                     if previous_line:
-                        line = previous_line.strip() + " " + line.strip()
+                        line = previous_line.strip() + " " + line.strip() + "\n"
                         previous_line = ""
 
                     # Skip parsing if line has a space in front = heuristic to
@@ -626,8 +624,8 @@ class CodeParser():
             ).stdout
 
         for line in nm_output.splitlines():
-            if not nm_undefined_regex.match(line):
-                symbol = nm_valid_regex.match(line)
+            if not nm_undefined_regex.search(line):
+                symbol = nm_valid_regex.search(line)
                 if (symbol and not symbol.group("symbol").startswith(exclusions)):
                     symbols.append(symbol.group("symbol"))
                 else:
@@ -718,10 +716,10 @@ class NameChecker():
         problems = []
 
         for item_match in self.parse_result[group_to_check]:
-            if not re.match(check_pattern, item_match.name):
+            if not re.search(check_pattern, item_match.name):
                 problems.append(PatternMismatch(check_pattern, item_match))
-            # Double underscore is a reserved identifier, never to be used
-            if re.match(r".*__.*", item_match.name):
+            # Double underscore should not be used for names
+            if re.search(r".*__.*", item_match.name):
                 problems.append(PatternMismatch("double underscore", item_match))
 
         self.output_check_result(

From 6adb2879602f109830855467bc530a2c014e9b10 Mon Sep 17 00:00:00 2001
From: Yuto Takano <yuto.takano@arm.com>
Date: Mon, 16 Aug 2021 11:38:34 +0100
Subject: [PATCH 286/966] Move duplicated behaviour in get_files to own
 function

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
---
 tests/scripts/check_names.py | 28 +++++++++++-----------------
 1 file changed, 11 insertions(+), 17 deletions(-)

diff --git a/tests/scripts/check_names.py b/tests/scripts/check_names.py
index c0fc20fccc..10ed5bba39 100755
--- a/tests/scripts/check_names.py
+++ b/tests/scripts/check_names.py
@@ -290,26 +290,20 @@ class CodeParser():
         # exclude_wildcards may be None. Also, consider the global exclusions.
         exclude_wildcards = (exclude_wildcards or []) + self.excluded_files
 
-        # Perform set union on the glob results. Memoise individual sets.
+        # Internal function to hit the memoisation cache or add to it the result
+        # of a glob operation. Used both for inclusion and exclusion since the
+        # only difference between them is whether they perform set union or
+        # difference on the return value of this function.
+        def hit_cache(wildcard):
+            if wildcard not in self.files:
+                self.files[wildcard] = set(glob.glob(wildcard, recursive=True))
+            return self.files[wildcard]
+
         for include_wildcard in include_wildcards:
-            if include_wildcard not in self.files:
-                self.files[include_wildcard] = set(glob.glob(
-                    include_wildcard,
-                    recursive=True
-                ))
+            accumulator = accumulator.union(hit_cache(include_wildcard))
 
-            accumulator = accumulator.union(self.files[include_wildcard])
-
-        # Perform set difference to exclude. Also use the same memo since their
-        # behaviour is pretty much identical and it can benefit from the cache.
         for exclude_wildcard in exclude_wildcards:
-            if exclude_wildcard not in self.files:
-                self.files[exclude_wildcard] = set(glob.glob(
-                    exclude_wildcard,
-                    recursive=True
-                ))
-
-            accumulator = accumulator.difference(self.files[exclude_wildcard])
+            accumulator = accumulator.difference(hit_cache(exclude_wildcard))
 
         return list(accumulator)
 

From 814fffbd72bfa2bcc3bd4716c03ecf9e0110113b Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Mon, 16 Aug 2021 18:20:36 +0100
Subject: [PATCH 287/966] Remove overly strict final checks

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto.c | 16 +++-------------
 1 file changed, 3 insertions(+), 13 deletions(-)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 95f9740633..e40e370a00 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3749,11 +3749,8 @@ exit:
     return( status );
 }
 
-static psa_status_t psa_aead_final_checks( psa_aead_operation_t *operation,
-                                           size_t output_size )
+static psa_status_t psa_aead_final_checks( psa_aead_operation_t *operation )
 {
-    size_t finish_output_size;
-
     if( operation->id == 0 || !operation->nonce_set )
         return( PSA_ERROR_BAD_STATE );
 
@@ -3761,13 +3758,6 @@ static psa_status_t psa_aead_final_checks( psa_aead_operation_t *operation,
                                    operation->body_remaining != 0 ) )
         return( PSA_ERROR_INVALID_ARGUMENT );
 
-    finish_output_size = operation->is_encrypt ?
-         PSA_AEAD_FINISH_OUTPUT_SIZE( operation->key_type, operation->alg ) :
-         PSA_AEAD_VERIFY_OUTPUT_SIZE( operation->key_type, operation->alg );
-
-    if( output_size < finish_output_size )
-        return( PSA_ERROR_BUFFER_TOO_SMALL );
-
     return( PSA_SUCCESS );
 }
 
@@ -3785,7 +3775,7 @@ psa_status_t psa_aead_finish( psa_aead_operation_t *operation,
     *ciphertext_length = 0;
     *tag_length = tag_size;
 
-    status = psa_aead_final_checks( operation, ciphertext_size );
+    status = psa_aead_final_checks( operation );
 
     if( status != PSA_SUCCESS )
         goto exit;
@@ -3831,7 +3821,7 @@ psa_status_t psa_aead_verify( psa_aead_operation_t *operation,
 
     *plaintext_length = 0;
 
-    status = psa_aead_final_checks( operation, plaintext_size );
+    status = psa_aead_final_checks( operation );
 
     if( status != PSA_SUCCESS )
         goto exit;

From 66696b5591e18d308389e0d9123765cf38d75542 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Mon, 16 Aug 2021 18:42:41 +0100
Subject: [PATCH 288/966] Improve nonce length checks

Add the missing nonce length checks (this function is being used by
oneshot functions as well as multipart, and thus all cipher suites are
being used) and cover the case where a NULL buffer gets passed in.
Extended the set nonce test to cover this.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto_aead.c                   | 17 +++++++++++++++-
 tests/suites/test_suite_psa_crypto.data     | 22 ++++++++++++++-------
 tests/suites/test_suite_psa_crypto.function | 20 +++++++++++++++----
 3 files changed, 47 insertions(+), 12 deletions(-)

diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c
index d877638ecf..92c5ccf9ea 100644
--- a/library/psa_crypto_aead.c
+++ b/library/psa_crypto_aead.c
@@ -141,6 +141,21 @@ static psa_status_t mbedtls_aead_check_nonce_length(
     mbedtls_psa_aead_operation_t *operation,
     size_t nonce_length )
 {
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
+    if( operation->alg == PSA_ALG_GCM )
+    {
+        if( nonce_length == 0 )
+            return( PSA_ERROR_NOT_SUPPORTED );
+    }
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
+    if( operation->alg == PSA_ALG_CCM )
+    {
+        if( nonce_length < 7 || nonce_length > 13 )
+            return( PSA_ERROR_NOT_SUPPORTED );
+    }
+    else
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
     if( operation->alg == PSA_ALG_CHACHA20_POLY1305 )
     {
@@ -428,7 +443,7 @@ psa_status_t mbedtls_psa_aead_set_nonce(
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
     if( mbedtls_aead_check_nonce_length( operation, nonce_length )
-        != PSA_SUCCESS )
+        != PSA_SUCCESS || nonce == NULL )
     {
         return( PSA_ERROR_INVALID_ARGUMENT );
     }
diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index d223537900..f2355d60b8 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -2598,33 +2598,41 @@ PSA Multipart Nonce Generation: ChaCha20 - Poly1305, IV = 16
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
 aead_multipart_generate_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:16:12:"":"":PSA_SUCCESS
 
+PSA Multipart Set Nonce, AES - GCM, IV = 0 (NULL)
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):0:1:"":"":PSA_ERROR_INVALID_ARGUMENT
+
 PSA Multipart Set Nonce, AES - GCM, IV = 0
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):0:"":"":PSA_ERROR_INVALID_ARGUMENT
+aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):0:0:"":"":PSA_ERROR_INVALID_ARGUMENT
 
 PSA Multipart Set Nonce, AES - GCM, IV = 16
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):16:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS
+aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):16:0:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS
 
 PSA Multipart Set Nonce, AES - GCM, IV = 20
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):20:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS
+aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):20:0:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS
 
 PSA Multipart Set Nonce: ChaCha20 - Poly1305, IV = 12
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
-aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:12:"50515253c0c1c2c3c4c5c6c7":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_SUCCESS
+aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:12:0:"50515253c0c1c2c3c4c5c6c7":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_SUCCESS
 
 PSA Multipart Set Nonce: ChaCha20 - Poly1305, IV = 8
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
-aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:8:"":"":PSA_ERROR_INVALID_ARGUMENT
+aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:8:0:"":"":PSA_ERROR_INVALID_ARGUMENT
+
+PSA Multipart Set Nonce: ChaCha20 - Poly1305, IV = 0 (NULL)
+depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
+aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:0:1:"":"":PSA_ERROR_INVALID_ARGUMENT
 
 PSA Multipart Set Nonce: ChaCha20 - Poly1305, IV = 0
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
-aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:0:"":"":PSA_ERROR_INVALID_ARGUMENT
+aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:0:0:"":"":PSA_ERROR_INVALID_ARGUMENT
 
 PSA Multipart Set Nonce: ChaCha20 - Poly1305, IV = 16
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
-aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:16:"":"":PSA_ERROR_INVALID_ARGUMENT
+aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:16:0:"":"":PSA_ERROR_INVALID_ARGUMENT
 
 PSA AEAD output buffer test: AES - GCM, IN = 16, BUF = 10
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index b8023eeb1a..58e43870b8 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -3771,6 +3771,7 @@ exit:
 void aead_multipart_set_nonce( int key_type_arg, data_t *key_data,
                                int alg_arg,
                                int nonce_len,
+                               int allow_null_nonce_buffer,
                                data_t *additional_data,
                                data_t *input_data,
                                int expected_status_arg )
@@ -3829,11 +3830,22 @@ void aead_multipart_set_nonce( int key_type_arg, data_t *key_data,
 
     PSA_ASSERT( status );
 
-    ASSERT_ALLOC( nonce_buffer, nonce_len );
-
-    for( index = 0; index < nonce_len - 1; ++index)
+    if( nonce_len == 0 )
     {
-        nonce_buffer[index] = 'a' + index;
+        if( !allow_null_nonce_buffer )
+        {
+            /* Arbitrary size buffer, to test zero length valid buffer. */
+            ASSERT_ALLOC( nonce_buffer, 4 );
+        }
+    }
+    else
+    {
+        ASSERT_ALLOC( nonce_buffer, nonce_len );
+
+        for( index = 0; index < nonce_len - 1; ++index)
+        {
+            nonce_buffer[index] = 'a' + index;
+        }
     }
 
     status = psa_aead_set_nonce( &operation, nonce_buffer, nonce_len );

From 0dc86b5a2ac807deaa26fa6a7975ac1d5b4ec1d9 Mon Sep 17 00:00:00 2001
From: Archana <archana.madhavan@silabs.com>
Date: Wed, 14 Jul 2021 13:59:48 +0530
Subject: [PATCH 289/966] Remove dependency of builtin keys on storage

The psa_open_key API depends on MBEDTLS_PSA_CRYPTO_STORAGE_C.
This is unnecessary for builtin keys and so is fixed.
Updated an open_fail test vector keeping with the same.

Signed-off-by: Archana <archana.madhavan@silabs.com>
---
 library/psa_crypto_slot_management.c                    | 7 ++++---
 tests/suites/test_suite_psa_crypto_slot_management.data | 2 +-
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c
index 4131e3cc47..32a6bb259e 100644
--- a/library/psa_crypto_slot_management.c
+++ b/library/psa_crypto_slot_management.c
@@ -470,7 +470,8 @@ psa_status_t psa_validate_key_persistence( psa_key_lifetime_t lifetime )
 
 psa_status_t psa_open_key( mbedtls_svc_key_id_t key, psa_key_handle_t *handle )
 {
-#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
+#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) || \
+    defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
     psa_status_t status;
     psa_key_slot_t *slot;
 
@@ -488,11 +489,11 @@ psa_status_t psa_open_key( mbedtls_svc_key_id_t key, psa_key_handle_t *handle )
 
     return( psa_unlock_key_slot( slot ) );
 
-#else /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
+#else /* MBEDTLS_PSA_CRYPTO_STORAGE_C || MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
     (void) key;
     *handle = PSA_KEY_HANDLE_INIT;
     return( PSA_ERROR_NOT_SUPPORTED );
-#endif /* !defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
+#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C || MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
 }
 
 psa_status_t psa_close_key( psa_key_handle_t handle )
diff --git a/tests/suites/test_suite_psa_crypto_slot_management.data b/tests/suites/test_suite_psa_crypto_slot_management.data
index 68b196d32a..1477734165 100644
--- a/tests/suites/test_suite_psa_crypto_slot_management.data
+++ b/tests/suites/test_suite_psa_crypto_slot_management.data
@@ -160,7 +160,7 @@ depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
 create_fail:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_ID_USER_MAX + 1:PSA_ERROR_INVALID_ARGUMENT
 
 Open not supported
-depends_on:!MBEDTLS_PSA_CRYPTO_STORAGE_C
+depends_on:!MBEDTLS_PSA_CRYPTO_STORAGE_C:!MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS
 open_fail:1:PSA_ERROR_NOT_SUPPORTED
 
 Create not supported

From f7fce9200c73bbbfc92116a94f8d1d856422096e Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Tue, 17 Aug 2021 13:16:08 +0800
Subject: [PATCH 290/966] Remove rsa_pss_rsae_sha256 from preset_sig_algs.

To keep consistent with ssl_{clien2t,server2}.

Change-Id: I08dbe47a3d9b778ba3acad283f608fef4e63c626
CustomizedGitHooks: yes
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_tls.c | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 07d468ca72..f97b47376e 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -6292,10 +6292,6 @@ static uint16_t ssl_preset_default_sig_algs[] = {
     MBEDTLS_TLS13_SIG_ECDSA_SECP521R1_SHA512,
 #endif /* MBEDTLS_SHA512_C && MBEDTLS_ECP_DP_SECP521R1_ENABLED */
 #endif /* MBEDTLS_ECDSA_C */
-    /* RSA algorithms */
-#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
-    MBEDTLS_TLS13_SIG_RSA_PSS_RSAE_SHA256,
-#endif
     MBEDTLS_TLS13_SIG_NONE
 };
 

From 7899de839cf26941be5525402078752839cdf6d7 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Tue, 17 Aug 2021 13:09:23 +0800
Subject: [PATCH 291/966] fix comments and format issues

Change-Id: I927d97f9d788389d6abb9edbda0f7c3e2f8e9b63
CustomizedGitHooks: yes
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 include/mbedtls/ssl.h | 9 +++++----
 library/ssl_tls.c     | 9 +--------
 2 files changed, 6 insertions(+), 12 deletions(-)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index c62f730b3e..c867e025c4 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1184,7 +1184,7 @@ struct mbedtls_ssl_config
     const int *MBEDTLS_PRIVATE(sig_hashes);          /*!< allowed signature hashes           */
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
-    const uint16_t* MBEDTLS_PRIVATE(tls13_sig_algs); /*!< allowed signature algorithms in TLS 1.3 */
+    const uint16_t *MBEDTLS_PRIVATE(tls13_sig_algs); /*!< allowed signature algorithms for TLS 1.3 */
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
 #endif
 
@@ -3036,9 +3036,10 @@ void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf,
  * \brief          Configure allowed signature algorithms for use in TLS 1.3
  *
  * \param conf     The SSL configuration to use.
- * \param sig_algs A 0-terminated list of IANA values for TLS 1.3 signature algorithms,
- *                 with the most preferred algorithm listed first. Supported values
- *                 are available as \c MBEDTLS_TLS13_SIG_XXX.
+ * \param sig_algs List of allowed IANA values for TLS 1.3 signature algorithms,
+ *                 terminated by \c MBEDTLS_TLS13_SIG_NONE. The list must remain
+ *                 available throughout the liftime of the conf object. Supported
+ *                 values are available as \c MBEDTLS_TLS13_SIG_XXXX
  */
 void mbedtls_ssl_conf_sig_algs( mbedtls_ssl_config *conf,
                                 const uint16_t* sig_algs );
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index f97b47376e..909a32a594 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -3935,14 +3935,7 @@ void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf,
 }
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
-/**
- * \brief          Configure allowed signature algorithms for use in TLS 1.3
- *
- * \param conf     The SSL configuration to use.
- * \param sig_algs A 0-terminated list of IANA values for TLS 1.3 signature algorithms,
- *                 with the most preferred algorithm listed first. Supported values
- *                 are available as \c MBEDTLS_TLS13_SIG_XXX.
- */
+/* Configure allowed signature algorithms for use in TLS 1.3 */
 void mbedtls_ssl_conf_sig_algs( mbedtls_ssl_config *conf,
                                 const uint16_t* sig_algs )
 {

From 5473be29142350fdb8b6f9b2c4c16319b8e5a169 Mon Sep 17 00:00:00 2001
From: Yuto Takano <yuto.takano@arm.com>
Date: Tue, 17 Aug 2021 10:14:01 +0100
Subject: [PATCH 292/966] Use a class variable for `quiet` instead of passing
 it around

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
---
 tests/scripts/check_names.py | 32 ++++++++++++--------------------
 1 file changed, 12 insertions(+), 20 deletions(-)

diff --git a/tests/scripts/check_names.py b/tests/scripts/check_names.py
index 10ed5bba39..16d5aba8b5 100755
--- a/tests/scripts/check_names.py
+++ b/tests/scripts/check_names.py
@@ -93,8 +93,9 @@ class Problem(): # pylint: disable=too-few-public-methods
     """
     A parent class representing a form of static analysis error.
     """
+    # Class variable to control the quietness of all problems
+    quiet = False
     def __init__(self):
-        self.quiet = False
         self.textwrapper = textwrap.TextWrapper()
         self.textwrapper.width = 80
         self.textwrapper.initial_indent = "    > "
@@ -644,8 +645,9 @@ class NameChecker():
         * quiet: whether to hide detailed problem explanation.
         """
         self.log.info("=============")
+        Problem.quiet = quiet
         problems = 0
-        problems += self.check_symbols_declared_in_header(quiet)
+        problems += self.check_symbols_declared_in_header()
 
         pattern_checks = [
             ("macros", MACRO_PATTERN),
@@ -653,9 +655,9 @@ class NameChecker():
             ("identifiers", IDENTIFIER_PATTERN)
         ]
         for group, check_pattern in pattern_checks:
-            problems += self.check_match_pattern(quiet, group, check_pattern)
+            problems += self.check_match_pattern(group, check_pattern)
 
-        problems += self.check_for_typos(quiet)
+        problems += self.check_for_typos()
 
         self.log.info("=============")
         if problems > 0:
@@ -669,15 +671,12 @@ class NameChecker():
             self.log.info("PASS")
             return 0
 
-    def check_symbols_declared_in_header(self, quiet):
+    def check_symbols_declared_in_header(self):
         """
         Perform a check that all detected symbols in the library object files
         are properly declared in headers.
         Assumes parse_names_in_source() was called before this.
 
-        Args:
-        * quiet: whether to hide detailed problem explanation.
-
         Returns the number of problems that need fixing.
         """
         problems = []
@@ -692,16 +691,15 @@ class NameChecker():
             if not found_symbol_declared:
                 problems.append(SymbolNotInHeader(symbol))
 
-        self.output_check_result(quiet, "All symbols in header", problems)
+        self.output_check_result("All symbols in header", problems)
         return len(problems)
 
-    def check_match_pattern(self, quiet, group_to_check, check_pattern):
+    def check_match_pattern(self, group_to_check, check_pattern):
         """
         Perform a check that all items of a group conform to a regex pattern.
         Assumes parse_names_in_source() was called before this.
 
         Args:
-        * quiet: whether to hide detailed problem explanation.
         * group_to_check: string key to index into self.parse_result.
         * check_pattern: the regex to check against.
 
@@ -717,20 +715,16 @@ class NameChecker():
                 problems.append(PatternMismatch("double underscore", item_match))
 
         self.output_check_result(
-            quiet,
             "Naming patterns of {}".format(group_to_check),
             problems)
         return len(problems)
 
-    def check_for_typos(self, quiet):
+    def check_for_typos(self):
         """
         Perform a check that all words in the soure code beginning with MBED are
         either defined as macros, or as enum constants.
         Assumes parse_names_in_source() was called before this.
 
-        Args:
-        * quiet: whether to hide detailed problem explanation.
-
         Returns the number of problems that need fixing.
         """
         problems = []
@@ -757,23 +751,21 @@ class NameChecker():
             if not found and not typo_exclusion.search(name_match.name):
                 problems.append(Typo(name_match))
 
-        self.output_check_result(quiet, "Likely typos", problems)
+        self.output_check_result("Likely typos", problems)
         return len(problems)
 
-    def output_check_result(self, quiet, name, problems):
+    def output_check_result(self, name, problems):
         """
         Write out the PASS/FAIL status of a performed check depending on whether
         there were problems.
 
         Args:
-        * quiet: whether to hide detailed problem explanation.
         * name: the name of the test
         * problems: a List of encountered Problems
         """
         if problems:
             self.log.info("{}: FAIL\n".format(name))
             for problem in problems:
-                problem.quiet = quiet
                 self.log.warning(str(problem))
         else:
             self.log.info("{}: PASS".format(name))

From b1417b4554bd7b52d6b413035df1a886c3ef6152 Mon Sep 17 00:00:00 2001
From: Yuto Takano <yuto.takano@arm.com>
Date: Tue, 17 Aug 2021 10:30:20 +0100
Subject: [PATCH 293/966] Use Enums for the enum-parsing state machine

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
---
 tests/scripts/check_names.py | 46 ++++++++++++++++++++++--------------
 1 file changed, 28 insertions(+), 18 deletions(-)

diff --git a/tests/scripts/check_names.py b/tests/scripts/check_names.py
index 16d5aba8b5..ecb00454a6 100755
--- a/tests/scripts/check_names.py
+++ b/tests/scripts/check_names.py
@@ -49,6 +49,7 @@ import os
 import sys
 import traceback
 import re
+import enum
 import shutil
 import subprocess
 import logging
@@ -390,27 +391,33 @@ class CodeParser():
         files = self.get_files(include, exclude)
         self.log.debug("Looking for enum consts in {} files".format(len(files)))
 
+        # Emulate a finite state machine to parse enum declarations.
+        # OUTSIDE_KEYWORD = outside the enum keyword
+        # IN_BRACES = inside enum opening braces
+        # IN_BETWEEN = between enum keyword and opening braces
+        states = enum.Enum("FSM", ["OUTSIDE_KEYWORD", "IN_BRACES", "IN_BETWEEN"])
         enum_consts = []
         for header_file in files:
-            # Emulate a finite state machine to parse enum declarations.
-            # 0 = not in enum
-            # 1 = inside enum
-            # 2 = almost inside enum
-            state = 0
+            state = states.OUTSIDE_KEYWORD
             with open(header_file, "r", encoding="utf-8") as header:
                 for line_no, line in enumerate(header):
                     # Match typedefs and brackets only when they are at the
                     # beginning of the line -- if they are indented, they might
                     # be sub-structures within structs, etc.
-                    if state == 0 and re.search(r"^(typedef +)?enum +{", line):
-                        state = 1
-                    elif state == 0 and re.search(r"^(typedef +)?enum", line):
-                        state = 2
-                    elif state == 2 and re.search(r"^{", line):
-                        state = 1
-                    elif state == 1 and re.search(r"^}", line):
-                        state = 0
-                    elif state == 1 and not re.search(r"^ *#", line):
+                    if (state == states.OUTSIDE_KEYWORD and
+                        re.search(r"^(typedef +)?enum +{", line)):
+                        state = states.IN_BRACES
+                    elif (state == states.OUTSIDE_KEYWORD and
+                          re.search(r"^(typedef +)?enum", line)):
+                        state = states.IN_BETWEEN
+                    elif (state == states.IN_BETWEEN and
+                          re.search(r"^{", line)):
+                        state = states.IN_BRACES
+                    elif (state == states.IN_BRACES and
+                          re.search(r"^}", line)):
+                        state = states.OUTSIDE_KEYWORD
+                    elif (state == states.IN_BRACES and
+                          not re.search(r"^ *#", line)):
                         enum_const = re.search(r"^ *(?P<enum_const>\w+)", line)
                         if not enum_const:
                             continue
@@ -418,7 +425,9 @@ class CodeParser():
                         enum_consts.append(Match(
                             header_file,
                             line,
-                            (line_no, enum_const.start(), enum_const.end()),
+                            (line_no,
+                             enum_const.start("enum_const"),
+                             enum_const.end("enum_const")),
                             enum_const.group("enum_const")))
 
         return enum_consts
@@ -426,8 +435,8 @@ class CodeParser():
     def parse_identifiers(self, include, exclude=None):
         """
         Parse all lines of a header where a function/enum/struct/union/typedef
-        identifier is declared, based on some heuristics. Highly dependent on
-        formatting style.
+        identifier is declared, based on some regex and heuristics. Highly
+        dependent on formatting style.
 
         Args:
         * include: A List of glob expressions to look for files through.
@@ -469,7 +478,8 @@ class CodeParser():
             with open(header_file, "r", encoding="utf-8") as header:
                 in_block_comment = False
                 # The previous line variable is used for concatenating lines
-                # when identifiers are formatted and spread across multiple.
+                # when identifiers are formatted and spread across multiple
+                # lines.
                 previous_line = ""
 
                 for line_no, line in enumerate(header):

From 704b0f77e1eeed77d7653edb20e5df0ef8ae7ba0 Mon Sep 17 00:00:00 2001
From: Yuto Takano <yuto.takano@arm.com>
Date: Tue, 17 Aug 2021 10:41:23 +0100
Subject: [PATCH 294/966] Use .span() for positions, and separate line_no
 argument in Match

This reverts a previous change where line_no was removed and put into
a triple tuple. It was discovered that re.Match.span() conveniently
returns (start, end), so separating line_no again makes the code cleaner.
The legibility of the code heavily outweighs the issues pointed out by
Pylint (hence disabled).

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
---
 tests/scripts/check_names.py | 32 ++++++++++++++++++--------------
 1 file changed, 18 insertions(+), 14 deletions(-)

diff --git a/tests/scripts/check_names.py b/tests/scripts/check_names.py
index ecb00454a6..604dfd4162 100755
--- a/tests/scripts/check_names.py
+++ b/tests/scripts/check_names.py
@@ -67,13 +67,15 @@ class Match(): # pylint: disable=too-few-public-methods
     Fields:
     * filename: the file that the match was in.
     * line: the full line containing the match.
-    * pos: a tuple of (line_no, start, end) positions on the file line where the
-           match is.
+    * line_no: the line number.
+    * pos: a tuple of (start, end) positions on the line where the match is.
     * name: the match itself.
     """
-    def __init__(self, filename, line, pos, name):
+    def __init__(self, filename, line, line_no, pos, name):
+        # pylint: disable=too-many-arguments
         self.filename = filename
         self.line = line
+        self.line_no = line_no
         self.pos = pos
         self.name = name
 
@@ -81,8 +83,8 @@ class Match(): # pylint: disable=too-few-public-methods
         """
         Return a formatted code listing representation of the erroneous line.
         """
-        gutter = format(self.pos[0], "4d")
-        underline = self.pos[1] * " " + (self.pos[2] - self.pos[1]) * "^"
+        gutter = format(self.line_no, "4d")
+        underline = self.pos[0] * " " + (self.pos[1] - self.pos[0]) * "^"
 
         return (
             " {0} |\n".format(" " * len(gutter)) +
@@ -338,7 +340,8 @@ class CodeParser():
                         macros.append(Match(
                             header_file,
                             line,
-                            (line_no, macro.start(), macro.end()),
+                            line_no,
+                            macro.span("macro"),
                             macro.group("macro")))
 
         return macros
@@ -372,9 +375,9 @@ class CodeParser():
                         mbed_words.append(Match(
                             filename,
                             line,
-                            (line_no, name.start(), name.end()),
-                            name.group(0)
-                            ))
+                            line_no,
+                            name.span(0),
+                            name.group(0)))
 
         return mbed_words
 
@@ -425,9 +428,8 @@ class CodeParser():
                         enum_consts.append(Match(
                             header_file,
                             line,
-                            (line_no,
-                             enum_const.start("enum_const"),
-                             enum_const.end("enum_const")),
+                            line_no,
+                            enum_const.span("enum_const"),
                             enum_const.group("enum_const")))
 
         return enum_consts
@@ -533,7 +535,8 @@ class CodeParser():
                         identifiers.append(Match(
                             header_file,
                             line,
-                            (line_no, identifier.start(), identifier.end()),
+                            line_no,
+                            identifier.span(),
                             group))
 
         return identifiers
@@ -722,7 +725,8 @@ class NameChecker():
                 problems.append(PatternMismatch(check_pattern, item_match))
             # Double underscore should not be used for names
             if re.search(r".*__.*", item_match.name):
-                problems.append(PatternMismatch("double underscore", item_match))
+                problems.append(
+                    PatternMismatch("no double underscore allowed", item_match))
 
         self.output_check_result(
             "Naming patterns of {}".format(group_to_check),

From 4b7d23dfa6cf6806c8bcd500000b5ea749f22ae5 Mon Sep 17 00:00:00 2001
From: Yuto Takano <yuto.takano@arm.com>
Date: Tue, 17 Aug 2021 10:48:22 +0100
Subject: [PATCH 295/966] Separate make clean and make lib in check_names

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
---
 tests/scripts/check_names.py | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/tests/scripts/check_names.py b/tests/scripts/check_names.py
index 604dfd4162..3f65b44d0c 100755
--- a/tests/scripts/check_names.py
+++ b/tests/scripts/check_names.py
@@ -569,8 +569,15 @@ class CodeParser():
             )
             my_environment = os.environ.copy()
             my_environment["CFLAGS"] = "-fno-asynchronous-unwind-tables"
+            # Run make clean separately to lib to prevent unwanted behavior when
+            # make is invoked with parallelism.
             subprocess.run(
-                ["make", "clean", "lib"],
+                ["make", "clean"],
+                universal_newlines=True,
+                check=True
+            )
+            subprocess.run(
+                ["make", "lib"],
                 env=my_environment,
                 universal_newlines=True,
                 stdout=subprocess.PIPE,

From 3590691bad2d8f1a4cef47edc00114a8ba4faab6 Mon Sep 17 00:00:00 2001
From: Yuto Takano <yuto.takano@arm.com>
Date: Tue, 17 Aug 2021 11:05:43 +0100
Subject: [PATCH 296/966] Fix issues raised by Pylint 2.4.4 on CI

Locally they were unreported by Pylint 2.9.2.

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
---
 tests/scripts/check_names.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/tests/scripts/check_names.py b/tests/scripts/check_names.py
index 3f65b44d0c..a5cbd70cae 100755
--- a/tests/scripts/check_names.py
+++ b/tests/scripts/check_names.py
@@ -408,7 +408,7 @@ class CodeParser():
                     # beginning of the line -- if they are indented, they might
                     # be sub-structures within structs, etc.
                     if (state == states.OUTSIDE_KEYWORD and
-                        re.search(r"^(typedef +)?enum +{", line)):
+                            re.search(r"^(typedef +)?enum +{", line)):
                         state = states.IN_BRACES
                     elif (state == states.OUTSIDE_KEYWORD and
                           re.search(r"^(typedef +)?enum", line)):
@@ -461,9 +461,10 @@ class CodeParser():
             # Match names of typedef instances, after closing bracket.
             r"}? *(\w+)[;[].*"
         )
+        # The regex below is indented for clarity.
         exclusion_lines = re.compile(
             r"^("
-                r"extern +\"C\"|"
+                r"extern +\"C\"|" # pylint: disable=bad-continuation
                 r"(typedef +)?(struct|union|enum)( *{)?$|"
                 r"} *;?$|"
                 r"$|"

From 7276f13c9385fdaba52be47a6a528a9e7217dd35 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Tue, 17 Aug 2021 18:25:48 +0800
Subject: [PATCH 297/966] fix comments for sig_algs parser

Change-Id: I68bd691c4b67fb18ff9d55ead34f5517b1b981de
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 programs/ssl/ssl_client2.c | 2 +-
 programs/ssl/ssl_server2.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 17b1ccf939..08f993466d 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -1482,7 +1482,7 @@ int main( int argc, char *argv[] )
         p = (char *) opt.sig_algs;
         i = 0;
 
-        /* Leave room for a final NULL in signature algorithm list */
+        /* Leave room for a final MBEDTLS_TLS13_SIG_NONE in signature algorithm list(sig_alg_list) */
         while( i < SIG_ALG_LIST_SIZE - 1 && *p != '\0' )
         {
             q = p;
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index c7110e850e..d5ec6a7cd4 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -2205,7 +2205,7 @@ int main( int argc, char *argv[] )
         p = (char *) opt.sig_algs;
         i = 0;
 
-        /* Leave room for a final NULL in signature algorithm list */
+        /* Leave room for a final MBEDTLS_TLS13_SIG_NONE in signature algorithm list(sig_alg_list) */
         while( i < SIG_ALG_LIST_SIZE - 1 && *p != '\0' )
         {
             q = p;

From 71432096042951b894fb300a7cc7b59c7a69c8f9 Mon Sep 17 00:00:00 2001
From: Yuto Takano <yuto.takano@arm.com>
Date: Tue, 17 Aug 2021 12:44:16 +0100
Subject: [PATCH 298/966] Remove unused imports in list_internal_identifiers.py

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
---
 tests/scripts/list_internal_identifiers.py | 2 --
 1 file changed, 2 deletions(-)

diff --git a/tests/scripts/list_internal_identifiers.py b/tests/scripts/list_internal_identifiers.py
index d1b55138f1..779a16ffbc 100755
--- a/tests/scripts/list_internal_identifiers.py
+++ b/tests/scripts/list_internal_identifiers.py
@@ -30,8 +30,6 @@ Must be run from Mbed TLS root.
 
 import argparse
 import logging
-import traceback
-import sys
 from check_names import CodeParser
 
 def main():

From 8c51b73c86beca145271acdfa400631e5456fd7d Mon Sep 17 00:00:00 2001
From: lhuang04 <lhuang04@fb.com>
Date: Sat, 14 Aug 2021 05:56:07 -0700
Subject: [PATCH 299/966] Update CMake version for CMP0090

Summary:
[CMP0090](https://cmake.org/cmake/help/latest/policy/CMP0090.html) was introduced in CMake version 3.15. The CMake version guard
should be greater or equal to 3.15.
My cmake version is 3.14.5, and run into the following error.

```
cmake --version
cmake version 3.14.5
```

```
CMake Error at CMakeLists.txt:338 (cmake_policy):
  Policy "CMP0090" is not known to this version of CMake.

-- Configuring incomplete, errors occurred!

Test Plan:
```
cmake
```

Signed-off-by: lhuang04 <lhuang04@fb.com>
---
 CMakeLists.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index cf74af53c4..210aba4893 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -330,7 +330,7 @@ install(
     DESTINATION "cmake"
     FILE "MbedTLSTargets.cmake")
 
-if(CMAKE_VERSION VERSION_GREATER 3.14)
+if(CMAKE_VERSION VERSION_GREATER 3.15 OR CMAKE_VERSION VERSION_EQUAL 3.15)
     # Do not export the package by default
     cmake_policy(SET CMP0090 NEW)
 

From 447a3bee1774e260d53dd3df47ebbe00f9a26f82 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Wed, 18 Aug 2021 09:55:32 +0800
Subject: [PATCH 300/966] fix wrong typo and format issues

Change-Id: I99a4c7d28c26bfcc43bc8947485d1dfafb6974dc
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 include/mbedtls/ssl.h      | 2 +-
 programs/ssl/ssl_client2.c | 2 +-
 programs/ssl/ssl_server2.c | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index c867e025c4..f537e864a9 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -3038,7 +3038,7 @@ void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf,
  * \param conf     The SSL configuration to use.
  * \param sig_algs List of allowed IANA values for TLS 1.3 signature algorithms,
  *                 terminated by \c MBEDTLS_TLS13_SIG_NONE. The list must remain
- *                 available throughout the liftime of the conf object. Supported
+ *                 available throughout the lifetime of the conf object. Supported
  *                 values are available as \c MBEDTLS_TLS13_SIG_XXXX
  */
 void mbedtls_ssl_conf_sig_algs( mbedtls_ssl_config *conf,
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 08f993466d..1400961b8c 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -1482,7 +1482,7 @@ int main( int argc, char *argv[] )
         p = (char *) opt.sig_algs;
         i = 0;
 
-        /* Leave room for a final MBEDTLS_TLS13_SIG_NONE in signature algorithm list(sig_alg_list) */
+        /* Leave room for a final MBEDTLS_TLS13_SIG_NONE in signature algorithm list (sig_alg_list). */
         while( i < SIG_ALG_LIST_SIZE - 1 && *p != '\0' )
         {
             q = p;
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index d5ec6a7cd4..b9a789e729 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -2205,7 +2205,7 @@ int main( int argc, char *argv[] )
         p = (char *) opt.sig_algs;
         i = 0;
 
-        /* Leave room for a final MBEDTLS_TLS13_SIG_NONE in signature algorithm list(sig_alg_list) */
+        /* Leave room for a final MBEDTLS_TLS13_SIG_NONE in signature algorithm list (sig_alg_list). */
         while( i < SIG_ALG_LIST_SIZE - 1 && *p != '\0' )
         {
             q = p;

From 5f831719994c94606933a70bc275194efc87b0f4 Mon Sep 17 00:00:00 2001
From: Yuto Takano <yuto.takano@arm.com>
Date: Wed, 18 Aug 2021 18:03:24 +0100
Subject: [PATCH 301/966] Fix listing line number wrongly using start char pos

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
---
 tests/scripts/check_names.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/tests/scripts/check_names.py b/tests/scripts/check_names.py
index a5cbd70cae..0eba96740c 100755
--- a/tests/scripts/check_names.py
+++ b/tests/scripts/check_names.py
@@ -144,14 +144,14 @@ class PatternMismatch(Problem): # pylint: disable=too-few-public-methods
         if self.quiet:
             return (
                 "{0}:{1}:{2}"
-                .format(self.match.filename, self.match.pos[0], self.match.name)
+                .format(self.match.filename, self.match.line_no, self.match.name)
             )
 
         return self.textwrapper.fill(
             "{0}:{1}: '{2}' does not match the required pattern '{3}'."
             .format(
                 self.match.filename,
-                self.match.pos[0],
+                self.match.line_no,
                 self.match.name,
                 self.pattern
             )
@@ -173,14 +173,14 @@ class Typo(Problem): # pylint: disable=too-few-public-methods
         if self.quiet:
             return (
                 "{0}:{1}:{2}"
-                .format(self.match.filename, self.match.pos[0], self.match.name)
+                .format(self.match.filename, self.match.line_no, self.match.name)
             )
 
         return self.textwrapper.fill(
             "{0}:{1}: '{2}' looks like a typo. It was not found in any "
             "macros or any enums. If this is not a typo, put "
             "//no-check-names after it."
-            .format(self.match.filename, self.match.pos[0], self.match.name)
+            .format(self.match.filename, self.match.line_no, self.match.name)
         ) + "\n" + str(self.match)
 
 class CodeParser():

From 50dde56543f28fe138f55afea72ce161f61ddf27 Mon Sep 17 00:00:00 2001
From: Joe Subbiani <joe.subbiani@arm.com>
Date: Tue, 22 Jun 2021 15:51:53 +0100
Subject: [PATCH 302/966] Implement byte reading macros into library/

To improve readability by saving horizontal and vertical space.
Removed unecessary & 0xFF.
Byte reading macros implemented in library/common.h, All files
containing "& 0xff" were modified.
Comments/Documentation not yet added to the macro definitions.

Fixes #4274

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
---
 library/common.h       | 10 ++++++++++
 library/ctr_drbg.c     |  8 ++++----
 library/nist_kw.c      |  2 +-
 library/psa_crypto.c   |  4 ++--
 library/psa_its_file.c | 16 ++++++++--------
 library/ssl_msg.c      | 14 +++++++-------
 library/ssl_ticket.c   |  4 ++--
 7 files changed, 34 insertions(+), 24 deletions(-)

diff --git a/library/common.h b/library/common.h
index 9e4b0312b1..baef72d480 100644
--- a/library/common.h
+++ b/library/common.h
@@ -66,4 +66,14 @@ extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const c
  */
 #define MBEDTLS_ALLOW_PRIVATE_ACCESS
 
+/** Byte Reading Macros
+ * 
+ * To tidy up code and save horizontal and vertical space, use byte 
+ * reading macros to cast
+ */
+#define BYTE_0( x ) ( (uint8_t) ( ( x ) & 0xff )  )
+#define BYTE_1( x ) ( (uint8_t) ( ( ( x ) >> 8 ) & 0xff )  )
+#define BYTE_2( x ) ( (uint8_t) ( ( ( x ) >> 16 ) & 0xff ) )
+#define BYTE_3( x ) ( (uint8_t) ( ( ( x ) >> 24 ) & 0xff ) )
+
 #endif /* MBEDTLS_LIBRARY_COMMON_H */
diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c
index b664fb0fc7..d52d9ef254 100644
--- a/library/ctr_drbg.c
+++ b/library/ctr_drbg.c
@@ -152,10 +152,10 @@ static int block_cipher_df( unsigned char *output,
      *     (Total is padded to a multiple of 16-bytes with zeroes)
      */
     p = buf + MBEDTLS_CTR_DRBG_BLOCKSIZE;
-    *p++ = ( data_len >> 24 ) & 0xff;
-    *p++ = ( data_len >> 16 ) & 0xff;
-    *p++ = ( data_len >> 8  ) & 0xff;
-    *p++ = ( data_len       ) & 0xff;
+    *p++ = BYTE_3( data_len );
+    *p++ = BYTE_2( data_len );
+    *p++ = BYTE_1( data_len );
+    *p++ = BYTE_0( data_len );
     p += 3;
     *p++ = MBEDTLS_CTR_DRBG_SEEDLEN;
     memcpy( p, data, data_len );
diff --git a/library/nist_kw.c b/library/nist_kw.c
index 5054ca206b..3fff2b7f85 100644
--- a/library/nist_kw.c
+++ b/library/nist_kw.c
@@ -169,7 +169,7 @@ static void calc_a_xor_t( unsigned char A[KW_SEMIBLOCK_LENGTH], uint64_t t )
     size_t i = 0;
     for( i = 0; i < sizeof( t ); i++ )
     {
-        A[i] ^= ( t >> ( ( sizeof( t ) - 1 - i ) * 8 ) ) & 0xff;
+        A[i] ^= BYTE_0( t >> ( ( sizeof( t ) - 1 - i ) * 8 ) );
     }
 }
 
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 3574b9842a..b46e023e5d 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -4506,8 +4506,8 @@ static psa_status_t psa_tls12_prf_psk_to_ms_set_key(
      * uint16 with the value N, and the PSK itself.
      */
 
-    *cur++ = ( data_length >> 8 ) & 0xff;
-    *cur++ = ( data_length >> 0 ) & 0xff;
+    *cur++ = BYTE_1( data_length );
+    *cur++ = BYTE_0( data_length );
     memset( cur, 0, data_length );
     cur += data_length;
     *cur++ = pms[0];
diff --git a/library/psa_its_file.c b/library/psa_its_file.c
index 492be1c711..66043b502e 100644
--- a/library/psa_its_file.c
+++ b/library/psa_its_file.c
@@ -191,14 +191,14 @@ psa_status_t psa_its_set( psa_storage_uid_t uid,
     size_t n;
 
     memcpy( header.magic, PSA_ITS_MAGIC_STRING, PSA_ITS_MAGIC_LENGTH );
-    header.size[0] = data_length & 0xff;
-    header.size[1] = ( data_length >> 8 ) & 0xff;
-    header.size[2] = ( data_length >> 16 ) & 0xff;
-    header.size[3] = ( data_length >> 24 ) & 0xff;
-    header.flags[0] = create_flags & 0xff;
-    header.flags[1] = ( create_flags >> 8 ) & 0xff;
-    header.flags[2] = ( create_flags >> 16 ) & 0xff;
-    header.flags[3] = ( create_flags >> 24 ) & 0xff;
+    header.size[0] = BYTE_0( data_length );
+    header.size[1] = BYTE_1( data_length );
+    header.size[2] = BYTE_2( data_length );
+    header.size[3] = BYTE_3( data_length );
+    header.flags[0] = BYTE_0( create_flags );
+    header.flags[1] = BYTE_1( create_flags );
+    header.flags[2] = BYTE_2( create_flags );
+    header.flags[3] = BYTE_3( create_flags );
 
     psa_its_fill_filename( uid, filename );
     stream = fopen( PSA_ITS_STORAGE_TEMP, "wb" );
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index a03f19251d..1fd9420c24 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -2254,14 +2254,14 @@ int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl )
              * copy beginning of headers then fill fragmentation fields.
              * Handshake headers: type(1) len(3) seq(2) f_off(3) f_len(3) */
             memcpy( ssl->out_msg, cur->p, 6 );
+            
+            ssl->out_msg[6] = BYTE_2( frag_off );
+            ssl->out_msg[7] = BYTE_1( frag_off );
+            ssl->out_msg[8] = BYTE_0( frag_off );
 
-            ssl->out_msg[6] = ( ( frag_off >> 16 ) & 0xff );
-            ssl->out_msg[7] = ( ( frag_off >>  8 ) & 0xff );
-            ssl->out_msg[8] = ( ( frag_off       ) & 0xff );
-
-            ssl->out_msg[ 9] = ( ( cur_hs_frag_len >> 16 ) & 0xff );
-            ssl->out_msg[10] = ( ( cur_hs_frag_len >>  8 ) & 0xff );
-            ssl->out_msg[11] = ( ( cur_hs_frag_len       ) & 0xff );
+            ssl->out_msg[ 9] = BYTE_2( cur_hs_frag_len );
+            ssl->out_msg[10] = BYTE_1( cur_hs_frag_len );
+            ssl->out_msg[11] = BYTE_0( cur_hs_frag_len );
 
             MBEDTLS_SSL_DEBUG_BUF( 3, "handshake header", ssl->out_msg, 12 );
 
diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c
index 940e1a67a2..29d8345750 100644
--- a/library/ssl_ticket.c
+++ b/library/ssl_ticket.c
@@ -245,8 +245,8 @@ int mbedtls_ssl_ticket_write( void *p_ticket,
     {
          goto cleanup;
     }
-    state_len_bytes[0] = ( clear_len >> 8 ) & 0xff;
-    state_len_bytes[1] = ( clear_len      ) & 0xff;
+    state_len_bytes[0] = BYTE_1( clear_len );
+    state_len_bytes[1] = BYTE_0( clear_len );
 
     /* Encrypt and authenticate */
     if( ( ret = mbedtls_cipher_auth_encrypt_ext( &key->ctx,

From 3b394509da07fd7b78a9d9396d838bd588c6ba59 Mon Sep 17 00:00:00 2001
From: Joe Subbiani <joe.subbiani@arm.com>
Date: Wed, 23 Jun 2021 11:23:44 +0100
Subject: [PATCH 303/966] Move BYTES_TO_U32_LE to common.h

The macro BYTES_TO_U32_LE appears in poly1305.c and
chacha20.c.
Removes duplicate code and save vertical
space the macro has been moved to common.h.
Improves maintainability.

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
---
 library/chacha20.c |  7 -------
 library/common.h   | 14 ++++++++++++--
 library/poly1305.c |  7 -------
 3 files changed, 12 insertions(+), 16 deletions(-)

diff --git a/library/chacha20.c b/library/chacha20.c
index 78467d3fc6..9862ea535a 100644
--- a/library/chacha20.c
+++ b/library/chacha20.c
@@ -54,13 +54,6 @@
 #define CHACHA20_VALIDATE( cond )                                           \
     MBEDTLS_INTERNAL_VALIDATE( cond )
 
-#define BYTES_TO_U32_LE( data, offset )                           \
-    ( (uint32_t) (data)[offset]                                   \
-      | (uint32_t) ( (uint32_t) (data)[( offset ) + 1] << 8 )     \
-      | (uint32_t) ( (uint32_t) (data)[( offset ) + 2] << 16 )    \
-      | (uint32_t) ( (uint32_t) (data)[( offset ) + 3] << 24 )    \
-    )
-
 #define ROTL32( value, amount ) \
     ( (uint32_t) ( (value) << (amount) ) | ( (value) >> ( 32 - (amount) ) ) )
 
diff --git a/library/common.h b/library/common.h
index baef72d480..500e5d4c7d 100644
--- a/library/common.h
+++ b/library/common.h
@@ -71,9 +71,19 @@ extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const c
  * To tidy up code and save horizontal and vertical space, use byte 
  * reading macros to cast
  */
-#define BYTE_0( x ) ( (uint8_t) ( ( x ) & 0xff )  )
-#define BYTE_1( x ) ( (uint8_t) ( ( ( x ) >> 8 ) & 0xff )  )
+#define BYTE_0( x ) ( (uint8_t) ( ( x ) & 0xff ) )
+#define BYTE_1( x ) ( (uint8_t) ( ( ( x ) >> 8  ) & 0xff ) )
 #define BYTE_2( x ) ( (uint8_t) ( ( ( x ) >> 16 ) & 0xff ) )
 #define BYTE_3( x ) ( (uint8_t) ( ( ( x ) >> 24 ) & 0xff ) )
 
+/** 
+ * 
+ */
+#define BYTES_TO_U32_LE( data, offset )                         \
+    ( (uint32_t) (data)[offset]                                 \
+      | (uint32_t) ( (uint32_t) (data)[( offset ) + 1] << 8 )   \
+      | (uint32_t) ( (uint32_t) (data)[( offset ) + 2] << 16 )  \
+      | (uint32_t) ( (uint32_t) (data)[( offset ) + 3] << 24 )  \
+    )
+
 #endif /* MBEDTLS_LIBRARY_COMMON_H */
diff --git a/library/poly1305.c b/library/poly1305.c
index 492d1457d4..a30b1707ed 100644
--- a/library/poly1305.c
+++ b/library/poly1305.c
@@ -52,13 +52,6 @@
 
 #define POLY1305_BLOCK_SIZE_BYTES ( 16U )
 
-#define BYTES_TO_U32_LE( data, offset )                           \
-    ( (uint32_t) (data)[offset]                                     \
-          | (uint32_t) ( (uint32_t) (data)[( offset ) + 1] << 8 )   \
-          | (uint32_t) ( (uint32_t) (data)[( offset ) + 2] << 16 )  \
-          | (uint32_t) ( (uint32_t) (data)[( offset ) + 3] << 24 )  \
-    )
-
 /*
  * Our implementation is tuned for 32-bit platforms with a 64-bit multiplier.
  * However we provided an alternative for platforms without such a multiplier.

From 30d974c232cfdff6b91856c99ac8c11de3135915 Mon Sep 17 00:00:00 2001
From: Joe Subbiani <joe.subbiani@arm.com>
Date: Wed, 23 Jun 2021 11:49:03 +0100
Subject: [PATCH 304/966] Move UINT32_BE macros to common.h

32-bit integer manipulation macros (big edian):
GET_UINT32_BE and PUT_UINT32_BE appear in several
files in library/.
Removes duplicate code and save vertical
space the macro has been moved to common.h.
Improves maintainability.

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
---
 library/camellia.c | 23 -----------------------
 library/common.h   | 23 +++++++++++++++++++++++
 library/des.c      | 23 -----------------------
 library/gcm.c      | 23 -----------------------
 library/nist_kw.c  | 20 --------------------
 library/sha1.c     | 23 -----------------------
 library/sha256.c   | 23 -----------------------
 7 files changed, 23 insertions(+), 135 deletions(-)

diff --git a/library/camellia.c b/library/camellia.c
index f7e013611b..0817b1d292 100644
--- a/library/camellia.c
+++ b/library/camellia.c
@@ -49,29 +49,6 @@
 #define CAMELLIA_VALIDATE( cond )                                           \
     MBEDTLS_INTERNAL_VALIDATE( cond )
 
-/*
- * 32-bit integer manipulation macros (big endian)
- */
-#ifndef GET_UINT32_BE
-#define GET_UINT32_BE(n,b,i)                            \
-{                                                       \
-    (n) = ( (uint32_t) (b)[(i)    ] << 24 )             \
-        | ( (uint32_t) (b)[(i) + 1] << 16 )             \
-        | ( (uint32_t) (b)[(i) + 2] <<  8 )             \
-        | ( (uint32_t) (b)[(i) + 3]       );            \
-}
-#endif
-
-#ifndef PUT_UINT32_BE
-#define PUT_UINT32_BE(n,b,i)                            \
-{                                                       \
-    (b)[(i)    ] = (unsigned char) ( (n) >> 24 );       \
-    (b)[(i) + 1] = (unsigned char) ( (n) >> 16 );       \
-    (b)[(i) + 2] = (unsigned char) ( (n) >>  8 );       \
-    (b)[(i) + 3] = (unsigned char) ( (n)       );       \
-}
-#endif
-
 static const unsigned char SIGMA_CHARS[6][8] =
 {
     { 0xa0, 0x9e, 0x66, 0x7f, 0x3b, 0xcc, 0x90, 0x8b },
diff --git a/library/common.h b/library/common.h
index 500e5d4c7d..b3b70dc62f 100644
--- a/library/common.h
+++ b/library/common.h
@@ -76,6 +76,29 @@ extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const c
 #define BYTE_2( x ) ( (uint8_t) ( ( ( x ) >> 16 ) & 0xff ) )
 #define BYTE_3( x ) ( (uint8_t) ( ( ( x ) >> 24 ) & 0xff ) )
 
+/*
+ * 32-bit integer manipulation macros (big endian)
+ */
+#ifndef GET_UINT32_BE
+#define GET_UINT32_BE(n,b,i)                            \
+{                                                       \
+    (n) = ( (uint32_t) (b)[(i)    ] << 24 )             \
+        | ( (uint32_t) (b)[(i) + 1] << 16 )             \
+        | ( (uint32_t) (b)[(i) + 2] <<  8 )             \
+        | ( (uint32_t) (b)[(i) + 3]       );            \
+}
+#endif
+
+#ifndef PUT_UINT32_BE
+#define PUT_UINT32_BE(n,b,i)                            \
+{                                                       \
+    (b)[(i)    ] = (unsigned char) ( (n) >> 24 );       \
+    (b)[(i) + 1] = (unsigned char) ( (n) >> 16 );       \
+    (b)[(i) + 2] = (unsigned char) ( (n) >>  8 );       \
+    (b)[(i) + 3] = (unsigned char) ( (n)       );       \
+}
+#endif
+
 /** 
  * 
  */
diff --git a/library/des.c b/library/des.c
index eddf55e789..36ea277760 100644
--- a/library/des.c
+++ b/library/des.c
@@ -43,29 +43,6 @@
 
 #if !defined(MBEDTLS_DES_ALT)
 
-/*
- * 32-bit integer manipulation macros (big endian)
- */
-#ifndef GET_UINT32_BE
-#define GET_UINT32_BE(n,b,i)                            \
-{                                                       \
-    (n) = ( (uint32_t) (b)[(i)    ] << 24 )             \
-        | ( (uint32_t) (b)[(i) + 1] << 16 )             \
-        | ( (uint32_t) (b)[(i) + 2] <<  8 )             \
-        | ( (uint32_t) (b)[(i) + 3]       );            \
-}
-#endif
-
-#ifndef PUT_UINT32_BE
-#define PUT_UINT32_BE(n,b,i)                            \
-{                                                       \
-    (b)[(i)    ] = (unsigned char) ( (n) >> 24 );       \
-    (b)[(i) + 1] = (unsigned char) ( (n) >> 16 );       \
-    (b)[(i) + 2] = (unsigned char) ( (n) >>  8 );       \
-    (b)[(i) + 3] = (unsigned char) ( (n)       );       \
-}
-#endif
-
 /*
  * Expanded DES S-boxes
  */
diff --git a/library/gcm.c b/library/gcm.c
index 835b1b2853..c8254876dd 100644
--- a/library/gcm.c
+++ b/library/gcm.c
@@ -58,29 +58,6 @@
 #define GCM_VALIDATE( cond ) \
     MBEDTLS_INTERNAL_VALIDATE( cond )
 
-/*
- * 32-bit integer manipulation macros (big endian)
- */
-#ifndef GET_UINT32_BE
-#define GET_UINT32_BE(n,b,i)                            \
-{                                                       \
-    (n) = ( (uint32_t) (b)[(i)    ] << 24 )             \
-        | ( (uint32_t) (b)[(i) + 1] << 16 )             \
-        | ( (uint32_t) (b)[(i) + 2] <<  8 )             \
-        | ( (uint32_t) (b)[(i) + 3]       );            \
-}
-#endif
-
-#ifndef PUT_UINT32_BE
-#define PUT_UINT32_BE(n,b,i)                            \
-{                                                       \
-    (b)[(i)    ] = (unsigned char) ( (n) >> 24 );       \
-    (b)[(i) + 1] = (unsigned char) ( (n) >> 16 );       \
-    (b)[(i) + 2] = (unsigned char) ( (n) >>  8 );       \
-    (b)[(i) + 3] = (unsigned char) ( (n)       );       \
-}
-#endif
-
 /*
  * Initialize a context
  */
diff --git a/library/nist_kw.c b/library/nist_kw.c
index 3fff2b7f85..c0eed674c1 100644
--- a/library/nist_kw.c
+++ b/library/nist_kw.c
@@ -77,26 +77,6 @@ static const unsigned char NIST_KW_ICV1[] = {0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6,
 /*! The 32-bit default integrity check value (ICV) for KWP mode. */
 static const  unsigned char NIST_KW_ICV2[] = {0xA6, 0x59, 0x59, 0xA6};
 
-#ifndef GET_UINT32_BE
-#define GET_UINT32_BE(n,b,i)                            \
-do {                                                    \
-    (n) = ( (uint32_t) (b)[(i)    ] << 24 )             \
-        | ( (uint32_t) (b)[(i) + 1] << 16 )             \
-        | ( (uint32_t) (b)[(i) + 2] <<  8 )             \
-        | ( (uint32_t) (b)[(i) + 3]       );            \
-} while( 0 )
-#endif
-
-#ifndef PUT_UINT32_BE
-#define PUT_UINT32_BE(n,b,i)                            \
-do {                                                    \
-    (b)[(i)    ] = (unsigned char) ( (n) >> 24 );       \
-    (b)[(i) + 1] = (unsigned char) ( (n) >> 16 );       \
-    (b)[(i) + 2] = (unsigned char) ( (n) >>  8 );       \
-    (b)[(i) + 3] = (unsigned char) ( (n)       );       \
-} while( 0 )
-#endif
-
 /*
  * Initialize context
  */
diff --git a/library/sha1.c b/library/sha1.c
index 545d093109..9beaee5a54 100644
--- a/library/sha1.c
+++ b/library/sha1.c
@@ -48,29 +48,6 @@
 
 #if !defined(MBEDTLS_SHA1_ALT)
 
-/*
- * 32-bit integer manipulation macros (big endian)
- */
-#ifndef GET_UINT32_BE
-#define GET_UINT32_BE(n,b,i)                            \
-{                                                       \
-    (n) = ( (uint32_t) (b)[(i)    ] << 24 )             \
-        | ( (uint32_t) (b)[(i) + 1] << 16 )             \
-        | ( (uint32_t) (b)[(i) + 2] <<  8 )             \
-        | ( (uint32_t) (b)[(i) + 3]       );            \
-}
-#endif
-
-#ifndef PUT_UINT32_BE
-#define PUT_UINT32_BE(n,b,i)                            \
-{                                                       \
-    (b)[(i)    ] = (unsigned char) ( (n) >> 24 );       \
-    (b)[(i) + 1] = (unsigned char) ( (n) >> 16 );       \
-    (b)[(i) + 2] = (unsigned char) ( (n) >>  8 );       \
-    (b)[(i) + 3] = (unsigned char) ( (n)       );       \
-}
-#endif
-
 void mbedtls_sha1_init( mbedtls_sha1_context *ctx )
 {
     SHA1_VALIDATE( ctx != NULL );
diff --git a/library/sha256.c b/library/sha256.c
index 6ec6da296a..f548c672ea 100644
--- a/library/sha256.c
+++ b/library/sha256.c
@@ -50,29 +50,6 @@
 
 #if !defined(MBEDTLS_SHA256_ALT)
 
-/*
- * 32-bit integer manipulation macros (big endian)
- */
-#ifndef GET_UINT32_BE
-#define GET_UINT32_BE(n,b,i)                            \
-do {                                                    \
-    (n) = ( (uint32_t) (b)[(i)    ] << 24 )             \
-        | ( (uint32_t) (b)[(i) + 1] << 16 )             \
-        | ( (uint32_t) (b)[(i) + 2] <<  8 )             \
-        | ( (uint32_t) (b)[(i) + 3]       );            \
-} while( 0 )
-#endif
-
-#ifndef PUT_UINT32_BE
-#define PUT_UINT32_BE(n,b,i)                            \
-do {                                                    \
-    (b)[(i)    ] = (unsigned char) ( (n) >> 24 );       \
-    (b)[(i) + 1] = (unsigned char) ( (n) >> 16 );       \
-    (b)[(i) + 2] = (unsigned char) ( (n) >>  8 );       \
-    (b)[(i) + 3] = (unsigned char) ( (n)       );       \
-} while( 0 )
-#endif
-
 void mbedtls_sha256_init( mbedtls_sha256_context *ctx )
 {
     SHA256_VALIDATE( ctx != NULL );

From 54c6134ff7de2ccc5d5cc2ef55f766d9a3a1fbdb Mon Sep 17 00:00:00 2001
From: Joe Subbiani <joe.subbiani@arm.com>
Date: Wed, 23 Jun 2021 12:16:47 +0100
Subject: [PATCH 305/966] Move UINT32_LE macros to common.h

32-bit integer manipulation macros (little edian):
GET_UINT32_LE and PUT_UINT32_LE appear in several
files in library/.
Removes duplicate code and save vertical
space the macro has been moved to common.h.
Improves maintainability.

Also provided brief comment in common.h for
BYTES_TO_U32_LE. comment/documentation will
probably need to be edited further for all
recent additions to library/common.h

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
---
 library/aes.c                | 23 -----------------------
 library/aria.c               | 23 -----------------------
 library/common.h             | 25 ++++++++++++++++++++++++-
 library/md5.c                | 23 -----------------------
 library/psa_crypto_storage.c | 23 -----------------------
 library/ripemd160.c          | 23 -----------------------
 6 files changed, 24 insertions(+), 116 deletions(-)

diff --git a/library/aes.c b/library/aes.c
index a15a80924a..7b4fb869e0 100644
--- a/library/aes.c
+++ b/library/aes.c
@@ -57,29 +57,6 @@
 #define AES_VALIDATE( cond )        \
     MBEDTLS_INTERNAL_VALIDATE( cond )
 
-/*
- * 32-bit integer manipulation macros (little endian)
- */
-#ifndef GET_UINT32_LE
-#define GET_UINT32_LE(n,b,i)                            \
-{                                                       \
-    (n) = ( (uint32_t) (b)[(i)    ]       )             \
-        | ( (uint32_t) (b)[(i) + 1] <<  8 )             \
-        | ( (uint32_t) (b)[(i) + 2] << 16 )             \
-        | ( (uint32_t) (b)[(i) + 3] << 24 );            \
-}
-#endif
-
-#ifndef PUT_UINT32_LE
-#define PUT_UINT32_LE(n,b,i)                                    \
-{                                                               \
-    (b)[(i)    ] = (unsigned char) ( ( (n)       ) & 0xFF );    \
-    (b)[(i) + 1] = (unsigned char) ( ( (n) >>  8 ) & 0xFF );    \
-    (b)[(i) + 2] = (unsigned char) ( ( (n) >> 16 ) & 0xFF );    \
-    (b)[(i) + 3] = (unsigned char) ( ( (n) >> 24 ) & 0xFF );    \
-}
-#endif
-
 #if defined(MBEDTLS_PADLOCK_C) &&                      \
     ( defined(MBEDTLS_HAVE_X86) || defined(MBEDTLS_PADLOCK_ALIGN16) )
 static int aes_padlock_ace = -1;
diff --git a/library/aria.c b/library/aria.c
index a5786b37ab..d7d2bea7c8 100644
--- a/library/aria.c
+++ b/library/aria.c
@@ -55,29 +55,6 @@
 #define ARIA_VALIDATE( cond )                                           \
     MBEDTLS_INTERNAL_VALIDATE( cond )
 
-/*
- * 32-bit integer manipulation macros (little endian)
- */
-#ifndef GET_UINT32_LE
-#define GET_UINT32_LE( n, b, i )                \
-{                                               \
-    (n) = ( (uint32_t) (b)[(i)    ]       )     \
-        | ( (uint32_t) (b)[(i) + 1] <<  8 )     \
-        | ( (uint32_t) (b)[(i) + 2] << 16 )     \
-        | ( (uint32_t) (b)[(i) + 3] << 24 );    \
-}
-#endif
-
-#ifndef PUT_UINT32_LE
-#define PUT_UINT32_LE( n, b, i )                                \
-{                                                               \
-    (b)[(i)    ] = (unsigned char) ( ( (n)       ) & 0xFF );    \
-    (b)[(i) + 1] = (unsigned char) ( ( (n) >>  8 ) & 0xFF );    \
-    (b)[(i) + 2] = (unsigned char) ( ( (n) >> 16 ) & 0xFF );    \
-    (b)[(i) + 3] = (unsigned char) ( ( (n) >> 24 ) & 0xFF );    \
-}
-#endif
-
 /*
  * modify byte order: ( A B C D ) -> ( B A D C ), i.e. swap pairs of bytes
  *
diff --git a/library/common.h b/library/common.h
index b3b70dc62f..c2cf633c99 100644
--- a/library/common.h
+++ b/library/common.h
@@ -99,8 +99,31 @@ extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const c
 }
 #endif
 
+/*
+ * 32-bit integer manipulation macros (little endian)
+ */
+#ifndef GET_UINT32_LE
+#define GET_UINT32_LE(n,b,i)                            \
+{                                                       \
+    (n) = ( (uint32_t) (b)[(i)    ]       )             \
+        | ( (uint32_t) (b)[(i) + 1] <<  8 )             \
+        | ( (uint32_t) (b)[(i) + 2] << 16 )             \
+        | ( (uint32_t) (b)[(i) + 3] << 24 );            \
+}
+#endif
+
+#ifndef PUT_UINT32_LE
+#define PUT_UINT32_LE(n,b,i)                                    \
+{                                                               \
+    (b)[(i)    ] = (unsigned char) ( ( (n)       ) & 0xFF );    \
+    (b)[(i) + 1] = (unsigned char) ( ( (n) >>  8 ) & 0xFF );    \
+    (b)[(i) + 2] = (unsigned char) ( ( (n) >> 16 ) & 0xFF );    \
+    (b)[(i) + 3] = (unsigned char) ( ( (n) >> 24 ) & 0xFF );    \
+}
+#endif
+
 /** 
- * 
+ * 32-bit integer conversion from bytes (little endian)
  */
 #define BYTES_TO_U32_LE( data, offset )                         \
     ( (uint32_t) (data)[offset]                                 \
diff --git a/library/md5.c b/library/md5.c
index d7f8cee468..d8f637da83 100644
--- a/library/md5.c
+++ b/library/md5.c
@@ -43,29 +43,6 @@
 
 #if !defined(MBEDTLS_MD5_ALT)
 
-/*
- * 32-bit integer manipulation macros (little endian)
- */
-#ifndef GET_UINT32_LE
-#define GET_UINT32_LE(n,b,i)                            \
-{                                                       \
-    (n) = ( (uint32_t) (b)[(i)    ]       )             \
-        | ( (uint32_t) (b)[(i) + 1] <<  8 )             \
-        | ( (uint32_t) (b)[(i) + 2] << 16 )             \
-        | ( (uint32_t) (b)[(i) + 3] << 24 );            \
-}
-#endif
-
-#ifndef PUT_UINT32_LE
-#define PUT_UINT32_LE(n,b,i)                                    \
-{                                                               \
-    (b)[(i)    ] = (unsigned char) ( ( (n)       ) & 0xFF );    \
-    (b)[(i) + 1] = (unsigned char) ( ( (n) >>  8 ) & 0xFF );    \
-    (b)[(i) + 2] = (unsigned char) ( ( (n) >> 16 ) & 0xFF );    \
-    (b)[(i) + 3] = (unsigned char) ( ( (n) >> 24 ) & 0xFF );    \
-}
-#endif
-
 void mbedtls_md5_init( mbedtls_md5_context *ctx )
 {
     memset( ctx, 0, sizeof( mbedtls_md5_context ) );
diff --git a/library/psa_crypto_storage.c b/library/psa_crypto_storage.c
index 09cbab4c4d..36b518350c 100644
--- a/library/psa_crypto_storage.c
+++ b/library/psa_crypto_storage.c
@@ -230,29 +230,6 @@ static psa_status_t psa_crypto_storage_get_data_length(
     return( PSA_SUCCESS );
 }
 
-/*
- * 32-bit integer manipulation macros (little endian)
- */
-#ifndef GET_UINT32_LE
-#define GET_UINT32_LE( n, b, i )                        \
-{                                                       \
-    (n) = ( (uint32_t) (b)[(i)    ]       )             \
-        | ( (uint32_t) (b)[(i) + 1] <<  8 )             \
-        | ( (uint32_t) (b)[(i) + 2] << 16 )             \
-        | ( (uint32_t) (b)[(i) + 3] << 24 );            \
-}
-#endif
-
-#ifndef PUT_UINT32_LE
-#define PUT_UINT32_LE( n, b, i )                                \
-{                                                               \
-    (b)[(i)    ] = (unsigned char) ( ( (n)       ) & 0xFF );    \
-    (b)[(i) + 1] = (unsigned char) ( ( (n) >>  8 ) & 0xFF );    \
-    (b)[(i) + 2] = (unsigned char) ( ( (n) >> 16 ) & 0xFF );    \
-    (b)[(i) + 3] = (unsigned char) ( ( (n) >> 24 ) & 0xFF );    \
-}
-#endif
-
 /*
  * 16-bit integer manipulation macros (little endian)
  */
diff --git a/library/ripemd160.c b/library/ripemd160.c
index d2ccbbec47..d60654e952 100644
--- a/library/ripemd160.c
+++ b/library/ripemd160.c
@@ -44,29 +44,6 @@
 
 #if !defined(MBEDTLS_RIPEMD160_ALT)
 
-/*
- * 32-bit integer manipulation macros (little endian)
- */
-#ifndef GET_UINT32_LE
-#define GET_UINT32_LE(n,b,i)                            \
-{                                                       \
-    (n) = ( (uint32_t) (b)[(i)    ]       )             \
-        | ( (uint32_t) (b)[(i) + 1] <<  8 )             \
-        | ( (uint32_t) (b)[(i) + 2] << 16 )             \
-        | ( (uint32_t) (b)[(i) + 3] << 24 );            \
-}
-#endif
-
-#ifndef PUT_UINT32_LE
-#define PUT_UINT32_LE(n,b,i)                                    \
-{                                                               \
-    (b)[(i)    ] = (unsigned char) ( ( (n)       ) & 0xFF );    \
-    (b)[(i) + 1] = (unsigned char) ( ( (n) >>  8 ) & 0xFF );    \
-    (b)[(i) + 2] = (unsigned char) ( ( (n) >> 16 ) & 0xFF );    \
-    (b)[(i) + 3] = (unsigned char) ( ( (n) >> 24 ) & 0xFF );    \
-}
-#endif
-
 void mbedtls_ripemd160_init( mbedtls_ripemd160_context *ctx )
 {
     memset( ctx, 0, sizeof( mbedtls_ripemd160_context ) );

From c4f3d5b38e4e1e88237f67380246c5f2fdeec7fd Mon Sep 17 00:00:00 2001
From: Joe Subbiani <joe.subbiani@arm.com>
Date: Wed, 23 Jun 2021 17:58:41 +0100
Subject: [PATCH 306/966] Add do-while protection to macros

missed do-while around function-like macros (UINT32_BE and
UINT_LE macros) originally present in the indivdual files,
before being moved to common.h.

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
---
 library/common.h | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/library/common.h b/library/common.h
index c2cf633c99..56514b3436 100644
--- a/library/common.h
+++ b/library/common.h
@@ -81,22 +81,22 @@ extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const c
  */
 #ifndef GET_UINT32_BE
 #define GET_UINT32_BE(n,b,i)                            \
-{                                                       \
+do {                                                    \
     (n) = ( (uint32_t) (b)[(i)    ] << 24 )             \
         | ( (uint32_t) (b)[(i) + 1] << 16 )             \
         | ( (uint32_t) (b)[(i) + 2] <<  8 )             \
         | ( (uint32_t) (b)[(i) + 3]       );            \
-}
+} while( 0 )
 #endif
 
 #ifndef PUT_UINT32_BE
 #define PUT_UINT32_BE(n,b,i)                            \
-{                                                       \
+do {                                                    \
     (b)[(i)    ] = (unsigned char) ( (n) >> 24 );       \
     (b)[(i) + 1] = (unsigned char) ( (n) >> 16 );       \
     (b)[(i) + 2] = (unsigned char) ( (n) >>  8 );       \
     (b)[(i) + 3] = (unsigned char) ( (n)       );       \
-}
+} while( 0 )
 #endif
 
 /*
@@ -104,22 +104,22 @@ extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const c
  */
 #ifndef GET_UINT32_LE
 #define GET_UINT32_LE(n,b,i)                            \
-{                                                       \
+do {                                                    \
     (n) = ( (uint32_t) (b)[(i)    ]       )             \
         | ( (uint32_t) (b)[(i) + 1] <<  8 )             \
         | ( (uint32_t) (b)[(i) + 2] << 16 )             \
         | ( (uint32_t) (b)[(i) + 3] << 24 );            \
-}
+} while( 0 )
 #endif
 
 #ifndef PUT_UINT32_LE
 #define PUT_UINT32_LE(n,b,i)                                    \
-{                                                               \
+do {                                                            \
     (b)[(i)    ] = (unsigned char) ( ( (n)       ) & 0xFF );    \
     (b)[(i) + 1] = (unsigned char) ( ( (n) >>  8 ) & 0xFF );    \
     (b)[(i) + 2] = (unsigned char) ( ( (n) >> 16 ) & 0xFF );    \
     (b)[(i) + 3] = (unsigned char) ( ( (n) >> 24 ) & 0xFF );    \
-}
+} while( 0 )
 #endif
 
 /** 

From 6f2bb0c8efd7fb3a74ececd00b9ca507f5494efe Mon Sep 17 00:00:00 2001
From: Joe Subbiani <joe.subbiani@arm.com>
Date: Thu, 24 Jun 2021 09:06:23 +0100
Subject: [PATCH 307/966] Remove trailing whitespace

Trailing white spaces causing check_files.py to fail

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
---
 library/common.h  | 6 +++---
 library/ssl_msg.c | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/library/common.h b/library/common.h
index 56514b3436..b6b7d01d9d 100644
--- a/library/common.h
+++ b/library/common.h
@@ -67,8 +67,8 @@ extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const c
 #define MBEDTLS_ALLOW_PRIVATE_ACCESS
 
 /** Byte Reading Macros
- * 
- * To tidy up code and save horizontal and vertical space, use byte 
+ *
+ * To tidy up code and save horizontal and vertical space, use byte
  * reading macros to cast
  */
 #define BYTE_0( x ) ( (uint8_t) ( ( x ) & 0xff ) )
@@ -122,7 +122,7 @@ do {                                                            \
 } while( 0 )
 #endif
 
-/** 
+/**
  * 32-bit integer conversion from bytes (little endian)
  */
 #define BYTES_TO_U32_LE( data, offset )                         \
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 1fd9420c24..f3dbba82b9 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -2254,7 +2254,7 @@ int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl )
              * copy beginning of headers then fill fragmentation fields.
              * Handshake headers: type(1) len(3) seq(2) f_off(3) f_len(3) */
             memcpy( ssl->out_msg, cur->p, 6 );
-            
+
             ssl->out_msg[6] = BYTE_2( frag_off );
             ssl->out_msg[7] = BYTE_1( frag_off );
             ssl->out_msg[8] = BYTE_0( frag_off );

From 9aaec54e57e3ec869ad47ed0f6b67761b74f17fd Mon Sep 17 00:00:00 2001
From: Joe Subbiani <joe.subbiani@arm.com>
Date: Thu, 24 Jun 2021 11:00:08 +0100
Subject: [PATCH 308/966] Undo use of BYTE_x macro

The use of the BYTE_x macro in nist_kw did not seem appropriate
in hind sight as it is working with a character array not an int

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
---
 library/nist_kw.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/nist_kw.c b/library/nist_kw.c
index c0eed674c1..174a1eef13 100644
--- a/library/nist_kw.c
+++ b/library/nist_kw.c
@@ -149,7 +149,7 @@ static void calc_a_xor_t( unsigned char A[KW_SEMIBLOCK_LENGTH], uint64_t t )
     size_t i = 0;
     for( i = 0; i < sizeof( t ); i++ )
     {
-        A[i] ^= BYTE_0( t >> ( ( sizeof( t ) - 1 - i ) * 8 ) );
+        A[i] ^= ( t >> ( ( sizeof( t ) - 1 - i ) * 8 ) ) & 0xff;
     }
 }
 

From 5ecac217f01aee0f73cffcb30e8b32f00921299f Mon Sep 17 00:00:00 2001
From: Joe Subbiani <joe.subbiani@arm.com>
Date: Thu, 24 Jun 2021 13:00:03 +0100
Subject: [PATCH 309/966] Prefixed macros with MBEDTLS

As per tests/scripts/check-names.sh, macros in
library/ header files should be prefixed with
MBEDTLS_
The macro functions in common.h where also indented
to comply with the same test

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
---
 library/aes.c                | 34 ++++++++---------
 library/aria.c               | 34 ++++++++---------
 library/camellia.c           | 22 +++++------
 library/chacha20.c           | 22 +++++------
 library/common.h             | 74 ++++++++++++++++++------------------
 library/ctr_drbg.c           |  8 ++--
 library/des.c                | 20 +++++-----
 library/gcm.c                | 34 ++++++++---------
 library/md5.c                | 44 ++++++++++-----------
 library/nist_kw.c            |  4 +-
 library/poly1305.c           | 24 ++++++------
 library/psa_crypto.c         |  4 +-
 library/psa_crypto_storage.c | 24 ++++++------
 library/psa_its_file.c       | 16 ++++----
 library/ripemd160.c          | 46 +++++++++++-----------
 library/sha1.c               | 46 +++++++++++-----------
 library/sha256.c             | 24 ++++++------
 library/ssl_msg.c            | 12 +++---
 library/ssl_ticket.c         |  4 +-
 19 files changed, 248 insertions(+), 248 deletions(-)

diff --git a/library/aes.c b/library/aes.c
index 7b4fb869e0..db726fe36b 100644
--- a/library/aes.c
+++ b/library/aes.c
@@ -567,7 +567,7 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
 
     for( i = 0; i < ( keybits >> 5 ); i++ )
     {
-        GET_UINT32_LE( RK[i], key, i << 2 );
+        MBEDTLS_GET_UINT32_LE( RK[i], key, i << 2 );
     }
 
     switch( ctx->nr )
@@ -850,10 +850,10 @@ int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx,
         uint32_t Y[4];
     } t;
 
-    GET_UINT32_LE( t.X[0], input,  0 ); t.X[0] ^= *RK++;
-    GET_UINT32_LE( t.X[1], input,  4 ); t.X[1] ^= *RK++;
-    GET_UINT32_LE( t.X[2], input,  8 ); t.X[2] ^= *RK++;
-    GET_UINT32_LE( t.X[3], input, 12 ); t.X[3] ^= *RK++;
+    MBEDTLS_GET_UINT32_LE( t.X[0], input,  0 ); t.X[0] ^= *RK++;
+    MBEDTLS_GET_UINT32_LE( t.X[1], input,  4 ); t.X[1] ^= *RK++;
+    MBEDTLS_GET_UINT32_LE( t.X[2], input,  8 ); t.X[2] ^= *RK++;
+    MBEDTLS_GET_UINT32_LE( t.X[3], input, 12 ); t.X[3] ^= *RK++;
 
     for( i = ( ctx->nr >> 1 ) - 1; i > 0; i-- )
     {
@@ -887,10 +887,10 @@ int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx,
             ( (uint32_t) FSb[ ( t.Y[1] >> 16 ) & 0xFF ] << 16 ) ^
             ( (uint32_t) FSb[ ( t.Y[2] >> 24 ) & 0xFF ] << 24 );
 
-    PUT_UINT32_LE( t.X[0], output,  0 );
-    PUT_UINT32_LE( t.X[1], output,  4 );
-    PUT_UINT32_LE( t.X[2], output,  8 );
-    PUT_UINT32_LE( t.X[3], output, 12 );
+    MBEDTLS_PUT_UINT32_LE( t.X[0], output,  0 );
+    MBEDTLS_PUT_UINT32_LE( t.X[1], output,  4 );
+    MBEDTLS_PUT_UINT32_LE( t.X[2], output,  8 );
+    MBEDTLS_PUT_UINT32_LE( t.X[3], output, 12 );
 
     mbedtls_platform_zeroize( &t, sizeof( t ) );
 
@@ -914,10 +914,10 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx,
         uint32_t Y[4];
     } t;
 
-    GET_UINT32_LE( t.X[0], input,  0 ); t.X[0] ^= *RK++;
-    GET_UINT32_LE( t.X[1], input,  4 ); t.X[1] ^= *RK++;
-    GET_UINT32_LE( t.X[2], input,  8 ); t.X[2] ^= *RK++;
-    GET_UINT32_LE( t.X[3], input, 12 ); t.X[3] ^= *RK++;
+    MBEDTLS_GET_UINT32_LE( t.X[0], input,  0 ); t.X[0] ^= *RK++;
+    MBEDTLS_GET_UINT32_LE( t.X[1], input,  4 ); t.X[1] ^= *RK++;
+    MBEDTLS_GET_UINT32_LE( t.X[2], input,  8 ); t.X[2] ^= *RK++;
+    MBEDTLS_GET_UINT32_LE( t.X[3], input, 12 ); t.X[3] ^= *RK++;
 
     for( i = ( ctx->nr >> 1 ) - 1; i > 0; i-- )
     {
@@ -951,10 +951,10 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx,
             ( (uint32_t) RSb[ ( t.Y[1] >> 16 ) & 0xFF ] << 16 ) ^
             ( (uint32_t) RSb[ ( t.Y[0] >> 24 ) & 0xFF ] << 24 );
 
-    PUT_UINT32_LE( t.X[0], output,  0 );
-    PUT_UINT32_LE( t.X[1], output,  4 );
-    PUT_UINT32_LE( t.X[2], output,  8 );
-    PUT_UINT32_LE( t.X[3], output, 12 );
+    MBEDTLS_PUT_UINT32_LE( t.X[0], output,  0 );
+    MBEDTLS_PUT_UINT32_LE( t.X[1], output,  4 );
+    MBEDTLS_PUT_UINT32_LE( t.X[2], output,  8 );
+    MBEDTLS_PUT_UINT32_LE( t.X[3], output, 12 );
 
     mbedtls_platform_zeroize( &t, sizeof( t ) );
 
diff --git a/library/aria.c b/library/aria.c
index d7d2bea7c8..a6319d3e29 100644
--- a/library/aria.c
+++ b/library/aria.c
@@ -385,7 +385,7 @@ static void aria_fe_xor( uint32_t r[4], const uint32_t p[4],
  * Big endian 128-bit rotation: r = a ^ (b <<< n), used only in key setup.
  *
  * We chose to store bytes into 32-bit words in little-endian format (see
- * GET/PUT_UINT32_LE) so we need to reverse bytes here.
+ * GET/MBEDTLS_PUT_UINT32_LE) so we need to reverse bytes here.
  */
 static void aria_rot128( uint32_t r[4], const uint32_t a[4],
                          const uint32_t b[4], uint8_t n )
@@ -433,21 +433,21 @@ int mbedtls_aria_setkey_enc( mbedtls_aria_context *ctx,
         return( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA );
 
     /* Copy key to W0 (and potential remainder to W1) */
-    GET_UINT32_LE( w[0][0], key,  0 );
-    GET_UINT32_LE( w[0][1], key,  4 );
-    GET_UINT32_LE( w[0][2], key,  8 );
-    GET_UINT32_LE( w[0][3], key, 12 );
+    MBEDTLS_GET_UINT32_LE( w[0][0], key,  0 );
+    MBEDTLS_GET_UINT32_LE( w[0][1], key,  4 );
+    MBEDTLS_GET_UINT32_LE( w[0][2], key,  8 );
+    MBEDTLS_GET_UINT32_LE( w[0][3], key, 12 );
 
     memset( w[1], 0, 16 );
     if( keybits >= 192 )
     {
-        GET_UINT32_LE( w[1][0], key, 16 );  // 192 bit key
-        GET_UINT32_LE( w[1][1], key, 20 );
+        MBEDTLS_GET_UINT32_LE( w[1][0], key, 16 );  // 192 bit key
+        MBEDTLS_GET_UINT32_LE( w[1][1], key, 20 );
     }
     if( keybits == 256 )
     {
-        GET_UINT32_LE( w[1][2], key, 24 );  // 256 bit key
-        GET_UINT32_LE( w[1][3], key, 28 );
+        MBEDTLS_GET_UINT32_LE( w[1][2], key, 24 );  // 256 bit key
+        MBEDTLS_GET_UINT32_LE( w[1][3], key, 28 );
     }
 
     i = ( keybits - 128 ) >> 6;             // index: 0, 1, 2
@@ -524,10 +524,10 @@ int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx,
     ARIA_VALIDATE_RET( input != NULL );
     ARIA_VALIDATE_RET( output != NULL );
 
-    GET_UINT32_LE( a, input,  0 );
-    GET_UINT32_LE( b, input,  4 );
-    GET_UINT32_LE( c, input,  8 );
-    GET_UINT32_LE( d, input, 12 );
+    MBEDTLS_GET_UINT32_LE( a, input,  0 );
+    MBEDTLS_GET_UINT32_LE( b, input,  4 );
+    MBEDTLS_GET_UINT32_LE( c, input,  8 );
+    MBEDTLS_GET_UINT32_LE( d, input, 12 );
 
     i = 0;
     while( 1 )
@@ -559,10 +559,10 @@ int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx,
     c ^= ctx->rk[i][2];
     d ^= ctx->rk[i][3];
 
-    PUT_UINT32_LE( a, output,  0 );
-    PUT_UINT32_LE( b, output,  4 );
-    PUT_UINT32_LE( c, output,  8 );
-    PUT_UINT32_LE( d, output, 12 );
+    MBEDTLS_PUT_UINT32_LE( a, output,  0 );
+    MBEDTLS_PUT_UINT32_LE( b, output,  4 );
+    MBEDTLS_PUT_UINT32_LE( c, output,  8 );
+    MBEDTLS_PUT_UINT32_LE( d, output, 12 );
 
     return( 0 );
 }
diff --git a/library/camellia.c b/library/camellia.c
index 0817b1d292..9aab7ab675 100644
--- a/library/camellia.c
+++ b/library/camellia.c
@@ -353,8 +353,8 @@ int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx,
      * Prepare SIGMA values
      */
     for( i = 0; i < 6; i++ ) {
-        GET_UINT32_BE( SIGMA[i][0], SIGMA_CHARS[i], 0 );
-        GET_UINT32_BE( SIGMA[i][1], SIGMA_CHARS[i], 4 );
+        MBEDTLS_GET_UINT32_BE( SIGMA[i][0], SIGMA_CHARS[i], 0 );
+        MBEDTLS_GET_UINT32_BE( SIGMA[i][1], SIGMA_CHARS[i], 4 );
     }
 
     /*
@@ -365,7 +365,7 @@ int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx,
 
     /* Store KL, KR */
     for( i = 0; i < 8; i++ )
-        GET_UINT32_BE( KC[i], t, i * 4 );
+        MBEDTLS_GET_UINT32_BE( KC[i], t, i * 4 );
 
     /* Generate KA */
     for( i = 0; i < 4; ++i )
@@ -491,10 +491,10 @@ int mbedtls_camellia_crypt_ecb( mbedtls_camellia_context *ctx,
     NR = ctx->nr;
     RK = ctx->rk;
 
-    GET_UINT32_BE( X[0], input,  0 );
-    GET_UINT32_BE( X[1], input,  4 );
-    GET_UINT32_BE( X[2], input,  8 );
-    GET_UINT32_BE( X[3], input, 12 );
+    MBEDTLS_GET_UINT32_BE( X[0], input,  0 );
+    MBEDTLS_GET_UINT32_BE( X[1], input,  4 );
+    MBEDTLS_GET_UINT32_BE( X[2], input,  8 );
+    MBEDTLS_GET_UINT32_BE( X[3], input, 12 );
 
     X[0] ^= *RK++;
     X[1] ^= *RK++;
@@ -529,10 +529,10 @@ int mbedtls_camellia_crypt_ecb( mbedtls_camellia_context *ctx,
     X[0] ^= *RK++;
     X[1] ^= *RK++;
 
-    PUT_UINT32_BE( X[2], output,  0 );
-    PUT_UINT32_BE( X[3], output,  4 );
-    PUT_UINT32_BE( X[0], output,  8 );
-    PUT_UINT32_BE( X[1], output, 12 );
+    MBEDTLS_PUT_UINT32_BE( X[2], output,  0 );
+    MBEDTLS_PUT_UINT32_BE( X[3], output,  4 );
+    MBEDTLS_PUT_UINT32_BE( X[0], output,  8 );
+    MBEDTLS_PUT_UINT32_BE( X[1], output, 12 );
 
     return( 0 );
 }
diff --git a/library/chacha20.c b/library/chacha20.c
index 9862ea535a..d0d5741c7b 100644
--- a/library/chacha20.c
+++ b/library/chacha20.c
@@ -205,14 +205,14 @@ int mbedtls_chacha20_setkey( mbedtls_chacha20_context *ctx,
     ctx->state[3] = 0x6b206574;
 
     /* Set key */
-    ctx->state[4]  = BYTES_TO_U32_LE( key, 0 );
-    ctx->state[5]  = BYTES_TO_U32_LE( key, 4 );
-    ctx->state[6]  = BYTES_TO_U32_LE( key, 8 );
-    ctx->state[7]  = BYTES_TO_U32_LE( key, 12 );
-    ctx->state[8]  = BYTES_TO_U32_LE( key, 16 );
-    ctx->state[9]  = BYTES_TO_U32_LE( key, 20 );
-    ctx->state[10] = BYTES_TO_U32_LE( key, 24 );
-    ctx->state[11] = BYTES_TO_U32_LE( key, 28 );
+    ctx->state[4]  = MBEDTLS_BYTES_TO_U32_LE( key, 0 );
+    ctx->state[5]  = MBEDTLS_BYTES_TO_U32_LE( key, 4 );
+    ctx->state[6]  = MBEDTLS_BYTES_TO_U32_LE( key, 8 );
+    ctx->state[7]  = MBEDTLS_BYTES_TO_U32_LE( key, 12 );
+    ctx->state[8]  = MBEDTLS_BYTES_TO_U32_LE( key, 16 );
+    ctx->state[9]  = MBEDTLS_BYTES_TO_U32_LE( key, 20 );
+    ctx->state[10] = MBEDTLS_BYTES_TO_U32_LE( key, 24 );
+    ctx->state[11] = MBEDTLS_BYTES_TO_U32_LE( key, 28 );
 
     return( 0 );
 }
@@ -228,9 +228,9 @@ int mbedtls_chacha20_starts( mbedtls_chacha20_context* ctx,
     ctx->state[12] = counter;
 
     /* Nonce */
-    ctx->state[13] = BYTES_TO_U32_LE( nonce, 0 );
-    ctx->state[14] = BYTES_TO_U32_LE( nonce, 4 );
-    ctx->state[15] = BYTES_TO_U32_LE( nonce, 8 );
+    ctx->state[13] = MBEDTLS_BYTES_TO_U32_LE( nonce, 0 );
+    ctx->state[14] = MBEDTLS_BYTES_TO_U32_LE( nonce, 4 );
+    ctx->state[15] = MBEDTLS_BYTES_TO_U32_LE( nonce, 8 );
 
     mbedtls_platform_zeroize( ctx->keystream8, sizeof( ctx->keystream8 ) );
 
diff --git a/library/common.h b/library/common.h
index b6b7d01d9d..6dbc808d34 100644
--- a/library/common.h
+++ b/library/common.h
@@ -71,61 +71,61 @@ extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const c
  * To tidy up code and save horizontal and vertical space, use byte
  * reading macros to cast
  */
-#define BYTE_0( x ) ( (uint8_t) ( ( x ) & 0xff ) )
-#define BYTE_1( x ) ( (uint8_t) ( ( ( x ) >> 8  ) & 0xff ) )
-#define BYTE_2( x ) ( (uint8_t) ( ( ( x ) >> 16 ) & 0xff ) )
-#define BYTE_3( x ) ( (uint8_t) ( ( ( x ) >> 24 ) & 0xff ) )
+#define MBEDTLS_BYTE_0( x ) ( (uint8_t) ( ( x ) & 0xff ) )
+#define MBEDTLS_BYTE_1( x ) ( (uint8_t) ( ( ( x ) >> 8  ) & 0xff ) )
+#define MBEDTLS_BYTE_2( x ) ( (uint8_t) ( ( ( x ) >> 16 ) & 0xff ) )
+#define MBEDTLS_BYTE_3( x ) ( (uint8_t) ( ( ( x ) >> 24 ) & 0xff ) )
 
 /*
  * 32-bit integer manipulation macros (big endian)
  */
-#ifndef GET_UINT32_BE
-#define GET_UINT32_BE(n,b,i)                            \
-do {                                                    \
-    (n) = ( (uint32_t) (b)[(i)    ] << 24 )             \
-        | ( (uint32_t) (b)[(i) + 1] << 16 )             \
-        | ( (uint32_t) (b)[(i) + 2] <<  8 )             \
-        | ( (uint32_t) (b)[(i) + 3]       );            \
-} while( 0 )
+#ifndef MBEDTLS_GET_UINT32_BE
+#define MBEDTLS_GET_UINT32_BE(n,b,i)                            \
+    do {                                                \
+        (n) = ( (uint32_t) (b)[(i)    ] << 24 )         \
+            | ( (uint32_t) (b)[(i) + 1] << 16 )         \
+            | ( (uint32_t) (b)[(i) + 2] <<  8 )         \
+            | ( (uint32_t) (b)[(i) + 3]       );        \
+    } while( 0 )
 #endif
 
-#ifndef PUT_UINT32_BE
-#define PUT_UINT32_BE(n,b,i)                            \
-do {                                                    \
-    (b)[(i)    ] = (unsigned char) ( (n) >> 24 );       \
-    (b)[(i) + 1] = (unsigned char) ( (n) >> 16 );       \
-    (b)[(i) + 2] = (unsigned char) ( (n) >>  8 );       \
-    (b)[(i) + 3] = (unsigned char) ( (n)       );       \
-} while( 0 )
+#ifndef MBEDTLS_PUT_UINT32_BE
+#define MBEDTLS_PUT_UINT32_BE(n,b,i)                            \
+    do {                                                \
+        (b)[(i)    ] = (unsigned char) ( (n) >> 24 );   \
+        (b)[(i) + 1] = (unsigned char) ( (n) >> 16 );   \
+        (b)[(i) + 2] = (unsigned char) ( (n) >>  8 );   \
+        (b)[(i) + 3] = (unsigned char) ( (n)       );   \
+    } while( 0 )
 #endif
 
 /*
  * 32-bit integer manipulation macros (little endian)
  */
-#ifndef GET_UINT32_LE
-#define GET_UINT32_LE(n,b,i)                            \
-do {                                                    \
-    (n) = ( (uint32_t) (b)[(i)    ]       )             \
-        | ( (uint32_t) (b)[(i) + 1] <<  8 )             \
-        | ( (uint32_t) (b)[(i) + 2] << 16 )             \
-        | ( (uint32_t) (b)[(i) + 3] << 24 );            \
-} while( 0 )
+#ifndef MBEDTLS_GET_UINT32_LE
+#define MBEDTLS_GET_UINT32_LE(n,b,i)                            \
+    do {                                                \
+        (n) = ( (uint32_t) (b)[(i)    ]       )         \
+            | ( (uint32_t) (b)[(i) + 1] <<  8 )         \
+            | ( (uint32_t) (b)[(i) + 2] << 16 )         \
+            | ( (uint32_t) (b)[(i) + 3] << 24 );        \
+    } while( 0 )
 #endif
 
-#ifndef PUT_UINT32_LE
-#define PUT_UINT32_LE(n,b,i)                                    \
-do {                                                            \
-    (b)[(i)    ] = (unsigned char) ( ( (n)       ) & 0xFF );    \
-    (b)[(i) + 1] = (unsigned char) ( ( (n) >>  8 ) & 0xFF );    \
-    (b)[(i) + 2] = (unsigned char) ( ( (n) >> 16 ) & 0xFF );    \
-    (b)[(i) + 3] = (unsigned char) ( ( (n) >> 24 ) & 0xFF );    \
-} while( 0 )
+#ifndef MBEDTLS_PUT_UINT32_LE
+#define MBEDTLS_PUT_UINT32_LE(n,b,i)                                        \
+    do {                                                            \
+        (b)[(i)    ] = (unsigned char) ( ( (n)       ) & 0xFF );    \
+        (b)[(i) + 1] = (unsigned char) ( ( (n) >>  8 ) & 0xFF );    \
+        (b)[(i) + 2] = (unsigned char) ( ( (n) >> 16 ) & 0xFF );    \
+        (b)[(i) + 3] = (unsigned char) ( ( (n) >> 24 ) & 0xFF );    \
+    } while( 0 )
 #endif
 
 /**
  * 32-bit integer conversion from bytes (little endian)
  */
-#define BYTES_TO_U32_LE( data, offset )                         \
+#define MBEDTLS_BYTES_TO_U32_LE( data, offset )                         \
     ( (uint32_t) (data)[offset]                                 \
       | (uint32_t) ( (uint32_t) (data)[( offset ) + 1] << 8 )   \
       | (uint32_t) ( (uint32_t) (data)[( offset ) + 2] << 16 )  \
diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c
index d52d9ef254..68b32a366b 100644
--- a/library/ctr_drbg.c
+++ b/library/ctr_drbg.c
@@ -152,10 +152,10 @@ static int block_cipher_df( unsigned char *output,
      *     (Total is padded to a multiple of 16-bytes with zeroes)
      */
     p = buf + MBEDTLS_CTR_DRBG_BLOCKSIZE;
-    *p++ = BYTE_3( data_len );
-    *p++ = BYTE_2( data_len );
-    *p++ = BYTE_1( data_len );
-    *p++ = BYTE_0( data_len );
+    *p++ = MBEDTLS_BYTE_3( data_len );
+    *p++ = MBEDTLS_BYTE_2( data_len );
+    *p++ = MBEDTLS_BYTE_1( data_len );
+    *p++ = MBEDTLS_BYTE_0( data_len );
     p += 3;
     *p++ = MBEDTLS_CTR_DRBG_SEEDLEN;
     memcpy( p, data, data_len );
diff --git a/library/des.c b/library/des.c
index 36ea277760..9281747de8 100644
--- a/library/des.c
+++ b/library/des.c
@@ -400,8 +400,8 @@ void mbedtls_des_setkey( uint32_t SK[32], const unsigned char key[MBEDTLS_DES_KE
     int i;
     uint32_t X, Y, T;
 
-    GET_UINT32_BE( X, key, 0 );
-    GET_UINT32_BE( Y, key, 4 );
+    MBEDTLS_GET_UINT32_BE( X, key, 0 );
+    MBEDTLS_GET_UINT32_BE( Y, key, 4 );
 
     /*
      * Permuted Choice 1
@@ -610,8 +610,8 @@ int mbedtls_des_crypt_ecb( mbedtls_des_context *ctx,
 
     SK = ctx->sk;
 
-    GET_UINT32_BE( X, input, 0 );
-    GET_UINT32_BE( Y, input, 4 );
+    MBEDTLS_GET_UINT32_BE( X, input, 0 );
+    MBEDTLS_GET_UINT32_BE( Y, input, 4 );
 
     DES_IP( X, Y );
 
@@ -623,8 +623,8 @@ int mbedtls_des_crypt_ecb( mbedtls_des_context *ctx,
 
     DES_FP( Y, X );
 
-    PUT_UINT32_BE( Y, output, 0 );
-    PUT_UINT32_BE( X, output, 4 );
+    MBEDTLS_PUT_UINT32_BE( Y, output, 0 );
+    MBEDTLS_PUT_UINT32_BE( X, output, 4 );
 
     return( 0 );
 }
@@ -697,8 +697,8 @@ int mbedtls_des3_crypt_ecb( mbedtls_des3_context *ctx,
 
     SK = ctx->sk;
 
-    GET_UINT32_BE( X, input, 0 );
-    GET_UINT32_BE( Y, input, 4 );
+    MBEDTLS_GET_UINT32_BE( X, input, 0 );
+    MBEDTLS_GET_UINT32_BE( Y, input, 4 );
 
     DES_IP( X, Y );
 
@@ -722,8 +722,8 @@ int mbedtls_des3_crypt_ecb( mbedtls_des3_context *ctx,
 
     DES_FP( Y, X );
 
-    PUT_UINT32_BE( Y, output, 0 );
-    PUT_UINT32_BE( X, output, 4 );
+    MBEDTLS_PUT_UINT32_BE( Y, output, 0 );
+    MBEDTLS_PUT_UINT32_BE( X, output, 4 );
 
     return( 0 );
 }
diff --git a/library/gcm.c b/library/gcm.c
index c8254876dd..3caeed26de 100644
--- a/library/gcm.c
+++ b/library/gcm.c
@@ -88,12 +88,12 @@ static int gcm_gen_table( mbedtls_gcm_context *ctx )
         return( ret );
 
     /* pack h as two 64-bits ints, big-endian */
-    GET_UINT32_BE( hi, h,  0  );
-    GET_UINT32_BE( lo, h,  4  );
+    MBEDTLS_GET_UINT32_BE( hi, h,  0  );
+    MBEDTLS_GET_UINT32_BE( lo, h,  4  );
     vh = (uint64_t) hi << 32 | lo;
 
-    GET_UINT32_BE( hi, h,  8  );
-    GET_UINT32_BE( lo, h,  12 );
+    MBEDTLS_GET_UINT32_BE( hi, h,  8  );
+    MBEDTLS_GET_UINT32_BE( lo, h,  12 );
     vl = (uint64_t) hi << 32 | lo;
 
     /* 8 = 1000 corresponds to 1 in GF(2^128) */
@@ -200,10 +200,10 @@ static void gcm_mult( mbedtls_gcm_context *ctx, const unsigned char x[16],
     if( mbedtls_aesni_has_support( MBEDTLS_AESNI_CLMUL ) ) {
         unsigned char h[16];
 
-        PUT_UINT32_BE( ctx->HH[8] >> 32, h,  0 );
-        PUT_UINT32_BE( ctx->HH[8],       h,  4 );
-        PUT_UINT32_BE( ctx->HL[8] >> 32, h,  8 );
-        PUT_UINT32_BE( ctx->HL[8],       h, 12 );
+        MBEDTLS_PUT_UINT32_BE( ctx->HH[8] >> 32, h,  0 );
+        MBEDTLS_PUT_UINT32_BE( ctx->HH[8],       h,  4 );
+        MBEDTLS_PUT_UINT32_BE( ctx->HL[8] >> 32, h,  8 );
+        MBEDTLS_PUT_UINT32_BE( ctx->HL[8],       h, 12 );
 
         mbedtls_aesni_gcm_mult( output, x, h );
         return;
@@ -239,10 +239,10 @@ static void gcm_mult( mbedtls_gcm_context *ctx, const unsigned char x[16],
         zl ^= ctx->HL[hi];
     }
 
-    PUT_UINT32_BE( zh >> 32, output, 0 );
-    PUT_UINT32_BE( zh, output, 4 );
-    PUT_UINT32_BE( zl >> 32, output, 8 );
-    PUT_UINT32_BE( zl, output, 12 );
+    MBEDTLS_PUT_UINT32_BE( zh >> 32, output, 0 );
+    MBEDTLS_PUT_UINT32_BE( zh, output, 4 );
+    MBEDTLS_PUT_UINT32_BE( zl >> 32, output, 8 );
+    MBEDTLS_PUT_UINT32_BE( zl, output, 12 );
 }
 
 int mbedtls_gcm_starts( mbedtls_gcm_context *ctx,
@@ -278,7 +278,7 @@ int mbedtls_gcm_starts( mbedtls_gcm_context *ctx,
     else
     {
         memset( work_buf, 0x00, 16 );
-        PUT_UINT32_BE( iv_len * 8, work_buf, 12 );
+        MBEDTLS_PUT_UINT32_BE( iv_len * 8, work_buf, 12 );
 
         p = iv;
         while( iv_len > 0 )
@@ -546,10 +546,10 @@ int mbedtls_gcm_finish( mbedtls_gcm_context *ctx,
     {
         memset( work_buf, 0x00, 16 );
 
-        PUT_UINT32_BE( ( orig_add_len >> 32 ), work_buf, 0  );
-        PUT_UINT32_BE( ( orig_add_len       ), work_buf, 4  );
-        PUT_UINT32_BE( ( orig_len     >> 32 ), work_buf, 8  );
-        PUT_UINT32_BE( ( orig_len           ), work_buf, 12 );
+        MBEDTLS_PUT_UINT32_BE( ( orig_add_len >> 32 ), work_buf, 0  );
+        MBEDTLS_PUT_UINT32_BE( ( orig_add_len       ), work_buf, 4  );
+        MBEDTLS_PUT_UINT32_BE( ( orig_len     >> 32 ), work_buf, 8  );
+        MBEDTLS_PUT_UINT32_BE( ( orig_len           ), work_buf, 12 );
 
         for( i = 0; i < 16; i++ )
             ctx->buf[i] ^= work_buf[i];
diff --git a/library/md5.c b/library/md5.c
index d8f637da83..e8d00216f0 100644
--- a/library/md5.c
+++ b/library/md5.c
@@ -87,22 +87,22 @@ int mbedtls_internal_md5_process( mbedtls_md5_context *ctx,
         uint32_t X[16], A, B, C, D;
     } local;
 
-    GET_UINT32_LE( local.X[ 0], data,  0 );
-    GET_UINT32_LE( local.X[ 1], data,  4 );
-    GET_UINT32_LE( local.X[ 2], data,  8 );
-    GET_UINT32_LE( local.X[ 3], data, 12 );
-    GET_UINT32_LE( local.X[ 4], data, 16 );
-    GET_UINT32_LE( local.X[ 5], data, 20 );
-    GET_UINT32_LE( local.X[ 6], data, 24 );
-    GET_UINT32_LE( local.X[ 7], data, 28 );
-    GET_UINT32_LE( local.X[ 8], data, 32 );
-    GET_UINT32_LE( local.X[ 9], data, 36 );
-    GET_UINT32_LE( local.X[10], data, 40 );
-    GET_UINT32_LE( local.X[11], data, 44 );
-    GET_UINT32_LE( local.X[12], data, 48 );
-    GET_UINT32_LE( local.X[13], data, 52 );
-    GET_UINT32_LE( local.X[14], data, 56 );
-    GET_UINT32_LE( local.X[15], data, 60 );
+    MBEDTLS_GET_UINT32_LE( local.X[ 0], data,  0 );
+    MBEDTLS_GET_UINT32_LE( local.X[ 1], data,  4 );
+    MBEDTLS_GET_UINT32_LE( local.X[ 2], data,  8 );
+    MBEDTLS_GET_UINT32_LE( local.X[ 3], data, 12 );
+    MBEDTLS_GET_UINT32_LE( local.X[ 4], data, 16 );
+    MBEDTLS_GET_UINT32_LE( local.X[ 5], data, 20 );
+    MBEDTLS_GET_UINT32_LE( local.X[ 6], data, 24 );
+    MBEDTLS_GET_UINT32_LE( local.X[ 7], data, 28 );
+    MBEDTLS_GET_UINT32_LE( local.X[ 8], data, 32 );
+    MBEDTLS_GET_UINT32_LE( local.X[ 9], data, 36 );
+    MBEDTLS_GET_UINT32_LE( local.X[10], data, 40 );
+    MBEDTLS_GET_UINT32_LE( local.X[11], data, 44 );
+    MBEDTLS_GET_UINT32_LE( local.X[12], data, 48 );
+    MBEDTLS_GET_UINT32_LE( local.X[13], data, 52 );
+    MBEDTLS_GET_UINT32_LE( local.X[14], data, 56 );
+    MBEDTLS_GET_UINT32_LE( local.X[15], data, 60 );
 
 #define S(x,n)                                                          \
     ( ( (x) << (n) ) | ( ( (x) & 0xFFFFFFFF) >> ( 32 - (n) ) ) )
@@ -307,8 +307,8 @@ int mbedtls_md5_finish( mbedtls_md5_context *ctx,
          | ( ctx->total[1] <<  3 );
     low  = ( ctx->total[0] <<  3 );
 
-    PUT_UINT32_LE( low,  ctx->buffer, 56 );
-    PUT_UINT32_LE( high, ctx->buffer, 60 );
+    MBEDTLS_PUT_UINT32_LE( low,  ctx->buffer, 56 );
+    MBEDTLS_PUT_UINT32_LE( high, ctx->buffer, 60 );
 
     if( ( ret = mbedtls_internal_md5_process( ctx, ctx->buffer ) ) != 0 )
         return( ret );
@@ -316,10 +316,10 @@ int mbedtls_md5_finish( mbedtls_md5_context *ctx,
     /*
      * Output final state
      */
-    PUT_UINT32_LE( ctx->state[0], output,  0 );
-    PUT_UINT32_LE( ctx->state[1], output,  4 );
-    PUT_UINT32_LE( ctx->state[2], output,  8 );
-    PUT_UINT32_LE( ctx->state[3], output, 12 );
+    MBEDTLS_PUT_UINT32_LE( ctx->state[0], output,  0 );
+    MBEDTLS_PUT_UINT32_LE( ctx->state[1], output,  4 );
+    MBEDTLS_PUT_UINT32_LE( ctx->state[2], output,  8 );
+    MBEDTLS_PUT_UINT32_LE( ctx->state[3], output, 12 );
 
     return( 0 );
 }
diff --git a/library/nist_kw.c b/library/nist_kw.c
index 174a1eef13..b8f9239992 100644
--- a/library/nist_kw.c
+++ b/library/nist_kw.c
@@ -223,7 +223,7 @@ int mbedtls_nist_kw_wrap( mbedtls_nist_kw_context *ctx,
         }
 
         memcpy( output, NIST_KW_ICV2, KW_SEMIBLOCK_LENGTH / 2 );
-        PUT_UINT32_BE( ( in_len & 0xffffffff ), output,
+        MBEDTLS_PUT_UINT32_BE( ( in_len & 0xffffffff ), output,
                        KW_SEMIBLOCK_LENGTH / 2 );
 
         memcpy( output + KW_SEMIBLOCK_LENGTH, input, in_len );
@@ -454,7 +454,7 @@ int mbedtls_nist_kw_unwrap( mbedtls_nist_kw_context *ctx,
             ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED;
         }
 
-        GET_UINT32_BE( Plen, A, KW_SEMIBLOCK_LENGTH / 2 );
+        MBEDTLS_GET_UINT32_BE( Plen, A, KW_SEMIBLOCK_LENGTH / 2 );
 
         /*
          * Plen is the length of the plaintext, when the input is valid.
diff --git a/library/poly1305.c b/library/poly1305.c
index a30b1707ed..3c0b7c6aa9 100644
--- a/library/poly1305.c
+++ b/library/poly1305.c
@@ -122,10 +122,10 @@ static void poly1305_process( mbedtls_poly1305_context *ctx,
     for( i = 0U; i < nblocks; i++ )
     {
         /* The input block is treated as a 128-bit little-endian integer */
-        d0   = BYTES_TO_U32_LE( input, offset + 0  );
-        d1   = BYTES_TO_U32_LE( input, offset + 4  );
-        d2   = BYTES_TO_U32_LE( input, offset + 8  );
-        d3   = BYTES_TO_U32_LE( input, offset + 12 );
+        d0   = MBEDTLS_BYTES_TO_U32_LE( input, offset + 0  );
+        d1   = MBEDTLS_BYTES_TO_U32_LE( input, offset + 4  );
+        d2   = MBEDTLS_BYTES_TO_U32_LE( input, offset + 8  );
+        d3   = MBEDTLS_BYTES_TO_U32_LE( input, offset + 12 );
 
         /* Compute: acc += (padded) block as a 130-bit integer */
         d0  += (uint64_t) acc0;
@@ -290,15 +290,15 @@ int mbedtls_poly1305_starts( mbedtls_poly1305_context *ctx,
     POLY1305_VALIDATE_RET( key != NULL );
 
     /* r &= 0x0ffffffc0ffffffc0ffffffc0fffffff */
-    ctx->r[0] = BYTES_TO_U32_LE( key, 0 )  & 0x0FFFFFFFU;
-    ctx->r[1] = BYTES_TO_U32_LE( key, 4 )  & 0x0FFFFFFCU;
-    ctx->r[2] = BYTES_TO_U32_LE( key, 8 )  & 0x0FFFFFFCU;
-    ctx->r[3] = BYTES_TO_U32_LE( key, 12 ) & 0x0FFFFFFCU;
+    ctx->r[0] = MBEDTLS_BYTES_TO_U32_LE( key, 0 )  & 0x0FFFFFFFU;
+    ctx->r[1] = MBEDTLS_BYTES_TO_U32_LE( key, 4 )  & 0x0FFFFFFCU;
+    ctx->r[2] = MBEDTLS_BYTES_TO_U32_LE( key, 8 )  & 0x0FFFFFFCU;
+    ctx->r[3] = MBEDTLS_BYTES_TO_U32_LE( key, 12 ) & 0x0FFFFFFCU;
 
-    ctx->s[0] = BYTES_TO_U32_LE( key, 16 );
-    ctx->s[1] = BYTES_TO_U32_LE( key, 20 );
-    ctx->s[2] = BYTES_TO_U32_LE( key, 24 );
-    ctx->s[3] = BYTES_TO_U32_LE( key, 28 );
+    ctx->s[0] = MBEDTLS_BYTES_TO_U32_LE( key, 16 );
+    ctx->s[1] = MBEDTLS_BYTES_TO_U32_LE( key, 20 );
+    ctx->s[2] = MBEDTLS_BYTES_TO_U32_LE( key, 24 );
+    ctx->s[3] = MBEDTLS_BYTES_TO_U32_LE( key, 28 );
 
     /* Initial accumulator state */
     ctx->acc[0] = 0U;
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index b46e023e5d..95aa0d5316 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -4506,8 +4506,8 @@ static psa_status_t psa_tls12_prf_psk_to_ms_set_key(
      * uint16 with the value N, and the PSK itself.
      */
 
-    *cur++ = BYTE_1( data_length );
-    *cur++ = BYTE_0( data_length );
+    *cur++ = MBEDTLS_BYTE_1( data_length );
+    *cur++ = MBEDTLS_BYTE_0( data_length );
     memset( cur, 0, data_length );
     cur += data_length;
     *cur++ = pms[0];
diff --git a/library/psa_crypto_storage.c b/library/psa_crypto_storage.c
index 36b518350c..3646953a57 100644
--- a/library/psa_crypto_storage.c
+++ b/library/psa_crypto_storage.c
@@ -275,14 +275,14 @@ void psa_format_key_data_for_storage( const uint8_t *data,
         (psa_persistent_key_storage_format *) storage_data;
 
     memcpy( storage_format->magic, PSA_KEY_STORAGE_MAGIC_HEADER, PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH );
-    PUT_UINT32_LE( 0, storage_format->version, 0 );
-    PUT_UINT32_LE( attr->lifetime, storage_format->lifetime, 0 );
+    MBEDTLS_PUT_UINT32_LE( 0, storage_format->version, 0 );
+    MBEDTLS_PUT_UINT32_LE( attr->lifetime, storage_format->lifetime, 0 );
     PUT_UINT16_LE( (uint16_t) attr->type, storage_format->type, 0 );
     PUT_UINT16_LE( (uint16_t) attr->bits, storage_format->bits, 0 );
-    PUT_UINT32_LE( attr->policy.usage, storage_format->policy, 0 );
-    PUT_UINT32_LE( attr->policy.alg, storage_format->policy, sizeof( uint32_t ) );
-    PUT_UINT32_LE( attr->policy.alg2, storage_format->policy, 2 * sizeof( uint32_t ) );
-    PUT_UINT32_LE( data_length, storage_format->data_len, 0 );
+    MBEDTLS_PUT_UINT32_LE( attr->policy.usage, storage_format->policy, 0 );
+    MBEDTLS_PUT_UINT32_LE( attr->policy.alg, storage_format->policy, sizeof( uint32_t ) );
+    MBEDTLS_PUT_UINT32_LE( attr->policy.alg2, storage_format->policy, 2 * sizeof( uint32_t ) );
+    MBEDTLS_PUT_UINT32_LE( data_length, storage_format->data_len, 0 );
     memcpy( storage_format->key_data, data, data_length );
 }
 
@@ -312,11 +312,11 @@ psa_status_t psa_parse_key_data_from_storage( const uint8_t *storage_data,
     if( status != PSA_SUCCESS )
         return( status );
 
-    GET_UINT32_LE( version, storage_format->version, 0 );
+    MBEDTLS_GET_UINT32_LE( version, storage_format->version, 0 );
     if( version != 0 )
         return( PSA_ERROR_DATA_INVALID );
 
-    GET_UINT32_LE( *key_data_length, storage_format->data_len, 0 );
+    MBEDTLS_GET_UINT32_LE( *key_data_length, storage_format->data_len, 0 );
     if( *key_data_length > ( storage_data_length - sizeof(*storage_format) ) ||
         *key_data_length > PSA_CRYPTO_MAX_STORAGE_SIZE )
         return( PSA_ERROR_DATA_INVALID );
@@ -333,12 +333,12 @@ psa_status_t psa_parse_key_data_from_storage( const uint8_t *storage_data,
         memcpy( *key_data, storage_format->key_data, *key_data_length );
     }
 
-    GET_UINT32_LE( attr->lifetime, storage_format->lifetime, 0 );
+    MBEDTLS_GET_UINT32_LE( attr->lifetime, storage_format->lifetime, 0 );
     GET_UINT16_LE( attr->type, storage_format->type, 0 );
     GET_UINT16_LE( attr->bits, storage_format->bits, 0 );
-    GET_UINT32_LE( attr->policy.usage, storage_format->policy, 0 );
-    GET_UINT32_LE( attr->policy.alg, storage_format->policy, sizeof( uint32_t ) );
-    GET_UINT32_LE( attr->policy.alg2, storage_format->policy, 2 * sizeof( uint32_t ) );
+    MBEDTLS_GET_UINT32_LE( attr->policy.usage, storage_format->policy, 0 );
+    MBEDTLS_GET_UINT32_LE( attr->policy.alg, storage_format->policy, sizeof( uint32_t ) );
+    MBEDTLS_GET_UINT32_LE( attr->policy.alg2, storage_format->policy, 2 * sizeof( uint32_t ) );
 
     return( PSA_SUCCESS );
 }
diff --git a/library/psa_its_file.c b/library/psa_its_file.c
index 66043b502e..c3b19a74ac 100644
--- a/library/psa_its_file.c
+++ b/library/psa_its_file.c
@@ -191,14 +191,14 @@ psa_status_t psa_its_set( psa_storage_uid_t uid,
     size_t n;
 
     memcpy( header.magic, PSA_ITS_MAGIC_STRING, PSA_ITS_MAGIC_LENGTH );
-    header.size[0] = BYTE_0( data_length );
-    header.size[1] = BYTE_1( data_length );
-    header.size[2] = BYTE_2( data_length );
-    header.size[3] = BYTE_3( data_length );
-    header.flags[0] = BYTE_0( create_flags );
-    header.flags[1] = BYTE_1( create_flags );
-    header.flags[2] = BYTE_2( create_flags );
-    header.flags[3] = BYTE_3( create_flags );
+    header.size[0] = MBEDTLS_BYTE_0( data_length );
+    header.size[1] = MBEDTLS_BYTE_1( data_length );
+    header.size[2] = MBEDTLS_BYTE_2( data_length );
+    header.size[3] = MBEDTLS_BYTE_3( data_length );
+    header.flags[0] = MBEDTLS_BYTE_0( create_flags );
+    header.flags[1] = MBEDTLS_BYTE_1( create_flags );
+    header.flags[2] = MBEDTLS_BYTE_2( create_flags );
+    header.flags[3] = MBEDTLS_BYTE_3( create_flags );
 
     psa_its_fill_filename( uid, filename );
     stream = fopen( PSA_ITS_STORAGE_TEMP, "wb" );
diff --git a/library/ripemd160.c b/library/ripemd160.c
index d60654e952..2bed107230 100644
--- a/library/ripemd160.c
+++ b/library/ripemd160.c
@@ -92,22 +92,22 @@ int mbedtls_internal_ripemd160_process( mbedtls_ripemd160_context *ctx,
         uint32_t A, B, C, D, E, Ap, Bp, Cp, Dp, Ep, X[16];
     } local;
 
-    GET_UINT32_LE( local.X[ 0], data,  0 );
-    GET_UINT32_LE( local.X[ 1], data,  4 );
-    GET_UINT32_LE( local.X[ 2], data,  8 );
-    GET_UINT32_LE( local.X[ 3], data, 12 );
-    GET_UINT32_LE( local.X[ 4], data, 16 );
-    GET_UINT32_LE( local.X[ 5], data, 20 );
-    GET_UINT32_LE( local.X[ 6], data, 24 );
-    GET_UINT32_LE( local.X[ 7], data, 28 );
-    GET_UINT32_LE( local.X[ 8], data, 32 );
-    GET_UINT32_LE( local.X[ 9], data, 36 );
-    GET_UINT32_LE( local.X[10], data, 40 );
-    GET_UINT32_LE( local.X[11], data, 44 );
-    GET_UINT32_LE( local.X[12], data, 48 );
-    GET_UINT32_LE( local.X[13], data, 52 );
-    GET_UINT32_LE( local.X[14], data, 56 );
-    GET_UINT32_LE( local.X[15], data, 60 );
+    MBEDTLS_GET_UINT32_LE( local.X[ 0], data,  0 );
+    MBEDTLS_GET_UINT32_LE( local.X[ 1], data,  4 );
+    MBEDTLS_GET_UINT32_LE( local.X[ 2], data,  8 );
+    MBEDTLS_GET_UINT32_LE( local.X[ 3], data, 12 );
+    MBEDTLS_GET_UINT32_LE( local.X[ 4], data, 16 );
+    MBEDTLS_GET_UINT32_LE( local.X[ 5], data, 20 );
+    MBEDTLS_GET_UINT32_LE( local.X[ 6], data, 24 );
+    MBEDTLS_GET_UINT32_LE( local.X[ 7], data, 28 );
+    MBEDTLS_GET_UINT32_LE( local.X[ 8], data, 32 );
+    MBEDTLS_GET_UINT32_LE( local.X[ 9], data, 36 );
+    MBEDTLS_GET_UINT32_LE( local.X[10], data, 40 );
+    MBEDTLS_GET_UINT32_LE( local.X[11], data, 44 );
+    MBEDTLS_GET_UINT32_LE( local.X[12], data, 48 );
+    MBEDTLS_GET_UINT32_LE( local.X[13], data, 52 );
+    MBEDTLS_GET_UINT32_LE( local.X[14], data, 56 );
+    MBEDTLS_GET_UINT32_LE( local.X[15], data, 60 );
 
     local.A = local.Ap = ctx->state[0];
     local.B = local.Bp = ctx->state[1];
@@ -354,8 +354,8 @@ int mbedtls_ripemd160_finish( mbedtls_ripemd160_context *ctx,
          | ( ctx->total[1] <<  3 );
     low  = ( ctx->total[0] <<  3 );
 
-    PUT_UINT32_LE( low,  msglen, 0 );
-    PUT_UINT32_LE( high, msglen, 4 );
+    MBEDTLS_PUT_UINT32_LE( low,  msglen, 0 );
+    MBEDTLS_PUT_UINT32_LE( high, msglen, 4 );
 
     last = ctx->total[0] & 0x3F;
     padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
@@ -368,11 +368,11 @@ int mbedtls_ripemd160_finish( mbedtls_ripemd160_context *ctx,
     if( ret != 0 )
         return( ret );
 
-    PUT_UINT32_LE( ctx->state[0], output,  0 );
-    PUT_UINT32_LE( ctx->state[1], output,  4 );
-    PUT_UINT32_LE( ctx->state[2], output,  8 );
-    PUT_UINT32_LE( ctx->state[3], output, 12 );
-    PUT_UINT32_LE( ctx->state[4], output, 16 );
+    MBEDTLS_PUT_UINT32_LE( ctx->state[0], output,  0 );
+    MBEDTLS_PUT_UINT32_LE( ctx->state[1], output,  4 );
+    MBEDTLS_PUT_UINT32_LE( ctx->state[2], output,  8 );
+    MBEDTLS_PUT_UINT32_LE( ctx->state[3], output, 12 );
+    MBEDTLS_PUT_UINT32_LE( ctx->state[4], output, 16 );
 
     return( 0 );
 }
diff --git a/library/sha1.c b/library/sha1.c
index 9beaee5a54..da61f65fca 100644
--- a/library/sha1.c
+++ b/library/sha1.c
@@ -103,22 +103,22 @@ int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx,
     SHA1_VALIDATE_RET( ctx != NULL );
     SHA1_VALIDATE_RET( (const unsigned char *)data != NULL );
 
-    GET_UINT32_BE( local.W[ 0], data,  0 );
-    GET_UINT32_BE( local.W[ 1], data,  4 );
-    GET_UINT32_BE( local.W[ 2], data,  8 );
-    GET_UINT32_BE( local.W[ 3], data, 12 );
-    GET_UINT32_BE( local.W[ 4], data, 16 );
-    GET_UINT32_BE( local.W[ 5], data, 20 );
-    GET_UINT32_BE( local.W[ 6], data, 24 );
-    GET_UINT32_BE( local.W[ 7], data, 28 );
-    GET_UINT32_BE( local.W[ 8], data, 32 );
-    GET_UINT32_BE( local.W[ 9], data, 36 );
-    GET_UINT32_BE( local.W[10], data, 40 );
-    GET_UINT32_BE( local.W[11], data, 44 );
-    GET_UINT32_BE( local.W[12], data, 48 );
-    GET_UINT32_BE( local.W[13], data, 52 );
-    GET_UINT32_BE( local.W[14], data, 56 );
-    GET_UINT32_BE( local.W[15], data, 60 );
+    MBEDTLS_GET_UINT32_BE( local.W[ 0], data,  0 );
+    MBEDTLS_GET_UINT32_BE( local.W[ 1], data,  4 );
+    MBEDTLS_GET_UINT32_BE( local.W[ 2], data,  8 );
+    MBEDTLS_GET_UINT32_BE( local.W[ 3], data, 12 );
+    MBEDTLS_GET_UINT32_BE( local.W[ 4], data, 16 );
+    MBEDTLS_GET_UINT32_BE( local.W[ 5], data, 20 );
+    MBEDTLS_GET_UINT32_BE( local.W[ 6], data, 24 );
+    MBEDTLS_GET_UINT32_BE( local.W[ 7], data, 28 );
+    MBEDTLS_GET_UINT32_BE( local.W[ 8], data, 32 );
+    MBEDTLS_GET_UINT32_BE( local.W[ 9], data, 36 );
+    MBEDTLS_GET_UINT32_BE( local.W[10], data, 40 );
+    MBEDTLS_GET_UINT32_BE( local.W[11], data, 44 );
+    MBEDTLS_GET_UINT32_BE( local.W[12], data, 48 );
+    MBEDTLS_GET_UINT32_BE( local.W[13], data, 52 );
+    MBEDTLS_GET_UINT32_BE( local.W[14], data, 56 );
+    MBEDTLS_GET_UINT32_BE( local.W[15], data, 60 );
 
 #define S(x,n) (((x) << (n)) | (((x) & 0xFFFFFFFF) >> (32 - (n))))
 
@@ -362,8 +362,8 @@ int mbedtls_sha1_finish( mbedtls_sha1_context *ctx,
          | ( ctx->total[1] <<  3 );
     low  = ( ctx->total[0] <<  3 );
 
-    PUT_UINT32_BE( high, ctx->buffer, 56 );
-    PUT_UINT32_BE( low,  ctx->buffer, 60 );
+    MBEDTLS_PUT_UINT32_BE( high, ctx->buffer, 56 );
+    MBEDTLS_PUT_UINT32_BE( low,  ctx->buffer, 60 );
 
     if( ( ret = mbedtls_internal_sha1_process( ctx, ctx->buffer ) ) != 0 )
         return( ret );
@@ -371,11 +371,11 @@ int mbedtls_sha1_finish( mbedtls_sha1_context *ctx,
     /*
      * Output final state
      */
-    PUT_UINT32_BE( ctx->state[0], output,  0 );
-    PUT_UINT32_BE( ctx->state[1], output,  4 );
-    PUT_UINT32_BE( ctx->state[2], output,  8 );
-    PUT_UINT32_BE( ctx->state[3], output, 12 );
-    PUT_UINT32_BE( ctx->state[4], output, 16 );
+    MBEDTLS_PUT_UINT32_BE( ctx->state[0], output,  0 );
+    MBEDTLS_PUT_UINT32_BE( ctx->state[1], output,  4 );
+    MBEDTLS_PUT_UINT32_BE( ctx->state[2], output,  8 );
+    MBEDTLS_PUT_UINT32_BE( ctx->state[3], output, 12 );
+    MBEDTLS_PUT_UINT32_BE( ctx->state[4], output, 16 );
 
     return( 0 );
 }
diff --git a/library/sha256.c b/library/sha256.c
index f548c672ea..fb66340b20 100644
--- a/library/sha256.c
+++ b/library/sha256.c
@@ -190,7 +190,7 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx,
     for( i = 0; i < 64; i++ )
     {
         if( i < 16 )
-            GET_UINT32_BE( local.W[i], data, 4 * i );
+            MBEDTLS_GET_UINT32_BE( local.W[i], data, 4 * i );
         else
             R( i );
 
@@ -205,7 +205,7 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx,
     }
 #else /* MBEDTLS_SHA256_SMALLER */
     for( i = 0; i < 16; i++ )
-        GET_UINT32_BE( local.W[i], data, 4 * i );
+        MBEDTLS_GET_UINT32_BE( local.W[i], data, 4 * i );
 
     for( i = 0; i < 16; i += 8 )
     {
@@ -355,8 +355,8 @@ int mbedtls_sha256_finish( mbedtls_sha256_context *ctx,
          | ( ctx->total[1] <<  3 );
     low  = ( ctx->total[0] <<  3 );
 
-    PUT_UINT32_BE( high, ctx->buffer, 56 );
-    PUT_UINT32_BE( low,  ctx->buffer, 60 );
+    MBEDTLS_PUT_UINT32_BE( high, ctx->buffer, 56 );
+    MBEDTLS_PUT_UINT32_BE( low,  ctx->buffer, 60 );
 
     if( ( ret = mbedtls_internal_sha256_process( ctx, ctx->buffer ) ) != 0 )
         return( ret );
@@ -364,18 +364,18 @@ int mbedtls_sha256_finish( mbedtls_sha256_context *ctx,
     /*
      * Output final state
      */
-    PUT_UINT32_BE( ctx->state[0], output,  0 );
-    PUT_UINT32_BE( ctx->state[1], output,  4 );
-    PUT_UINT32_BE( ctx->state[2], output,  8 );
-    PUT_UINT32_BE( ctx->state[3], output, 12 );
-    PUT_UINT32_BE( ctx->state[4], output, 16 );
-    PUT_UINT32_BE( ctx->state[5], output, 20 );
-    PUT_UINT32_BE( ctx->state[6], output, 24 );
+    MBEDTLS_PUT_UINT32_BE( ctx->state[0], output,  0 );
+    MBEDTLS_PUT_UINT32_BE( ctx->state[1], output,  4 );
+    MBEDTLS_PUT_UINT32_BE( ctx->state[2], output,  8 );
+    MBEDTLS_PUT_UINT32_BE( ctx->state[3], output, 12 );
+    MBEDTLS_PUT_UINT32_BE( ctx->state[4], output, 16 );
+    MBEDTLS_PUT_UINT32_BE( ctx->state[5], output, 20 );
+    MBEDTLS_PUT_UINT32_BE( ctx->state[6], output, 24 );
 
 #if defined(MBEDTLS_SHA224_C)
     if( ctx->is224 == 0 )
 #endif
-        PUT_UINT32_BE( ctx->state[7], output, 28 );
+        MBEDTLS_PUT_UINT32_BE( ctx->state[7], output, 28 );
 
     return( 0 );
 }
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index f3dbba82b9..77904e0a1b 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -2255,13 +2255,13 @@ int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl )
              * Handshake headers: type(1) len(3) seq(2) f_off(3) f_len(3) */
             memcpy( ssl->out_msg, cur->p, 6 );
 
-            ssl->out_msg[6] = BYTE_2( frag_off );
-            ssl->out_msg[7] = BYTE_1( frag_off );
-            ssl->out_msg[8] = BYTE_0( frag_off );
+            ssl->out_msg[6] = MBEDTLS_BYTE_2( frag_off );
+            ssl->out_msg[7] = MBEDTLS_BYTE_1( frag_off );
+            ssl->out_msg[8] = MBEDTLS_BYTE_0( frag_off );
 
-            ssl->out_msg[ 9] = BYTE_2( cur_hs_frag_len );
-            ssl->out_msg[10] = BYTE_1( cur_hs_frag_len );
-            ssl->out_msg[11] = BYTE_0( cur_hs_frag_len );
+            ssl->out_msg[ 9] = MBEDTLS_BYTE_2( cur_hs_frag_len );
+            ssl->out_msg[10] = MBEDTLS_BYTE_1( cur_hs_frag_len );
+            ssl->out_msg[11] = MBEDTLS_BYTE_0( cur_hs_frag_len );
 
             MBEDTLS_SSL_DEBUG_BUF( 3, "handshake header", ssl->out_msg, 12 );
 
diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c
index 29d8345750..a7a55f1a75 100644
--- a/library/ssl_ticket.c
+++ b/library/ssl_ticket.c
@@ -245,8 +245,8 @@ int mbedtls_ssl_ticket_write( void *p_ticket,
     {
          goto cleanup;
     }
-    state_len_bytes[0] = BYTE_1( clear_len );
-    state_len_bytes[1] = BYTE_0( clear_len );
+    state_len_bytes[0] = MBEDTLS_BYTE_1( clear_len );
+    state_len_bytes[1] = MBEDTLS_BYTE_0( clear_len );
 
     /* Encrypt and authenticate */
     if( ( ret = mbedtls_cipher_auth_encrypt_ext( &key->ctx,

From 33f953d8104bd0a069fb77d0ecbc13d33d927fe5 Mon Sep 17 00:00:00 2001
From: Joe Subbiani <joe.subbiani@arm.com>
Date: Thu, 24 Jun 2021 16:49:38 +0100
Subject: [PATCH 310/966] Byte Reading Macros Changelog

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
---
 ChangeLog.d/issue4274.txt | 9 +++++++++
 1 file changed, 9 insertions(+)
 create mode 100644 ChangeLog.d/issue4274.txt

diff --git a/ChangeLog.d/issue4274.txt b/ChangeLog.d/issue4274.txt
new file mode 100644
index 0000000000..3e59ca5be1
--- /dev/null
+++ b/ChangeLog.d/issue4274.txt
@@ -0,0 +1,9 @@
+Changes
+   * Create 4 byte reading macros in library/common.h, used in files
+     within the same directory: MBEDTLS_BYTE_0... MBEDTLS_BYTE_3.
+   * Move the (PUT and GET) UINT32_ (BE and LE) macro functions into
+     library/common.h. Rename with the prefix MBEDTLS_ to satisfy
+     test/scripts/check-names.sh (e.g MBEDTLS_PUT_UINT32_LE).
+   * Move BYTES_TO_U32_LE macro function to library/common.h, also given
+     the prefix MBEDTLS_.
+     Fixes #4274.
\ No newline at end of file

From c46997377afb35a2fc4881cd202c8c4fe5667479 Mon Sep 17 00:00:00 2001
From: Joe Subbiani <joe.subbiani@arm.com>
Date: Fri, 25 Jun 2021 09:20:07 +0100
Subject: [PATCH 311/966] Fix formatting - Byte reading macros changelog

Missing newline at the end of changelog.d/issue4274

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
---
 ChangeLog.d/issue4274.txt | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/ChangeLog.d/issue4274.txt b/ChangeLog.d/issue4274.txt
index 3e59ca5be1..f0952f4307 100644
--- a/ChangeLog.d/issue4274.txt
+++ b/ChangeLog.d/issue4274.txt
@@ -1,9 +1,9 @@
-Changes
-   * Create 4 byte reading macros in library/common.h, used in files
-     within the same directory: MBEDTLS_BYTE_0... MBEDTLS_BYTE_3.
-   * Move the (PUT and GET) UINT32_ (BE and LE) macro functions into
-     library/common.h. Rename with the prefix MBEDTLS_ to satisfy
-     test/scripts/check-names.sh (e.g MBEDTLS_PUT_UINT32_LE).
-   * Move BYTES_TO_U32_LE macro function to library/common.h, also given
-     the prefix MBEDTLS_.
-     Fixes #4274.
\ No newline at end of file
+Changes
+   * Create 4 byte reading macros in library/common.h, used in files
+     within the same directory: MBEDTLS_BYTE_0... MBEDTLS_BYTE_3.
+   * Move the (PUT and GET) UINT32_ (BE and LE) macro functions into
+     library/common.h. Rename with the prefix MBEDTLS_ to satisfy
+     test/scripts/check-names.sh (e.g MBEDTLS_PUT_UINT32_LE).
+   * Move BYTES_TO_U32_LE macro function to library/common.h, also given
+     the prefix MBEDTLS_.
+     Fixes #4274.

From 9fa9ac3612c0c542fa91c0fae003dcb37c1586a8 Mon Sep 17 00:00:00 2001
From: Joe Subbiani <joe.subbiani@arm.com>
Date: Mon, 5 Jul 2021 15:37:39 +0100
Subject: [PATCH 312/966] Move GET/PUT_UINT16_LE macros to common.h

Although these only appear in one file: psa_crypto_storage.c
it is tidy to give it the same prefix as the UINT32 macros
and to store them in the fame file

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
---
 library/common.h             | 31 ++++++++++++++++++++++++++-----
 library/psa_crypto_storage.c | 27 ++++-----------------------
 2 files changed, 30 insertions(+), 28 deletions(-)

diff --git a/library/common.h b/library/common.h
index 6dbc808d34..e85cbf28d0 100644
--- a/library/common.h
+++ b/library/common.h
@@ -80,7 +80,7 @@ extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const c
  * 32-bit integer manipulation macros (big endian)
  */
 #ifndef MBEDTLS_GET_UINT32_BE
-#define MBEDTLS_GET_UINT32_BE(n,b,i)                            \
+#define MBEDTLS_GET_UINT32_BE(n,b,i)                    \
     do {                                                \
         (n) = ( (uint32_t) (b)[(i)    ] << 24 )         \
             | ( (uint32_t) (b)[(i) + 1] << 16 )         \
@@ -90,7 +90,7 @@ extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const c
 #endif
 
 #ifndef MBEDTLS_PUT_UINT32_BE
-#define MBEDTLS_PUT_UINT32_BE(n,b,i)                            \
+#define MBEDTLS_PUT_UINT32_BE(n,b,i)                    \
     do {                                                \
         (b)[(i)    ] = (unsigned char) ( (n) >> 24 );   \
         (b)[(i) + 1] = (unsigned char) ( (n) >> 16 );   \
@@ -103,7 +103,7 @@ extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const c
  * 32-bit integer manipulation macros (little endian)
  */
 #ifndef MBEDTLS_GET_UINT32_LE
-#define MBEDTLS_GET_UINT32_LE(n,b,i)                            \
+#define MBEDTLS_GET_UINT32_LE(n,b,i)                    \
     do {                                                \
         (n) = ( (uint32_t) (b)[(i)    ]       )         \
             | ( (uint32_t) (b)[(i) + 1] <<  8 )         \
@@ -113,7 +113,7 @@ extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const c
 #endif
 
 #ifndef MBEDTLS_PUT_UINT32_LE
-#define MBEDTLS_PUT_UINT32_LE(n,b,i)                                        \
+#define MBEDTLS_PUT_UINT32_LE(n,b,i)                                \
     do {                                                            \
         (b)[(i)    ] = (unsigned char) ( ( (n)       ) & 0xFF );    \
         (b)[(i) + 1] = (unsigned char) ( ( (n) >>  8 ) & 0xFF );    \
@@ -125,11 +125,32 @@ extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const c
 /**
  * 32-bit integer conversion from bytes (little endian)
  */
-#define MBEDTLS_BYTES_TO_U32_LE( data, offset )                         \
+#define MBEDTLS_BYTES_TO_U32_LE( data, offset )                 \
     ( (uint32_t) (data)[offset]                                 \
       | (uint32_t) ( (uint32_t) (data)[( offset ) + 1] << 8 )   \
       | (uint32_t) ( (uint32_t) (data)[( offset ) + 2] << 16 )  \
       | (uint32_t) ( (uint32_t) (data)[( offset ) + 3] << 24 )  \
     )
 
+
+/*
+ * 16-bit integer manipulation macros (little endian)
+ */
+#ifndef MBEDTLS_GET_UINT16_LE
+#define MBEDTLS_GET_UINT16_LE( n, b, i )                \
+{                                                       \
+    (n) = ( (uint16_t) (b)[(i)    ]       )             \
+        | ( (uint16_t) (b)[(i) + 1] <<  8 );            \
+}
+#endif
+
+#ifndef MBEDTLS_PUT_UINT16_LE
+#define MBEDTLS_PUT_UINT16_LE( n, b, i )                        \
+{                                                               \
+    (b)[(i)    ] = (unsigned char) ( ( (n)       ) & 0xFF );    \
+    (b)[(i) + 1] = (unsigned char) ( ( (n) >>  8 ) & 0xFF );    \
+}
+#endif
+
+
 #endif /* MBEDTLS_LIBRARY_COMMON_H */
diff --git a/library/psa_crypto_storage.c b/library/psa_crypto_storage.c
index 3646953a57..07c2cdf600 100644
--- a/library/psa_crypto_storage.c
+++ b/library/psa_crypto_storage.c
@@ -230,25 +230,6 @@ static psa_status_t psa_crypto_storage_get_data_length(
     return( PSA_SUCCESS );
 }
 
-/*
- * 16-bit integer manipulation macros (little endian)
- */
-#ifndef GET_UINT16_LE
-#define GET_UINT16_LE( n, b, i )                        \
-{                                                       \
-    (n) = ( (uint16_t) (b)[(i)    ]       )             \
-        | ( (uint16_t) (b)[(i) + 1] <<  8 );            \
-}
-#endif
-
-#ifndef PUT_UINT16_LE
-#define PUT_UINT16_LE( n, b, i )                                \
-{                                                               \
-    (b)[(i)    ] = (unsigned char) ( ( (n)       ) & 0xFF );    \
-    (b)[(i) + 1] = (unsigned char) ( ( (n) >>  8 ) & 0xFF );    \
-}
-#endif
-
 /**
  * Persistent key storage magic header.
  */
@@ -277,8 +258,8 @@ void psa_format_key_data_for_storage( const uint8_t *data,
     memcpy( storage_format->magic, PSA_KEY_STORAGE_MAGIC_HEADER, PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH );
     MBEDTLS_PUT_UINT32_LE( 0, storage_format->version, 0 );
     MBEDTLS_PUT_UINT32_LE( attr->lifetime, storage_format->lifetime, 0 );
-    PUT_UINT16_LE( (uint16_t) attr->type, storage_format->type, 0 );
-    PUT_UINT16_LE( (uint16_t) attr->bits, storage_format->bits, 0 );
+    MBEDTLS_PUT_UINT16_LE( (uint16_t) attr->type, storage_format->type, 0 );
+    MBEDTLS_PUT_UINT16_LE( (uint16_t) attr->bits, storage_format->bits, 0 );
     MBEDTLS_PUT_UINT32_LE( attr->policy.usage, storage_format->policy, 0 );
     MBEDTLS_PUT_UINT32_LE( attr->policy.alg, storage_format->policy, sizeof( uint32_t ) );
     MBEDTLS_PUT_UINT32_LE( attr->policy.alg2, storage_format->policy, 2 * sizeof( uint32_t ) );
@@ -334,8 +315,8 @@ psa_status_t psa_parse_key_data_from_storage( const uint8_t *storage_data,
     }
 
     MBEDTLS_GET_UINT32_LE( attr->lifetime, storage_format->lifetime, 0 );
-    GET_UINT16_LE( attr->type, storage_format->type, 0 );
-    GET_UINT16_LE( attr->bits, storage_format->bits, 0 );
+    MBEDTLS_GET_UINT16_LE( attr->type, storage_format->type, 0 );
+    MBEDTLS_GET_UINT16_LE( attr->bits, storage_format->bits, 0 );
     MBEDTLS_GET_UINT32_LE( attr->policy.usage, storage_format->policy, 0 );
     MBEDTLS_GET_UINT32_LE( attr->policy.alg, storage_format->policy, sizeof( uint32_t ) );
     MBEDTLS_GET_UINT32_LE( attr->policy.alg2, storage_format->policy, 2 * sizeof( uint32_t ) );

From 394bdd662b7facd32cfbb8ccd24cc0593f38ac0d Mon Sep 17 00:00:00 2001
From: Joe Subbiani <joe.subbiani@arm.com>
Date: Wed, 7 Jul 2021 15:16:56 +0100
Subject: [PATCH 313/966] Document common.h and remove changelog

Added documenttion comments to common.h and removed the changelog
as it is not really necessary for refactoring.

Also modified a comment in aria.c to be clearer

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
---
 ChangeLog.d/issue4274.txt |  9 -------
 library/aria.c            |  3 ++-
 library/common.h          | 50 +++++++++++++++++++++++++++++++++++----
 3 files changed, 47 insertions(+), 15 deletions(-)
 delete mode 100644 ChangeLog.d/issue4274.txt

diff --git a/ChangeLog.d/issue4274.txt b/ChangeLog.d/issue4274.txt
deleted file mode 100644
index f0952f4307..0000000000
--- a/ChangeLog.d/issue4274.txt
+++ /dev/null
@@ -1,9 +0,0 @@
-Changes
-   * Create 4 byte reading macros in library/common.h, used in files
-     within the same directory: MBEDTLS_BYTE_0... MBEDTLS_BYTE_3.
-   * Move the (PUT and GET) UINT32_ (BE and LE) macro functions into
-     library/common.h. Rename with the prefix MBEDTLS_ to satisfy
-     test/scripts/check-names.sh (e.g MBEDTLS_PUT_UINT32_LE).
-   * Move BYTES_TO_U32_LE macro function to library/common.h, also given
-     the prefix MBEDTLS_.
-     Fixes #4274.
diff --git a/library/aria.c b/library/aria.c
index a6319d3e29..f4aa64107a 100644
--- a/library/aria.c
+++ b/library/aria.c
@@ -385,7 +385,8 @@ static void aria_fe_xor( uint32_t r[4], const uint32_t p[4],
  * Big endian 128-bit rotation: r = a ^ (b <<< n), used only in key setup.
  *
  * We chose to store bytes into 32-bit words in little-endian format (see
- * GET/MBEDTLS_PUT_UINT32_LE) so we need to reverse bytes here.
+ * MBEDTLS_GET_UINT32_LE / MBEDTLS_PUT_UINT32_LE ) so we need to reverse
+ * bytes here.
  */
 static void aria_rot128( uint32_t r[4], const uint32_t a[4],
                          const uint32_t b[4], uint8_t n )
diff --git a/library/common.h b/library/common.h
index e85cbf28d0..5115465e88 100644
--- a/library/common.h
+++ b/library/common.h
@@ -68,15 +68,36 @@ extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const c
 
 /** Byte Reading Macros
  *
- * To tidy up code and save horizontal and vertical space, use byte
- * reading macros to cast
+ * Obtain the most significant byte of x using 0xff
+ * Using MBEDTLS_BYTE_a will shift a*8 bits
+ * to retrieve the next byte of information
  */
 #define MBEDTLS_BYTE_0( x ) ( (uint8_t) ( ( x ) & 0xff ) )
 #define MBEDTLS_BYTE_1( x ) ( (uint8_t) ( ( ( x ) >> 8  ) & 0xff ) )
 #define MBEDTLS_BYTE_2( x ) ( (uint8_t) ( ( ( x ) >> 16 ) & 0xff ) )
 #define MBEDTLS_BYTE_3( x ) ( (uint8_t) ( ( ( x ) >> 24 ) & 0xff ) )
 
-/*
+/**
+ * 32-bit integer manipulation macros
+ *
+ * \brief   Using GET-
+ *          From input data, take the most significant bytes
+ *          and concatonate them as you shift along
+ *          Using PUT-
+ *          Read from a 32 bit integer and store each byte
+ *          in memory, offset by a byte each, resulting in
+ *          each byte being adjacent in memory.
+ *
+ * \param   n   32 bit integer where data is accessed via
+ *              PUT or stored using GET
+ * \param   b   const unsigned char array of data to be
+ *              manipulated
+ * \param   i   offset in bytes, In the case of UINT32, i
+ *              would increment by 4 every use assuming
+ *              the data is being stored in the same location
+ */
+
+/**
  * 32-bit integer manipulation macros (big endian)
  */
 #ifndef MBEDTLS_GET_UINT32_BE
@@ -99,7 +120,7 @@ extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const c
     } while( 0 )
 #endif
 
-/*
+/**
  * 32-bit integer manipulation macros (little endian)
  */
 #ifndef MBEDTLS_GET_UINT32_LE
@@ -132,8 +153,27 @@ extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const c
       | (uint32_t) ( (uint32_t) (data)[( offset ) + 3] << 24 )  \
     )
 
+/**
+ * 16-bit integer manipulation macros
+ *
+ * \brief   Using GET-
+ *          From input data, take the most significant bytes
+ *          and concatonate them as you shift along
+ *          Using PUT-
+ *          Read from a 16 bit integer and store each byte
+ *          in memory, offset by a byte each, resulting in
+ *          each byte being adjacent in memory.
+ *
+ * \param   n   16 bit integer where data is accessed via
+ *              PUT or stored using GET
+ * \param   b   const unsigned char array of data to be
+ *              manipulated
+ * \param   i   offset in bytes, In the case of UINT16, i
+ *              would increment by 2 every use assuming
+ *              the data is being stored in the same location
+ */
 
-/*
+/**
  * 16-bit integer manipulation macros (little endian)
  */
 #ifndef MBEDTLS_GET_UINT16_LE

From 6a5063149756e1d5d12b0497867f5c22aaa8100e Mon Sep 17 00:00:00 2001
From: Joe Subbiani <joe.subbiani@arm.com>
Date: Wed, 7 Jul 2021 16:56:29 +0100
Subject: [PATCH 314/966] GET macros use a target variable

The GET macros used to write to a macro parameter, but now
they can be used to assign a value to the desired variable
rather than pass it in as an argument and have it modified
in the macro function.

Due to this MBEDTLS_BYTES_TO_U32_LE is the same as
MBEDTLS_GET_UINT32_LE and was there for replaced in the
appropriate files and removed from common.h

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
---
 library/aes.c                |  18 ++---
 library/aria.c               |  24 +++---
 library/camellia.c           |  14 ++--
 library/chacha20.c           |  22 ++---
 library/common.h             | 151 +++++++++++++++++++++--------------
 library/des.c                |  12 +--
 library/gcm.c                |   8 +-
 library/md5.c                |  32 ++++----
 library/nist_kw.c            |   2 +-
 library/poly1305.c           |  24 +++---
 library/psa_crypto_storage.c |  16 ++--
 library/ripemd160.c          |  32 ++++----
 library/sha1.c               |  32 ++++----
 library/sha256.c             |   4 +-
 14 files changed, 211 insertions(+), 180 deletions(-)

diff --git a/library/aes.c b/library/aes.c
index db726fe36b..7a44a78408 100644
--- a/library/aes.c
+++ b/library/aes.c
@@ -567,7 +567,7 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
 
     for( i = 0; i < ( keybits >> 5 ); i++ )
     {
-        MBEDTLS_GET_UINT32_LE( RK[i], key, i << 2 );
+        RK[i] = MBEDTLS_GET_UINT32_LE( key, i << 2 );
     }
 
     switch( ctx->nr )
@@ -850,10 +850,10 @@ int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx,
         uint32_t Y[4];
     } t;
 
-    MBEDTLS_GET_UINT32_LE( t.X[0], input,  0 ); t.X[0] ^= *RK++;
-    MBEDTLS_GET_UINT32_LE( t.X[1], input,  4 ); t.X[1] ^= *RK++;
-    MBEDTLS_GET_UINT32_LE( t.X[2], input,  8 ); t.X[2] ^= *RK++;
-    MBEDTLS_GET_UINT32_LE( t.X[3], input, 12 ); t.X[3] ^= *RK++;
+    t.X[0] = MBEDTLS_GET_UINT32_LE( input,  0 ); t.X[0] ^= *RK++;
+    t.X[1] = MBEDTLS_GET_UINT32_LE( input,  4 ); t.X[1] ^= *RK++;
+    t.X[2] = MBEDTLS_GET_UINT32_LE( input,  8 ); t.X[2] ^= *RK++;
+    t.X[3] = MBEDTLS_GET_UINT32_LE( input, 12 ); t.X[3] ^= *RK++;
 
     for( i = ( ctx->nr >> 1 ) - 1; i > 0; i-- )
     {
@@ -914,10 +914,10 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx,
         uint32_t Y[4];
     } t;
 
-    MBEDTLS_GET_UINT32_LE( t.X[0], input,  0 ); t.X[0] ^= *RK++;
-    MBEDTLS_GET_UINT32_LE( t.X[1], input,  4 ); t.X[1] ^= *RK++;
-    MBEDTLS_GET_UINT32_LE( t.X[2], input,  8 ); t.X[2] ^= *RK++;
-    MBEDTLS_GET_UINT32_LE( t.X[3], input, 12 ); t.X[3] ^= *RK++;
+    t.X[0] = MBEDTLS_GET_UINT32_LE( input,  0 ); t.X[0] ^= *RK++;
+    t.X[1] = MBEDTLS_GET_UINT32_LE( input,  4 ); t.X[1] ^= *RK++;
+    t.X[2] = MBEDTLS_GET_UINT32_LE( input,  8 ); t.X[2] ^= *RK++;
+    t.X[3] = MBEDTLS_GET_UINT32_LE( input, 12 ); t.X[3] ^= *RK++;
 
     for( i = ( ctx->nr >> 1 ) - 1; i > 0; i-- )
     {
diff --git a/library/aria.c b/library/aria.c
index f4aa64107a..320f7758ac 100644
--- a/library/aria.c
+++ b/library/aria.c
@@ -434,21 +434,21 @@ int mbedtls_aria_setkey_enc( mbedtls_aria_context *ctx,
         return( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA );
 
     /* Copy key to W0 (and potential remainder to W1) */
-    MBEDTLS_GET_UINT32_LE( w[0][0], key,  0 );
-    MBEDTLS_GET_UINT32_LE( w[0][1], key,  4 );
-    MBEDTLS_GET_UINT32_LE( w[0][2], key,  8 );
-    MBEDTLS_GET_UINT32_LE( w[0][3], key, 12 );
+    w[0][0] = MBEDTLS_GET_UINT32_LE( key,  0 );
+    w[0][1] = MBEDTLS_GET_UINT32_LE( key,  4 );
+    w[0][2] = MBEDTLS_GET_UINT32_LE( key,  8 );
+    w[0][3] = MBEDTLS_GET_UINT32_LE( key, 12 );
 
     memset( w[1], 0, 16 );
     if( keybits >= 192 )
     {
-        MBEDTLS_GET_UINT32_LE( w[1][0], key, 16 );  // 192 bit key
-        MBEDTLS_GET_UINT32_LE( w[1][1], key, 20 );
+        w[1][0] = MBEDTLS_GET_UINT32_LE( key, 16 );  // 192 bit key
+        w[1][1] = MBEDTLS_GET_UINT32_LE( key, 20 );
     }
     if( keybits == 256 )
     {
-        MBEDTLS_GET_UINT32_LE( w[1][2], key, 24 );  // 256 bit key
-        MBEDTLS_GET_UINT32_LE( w[1][3], key, 28 );
+        w[1][2] = MBEDTLS_GET_UINT32_LE( key, 24 );  // 256 bit key
+        w[1][3] = MBEDTLS_GET_UINT32_LE( key, 28 );
     }
 
     i = ( keybits - 128 ) >> 6;             // index: 0, 1, 2
@@ -525,10 +525,10 @@ int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx,
     ARIA_VALIDATE_RET( input != NULL );
     ARIA_VALIDATE_RET( output != NULL );
 
-    MBEDTLS_GET_UINT32_LE( a, input,  0 );
-    MBEDTLS_GET_UINT32_LE( b, input,  4 );
-    MBEDTLS_GET_UINT32_LE( c, input,  8 );
-    MBEDTLS_GET_UINT32_LE( d, input, 12 );
+    a = MBEDTLS_GET_UINT32_LE( input,  0 );
+    b = MBEDTLS_GET_UINT32_LE( input,  4 );
+    c = MBEDTLS_GET_UINT32_LE( input,  8 );
+    d = MBEDTLS_GET_UINT32_LE( input, 12 );
 
     i = 0;
     while( 1 )
diff --git a/library/camellia.c b/library/camellia.c
index 9aab7ab675..4d6b468e5d 100644
--- a/library/camellia.c
+++ b/library/camellia.c
@@ -353,8 +353,8 @@ int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx,
      * Prepare SIGMA values
      */
     for( i = 0; i < 6; i++ ) {
-        MBEDTLS_GET_UINT32_BE( SIGMA[i][0], SIGMA_CHARS[i], 0 );
-        MBEDTLS_GET_UINT32_BE( SIGMA[i][1], SIGMA_CHARS[i], 4 );
+        SIGMA[i][0] = MBEDTLS_GET_UINT32_BE( SIGMA_CHARS[i], 0 );
+        SIGMA[i][1] = MBEDTLS_GET_UINT32_BE( SIGMA_CHARS[i], 4 );
     }
 
     /*
@@ -365,7 +365,7 @@ int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx,
 
     /* Store KL, KR */
     for( i = 0; i < 8; i++ )
-        MBEDTLS_GET_UINT32_BE( KC[i], t, i * 4 );
+        KC[i] = MBEDTLS_GET_UINT32_BE( t, i * 4 );
 
     /* Generate KA */
     for( i = 0; i < 4; ++i )
@@ -491,10 +491,10 @@ int mbedtls_camellia_crypt_ecb( mbedtls_camellia_context *ctx,
     NR = ctx->nr;
     RK = ctx->rk;
 
-    MBEDTLS_GET_UINT32_BE( X[0], input,  0 );
-    MBEDTLS_GET_UINT32_BE( X[1], input,  4 );
-    MBEDTLS_GET_UINT32_BE( X[2], input,  8 );
-    MBEDTLS_GET_UINT32_BE( X[3], input, 12 );
+    X[0] = MBEDTLS_GET_UINT32_BE( input,  0 );
+    X[1] = MBEDTLS_GET_UINT32_BE( input,  4 );
+    X[2] = MBEDTLS_GET_UINT32_BE( input,  8 );
+    X[3] = MBEDTLS_GET_UINT32_BE( input, 12 );
 
     X[0] ^= *RK++;
     X[1] ^= *RK++;
diff --git a/library/chacha20.c b/library/chacha20.c
index d0d5741c7b..7015f99d59 100644
--- a/library/chacha20.c
+++ b/library/chacha20.c
@@ -205,14 +205,14 @@ int mbedtls_chacha20_setkey( mbedtls_chacha20_context *ctx,
     ctx->state[3] = 0x6b206574;
 
     /* Set key */
-    ctx->state[4]  = MBEDTLS_BYTES_TO_U32_LE( key, 0 );
-    ctx->state[5]  = MBEDTLS_BYTES_TO_U32_LE( key, 4 );
-    ctx->state[6]  = MBEDTLS_BYTES_TO_U32_LE( key, 8 );
-    ctx->state[7]  = MBEDTLS_BYTES_TO_U32_LE( key, 12 );
-    ctx->state[8]  = MBEDTLS_BYTES_TO_U32_LE( key, 16 );
-    ctx->state[9]  = MBEDTLS_BYTES_TO_U32_LE( key, 20 );
-    ctx->state[10] = MBEDTLS_BYTES_TO_U32_LE( key, 24 );
-    ctx->state[11] = MBEDTLS_BYTES_TO_U32_LE( key, 28 );
+    ctx->state[4]  = MBEDTLS_GET_UINT32_LE( key, 0 );
+    ctx->state[5]  = MBEDTLS_GET_UINT32_LE( key, 4 );
+    ctx->state[6]  = MBEDTLS_GET_UINT32_LE( key, 8 );
+    ctx->state[7]  = MBEDTLS_GET_UINT32_LE( key, 12 );
+    ctx->state[8]  = MBEDTLS_GET_UINT32_LE( key, 16 );
+    ctx->state[9]  = MBEDTLS_GET_UINT32_LE( key, 20 );
+    ctx->state[10] = MBEDTLS_GET_UINT32_LE( key, 24 );
+    ctx->state[11] = MBEDTLS_GET_UINT32_LE( key, 28 );
 
     return( 0 );
 }
@@ -228,9 +228,9 @@ int mbedtls_chacha20_starts( mbedtls_chacha20_context* ctx,
     ctx->state[12] = counter;
 
     /* Nonce */
-    ctx->state[13] = MBEDTLS_BYTES_TO_U32_LE( nonce, 0 );
-    ctx->state[14] = MBEDTLS_BYTES_TO_U32_LE( nonce, 4 );
-    ctx->state[15] = MBEDTLS_BYTES_TO_U32_LE( nonce, 8 );
+    ctx->state[13] = MBEDTLS_GET_UINT32_LE( nonce, 0 );
+    ctx->state[14] = MBEDTLS_GET_UINT32_LE( nonce, 4 );
+    ctx->state[15] = MBEDTLS_GET_UINT32_LE( nonce, 8 );
 
     mbedtls_platform_zeroize( ctx->keystream8, sizeof( ctx->keystream8 ) );
 
diff --git a/library/common.h b/library/common.h
index 5115465e88..4ecc0162bf 100644
--- a/library/common.h
+++ b/library/common.h
@@ -78,38 +78,45 @@ extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const c
 #define MBEDTLS_BYTE_3( x ) ( (uint8_t) ( ( ( x ) >> 24 ) & 0xff ) )
 
 /**
- * 32-bit integer manipulation macros
+ * 32-bit integer manipulation GET macros (big endian)
  *
- * \brief   Using GET-
- *          From input data, take the most significant bytes
- *          and concatonate them as you shift along
- *          Using PUT-
- *          Read from a 32 bit integer and store each byte
- *          in memory, offset by a byte each, resulting in
- *          each byte being adjacent in memory.
+ * \brief   Use this to assign an unsigned 32 bit integer
+ *          by taking data stored adjacent in memory that
+ *          can be accessed via on offset
+ *          Big Endian is used when wanting to
+ *          transmit the most signifcant bits first
  *
- * \param   n   32 bit integer where data is accessed via
- *              PUT or stored using GET
+ * \param   data    The data used to translate to a 32 bit
+ *                  integer
+ * \param   offset  the shift in bytes to access the next byte
+ *                  of data
+ */
+#ifndef MBEDTLS_GET_UINT32_BE
+#define MBEDTLS_GET_UINT32_BE( data , offset )              \
+    (                                                       \
+          ( (uint32_t) ( data )[( offset )    ] << 24 )     \
+        | ( (uint32_t) ( data )[( offset ) + 1] << 16 )     \
+        | ( (uint32_t) ( data )[( offset ) + 2] <<  8 )     \
+        | ( (uint32_t) ( data )[( offset ) + 3]       )     \
+    )
+#endif
+
+/**
+ * 32-bit integer manipulation PUT macros (big endian)
+ *
+ * \brief   Read from a 32 bit integer and store each byte
+ *          in memory, offset by a specified amount, resulting
+ *          in each byte being adjacent in memory.
+ *          Big Endian is used when wanting to
+ *          transmit the most signifcant bits first
+ *
+ * \param   n   32 bit integer where data is accessed
  * \param   b   const unsigned char array of data to be
  *              manipulated
  * \param   i   offset in bytes, In the case of UINT32, i
  *              would increment by 4 every use assuming
  *              the data is being stored in the same location
  */
-
-/**
- * 32-bit integer manipulation macros (big endian)
- */
-#ifndef MBEDTLS_GET_UINT32_BE
-#define MBEDTLS_GET_UINT32_BE(n,b,i)                    \
-    do {                                                \
-        (n) = ( (uint32_t) (b)[(i)    ] << 24 )         \
-            | ( (uint32_t) (b)[(i) + 1] << 16 )         \
-            | ( (uint32_t) (b)[(i) + 2] <<  8 )         \
-            | ( (uint32_t) (b)[(i) + 3]       );        \
-    } while( 0 )
-#endif
-
 #ifndef MBEDTLS_PUT_UINT32_BE
 #define MBEDTLS_PUT_UINT32_BE(n,b,i)                    \
     do {                                                \
@@ -121,18 +128,45 @@ extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const c
 #endif
 
 /**
- * 32-bit integer manipulation macros (little endian)
+ * 32-bit integer manipulation GET macros (little endian)
+ *
+ * \brief   Use this to assign an unsigned 32 bit integer
+ *          by taking data stored adjacent in memory that
+ *          can be accessed via on offset
+ *          Little Endian is used when wanting to
+ *          transmit the least signifcant bits first
+ *
+ * \param   data    The data used to translate to a 32 bit
+ *                  integer
+ * \param   offset  the shift in bytes to access the next byte
+ *                  of data
  */
 #ifndef MBEDTLS_GET_UINT32_LE
-#define MBEDTLS_GET_UINT32_LE(n,b,i)                    \
-    do {                                                \
-        (n) = ( (uint32_t) (b)[(i)    ]       )         \
-            | ( (uint32_t) (b)[(i) + 1] <<  8 )         \
-            | ( (uint32_t) (b)[(i) + 2] << 16 )         \
-            | ( (uint32_t) (b)[(i) + 3] << 24 );        \
-    } while( 0 )
+#define MBEDTLS_GET_UINT32_LE( data, offset )              \
+    (                                                      \
+          ( (uint32_t) ( data )[( offset )    ]       )    \
+        | ( (uint32_t) ( data )[( offset ) + 1] <<  8 )    \
+        | ( (uint32_t) ( data )[( offset ) + 2] << 16 )    \
+        | ( (uint32_t) ( data )[( offset ) + 3] << 24 )    \
+    )
 #endif
 
+/**
+ * 32-bit integer manipulation PUT macros (little endian)
+ *
+ * \brief   Read from a 32 bit integer and store each byte
+ *          in memory, offset by a specified amount, resulting
+ *          in each byte being adjacent in memory.
+ *          Little Endian is used when wanting to
+ *          transmit the least signifcant bits first
+ *
+ * \param   n   32 bit integer where data is accessed
+ * \param   b   const unsigned char array of data to be
+ *              manipulated
+ * \param   i   offset in bytes, In the case of UINT32, i
+ *              would increment by 4 every use assuming
+ *              the data is being stored in the same location
+ */
 #ifndef MBEDTLS_PUT_UINT32_LE
 #define MBEDTLS_PUT_UINT32_LE(n,b,i)                                \
     do {                                                            \
@@ -144,46 +178,43 @@ extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const c
 #endif
 
 /**
- * 32-bit integer conversion from bytes (little endian)
+ * 16-bit integer manipulation GET macros (little endian)
+ *
+ * \brief   Use this to assign an unsigned 16 bit integer
+ *          by taking data stored adjacent in memory that
+ *          can be accessed via on offset
+ *          Little Endian is used when wanting to
+ *          transmit the least signifcant bits first
+ *
+ * \param   data    The data used to translate to a 16 bit
+ *                  integer
+ * \param   offset  the shit in bytes to access the next byte
+ *                  of data
  */
-#define MBEDTLS_BYTES_TO_U32_LE( data, offset )                 \
-    ( (uint32_t) (data)[offset]                                 \
-      | (uint32_t) ( (uint32_t) (data)[( offset ) + 1] << 8 )   \
-      | (uint32_t) ( (uint32_t) (data)[( offset ) + 2] << 16 )  \
-      | (uint32_t) ( (uint32_t) (data)[( offset ) + 3] << 24 )  \
+#ifndef MBEDTLS_GET_UINT16_LE
+#define MBEDTLS_GET_UINT16_LE( data, offset )               \
+    (                                                       \
+          ( (uint16_t) ( data )[( offset )    ]       )     \
+        | ( (uint16_t) ( data )[( offset ) + 1] <<  8 )     \
     )
+#endif
 
 /**
- * 16-bit integer manipulation macros
+ * 16-bit integer manipulation PUT macros (little endian)
  *
- * \brief   Using GET-
- *          From input data, take the most significant bytes
- *          and concatonate them as you shift along
- *          Using PUT-
- *          Read from a 16 bit integer and store each byte
- *          in memory, offset by a byte each, resulting in
- *          each byte being adjacent in memory.
+ * \brief   Read from a 16 bit integer and store each byte
+ *          in memory, offset by a specified amount, resulting
+ *          in each byte being adjacent in memory.
+ *          Little Endian is used when wanting to
+ *          transmit the least signifcant bits first
  *
- * \param   n   16 bit integer where data is accessed via
- *              PUT or stored using GET
+ * \param   n   16 bit integer where data is accessed
  * \param   b   const unsigned char array of data to be
  *              manipulated
  * \param   i   offset in bytes, In the case of UINT16, i
  *              would increment by 2 every use assuming
  *              the data is being stored in the same location
  */
-
-/**
- * 16-bit integer manipulation macros (little endian)
- */
-#ifndef MBEDTLS_GET_UINT16_LE
-#define MBEDTLS_GET_UINT16_LE( n, b, i )                \
-{                                                       \
-    (n) = ( (uint16_t) (b)[(i)    ]       )             \
-        | ( (uint16_t) (b)[(i) + 1] <<  8 );            \
-}
-#endif
-
 #ifndef MBEDTLS_PUT_UINT16_LE
 #define MBEDTLS_PUT_UINT16_LE( n, b, i )                        \
 {                                                               \
diff --git a/library/des.c b/library/des.c
index 9281747de8..7f90faa044 100644
--- a/library/des.c
+++ b/library/des.c
@@ -400,8 +400,8 @@ void mbedtls_des_setkey( uint32_t SK[32], const unsigned char key[MBEDTLS_DES_KE
     int i;
     uint32_t X, Y, T;
 
-    MBEDTLS_GET_UINT32_BE( X, key, 0 );
-    MBEDTLS_GET_UINT32_BE( Y, key, 4 );
+    X = MBEDTLS_GET_UINT32_BE( key, 0 );
+    Y = MBEDTLS_GET_UINT32_BE( key, 4 );
 
     /*
      * Permuted Choice 1
@@ -610,8 +610,8 @@ int mbedtls_des_crypt_ecb( mbedtls_des_context *ctx,
 
     SK = ctx->sk;
 
-    MBEDTLS_GET_UINT32_BE( X, input, 0 );
-    MBEDTLS_GET_UINT32_BE( Y, input, 4 );
+    X = MBEDTLS_GET_UINT32_BE( input, 0 );
+    Y = MBEDTLS_GET_UINT32_BE( input, 4 );
 
     DES_IP( X, Y );
 
@@ -697,8 +697,8 @@ int mbedtls_des3_crypt_ecb( mbedtls_des3_context *ctx,
 
     SK = ctx->sk;
 
-    MBEDTLS_GET_UINT32_BE( X, input, 0 );
-    MBEDTLS_GET_UINT32_BE( Y, input, 4 );
+    X = MBEDTLS_GET_UINT32_BE( input, 0 );
+    Y = MBEDTLS_GET_UINT32_BE( input, 4 );
 
     DES_IP( X, Y );
 
diff --git a/library/gcm.c b/library/gcm.c
index 3caeed26de..910646b281 100644
--- a/library/gcm.c
+++ b/library/gcm.c
@@ -88,12 +88,12 @@ static int gcm_gen_table( mbedtls_gcm_context *ctx )
         return( ret );
 
     /* pack h as two 64-bits ints, big-endian */
-    MBEDTLS_GET_UINT32_BE( hi, h,  0  );
-    MBEDTLS_GET_UINT32_BE( lo, h,  4  );
+    hi = MBEDTLS_GET_UINT32_BE( h,  0  );
+    lo = MBEDTLS_GET_UINT32_BE( h,  4  );
     vh = (uint64_t) hi << 32 | lo;
 
-    MBEDTLS_GET_UINT32_BE( hi, h,  8  );
-    MBEDTLS_GET_UINT32_BE( lo, h,  12 );
+    hi = MBEDTLS_GET_UINT32_BE( h,  8  );
+    lo = MBEDTLS_GET_UINT32_BE( h,  12 );
     vl = (uint64_t) hi << 32 | lo;
 
     /* 8 = 1000 corresponds to 1 in GF(2^128) */
diff --git a/library/md5.c b/library/md5.c
index e8d00216f0..a9bbcb488b 100644
--- a/library/md5.c
+++ b/library/md5.c
@@ -87,22 +87,22 @@ int mbedtls_internal_md5_process( mbedtls_md5_context *ctx,
         uint32_t X[16], A, B, C, D;
     } local;
 
-    MBEDTLS_GET_UINT32_LE( local.X[ 0], data,  0 );
-    MBEDTLS_GET_UINT32_LE( local.X[ 1], data,  4 );
-    MBEDTLS_GET_UINT32_LE( local.X[ 2], data,  8 );
-    MBEDTLS_GET_UINT32_LE( local.X[ 3], data, 12 );
-    MBEDTLS_GET_UINT32_LE( local.X[ 4], data, 16 );
-    MBEDTLS_GET_UINT32_LE( local.X[ 5], data, 20 );
-    MBEDTLS_GET_UINT32_LE( local.X[ 6], data, 24 );
-    MBEDTLS_GET_UINT32_LE( local.X[ 7], data, 28 );
-    MBEDTLS_GET_UINT32_LE( local.X[ 8], data, 32 );
-    MBEDTLS_GET_UINT32_LE( local.X[ 9], data, 36 );
-    MBEDTLS_GET_UINT32_LE( local.X[10], data, 40 );
-    MBEDTLS_GET_UINT32_LE( local.X[11], data, 44 );
-    MBEDTLS_GET_UINT32_LE( local.X[12], data, 48 );
-    MBEDTLS_GET_UINT32_LE( local.X[13], data, 52 );
-    MBEDTLS_GET_UINT32_LE( local.X[14], data, 56 );
-    MBEDTLS_GET_UINT32_LE( local.X[15], data, 60 );
+    local.X[ 0] = MBEDTLS_GET_UINT32_LE( data,  0 );
+    local.X[ 1] = MBEDTLS_GET_UINT32_LE( data,  4 );
+    local.X[ 2] = MBEDTLS_GET_UINT32_LE( data,  8 );
+    local.X[ 3] = MBEDTLS_GET_UINT32_LE( data, 12 );
+    local.X[ 4] = MBEDTLS_GET_UINT32_LE( data, 16 );
+    local.X[ 5] = MBEDTLS_GET_UINT32_LE( data, 20 );
+    local.X[ 6] = MBEDTLS_GET_UINT32_LE( data, 24 );
+    local.X[ 7] = MBEDTLS_GET_UINT32_LE( data, 28 );
+    local.X[ 8] = MBEDTLS_GET_UINT32_LE( data, 32 );
+    local.X[ 9] = MBEDTLS_GET_UINT32_LE( data, 36 );
+    local.X[10] = MBEDTLS_GET_UINT32_LE( data, 40 );
+    local.X[11] = MBEDTLS_GET_UINT32_LE( data, 44 );
+    local.X[12] = MBEDTLS_GET_UINT32_LE( data, 48 );
+    local.X[13] = MBEDTLS_GET_UINT32_LE( data, 52 );
+    local.X[14] = MBEDTLS_GET_UINT32_LE( data, 56 );
+    local.X[15] = MBEDTLS_GET_UINT32_LE( data, 60 );
 
 #define S(x,n)                                                          \
     ( ( (x) << (n) ) | ( ( (x) & 0xFFFFFFFF) >> ( 32 - (n) ) ) )
diff --git a/library/nist_kw.c b/library/nist_kw.c
index b8f9239992..e2ab2566f5 100644
--- a/library/nist_kw.c
+++ b/library/nist_kw.c
@@ -454,7 +454,7 @@ int mbedtls_nist_kw_unwrap( mbedtls_nist_kw_context *ctx,
             ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED;
         }
 
-        MBEDTLS_GET_UINT32_BE( Plen, A, KW_SEMIBLOCK_LENGTH / 2 );
+        Plen = MBEDTLS_GET_UINT32_BE( A, KW_SEMIBLOCK_LENGTH / 2 );
 
         /*
          * Plen is the length of the plaintext, when the input is valid.
diff --git a/library/poly1305.c b/library/poly1305.c
index 3c0b7c6aa9..f19574253c 100644
--- a/library/poly1305.c
+++ b/library/poly1305.c
@@ -122,10 +122,10 @@ static void poly1305_process( mbedtls_poly1305_context *ctx,
     for( i = 0U; i < nblocks; i++ )
     {
         /* The input block is treated as a 128-bit little-endian integer */
-        d0   = MBEDTLS_BYTES_TO_U32_LE( input, offset + 0  );
-        d1   = MBEDTLS_BYTES_TO_U32_LE( input, offset + 4  );
-        d2   = MBEDTLS_BYTES_TO_U32_LE( input, offset + 8  );
-        d3   = MBEDTLS_BYTES_TO_U32_LE( input, offset + 12 );
+        d0   = MBEDTLS_GET_UINT32_LE( input, offset + 0  );
+        d1   = MBEDTLS_GET_UINT32_LE( input, offset + 4  );
+        d2   = MBEDTLS_GET_UINT32_LE( input, offset + 8  );
+        d3   = MBEDTLS_GET_UINT32_LE( input, offset + 12 );
 
         /* Compute: acc += (padded) block as a 130-bit integer */
         d0  += (uint64_t) acc0;
@@ -290,15 +290,15 @@ int mbedtls_poly1305_starts( mbedtls_poly1305_context *ctx,
     POLY1305_VALIDATE_RET( key != NULL );
 
     /* r &= 0x0ffffffc0ffffffc0ffffffc0fffffff */
-    ctx->r[0] = MBEDTLS_BYTES_TO_U32_LE( key, 0 )  & 0x0FFFFFFFU;
-    ctx->r[1] = MBEDTLS_BYTES_TO_U32_LE( key, 4 )  & 0x0FFFFFFCU;
-    ctx->r[2] = MBEDTLS_BYTES_TO_U32_LE( key, 8 )  & 0x0FFFFFFCU;
-    ctx->r[3] = MBEDTLS_BYTES_TO_U32_LE( key, 12 ) & 0x0FFFFFFCU;
+    ctx->r[0] = MBEDTLS_GET_UINT32_LE( key, 0 )  & 0x0FFFFFFFU;
+    ctx->r[1] = MBEDTLS_GET_UINT32_LE( key, 4 )  & 0x0FFFFFFCU;
+    ctx->r[2] = MBEDTLS_GET_UINT32_LE( key, 8 )  & 0x0FFFFFFCU;
+    ctx->r[3] = MBEDTLS_GET_UINT32_LE( key, 12 ) & 0x0FFFFFFCU;
 
-    ctx->s[0] = MBEDTLS_BYTES_TO_U32_LE( key, 16 );
-    ctx->s[1] = MBEDTLS_BYTES_TO_U32_LE( key, 20 );
-    ctx->s[2] = MBEDTLS_BYTES_TO_U32_LE( key, 24 );
-    ctx->s[3] = MBEDTLS_BYTES_TO_U32_LE( key, 28 );
+    ctx->s[0] = MBEDTLS_GET_UINT32_LE( key, 16 );
+    ctx->s[1] = MBEDTLS_GET_UINT32_LE( key, 20 );
+    ctx->s[2] = MBEDTLS_GET_UINT32_LE( key, 24 );
+    ctx->s[3] = MBEDTLS_GET_UINT32_LE( key, 28 );
 
     /* Initial accumulator state */
     ctx->acc[0] = 0U;
diff --git a/library/psa_crypto_storage.c b/library/psa_crypto_storage.c
index 07c2cdf600..c6660b9553 100644
--- a/library/psa_crypto_storage.c
+++ b/library/psa_crypto_storage.c
@@ -293,11 +293,11 @@ psa_status_t psa_parse_key_data_from_storage( const uint8_t *storage_data,
     if( status != PSA_SUCCESS )
         return( status );
 
-    MBEDTLS_GET_UINT32_LE( version, storage_format->version, 0 );
+    version = MBEDTLS_GET_UINT32_LE( storage_format->version, 0 );
     if( version != 0 )
         return( PSA_ERROR_DATA_INVALID );
 
-    MBEDTLS_GET_UINT32_LE( *key_data_length, storage_format->data_len, 0 );
+    *key_data_length = MBEDTLS_GET_UINT32_LE( storage_format->data_len, 0 );
     if( *key_data_length > ( storage_data_length - sizeof(*storage_format) ) ||
         *key_data_length > PSA_CRYPTO_MAX_STORAGE_SIZE )
         return( PSA_ERROR_DATA_INVALID );
@@ -314,12 +314,12 @@ psa_status_t psa_parse_key_data_from_storage( const uint8_t *storage_data,
         memcpy( *key_data, storage_format->key_data, *key_data_length );
     }
 
-    MBEDTLS_GET_UINT32_LE( attr->lifetime, storage_format->lifetime, 0 );
-    MBEDTLS_GET_UINT16_LE( attr->type, storage_format->type, 0 );
-    MBEDTLS_GET_UINT16_LE( attr->bits, storage_format->bits, 0 );
-    MBEDTLS_GET_UINT32_LE( attr->policy.usage, storage_format->policy, 0 );
-    MBEDTLS_GET_UINT32_LE( attr->policy.alg, storage_format->policy, sizeof( uint32_t ) );
-    MBEDTLS_GET_UINT32_LE( attr->policy.alg2, storage_format->policy, 2 * sizeof( uint32_t ) );
+    attr->lifetime = MBEDTLS_GET_UINT32_LE( storage_format->lifetime, 0 );
+    attr->type = MBEDTLS_GET_UINT16_LE( storage_format->type, 0 );
+    attr->bits = MBEDTLS_GET_UINT16_LE( storage_format->bits, 0 );
+    attr->policy.usage = MBEDTLS_GET_UINT32_LE( storage_format->policy, 0 );
+    attr->policy.alg = MBEDTLS_GET_UINT32_LE( storage_format->policy, sizeof( uint32_t ) );
+    attr->policy.alg2 = MBEDTLS_GET_UINT32_LE( storage_format->policy, 2 * sizeof( uint32_t ) );
 
     return( PSA_SUCCESS );
 }
diff --git a/library/ripemd160.c b/library/ripemd160.c
index 2bed107230..41d8387226 100644
--- a/library/ripemd160.c
+++ b/library/ripemd160.c
@@ -92,22 +92,22 @@ int mbedtls_internal_ripemd160_process( mbedtls_ripemd160_context *ctx,
         uint32_t A, B, C, D, E, Ap, Bp, Cp, Dp, Ep, X[16];
     } local;
 
-    MBEDTLS_GET_UINT32_LE( local.X[ 0], data,  0 );
-    MBEDTLS_GET_UINT32_LE( local.X[ 1], data,  4 );
-    MBEDTLS_GET_UINT32_LE( local.X[ 2], data,  8 );
-    MBEDTLS_GET_UINT32_LE( local.X[ 3], data, 12 );
-    MBEDTLS_GET_UINT32_LE( local.X[ 4], data, 16 );
-    MBEDTLS_GET_UINT32_LE( local.X[ 5], data, 20 );
-    MBEDTLS_GET_UINT32_LE( local.X[ 6], data, 24 );
-    MBEDTLS_GET_UINT32_LE( local.X[ 7], data, 28 );
-    MBEDTLS_GET_UINT32_LE( local.X[ 8], data, 32 );
-    MBEDTLS_GET_UINT32_LE( local.X[ 9], data, 36 );
-    MBEDTLS_GET_UINT32_LE( local.X[10], data, 40 );
-    MBEDTLS_GET_UINT32_LE( local.X[11], data, 44 );
-    MBEDTLS_GET_UINT32_LE( local.X[12], data, 48 );
-    MBEDTLS_GET_UINT32_LE( local.X[13], data, 52 );
-    MBEDTLS_GET_UINT32_LE( local.X[14], data, 56 );
-    MBEDTLS_GET_UINT32_LE( local.X[15], data, 60 );
+    local.X[ 0] = MBEDTLS_GET_UINT32_LE( data,  0 );
+    local.X[ 1] = MBEDTLS_GET_UINT32_LE( data,  4 );
+    local.X[ 2] = MBEDTLS_GET_UINT32_LE( data,  8 );
+    local.X[ 3] = MBEDTLS_GET_UINT32_LE( data, 12 );
+    local.X[ 4] = MBEDTLS_GET_UINT32_LE( data, 16 );
+    local.X[ 5] = MBEDTLS_GET_UINT32_LE( data, 20 );
+    local.X[ 6] = MBEDTLS_GET_UINT32_LE( data, 24 );
+    local.X[ 7] = MBEDTLS_GET_UINT32_LE( data, 28 );
+    local.X[ 8] = MBEDTLS_GET_UINT32_LE( data, 32 );
+    local.X[ 9] = MBEDTLS_GET_UINT32_LE( data, 36 );
+    local.X[10] = MBEDTLS_GET_UINT32_LE( data, 40 );
+    local.X[11] = MBEDTLS_GET_UINT32_LE( data, 44 );
+    local.X[12] = MBEDTLS_GET_UINT32_LE( data, 48 );
+    local.X[13] = MBEDTLS_GET_UINT32_LE( data, 52 );
+    local.X[14] = MBEDTLS_GET_UINT32_LE( data, 56 );
+    local.X[15] = MBEDTLS_GET_UINT32_LE( data, 60 );
 
     local.A = local.Ap = ctx->state[0];
     local.B = local.Bp = ctx->state[1];
diff --git a/library/sha1.c b/library/sha1.c
index da61f65fca..6fc9371231 100644
--- a/library/sha1.c
+++ b/library/sha1.c
@@ -103,22 +103,22 @@ int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx,
     SHA1_VALIDATE_RET( ctx != NULL );
     SHA1_VALIDATE_RET( (const unsigned char *)data != NULL );
 
-    MBEDTLS_GET_UINT32_BE( local.W[ 0], data,  0 );
-    MBEDTLS_GET_UINT32_BE( local.W[ 1], data,  4 );
-    MBEDTLS_GET_UINT32_BE( local.W[ 2], data,  8 );
-    MBEDTLS_GET_UINT32_BE( local.W[ 3], data, 12 );
-    MBEDTLS_GET_UINT32_BE( local.W[ 4], data, 16 );
-    MBEDTLS_GET_UINT32_BE( local.W[ 5], data, 20 );
-    MBEDTLS_GET_UINT32_BE( local.W[ 6], data, 24 );
-    MBEDTLS_GET_UINT32_BE( local.W[ 7], data, 28 );
-    MBEDTLS_GET_UINT32_BE( local.W[ 8], data, 32 );
-    MBEDTLS_GET_UINT32_BE( local.W[ 9], data, 36 );
-    MBEDTLS_GET_UINT32_BE( local.W[10], data, 40 );
-    MBEDTLS_GET_UINT32_BE( local.W[11], data, 44 );
-    MBEDTLS_GET_UINT32_BE( local.W[12], data, 48 );
-    MBEDTLS_GET_UINT32_BE( local.W[13], data, 52 );
-    MBEDTLS_GET_UINT32_BE( local.W[14], data, 56 );
-    MBEDTLS_GET_UINT32_BE( local.W[15], data, 60 );
+    local.W[ 0] = MBEDTLS_GET_UINT32_BE( data,  0 );
+    local.W[ 1] = MBEDTLS_GET_UINT32_BE( data,  4 );
+    local.W[ 2] = MBEDTLS_GET_UINT32_BE( data,  8 );
+    local.W[ 3] = MBEDTLS_GET_UINT32_BE( data, 12 );
+    local.W[ 4] = MBEDTLS_GET_UINT32_BE( data, 16 );
+    local.W[ 5] = MBEDTLS_GET_UINT32_BE( data, 20 );
+    local.W[ 6] = MBEDTLS_GET_UINT32_BE( data, 24 );
+    local.W[ 7] = MBEDTLS_GET_UINT32_BE( data, 28 );
+    local.W[ 8] = MBEDTLS_GET_UINT32_BE( data, 32 );
+    local.W[ 9] = MBEDTLS_GET_UINT32_BE( data, 36 );
+    local.W[10] = MBEDTLS_GET_UINT32_BE( data, 40 );
+    local.W[11] = MBEDTLS_GET_UINT32_BE( data, 44 );
+    local.W[12] = MBEDTLS_GET_UINT32_BE( data, 48 );
+    local.W[13] = MBEDTLS_GET_UINT32_BE( data, 52 );
+    local.W[14] = MBEDTLS_GET_UINT32_BE( data, 56 );
+    local.W[15] = MBEDTLS_GET_UINT32_BE( data, 60 );
 
 #define S(x,n) (((x) << (n)) | (((x) & 0xFFFFFFFF) >> (32 - (n))))
 
diff --git a/library/sha256.c b/library/sha256.c
index fb66340b20..c3573f85fd 100644
--- a/library/sha256.c
+++ b/library/sha256.c
@@ -190,7 +190,7 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx,
     for( i = 0; i < 64; i++ )
     {
         if( i < 16 )
-            MBEDTLS_GET_UINT32_BE( local.W[i], data, 4 * i );
+            local.W[i] = MBEDTLS_GET_UINT32_BE( data, 4 * i );
         else
             R( i );
 
@@ -205,7 +205,7 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx,
     }
 #else /* MBEDTLS_SHA256_SMALLER */
     for( i = 0; i < 16; i++ )
-        MBEDTLS_GET_UINT32_BE( local.W[i], data, 4 * i );
+        local.W[i] = MBEDTLS_GET_UINT32_BE( data, 4 * i );
 
     for( i = 0; i < 16; i += 8 )
     {

From cd84d76e9b1a3b2c82d5975561aea493777abd51 Mon Sep 17 00:00:00 2001
From: Joe Subbiani <joe.subbiani@arm.com>
Date: Thu, 8 Jul 2021 14:59:52 +0100
Subject: [PATCH 315/966] Add Character byte reading macros

These cast to an unsigned char rather than a uint8_t
like with MBEDTLS_BYTE_x
These save alot of space and will improve maintence by
replacing the appropriate code with MBEDTLS_CHAR_x

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
---
 library/aes.c            | 196 +++++++++++++++++++--------------------
 library/aria.c           |  32 +++----
 library/asn1write.c      |  18 ++--
 library/camellia.c       |  16 ++--
 library/ccm.c            |   6 +-
 library/common.h         |   9 ++
 library/ecjpake.c        |  18 ++--
 library/ssl_cli.c        | 131 ++++++++++++--------------
 library/ssl_msg.c        |  12 +--
 library/ssl_srv.c        |  94 +++++++++----------
 library/ssl_tls.c        | 120 ++++++++++++------------
 library/ssl_tls13_keys.c |   6 +-
 12 files changed, 328 insertions(+), 330 deletions(-)

diff --git a/library/aes.c b/library/aes.c
index 7a44a78408..1eb3e204d8 100644
--- a/library/aes.c
+++ b/library/aes.c
@@ -386,7 +386,7 @@ static void aes_gen_tables( void )
     {
         pow[i] = x;
         log[x] = i;
-        x = ( x ^ XTIME( x ) ) & 0xFF;
+        x = MBEDTLS_BYTE_0( x ^ XTIME( x ) );
     }
 
     /*
@@ -395,7 +395,7 @@ static void aes_gen_tables( void )
     for( i = 0, x = 1; i < 10; i++ )
     {
         RCON[i] = (uint32_t) x;
-        x = XTIME( x ) & 0xFF;
+        x = MBEDTLS_BYTE_0( XTIME( x ) );
     }
 
     /*
@@ -408,10 +408,10 @@ static void aes_gen_tables( void )
     {
         x = pow[255 - log[i]];
 
-        y  = x; y = ( ( y << 1 ) | ( y >> 7 ) ) & 0xFF;
-        x ^= y; y = ( ( y << 1 ) | ( y >> 7 ) ) & 0xFF;
-        x ^= y; y = ( ( y << 1 ) | ( y >> 7 ) ) & 0xFF;
-        x ^= y; y = ( ( y << 1 ) | ( y >> 7 ) ) & 0xFF;
+        y  = x; y = MBEDTLS_BYTE_0( ( y << 1 ) | ( y >> 7 ) );
+        x ^= y; y = MBEDTLS_BYTE_0( ( y << 1 ) | ( y >> 7 ) );
+        x ^= y; y = MBEDTLS_BYTE_0( ( y << 1 ) | ( y >> 7 ) );
+        x ^= y; y = MBEDTLS_BYTE_0( ( y << 1 ) | ( y >> 7 ) );
         x ^= y ^ 0x63;
 
         FSb[i] = (unsigned char) x;
@@ -424,8 +424,8 @@ static void aes_gen_tables( void )
     for( i = 0; i < 256; i++ )
     {
         x = FSb[i];
-        y = XTIME( x ) & 0xFF;
-        z =  ( y ^ x ) & 0xFF;
+        y = MBEDTLS_BYTE_0( XTIME( x ) );
+        z = MBEDTLS_BYTE_0( y ^ x );
 
         FT0[i] = ( (uint32_t) y       ) ^
                  ( (uint32_t) x <<  8 ) ^
@@ -577,10 +577,10 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
             for( i = 0; i < 10; i++, RK += 4 )
             {
                 RK[4]  = RK[0] ^ RCON[i] ^
-                ( (uint32_t) FSb[ ( RK[3] >>  8 ) & 0xFF ]       ) ^
-                ( (uint32_t) FSb[ ( RK[3] >> 16 ) & 0xFF ] <<  8 ) ^
-                ( (uint32_t) FSb[ ( RK[3] >> 24 ) & 0xFF ] << 16 ) ^
-                ( (uint32_t) FSb[ ( RK[3]       ) & 0xFF ] << 24 );
+                ( (uint32_t) FSb[ MBEDTLS_BYTE_1( RK[3] ) ]       ) ^
+                ( (uint32_t) FSb[ MBEDTLS_BYTE_2( RK[3] ) ] <<  8 ) ^
+                ( (uint32_t) FSb[ MBEDTLS_BYTE_3( RK[3] ) ] << 16 ) ^
+                ( (uint32_t) FSb[ MBEDTLS_BYTE_0( RK[3] ) ] << 24 );
 
                 RK[5]  = RK[1] ^ RK[4];
                 RK[6]  = RK[2] ^ RK[5];
@@ -593,10 +593,10 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
             for( i = 0; i < 8; i++, RK += 6 )
             {
                 RK[6]  = RK[0] ^ RCON[i] ^
-                ( (uint32_t) FSb[ ( RK[5] >>  8 ) & 0xFF ]       ) ^
-                ( (uint32_t) FSb[ ( RK[5] >> 16 ) & 0xFF ] <<  8 ) ^
-                ( (uint32_t) FSb[ ( RK[5] >> 24 ) & 0xFF ] << 16 ) ^
-                ( (uint32_t) FSb[ ( RK[5]       ) & 0xFF ] << 24 );
+                ( (uint32_t) FSb[ MBEDTLS_BYTE_1( RK[5] ) ]       ) ^
+                ( (uint32_t) FSb[ MBEDTLS_BYTE_2( RK[5] ) ] <<  8 ) ^
+                ( (uint32_t) FSb[ MBEDTLS_BYTE_3( RK[5] ) ] << 16 ) ^
+                ( (uint32_t) FSb[ MBEDTLS_BYTE_0( RK[5] ) ] << 24 );
 
                 RK[7]  = RK[1] ^ RK[6];
                 RK[8]  = RK[2] ^ RK[7];
@@ -611,20 +611,20 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
             for( i = 0; i < 7; i++, RK += 8 )
             {
                 RK[8]  = RK[0] ^ RCON[i] ^
-                ( (uint32_t) FSb[ ( RK[7] >>  8 ) & 0xFF ]       ) ^
-                ( (uint32_t) FSb[ ( RK[7] >> 16 ) & 0xFF ] <<  8 ) ^
-                ( (uint32_t) FSb[ ( RK[7] >> 24 ) & 0xFF ] << 16 ) ^
-                ( (uint32_t) FSb[ ( RK[7]       ) & 0xFF ] << 24 );
+                ( (uint32_t) FSb[ MBEDTLS_BYTE_1( RK[7] ) ]       ) ^
+                ( (uint32_t) FSb[ MBEDTLS_BYTE_2( RK[7] ) ] <<  8 ) ^
+                ( (uint32_t) FSb[ MBEDTLS_BYTE_3( RK[7] ) ] << 16 ) ^
+                ( (uint32_t) FSb[ MBEDTLS_BYTE_0( RK[7] ) ] << 24 );
 
                 RK[9]  = RK[1] ^ RK[8];
                 RK[10] = RK[2] ^ RK[9];
                 RK[11] = RK[3] ^ RK[10];
 
                 RK[12] = RK[4] ^
-                ( (uint32_t) FSb[ ( RK[11]       ) & 0xFF ]       ) ^
-                ( (uint32_t) FSb[ ( RK[11] >>  8 ) & 0xFF ] <<  8 ) ^
-                ( (uint32_t) FSb[ ( RK[11] >> 16 ) & 0xFF ] << 16 ) ^
-                ( (uint32_t) FSb[ ( RK[11] >> 24 ) & 0xFF ] << 24 );
+                ( (uint32_t) FSb[ MBEDTLS_BYTE_0( RK[11] ) ]       ) ^
+                ( (uint32_t) FSb[ MBEDTLS_BYTE_1( RK[11] ) ] <<  8 ) ^
+                ( (uint32_t) FSb[ MBEDTLS_BYTE_2( RK[11] ) ] << 16 ) ^
+                ( (uint32_t) FSb[ MBEDTLS_BYTE_3( RK[11] ) ] << 24 );
 
                 RK[13] = RK[5] ^ RK[12];
                 RK[14] = RK[6] ^ RK[13];
@@ -690,10 +690,10 @@ int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key,
     {
         for( j = 0; j < 4; j++, SK++ )
         {
-            *RK++ = AES_RT0( FSb[ ( *SK       ) & 0xFF ] ) ^
-                    AES_RT1( FSb[ ( *SK >>  8 ) & 0xFF ] ) ^
-                    AES_RT2( FSb[ ( *SK >> 16 ) & 0xFF ] ) ^
-                    AES_RT3( FSb[ ( *SK >> 24 ) & 0xFF ] );
+            *RK++ = AES_RT0( FSb[ MBEDTLS_BYTE_0( *SK ) ] ) ^
+                    AES_RT1( FSb[ MBEDTLS_BYTE_1( *SK ) ] ) ^
+                    AES_RT2( FSb[ MBEDTLS_BYTE_2( *SK ) ] ) ^
+                    AES_RT3( FSb[ MBEDTLS_BYTE_3( *SK ) ] );
         }
     }
 
@@ -786,52 +786,52 @@ int mbedtls_aes_xts_setkey_dec( mbedtls_aes_xts_context *ctx,
 }
 #endif /* MBEDTLS_CIPHER_MODE_XTS */
 
-#define AES_FROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3)                     \
-    do                                                          \
-    {                                                           \
-        (X0) = *RK++ ^ AES_FT0( ( (Y0)       ) & 0xFF ) ^       \
-                       AES_FT1( ( (Y1) >>  8 ) & 0xFF ) ^       \
-                       AES_FT2( ( (Y2) >> 16 ) & 0xFF ) ^       \
-                       AES_FT3( ( (Y3) >> 24 ) & 0xFF );        \
-                                                                \
-        (X1) = *RK++ ^ AES_FT0( ( (Y1)       ) & 0xFF ) ^       \
-                       AES_FT1( ( (Y2) >>  8 ) & 0xFF ) ^       \
-                       AES_FT2( ( (Y3) >> 16 ) & 0xFF ) ^       \
-                       AES_FT3( ( (Y0) >> 24 ) & 0xFF );        \
-                                                                \
-        (X2) = *RK++ ^ AES_FT0( ( (Y2)       ) & 0xFF ) ^       \
-                       AES_FT1( ( (Y3) >>  8 ) & 0xFF ) ^       \
-                       AES_FT2( ( (Y0) >> 16 ) & 0xFF ) ^       \
-                       AES_FT3( ( (Y1) >> 24 ) & 0xFF );        \
-                                                                \
-        (X3) = *RK++ ^ AES_FT0( ( (Y3)       ) & 0xFF ) ^       \
-                       AES_FT1( ( (Y0) >>  8 ) & 0xFF ) ^       \
-                       AES_FT2( ( (Y1) >> 16 ) & 0xFF ) ^       \
-                       AES_FT3( ( (Y2) >> 24 ) & 0xFF );        \
+#define AES_FROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3)                 \
+    do                                                      \
+    {                                                       \
+        (X0) = *RK++ ^ AES_FT0( MBEDTLS_BYTE_0( Y0 ) ) ^    \
+                       AES_FT1( MBEDTLS_BYTE_1( Y1 ) ) ^    \
+                       AES_FT2( MBEDTLS_BYTE_2( Y2 ) ) ^    \
+                       AES_FT3( MBEDTLS_BYTE_3( Y3 ) );     \
+                                                            \
+        (X1) = *RK++ ^ AES_FT0( MBEDTLS_BYTE_0( Y1 ) ) ^    \
+                       AES_FT1( MBEDTLS_BYTE_1( Y2 ) ) ^    \
+                       AES_FT2( MBEDTLS_BYTE_2( Y3 ) ) ^    \
+                       AES_FT3( MBEDTLS_BYTE_3( Y0 ) );     \
+                                                            \
+        (X2) = *RK++ ^ AES_FT0( MBEDTLS_BYTE_0( Y2 ) ) ^    \
+                       AES_FT1( MBEDTLS_BYTE_1( Y3 ) ) ^    \
+                       AES_FT2( MBEDTLS_BYTE_2( Y0 ) ) ^    \
+                       AES_FT3( MBEDTLS_BYTE_3( Y1 ) );     \
+                                                            \
+        (X3) = *RK++ ^ AES_FT0( MBEDTLS_BYTE_0( Y3 ) ) ^    \
+                       AES_FT1( MBEDTLS_BYTE_1( Y0 ) ) ^    \
+                       AES_FT2( MBEDTLS_BYTE_2( Y1 ) ) ^    \
+                       AES_FT3( MBEDTLS_BYTE_3( Y2 ) );     \
     } while( 0 )
 
 #define AES_RROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3)                 \
     do                                                      \
     {                                                       \
-        (X0) = *RK++ ^ AES_RT0( ( (Y0)       ) & 0xFF ) ^   \
-                       AES_RT1( ( (Y3) >>  8 ) & 0xFF ) ^   \
-                       AES_RT2( ( (Y2) >> 16 ) & 0xFF ) ^   \
-                       AES_RT3( ( (Y1) >> 24 ) & 0xFF );    \
+        (X0) = *RK++ ^ AES_RT0( MBEDTLS_BYTE_0( Y0 ) ) ^    \
+                       AES_RT1( MBEDTLS_BYTE_1( Y3 ) ) ^    \
+                       AES_RT2( MBEDTLS_BYTE_2( Y2 ) ) ^    \
+                       AES_RT3( MBEDTLS_BYTE_3( Y1 ) );     \
                                                             \
-        (X1) = *RK++ ^ AES_RT0( ( (Y1)       ) & 0xFF ) ^   \
-                       AES_RT1( ( (Y0) >>  8 ) & 0xFF ) ^   \
-                       AES_RT2( ( (Y3) >> 16 ) & 0xFF ) ^   \
-                       AES_RT3( ( (Y2) >> 24 ) & 0xFF );    \
+        (X1) = *RK++ ^ AES_RT0( MBEDTLS_BYTE_0( Y1 ) ) ^    \
+                       AES_RT1( MBEDTLS_BYTE_1( Y0 ) ) ^    \
+                       AES_RT2( MBEDTLS_BYTE_2( Y3 ) ) ^    \
+                       AES_RT3( MBEDTLS_BYTE_3( Y2 ) );     \
                                                             \
-        (X2) = *RK++ ^ AES_RT0( ( (Y2)       ) & 0xFF ) ^   \
-                       AES_RT1( ( (Y1) >>  8 ) & 0xFF ) ^   \
-                       AES_RT2( ( (Y0) >> 16 ) & 0xFF ) ^   \
-                       AES_RT3( ( (Y3) >> 24 ) & 0xFF );    \
+        (X2) = *RK++ ^ AES_RT0( MBEDTLS_BYTE_0( Y2 ) ) ^    \
+                       AES_RT1( MBEDTLS_BYTE_1( Y1 ) ) ^    \
+                       AES_RT2( MBEDTLS_BYTE_2( Y0 ) ) ^    \
+                       AES_RT3( MBEDTLS_BYTE_3( Y3 ) );     \
                                                             \
-        (X3) = *RK++ ^ AES_RT0( ( (Y3)       ) & 0xFF ) ^   \
-                       AES_RT1( ( (Y2) >>  8 ) & 0xFF ) ^   \
-                       AES_RT2( ( (Y1) >> 16 ) & 0xFF ) ^   \
-                       AES_RT3( ( (Y0) >> 24 ) & 0xFF );    \
+        (X3) = *RK++ ^ AES_RT0( MBEDTLS_BYTE_0( Y3 ) ) ^    \
+                       AES_RT1( MBEDTLS_BYTE_1( Y2 ) ) ^    \
+                       AES_RT2( MBEDTLS_BYTE_2( Y1 ) ) ^    \
+                       AES_RT3( MBEDTLS_BYTE_3( Y0 ) );     \
     } while( 0 )
 
 /*
@@ -864,28 +864,28 @@ int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx,
     AES_FROUND( t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3] );
 
     t.X[0] = *RK++ ^ \
-            ( (uint32_t) FSb[ ( t.Y[0]       ) & 0xFF ]       ) ^
-            ( (uint32_t) FSb[ ( t.Y[1] >>  8 ) & 0xFF ] <<  8 ) ^
-            ( (uint32_t) FSb[ ( t.Y[2] >> 16 ) & 0xFF ] << 16 ) ^
-            ( (uint32_t) FSb[ ( t.Y[3] >> 24 ) & 0xFF ] << 24 );
+            ( (uint32_t) FSb[ MBEDTLS_BYTE_0( t.Y[0] ) ]       ) ^
+            ( (uint32_t) FSb[ MBEDTLS_BYTE_1( t.Y[1] ) ] <<  8 ) ^
+            ( (uint32_t) FSb[ MBEDTLS_BYTE_2( t.Y[2] ) ] << 16 ) ^
+            ( (uint32_t) FSb[ MBEDTLS_BYTE_3( t.Y[3] ) ] << 24 );
 
     t.X[1] = *RK++ ^ \
-            ( (uint32_t) FSb[ ( t.Y[1]       ) & 0xFF ]       ) ^
-            ( (uint32_t) FSb[ ( t.Y[2] >>  8 ) & 0xFF ] <<  8 ) ^
-            ( (uint32_t) FSb[ ( t.Y[3] >> 16 ) & 0xFF ] << 16 ) ^
-            ( (uint32_t) FSb[ ( t.Y[0] >> 24 ) & 0xFF ] << 24 );
+            ( (uint32_t) FSb[ MBEDTLS_BYTE_0( t.Y[1] ) ]       ) ^
+            ( (uint32_t) FSb[ MBEDTLS_BYTE_1( t.Y[2] ) ] <<  8 ) ^
+            ( (uint32_t) FSb[ MBEDTLS_BYTE_2( t.Y[3] ) ] << 16 ) ^
+            ( (uint32_t) FSb[ MBEDTLS_BYTE_3( t.Y[0] ) ] << 24 );
 
     t.X[2] = *RK++ ^ \
-            ( (uint32_t) FSb[ ( t.Y[2]       ) & 0xFF ]       ) ^
-            ( (uint32_t) FSb[ ( t.Y[3] >>  8 ) & 0xFF ] <<  8 ) ^
-            ( (uint32_t) FSb[ ( t.Y[0] >> 16 ) & 0xFF ] << 16 ) ^
-            ( (uint32_t) FSb[ ( t.Y[1] >> 24 ) & 0xFF ] << 24 );
+            ( (uint32_t) FSb[ MBEDTLS_BYTE_0( t.Y[2] ) ]       ) ^
+            ( (uint32_t) FSb[ MBEDTLS_BYTE_1( t.Y[3] ) ] <<  8 ) ^
+            ( (uint32_t) FSb[ MBEDTLS_BYTE_2( t.Y[0] ) ] << 16 ) ^
+            ( (uint32_t) FSb[ MBEDTLS_BYTE_3( t.Y[1] ) ] << 24 );
 
     t.X[3] = *RK++ ^ \
-            ( (uint32_t) FSb[ ( t.Y[3]       ) & 0xFF ]       ) ^
-            ( (uint32_t) FSb[ ( t.Y[0] >>  8 ) & 0xFF ] <<  8 ) ^
-            ( (uint32_t) FSb[ ( t.Y[1] >> 16 ) & 0xFF ] << 16 ) ^
-            ( (uint32_t) FSb[ ( t.Y[2] >> 24 ) & 0xFF ] << 24 );
+            ( (uint32_t) FSb[ MBEDTLS_BYTE_0( t.Y[3] ) ]       ) ^
+            ( (uint32_t) FSb[ MBEDTLS_BYTE_1( t.Y[0] ) ] <<  8 ) ^
+            ( (uint32_t) FSb[ MBEDTLS_BYTE_2( t.Y[1] ) ] << 16 ) ^
+            ( (uint32_t) FSb[ MBEDTLS_BYTE_3( t.Y[2] ) ] << 24 );
 
     MBEDTLS_PUT_UINT32_LE( t.X[0], output,  0 );
     MBEDTLS_PUT_UINT32_LE( t.X[1], output,  4 );
@@ -928,28 +928,28 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx,
     AES_RROUND( t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3] );
 
     t.X[0] = *RK++ ^ \
-            ( (uint32_t) RSb[ ( t.Y[0]       ) & 0xFF ]       ) ^
-            ( (uint32_t) RSb[ ( t.Y[3] >>  8 ) & 0xFF ] <<  8 ) ^
-            ( (uint32_t) RSb[ ( t.Y[2] >> 16 ) & 0xFF ] << 16 ) ^
-            ( (uint32_t) RSb[ ( t.Y[1] >> 24 ) & 0xFF ] << 24 );
+            ( (uint32_t) RSb[ MBEDTLS_BYTE_0( t.Y[0] ) ]       ) ^
+            ( (uint32_t) RSb[ MBEDTLS_BYTE_1( t.Y[3] ) ] <<  8 ) ^
+            ( (uint32_t) RSb[ MBEDTLS_BYTE_2( t.Y[2] ) ] << 16 ) ^
+            ( (uint32_t) RSb[ MBEDTLS_BYTE_3( t.Y[1] ) ] << 24 );
 
     t.X[1] = *RK++ ^ \
-            ( (uint32_t) RSb[ ( t.Y[1]       ) & 0xFF ]       ) ^
-            ( (uint32_t) RSb[ ( t.Y[0] >>  8 ) & 0xFF ] <<  8 ) ^
-            ( (uint32_t) RSb[ ( t.Y[3] >> 16 ) & 0xFF ] << 16 ) ^
-            ( (uint32_t) RSb[ ( t.Y[2] >> 24 ) & 0xFF ] << 24 );
+            ( (uint32_t) RSb[ MBEDTLS_BYTE_0( t.Y[1] ) ]       ) ^
+            ( (uint32_t) RSb[ MBEDTLS_BYTE_1( t.Y[0] ) ] <<  8 ) ^
+            ( (uint32_t) RSb[ MBEDTLS_BYTE_2( t.Y[3] ) ] << 16 ) ^
+            ( (uint32_t) RSb[ MBEDTLS_BYTE_3( t.Y[2] ) ] << 24 );
 
     t.X[2] = *RK++ ^ \
-            ( (uint32_t) RSb[ ( t.Y[2]       ) & 0xFF ]       ) ^
-            ( (uint32_t) RSb[ ( t.Y[1] >>  8 ) & 0xFF ] <<  8 ) ^
-            ( (uint32_t) RSb[ ( t.Y[0] >> 16 ) & 0xFF ] << 16 ) ^
-            ( (uint32_t) RSb[ ( t.Y[3] >> 24 ) & 0xFF ] << 24 );
+            ( (uint32_t) RSb[ MBEDTLS_BYTE_0( t.Y[2] ) ]       ) ^
+            ( (uint32_t) RSb[ MBEDTLS_BYTE_1( t.Y[1] ) ] <<  8 ) ^
+            ( (uint32_t) RSb[ MBEDTLS_BYTE_2( t.Y[0] ) ] << 16 ) ^
+            ( (uint32_t) RSb[ MBEDTLS_BYTE_3( t.Y[3] ) ] << 24 );
 
     t.X[3] = *RK++ ^ \
-            ( (uint32_t) RSb[ ( t.Y[3]       ) & 0xFF ]       ) ^
-            ( (uint32_t) RSb[ ( t.Y[2] >>  8 ) & 0xFF ] <<  8 ) ^
-            ( (uint32_t) RSb[ ( t.Y[1] >> 16 ) & 0xFF ] << 16 ) ^
-            ( (uint32_t) RSb[ ( t.Y[0] >> 24 ) & 0xFF ] << 24 );
+            ( (uint32_t) RSb[ MBEDTLS_BYTE_0( t.Y[3] ) ]       ) ^
+            ( (uint32_t) RSb[ MBEDTLS_BYTE_1( t.Y[2] ) ] <<  8 ) ^
+            ( (uint32_t) RSb[ MBEDTLS_BYTE_2( t.Y[1] ) ] << 16 ) ^
+            ( (uint32_t) RSb[ MBEDTLS_BYTE_3( t.Y[0] ) ] << 24 );
 
     MBEDTLS_PUT_UINT32_LE( t.X[0], output,  0 );
     MBEDTLS_PUT_UINT32_LE( t.X[1], output,  4 );
diff --git a/library/aria.c b/library/aria.c
index 320f7758ac..6bfdfbdce2 100644
--- a/library/aria.c
+++ b/library/aria.c
@@ -212,22 +212,22 @@ static inline void aria_sl( uint32_t *a, uint32_t *b,
                             const uint8_t sa[256], const uint8_t sb[256],
                             const uint8_t sc[256], const uint8_t sd[256] )
 {
-    *a = ( (uint32_t) sa[ *a        & 0xFF]       ) ^
-         (((uint32_t) sb[(*a >>  8) & 0xFF]) <<  8) ^
-         (((uint32_t) sc[(*a >> 16) & 0xFF]) << 16) ^
-         (((uint32_t) sd[ *a >> 24        ]) << 24);
-    *b = ( (uint32_t) sa[ *b        & 0xFF]       ) ^
-         (((uint32_t) sb[(*b >>  8) & 0xFF]) <<  8) ^
-         (((uint32_t) sc[(*b >> 16) & 0xFF]) << 16) ^
-         (((uint32_t) sd[ *b >> 24        ]) << 24);
-    *c = ( (uint32_t) sa[ *c        & 0xFF]       ) ^
-         (((uint32_t) sb[(*c >>  8) & 0xFF]) <<  8) ^
-         (((uint32_t) sc[(*c >> 16) & 0xFF]) << 16) ^
-         (((uint32_t) sd[ *c >> 24        ]) << 24);
-    *d = ( (uint32_t) sa[ *d        & 0xFF]       ) ^
-         (((uint32_t) sb[(*d >>  8) & 0xFF]) <<  8) ^
-         (((uint32_t) sc[(*d >> 16) & 0xFF]) << 16) ^
-         (((uint32_t) sd[ *d >> 24        ]) << 24);
+    *a = ( (uint32_t) sa[ MBEDTLS_BYTE_0( *a ) ]       ) ^
+         (((uint32_t) sb[ MBEDTLS_BYTE_1( *a ) ]) <<  8) ^
+         (((uint32_t) sc[ MBEDTLS_BYTE_2( *a ) ]) << 16) ^
+         (((uint32_t) sd[ *a >> 24             ]) << 24);
+    *b = ( (uint32_t) sa[ MBEDTLS_BYTE_0( *b ) ]       ) ^
+         (((uint32_t) sb[ MBEDTLS_BYTE_1( *b ) ]) <<  8) ^
+         (((uint32_t) sc[ MBEDTLS_BYTE_2( *b ) ]) << 16) ^
+         (((uint32_t) sd[ *b >> 24             ]) << 24);
+    *c = ( (uint32_t) sa[ MBEDTLS_BYTE_0( *c ) ]       ) ^
+         (((uint32_t) sb[ MBEDTLS_BYTE_1( *c ) ]) <<  8) ^
+         (((uint32_t) sc[ MBEDTLS_BYTE_2( *c ) ]) << 16) ^
+         (((uint32_t) sd[ *c >> 24             ]) << 24);
+    *d = ( (uint32_t) sa[ MBEDTLS_BYTE_0( *d ) ]       ) ^
+         (((uint32_t) sb[ MBEDTLS_BYTE_1( *d ) ]) <<  8) ^
+         (((uint32_t) sc[ MBEDTLS_BYTE_2( *d ) ]) << 16) ^
+         (((uint32_t) sd[ *d >> 24             ]) << 24);
 }
 
 /*
diff --git a/library/asn1write.c b/library/asn1write.c
index 0289e89491..8555767fe2 100644
--- a/library/asn1write.c
+++ b/library/asn1write.c
@@ -60,8 +60,8 @@ int mbedtls_asn1_write_len( unsigned char **p, const unsigned char *start, size_
         if( *p - start < 3 )
             return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
 
-        *--(*p) = ( len       ) & 0xFF;
-        *--(*p) = ( len >>  8 ) & 0xFF;
+        *--(*p) = MBEDTLS_CHAR_0( len );
+        *--(*p) = MBEDTLS_CHAR_1( len );
         *--(*p) = 0x82;
         return( 3 );
     }
@@ -71,9 +71,9 @@ int mbedtls_asn1_write_len( unsigned char **p, const unsigned char *start, size_
         if( *p - start < 4 )
             return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
 
-        *--(*p) = ( len       ) & 0xFF;
-        *--(*p) = ( len >>  8 ) & 0xFF;
-        *--(*p) = ( len >> 16 ) & 0xFF;
+        *--(*p) = MBEDTLS_CHAR_0( len );
+        *--(*p) = MBEDTLS_CHAR_1( len );
+        *--(*p) = MBEDTLS_CHAR_2( len );
         *--(*p) = 0x83;
         return( 4 );
     }
@@ -85,10 +85,10 @@ int mbedtls_asn1_write_len( unsigned char **p, const unsigned char *start, size_
         if( *p - start < 5 )
             return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
 
-        *--(*p) = ( len       ) & 0xFF;
-        *--(*p) = ( len >>  8 ) & 0xFF;
-        *--(*p) = ( len >> 16 ) & 0xFF;
-        *--(*p) = ( len >> 24 ) & 0xFF;
+        *--(*p) = MBEDTLS_CHAR_0( len );
+        *--(*p) = MBEDTLS_CHAR_1( len );
+        *--(*p) = MBEDTLS_CHAR_2( len );
+        *--(*p) = MBEDTLS_CHAR_3( len );
         *--(*p) = 0x84;
         return( 5 );
     }
diff --git a/library/camellia.c b/library/camellia.c
index 4d6b468e5d..29d730ab53 100644
--- a/library/camellia.c
+++ b/library/camellia.c
@@ -278,14 +278,14 @@ static void camellia_feistel( const uint32_t x[2], const uint32_t k[2],
     I0 = x[0] ^ k[0];
     I1 = x[1] ^ k[1];
 
-    I0 = ((uint32_t) SBOX1((I0 >> 24) & 0xFF) << 24) |
-         ((uint32_t) SBOX2((I0 >> 16) & 0xFF) << 16) |
-         ((uint32_t) SBOX3((I0 >>  8) & 0xFF) <<  8) |
-         ((uint32_t) SBOX4((I0      ) & 0xFF)      );
-    I1 = ((uint32_t) SBOX2((I1 >> 24) & 0xFF) << 24) |
-         ((uint32_t) SBOX3((I1 >> 16) & 0xFF) << 16) |
-         ((uint32_t) SBOX4((I1 >>  8) & 0xFF) <<  8) |
-         ((uint32_t) SBOX1((I1      ) & 0xFF)      );
+    I0 = ((uint32_t) SBOX1( MBEDTLS_BYTE_3( I0 )) << 24) |
+         ((uint32_t) SBOX2( MBEDTLS_BYTE_2( I0 )) << 16) |
+         ((uint32_t) SBOX3( MBEDTLS_BYTE_1( I0 )) <<  8) |
+         ((uint32_t) SBOX4( MBEDTLS_BYTE_0( I0 ))      );
+    I1 = ((uint32_t) SBOX2( MBEDTLS_BYTE_3( I1 )) << 24) |
+         ((uint32_t) SBOX3( MBEDTLS_BYTE_2( I1 )) << 16) |
+         ((uint32_t) SBOX4( MBEDTLS_BYTE_1( I1 )) <<  8) |
+         ((uint32_t) SBOX1( MBEDTLS_BYTE_0( I1 ))      );
 
     I0 ^= (I1 << 8) | (I1 >> 24);
     I1 ^= (I0 << 16) | (I0 >> 16);
diff --git a/library/ccm.c b/library/ccm.c
index 424ee77b69..95d90dc61a 100644
--- a/library/ccm.c
+++ b/library/ccm.c
@@ -200,7 +200,7 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length,
     memcpy( b + 1, iv, iv_len );
 
     for( i = 0, len_left = length; i < q; i++, len_left >>= 8 )
-        b[15-i] = (unsigned char)( len_left & 0xFF );
+        b[15-i] = MBEDTLS_CHAR_0( len_left );
 
     if( len_left > 0 )
         return( MBEDTLS_ERR_CCM_BAD_INPUT );
@@ -221,8 +221,8 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length,
         src = add;
 
         memset( b, 0, 16 );
-        b[0] = (unsigned char)( ( add_len >> 8 ) & 0xFF );
-        b[1] = (unsigned char)( ( add_len      ) & 0xFF );
+        b[0] = MBEDTLS_CHAR_1( add_len );
+        b[1] = MBEDTLS_CHAR_0( add_len );
 
         use_len = len_left < 16 - 2 ? len_left : 16 - 2;
         memcpy( b + 2, src, use_len );
diff --git a/library/common.h b/library/common.h
index 4ecc0162bf..56c3002653 100644
--- a/library/common.h
+++ b/library/common.h
@@ -77,6 +77,15 @@ extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const c
 #define MBEDTLS_BYTE_2( x ) ( (uint8_t) ( ( ( x ) >> 16 ) & 0xff ) )
 #define MBEDTLS_BYTE_3( x ) ( (uint8_t) ( ( ( x ) >> 24 ) & 0xff ) )
 
+#define MBEDTLS_CHAR_0( x ) ( (unsigned char) (   ( x )         & 0xff ) )
+#define MBEDTLS_CHAR_1( x ) ( (unsigned char) ( ( ( x ) >> 8  ) & 0xff ) )
+#define MBEDTLS_CHAR_2( x ) ( (unsigned char) ( ( ( x ) >> 16 ) & 0xff ) )
+#define MBEDTLS_CHAR_3( x ) ( (unsigned char) ( ( ( x ) >> 24 ) & 0xff ) )
+#define MBEDTLS_CHAR_4( x ) ( (unsigned char) ( ( ( x ) >> 32 ) & 0xff ) )
+#define MBEDTLS_CHAR_5( x ) ( (unsigned char) ( ( ( x ) >> 40 ) & 0xff ) )
+#define MBEDTLS_CHAR_6( x ) ( (unsigned char) ( ( ( x ) >> 48 ) & 0xff ) )
+#define MBEDTLS_CHAR_7( x ) ( (unsigned char) ( ( ( x ) >> 56 ) & 0xff ) )
+
 /**
  * 32-bit integer manipulation GET macros (big endian)
  *
diff --git a/library/ecjpake.c b/library/ecjpake.c
index d229311420..7305dfeee1 100644
--- a/library/ecjpake.c
+++ b/library/ecjpake.c
@@ -180,10 +180,10 @@ static int ecjpake_write_len_point( unsigned char **p,
     if( ret != 0 )
         return( ret );
 
-    (*p)[0] = (unsigned char)( ( len >> 24 ) & 0xFF );
-    (*p)[1] = (unsigned char)( ( len >> 16 ) & 0xFF );
-    (*p)[2] = (unsigned char)( ( len >>  8 ) & 0xFF );
-    (*p)[3] = (unsigned char)( ( len       ) & 0xFF );
+    (*p)[0] = MBEDTLS_CHAR_3( len );
+    (*p)[1] = MBEDTLS_CHAR_2( len );
+    (*p)[2] = MBEDTLS_CHAR_1( len );
+    (*p)[3] = MBEDTLS_CHAR_0( len );
 
     *p += 4 + len;
 
@@ -223,10 +223,10 @@ static int ecjpake_hash( const mbedtls_md_info_t *md_info,
     if( end - p < 4 )
         return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
 
-    *p++ = (unsigned char)( ( id_len >> 24 ) & 0xFF );
-    *p++ = (unsigned char)( ( id_len >> 16 ) & 0xFF );
-    *p++ = (unsigned char)( ( id_len >>  8 ) & 0xFF );
-    *p++ = (unsigned char)( ( id_len       ) & 0xFF );
+    *p++ = MBEDTLS_CHAR_3( id_len );
+    *p++ = MBEDTLS_CHAR_2( id_len );
+    *p++ = MBEDTLS_CHAR_1( id_len );
+    *p++ = MBEDTLS_CHAR_0( id_len );
 
     if( end < p || (size_t)( end - p ) < id_len )
         return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
@@ -366,7 +366,7 @@ static int ecjpake_zkp_write( const mbedtls_md_info_t *md_info,
         goto cleanup;
     }
 
-    *(*p)++ = (unsigned char)( len & 0xFF );
+    *(*p)++ = MBEDTLS_CHAR_0( len );
     MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &h, *p, len ) ); /* r */
     *p += len;
 
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 59c5460429..7d65479efb 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -136,18 +136,18 @@ static int ssl_write_hostname_ext( mbedtls_ssl_context *ssl,
      * } ServerNameList;
      *
      */
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SERVERNAME >> 8 ) & 0xFF );
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SERVERNAME      ) & 0xFF );
+    *p++ = MBEDTLS_CHAR_1( MBEDTLS_TLS_EXT_SERVERNAME );
+    *p++ = MBEDTLS_CHAR_0( MBEDTLS_TLS_EXT_SERVERNAME );
 
-    *p++ = (unsigned char)( ( (hostname_len + 5) >> 8 ) & 0xFF );
-    *p++ = (unsigned char)( ( (hostname_len + 5)      ) & 0xFF );
+    *p++ = MBEDTLS_CHAR_1( hostname_len + 5);
+    *p++ = MBEDTLS_CHAR_0( hostname_len + 5);
 
-    *p++ = (unsigned char)( ( (hostname_len + 3) >> 8 ) & 0xFF );
-    *p++ = (unsigned char)( ( (hostname_len + 3)      ) & 0xFF );
+    *p++ = MBEDTLS_CHAR_1( hostname_len + 3 );
+    *p++ = MBEDTLS_CHAR_0( hostname_len + 3 );
 
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME ) & 0xFF );
-    *p++ = (unsigned char)( ( hostname_len >> 8 ) & 0xFF );
-    *p++ = (unsigned char)( ( hostname_len      ) & 0xFF );
+    *p++ = MBEDTLS_CHAR_0( MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME );
+    *p++ = MBEDTLS_CHAR_1( hostname_len );
+    *p++ = MBEDTLS_CHAR_0( hostname_len );
 
     memcpy( p, ssl->hostname, hostname_len );
 
@@ -181,14 +181,12 @@ static int ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl,
     /*
      * Secure renegotiation
      */
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO >> 8 )
-                            & 0xFF );
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO      )
-                            & 0xFF );
+    *p++ = MBEDTLS_CHAR_1( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO );
+    *p++ = MBEDTLS_CHAR_0( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO );
 
     *p++ = 0x00;
-    *p++ = ( ssl->verify_data_len + 1 ) & 0xFF;
-    *p++ = ssl->verify_data_len & 0xFF;
+    *p++ = MBEDTLS_CHAR_0( ssl->verify_data_len + 1 );
+    *p++ = MBEDTLS_CHAR_0( ssl->verify_data_len );
 
     memcpy( p, ssl->own_verify_data, ssl->verify_data_len );
 
@@ -283,14 +281,14 @@ static int ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl,
      * SignatureAndHashAlgorithm
      *   supported_signature_algorithms<2..2^16-2>;
      */
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SIG_ALG >> 8 ) & 0xFF );
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SIG_ALG      ) & 0xFF );
+    *p++ = MBEDTLS_CHAR_1( MBEDTLS_TLS_EXT_SIG_ALG );
+    *p++ = MBEDTLS_CHAR_0( MBEDTLS_TLS_EXT_SIG_ALG );
 
-    *p++ = (unsigned char)( ( ( sig_alg_len + 2 ) >> 8 ) & 0xFF );
-    *p++ = (unsigned char)( ( ( sig_alg_len + 2 )      ) & 0xFF );
+    *p++ = MBEDTLS_CHAR_1( sig_alg_len + 2 );
+    *p++ = MBEDTLS_CHAR_0( sig_alg_len + 2 );
 
-    *p++ = (unsigned char)( ( sig_alg_len >> 8 ) & 0xFF );
-    *p++ = (unsigned char)( ( sig_alg_len      ) & 0xFF );
+    *p++ = MBEDTLS_CHAR_1( sig_alg_len );
+    *p++ = MBEDTLS_CHAR_0( sig_alg_len );
 
     *olen = 6 + sig_alg_len;
 
@@ -358,16 +356,14 @@ static int ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl,
         elliptic_curve_list[elliptic_curve_len++] = info->tls_id & 0xFF;
     }
 
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES >> 8 )
-                            & 0xFF );
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES      )
-                            & 0xFF );
+    *p++ = MBEDTLS_CHAR_1( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES );
+    *p++ = MBEDTLS_CHAR_0( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES );
 
-    *p++ = (unsigned char)( ( ( elliptic_curve_len + 2 ) >> 8 ) & 0xFF );
-    *p++ = (unsigned char)( ( ( elliptic_curve_len + 2 )      ) & 0xFF );
+    *p++ = MBEDTLS_CHAR_1( elliptic_curve_len + 2 );
+    *p++ = MBEDTLS_CHAR_0( elliptic_curve_len + 2 );
 
-    *p++ = (unsigned char)( ( ( elliptic_curve_len     ) >> 8 ) & 0xFF );
-    *p++ = (unsigned char)( ( ( elliptic_curve_len     )      ) & 0xFF );
+    *p++ = MBEDTLS_CHAR_1( elliptic_curve_len     );
+    *p++ = MBEDTLS_CHAR_0( elliptic_curve_len     );
 
     *olen = 6 + elliptic_curve_len;
 
@@ -388,10 +384,8 @@ static int ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl,
         ( "client hello, adding supported_point_formats extension" ) );
     MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 );
 
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS >> 8 )
-                            & 0xFF );
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS      )
-                            & 0xFF );
+    *p++ = MBEDTLS_CHAR_1( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS );
+    *p++ = MBEDTLS_CHAR_0( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS );
 
     *p++ = 0x00;
     *p++ = 2;
@@ -427,8 +421,8 @@ static int ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl,
 
     MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 );
 
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ECJPAKE_KKPP >> 8 ) & 0xFF );
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ECJPAKE_KKPP      ) & 0xFF );
+    *p++ = MBEDTLS_CHAR_1( MBEDTLS_TLS_EXT_ECJPAKE_KKPP );
+    *p++ = MBEDTLS_CHAR_0( MBEDTLS_TLS_EXT_ECJPAKE_KKPP );
 
     /*
      * We may need to send ClientHello multiple times for Hello verification.
@@ -470,8 +464,8 @@ static int ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl,
         memcpy( p + 2, ssl->handshake->ecjpake_cache, kkpp_len );
     }
 
-    *p++ = (unsigned char)( ( kkpp_len >> 8 ) & 0xFF );
-    *p++ = (unsigned char)( ( kkpp_len      ) & 0xFF );
+    *p++ = MBEDTLS_CHAR_1( kkpp_len );
+    *p++ = MBEDTLS_CHAR_0( kkpp_len );
 
     *olen = kkpp_len + 4;
 
@@ -510,11 +504,11 @@ static int ssl_write_cid_ext( mbedtls_ssl_context *ssl,
     MBEDTLS_SSL_CHK_BUF_PTR( p, end, (unsigned)( ssl->own_cid_len + 5 ) );
 
     /* Add extension ID + size */
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_CID >> 8 ) & 0xFF );
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_CID      ) & 0xFF );
+    *p++ = MBEDTLS_CHAR_1( MBEDTLS_TLS_EXT_CID );
+    *p++ = MBEDTLS_CHAR_0( MBEDTLS_TLS_EXT_CID );
     ext_len = (size_t) ssl->own_cid_len + 1;
-    *p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF );
-    *p++ = (unsigned char)( ( ext_len      ) & 0xFF );
+    *p++ = MBEDTLS_CHAR_1( ext_len );
+    *p++ = MBEDTLS_CHAR_0( ext_len );
 
     *p++ = (uint8_t) ssl->own_cid_len;
     memcpy( p, ssl->own_cid, ssl->own_cid_len );
@@ -543,10 +537,8 @@ static int ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl,
 
     MBEDTLS_SSL_CHK_BUF_PTR( p, end, 5 );
 
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH >> 8 )
-                            & 0xFF );
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH      )
-                            & 0xFF );
+    *p++ = MBEDTLS_CHAR_1( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH );
+    *p++ = MBEDTLS_CHAR_0( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH );
 
     *p++ = 0x00;
     *p++ = 1;
@@ -577,8 +569,8 @@ static int ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl,
 
     MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 );
 
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC >> 8 ) & 0xFF );
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC      ) & 0xFF );
+    *p++ = MBEDTLS_CHAR_1( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC );
+    *p++ = MBEDTLS_CHAR_0( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC );
 
     *p++ = 0x00;
     *p++ = 0x00;
@@ -607,10 +599,8 @@ static int ssl_write_extended_ms_ext( mbedtls_ssl_context *ssl,
 
     MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 );
 
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET >> 8 )
-                            & 0xFF );
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET      )
-                            & 0xFF );
+    *p++ = MBEDTLS_CHAR_1( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET );
+    *p++ = MBEDTLS_CHAR_0( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET );
 
     *p++ = 0x00;
     *p++ = 0x00;
@@ -641,11 +631,11 @@ static int ssl_write_session_ticket_ext( mbedtls_ssl_context *ssl,
     /* The addition is safe here since the ticket length is 16 bit. */
     MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 + tlen );
 
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SESSION_TICKET >> 8 ) & 0xFF );
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SESSION_TICKET      ) & 0xFF );
+    *p++ = MBEDTLS_CHAR_1( MBEDTLS_TLS_EXT_SESSION_TICKET );
+    *p++ = MBEDTLS_CHAR_0( MBEDTLS_TLS_EXT_SESSION_TICKET );
 
-    *p++ = (unsigned char)( ( tlen >> 8 ) & 0xFF );
-    *p++ = (unsigned char)( ( tlen      ) & 0xFF );
+    *p++ = MBEDTLS_CHAR_1( tlen );
+    *p++ = MBEDTLS_CHAR_0( tlen );
 
     *olen = 4;
 
@@ -685,8 +675,8 @@ static int ssl_write_alpn_ext( mbedtls_ssl_context *ssl,
 
     MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 + alpnlen );
 
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ALPN >> 8 ) & 0xFF );
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ALPN      ) & 0xFF );
+    *p++ = MBEDTLS_CHAR_1( MBEDTLS_TLS_EXT_ALPN );
+    *p++ = MBEDTLS_CHAR_0( MBEDTLS_TLS_EXT_ALPN );
 
     /*
      * opaque ProtocolName<1..2^8-1>;
@@ -713,12 +703,12 @@ static int ssl_write_alpn_ext( mbedtls_ssl_context *ssl,
     *olen = p - buf;
 
     /* List length = olen - 2 (ext_type) - 2 (ext_len) - 2 (list_len) */
-    buf[4] = (unsigned char)( ( ( *olen - 6 ) >> 8 ) & 0xFF );
-    buf[5] = (unsigned char)( ( ( *olen - 6 )      ) & 0xFF );
+    buf[4] = MBEDTLS_CHAR_1( *olen - 6 );
+    buf[5] = MBEDTLS_CHAR_0( *olen - 6 );
 
     /* Extension length = olen - 2 (ext_type) - 2 (ext_len) */
-    buf[2] = (unsigned char)( ( ( *olen - 4 ) >> 8 ) & 0xFF );
-    buf[3] = (unsigned char)( ( ( *olen - 4 )      ) & 0xFF );
+    buf[2] = MBEDTLS_CHAR_1( *olen - 4 );
+    buf[3] = MBEDTLS_CHAR_0( *olen - 4 );
 
     return( 0 );
 }
@@ -770,12 +760,12 @@ static int ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl,
      */
     MBEDTLS_SSL_CHK_BUF_PTR( p, end, ext_len + 4 );
 
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_USE_SRTP >> 8 ) & 0xFF );
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_USE_SRTP      ) & 0xFF );
+    *p++ = MBEDTLS_CHAR_1( MBEDTLS_TLS_EXT_USE_SRTP );
+    *p++ = MBEDTLS_CHAR_0( MBEDTLS_TLS_EXT_USE_SRTP );
 
 
-    *p++ = (unsigned char)( ( ( ext_len & 0xFF00 ) >> 8 ) & 0xFF );
-    *p++ = (unsigned char)( ext_len & 0xFF );
+    *p++ = MBEDTLS_CHAR_1( ext_len & 0xFF00 );
+    *p++ = MBEDTLS_CHAR_0( ext_len );
 
     /* protection profile length: 2*(ssl->conf->dtls_srtp_profile_list_len) */
     /* micro-optimization:
@@ -786,8 +776,7 @@ static int ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl,
      *                        >> 8 ) & 0xFF );
      */
     *p++ = 0;
-    *p++ = (unsigned char)( ( 2 * ssl->conf->dtls_srtp_profile_list_len )
-                            & 0xFF );
+    *p++ = MBEDTLS_CHAR_0( 2 * ssl->conf->dtls_srtp_profile_list_len );
 
     for( protection_profiles_index=0;
          protection_profiles_index < ssl->conf->dtls_srtp_profile_list_len;
@@ -799,8 +788,8 @@ static int ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl,
         {
             MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_write_use_srtp_ext, add profile: %04x",
                                         profile_value ) );
-            *p++ = ( ( profile_value >> 8 ) & 0xFF );
-            *p++ = ( profile_value & 0xFF );
+            *p++ = MBEDTLS_BYTE_1( profile_value );
+            *p++ = MBEDTLS_BYTE_0( profile_value );
         }
         else
         {
@@ -1334,8 +1323,8 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
     {
         /* No need to check for space here, because the extension
          * writing functions already took care of that. */
-        *p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF );
-        *p++ = (unsigned char)( ( ext_len      ) & 0xFF );
+        *p++ = MBEDTLS_CHAR_1( ext_len );
+        *p++ = MBEDTLS_CHAR_0( ext_len );
         p += ext_len;
     }
 
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 77904e0a1b..e0c50bcce1 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -454,15 +454,15 @@ static void ssl_extract_add_data_from_record( unsigned char* add_data,
         *cur = rec->cid_len;
         cur++;
 
-        cur[0] = ( ad_len_field >> 8 ) & 0xFF;
-        cur[1] = ( ad_len_field >> 0 ) & 0xFF;
+        cur[0] = MBEDTLS_CHAR_1( ad_len_field );
+        cur[1] = MBEDTLS_CHAR_0( ad_len_field );
         cur += 2;
     }
     else
 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
     {
-        cur[0] = ( ad_len_field >> 8 ) & 0xFF;
-        cur[1] = ( ad_len_field >> 0 ) & 0xFF;
+        cur[0] = MBEDTLS_CHAR_1( ad_len_field );
+        cur[1] = MBEDTLS_CHAR_0( ad_len_field );
         cur += 2;
     }
 
@@ -2481,8 +2481,8 @@ int mbedtls_ssl_write_handshake_msg_ext( mbedtls_ssl_context *ssl,
             /* Write message_seq and update it, except for HelloRequest */
             if( hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST )
             {
-                ssl->out_msg[4] = ( ssl->handshake->out_msg_seq >> 8 ) & 0xFF;
-                ssl->out_msg[5] = ( ssl->handshake->out_msg_seq      ) & 0xFF;
+                ssl->out_msg[4] = MBEDTLS_CHAR_1( ssl->handshake->out_msg_seq );
+                ssl->out_msg[5] = MBEDTLS_CHAR_0( ssl->handshake->out_msg_seq );
                 ++( ssl->handshake->out_msg_seq );
             }
             else
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 3d6739342d..253ab56959 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -1848,8 +1848,8 @@ read_record_header:
         for( j = 0, p = buf + ciph_offset + 2; j < ciph_len; j += 2, p += 2 )
             for( i = 0; ciphersuites[i] != 0; i++ )
             {
-                if( p[0] != ( ( ciphersuites[i] >> 8 ) & 0xFF ) ||
-                    p[1] != ( ( ciphersuites[i]      ) & 0xFF ) )
+                if( p[0] != MBEDTLS_BYTE_1( ciphersuites[i] ) ||
+                    p[1] != MBEDTLS_BYTE_0( ciphersuites[i] ))
                     continue;
 
                 got_common_suite = 1;
@@ -1865,8 +1865,8 @@ read_record_header:
         for( i = 0; ciphersuites[i] != 0; i++ )
             for( j = 0, p = buf + ciph_offset + 2; j < ciph_len; j += 2, p += 2 )
             {
-                if( p[0] != ( ( ciphersuites[i] >> 8 ) & 0xFF ) ||
-                    p[1] != ( ( ciphersuites[i]      ) & 0xFF ) )
+                if( p[0] != MBEDTLS_BYTE_1( ciphersuites[i] ) ||
+                    p[1] != MBEDTLS_BYTE_0( ciphersuites[i] ))
                     continue;
 
                 got_common_suite = 1;
@@ -1971,11 +1971,11 @@ static void ssl_write_cid_ext( mbedtls_ssl_context *ssl,
      *   } ConnectionId;
     */
 
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_CID >> 8 ) & 0xFF );
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_CID      ) & 0xFF );
+    *p++ = MBEDTLS_CHAR_1( MBEDTLS_TLS_EXT_CID );
+    *p++ = MBEDTLS_CHAR_0( MBEDTLS_TLS_EXT_CID );
     ext_len = (size_t) ssl->own_cid_len + 1;
-    *p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF );
-    *p++ = (unsigned char)( ( ext_len      ) & 0xFF );
+    *p++ = MBEDTLS_CHAR_1( ext_len );
+    *p++ = MBEDTLS_CHAR_0( ext_len );
 
     *p++ = (uint8_t) ssl->own_cid_len;
     memcpy( p, ssl->own_cid, ssl->own_cid_len );
@@ -2016,8 +2016,8 @@ static void ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl,
 
     MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding encrypt then mac extension" ) );
 
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC >> 8 ) & 0xFF );
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC      ) & 0xFF );
+    *p++ = MBEDTLS_CHAR_1( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC );
+    *p++ = MBEDTLS_CHAR_0( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC );
 
     *p++ = 0x00;
     *p++ = 0x00;
@@ -2042,8 +2042,8 @@ static void ssl_write_extended_ms_ext( mbedtls_ssl_context *ssl,
     MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding extended master secret "
                         "extension" ) );
 
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET >> 8 ) & 0xFF );
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET      ) & 0xFF );
+    *p++ = MBEDTLS_CHAR_1( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET );
+    *p++ = MBEDTLS_CHAR_0( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET );
 
     *p++ = 0x00;
     *p++ = 0x00;
@@ -2067,8 +2067,8 @@ static void ssl_write_session_ticket_ext( mbedtls_ssl_context *ssl,
 
     MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding session ticket extension" ) );
 
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SESSION_TICKET >> 8 ) & 0xFF );
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SESSION_TICKET      ) & 0xFF );
+    *p++ = MBEDTLS_CHAR_1( MBEDTLS_TLS_EXT_SESSION_TICKET );
+    *p++ = MBEDTLS_CHAR_0( MBEDTLS_TLS_EXT_SESSION_TICKET );
 
     *p++ = 0x00;
     *p++ = 0x00;
@@ -2091,8 +2091,8 @@ static void ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl,
 
     MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, secure renegotiation extension" ) );
 
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO >> 8 ) & 0xFF );
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO      ) & 0xFF );
+    *p++ = MBEDTLS_CHAR_1( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO );
+    *p++ = MBEDTLS_CHAR_0( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO );
 
 #if defined(MBEDTLS_SSL_RENEGOTIATION)
     if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE )
@@ -2132,8 +2132,8 @@ static void ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl,
 
     MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, max_fragment_length extension" ) );
 
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH >> 8 ) & 0xFF );
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH      ) & 0xFF );
+    *p++ = MBEDTLS_CHAR_1( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH );
+    *p++ = MBEDTLS_CHAR_0( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH );
 
     *p++ = 0x00;
     *p++ = 1;
@@ -2162,8 +2162,8 @@ static void ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl,
 
     MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, supported_point_formats extension" ) );
 
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS >> 8 ) & 0xFF );
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS      ) & 0xFF );
+    *p++ = MBEDTLS_CHAR_1( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS );
+    *p++ = MBEDTLS_CHAR_0( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS );
 
     *p++ = 0x00;
     *p++ = 2;
@@ -2200,8 +2200,8 @@ static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl,
         return;
     }
 
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ECJPAKE_KKPP >> 8 ) & 0xFF );
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ECJPAKE_KKPP      ) & 0xFF );
+    *p++ = MBEDTLS_CHAR_1( MBEDTLS_TLS_EXT_ECJPAKE_KKPP );
+    *p++ = MBEDTLS_CHAR_0( MBEDTLS_TLS_EXT_ECJPAKE_KKPP );
 
     ret = mbedtls_ecjpake_write_round_one( &ssl->handshake->ecjpake_ctx,
                                         p + 2, end - p - 2, &kkpp_len,
@@ -2212,8 +2212,8 @@ static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl,
         return;
     }
 
-    *p++ = (unsigned char)( ( kkpp_len >> 8 ) & 0xFF );
-    *p++ = (unsigned char)( ( kkpp_len      ) & 0xFF );
+    *p++ = MBEDTLS_CHAR_1( kkpp_len );
+    *p++ = MBEDTLS_CHAR_0( kkpp_len );
 
     *olen = kkpp_len + 4;
 }
@@ -2238,18 +2238,18 @@ static void ssl_write_alpn_ext( mbedtls_ssl_context *ssl,
      * 6 . 6    protocol name length
      * 7 . 7+n  protocol name
      */
-    buf[0] = (unsigned char)( ( MBEDTLS_TLS_EXT_ALPN >> 8 ) & 0xFF );
-    buf[1] = (unsigned char)( ( MBEDTLS_TLS_EXT_ALPN      ) & 0xFF );
+    buf[0] = MBEDTLS_CHAR_1( MBEDTLS_TLS_EXT_ALPN );
+    buf[1] = MBEDTLS_CHAR_0( MBEDTLS_TLS_EXT_ALPN );
 
     *olen = 7 + strlen( ssl->alpn_chosen );
 
-    buf[2] = (unsigned char)( ( ( *olen - 4 ) >> 8 ) & 0xFF );
-    buf[3] = (unsigned char)( ( ( *olen - 4 )      ) & 0xFF );
+    buf[2] = MBEDTLS_CHAR_1( *olen - 4 );
+    buf[3] = MBEDTLS_CHAR_0( *olen - 4 );
 
-    buf[4] = (unsigned char)( ( ( *olen - 6 ) >> 8 ) & 0xFF );
-    buf[5] = (unsigned char)( ( ( *olen - 6 )      ) & 0xFF );
+    buf[4] = MBEDTLS_CHAR_1( *olen - 6 );
+    buf[5] = MBEDTLS_CHAR_0( *olen - 6 );
 
-    buf[6] = (unsigned char)( ( ( *olen - 7 )      ) & 0xFF );
+    buf[6] = MBEDTLS_CHAR_0( *olen - 7 );
 
     memcpy( buf + 7, ssl->alpn_chosen, *olen - 7 );
 }
@@ -2294,15 +2294,15 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl,
     }
 
     /* extension */
-    buf[0] = (unsigned char)( ( MBEDTLS_TLS_EXT_USE_SRTP >> 8 ) & 0xFF );
-    buf[1] = (unsigned char)( ( MBEDTLS_TLS_EXT_USE_SRTP      ) & 0xFF );
+    buf[0] = MBEDTLS_CHAR_1( MBEDTLS_TLS_EXT_USE_SRTP );
+    buf[1] = MBEDTLS_CHAR_0( MBEDTLS_TLS_EXT_USE_SRTP );
     /*
      * total length 5 and mki value: only one profile(2 bytes)
      *              and length(2 bytes) and srtp_mki  )
      */
     ext_len = 5 + mki_len;
-    buf[2] = (unsigned char)( ( ext_len >> 8 ) & 0xFF );
-    buf[3] = (unsigned char)( ext_len & 0xFF );
+    buf[2] = MBEDTLS_CHAR_1( ext_len );
+    buf[3] = MBEDTLS_CHAR_0( ext_len );
 
     /* protection profile length: 2 */
     buf[4] = 0x00;
@@ -2311,8 +2311,8 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl,
                                 ssl->dtls_srtp_info.chosen_dtls_srtp_profile );
     if( profile_value != MBEDTLS_TLS_SRTP_UNSET )
     {
-        buf[6] = (unsigned char)( ( profile_value >> 8 ) & 0xFF );
-        buf[7] = (unsigned char)( profile_value & 0xFF );
+        buf[6] = MBEDTLS_CHAR_1( profile_value );
+        buf[7] = MBEDTLS_CHAR_0( profile_value );
     }
     else
     {
@@ -2648,8 +2648,8 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
 
     if( ext_len > 0 )
     {
-        *p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF );
-        *p++ = (unsigned char)( ( ext_len      ) & 0xFF );
+        *p++ = MBEDTLS_CHAR_1( ext_len );
+        *p++ = MBEDTLS_CHAR_0( ext_len );
         p += ext_len;
     }
 
@@ -3478,8 +3478,8 @@ static int ssl_decrypt_encrypted_pms( mbedtls_ssl_context *ssl,
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
         return( MBEDTLS_ERR_SSL_DECODE_ERROR );
     }
-    if( *p++ != ( ( len >> 8 ) & 0xFF ) ||
-        *p++ != ( ( len      ) & 0xFF ) )
+    if( *p++ != MBEDTLS_CHAR_1( len ) ||
+        *p++ != MBEDTLS_CHAR_0( len ) )
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
         return( MBEDTLS_ERR_SSL_DECODE_ERROR );
@@ -4223,13 +4223,13 @@ static int ssl_write_new_session_ticket( mbedtls_ssl_context *ssl )
         tlen = 0;
     }
 
-    ssl->out_msg[4] = ( lifetime >> 24 ) & 0xFF;
-    ssl->out_msg[5] = ( lifetime >> 16 ) & 0xFF;
-    ssl->out_msg[6] = ( lifetime >>  8 ) & 0xFF;
-    ssl->out_msg[7] = ( lifetime       ) & 0xFF;
+    ssl->out_msg[4] = MBEDTLS_CHAR_3( lifetime );
+    ssl->out_msg[5] = MBEDTLS_CHAR_2( lifetime );
+    ssl->out_msg[6] = MBEDTLS_CHAR_1( lifetime );
+    ssl->out_msg[7] = MBEDTLS_CHAR_0( lifetime );
 
-    ssl->out_msg[8] = (unsigned char)( ( tlen >> 8 ) & 0xFF );
-    ssl->out_msg[9] = (unsigned char)( ( tlen      ) & 0xFF );
+    ssl->out_msg[8] = MBEDTLS_CHAR_1( tlen );
+    ssl->out_msg[9] = MBEDTLS_CHAR_0( tlen );
 
     ssl->out_msglen = 10 + tlen;
 
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index f8cad4aeca..0655dc57eb 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -4582,8 +4582,8 @@ static unsigned char ssl_serialized_session_header[] = {
     MBEDTLS_VERSION_MAJOR,
     MBEDTLS_VERSION_MINOR,
     MBEDTLS_VERSION_PATCH,
-    ( SSL_SERIALIZED_SESSION_CONFIG_BITFLAG >> 8 ) & 0xFF,
-    ( SSL_SERIALIZED_SESSION_CONFIG_BITFLAG >> 0 ) & 0xFF,
+    MBEDTLS_CHAR_1( SSL_SERIALIZED_SESSION_CONFIG_BITFLAG ),
+    MBEDTLS_CHAR_0( SSL_SERIALIZED_SESSION_CONFIG_BITFLAG ),
 };
 
 /*
@@ -4664,14 +4664,14 @@ static size_t ssl_session_save_tls12( const mbedtls_ssl_session *session,
     {
         start = (uint64_t) session->start;
 
-        *p++ = (unsigned char)( ( start >> 56 ) & 0xFF );
-        *p++ = (unsigned char)( ( start >> 48 ) & 0xFF );
-        *p++ = (unsigned char)( ( start >> 40 ) & 0xFF );
-        *p++ = (unsigned char)( ( start >> 32 ) & 0xFF );
-        *p++ = (unsigned char)( ( start >> 24 ) & 0xFF );
-        *p++ = (unsigned char)( ( start >> 16 ) & 0xFF );
-        *p++ = (unsigned char)( ( start >>  8 ) & 0xFF );
-        *p++ = (unsigned char)( ( start       ) & 0xFF );
+        *p++ = MBEDTLS_CHAR_7( start );
+        *p++ = MBEDTLS_CHAR_6( start );
+        *p++ = MBEDTLS_CHAR_5( start );
+        *p++ = MBEDTLS_CHAR_4( start );
+        *p++ = MBEDTLS_CHAR_3( start );
+        *p++ = MBEDTLS_CHAR_2( start );
+        *p++ = MBEDTLS_CHAR_1( start );
+        *p++ = MBEDTLS_CHAR_0( start );
     }
 #endif /* MBEDTLS_HAVE_TIME */
 
@@ -4687,22 +4687,22 @@ static size_t ssl_session_save_tls12( const mbedtls_ssl_session *session,
 
     if( used <= buf_len )
     {
-        *p++ = (unsigned char)( ( session->ciphersuite >> 8 ) & 0xFF );
-        *p++ = (unsigned char)( ( session->ciphersuite      ) & 0xFF );
+        *p++ = MBEDTLS_CHAR_1( session->ciphersuite );
+        *p++ = MBEDTLS_CHAR_0( session->ciphersuite );
 
-        *p++ = (unsigned char)( session->compression & 0xFF );
+        *p++ = MBEDTLS_CHAR_0( session->compression );
 
-        *p++ = (unsigned char)( session->id_len & 0xFF );
+        *p++ = MBEDTLS_CHAR_0( session->id_len );
         memcpy( p, session->id, 32 );
         p += 32;
 
         memcpy( p, session->master, 48 );
         p += 48;
 
-        *p++ = (unsigned char)( ( session->verify_result >> 24 ) & 0xFF );
-        *p++ = (unsigned char)( ( session->verify_result >> 16 ) & 0xFF );
-        *p++ = (unsigned char)( ( session->verify_result >>  8 ) & 0xFF );
-        *p++ = (unsigned char)( ( session->verify_result       ) & 0xFF );
+        *p++ = MBEDTLS_CHAR_3( session->verify_result );
+        *p++ = MBEDTLS_CHAR_2( session->verify_result );
+        *p++ = MBEDTLS_CHAR_1( session->verify_result );
+        *p++ = MBEDTLS_CHAR_0( session->verify_result );
     }
 
     /*
@@ -4719,9 +4719,9 @@ static size_t ssl_session_save_tls12( const mbedtls_ssl_session *session,
 
     if( used <= buf_len )
     {
-        *p++ = (unsigned char)( ( cert_len >> 16 ) & 0xFF );
-        *p++ = (unsigned char)( ( cert_len >>  8 ) & 0xFF );
-        *p++ = (unsigned char)( ( cert_len       ) & 0xFF );
+        *p++ = MBEDTLS_CHAR_2( cert_len );
+        *p++ = MBEDTLS_CHAR_1( cert_len );
+        *p++ = MBEDTLS_CHAR_0( cert_len );
 
         if( session->peer_cert != NULL )
         {
@@ -4762,9 +4762,9 @@ static size_t ssl_session_save_tls12( const mbedtls_ssl_session *session,
 
     if( used <= buf_len )
     {
-        *p++ = (unsigned char)( ( session->ticket_len >> 16 ) & 0xFF );
-        *p++ = (unsigned char)( ( session->ticket_len >>  8 ) & 0xFF );
-        *p++ = (unsigned char)( ( session->ticket_len       ) & 0xFF );
+        *p++ = MBEDTLS_CHAR_2( session->ticket_len );
+        *p++ = MBEDTLS_CHAR_1( session->ticket_len );
+        *p++ = MBEDTLS_CHAR_0( session->ticket_len );
 
         if( session->ticket != NULL )
         {
@@ -4772,10 +4772,10 @@ static size_t ssl_session_save_tls12( const mbedtls_ssl_session *session,
             p += session->ticket_len;
         }
 
-        *p++ = (unsigned char)( ( session->ticket_lifetime >> 24 ) & 0xFF );
-        *p++ = (unsigned char)( ( session->ticket_lifetime >> 16 ) & 0xFF );
-        *p++ = (unsigned char)( ( session->ticket_lifetime >>  8 ) & 0xFF );
-        *p++ = (unsigned char)( ( session->ticket_lifetime       ) & 0xFF );
+        *p++ = MBEDTLS_CHAR_3( session->ticket_lifetime );
+        *p++ = MBEDTLS_CHAR_2( session->ticket_lifetime );
+        *p++ = MBEDTLS_CHAR_1( session->ticket_lifetime );
+        *p++ = MBEDTLS_CHAR_0( session->ticket_lifetime );
     }
 #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
 
@@ -4793,7 +4793,7 @@ static size_t ssl_session_save_tls12( const mbedtls_ssl_session *session,
     used += 1;
 
     if( used <= buf_len )
-        *p++ = (unsigned char)( ( session->encrypt_then_mac ) & 0xFF );
+        *p++ = MBEDTLS_CHAR_0( session->encrypt_then_mac );
 #endif
 
     return( used );
@@ -5568,11 +5568,11 @@ static unsigned char ssl_serialized_context_header[] = {
     MBEDTLS_VERSION_MAJOR,
     MBEDTLS_VERSION_MINOR,
     MBEDTLS_VERSION_PATCH,
-    ( SSL_SERIALIZED_SESSION_CONFIG_BITFLAG >> 8 ) & 0xFF,
-    ( SSL_SERIALIZED_SESSION_CONFIG_BITFLAG >> 0 ) & 0xFF,
-    ( SSL_SERIALIZED_CONTEXT_CONFIG_BITFLAG >> 16 ) & 0xFF,
-    ( SSL_SERIALIZED_CONTEXT_CONFIG_BITFLAG >>  8 ) & 0xFF,
-    ( SSL_SERIALIZED_CONTEXT_CONFIG_BITFLAG >>  0 ) & 0xFF,
+    MBEDTLS_CHAR_1( SSL_SERIALIZED_SESSION_CONFIG_BITFLAG ),
+    MBEDTLS_CHAR_0( SSL_SERIALIZED_SESSION_CONFIG_BITFLAG ),
+    MBEDTLS_CHAR_2( SSL_SERIALIZED_CONTEXT_CONFIG_BITFLAG ),
+    MBEDTLS_CHAR_1( SSL_SERIALIZED_CONTEXT_CONFIG_BITFLAG ),
+    MBEDTLS_CHAR_0( SSL_SERIALIZED_CONTEXT_CONFIG_BITFLAG ),
 };
 
 /*
@@ -5713,10 +5713,10 @@ int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl,
     used += 4 + session_len;
     if( used <= buf_len )
     {
-        *p++ = (unsigned char)( ( session_len >> 24 ) & 0xFF );
-        *p++ = (unsigned char)( ( session_len >> 16 ) & 0xFF );
-        *p++ = (unsigned char)( ( session_len >>  8 ) & 0xFF );
-        *p++ = (unsigned char)( ( session_len       ) & 0xFF );
+        *p++ = MBEDTLS_CHAR_3( session_len );
+        *p++ = MBEDTLS_CHAR_2( session_len );
+        *p++ = MBEDTLS_CHAR_1( session_len );
+        *p++ = MBEDTLS_CHAR_0( session_len );
 
         ret = ssl_session_save( ssl->session, 1,
                                 p, session_len, &session_len );
@@ -5757,33 +5757,33 @@ int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl,
     used += 4;
     if( used <= buf_len )
     {
-        *p++ = (unsigned char)( ( ssl->badmac_seen >> 24 ) & 0xFF );
-        *p++ = (unsigned char)( ( ssl->badmac_seen >> 16 ) & 0xFF );
-        *p++ = (unsigned char)( ( ssl->badmac_seen >>  8 ) & 0xFF );
-        *p++ = (unsigned char)( ( ssl->badmac_seen       ) & 0xFF );
+        *p++ = MBEDTLS_CHAR_3( ssl->badmac_seen );
+        *p++ = MBEDTLS_CHAR_2( ssl->badmac_seen );
+        *p++ = MBEDTLS_CHAR_1( ssl->badmac_seen );
+        *p++ = MBEDTLS_CHAR_0( ssl->badmac_seen );
     }
 
 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
     used += 16;
     if( used <= buf_len )
     {
-        *p++ = (unsigned char)( ( ssl->in_window_top >> 56 ) & 0xFF );
-        *p++ = (unsigned char)( ( ssl->in_window_top >> 48 ) & 0xFF );
-        *p++ = (unsigned char)( ( ssl->in_window_top >> 40 ) & 0xFF );
-        *p++ = (unsigned char)( ( ssl->in_window_top >> 32 ) & 0xFF );
-        *p++ = (unsigned char)( ( ssl->in_window_top >> 24 ) & 0xFF );
-        *p++ = (unsigned char)( ( ssl->in_window_top >> 16 ) & 0xFF );
-        *p++ = (unsigned char)( ( ssl->in_window_top >>  8 ) & 0xFF );
-        *p++ = (unsigned char)( ( ssl->in_window_top       ) & 0xFF );
+        *p++ = MBEDTLS_CHAR_7( ssl->in_window_top );
+        *p++ = MBEDTLS_CHAR_6( ssl->in_window_top );
+        *p++ = MBEDTLS_CHAR_5( ssl->in_window_top );
+        *p++ = MBEDTLS_CHAR_4( ssl->in_window_top );
+        *p++ = MBEDTLS_CHAR_3( ssl->in_window_top );
+        *p++ = MBEDTLS_CHAR_2( ssl->in_window_top );
+        *p++ = MBEDTLS_CHAR_1( ssl->in_window_top );
+        *p++ = MBEDTLS_CHAR_0( ssl->in_window_top );
 
-        *p++ = (unsigned char)( ( ssl->in_window >> 56 ) & 0xFF );
-        *p++ = (unsigned char)( ( ssl->in_window >> 48 ) & 0xFF );
-        *p++ = (unsigned char)( ( ssl->in_window >> 40 ) & 0xFF );
-        *p++ = (unsigned char)( ( ssl->in_window >> 32 ) & 0xFF );
-        *p++ = (unsigned char)( ( ssl->in_window >> 24 ) & 0xFF );
-        *p++ = (unsigned char)( ( ssl->in_window >> 16 ) & 0xFF );
-        *p++ = (unsigned char)( ( ssl->in_window >>  8 ) & 0xFF );
-        *p++ = (unsigned char)( ( ssl->in_window       ) & 0xFF );
+        *p++ = MBEDTLS_CHAR_7( ssl->in_window );
+        *p++ = MBEDTLS_CHAR_6( ssl->in_window );
+        *p++ = MBEDTLS_CHAR_5( ssl->in_window );
+        *p++ = MBEDTLS_CHAR_4( ssl->in_window );
+        *p++ = MBEDTLS_CHAR_3( ssl->in_window );
+        *p++ = MBEDTLS_CHAR_2( ssl->in_window );
+        *p++ = MBEDTLS_CHAR_1( ssl->in_window );
+        *p++ = MBEDTLS_CHAR_0( ssl->in_window );
     }
 #endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */
 
@@ -5806,8 +5806,8 @@ int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl,
     used += 2;
     if( used <= buf_len )
     {
-        *p++ = (unsigned char)( ( ssl->mtu >>  8 ) & 0xFF );
-        *p++ = (unsigned char)( ( ssl->mtu       ) & 0xFF );
+        *p++ = MBEDTLS_CHAR_1( ssl->mtu );
+        *p++ = MBEDTLS_CHAR_0( ssl->mtu );
     }
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 
diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index 902f99ea81..9e629cb0b3 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -113,17 +113,17 @@ static void ssl_tls1_3_hkdf_encode_label(
 #endif
 
     *p++ = 0;
-    *p++ = (unsigned char)( ( desired_length >> 0 ) & 0xFF );
+    *p++ = MBEDTLS_CHAR_0( desired_length );
 
     /* Add label incl. prefix */
-    *p++ = (unsigned char)( total_label_len & 0xFF );
+    *p++ = MBEDTLS_CHAR_0( total_label_len );
     memcpy( p, tls1_3_label_prefix, sizeof(tls1_3_label_prefix) );
     p += sizeof(tls1_3_label_prefix);
     memcpy( p, label, llen );
     p += llen;
 
     /* Add context value */
-    *p++ = (unsigned char)( clen & 0xFF );
+    *p++ = MBEDTLS_CHAR_0( clen );
     if( clen != 0 )
         memcpy( p, ctx, clen );
 

From 635231a71ef0a055bad5dd46e66bfdcff1027c98 Mon Sep 17 00:00:00 2001
From: Joe Subbiani <joe.subbiani@arm.com>
Date: Wed, 14 Jul 2021 11:53:07 +0100
Subject: [PATCH 316/966] Improve common.h macro documentation

Imrpoved the descriptions of the macros and parameters and
changing the name of the MBEDTLS_PUT_UINT... macro parameters
to be more descriptive

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
---
 library/common.h | 140 ++++++++++++++++++-----------------------------
 1 file changed, 52 insertions(+), 88 deletions(-)

diff --git a/library/common.h b/library/common.h
index 56c3002653..f7a9c9da6d 100644
--- a/library/common.h
+++ b/library/common.h
@@ -87,18 +87,13 @@ extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const c
 #define MBEDTLS_CHAR_7( x ) ( (unsigned char) ( ( ( x ) >> 56 ) & 0xff ) )
 
 /**
- * 32-bit integer manipulation GET macros (big endian)
+ * Get the unsigned 32 bits integer corresponding to four bytes in 
+ * big-endian order (MSB first).
  *
- * \brief   Use this to assign an unsigned 32 bit integer
- *          by taking data stored adjacent in memory that
- *          can be accessed via on offset
- *          Big Endian is used when wanting to
- *          transmit the most signifcant bits first
- *
- * \param   data    The data used to translate to a 32 bit
- *                  integer
- * \param   offset  the shift in bytes to access the next byte
- *                  of data
+ * \param   data    Base address of the memory to get the four bytes from.
+ * \param   offset  Offset from \p base of the first and most significant 
+ *                  byte of the four bytes to build the 32 bits unsigned 
+ *                  integer from.
  */
 #ifndef MBEDTLS_GET_UINT32_BE
 #define MBEDTLS_GET_UINT32_BE( data , offset )              \
@@ -111,44 +106,32 @@ extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const c
 #endif
 
 /**
- * 32-bit integer manipulation PUT macros (big endian)
+ * Put in memory a 32 bits unsigned integer in big-endian order.
  *
- * \brief   Read from a 32 bit integer and store each byte
- *          in memory, offset by a specified amount, resulting
- *          in each byte being adjacent in memory.
- *          Big Endian is used when wanting to
- *          transmit the most signifcant bits first
- *
- * \param   n   32 bit integer where data is accessed
- * \param   b   const unsigned char array of data to be
- *              manipulated
- * \param   i   offset in bytes, In the case of UINT32, i
- *              would increment by 4 every use assuming
- *              the data is being stored in the same location
+ * \param   n       32 bits unsigned integer to put in memory
+ * \param   data    Base address of the memory where to put the 32 
+ *                  bits unsigned integer in.
+ * \param   offset  Offset from \p base where to put the most significant 
+ *                  byte of the 32 bits unsigned integer \p n.
  */
 #ifndef MBEDTLS_PUT_UINT32_BE
-#define MBEDTLS_PUT_UINT32_BE(n,b,i)                    \
-    do {                                                \
-        (b)[(i)    ] = (unsigned char) ( (n) >> 24 );   \
-        (b)[(i) + 1] = (unsigned char) ( (n) >> 16 );   \
-        (b)[(i) + 2] = (unsigned char) ( (n) >>  8 );   \
-        (b)[(i) + 3] = (unsigned char) ( (n)       );   \
+#define MBEDTLS_PUT_UINT32_BE( n, data, offset )                    \
+    do {                                                            \
+        ( data )[( offset )    ] = (unsigned char) ( (n) >> 24 );   \
+        ( data )[( offset ) + 1] = (unsigned char) ( (n) >> 16 );   \
+        ( data )[( offset ) + 2] = (unsigned char) ( (n) >>  8 );   \
+        ( data )[( offset ) + 3] = (unsigned char) ( (n)       );   \
     } while( 0 )
 #endif
 
 /**
- * 32-bit integer manipulation GET macros (little endian)
+ * Get the unsigned 32 bits integer corresponding to four bytes in 
+ * little-endian order (LSB first).
  *
- * \brief   Use this to assign an unsigned 32 bit integer
- *          by taking data stored adjacent in memory that
- *          can be accessed via on offset
- *          Little Endian is used when wanting to
- *          transmit the least signifcant bits first
- *
- * \param   data    The data used to translate to a 32 bit
- *                  integer
- * \param   offset  the shift in bytes to access the next byte
- *                  of data
+ * \param   data    Base address of the memory to get the four bytes from.
+ * \param   offset  Offset from \p base of the first and least significant 
+ *                  byte of the four bytes to build the 32 bits unsigned 
+ *                  integer from.
  */
 #ifndef MBEDTLS_GET_UINT32_LE
 #define MBEDTLS_GET_UINT32_LE( data, offset )              \
@@ -161,44 +144,32 @@ extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const c
 #endif
 
 /**
- * 32-bit integer manipulation PUT macros (little endian)
+ * Put in memory a 32 bits unsigned integer in little-endian order.
  *
- * \brief   Read from a 32 bit integer and store each byte
- *          in memory, offset by a specified amount, resulting
- *          in each byte being adjacent in memory.
- *          Little Endian is used when wanting to
- *          transmit the least signifcant bits first
- *
- * \param   n   32 bit integer where data is accessed
- * \param   b   const unsigned char array of data to be
- *              manipulated
- * \param   i   offset in bytes, In the case of UINT32, i
- *              would increment by 4 every use assuming
- *              the data is being stored in the same location
+ * \param   n       32 bits unsigned integer to put in memory
+ * \param   data    Base address of the memory where to put the 32 
+ *                  bits unsigned integer in.
+ * \param   offset  Offset from \p base where to put the least significant 
+ *                  byte of the 32 bits unsigned integer \p n.
  */
 #ifndef MBEDTLS_PUT_UINT32_LE
-#define MBEDTLS_PUT_UINT32_LE(n,b,i)                                \
-    do {                                                            \
-        (b)[(i)    ] = (unsigned char) ( ( (n)       ) & 0xFF );    \
-        (b)[(i) + 1] = (unsigned char) ( ( (n) >>  8 ) & 0xFF );    \
-        (b)[(i) + 2] = (unsigned char) ( ( (n) >> 16 ) & 0xFF );    \
-        (b)[(i) + 3] = (unsigned char) ( ( (n) >> 24 ) & 0xFF );    \
+#define MBEDTLS_PUT_UINT32_LE( n, data, offset )                                \
+    do {                                                                        \
+        ( data )[( offset )    ] = (unsigned char) ( ( (n)       ) & 0xFF );    \
+        ( data )[( offset ) + 1] = (unsigned char) ( ( (n) >>  8 ) & 0xFF );    \
+        ( data )[( offset ) + 2] = (unsigned char) ( ( (n) >> 16 ) & 0xFF );    \
+        ( data )[( offset ) + 3] = (unsigned char) ( ( (n) >> 24 ) & 0xFF );    \
     } while( 0 )
 #endif
 
 /**
- * 16-bit integer manipulation GET macros (little endian)
+ * Get the unsigned 16 bits integer corresponding to four bytes in 
+ * little-endian order (LSB first).
  *
- * \brief   Use this to assign an unsigned 16 bit integer
- *          by taking data stored adjacent in memory that
- *          can be accessed via on offset
- *          Little Endian is used when wanting to
- *          transmit the least signifcant bits first
- *
- * \param   data    The data used to translate to a 16 bit
- *                  integer
- * \param   offset  the shit in bytes to access the next byte
- *                  of data
+ * \param   data    Base address of the memory to get the four bytes from.
+ * \param   offset  Offset from \p base of the first and least significant 
+ *                  byte of the four bytes to build the 16 bits unsigned 
+ *                  integer from.
  */
 #ifndef MBEDTLS_GET_UINT16_LE
 #define MBEDTLS_GET_UINT16_LE( data, offset )               \
@@ -209,26 +180,19 @@ extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const c
 #endif
 
 /**
- * 16-bit integer manipulation PUT macros (little endian)
+ * Put in memory a 16 bits unsigned integer in little-endian order.
  *
- * \brief   Read from a 16 bit integer and store each byte
- *          in memory, offset by a specified amount, resulting
- *          in each byte being adjacent in memory.
- *          Little Endian is used when wanting to
- *          transmit the least signifcant bits first
- *
- * \param   n   16 bit integer where data is accessed
- * \param   b   const unsigned char array of data to be
- *              manipulated
- * \param   i   offset in bytes, In the case of UINT16, i
- *              would increment by 2 every use assuming
- *              the data is being stored in the same location
+ * \param   n       16 bits unsigned integer to put in memory
+ * \param   data    Base address of the memory where to put the 16 
+ *                  bits unsigned integer in.
+ * \param   offset  Offset from \p base where to put the least significant 
+ *                  byte of the 16 bits unsigned integer \p n.
  */
 #ifndef MBEDTLS_PUT_UINT16_LE
-#define MBEDTLS_PUT_UINT16_LE( n, b, i )                        \
-{                                                               \
-    (b)[(i)    ] = (unsigned char) ( ( (n)       ) & 0xFF );    \
-    (b)[(i) + 1] = (unsigned char) ( ( (n) >>  8 ) & 0xFF );    \
+#define MBEDTLS_PUT_UINT16_LE( n, data, offset )                            \
+{                                                                           \
+    ( data )[( offset )    ] = (unsigned char) ( ( (n)       ) & 0xFF );    \
+    ( data )[( offset ) + 1] = (unsigned char) ( ( (n) >>  8 ) & 0xFF );    \
 }
 #endif
 

From 54550f7fca255769c4a2d9f5e089caddde4b0c6c Mon Sep 17 00:00:00 2001
From: Joe Subbiani <joe.subbiani@arm.com>
Date: Wed, 14 Jul 2021 11:59:48 +0100
Subject: [PATCH 317/966] Replace 3 byte shift with appropriate macro

aria.c has a shift by 3 bytes, but does not use the 0xff masking.
aparently this is not a problem and it is tidier to use the maco.

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
---
 library/aria.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/library/aria.c b/library/aria.c
index 6bfdfbdce2..bc05c4a319 100644
--- a/library/aria.c
+++ b/library/aria.c
@@ -215,19 +215,19 @@ static inline void aria_sl( uint32_t *a, uint32_t *b,
     *a = ( (uint32_t) sa[ MBEDTLS_BYTE_0( *a ) ]       ) ^
          (((uint32_t) sb[ MBEDTLS_BYTE_1( *a ) ]) <<  8) ^
          (((uint32_t) sc[ MBEDTLS_BYTE_2( *a ) ]) << 16) ^
-         (((uint32_t) sd[ *a >> 24             ]) << 24);
+         (((uint32_t) sd[ MBEDTLS_BYTE_3( *a ) ]) << 24);
     *b = ( (uint32_t) sa[ MBEDTLS_BYTE_0( *b ) ]       ) ^
          (((uint32_t) sb[ MBEDTLS_BYTE_1( *b ) ]) <<  8) ^
          (((uint32_t) sc[ MBEDTLS_BYTE_2( *b ) ]) << 16) ^
-         (((uint32_t) sd[ *b >> 24             ]) << 24);
+         (((uint32_t) sd[ MBEDTLS_BYTE_3( *b ) ]) << 24);
     *c = ( (uint32_t) sa[ MBEDTLS_BYTE_0( *c ) ]       ) ^
          (((uint32_t) sb[ MBEDTLS_BYTE_1( *c ) ]) <<  8) ^
          (((uint32_t) sc[ MBEDTLS_BYTE_2( *c ) ]) << 16) ^
-         (((uint32_t) sd[ *c >> 24             ]) << 24);
+         (((uint32_t) sd[ MBEDTLS_BYTE_3( *c ) ]) << 24);
     *d = ( (uint32_t) sa[ MBEDTLS_BYTE_0( *d ) ]       ) ^
          (((uint32_t) sb[ MBEDTLS_BYTE_1( *d ) ]) <<  8) ^
          (((uint32_t) sc[ MBEDTLS_BYTE_2( *d ) ]) << 16) ^
-         (((uint32_t) sd[ *d >> 24             ]) << 24);
+         (((uint32_t) sd[ MBEDTLS_BYTE_3( *d ) ]) << 24);
 }
 
 /*

From f5462d989c8674805d3566cf4d85029da0f18717 Mon Sep 17 00:00:00 2001
From: Joe Subbiani <joe.subbiani@arm.com>
Date: Tue, 13 Jul 2021 12:13:19 +0100
Subject: [PATCH 318/966] Remove trailing whitespaces

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
---
 library/common.h | 36 ++++++++++++++++++------------------
 1 file changed, 18 insertions(+), 18 deletions(-)

diff --git a/library/common.h b/library/common.h
index f7a9c9da6d..87f0d66bc7 100644
--- a/library/common.h
+++ b/library/common.h
@@ -87,12 +87,12 @@ extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const c
 #define MBEDTLS_CHAR_7( x ) ( (unsigned char) ( ( ( x ) >> 56 ) & 0xff ) )
 
 /**
- * Get the unsigned 32 bits integer corresponding to four bytes in 
+ * Get the unsigned 32 bits integer corresponding to four bytes in
  * big-endian order (MSB first).
  *
  * \param   data    Base address of the memory to get the four bytes from.
- * \param   offset  Offset from \p base of the first and most significant 
- *                  byte of the four bytes to build the 32 bits unsigned 
+ * \param   offset  Offset from \p base of the first and most significant
+ *                  byte of the four bytes to build the 32 bits unsigned
  *                  integer from.
  */
 #ifndef MBEDTLS_GET_UINT32_BE
@@ -108,10 +108,10 @@ extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const c
 /**
  * Put in memory a 32 bits unsigned integer in big-endian order.
  *
- * \param   n       32 bits unsigned integer to put in memory
- * \param   data    Base address of the memory where to put the 32 
+ * \param   n       32 bits unsigned integer to put in memory.
+ * \param   data    Base address of the memory where to put the 32
  *                  bits unsigned integer in.
- * \param   offset  Offset from \p base where to put the most significant 
+ * \param   offset  Offset from \p base where to put the most significant
  *                  byte of the 32 bits unsigned integer \p n.
  */
 #ifndef MBEDTLS_PUT_UINT32_BE
@@ -125,12 +125,12 @@ extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const c
 #endif
 
 /**
- * Get the unsigned 32 bits integer corresponding to four bytes in 
+ * Get the unsigned 32 bits integer corresponding to four bytes in
  * little-endian order (LSB first).
  *
  * \param   data    Base address of the memory to get the four bytes from.
- * \param   offset  Offset from \p base of the first and least significant 
- *                  byte of the four bytes to build the 32 bits unsigned 
+ * \param   offset  Offset from \p base of the first and least significant
+ *                  byte of the four bytes to build the 32 bits unsigned
  *                  integer from.
  */
 #ifndef MBEDTLS_GET_UINT32_LE
@@ -146,10 +146,10 @@ extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const c
 /**
  * Put in memory a 32 bits unsigned integer in little-endian order.
  *
- * \param   n       32 bits unsigned integer to put in memory
- * \param   data    Base address of the memory where to put the 32 
+ * \param   n       32 bits unsigned integer to put in memory.
+ * \param   data    Base address of the memory where to put the 32
  *                  bits unsigned integer in.
- * \param   offset  Offset from \p base where to put the least significant 
+ * \param   offset  Offset from \p base where to put the least significant
  *                  byte of the 32 bits unsigned integer \p n.
  */
 #ifndef MBEDTLS_PUT_UINT32_LE
@@ -163,12 +163,12 @@ extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const c
 #endif
 
 /**
- * Get the unsigned 16 bits integer corresponding to four bytes in 
+ * Get the unsigned 16 bits integer corresponding to four bytes in
  * little-endian order (LSB first).
  *
  * \param   data    Base address of the memory to get the four bytes from.
- * \param   offset  Offset from \p base of the first and least significant 
- *                  byte of the four bytes to build the 16 bits unsigned 
+ * \param   offset  Offset from \p base of the first and least significant
+ *                  byte of the four bytes to build the 16 bits unsigned
  *                  integer from.
  */
 #ifndef MBEDTLS_GET_UINT16_LE
@@ -182,10 +182,10 @@ extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const c
 /**
  * Put in memory a 16 bits unsigned integer in little-endian order.
  *
- * \param   n       16 bits unsigned integer to put in memory
- * \param   data    Base address of the memory where to put the 16 
+ * \param   n       16 bits unsigned integer to put in memory.
+ * \param   data    Base address of the memory where to put the 16
  *                  bits unsigned integer in.
- * \param   offset  Offset from \p base where to put the least significant 
+ * \param   offset  Offset from \p base where to put the least significant
  *                  byte of the 16 bits unsigned integer \p n.
  */
 #ifndef MBEDTLS_PUT_UINT16_LE

From bf7ea84f83d7fbef2103cae2564fe7258e6847c9 Mon Sep 17 00:00:00 2001
From: Joe Subbiani <joe.subbiani@arm.com>
Date: Wed, 14 Jul 2021 12:05:51 +0100
Subject: [PATCH 319/966] Replace "four bytes" with "two bytes" in macro
 documentation

When writing the documentation 4 bytes was written instead of 2 for
MBEDTLS_UINT16_LE

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
---
 library/common.h | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/library/common.h b/library/common.h
index 87f0d66bc7..28017f9742 100644
--- a/library/common.h
+++ b/library/common.h
@@ -163,12 +163,12 @@ extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const c
 #endif
 
 /**
- * Get the unsigned 16 bits integer corresponding to four bytes in
+ * Get the unsigned 16 bits integer corresponding to two bytes in
  * little-endian order (LSB first).
  *
- * \param   data    Base address of the memory to get the four bytes from.
+ * \param   data    Base address of the memory to get the two bytes from.
  * \param   offset  Offset from \p base of the first and least significant
- *                  byte of the four bytes to build the 16 bits unsigned
+ *                  byte of the two bytes to build the 16 bits unsigned
  *                  integer from.
  */
 #ifndef MBEDTLS_GET_UINT16_LE

From 2194dc477a65c0c18f592168b5e5f765c475bc9c Mon Sep 17 00:00:00 2001
From: Joe Subbiani <joe.subbiani@arm.com>
Date: Wed, 14 Jul 2021 12:31:31 +0100
Subject: [PATCH 320/966] Replace MBEDTLS_CHAR_x with MBEDTLS_BYTE_x

The CHAR macros casted to an unsigned char which in this project
is garunteed to be 8 bits - the same as uint8_t (which BYTE casts
to) therefore, instances of CHAR have been swapped with BYTE and
the number of macros have been cut down

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
---
 library/asn1write.c      |  18 +++---
 library/ccm.c            |   6 +-
 library/common.h         |  17 +++---
 library/ecjpake.c        |  18 +++---
 library/ssl_cli.c        | 116 ++++++++++++++++++-------------------
 library/ssl_msg.c        |   4 +-
 library/ssl_srv.c        |  86 ++++++++++++++--------------
 library/ssl_tls.c        | 120 +++++++++++++++++++--------------------
 library/ssl_tls13_keys.c |   6 +-
 9 files changed, 194 insertions(+), 197 deletions(-)

diff --git a/library/asn1write.c b/library/asn1write.c
index 8555767fe2..dc61854137 100644
--- a/library/asn1write.c
+++ b/library/asn1write.c
@@ -60,8 +60,8 @@ int mbedtls_asn1_write_len( unsigned char **p, const unsigned char *start, size_
         if( *p - start < 3 )
             return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
 
-        *--(*p) = MBEDTLS_CHAR_0( len );
-        *--(*p) = MBEDTLS_CHAR_1( len );
+        *--(*p) = MBEDTLS_BYTE_0( len );
+        *--(*p) = MBEDTLS_BYTE_1( len );
         *--(*p) = 0x82;
         return( 3 );
     }
@@ -71,9 +71,9 @@ int mbedtls_asn1_write_len( unsigned char **p, const unsigned char *start, size_
         if( *p - start < 4 )
             return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
 
-        *--(*p) = MBEDTLS_CHAR_0( len );
-        *--(*p) = MBEDTLS_CHAR_1( len );
-        *--(*p) = MBEDTLS_CHAR_2( len );
+        *--(*p) = MBEDTLS_BYTE_0( len );
+        *--(*p) = MBEDTLS_BYTE_1( len );
+        *--(*p) = MBEDTLS_BYTE_2( len );
         *--(*p) = 0x83;
         return( 4 );
     }
@@ -85,10 +85,10 @@ int mbedtls_asn1_write_len( unsigned char **p, const unsigned char *start, size_
         if( *p - start < 5 )
             return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
 
-        *--(*p) = MBEDTLS_CHAR_0( len );
-        *--(*p) = MBEDTLS_CHAR_1( len );
-        *--(*p) = MBEDTLS_CHAR_2( len );
-        *--(*p) = MBEDTLS_CHAR_3( len );
+        *--(*p) = MBEDTLS_BYTE_0( len );
+        *--(*p) = MBEDTLS_BYTE_1( len );
+        *--(*p) = MBEDTLS_BYTE_2( len );
+        *--(*p) = MBEDTLS_BYTE_3( len );
         *--(*p) = 0x84;
         return( 5 );
     }
diff --git a/library/ccm.c b/library/ccm.c
index 95d90dc61a..0188075f5e 100644
--- a/library/ccm.c
+++ b/library/ccm.c
@@ -200,7 +200,7 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length,
     memcpy( b + 1, iv, iv_len );
 
     for( i = 0, len_left = length; i < q; i++, len_left >>= 8 )
-        b[15-i] = MBEDTLS_CHAR_0( len_left );
+        b[15-i] = MBEDTLS_BYTE_0( len_left );
 
     if( len_left > 0 )
         return( MBEDTLS_ERR_CCM_BAD_INPUT );
@@ -221,8 +221,8 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length,
         src = add;
 
         memset( b, 0, 16 );
-        b[0] = MBEDTLS_CHAR_1( add_len );
-        b[1] = MBEDTLS_CHAR_0( add_len );
+        b[0] = MBEDTLS_BYTE_1( add_len );
+        b[1] = MBEDTLS_BYTE_0( add_len );
 
         use_len = len_left < 16 - 2 ? len_left : 16 - 2;
         memcpy( b + 2, src, use_len );
diff --git a/library/common.h b/library/common.h
index 28017f9742..e0f8b99baa 100644
--- a/library/common.h
+++ b/library/common.h
@@ -25,6 +25,8 @@
 
 #include "mbedtls/build_info.h"
 
+#include <stdint.h>
+
 /** Helper to define a function as static except when building invasive tests.
  *
  * If a function is only used inside its own source file and should be
@@ -72,19 +74,14 @@ extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const c
  * Using MBEDTLS_BYTE_a will shift a*8 bits
  * to retrieve the next byte of information
  */
-#define MBEDTLS_BYTE_0( x ) ( (uint8_t) ( ( x ) & 0xff ) )
+#define MBEDTLS_BYTE_0( x ) ( (uint8_t) (   ( x )         & 0xff ) )
 #define MBEDTLS_BYTE_1( x ) ( (uint8_t) ( ( ( x ) >> 8  ) & 0xff ) )
 #define MBEDTLS_BYTE_2( x ) ( (uint8_t) ( ( ( x ) >> 16 ) & 0xff ) )
 #define MBEDTLS_BYTE_3( x ) ( (uint8_t) ( ( ( x ) >> 24 ) & 0xff ) )
-
-#define MBEDTLS_CHAR_0( x ) ( (unsigned char) (   ( x )         & 0xff ) )
-#define MBEDTLS_CHAR_1( x ) ( (unsigned char) ( ( ( x ) >> 8  ) & 0xff ) )
-#define MBEDTLS_CHAR_2( x ) ( (unsigned char) ( ( ( x ) >> 16 ) & 0xff ) )
-#define MBEDTLS_CHAR_3( x ) ( (unsigned char) ( ( ( x ) >> 24 ) & 0xff ) )
-#define MBEDTLS_CHAR_4( x ) ( (unsigned char) ( ( ( x ) >> 32 ) & 0xff ) )
-#define MBEDTLS_CHAR_5( x ) ( (unsigned char) ( ( ( x ) >> 40 ) & 0xff ) )
-#define MBEDTLS_CHAR_6( x ) ( (unsigned char) ( ( ( x ) >> 48 ) & 0xff ) )
-#define MBEDTLS_CHAR_7( x ) ( (unsigned char) ( ( ( x ) >> 56 ) & 0xff ) )
+#define MBEDTLS_BYTE_4( x ) ( (uint8_t) ( ( ( x ) >> 32 ) & 0xff ) )
+#define MBEDTLS_BYTE_5( x ) ( (uint8_t) ( ( ( x ) >> 40 ) & 0xff ) )
+#define MBEDTLS_BYTE_6( x ) ( (uint8_t) ( ( ( x ) >> 48 ) & 0xff ) )
+#define MBEDTLS_BYTE_7( x ) ( (uint8_t) ( ( ( x ) >> 56 ) & 0xff ) )
 
 /**
  * Get the unsigned 32 bits integer corresponding to four bytes in
diff --git a/library/ecjpake.c b/library/ecjpake.c
index 7305dfeee1..a599b1ba48 100644
--- a/library/ecjpake.c
+++ b/library/ecjpake.c
@@ -180,10 +180,10 @@ static int ecjpake_write_len_point( unsigned char **p,
     if( ret != 0 )
         return( ret );
 
-    (*p)[0] = MBEDTLS_CHAR_3( len );
-    (*p)[1] = MBEDTLS_CHAR_2( len );
-    (*p)[2] = MBEDTLS_CHAR_1( len );
-    (*p)[3] = MBEDTLS_CHAR_0( len );
+    (*p)[0] = MBEDTLS_BYTE_3( len );
+    (*p)[1] = MBEDTLS_BYTE_2( len );
+    (*p)[2] = MBEDTLS_BYTE_1( len );
+    (*p)[3] = MBEDTLS_BYTE_0( len );
 
     *p += 4 + len;
 
@@ -223,10 +223,10 @@ static int ecjpake_hash( const mbedtls_md_info_t *md_info,
     if( end - p < 4 )
         return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
 
-    *p++ = MBEDTLS_CHAR_3( id_len );
-    *p++ = MBEDTLS_CHAR_2( id_len );
-    *p++ = MBEDTLS_CHAR_1( id_len );
-    *p++ = MBEDTLS_CHAR_0( id_len );
+    *p++ = MBEDTLS_BYTE_3( id_len );
+    *p++ = MBEDTLS_BYTE_2( id_len );
+    *p++ = MBEDTLS_BYTE_1( id_len );
+    *p++ = MBEDTLS_BYTE_0( id_len );
 
     if( end < p || (size_t)( end - p ) < id_len )
         return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
@@ -366,7 +366,7 @@ static int ecjpake_zkp_write( const mbedtls_md_info_t *md_info,
         goto cleanup;
     }
 
-    *(*p)++ = MBEDTLS_CHAR_0( len );
+    *(*p)++ = MBEDTLS_BYTE_0( len );
     MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &h, *p, len ) ); /* r */
     *p += len;
 
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 7d65479efb..9e0db96c48 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -136,18 +136,18 @@ static int ssl_write_hostname_ext( mbedtls_ssl_context *ssl,
      * } ServerNameList;
      *
      */
-    *p++ = MBEDTLS_CHAR_1( MBEDTLS_TLS_EXT_SERVERNAME );
-    *p++ = MBEDTLS_CHAR_0( MBEDTLS_TLS_EXT_SERVERNAME );
+    *p++ = MBEDTLS_BYTE_1( MBEDTLS_TLS_EXT_SERVERNAME );
+    *p++ = MBEDTLS_BYTE_0( MBEDTLS_TLS_EXT_SERVERNAME );
 
-    *p++ = MBEDTLS_CHAR_1( hostname_len + 5);
-    *p++ = MBEDTLS_CHAR_0( hostname_len + 5);
+    *p++ = MBEDTLS_BYTE_1( hostname_len + 5);
+    *p++ = MBEDTLS_BYTE_0( hostname_len + 5);
 
-    *p++ = MBEDTLS_CHAR_1( hostname_len + 3 );
-    *p++ = MBEDTLS_CHAR_0( hostname_len + 3 );
+    *p++ = MBEDTLS_BYTE_1( hostname_len + 3 );
+    *p++ = MBEDTLS_BYTE_0( hostname_len + 3 );
 
-    *p++ = MBEDTLS_CHAR_0( MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME );
-    *p++ = MBEDTLS_CHAR_1( hostname_len );
-    *p++ = MBEDTLS_CHAR_0( hostname_len );
+    *p++ = MBEDTLS_BYTE_0( MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME );
+    *p++ = MBEDTLS_BYTE_1( hostname_len );
+    *p++ = MBEDTLS_BYTE_0( hostname_len );
 
     memcpy( p, ssl->hostname, hostname_len );
 
@@ -181,12 +181,12 @@ static int ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl,
     /*
      * Secure renegotiation
      */
-    *p++ = MBEDTLS_CHAR_1( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO );
-    *p++ = MBEDTLS_CHAR_0( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO );
+    *p++ = MBEDTLS_BYTE_1( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO );
+    *p++ = MBEDTLS_BYTE_0( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO );
 
     *p++ = 0x00;
-    *p++ = MBEDTLS_CHAR_0( ssl->verify_data_len + 1 );
-    *p++ = MBEDTLS_CHAR_0( ssl->verify_data_len );
+    *p++ = MBEDTLS_BYTE_0( ssl->verify_data_len + 1 );
+    *p++ = MBEDTLS_BYTE_0( ssl->verify_data_len );
 
     memcpy( p, ssl->own_verify_data, ssl->verify_data_len );
 
@@ -281,14 +281,14 @@ static int ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl,
      * SignatureAndHashAlgorithm
      *   supported_signature_algorithms<2..2^16-2>;
      */
-    *p++ = MBEDTLS_CHAR_1( MBEDTLS_TLS_EXT_SIG_ALG );
-    *p++ = MBEDTLS_CHAR_0( MBEDTLS_TLS_EXT_SIG_ALG );
+    *p++ = MBEDTLS_BYTE_1( MBEDTLS_TLS_EXT_SIG_ALG );
+    *p++ = MBEDTLS_BYTE_0( MBEDTLS_TLS_EXT_SIG_ALG );
 
-    *p++ = MBEDTLS_CHAR_1( sig_alg_len + 2 );
-    *p++ = MBEDTLS_CHAR_0( sig_alg_len + 2 );
+    *p++ = MBEDTLS_BYTE_1( sig_alg_len + 2 );
+    *p++ = MBEDTLS_BYTE_0( sig_alg_len + 2 );
 
-    *p++ = MBEDTLS_CHAR_1( sig_alg_len );
-    *p++ = MBEDTLS_CHAR_0( sig_alg_len );
+    *p++ = MBEDTLS_BYTE_1( sig_alg_len );
+    *p++ = MBEDTLS_BYTE_0( sig_alg_len );
 
     *olen = 6 + sig_alg_len;
 
@@ -356,14 +356,14 @@ static int ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl,
         elliptic_curve_list[elliptic_curve_len++] = info->tls_id & 0xFF;
     }
 
-    *p++ = MBEDTLS_CHAR_1( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES );
-    *p++ = MBEDTLS_CHAR_0( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES );
+    *p++ = MBEDTLS_BYTE_1( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES );
+    *p++ = MBEDTLS_BYTE_0( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES );
 
-    *p++ = MBEDTLS_CHAR_1( elliptic_curve_len + 2 );
-    *p++ = MBEDTLS_CHAR_0( elliptic_curve_len + 2 );
+    *p++ = MBEDTLS_BYTE_1( elliptic_curve_len + 2 );
+    *p++ = MBEDTLS_BYTE_0( elliptic_curve_len + 2 );
 
-    *p++ = MBEDTLS_CHAR_1( elliptic_curve_len     );
-    *p++ = MBEDTLS_CHAR_0( elliptic_curve_len     );
+    *p++ = MBEDTLS_BYTE_1( elliptic_curve_len     );
+    *p++ = MBEDTLS_BYTE_0( elliptic_curve_len     );
 
     *olen = 6 + elliptic_curve_len;
 
@@ -384,8 +384,8 @@ static int ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl,
         ( "client hello, adding supported_point_formats extension" ) );
     MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 );
 
-    *p++ = MBEDTLS_CHAR_1( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS );
-    *p++ = MBEDTLS_CHAR_0( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS );
+    *p++ = MBEDTLS_BYTE_1( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS );
+    *p++ = MBEDTLS_BYTE_0( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS );
 
     *p++ = 0x00;
     *p++ = 2;
@@ -421,8 +421,8 @@ static int ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl,
 
     MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 );
 
-    *p++ = MBEDTLS_CHAR_1( MBEDTLS_TLS_EXT_ECJPAKE_KKPP );
-    *p++ = MBEDTLS_CHAR_0( MBEDTLS_TLS_EXT_ECJPAKE_KKPP );
+    *p++ = MBEDTLS_BYTE_1( MBEDTLS_TLS_EXT_ECJPAKE_KKPP );
+    *p++ = MBEDTLS_BYTE_0( MBEDTLS_TLS_EXT_ECJPAKE_KKPP );
 
     /*
      * We may need to send ClientHello multiple times for Hello verification.
@@ -464,8 +464,8 @@ static int ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl,
         memcpy( p + 2, ssl->handshake->ecjpake_cache, kkpp_len );
     }
 
-    *p++ = MBEDTLS_CHAR_1( kkpp_len );
-    *p++ = MBEDTLS_CHAR_0( kkpp_len );
+    *p++ = MBEDTLS_BYTE_1( kkpp_len );
+    *p++ = MBEDTLS_BYTE_0( kkpp_len );
 
     *olen = kkpp_len + 4;
 
@@ -504,11 +504,11 @@ static int ssl_write_cid_ext( mbedtls_ssl_context *ssl,
     MBEDTLS_SSL_CHK_BUF_PTR( p, end, (unsigned)( ssl->own_cid_len + 5 ) );
 
     /* Add extension ID + size */
-    *p++ = MBEDTLS_CHAR_1( MBEDTLS_TLS_EXT_CID );
-    *p++ = MBEDTLS_CHAR_0( MBEDTLS_TLS_EXT_CID );
+    *p++ = MBEDTLS_BYTE_1( MBEDTLS_TLS_EXT_CID );
+    *p++ = MBEDTLS_BYTE_0( MBEDTLS_TLS_EXT_CID );
     ext_len = (size_t) ssl->own_cid_len + 1;
-    *p++ = MBEDTLS_CHAR_1( ext_len );
-    *p++ = MBEDTLS_CHAR_0( ext_len );
+    *p++ = MBEDTLS_BYTE_1( ext_len );
+    *p++ = MBEDTLS_BYTE_0( ext_len );
 
     *p++ = (uint8_t) ssl->own_cid_len;
     memcpy( p, ssl->own_cid, ssl->own_cid_len );
@@ -537,8 +537,8 @@ static int ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl,
 
     MBEDTLS_SSL_CHK_BUF_PTR( p, end, 5 );
 
-    *p++ = MBEDTLS_CHAR_1( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH );
-    *p++ = MBEDTLS_CHAR_0( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH );
+    *p++ = MBEDTLS_BYTE_1( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH );
+    *p++ = MBEDTLS_BYTE_0( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH );
 
     *p++ = 0x00;
     *p++ = 1;
@@ -569,8 +569,8 @@ static int ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl,
 
     MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 );
 
-    *p++ = MBEDTLS_CHAR_1( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC );
-    *p++ = MBEDTLS_CHAR_0( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC );
+    *p++ = MBEDTLS_BYTE_1( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC );
+    *p++ = MBEDTLS_BYTE_0( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC );
 
     *p++ = 0x00;
     *p++ = 0x00;
@@ -599,8 +599,8 @@ static int ssl_write_extended_ms_ext( mbedtls_ssl_context *ssl,
 
     MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 );
 
-    *p++ = MBEDTLS_CHAR_1( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET );
-    *p++ = MBEDTLS_CHAR_0( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET );
+    *p++ = MBEDTLS_BYTE_1( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET );
+    *p++ = MBEDTLS_BYTE_0( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET );
 
     *p++ = 0x00;
     *p++ = 0x00;
@@ -631,11 +631,11 @@ static int ssl_write_session_ticket_ext( mbedtls_ssl_context *ssl,
     /* The addition is safe here since the ticket length is 16 bit. */
     MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 + tlen );
 
-    *p++ = MBEDTLS_CHAR_1( MBEDTLS_TLS_EXT_SESSION_TICKET );
-    *p++ = MBEDTLS_CHAR_0( MBEDTLS_TLS_EXT_SESSION_TICKET );
+    *p++ = MBEDTLS_BYTE_1( MBEDTLS_TLS_EXT_SESSION_TICKET );
+    *p++ = MBEDTLS_BYTE_0( MBEDTLS_TLS_EXT_SESSION_TICKET );
 
-    *p++ = MBEDTLS_CHAR_1( tlen );
-    *p++ = MBEDTLS_CHAR_0( tlen );
+    *p++ = MBEDTLS_BYTE_1( tlen );
+    *p++ = MBEDTLS_BYTE_0( tlen );
 
     *olen = 4;
 
@@ -675,8 +675,8 @@ static int ssl_write_alpn_ext( mbedtls_ssl_context *ssl,
 
     MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 + alpnlen );
 
-    *p++ = MBEDTLS_CHAR_1( MBEDTLS_TLS_EXT_ALPN );
-    *p++ = MBEDTLS_CHAR_0( MBEDTLS_TLS_EXT_ALPN );
+    *p++ = MBEDTLS_BYTE_1( MBEDTLS_TLS_EXT_ALPN );
+    *p++ = MBEDTLS_BYTE_0( MBEDTLS_TLS_EXT_ALPN );
 
     /*
      * opaque ProtocolName<1..2^8-1>;
@@ -703,12 +703,12 @@ static int ssl_write_alpn_ext( mbedtls_ssl_context *ssl,
     *olen = p - buf;
 
     /* List length = olen - 2 (ext_type) - 2 (ext_len) - 2 (list_len) */
-    buf[4] = MBEDTLS_CHAR_1( *olen - 6 );
-    buf[5] = MBEDTLS_CHAR_0( *olen - 6 );
+    buf[4] = MBEDTLS_BYTE_1( *olen - 6 );
+    buf[5] = MBEDTLS_BYTE_0( *olen - 6 );
 
     /* Extension length = olen - 2 (ext_type) - 2 (ext_len) */
-    buf[2] = MBEDTLS_CHAR_1( *olen - 4 );
-    buf[3] = MBEDTLS_CHAR_0( *olen - 4 );
+    buf[2] = MBEDTLS_BYTE_1( *olen - 4 );
+    buf[3] = MBEDTLS_BYTE_0( *olen - 4 );
 
     return( 0 );
 }
@@ -760,12 +760,12 @@ static int ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl,
      */
     MBEDTLS_SSL_CHK_BUF_PTR( p, end, ext_len + 4 );
 
-    *p++ = MBEDTLS_CHAR_1( MBEDTLS_TLS_EXT_USE_SRTP );
-    *p++ = MBEDTLS_CHAR_0( MBEDTLS_TLS_EXT_USE_SRTP );
+    *p++ = MBEDTLS_BYTE_1( MBEDTLS_TLS_EXT_USE_SRTP );
+    *p++ = MBEDTLS_BYTE_0( MBEDTLS_TLS_EXT_USE_SRTP );
 
 
-    *p++ = MBEDTLS_CHAR_1( ext_len & 0xFF00 );
-    *p++ = MBEDTLS_CHAR_0( ext_len );
+    *p++ = MBEDTLS_BYTE_1( ext_len & 0xFF00 );
+    *p++ = MBEDTLS_BYTE_0( ext_len );
 
     /* protection profile length: 2*(ssl->conf->dtls_srtp_profile_list_len) */
     /* micro-optimization:
@@ -776,7 +776,7 @@ static int ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl,
      *                        >> 8 ) & 0xFF );
      */
     *p++ = 0;
-    *p++ = MBEDTLS_CHAR_0( 2 * ssl->conf->dtls_srtp_profile_list_len );
+    *p++ = MBEDTLS_BYTE_0( 2 * ssl->conf->dtls_srtp_profile_list_len );
 
     for( protection_profiles_index=0;
          protection_profiles_index < ssl->conf->dtls_srtp_profile_list_len;
@@ -1323,8 +1323,8 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
     {
         /* No need to check for space here, because the extension
          * writing functions already took care of that. */
-        *p++ = MBEDTLS_CHAR_1( ext_len );
-        *p++ = MBEDTLS_CHAR_0( ext_len );
+        *p++ = MBEDTLS_BYTE_1( ext_len );
+        *p++ = MBEDTLS_BYTE_0( ext_len );
         p += ext_len;
     }
 
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index e0c50bcce1..989c59874f 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -2481,8 +2481,8 @@ int mbedtls_ssl_write_handshake_msg_ext( mbedtls_ssl_context *ssl,
             /* Write message_seq and update it, except for HelloRequest */
             if( hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST )
             {
-                ssl->out_msg[4] = MBEDTLS_CHAR_1( ssl->handshake->out_msg_seq );
-                ssl->out_msg[5] = MBEDTLS_CHAR_0( ssl->handshake->out_msg_seq );
+                ssl->out_msg[4] = MBEDTLS_BYTE_1( ssl->handshake->out_msg_seq );
+                ssl->out_msg[5] = MBEDTLS_BYTE_0( ssl->handshake->out_msg_seq );
                 ++( ssl->handshake->out_msg_seq );
             }
             else
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 253ab56959..96b08ab8f6 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -1971,11 +1971,11 @@ static void ssl_write_cid_ext( mbedtls_ssl_context *ssl,
      *   } ConnectionId;
     */
 
-    *p++ = MBEDTLS_CHAR_1( MBEDTLS_TLS_EXT_CID );
-    *p++ = MBEDTLS_CHAR_0( MBEDTLS_TLS_EXT_CID );
+    *p++ = MBEDTLS_BYTE_1( MBEDTLS_TLS_EXT_CID );
+    *p++ = MBEDTLS_BYTE_0( MBEDTLS_TLS_EXT_CID );
     ext_len = (size_t) ssl->own_cid_len + 1;
-    *p++ = MBEDTLS_CHAR_1( ext_len );
-    *p++ = MBEDTLS_CHAR_0( ext_len );
+    *p++ = MBEDTLS_BYTE_1( ext_len );
+    *p++ = MBEDTLS_BYTE_0( ext_len );
 
     *p++ = (uint8_t) ssl->own_cid_len;
     memcpy( p, ssl->own_cid, ssl->own_cid_len );
@@ -2016,8 +2016,8 @@ static void ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl,
 
     MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding encrypt then mac extension" ) );
 
-    *p++ = MBEDTLS_CHAR_1( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC );
-    *p++ = MBEDTLS_CHAR_0( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC );
+    *p++ = MBEDTLS_BYTE_1( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC );
+    *p++ = MBEDTLS_BYTE_0( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC );
 
     *p++ = 0x00;
     *p++ = 0x00;
@@ -2042,8 +2042,8 @@ static void ssl_write_extended_ms_ext( mbedtls_ssl_context *ssl,
     MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding extended master secret "
                         "extension" ) );
 
-    *p++ = MBEDTLS_CHAR_1( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET );
-    *p++ = MBEDTLS_CHAR_0( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET );
+    *p++ = MBEDTLS_BYTE_1( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET );
+    *p++ = MBEDTLS_BYTE_0( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET );
 
     *p++ = 0x00;
     *p++ = 0x00;
@@ -2067,8 +2067,8 @@ static void ssl_write_session_ticket_ext( mbedtls_ssl_context *ssl,
 
     MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding session ticket extension" ) );
 
-    *p++ = MBEDTLS_CHAR_1( MBEDTLS_TLS_EXT_SESSION_TICKET );
-    *p++ = MBEDTLS_CHAR_0( MBEDTLS_TLS_EXT_SESSION_TICKET );
+    *p++ = MBEDTLS_BYTE_1( MBEDTLS_TLS_EXT_SESSION_TICKET );
+    *p++ = MBEDTLS_BYTE_0( MBEDTLS_TLS_EXT_SESSION_TICKET );
 
     *p++ = 0x00;
     *p++ = 0x00;
@@ -2091,8 +2091,8 @@ static void ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl,
 
     MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, secure renegotiation extension" ) );
 
-    *p++ = MBEDTLS_CHAR_1( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO );
-    *p++ = MBEDTLS_CHAR_0( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO );
+    *p++ = MBEDTLS_BYTE_1( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO );
+    *p++ = MBEDTLS_BYTE_0( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO );
 
 #if defined(MBEDTLS_SSL_RENEGOTIATION)
     if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE )
@@ -2132,8 +2132,8 @@ static void ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl,
 
     MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, max_fragment_length extension" ) );
 
-    *p++ = MBEDTLS_CHAR_1( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH );
-    *p++ = MBEDTLS_CHAR_0( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH );
+    *p++ = MBEDTLS_BYTE_1( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH );
+    *p++ = MBEDTLS_BYTE_0( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH );
 
     *p++ = 0x00;
     *p++ = 1;
@@ -2162,8 +2162,8 @@ static void ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl,
 
     MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, supported_point_formats extension" ) );
 
-    *p++ = MBEDTLS_CHAR_1( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS );
-    *p++ = MBEDTLS_CHAR_0( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS );
+    *p++ = MBEDTLS_BYTE_1( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS );
+    *p++ = MBEDTLS_BYTE_0( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS );
 
     *p++ = 0x00;
     *p++ = 2;
@@ -2200,8 +2200,8 @@ static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl,
         return;
     }
 
-    *p++ = MBEDTLS_CHAR_1( MBEDTLS_TLS_EXT_ECJPAKE_KKPP );
-    *p++ = MBEDTLS_CHAR_0( MBEDTLS_TLS_EXT_ECJPAKE_KKPP );
+    *p++ = MBEDTLS_BYTE_1( MBEDTLS_TLS_EXT_ECJPAKE_KKPP );
+    *p++ = MBEDTLS_BYTE_0( MBEDTLS_TLS_EXT_ECJPAKE_KKPP );
 
     ret = mbedtls_ecjpake_write_round_one( &ssl->handshake->ecjpake_ctx,
                                         p + 2, end - p - 2, &kkpp_len,
@@ -2212,8 +2212,8 @@ static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl,
         return;
     }
 
-    *p++ = MBEDTLS_CHAR_1( kkpp_len );
-    *p++ = MBEDTLS_CHAR_0( kkpp_len );
+    *p++ = MBEDTLS_BYTE_1( kkpp_len );
+    *p++ = MBEDTLS_BYTE_0( kkpp_len );
 
     *olen = kkpp_len + 4;
 }
@@ -2238,18 +2238,18 @@ static void ssl_write_alpn_ext( mbedtls_ssl_context *ssl,
      * 6 . 6    protocol name length
      * 7 . 7+n  protocol name
      */
-    buf[0] = MBEDTLS_CHAR_1( MBEDTLS_TLS_EXT_ALPN );
-    buf[1] = MBEDTLS_CHAR_0( MBEDTLS_TLS_EXT_ALPN );
+    buf[0] = MBEDTLS_BYTE_1( MBEDTLS_TLS_EXT_ALPN );
+    buf[1] = MBEDTLS_BYTE_0( MBEDTLS_TLS_EXT_ALPN );
 
     *olen = 7 + strlen( ssl->alpn_chosen );
 
-    buf[2] = MBEDTLS_CHAR_1( *olen - 4 );
-    buf[3] = MBEDTLS_CHAR_0( *olen - 4 );
+    buf[2] = MBEDTLS_BYTE_1( *olen - 4 );
+    buf[3] = MBEDTLS_BYTE_0( *olen - 4 );
 
-    buf[4] = MBEDTLS_CHAR_1( *olen - 6 );
-    buf[5] = MBEDTLS_CHAR_0( *olen - 6 );
+    buf[4] = MBEDTLS_BYTE_1( *olen - 6 );
+    buf[5] = MBEDTLS_BYTE_0( *olen - 6 );
 
-    buf[6] = MBEDTLS_CHAR_0( *olen - 7 );
+    buf[6] = MBEDTLS_BYTE_0( *olen - 7 );
 
     memcpy( buf + 7, ssl->alpn_chosen, *olen - 7 );
 }
@@ -2294,15 +2294,15 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl,
     }
 
     /* extension */
-    buf[0] = MBEDTLS_CHAR_1( MBEDTLS_TLS_EXT_USE_SRTP );
-    buf[1] = MBEDTLS_CHAR_0( MBEDTLS_TLS_EXT_USE_SRTP );
+    buf[0] = MBEDTLS_BYTE_1( MBEDTLS_TLS_EXT_USE_SRTP );
+    buf[1] = MBEDTLS_BYTE_0( MBEDTLS_TLS_EXT_USE_SRTP );
     /*
      * total length 5 and mki value: only one profile(2 bytes)
      *              and length(2 bytes) and srtp_mki  )
      */
     ext_len = 5 + mki_len;
-    buf[2] = MBEDTLS_CHAR_1( ext_len );
-    buf[3] = MBEDTLS_CHAR_0( ext_len );
+    buf[2] = MBEDTLS_BYTE_1( ext_len );
+    buf[3] = MBEDTLS_BYTE_0( ext_len );
 
     /* protection profile length: 2 */
     buf[4] = 0x00;
@@ -2311,8 +2311,8 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl,
                                 ssl->dtls_srtp_info.chosen_dtls_srtp_profile );
     if( profile_value != MBEDTLS_TLS_SRTP_UNSET )
     {
-        buf[6] = MBEDTLS_CHAR_1( profile_value );
-        buf[7] = MBEDTLS_CHAR_0( profile_value );
+        buf[6] = MBEDTLS_BYTE_1( profile_value );
+        buf[7] = MBEDTLS_BYTE_0( profile_value );
     }
     else
     {
@@ -2648,8 +2648,8 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
 
     if( ext_len > 0 )
     {
-        *p++ = MBEDTLS_CHAR_1( ext_len );
-        *p++ = MBEDTLS_CHAR_0( ext_len );
+        *p++ = MBEDTLS_BYTE_1( ext_len );
+        *p++ = MBEDTLS_BYTE_0( ext_len );
         p += ext_len;
     }
 
@@ -3478,8 +3478,8 @@ static int ssl_decrypt_encrypted_pms( mbedtls_ssl_context *ssl,
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
         return( MBEDTLS_ERR_SSL_DECODE_ERROR );
     }
-    if( *p++ != MBEDTLS_CHAR_1( len ) ||
-        *p++ != MBEDTLS_CHAR_0( len ) )
+    if( *p++ != MBEDTLS_BYTE_1( len ) ||
+        *p++ != MBEDTLS_BYTE_0( len ) )
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
         return( MBEDTLS_ERR_SSL_DECODE_ERROR );
@@ -4223,13 +4223,13 @@ static int ssl_write_new_session_ticket( mbedtls_ssl_context *ssl )
         tlen = 0;
     }
 
-    ssl->out_msg[4] = MBEDTLS_CHAR_3( lifetime );
-    ssl->out_msg[5] = MBEDTLS_CHAR_2( lifetime );
-    ssl->out_msg[6] = MBEDTLS_CHAR_1( lifetime );
-    ssl->out_msg[7] = MBEDTLS_CHAR_0( lifetime );
+    ssl->out_msg[4] = MBEDTLS_BYTE_3( lifetime );
+    ssl->out_msg[5] = MBEDTLS_BYTE_2( lifetime );
+    ssl->out_msg[6] = MBEDTLS_BYTE_1( lifetime );
+    ssl->out_msg[7] = MBEDTLS_BYTE_0( lifetime );
 
-    ssl->out_msg[8] = MBEDTLS_CHAR_1( tlen );
-    ssl->out_msg[9] = MBEDTLS_CHAR_0( tlen );
+    ssl->out_msg[8] = MBEDTLS_BYTE_1( tlen );
+    ssl->out_msg[9] = MBEDTLS_BYTE_0( tlen );
 
     ssl->out_msglen = 10 + tlen;
 
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 0655dc57eb..381eb9e03b 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -4582,8 +4582,8 @@ static unsigned char ssl_serialized_session_header[] = {
     MBEDTLS_VERSION_MAJOR,
     MBEDTLS_VERSION_MINOR,
     MBEDTLS_VERSION_PATCH,
-    MBEDTLS_CHAR_1( SSL_SERIALIZED_SESSION_CONFIG_BITFLAG ),
-    MBEDTLS_CHAR_0( SSL_SERIALIZED_SESSION_CONFIG_BITFLAG ),
+    MBEDTLS_BYTE_1( SSL_SERIALIZED_SESSION_CONFIG_BITFLAG ),
+    MBEDTLS_BYTE_0( SSL_SERIALIZED_SESSION_CONFIG_BITFLAG ),
 };
 
 /*
@@ -4664,14 +4664,14 @@ static size_t ssl_session_save_tls12( const mbedtls_ssl_session *session,
     {
         start = (uint64_t) session->start;
 
-        *p++ = MBEDTLS_CHAR_7( start );
-        *p++ = MBEDTLS_CHAR_6( start );
-        *p++ = MBEDTLS_CHAR_5( start );
-        *p++ = MBEDTLS_CHAR_4( start );
-        *p++ = MBEDTLS_CHAR_3( start );
-        *p++ = MBEDTLS_CHAR_2( start );
-        *p++ = MBEDTLS_CHAR_1( start );
-        *p++ = MBEDTLS_CHAR_0( start );
+        *p++ = MBEDTLS_BYTE_7( start );
+        *p++ = MBEDTLS_BYTE_6( start );
+        *p++ = MBEDTLS_BYTE_5( start );
+        *p++ = MBEDTLS_BYTE_4( start );
+        *p++ = MBEDTLS_BYTE_3( start );
+        *p++ = MBEDTLS_BYTE_2( start );
+        *p++ = MBEDTLS_BYTE_1( start );
+        *p++ = MBEDTLS_BYTE_0( start );
     }
 #endif /* MBEDTLS_HAVE_TIME */
 
@@ -4687,22 +4687,22 @@ static size_t ssl_session_save_tls12( const mbedtls_ssl_session *session,
 
     if( used <= buf_len )
     {
-        *p++ = MBEDTLS_CHAR_1( session->ciphersuite );
-        *p++ = MBEDTLS_CHAR_0( session->ciphersuite );
+        *p++ = MBEDTLS_BYTE_1( session->ciphersuite );
+        *p++ = MBEDTLS_BYTE_0( session->ciphersuite );
 
-        *p++ = MBEDTLS_CHAR_0( session->compression );
+        *p++ = MBEDTLS_BYTE_0( session->compression );
 
-        *p++ = MBEDTLS_CHAR_0( session->id_len );
+        *p++ = MBEDTLS_BYTE_0( session->id_len );
         memcpy( p, session->id, 32 );
         p += 32;
 
         memcpy( p, session->master, 48 );
         p += 48;
 
-        *p++ = MBEDTLS_CHAR_3( session->verify_result );
-        *p++ = MBEDTLS_CHAR_2( session->verify_result );
-        *p++ = MBEDTLS_CHAR_1( session->verify_result );
-        *p++ = MBEDTLS_CHAR_0( session->verify_result );
+        *p++ = MBEDTLS_BYTE_3( session->verify_result );
+        *p++ = MBEDTLS_BYTE_2( session->verify_result );
+        *p++ = MBEDTLS_BYTE_1( session->verify_result );
+        *p++ = MBEDTLS_BYTE_0( session->verify_result );
     }
 
     /*
@@ -4719,9 +4719,9 @@ static size_t ssl_session_save_tls12( const mbedtls_ssl_session *session,
 
     if( used <= buf_len )
     {
-        *p++ = MBEDTLS_CHAR_2( cert_len );
-        *p++ = MBEDTLS_CHAR_1( cert_len );
-        *p++ = MBEDTLS_CHAR_0( cert_len );
+        *p++ = MBEDTLS_BYTE_2( cert_len );
+        *p++ = MBEDTLS_BYTE_1( cert_len );
+        *p++ = MBEDTLS_BYTE_0( cert_len );
 
         if( session->peer_cert != NULL )
         {
@@ -4762,9 +4762,9 @@ static size_t ssl_session_save_tls12( const mbedtls_ssl_session *session,
 
     if( used <= buf_len )
     {
-        *p++ = MBEDTLS_CHAR_2( session->ticket_len );
-        *p++ = MBEDTLS_CHAR_1( session->ticket_len );
-        *p++ = MBEDTLS_CHAR_0( session->ticket_len );
+        *p++ = MBEDTLS_BYTE_2( session->ticket_len );
+        *p++ = MBEDTLS_BYTE_1( session->ticket_len );
+        *p++ = MBEDTLS_BYTE_0( session->ticket_len );
 
         if( session->ticket != NULL )
         {
@@ -4772,10 +4772,10 @@ static size_t ssl_session_save_tls12( const mbedtls_ssl_session *session,
             p += session->ticket_len;
         }
 
-        *p++ = MBEDTLS_CHAR_3( session->ticket_lifetime );
-        *p++ = MBEDTLS_CHAR_2( session->ticket_lifetime );
-        *p++ = MBEDTLS_CHAR_1( session->ticket_lifetime );
-        *p++ = MBEDTLS_CHAR_0( session->ticket_lifetime );
+        *p++ = MBEDTLS_BYTE_3( session->ticket_lifetime );
+        *p++ = MBEDTLS_BYTE_2( session->ticket_lifetime );
+        *p++ = MBEDTLS_BYTE_1( session->ticket_lifetime );
+        *p++ = MBEDTLS_BYTE_0( session->ticket_lifetime );
     }
 #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
 
@@ -4793,7 +4793,7 @@ static size_t ssl_session_save_tls12( const mbedtls_ssl_session *session,
     used += 1;
 
     if( used <= buf_len )
-        *p++ = MBEDTLS_CHAR_0( session->encrypt_then_mac );
+        *p++ = MBEDTLS_BYTE_0( session->encrypt_then_mac );
 #endif
 
     return( used );
@@ -5568,11 +5568,11 @@ static unsigned char ssl_serialized_context_header[] = {
     MBEDTLS_VERSION_MAJOR,
     MBEDTLS_VERSION_MINOR,
     MBEDTLS_VERSION_PATCH,
-    MBEDTLS_CHAR_1( SSL_SERIALIZED_SESSION_CONFIG_BITFLAG ),
-    MBEDTLS_CHAR_0( SSL_SERIALIZED_SESSION_CONFIG_BITFLAG ),
-    MBEDTLS_CHAR_2( SSL_SERIALIZED_CONTEXT_CONFIG_BITFLAG ),
-    MBEDTLS_CHAR_1( SSL_SERIALIZED_CONTEXT_CONFIG_BITFLAG ),
-    MBEDTLS_CHAR_0( SSL_SERIALIZED_CONTEXT_CONFIG_BITFLAG ),
+    MBEDTLS_BYTE_1( SSL_SERIALIZED_SESSION_CONFIG_BITFLAG ),
+    MBEDTLS_BYTE_0( SSL_SERIALIZED_SESSION_CONFIG_BITFLAG ),
+    MBEDTLS_BYTE_2( SSL_SERIALIZED_CONTEXT_CONFIG_BITFLAG ),
+    MBEDTLS_BYTE_1( SSL_SERIALIZED_CONTEXT_CONFIG_BITFLAG ),
+    MBEDTLS_BYTE_0( SSL_SERIALIZED_CONTEXT_CONFIG_BITFLAG ),
 };
 
 /*
@@ -5713,10 +5713,10 @@ int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl,
     used += 4 + session_len;
     if( used <= buf_len )
     {
-        *p++ = MBEDTLS_CHAR_3( session_len );
-        *p++ = MBEDTLS_CHAR_2( session_len );
-        *p++ = MBEDTLS_CHAR_1( session_len );
-        *p++ = MBEDTLS_CHAR_0( session_len );
+        *p++ = MBEDTLS_BYTE_3( session_len );
+        *p++ = MBEDTLS_BYTE_2( session_len );
+        *p++ = MBEDTLS_BYTE_1( session_len );
+        *p++ = MBEDTLS_BYTE_0( session_len );
 
         ret = ssl_session_save( ssl->session, 1,
                                 p, session_len, &session_len );
@@ -5757,33 +5757,33 @@ int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl,
     used += 4;
     if( used <= buf_len )
     {
-        *p++ = MBEDTLS_CHAR_3( ssl->badmac_seen );
-        *p++ = MBEDTLS_CHAR_2( ssl->badmac_seen );
-        *p++ = MBEDTLS_CHAR_1( ssl->badmac_seen );
-        *p++ = MBEDTLS_CHAR_0( ssl->badmac_seen );
+        *p++ = MBEDTLS_BYTE_3( ssl->badmac_seen );
+        *p++ = MBEDTLS_BYTE_2( ssl->badmac_seen );
+        *p++ = MBEDTLS_BYTE_1( ssl->badmac_seen );
+        *p++ = MBEDTLS_BYTE_0( ssl->badmac_seen );
     }
 
 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
     used += 16;
     if( used <= buf_len )
     {
-        *p++ = MBEDTLS_CHAR_7( ssl->in_window_top );
-        *p++ = MBEDTLS_CHAR_6( ssl->in_window_top );
-        *p++ = MBEDTLS_CHAR_5( ssl->in_window_top );
-        *p++ = MBEDTLS_CHAR_4( ssl->in_window_top );
-        *p++ = MBEDTLS_CHAR_3( ssl->in_window_top );
-        *p++ = MBEDTLS_CHAR_2( ssl->in_window_top );
-        *p++ = MBEDTLS_CHAR_1( ssl->in_window_top );
-        *p++ = MBEDTLS_CHAR_0( ssl->in_window_top );
+        *p++ = MBEDTLS_BYTE_7( ssl->in_window_top );
+        *p++ = MBEDTLS_BYTE_6( ssl->in_window_top );
+        *p++ = MBEDTLS_BYTE_5( ssl->in_window_top );
+        *p++ = MBEDTLS_BYTE_4( ssl->in_window_top );
+        *p++ = MBEDTLS_BYTE_3( ssl->in_window_top );
+        *p++ = MBEDTLS_BYTE_2( ssl->in_window_top );
+        *p++ = MBEDTLS_BYTE_1( ssl->in_window_top );
+        *p++ = MBEDTLS_BYTE_0( ssl->in_window_top );
 
-        *p++ = MBEDTLS_CHAR_7( ssl->in_window );
-        *p++ = MBEDTLS_CHAR_6( ssl->in_window );
-        *p++ = MBEDTLS_CHAR_5( ssl->in_window );
-        *p++ = MBEDTLS_CHAR_4( ssl->in_window );
-        *p++ = MBEDTLS_CHAR_3( ssl->in_window );
-        *p++ = MBEDTLS_CHAR_2( ssl->in_window );
-        *p++ = MBEDTLS_CHAR_1( ssl->in_window );
-        *p++ = MBEDTLS_CHAR_0( ssl->in_window );
+        *p++ = MBEDTLS_BYTE_7( ssl->in_window );
+        *p++ = MBEDTLS_BYTE_6( ssl->in_window );
+        *p++ = MBEDTLS_BYTE_5( ssl->in_window );
+        *p++ = MBEDTLS_BYTE_4( ssl->in_window );
+        *p++ = MBEDTLS_BYTE_3( ssl->in_window );
+        *p++ = MBEDTLS_BYTE_2( ssl->in_window );
+        *p++ = MBEDTLS_BYTE_1( ssl->in_window );
+        *p++ = MBEDTLS_BYTE_0( ssl->in_window );
     }
 #endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */
 
@@ -5806,8 +5806,8 @@ int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl,
     used += 2;
     if( used <= buf_len )
     {
-        *p++ = MBEDTLS_CHAR_1( ssl->mtu );
-        *p++ = MBEDTLS_CHAR_0( ssl->mtu );
+        *p++ = MBEDTLS_BYTE_1( ssl->mtu );
+        *p++ = MBEDTLS_BYTE_0( ssl->mtu );
     }
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 
diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index 9e629cb0b3..7aec21dffe 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -113,17 +113,17 @@ static void ssl_tls1_3_hkdf_encode_label(
 #endif
 
     *p++ = 0;
-    *p++ = MBEDTLS_CHAR_0( desired_length );
+    *p++ = MBEDTLS_BYTE_0( desired_length );
 
     /* Add label incl. prefix */
-    *p++ = MBEDTLS_CHAR_0( total_label_len );
+    *p++ = MBEDTLS_BYTE_0( total_label_len );
     memcpy( p, tls1_3_label_prefix, sizeof(tls1_3_label_prefix) );
     p += sizeof(tls1_3_label_prefix);
     memcpy( p, label, llen );
     p += llen;
 
     /* Add context value */
-    *p++ = MBEDTLS_CHAR_0( clen );
+    *p++ = MBEDTLS_BYTE_0( clen );
     if( clen != 0 )
         memcpy( p, ctx, clen );
 

From 99edd6c8105740b58ad3261da7ed47c42658b36e Mon Sep 17 00:00:00 2001
From: Joe Subbiani <joe.subbiani@arm.com>
Date: Fri, 16 Jul 2021 12:29:49 +0100
Subject: [PATCH 321/966] Add UINT64 GET and PUT macros

Copy over the GET/PUT_UINT64_LE/BE macros from aes.c and sha512.c
Add the MBEDTLS_ prefix to all 4 macros.
Modify the GET_UINT64 macros to no longer take a target variable
as a parameter, so when the macro function is called it must be
assigned to a variable in the same statement.

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
---
 library/aes.c    | 37 +++-----------------
 library/common.h | 91 ++++++++++++++++++++++++++++++++++++++++++++++++
 library/sha512.c | 39 +++------------------
 3 files changed, 99 insertions(+), 68 deletions(-)

diff --git a/library/aes.c b/library/aes.c
index 1eb3e204d8..8e3358c494 100644
--- a/library/aes.c
+++ b/library/aes.c
@@ -1074,35 +1074,6 @@ int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx,
 
 #if defined(MBEDTLS_CIPHER_MODE_XTS)
 
-/* Endianess with 64 bits values */
-#ifndef GET_UINT64_LE
-#define GET_UINT64_LE(n,b,i)                            \
-{                                                       \
-    (n) = ( (uint64_t) (b)[(i) + 7] << 56 )             \
-        | ( (uint64_t) (b)[(i) + 6] << 48 )             \
-        | ( (uint64_t) (b)[(i) + 5] << 40 )             \
-        | ( (uint64_t) (b)[(i) + 4] << 32 )             \
-        | ( (uint64_t) (b)[(i) + 3] << 24 )             \
-        | ( (uint64_t) (b)[(i) + 2] << 16 )             \
-        | ( (uint64_t) (b)[(i) + 1] <<  8 )             \
-        | ( (uint64_t) (b)[(i)    ]       );            \
-}
-#endif
-
-#ifndef PUT_UINT64_LE
-#define PUT_UINT64_LE(n,b,i)                            \
-{                                                       \
-    (b)[(i) + 7] = (unsigned char) ( (n) >> 56 );       \
-    (b)[(i) + 6] = (unsigned char) ( (n) >> 48 );       \
-    (b)[(i) + 5] = (unsigned char) ( (n) >> 40 );       \
-    (b)[(i) + 4] = (unsigned char) ( (n) >> 32 );       \
-    (b)[(i) + 3] = (unsigned char) ( (n) >> 24 );       \
-    (b)[(i) + 2] = (unsigned char) ( (n) >> 16 );       \
-    (b)[(i) + 1] = (unsigned char) ( (n) >>  8 );       \
-    (b)[(i)    ] = (unsigned char) ( (n)       );       \
-}
-#endif
-
 typedef unsigned char mbedtls_be128[16];
 
 /*
@@ -1118,14 +1089,14 @@ static void mbedtls_gf128mul_x_ble( unsigned char r[16],
 {
     uint64_t a, b, ra, rb;
 
-    GET_UINT64_LE( a, x, 0 );
-    GET_UINT64_LE( b, x, 8 );
+    a = MBEDTLS_GET_UINT64_LE( x, 0 );
+    b = MBEDTLS_GET_UINT64_LE( x, 8 );
 
     ra = ( a << 1 )  ^ 0x0087 >> ( 8 - ( ( b >> 63 ) << 3 ) );
     rb = ( a >> 63 ) | ( b << 1 );
 
-    PUT_UINT64_LE( ra, r, 0 );
-    PUT_UINT64_LE( rb, r, 8 );
+    MBEDTLS_PUT_UINT64_LE( ra, r, 0 );
+    MBEDTLS_PUT_UINT64_LE( rb, r, 8 );
 }
 
 /*
diff --git a/library/common.h b/library/common.h
index e0f8b99baa..ce2f04007e 100644
--- a/library/common.h
+++ b/library/common.h
@@ -193,5 +193,96 @@ extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const c
 }
 #endif
 
+/**
+ * Get the unsigned 64 bits integer corresponding to eight bytes in
+ * big-endian order (MSB first).
+ *
+ * \param   data    Base address of the memory to get the eight bytes from.
+ * \param   offset  Offset from \p base of the first and most significant
+ *                  byte of the eight bytes to build the 64 bits unsigned
+ *                  integer from.
+ */
+#ifndef MBEDTLS_GET_UINT64_BE
+#define MBEDTLS_GET_UINT64_BE( data, offset )                 \
+    (                                                         \
+          ( (uint64_t) ( data )[( offset )    ] << 56 )       \
+        | ( (uint64_t) ( data )[( offset ) + 1] << 48 )       \
+        | ( (uint64_t) ( data )[( offset ) + 2] << 40 )       \
+        | ( (uint64_t) ( data )[( offset ) + 3] << 32 )       \
+        | ( (uint64_t) ( data )[( offset ) + 4] << 24 )       \
+        | ( (uint64_t) ( data )[( offset ) + 5] << 16 )       \
+        | ( (uint64_t) ( data )[( offset ) + 6] <<  8 )       \
+        | ( (uint64_t) ( data )[( offset ) + 7]       )       \
+    )
+#endif
+
+/**
+ * Put in memory a 64 bits unsigned integer in big-endian order.
+ *
+ * \param   n       64 bits unsigned integer to put in memory.
+ * \param   data    Base address of the memory where to put the 64
+ *                  bits unsigned integer in.
+ * \param   offset  Offset from \p base where to put the most significant
+ *                  byte of the 64 bits unsigned integer \p n.
+ */
+#ifndef MBEDTLS_PUT_UINT64_BE
+#define MBEDTLS_PUT_UINT64_BE( n, data, offset )                    \
+{                                                                   \
+    ( data )[( offset )    ] = (unsigned char) ( (n) >> 56 );       \
+    ( data )[( offset ) + 1] = (unsigned char) ( (n) >> 48 );       \
+    ( data )[( offset ) + 2] = (unsigned char) ( (n) >> 40 );       \
+    ( data )[( offset ) + 3] = (unsigned char) ( (n) >> 32 );       \
+    ( data )[( offset ) + 4] = (unsigned char) ( (n) >> 24 );       \
+    ( data )[( offset ) + 5] = (unsigned char) ( (n) >> 16 );       \
+    ( data )[( offset ) + 6] = (unsigned char) ( (n) >>  8 );       \
+    ( data )[( offset ) + 7] = (unsigned char) ( (n)       );       \
+}
+#endif
+
+/**
+ * Get the unsigned 64 bits integer corresponding to eight bytes in
+ * little-endian order (LSB first).
+ *
+ * \param   data    Base address of the memory to get the eight bytes from.
+ * \param   offset  Offset from \p base of the first and least significant
+ *                  byte of the eight bytes to build the 64 bits unsigned
+ *                  integer from.
+ */
+#ifndef MBEDTLS_GET_UINT64_LE
+#define MBEDTLS_GET_UINT64_LE( data, offset )               \
+    (                                                       \
+          ( (uint64_t) ( data )[( offset ) + 7] << 56 )     \
+        | ( (uint64_t) ( data )[( offset ) + 6] << 48 )     \
+        | ( (uint64_t) ( data )[( offset ) + 5] << 40 )     \
+        | ( (uint64_t) ( data )[( offset ) + 4] << 32 )     \
+        | ( (uint64_t) ( data )[( offset ) + 3] << 24 )     \
+        | ( (uint64_t) ( data )[( offset ) + 2] << 16 )     \
+        | ( (uint64_t) ( data )[( offset ) + 1] <<  8 )     \
+        | ( (uint64_t) ( data )[( offset )    ]       )     \
+    )
+#endif
+
+/**
+ * Put in memory a 64 bits unsigned integer in little-endian order.
+ *
+ * \param   n       64 bits unsigned integer to put in memory.
+ * \param   data    Base address of the memory where to put the 64
+ *                  bits unsigned integer in.
+ * \param   offset  Offset from \p base where to put the least significant
+ *                  byte of the 64 bits unsigned integer \p n.
+ */
+#ifndef MBEDTLS_PUT_UINT64_LE
+#define MBEDTLS_PUT_UINT64_LE( n, data, offset )                    \
+{                                                                   \
+    ( data )[( offset ) + 7] = (unsigned char) ( (n) >> 56 );       \
+    ( data )[( offset ) + 6] = (unsigned char) ( (n) >> 48 );       \
+    ( data )[( offset ) + 5] = (unsigned char) ( (n) >> 40 );       \
+    ( data )[( offset ) + 4] = (unsigned char) ( (n) >> 32 );       \
+    ( data )[( offset ) + 3] = (unsigned char) ( (n) >> 24 );       \
+    ( data )[( offset ) + 2] = (unsigned char) ( (n) >> 16 );       \
+    ( data )[( offset ) + 1] = (unsigned char) ( (n) >>  8 );       \
+    ( data )[( offset )    ] = (unsigned char) ( (n)       );       \
+}
+#endif
 
 #endif /* MBEDTLS_LIBRARY_COMMON_H */
diff --git a/library/sha512.c b/library/sha512.c
index 6511c6e36a..2b4cc547e4 100644
--- a/library/sha512.c
+++ b/library/sha512.c
@@ -56,44 +56,13 @@
 
 #if !defined(MBEDTLS_SHA512_ALT)
 
-/*
- * 64-bit integer manipulation macros (big endian)
- */
-#ifndef GET_UINT64_BE
-#define GET_UINT64_BE(n,b,i)                            \
-{                                                       \
-    (n) = ( (uint64_t) (b)[(i)    ] << 56 )       \
-        | ( (uint64_t) (b)[(i) + 1] << 48 )       \
-        | ( (uint64_t) (b)[(i) + 2] << 40 )       \
-        | ( (uint64_t) (b)[(i) + 3] << 32 )       \
-        | ( (uint64_t) (b)[(i) + 4] << 24 )       \
-        | ( (uint64_t) (b)[(i) + 5] << 16 )       \
-        | ( (uint64_t) (b)[(i) + 6] <<  8 )       \
-        | ( (uint64_t) (b)[(i) + 7]       );      \
-}
-#endif /* GET_UINT64_BE */
-
-#ifndef PUT_UINT64_BE
-#define PUT_UINT64_BE(n,b,i)                            \
-{                                                       \
-    (b)[(i)    ] = (unsigned char) ( (n) >> 56 );       \
-    (b)[(i) + 1] = (unsigned char) ( (n) >> 48 );       \
-    (b)[(i) + 2] = (unsigned char) ( (n) >> 40 );       \
-    (b)[(i) + 3] = (unsigned char) ( (n) >> 32 );       \
-    (b)[(i) + 4] = (unsigned char) ( (n) >> 24 );       \
-    (b)[(i) + 5] = (unsigned char) ( (n) >> 16 );       \
-    (b)[(i) + 6] = (unsigned char) ( (n) >>  8 );       \
-    (b)[(i) + 7] = (unsigned char) ( (n)       );       \
-}
-#endif /* PUT_UINT64_BE */
-
 #if defined(MBEDTLS_SHA512_SMALLER)
 static void sha512_put_uint64_be( uint64_t n, unsigned char *b, uint8_t i )
 {
-    PUT_UINT64_BE(n, b, i);
+    MBEDTLS_PUT_UINT64_BE(n, b, i);
 }
 #else
-#define sha512_put_uint64_be    PUT_UINT64_BE
+#define sha512_put_uint64_be    MBEDTLS_PUT_UINT64_BE
 #endif /* MBEDTLS_SHA512_SMALLER */
 
 void mbedtls_sha512_init( mbedtls_sha512_context *ctx )
@@ -261,7 +230,7 @@ int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx,
     {
         if( i < 16 )
         {
-            GET_UINT64_BE( local.W[i], data, i << 3 );
+            local.W[i] = MBEDTLS_GET_UINT64_BE( data, i << 3 );
         }
         else
         {
@@ -281,7 +250,7 @@ int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx,
 #else /* MBEDTLS_SHA512_SMALLER */
     for( i = 0; i < 16; i++ )
     {
-        GET_UINT64_BE( local.W[i], data, i << 3 );
+        local.W[i] = MBEDTLS_GET_UINT64_BE( data, i << 3 );
     }
 
     for( ; i < 80; i++ )

From fbeb692dd09efbb5d81304637e490ad1a2208ce5 Mon Sep 17 00:00:00 2001
From: Joe Subbiani <joe.subbiani@arm.com>
Date: Fri, 16 Jul 2021 14:27:50 +0100
Subject: [PATCH 322/966] Use byte reading macros in places not using a byte
 mask

byte shifting opertations throughout library/ were only replaced with
the byte reading macros when an 0xff mask was being used.
The byte reading macros are now more widley used, however they have not
been used in all cases of a byte shift operation, as it detracted from
the immediate readability or otherwise did not seem appropriate.

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
---
 library/base64.c        |  6 +++---
 library/chacha20.c      |  8 ++++----
 library/chachapoly.c    | 32 ++++++++++++++++----------------
 library/dhm.c           |  4 ++--
 library/ecp.c           |  4 ++--
 library/pkcs12.c        |  8 ++++----
 library/poly1305.c      | 36 ++++++++++++++++++------------------
 library/ssl_cli.c       | 40 ++++++++++++++++++++--------------------
 library/ssl_cookie.c    |  8 ++++----
 library/ssl_msg.c       | 28 ++++++++++++++--------------
 library/ssl_srv.c       | 30 +++++++++++++++---------------
 library/ssl_tls.c       | 28 ++++++++++++++--------------
 library/x509write_crt.c |  4 ++--
 13 files changed, 118 insertions(+), 118 deletions(-)

diff --git a/library/base64.c b/library/base64.c
index 1a05226efa..9cf5dd41d4 100644
--- a/library/base64.c
+++ b/library/base64.c
@@ -319,9 +319,9 @@ int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen,
         if( ++n == 4 )
         {
             n = 0;
-            if( j > 0 ) *p++ = (unsigned char)( x >> 16 );
-            if( j > 1 ) *p++ = (unsigned char)( x >>  8 );
-            if( j > 2 ) *p++ = (unsigned char)( x       );
+            if( j > 0 ) *p++ = MBEDTLS_BYTE_2( x );
+            if( j > 1 ) *p++ = MBEDTLS_BYTE_1( x );
+            if( j > 2 ) *p++ = MBEDTLS_BYTE_0( x );
         }
     }
 
diff --git a/library/chacha20.c b/library/chacha20.c
index 7015f99d59..0e057f0e3c 100644
--- a/library/chacha20.c
+++ b/library/chacha20.c
@@ -164,10 +164,10 @@ static void chacha20_block( const uint32_t initial_state[16],
     {
         size_t offset = i * 4U;
 
-        keystream[offset     ] = (unsigned char)( working_state[i]       );
-        keystream[offset + 1U] = (unsigned char)( working_state[i] >>  8 );
-        keystream[offset + 2U] = (unsigned char)( working_state[i] >> 16 );
-        keystream[offset + 3U] = (unsigned char)( working_state[i] >> 24 );
+        keystream[offset     ] = MBEDTLS_BYTE_0( working_state[i] );
+        keystream[offset + 1U] = MBEDTLS_BYTE_1( working_state[i] );
+        keystream[offset + 2U] = MBEDTLS_BYTE_2( working_state[i] );
+        keystream[offset + 3U] = MBEDTLS_BYTE_3( working_state[i] );
     }
 
     mbedtls_platform_zeroize( working_state, sizeof( working_state ) );
diff --git a/library/chachapoly.c b/library/chachapoly.c
index 77d547731c..696d97bf01 100644
--- a/library/chachapoly.c
+++ b/library/chachapoly.c
@@ -263,22 +263,22 @@ int mbedtls_chachapoly_finish( mbedtls_chachapoly_context *ctx,
     /* The lengths of the AAD and ciphertext are processed by
      * Poly1305 as the final 128-bit block, encoded as little-endian integers.
      */
-    len_block[ 0] = (unsigned char)( ctx->aad_len       );
-    len_block[ 1] = (unsigned char)( ctx->aad_len >>  8 );
-    len_block[ 2] = (unsigned char)( ctx->aad_len >> 16 );
-    len_block[ 3] = (unsigned char)( ctx->aad_len >> 24 );
-    len_block[ 4] = (unsigned char)( ctx->aad_len >> 32 );
-    len_block[ 5] = (unsigned char)( ctx->aad_len >> 40 );
-    len_block[ 6] = (unsigned char)( ctx->aad_len >> 48 );
-    len_block[ 7] = (unsigned char)( ctx->aad_len >> 56 );
-    len_block[ 8] = (unsigned char)( ctx->ciphertext_len       );
-    len_block[ 9] = (unsigned char)( ctx->ciphertext_len >>  8 );
-    len_block[10] = (unsigned char)( ctx->ciphertext_len >> 16 );
-    len_block[11] = (unsigned char)( ctx->ciphertext_len >> 24 );
-    len_block[12] = (unsigned char)( ctx->ciphertext_len >> 32 );
-    len_block[13] = (unsigned char)( ctx->ciphertext_len >> 40 );
-    len_block[14] = (unsigned char)( ctx->ciphertext_len >> 48 );
-    len_block[15] = (unsigned char)( ctx->ciphertext_len >> 56 );
+    len_block[ 0] = MBEDTLS_BYTE_0( ctx->aad_len );
+    len_block[ 1] = MBEDTLS_BYTE_1( ctx->aad_len );
+    len_block[ 2] = MBEDTLS_BYTE_2( ctx->aad_len );
+    len_block[ 3] = MBEDTLS_BYTE_3( ctx->aad_len );
+    len_block[ 4] = MBEDTLS_BYTE_4( ctx->aad_len );
+    len_block[ 5] = MBEDTLS_BYTE_5( ctx->aad_len );
+    len_block[ 6] = MBEDTLS_BYTE_6( ctx->aad_len );
+    len_block[ 7] = MBEDTLS_BYTE_7( ctx->aad_len );
+    len_block[ 8] = MBEDTLS_BYTE_0( ctx->ciphertext_len );
+    len_block[ 9] = MBEDTLS_BYTE_1( ctx->ciphertext_len );
+    len_block[10] = MBEDTLS_BYTE_2( ctx->ciphertext_len );
+    len_block[11] = MBEDTLS_BYTE_3( ctx->ciphertext_len );
+    len_block[12] = MBEDTLS_BYTE_4( ctx->ciphertext_len );
+    len_block[13] = MBEDTLS_BYTE_5( ctx->ciphertext_len );
+    len_block[14] = MBEDTLS_BYTE_6( ctx->ciphertext_len );
+    len_block[15] = MBEDTLS_BYTE_7( ctx->ciphertext_len );
 
     ret = mbedtls_poly1305_update( &ctx->poly1305_ctx, len_block, 16U );
     if( ret != 0 )
diff --git a/library/dhm.c b/library/dhm.c
index 29ce75598c..2ce0ed4fde 100644
--- a/library/dhm.c
+++ b/library/dhm.c
@@ -270,8 +270,8 @@ int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size,
         MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( ( X ),               \
                                                    p + 2,               \
                                                    ( n ) ) );           \
-        *p++ = (unsigned char)( ( n ) >> 8 );                           \
-        *p++ = (unsigned char)( ( n )      );                           \
+        *p++ = MBEDTLS_BYTE_1( n );                                     \
+        *p++ = MBEDTLS_BYTE_0( n );                                     \
         p += ( n );                                                     \
     } while( 0 )
 
diff --git a/library/ecp.c b/library/ecp.c
index b608ff1bd7..fdfc960069 100644
--- a/library/ecp.c
+++ b/library/ecp.c
@@ -1012,8 +1012,8 @@ int mbedtls_ecp_tls_write_group( const mbedtls_ecp_group *grp, size_t *olen,
     /*
      * Next two bytes are the namedcurve value
      */
-    buf[0] = curve_info->tls_id >> 8;
-    buf[1] = curve_info->tls_id & 0xFF;
+    buf[0] = MBEDTLS_BYTE_1( curve_info->tls_id );
+    buf[1] = MBEDTLS_BYTE_0( curve_info->tls_id );
 
     return( 0 );
 }
diff --git a/library/pkcs12.c b/library/pkcs12.c
index 04b1a6dab3..8f64bc6395 100644
--- a/library/pkcs12.c
+++ b/library/pkcs12.c
@@ -285,8 +285,8 @@ int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen,
         for( i = v; i > 0; i-- )
         {
             j = salt_block[i - 1] + hash_block[i - 1] + c;
-            c = (unsigned char) (j >> 8);
-            salt_block[i - 1] = j & 0xFF;
+            c = MBEDTLS_BYTE_1( j );
+            salt_block[i - 1] = MBEDTLS_BYTE_0( j );
         }
 
         // pwd_block  += B
@@ -294,8 +294,8 @@ int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen,
         for( i = v; i > 0; i-- )
         {
             j = pwd_block[i - 1] + hash_block[i - 1] + c;
-            c = (unsigned char) (j >> 8);
-            pwd_block[i - 1] = j & 0xFF;
+            c = MBEDTLS_BYTE_1( j );
+            pwd_block[i - 1] = MBEDTLS_BYTE_0( j );
         }
     }
 
diff --git a/library/poly1305.c b/library/poly1305.c
index f19574253c..333aade94a 100644
--- a/library/poly1305.c
+++ b/library/poly1305.c
@@ -62,8 +62,8 @@ static uint64_t mul64( uint32_t a, uint32_t b )
     /* a = al + 2**16 ah, b = bl + 2**16 bh */
     const uint16_t al = (uint16_t) a;
     const uint16_t bl = (uint16_t) b;
-    const uint16_t ah = a >> 16;
-    const uint16_t bh = b >> 16;
+    const uint16_t ah = MBEDTLS_BYTE_2( a );
+    const uint16_t bh = MBEDTLS_BYTE_2( b );
 
     /* ab = al*bl + 2**16 (ah*bl + bl*bh) + 2**32 ah*bh */
     const uint32_t lo = (uint32_t) al * bl;
@@ -250,22 +250,22 @@ static void poly1305_compute_mac( const mbedtls_poly1305_context *ctx,
     acc3 += ctx->s[3] + (uint32_t) ( d >> 32U );
 
     /* Compute MAC (128 least significant bits of the accumulator) */
-    mac[ 0] = (unsigned char)( acc0       );
-    mac[ 1] = (unsigned char)( acc0 >>  8 );
-    mac[ 2] = (unsigned char)( acc0 >> 16 );
-    mac[ 3] = (unsigned char)( acc0 >> 24 );
-    mac[ 4] = (unsigned char)( acc1       );
-    mac[ 5] = (unsigned char)( acc1 >>  8 );
-    mac[ 6] = (unsigned char)( acc1 >> 16 );
-    mac[ 7] = (unsigned char)( acc1 >> 24 );
-    mac[ 8] = (unsigned char)( acc2       );
-    mac[ 9] = (unsigned char)( acc2 >>  8 );
-    mac[10] = (unsigned char)( acc2 >> 16 );
-    mac[11] = (unsigned char)( acc2 >> 24 );
-    mac[12] = (unsigned char)( acc3       );
-    mac[13] = (unsigned char)( acc3 >>  8 );
-    mac[14] = (unsigned char)( acc3 >> 16 );
-    mac[15] = (unsigned char)( acc3 >> 24 );
+    mac[ 0] = MBEDTLS_BYTE_0( acc0 );
+    mac[ 1] = MBEDTLS_BYTE_1( acc0 );
+    mac[ 2] = MBEDTLS_BYTE_2( acc0 );
+    mac[ 3] = MBEDTLS_BYTE_3( acc0 );
+    mac[ 4] = MBEDTLS_BYTE_0( acc1 );
+    mac[ 5] = MBEDTLS_BYTE_1( acc1 );
+    mac[ 6] = MBEDTLS_BYTE_2( acc1 );
+    mac[ 7] = MBEDTLS_BYTE_3( acc1 );
+    mac[ 8] = MBEDTLS_BYTE_0( acc2 );
+    mac[ 9] = MBEDTLS_BYTE_1( acc2 );
+    mac[10] = MBEDTLS_BYTE_2( acc2 );
+    mac[11] = MBEDTLS_BYTE_3( acc2 );
+    mac[12] = MBEDTLS_BYTE_0( acc3 );
+    mac[13] = MBEDTLS_BYTE_1( acc3 );
+    mac[14] = MBEDTLS_BYTE_2( acc3 );
+    mac[15] = MBEDTLS_BYTE_3( acc3 );
 }
 
 void mbedtls_poly1305_init( mbedtls_poly1305_context *ctx )
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 9e0db96c48..729784a6eb 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -352,8 +352,8 @@ static int ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl,
          grp_id++ )
     {
         info = mbedtls_ecp_curve_info_from_grp_id( *grp_id );
-        elliptic_curve_list[elliptic_curve_len++] = info->tls_id >> 8;
-        elliptic_curve_list[elliptic_curve_len++] = info->tls_id & 0xFF;
+        elliptic_curve_list[elliptic_curve_len++] = MBEDTLS_BYTE_1( info->tls_id );
+        elliptic_curve_list[elliptic_curve_len++] = MBEDTLS_BYTE_0( info->tls_id );
     }
 
     *p++ = MBEDTLS_BYTE_1( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES );
@@ -857,10 +857,10 @@ static int ssl_generate_random( mbedtls_ssl_context *ssl )
 
 #if defined(MBEDTLS_HAVE_TIME)
     t = mbedtls_time( NULL );
-    *p++ = (unsigned char)( t >> 24 );
-    *p++ = (unsigned char)( t >> 16 );
-    *p++ = (unsigned char)( t >>  8 );
-    *p++ = (unsigned char)( t       );
+    *p++ = MBEDTLS_BYTE_3( t );
+    *p++ = MBEDTLS_BYTE_2( t );
+    *p++ = MBEDTLS_BYTE_1( t );
+    *p++ = MBEDTLS_BYTE_0( t );
 
     MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, current time: %" MBEDTLS_PRINTF_LONGLONG,
                                 (long long) t ) );
@@ -1143,8 +1143,8 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
         MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
 
         n++;
-        *p++ = (unsigned char)( ciphersuites[i] >> 8 );
-        *p++ = (unsigned char)( ciphersuites[i]      );
+        *p++ = MBEDTLS_BYTE_1( ciphersuites[i] );
+        *p++ = MBEDTLS_BYTE_0( ciphersuites[i] );
     }
 
     MBEDTLS_SSL_DEBUG_MSG( 3,
@@ -1159,8 +1159,8 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
     {
         MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding EMPTY_RENEGOTIATION_INFO_SCSV" ) );
         MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
-        *p++ = (unsigned char)( MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO >> 8 );
-        *p++ = (unsigned char)( MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO      );
+        *p++ = MBEDTLS_BYTE_1( MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO );
+        *p++ = MBEDTLS_BYTE_0( MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO );
         n++;
     }
 
@@ -2745,8 +2745,8 @@ static int ssl_write_encrypted_pms( mbedtls_ssl_context *ssl,
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
     if( len_bytes == 2 )
     {
-        ssl->out_msg[offset+0] = (unsigned char)( *olen >> 8 );
-        ssl->out_msg[offset+1] = (unsigned char)( *olen      );
+        ssl->out_msg[offset+0] = MBEDTLS_BYTE_1( *olen );
+        ssl->out_msg[offset+1] = MBEDTLS_BYTE_0( *olen );
         *olen += 2;
     }
 #endif
@@ -3503,8 +3503,8 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
          */
         content_len = mbedtls_dhm_get_len( &ssl->handshake->dhm_ctx );
 
-        ssl->out_msg[4] = (unsigned char)( content_len >> 8 );
-        ssl->out_msg[5] = (unsigned char)( content_len      );
+        ssl->out_msg[4] = MBEDTLS_BYTE_1( content_len );
+        ssl->out_msg[5] = MBEDTLS_BYTE_0( content_len );
         header_len = 6;
 
         ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx,
@@ -3719,8 +3719,8 @@ ecdh_calc_secret:
             return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
         }
 
-        ssl->out_msg[header_len++] = (unsigned char)( content_len >> 8 );
-        ssl->out_msg[header_len++] = (unsigned char)( content_len      );
+        ssl->out_msg[header_len++] = MBEDTLS_BYTE_1( content_len );
+        ssl->out_msg[header_len++] = MBEDTLS_BYTE_0( content_len );
 
         memcpy( ssl->out_msg + header_len,
                 ssl->conf->psk_identity,
@@ -3771,8 +3771,8 @@ ecdh_calc_secret:
                 return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
             }
 
-            ssl->out_msg[header_len++] = (unsigned char)( content_len >> 8 );
-            ssl->out_msg[header_len++] = (unsigned char)( content_len      );
+            ssl->out_msg[header_len++] = MBEDTLS_BYTE_1( content_len );
+            ssl->out_msg[header_len++] = MBEDTLS_BYTE_0( content_len );
 
             ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx,
                     (int) mbedtls_dhm_get_len( &ssl->handshake->dhm_ctx ),
@@ -4054,8 +4054,8 @@ sign:
         return( ret );
     }
 
-    ssl->out_msg[4 + offset] = (unsigned char)( n >> 8 );
-    ssl->out_msg[5 + offset] = (unsigned char)( n      );
+    ssl->out_msg[4 + offset] = MBEDTLS_BYTE_1( n );
+    ssl->out_msg[5 + offset] = MBEDTLS_BYTE_0( n );
 
     ssl->out_msglen  = 6 + n + offset;
     ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c
index 40b8913b8b..4f1c07bde6 100644
--- a/library/ssl_cookie.c
+++ b/library/ssl_cookie.c
@@ -165,10 +165,10 @@ int mbedtls_ssl_cookie_write( void *p_ctx,
     t = ctx->serial++;
 #endif
 
-    (*p)[0] = (unsigned char)( t >> 24 );
-    (*p)[1] = (unsigned char)( t >> 16 );
-    (*p)[2] = (unsigned char)( t >>  8 );
-    (*p)[3] = (unsigned char)( t       );
+    (*p)[0] = MBEDTLS_BYTE_3( t );
+    (*p)[1] = MBEDTLS_BYTE_2( t );
+    (*p)[2] = MBEDTLS_BYTE_1( t );
+    (*p)[3] = MBEDTLS_BYTE_0( t );
     *p += 4;
 
 #if defined(MBEDTLS_THREADING_C)
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 989c59874f..304e7f22b7 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -2451,9 +2451,9 @@ int mbedtls_ssl_write_handshake_msg_ext( mbedtls_ssl_context *ssl,
      */
     if( ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE )
     {
-        ssl->out_msg[1] = (unsigned char)( hs_len >> 16 );
-        ssl->out_msg[2] = (unsigned char)( hs_len >>  8 );
-        ssl->out_msg[3] = (unsigned char)( hs_len       );
+        ssl->out_msg[1] = MBEDTLS_BYTE_2( hs_len );
+        ssl->out_msg[2] = MBEDTLS_BYTE_1( hs_len );
+        ssl->out_msg[3] = MBEDTLS_BYTE_0( hs_len );
 
         /*
          * DTLS has additional fields in the Handshake layer,
@@ -2566,8 +2566,8 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush )
                            ssl->conf->transport, ssl->out_hdr + 1 );
 
         memcpy( ssl->out_ctr, ssl->cur_out_ctr, 8 );
-        ssl->out_len[0] = (unsigned char)( len >> 8 );
-        ssl->out_len[1] = (unsigned char)( len      );
+        ssl->out_len[0] = MBEDTLS_BYTE_1( len );
+        ssl->out_len[1] = MBEDTLS_BYTE_0( len );
 
         if( ssl->transform_out != NULL )
         {
@@ -2607,8 +2607,8 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush )
             memcpy( ssl->out_cid, rec.cid, rec.cid_len );
 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
             ssl->out_msglen = len = rec.data_len;
-            ssl->out_len[0] = (unsigned char)( rec.data_len >> 8 );
-            ssl->out_len[1] = (unsigned char)( rec.data_len      );
+            ssl->out_len[0] = MBEDTLS_BYTE_1( rec.data_len );
+            ssl->out_len[1] = MBEDTLS_BYTE_0( rec.data_len );
         }
 
         protected_record_size = len + mbedtls_ssl_out_hdr_len( ssl );
@@ -3180,12 +3180,12 @@ static int ssl_check_dtls_clihlo_cookie(
     /* Go back and fill length fields */
     obuf[27] = (unsigned char)( *olen - 28 );
 
-    obuf[14] = obuf[22] = (unsigned char)( ( *olen - 25 ) >> 16 );
-    obuf[15] = obuf[23] = (unsigned char)( ( *olen - 25 ) >>  8 );
-    obuf[16] = obuf[24] = (unsigned char)( ( *olen - 25 )       );
+    obuf[14] = obuf[22] = MBEDTLS_BYTE_2( *olen - 25 );
+    obuf[15] = obuf[23] = MBEDTLS_BYTE_1( *olen - 25 );
+    obuf[16] = obuf[24] = MBEDTLS_BYTE_0( *olen - 25 );
 
-    obuf[11] = (unsigned char)( ( *olen - 13 ) >>  8 );
-    obuf[12] = (unsigned char)( ( *olen - 13 )       );
+    obuf[11] = MBEDTLS_BYTE_1( *olen - 13 );
+    obuf[12] = MBEDTLS_BYTE_0( *olen - 13 );
 
     return( MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED );
 }
@@ -4565,8 +4565,8 @@ static int ssl_get_next_record( mbedtls_ssl_context *ssl )
     ssl->in_hdr[0] = rec.type;
     ssl->in_msg    = rec.buf + rec.data_offset;
     ssl->in_msglen = rec.data_len;
-    ssl->in_len[0] = (unsigned char)( rec.data_len >> 8 );
-    ssl->in_len[1] = (unsigned char)( rec.data_len      );
+    ssl->in_len[0] = MBEDTLS_BYTE_1( rec.data_len );
+    ssl->in_len[1] = MBEDTLS_BYTE_0( rec.data_len );
 
     return( 0 );
 }
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 96b08ab8f6..232846ff08 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -2494,10 +2494,10 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
 
 #if defined(MBEDTLS_HAVE_TIME)
     t = mbedtls_time( NULL );
-    *p++ = (unsigned char)( t >> 24 );
-    *p++ = (unsigned char)( t >> 16 );
-    *p++ = (unsigned char)( t >>  8 );
-    *p++ = (unsigned char)( t       );
+    *p++ = MBEDTLS_BYTE_3( t );
+    *p++ = MBEDTLS_BYTE_2( t );
+    *p++ = MBEDTLS_BYTE_1( t );
+    *p++ = MBEDTLS_BYTE_0( t );
 
     MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %" MBEDTLS_PRINTF_LONGLONG,
                                 (long long) t ) );
@@ -2578,9 +2578,9 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
     MBEDTLS_SSL_DEBUG_MSG( 3, ( "%s session has been resumed",
                    ssl->handshake->resume ? "a" : "no" ) );
 
-    *p++ = (unsigned char)( ssl->session_negotiate->ciphersuite >> 8 );
-    *p++ = (unsigned char)( ssl->session_negotiate->ciphersuite      );
-    *p++ = (unsigned char)( ssl->session_negotiate->compression      );
+    *p++ = MBEDTLS_BYTE_1( ssl->session_negotiate->ciphersuite );
+    *p++ = MBEDTLS_BYTE_0( ssl->session_negotiate->ciphersuite );
+    *p++ = MBEDTLS_BYTE_0( ssl->session_negotiate->compression );
 
     MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %s",
            mbedtls_ssl_get_ciphersuite_name( ssl->session_negotiate->ciphersuite ) ) );
@@ -2785,8 +2785,8 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
 #endif
         }
 
-        p[0] = (unsigned char)( sa_len >> 8 );
-        p[1] = (unsigned char)( sa_len      );
+        p[0] = MBEDTLS_BYTE_1( sa_len );
+        p[1] = MBEDTLS_BYTE_0( sa_len );
         sa_len += 2;
         p += sa_len;
     }
@@ -2826,8 +2826,8 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
                 break;
             }
 
-            *p++ = (unsigned char)( dn_size >> 8 );
-            *p++ = (unsigned char)( dn_size      );
+            *p++ = MBEDTLS_BYTE_1( dn_size );
+            *p++ = MBEDTLS_BYTE_0( dn_size );
             memcpy( p, crt->subject_raw.p, dn_size );
             p += dn_size;
 
@@ -2841,8 +2841,8 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
     ssl->out_msglen  = p - buf;
     ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
     ssl->out_msg[0]  = MBEDTLS_SSL_HS_CERTIFICATE_REQUEST;
-    ssl->out_msg[4 + ct_len + sa_len] = (unsigned char)( total_dn_size  >> 8 );
-    ssl->out_msg[5 + ct_len + sa_len] = (unsigned char)( total_dn_size       );
+    ssl->out_msg[4 + ct_len + sa_len] = MBEDTLS_BYTE_1( total_dn_size );
+    ssl->out_msg[5 + ct_len + sa_len] = MBEDTLS_BYTE_0( total_dn_size );
 
     ret = mbedtls_ssl_write_handshake_msg( ssl );
 
@@ -3320,8 +3320,8 @@ static int ssl_write_server_key_exchange( mbedtls_ssl_context *ssl )
 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED)
     if( signature_len != 0 )
     {
-        ssl->out_msg[ssl->out_msglen++] = (unsigned char)( signature_len >> 8 );
-        ssl->out_msg[ssl->out_msglen++] = (unsigned char)( signature_len      );
+        ssl->out_msg[ssl->out_msglen++] = MBEDTLS_BYTE_1( signature_len );
+        ssl->out_msg[ssl->out_msglen++] = MBEDTLS_BYTE_0( signature_len );
 
         MBEDTLS_SSL_DEBUG_BUF( 3, "my signature",
                                ssl->out_msg + ssl->out_msglen,
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 381eb9e03b..33f026f4d1 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1487,8 +1487,8 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch
         if( end - p < 2 )
             return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
 
-        *(p++) = (unsigned char)( psk_len >> 8 );
-        *(p++) = (unsigned char)( psk_len      );
+        *(p++) = MBEDTLS_BYTE_1( psk_len );
+        *(p++) = MBEDTLS_BYTE_0( psk_len );
 
         if( end < p || (size_t)( end - p ) < psk_len )
             return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
@@ -1528,8 +1528,8 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch
             MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_calc_secret", ret );
             return( ret );
         }
-        *(p++) = (unsigned char)( len >> 8 );
-        *(p++) = (unsigned char)( len );
+        *(p++) = MBEDTLS_BYTE_1( len );
+        *(p++) = MBEDTLS_BYTE_0( len );
         p += len;
 
         MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: K ", &ssl->handshake->dhm_ctx.K  );
@@ -1550,8 +1550,8 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch
             return( ret );
         }
 
-        *(p++) = (unsigned char)( zlen >> 8 );
-        *(p++) = (unsigned char)( zlen      );
+        *(p++) = MBEDTLS_BYTE_1( zlen );
+        *(p++) = MBEDTLS_BYTE_0( zlen );
         p += zlen;
 
         MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
@@ -1568,8 +1568,8 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch
     if( end - p < 2 )
         return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
 
-    *(p++) = (unsigned char)( psk_len >> 8 );
-    *(p++) = (unsigned char)( psk_len      );
+    *(p++) = MBEDTLS_BYTE_1( psk_len );
+    *(p++) = MBEDTLS_BYTE_0( psk_len );
 
     if( end < p || (size_t)( end - p ) < psk_len )
         return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
@@ -1746,17 +1746,17 @@ int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl )
             return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
         }
 
-        ssl->out_msg[i    ] = (unsigned char)( n >> 16 );
-        ssl->out_msg[i + 1] = (unsigned char)( n >>  8 );
-        ssl->out_msg[i + 2] = (unsigned char)( n       );
+        ssl->out_msg[i    ] = MBEDTLS_BYTE_2( n );
+        ssl->out_msg[i + 1] = MBEDTLS_BYTE_1( n );
+        ssl->out_msg[i + 2] = MBEDTLS_BYTE_0( n );
 
         i += 3; memcpy( ssl->out_msg + i, crt->raw.p, n );
         i += n; crt = crt->next;
     }
 
-    ssl->out_msg[4]  = (unsigned char)( ( i - 7 ) >> 16 );
-    ssl->out_msg[5]  = (unsigned char)( ( i - 7 ) >>  8 );
-    ssl->out_msg[6]  = (unsigned char)( ( i - 7 )       );
+    ssl->out_msg[4]  = MBEDTLS_BYTE_2( i - 7 );
+    ssl->out_msg[5]  = MBEDTLS_BYTE_1( i - 7 );
+    ssl->out_msg[6]  = MBEDTLS_BYTE_0( i - 7 );
 
     ssl->out_msglen  = i;
     ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
diff --git a/library/x509write_crt.c b/library/x509write_crt.c
index c8169f1feb..0daf0683e9 100644
--- a/library/x509write_crt.c
+++ b/library/x509write_crt.c
@@ -251,8 +251,8 @@ int mbedtls_x509write_crt_set_key_usage( mbedtls_x509write_cert *ctx,
         return( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE );
 
     c = buf + 5;
-    ku[0] = (unsigned char)( key_usage      );
-    ku[1] = (unsigned char)( key_usage >> 8 );
+    ku[0] = MBEDTLS_BYTE_0( key_usage );
+    ku[1] = MBEDTLS_BYTE_1( key_usage );
     ret = mbedtls_asn1_write_named_bitstring( &c, buf, ku, 9 );
 
     if( ret < 0 )

From b6511b04fa8891a92fe45b42315ca9c4ec9439ac Mon Sep 17 00:00:00 2001
From: Joe Subbiani <joe.subbiani@arm.com>
Date: Fri, 16 Jul 2021 15:02:55 +0100
Subject: [PATCH 323/966] Replace instances of byte reading macros with PUT

Instances of a group of byte reading macros which are equivilant to
MBEDTLS_PUT_UINTx_yz

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
---
 library/chacha20.c   |  5 +----
 library/chachapoly.c | 18 ++----------------
 library/ssl_cookie.c |  5 +----
 3 files changed, 4 insertions(+), 24 deletions(-)

diff --git a/library/chacha20.c b/library/chacha20.c
index 0e057f0e3c..658f046901 100644
--- a/library/chacha20.c
+++ b/library/chacha20.c
@@ -164,10 +164,7 @@ static void chacha20_block( const uint32_t initial_state[16],
     {
         size_t offset = i * 4U;
 
-        keystream[offset     ] = MBEDTLS_BYTE_0( working_state[i] );
-        keystream[offset + 1U] = MBEDTLS_BYTE_1( working_state[i] );
-        keystream[offset + 2U] = MBEDTLS_BYTE_2( working_state[i] );
-        keystream[offset + 3U] = MBEDTLS_BYTE_3( working_state[i] );
+        MBEDTLS_PUT_UINT32_LE(working_state[i], keystream, offset);
     }
 
     mbedtls_platform_zeroize( working_state, sizeof( working_state ) );
diff --git a/library/chachapoly.c b/library/chachapoly.c
index 696d97bf01..dc75b2030a 100644
--- a/library/chachapoly.c
+++ b/library/chachapoly.c
@@ -263,22 +263,8 @@ int mbedtls_chachapoly_finish( mbedtls_chachapoly_context *ctx,
     /* The lengths of the AAD and ciphertext are processed by
      * Poly1305 as the final 128-bit block, encoded as little-endian integers.
      */
-    len_block[ 0] = MBEDTLS_BYTE_0( ctx->aad_len );
-    len_block[ 1] = MBEDTLS_BYTE_1( ctx->aad_len );
-    len_block[ 2] = MBEDTLS_BYTE_2( ctx->aad_len );
-    len_block[ 3] = MBEDTLS_BYTE_3( ctx->aad_len );
-    len_block[ 4] = MBEDTLS_BYTE_4( ctx->aad_len );
-    len_block[ 5] = MBEDTLS_BYTE_5( ctx->aad_len );
-    len_block[ 6] = MBEDTLS_BYTE_6( ctx->aad_len );
-    len_block[ 7] = MBEDTLS_BYTE_7( ctx->aad_len );
-    len_block[ 8] = MBEDTLS_BYTE_0( ctx->ciphertext_len );
-    len_block[ 9] = MBEDTLS_BYTE_1( ctx->ciphertext_len );
-    len_block[10] = MBEDTLS_BYTE_2( ctx->ciphertext_len );
-    len_block[11] = MBEDTLS_BYTE_3( ctx->ciphertext_len );
-    len_block[12] = MBEDTLS_BYTE_4( ctx->ciphertext_len );
-    len_block[13] = MBEDTLS_BYTE_5( ctx->ciphertext_len );
-    len_block[14] = MBEDTLS_BYTE_6( ctx->ciphertext_len );
-    len_block[15] = MBEDTLS_BYTE_7( ctx->ciphertext_len );
+    MBEDTLS_PUT_UINT64_LE(ctx->aad_len, len_block, 0);
+    MBEDTLS_PUT_UINT64_LE(ctx->ciphertext_len, len_block, 8);
 
     ret = mbedtls_poly1305_update( &ctx->poly1305_ctx, len_block, 16U );
     if( ret != 0 )
diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c
index 4f1c07bde6..986b1410b0 100644
--- a/library/ssl_cookie.c
+++ b/library/ssl_cookie.c
@@ -165,10 +165,7 @@ int mbedtls_ssl_cookie_write( void *p_ctx,
     t = ctx->serial++;
 #endif
 
-    (*p)[0] = MBEDTLS_BYTE_3( t );
-    (*p)[1] = MBEDTLS_BYTE_2( t );
-    (*p)[2] = MBEDTLS_BYTE_1( t );
-    (*p)[3] = MBEDTLS_BYTE_0( t );
+    MBEDTLS_PUT_UINT32_BE(t, *p, 0);
     *p += 4;
 
 #if defined(MBEDTLS_THREADING_C)

From 4919bb46b02a7032518951d5ff5f9168a8876859 Mon Sep 17 00:00:00 2001
From: Joe Subbiani <joe.subbiani@arm.com>
Date: Fri, 16 Jul 2021 17:14:07 +0100
Subject: [PATCH 324/966] Remove use of byte reading macro for uint16

Accidently used MBEDTLS_BYTE_16 for a uint16 variable

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
---
 library/poly1305.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/library/poly1305.c b/library/poly1305.c
index 333aade94a..9e90d67b1a 100644
--- a/library/poly1305.c
+++ b/library/poly1305.c
@@ -61,9 +61,9 @@ static uint64_t mul64( uint32_t a, uint32_t b )
 {
     /* a = al + 2**16 ah, b = bl + 2**16 bh */
     const uint16_t al = (uint16_t) a;
-    const uint16_t bl = (uint16_t) b;
-    const uint16_t ah = MBEDTLS_BYTE_2( a );
-    const uint16_t bh = MBEDTLS_BYTE_2( b );
+    const uint16_t bl = (uint16_t) b;    
+    const uint16_t ah = a >> 16;
+    const uint16_t bh = b >> 16;
 
     /* ab = al*bl + 2**16 (ah*bl + bl*bh) + 2**32 ah*bh */
     const uint32_t lo = (uint32_t) al * bl;

From 51b147add0abc84098c680ad7eac86d6dd3e10d6 Mon Sep 17 00:00:00 2001
From: Joe Subbiani <joe.subbiani@arm.com>
Date: Fri, 16 Jul 2021 17:47:17 +0100
Subject: [PATCH 325/966] Remove trailing white space

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
---
 library/poly1305.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/poly1305.c b/library/poly1305.c
index 9e90d67b1a..1f35f1d501 100644
--- a/library/poly1305.c
+++ b/library/poly1305.c
@@ -61,7 +61,7 @@ static uint64_t mul64( uint32_t a, uint32_t b )
 {
     /* a = al + 2**16 ah, b = bl + 2**16 bh */
     const uint16_t al = (uint16_t) a;
-    const uint16_t bl = (uint16_t) b;    
+    const uint16_t bl = (uint16_t) b;
     const uint16_t ah = a >> 16;
     const uint16_t bh = b >> 16;
 

From 6dd73645533dfaf489906c5ee30e9bb816b652a6 Mon Sep 17 00:00:00 2001
From: Joe Subbiani <joe.subbiani@arm.com>
Date: Mon, 19 Jul 2021 11:56:54 +0100
Subject: [PATCH 326/966] Replace instances of byte reading macros with PUT

Instances of a group of byte reading macros which are equivilant to
MBEDTLS_PUT_UINTx_yz

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
---
 library/common.h        | 34 ++++++++++++++++++++++++++++++++++
 library/poly1305.c      | 20 ++++----------------
 library/psa_its_file.c  | 10 ++--------
 library/ssl_cli.c       | 15 +++++----------
 library/ssl_msg.c       | 21 +++++++--------------
 library/ssl_srv.c       | 34 ++++++++++------------------------
 library/ssl_ticket.c    |  3 +--
 library/x509write_crt.c |  3 +--
 8 files changed, 64 insertions(+), 76 deletions(-)

diff --git a/library/common.h b/library/common.h
index ce2f04007e..3e8f88bf34 100644
--- a/library/common.h
+++ b/library/common.h
@@ -193,6 +193,40 @@ extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const c
 }
 #endif
 
+/**
+ * Get the unsigned 16 bits integer corresponding to two bytes in
+ * big-endian order (LSB first).
+ *
+ * \param   data    Base address of the memory to get the two bytes from.
+ * \param   offset  Offset from \p base of the first and most significant
+ *                  byte of the two bytes to build the 16 bits unsigned
+ *                  integer from.
+ */
+#ifndef MBEDTLS_GET_UINT16_BE
+#define MBEDTLS_GET_UINT16_BE( data, offset )              \
+    (                                                      \
+          ( (uint16_t) ( data )[( offset )    ] << 8 )     \
+        | ( (uint16_t) ( data )[( offset ) + 1]      )     \
+    )
+#endif
+
+/**
+ * Put in memory a 16 bits unsigned integer in big-endian order.
+ *
+ * \param   n       16 bits unsigned integer to put in memory.
+ * \param   data    Base address of the memory where to put the 16
+ *                  bits unsigned integer in.
+ * \param   offset  Offset from \p base where to put the most significant
+ *                  byte of the 16 bits unsigned integer \p n.
+ */
+#ifndef MBEDTLS_PUT_UINT16_BE
+#define MBEDTLS_PUT_UINT16_BE( n, data, offset )                           \
+{                                                                          \
+    ( data )[( offset )    ] = (unsigned char) ( ( (n) >> 8 ) & 0xFF );    \
+    ( data )[( offset ) + 1] = (unsigned char) ( ( (n)      ) & 0xFF );    \
+}
+#endif
+
 /**
  * Get the unsigned 64 bits integer corresponding to eight bytes in
  * big-endian order (MSB first).
diff --git a/library/poly1305.c b/library/poly1305.c
index 1f35f1d501..7375a0c572 100644
--- a/library/poly1305.c
+++ b/library/poly1305.c
@@ -250,22 +250,10 @@ static void poly1305_compute_mac( const mbedtls_poly1305_context *ctx,
     acc3 += ctx->s[3] + (uint32_t) ( d >> 32U );
 
     /* Compute MAC (128 least significant bits of the accumulator) */
-    mac[ 0] = MBEDTLS_BYTE_0( acc0 );
-    mac[ 1] = MBEDTLS_BYTE_1( acc0 );
-    mac[ 2] = MBEDTLS_BYTE_2( acc0 );
-    mac[ 3] = MBEDTLS_BYTE_3( acc0 );
-    mac[ 4] = MBEDTLS_BYTE_0( acc1 );
-    mac[ 5] = MBEDTLS_BYTE_1( acc1 );
-    mac[ 6] = MBEDTLS_BYTE_2( acc1 );
-    mac[ 7] = MBEDTLS_BYTE_3( acc1 );
-    mac[ 8] = MBEDTLS_BYTE_0( acc2 );
-    mac[ 9] = MBEDTLS_BYTE_1( acc2 );
-    mac[10] = MBEDTLS_BYTE_2( acc2 );
-    mac[11] = MBEDTLS_BYTE_3( acc2 );
-    mac[12] = MBEDTLS_BYTE_0( acc3 );
-    mac[13] = MBEDTLS_BYTE_1( acc3 );
-    mac[14] = MBEDTLS_BYTE_2( acc3 );
-    mac[15] = MBEDTLS_BYTE_3( acc3 );
+    MBEDTLS_PUT_UINT32_LE( acc0, mac,  0 );
+    MBEDTLS_PUT_UINT32_LE( acc1, mac,  4 );
+    MBEDTLS_PUT_UINT32_LE( acc2, mac,  8 );
+    MBEDTLS_PUT_UINT32_LE( acc3, mac, 12 );
 }
 
 void mbedtls_poly1305_init( mbedtls_poly1305_context *ctx )
diff --git a/library/psa_its_file.c b/library/psa_its_file.c
index c3b19a74ac..c4782cdba3 100644
--- a/library/psa_its_file.c
+++ b/library/psa_its_file.c
@@ -191,14 +191,8 @@ psa_status_t psa_its_set( psa_storage_uid_t uid,
     size_t n;
 
     memcpy( header.magic, PSA_ITS_MAGIC_STRING, PSA_ITS_MAGIC_LENGTH );
-    header.size[0] = MBEDTLS_BYTE_0( data_length );
-    header.size[1] = MBEDTLS_BYTE_1( data_length );
-    header.size[2] = MBEDTLS_BYTE_2( data_length );
-    header.size[3] = MBEDTLS_BYTE_3( data_length );
-    header.flags[0] = MBEDTLS_BYTE_0( create_flags );
-    header.flags[1] = MBEDTLS_BYTE_1( create_flags );
-    header.flags[2] = MBEDTLS_BYTE_2( create_flags );
-    header.flags[3] = MBEDTLS_BYTE_3( create_flags );
+    MBEDTLS_PUT_UINT32_LE( data_length, header.size, 0 );
+    MBEDTLS_PUT_UINT32_LE( create_flags, header.flags, 0 );
 
     psa_its_fill_filename( uid, filename );
     stream = fopen( PSA_ITS_STORAGE_TEMP, "wb" );
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 729784a6eb..3a0e6df6f4 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -703,12 +703,10 @@ static int ssl_write_alpn_ext( mbedtls_ssl_context *ssl,
     *olen = p - buf;
 
     /* List length = olen - 2 (ext_type) - 2 (ext_len) - 2 (list_len) */
-    buf[4] = MBEDTLS_BYTE_1( *olen - 6 );
-    buf[5] = MBEDTLS_BYTE_0( *olen - 6 );
+    MBEDTLS_PUT_UINT16_BE( *olen - 6, buf, 4 );
 
     /* Extension length = olen - 2 (ext_type) - 2 (ext_len) */
-    buf[2] = MBEDTLS_BYTE_1( *olen - 4 );
-    buf[3] = MBEDTLS_BYTE_0( *olen - 4 );
+    MBEDTLS_PUT_UINT16_BE( *olen - 4, buf, 2 );
 
     return( 0 );
 }
@@ -2745,8 +2743,7 @@ static int ssl_write_encrypted_pms( mbedtls_ssl_context *ssl,
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
     if( len_bytes == 2 )
     {
-        ssl->out_msg[offset+0] = MBEDTLS_BYTE_1( *olen );
-        ssl->out_msg[offset+1] = MBEDTLS_BYTE_0( *olen );
+        MBEDTLS_PUT_UINT16_BE( *olen, ssl->out_msg, offset );
         *olen += 2;
     }
 #endif
@@ -3503,8 +3500,7 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
          */
         content_len = mbedtls_dhm_get_len( &ssl->handshake->dhm_ctx );
 
-        ssl->out_msg[4] = MBEDTLS_BYTE_1( content_len );
-        ssl->out_msg[5] = MBEDTLS_BYTE_0( content_len );
+        MBEDTLS_PUT_UINT16_BE( content_len, ssl->out_msg, 4 );
         header_len = 6;
 
         ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx,
@@ -4054,8 +4050,7 @@ sign:
         return( ret );
     }
 
-    ssl->out_msg[4 + offset] = MBEDTLS_BYTE_1( n );
-    ssl->out_msg[5 + offset] = MBEDTLS_BYTE_0( n );
+    MBEDTLS_PUT_UINT16_BE( n, ssl->out_msg, offset + 4 );
 
     ssl->out_msglen  = 6 + n + offset;
     ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 304e7f22b7..2fe801a283 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -454,15 +454,13 @@ static void ssl_extract_add_data_from_record( unsigned char* add_data,
         *cur = rec->cid_len;
         cur++;
 
-        cur[0] = MBEDTLS_CHAR_1( ad_len_field );
-        cur[1] = MBEDTLS_CHAR_0( ad_len_field );
+        MBEDTLS_PUT_UINT16_BE( ad_len_field, cur, 0 );
         cur += 2;
     }
     else
 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
     {
-        cur[0] = MBEDTLS_CHAR_1( ad_len_field );
-        cur[1] = MBEDTLS_CHAR_0( ad_len_field );
+        MBEDTLS_PUT_UINT16_BE( ad_len_field, cur, 0 );
         cur += 2;
     }
 
@@ -2481,8 +2479,7 @@ int mbedtls_ssl_write_handshake_msg_ext( mbedtls_ssl_context *ssl,
             /* Write message_seq and update it, except for HelloRequest */
             if( hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST )
             {
-                ssl->out_msg[4] = MBEDTLS_BYTE_1( ssl->handshake->out_msg_seq );
-                ssl->out_msg[5] = MBEDTLS_BYTE_0( ssl->handshake->out_msg_seq );
+                MBEDTLS_PUT_UINT16_BE( ssl->handshake->out_msg_seq, ssl->out_msg, 4 );
                 ++( ssl->handshake->out_msg_seq );
             }
             else
@@ -2566,8 +2563,7 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush )
                            ssl->conf->transport, ssl->out_hdr + 1 );
 
         memcpy( ssl->out_ctr, ssl->cur_out_ctr, 8 );
-        ssl->out_len[0] = MBEDTLS_BYTE_1( len );
-        ssl->out_len[1] = MBEDTLS_BYTE_0( len );
+        MBEDTLS_PUT_UINT16_BE( len, ssl->out_len, 0);
 
         if( ssl->transform_out != NULL )
         {
@@ -2607,8 +2603,7 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush )
             memcpy( ssl->out_cid, rec.cid, rec.cid_len );
 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
             ssl->out_msglen = len = rec.data_len;
-            ssl->out_len[0] = MBEDTLS_BYTE_1( rec.data_len );
-            ssl->out_len[1] = MBEDTLS_BYTE_0( rec.data_len );
+            MBEDTLS_PUT_UINT16_BE( rec.data_len, ssl->out_len, 0 );
         }
 
         protected_record_size = len + mbedtls_ssl_out_hdr_len( ssl );
@@ -3184,8 +3179,7 @@ static int ssl_check_dtls_clihlo_cookie(
     obuf[15] = obuf[23] = MBEDTLS_BYTE_1( *olen - 25 );
     obuf[16] = obuf[24] = MBEDTLS_BYTE_0( *olen - 25 );
 
-    obuf[11] = MBEDTLS_BYTE_1( *olen - 13 );
-    obuf[12] = MBEDTLS_BYTE_0( *olen - 13 );
+    MBEDTLS_PUT_UINT16_BE( *olen - 13, obuf, 11 );
 
     return( MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED );
 }
@@ -4565,8 +4559,7 @@ static int ssl_get_next_record( mbedtls_ssl_context *ssl )
     ssl->in_hdr[0] = rec.type;
     ssl->in_msg    = rec.buf + rec.data_offset;
     ssl->in_msglen = rec.data_len;
-    ssl->in_len[0] = MBEDTLS_BYTE_1( rec.data_len );
-    ssl->in_len[1] = MBEDTLS_BYTE_0( rec.data_len );
+    MBEDTLS_PUT_UINT16_BE( rec.data_len, ssl->in_len, 0 );
 
     return( 0 );
 }
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 232846ff08..a791b80764 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -2238,16 +2238,13 @@ static void ssl_write_alpn_ext( mbedtls_ssl_context *ssl,
      * 6 . 6    protocol name length
      * 7 . 7+n  protocol name
      */
-    buf[0] = MBEDTLS_BYTE_1( MBEDTLS_TLS_EXT_ALPN );
-    buf[1] = MBEDTLS_BYTE_0( MBEDTLS_TLS_EXT_ALPN );
+    MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_ALPN, buf, 0);
 
     *olen = 7 + strlen( ssl->alpn_chosen );
 
-    buf[2] = MBEDTLS_BYTE_1( *olen - 4 );
-    buf[3] = MBEDTLS_BYTE_0( *olen - 4 );
+    MBEDTLS_PUT_UINT16_BE( *olen - 4, buf, 2 );
 
-    buf[4] = MBEDTLS_BYTE_1( *olen - 6 );
-    buf[5] = MBEDTLS_BYTE_0( *olen - 6 );
+    MBEDTLS_PUT_UINT16_BE( *olen - 6, buf, 4 );
 
     buf[6] = MBEDTLS_BYTE_0( *olen - 7 );
 
@@ -2294,15 +2291,13 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl,
     }
 
     /* extension */
-    buf[0] = MBEDTLS_BYTE_1( MBEDTLS_TLS_EXT_USE_SRTP );
-    buf[1] = MBEDTLS_BYTE_0( MBEDTLS_TLS_EXT_USE_SRTP );
+    MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_USE_SRTP, buf, 0 );
     /*
      * total length 5 and mki value: only one profile(2 bytes)
      *              and length(2 bytes) and srtp_mki  )
      */
     ext_len = 5 + mki_len;
-    buf[2] = MBEDTLS_BYTE_1( ext_len );
-    buf[3] = MBEDTLS_BYTE_0( ext_len );
+    MBEDTLS_PUT_UINT16_BE( ext_len, buf, 2 );
 
     /* protection profile length: 2 */
     buf[4] = 0x00;
@@ -2311,8 +2306,7 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl,
                                 ssl->dtls_srtp_info.chosen_dtls_srtp_profile );
     if( profile_value != MBEDTLS_TLS_SRTP_UNSET )
     {
-        buf[6] = MBEDTLS_BYTE_1( profile_value );
-        buf[7] = MBEDTLS_BYTE_0( profile_value );
+        MBEDTLS_PUT_UINT16_BE( profile_value, buf, 6 );
     }
     else
     {
@@ -2785,8 +2779,7 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
 #endif
         }
 
-        p[0] = MBEDTLS_BYTE_1( sa_len );
-        p[1] = MBEDTLS_BYTE_0( sa_len );
+        MBEDTLS_PUT_UINT16_BE( sa_len, p, 0 );
         sa_len += 2;
         p += sa_len;
     }
@@ -2841,8 +2834,7 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
     ssl->out_msglen  = p - buf;
     ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
     ssl->out_msg[0]  = MBEDTLS_SSL_HS_CERTIFICATE_REQUEST;
-    ssl->out_msg[4 + ct_len + sa_len] = MBEDTLS_BYTE_1( total_dn_size );
-    ssl->out_msg[5 + ct_len + sa_len] = MBEDTLS_BYTE_0( total_dn_size );
+    MBEDTLS_PUT_UINT16_BE( total_dn_size, ssl->out_msg, 4 + ct_len + sa_len );
 
     ret = mbedtls_ssl_write_handshake_msg( ssl );
 
@@ -4223,14 +4215,8 @@ static int ssl_write_new_session_ticket( mbedtls_ssl_context *ssl )
         tlen = 0;
     }
 
-    ssl->out_msg[4] = MBEDTLS_BYTE_3( lifetime );
-    ssl->out_msg[5] = MBEDTLS_BYTE_2( lifetime );
-    ssl->out_msg[6] = MBEDTLS_BYTE_1( lifetime );
-    ssl->out_msg[7] = MBEDTLS_BYTE_0( lifetime );
-
-    ssl->out_msg[8] = MBEDTLS_BYTE_1( tlen );
-    ssl->out_msg[9] = MBEDTLS_BYTE_0( tlen );
-
+    MBEDTLS_PUT_UINT32_BE( lifetime, ssl->out_msg, 4 );
+    MBEDTLS_PUT_UINT16_BE( tlen, ssl->out_msg, 8 );
     ssl->out_msglen = 10 + tlen;
 
     /*
diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c
index a7a55f1a75..bce9a1cd71 100644
--- a/library/ssl_ticket.c
+++ b/library/ssl_ticket.c
@@ -245,8 +245,7 @@ int mbedtls_ssl_ticket_write( void *p_ticket,
     {
          goto cleanup;
     }
-    state_len_bytes[0] = MBEDTLS_BYTE_1( clear_len );
-    state_len_bytes[1] = MBEDTLS_BYTE_0( clear_len );
+    MBEDTLS_PUT_UINT16_BE( clear_len, state_len_bytes, 0 );
 
     /* Encrypt and authenticate */
     if( ( ret = mbedtls_cipher_auth_encrypt_ext( &key->ctx,
diff --git a/library/x509write_crt.c b/library/x509write_crt.c
index 0daf0683e9..17b3e7966b 100644
--- a/library/x509write_crt.c
+++ b/library/x509write_crt.c
@@ -251,8 +251,7 @@ int mbedtls_x509write_crt_set_key_usage( mbedtls_x509write_cert *ctx,
         return( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE );
 
     c = buf + 5;
-    ku[0] = MBEDTLS_BYTE_0( key_usage );
-    ku[1] = MBEDTLS_BYTE_1( key_usage );
+    MBEDTLS_PUT_UINT16_LE( key_usage, ku, 0 );
     ret = mbedtls_asn1_write_named_bitstring( &c, buf, ku, 9 );
 
     if( ret < 0 )

From 5241e343ded7655e4baa95a493002ec93ae458c1 Mon Sep 17 00:00:00 2001
From: Joe Subbiani <joe.subbiani@arm.com>
Date: Mon, 19 Jul 2021 15:29:18 +0100
Subject: [PATCH 327/966] Improve consitency throughout library/common.h

Replace the contents of MBEDTLS_PUT_UINTx_yz contained inconsitent
but similar/duplicate code to the MBEDTLS_BYTE_x macros. Therefore
the contents of the macros now utilise the byte reading macros.

MBEDTLS_PUT_UINT64_LE's written order was also not consitent with
the other PUT macros, so that was modified.

Documentation comment said LSB instead of MSB and that has also been
resolved.

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
---
 library/common.h | 166 +++++++++++++++++++++++------------------------
 1 file changed, 83 insertions(+), 83 deletions(-)

diff --git a/library/common.h b/library/common.h
index 3e8f88bf34..ba0396c58c 100644
--- a/library/common.h
+++ b/library/common.h
@@ -93,12 +93,12 @@ extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const c
  *                  integer from.
  */
 #ifndef MBEDTLS_GET_UINT32_BE
-#define MBEDTLS_GET_UINT32_BE( data , offset )              \
-    (                                                       \
-          ( (uint32_t) ( data )[( offset )    ] << 24 )     \
-        | ( (uint32_t) ( data )[( offset ) + 1] << 16 )     \
-        | ( (uint32_t) ( data )[( offset ) + 2] <<  8 )     \
-        | ( (uint32_t) ( data )[( offset ) + 3]       )     \
+#define MBEDTLS_GET_UINT32_BE( data , offset )                  \
+    (                                                           \
+          ( (uint32_t) ( data )[( offset )    ] << 24 )         \
+        | ( (uint32_t) ( data )[( offset ) + 1] << 16 )         \
+        | ( (uint32_t) ( data )[( offset ) + 2] <<  8 )         \
+        | ( (uint32_t) ( data )[( offset ) + 3]       )         \
     )
 #endif
 
@@ -112,13 +112,13 @@ extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const c
  *                  byte of the 32 bits unsigned integer \p n.
  */
 #ifndef MBEDTLS_PUT_UINT32_BE
-#define MBEDTLS_PUT_UINT32_BE( n, data, offset )                    \
-    do {                                                            \
-        ( data )[( offset )    ] = (unsigned char) ( (n) >> 24 );   \
-        ( data )[( offset ) + 1] = (unsigned char) ( (n) >> 16 );   \
-        ( data )[( offset ) + 2] = (unsigned char) ( (n) >>  8 );   \
-        ( data )[( offset ) + 3] = (unsigned char) ( (n)       );   \
-    } while( 0 )
+#define MBEDTLS_PUT_UINT32_BE( n, data, offset )                \
+{                                                               \
+    ( data )[( offset )    ] = MBEDTLS_BYTE_3( n );             \
+    ( data )[( offset ) + 1] = MBEDTLS_BYTE_2( n );             \
+    ( data )[( offset ) + 2] = MBEDTLS_BYTE_1( n );             \
+    ( data )[( offset ) + 3] = MBEDTLS_BYTE_0( n );             \
+}
 #endif
 
 /**
@@ -131,12 +131,12 @@ extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const c
  *                  integer from.
  */
 #ifndef MBEDTLS_GET_UINT32_LE
-#define MBEDTLS_GET_UINT32_LE( data, offset )              \
-    (                                                      \
-          ( (uint32_t) ( data )[( offset )    ]       )    \
-        | ( (uint32_t) ( data )[( offset ) + 1] <<  8 )    \
-        | ( (uint32_t) ( data )[( offset ) + 2] << 16 )    \
-        | ( (uint32_t) ( data )[( offset ) + 3] << 24 )    \
+#define MBEDTLS_GET_UINT32_LE( data, offset )                   \
+    (                                                           \
+          ( (uint32_t) ( data )[( offset )    ]       )         \
+        | ( (uint32_t) ( data )[( offset ) + 1] <<  8 )         \
+        | ( (uint32_t) ( data )[( offset ) + 2] << 16 )         \
+        | ( (uint32_t) ( data )[( offset ) + 3] << 24 )         \
     )
 #endif
 
@@ -150,13 +150,13 @@ extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const c
  *                  byte of the 32 bits unsigned integer \p n.
  */
 #ifndef MBEDTLS_PUT_UINT32_LE
-#define MBEDTLS_PUT_UINT32_LE( n, data, offset )                                \
-    do {                                                                        \
-        ( data )[( offset )    ] = (unsigned char) ( ( (n)       ) & 0xFF );    \
-        ( data )[( offset ) + 1] = (unsigned char) ( ( (n) >>  8 ) & 0xFF );    \
-        ( data )[( offset ) + 2] = (unsigned char) ( ( (n) >> 16 ) & 0xFF );    \
-        ( data )[( offset ) + 3] = (unsigned char) ( ( (n) >> 24 ) & 0xFF );    \
-    } while( 0 )
+#define MBEDTLS_PUT_UINT32_LE( n, data, offset )                \
+{                                                               \
+    ( data )[( offset )    ] = MBEDTLS_BYTE_0( n );             \
+    ( data )[( offset ) + 1] = MBEDTLS_BYTE_1( n );             \
+    ( data )[( offset ) + 2] = MBEDTLS_BYTE_2( n );             \
+    ( data )[( offset ) + 3] = MBEDTLS_BYTE_3( n );             \
+}
 #endif
 
 /**
@@ -169,10 +169,10 @@ extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const c
  *                  integer from.
  */
 #ifndef MBEDTLS_GET_UINT16_LE
-#define MBEDTLS_GET_UINT16_LE( data, offset )               \
-    (                                                       \
-          ( (uint16_t) ( data )[( offset )    ]       )     \
-        | ( (uint16_t) ( data )[( offset ) + 1] <<  8 )     \
+#define MBEDTLS_GET_UINT16_LE( data, offset )                   \
+    (                                                           \
+          ( (uint16_t) ( data )[( offset )    ]       )         \
+        | ( (uint16_t) ( data )[( offset ) + 1] <<  8 )         \
     )
 #endif
 
@@ -186,16 +186,16 @@ extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const c
  *                  byte of the 16 bits unsigned integer \p n.
  */
 #ifndef MBEDTLS_PUT_UINT16_LE
-#define MBEDTLS_PUT_UINT16_LE( n, data, offset )                            \
-{                                                                           \
-    ( data )[( offset )    ] = (unsigned char) ( ( (n)       ) & 0xFF );    \
-    ( data )[( offset ) + 1] = (unsigned char) ( ( (n) >>  8 ) & 0xFF );    \
+#define MBEDTLS_PUT_UINT16_LE( n, data, offset )                \
+{                                                               \
+    ( data )[( offset )    ] = MBEDTLS_BYTE_0( n );             \
+    ( data )[( offset ) + 1] = MBEDTLS_BYTE_1( n );             \
 }
 #endif
 
 /**
  * Get the unsigned 16 bits integer corresponding to two bytes in
- * big-endian order (LSB first).
+ * big-endian order (MSB first).
  *
  * \param   data    Base address of the memory to get the two bytes from.
  * \param   offset  Offset from \p base of the first and most significant
@@ -203,10 +203,10 @@ extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const c
  *                  integer from.
  */
 #ifndef MBEDTLS_GET_UINT16_BE
-#define MBEDTLS_GET_UINT16_BE( data, offset )              \
-    (                                                      \
-          ( (uint16_t) ( data )[( offset )    ] << 8 )     \
-        | ( (uint16_t) ( data )[( offset ) + 1]      )     \
+#define MBEDTLS_GET_UINT16_BE( data, offset )                   \
+    (                                                           \
+          ( (uint16_t) ( data )[( offset )    ] << 8 )          \
+        | ( (uint16_t) ( data )[( offset ) + 1]      )          \
     )
 #endif
 
@@ -220,10 +220,10 @@ extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const c
  *                  byte of the 16 bits unsigned integer \p n.
  */
 #ifndef MBEDTLS_PUT_UINT16_BE
-#define MBEDTLS_PUT_UINT16_BE( n, data, offset )                           \
-{                                                                          \
-    ( data )[( offset )    ] = (unsigned char) ( ( (n) >> 8 ) & 0xFF );    \
-    ( data )[( offset ) + 1] = (unsigned char) ( ( (n)      ) & 0xFF );    \
+#define MBEDTLS_PUT_UINT16_BE( n, data, offset )                \
+{                                                               \
+    ( data )[( offset )    ] = MBEDTLS_BYTE_1( n );             \
+    ( data )[( offset ) + 1] = MBEDTLS_BYTE_0( n );             \
 }
 #endif
 
@@ -237,16 +237,16 @@ extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const c
  *                  integer from.
  */
 #ifndef MBEDTLS_GET_UINT64_BE
-#define MBEDTLS_GET_UINT64_BE( data, offset )                 \
-    (                                                         \
-          ( (uint64_t) ( data )[( offset )    ] << 56 )       \
-        | ( (uint64_t) ( data )[( offset ) + 1] << 48 )       \
-        | ( (uint64_t) ( data )[( offset ) + 2] << 40 )       \
-        | ( (uint64_t) ( data )[( offset ) + 3] << 32 )       \
-        | ( (uint64_t) ( data )[( offset ) + 4] << 24 )       \
-        | ( (uint64_t) ( data )[( offset ) + 5] << 16 )       \
-        | ( (uint64_t) ( data )[( offset ) + 6] <<  8 )       \
-        | ( (uint64_t) ( data )[( offset ) + 7]       )       \
+#define MBEDTLS_GET_UINT64_BE( data, offset )                   \
+    (                                                           \
+          ( (uint64_t) ( data )[( offset )    ] << 56 )         \
+        | ( (uint64_t) ( data )[( offset ) + 1] << 48 )         \
+        | ( (uint64_t) ( data )[( offset ) + 2] << 40 )         \
+        | ( (uint64_t) ( data )[( offset ) + 3] << 32 )         \
+        | ( (uint64_t) ( data )[( offset ) + 4] << 24 )         \
+        | ( (uint64_t) ( data )[( offset ) + 5] << 16 )         \
+        | ( (uint64_t) ( data )[( offset ) + 6] <<  8 )         \
+        | ( (uint64_t) ( data )[( offset ) + 7]       )         \
     )
 #endif
 
@@ -260,16 +260,16 @@ extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const c
  *                  byte of the 64 bits unsigned integer \p n.
  */
 #ifndef MBEDTLS_PUT_UINT64_BE
-#define MBEDTLS_PUT_UINT64_BE( n, data, offset )                    \
-{                                                                   \
-    ( data )[( offset )    ] = (unsigned char) ( (n) >> 56 );       \
-    ( data )[( offset ) + 1] = (unsigned char) ( (n) >> 48 );       \
-    ( data )[( offset ) + 2] = (unsigned char) ( (n) >> 40 );       \
-    ( data )[( offset ) + 3] = (unsigned char) ( (n) >> 32 );       \
-    ( data )[( offset ) + 4] = (unsigned char) ( (n) >> 24 );       \
-    ( data )[( offset ) + 5] = (unsigned char) ( (n) >> 16 );       \
-    ( data )[( offset ) + 6] = (unsigned char) ( (n) >>  8 );       \
-    ( data )[( offset ) + 7] = (unsigned char) ( (n)       );       \
+#define MBEDTLS_PUT_UINT64_BE( n, data, offset )                \
+{                                                               \
+    ( data )[( offset )    ] = MBEDTLS_BYTE_7( n );             \
+    ( data )[( offset ) + 1] = MBEDTLS_BYTE_6( n );             \
+    ( data )[( offset ) + 2] = MBEDTLS_BYTE_5( n );             \
+    ( data )[( offset ) + 3] = MBEDTLS_BYTE_4( n );             \
+    ( data )[( offset ) + 4] = MBEDTLS_BYTE_3( n );             \
+    ( data )[( offset ) + 5] = MBEDTLS_BYTE_2( n );             \
+    ( data )[( offset ) + 6] = MBEDTLS_BYTE_1( n );             \
+    ( data )[( offset ) + 7] = MBEDTLS_BYTE_0( n );             \
 }
 #endif
 
@@ -283,16 +283,16 @@ extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const c
  *                  integer from.
  */
 #ifndef MBEDTLS_GET_UINT64_LE
-#define MBEDTLS_GET_UINT64_LE( data, offset )               \
-    (                                                       \
-          ( (uint64_t) ( data )[( offset ) + 7] << 56 )     \
-        | ( (uint64_t) ( data )[( offset ) + 6] << 48 )     \
-        | ( (uint64_t) ( data )[( offset ) + 5] << 40 )     \
-        | ( (uint64_t) ( data )[( offset ) + 4] << 32 )     \
-        | ( (uint64_t) ( data )[( offset ) + 3] << 24 )     \
-        | ( (uint64_t) ( data )[( offset ) + 2] << 16 )     \
-        | ( (uint64_t) ( data )[( offset ) + 1] <<  8 )     \
-        | ( (uint64_t) ( data )[( offset )    ]       )     \
+#define MBEDTLS_GET_UINT64_LE( data, offset )                   \
+    (                                                           \
+          ( (uint64_t) ( data )[( offset ) + 7] << 56 )         \
+        | ( (uint64_t) ( data )[( offset ) + 6] << 48 )         \
+        | ( (uint64_t) ( data )[( offset ) + 5] << 40 )         \
+        | ( (uint64_t) ( data )[( offset ) + 4] << 32 )         \
+        | ( (uint64_t) ( data )[( offset ) + 3] << 24 )         \
+        | ( (uint64_t) ( data )[( offset ) + 2] << 16 )         \
+        | ( (uint64_t) ( data )[( offset ) + 1] <<  8 )         \
+        | ( (uint64_t) ( data )[( offset )    ]       )         \
     )
 #endif
 
@@ -306,16 +306,16 @@ extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const c
  *                  byte of the 64 bits unsigned integer \p n.
  */
 #ifndef MBEDTLS_PUT_UINT64_LE
-#define MBEDTLS_PUT_UINT64_LE( n, data, offset )                    \
-{                                                                   \
-    ( data )[( offset ) + 7] = (unsigned char) ( (n) >> 56 );       \
-    ( data )[( offset ) + 6] = (unsigned char) ( (n) >> 48 );       \
-    ( data )[( offset ) + 5] = (unsigned char) ( (n) >> 40 );       \
-    ( data )[( offset ) + 4] = (unsigned char) ( (n) >> 32 );       \
-    ( data )[( offset ) + 3] = (unsigned char) ( (n) >> 24 );       \
-    ( data )[( offset ) + 2] = (unsigned char) ( (n) >> 16 );       \
-    ( data )[( offset ) + 1] = (unsigned char) ( (n) >>  8 );       \
-    ( data )[( offset )    ] = (unsigned char) ( (n)       );       \
+#define MBEDTLS_PUT_UINT64_LE( n, data, offset )                \
+{                                                               \
+    ( data )[( offset )    ] = MBEDTLS_BYTE_0( n );             \
+    ( data )[( offset ) + 1] = MBEDTLS_BYTE_1( n );             \
+    ( data )[( offset ) + 2] = MBEDTLS_BYTE_2( n );             \
+    ( data )[( offset ) + 3] = MBEDTLS_BYTE_3( n );             \
+    ( data )[( offset ) + 4] = MBEDTLS_BYTE_4( n );             \
+    ( data )[( offset ) + 5] = MBEDTLS_BYTE_5( n );             \
+    ( data )[( offset ) + 6] = MBEDTLS_BYTE_6( n );             \
+    ( data )[( offset ) + 7] = MBEDTLS_BYTE_7( n );             \
 }
 #endif
 

From d0687856afdc603112b39edf5443dfe539eaee40 Mon Sep 17 00:00:00 2001
From: Joe Subbiani <joe.subbiani@arm.com>
Date: Wed, 21 Jul 2021 15:22:47 +0100
Subject: [PATCH 328/966] Improve documentation and add more uses of
 MBEDTLS_PUT

minor changes, such as improving the documentation for the byte reading
macros, and using MBEDTLS_PUT_UINT16_xy in place of byte reading
macro combinations

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
---
 library/ccm.c     | 3 +--
 library/common.h  | 5 ++---
 library/ecp.c     | 3 +--
 library/ssl_cli.c | 2 +-
 4 files changed, 5 insertions(+), 8 deletions(-)

diff --git a/library/ccm.c b/library/ccm.c
index 0188075f5e..a21a37f55f 100644
--- a/library/ccm.c
+++ b/library/ccm.c
@@ -221,8 +221,7 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length,
         src = add;
 
         memset( b, 0, 16 );
-        b[0] = MBEDTLS_BYTE_1( add_len );
-        b[1] = MBEDTLS_BYTE_0( add_len );
+        MBEDTLS_PUT_UINT16_BE( add_len, b, 0 );
 
         use_len = len_left < 16 - 2 ? len_left : 16 - 2;
         memcpy( b + 2, src, use_len );
diff --git a/library/common.h b/library/common.h
index ba0396c58c..d740c7338c 100644
--- a/library/common.h
+++ b/library/common.h
@@ -70,9 +70,8 @@ extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const c
 
 /** Byte Reading Macros
  *
- * Obtain the most significant byte of x using 0xff
- * Using MBEDTLS_BYTE_a will shift a*8 bits
- * to retrieve the next byte of information
+ * Given a multi-byte integer \p x, MBEDTLS_BYTE_n retrieves the n-th 
+ * byte from x, where byte 0 is the least significant byte.
  */
 #define MBEDTLS_BYTE_0( x ) ( (uint8_t) (   ( x )         & 0xff ) )
 #define MBEDTLS_BYTE_1( x ) ( (uint8_t) ( ( ( x ) >> 8  ) & 0xff ) )
diff --git a/library/ecp.c b/library/ecp.c
index fdfc960069..0212069c83 100644
--- a/library/ecp.c
+++ b/library/ecp.c
@@ -1012,8 +1012,7 @@ int mbedtls_ecp_tls_write_group( const mbedtls_ecp_group *grp, size_t *olen,
     /*
      * Next two bytes are the namedcurve value
      */
-    buf[0] = MBEDTLS_BYTE_1( curve_info->tls_id );
-    buf[1] = MBEDTLS_BYTE_0( curve_info->tls_id );
+    MBEDTLS_PUT_UINT16_BE( curve_info->tls_id, buf, 0 );
 
     return( 0 );
 }
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 3a0e6df6f4..0e25b6c60a 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -762,7 +762,7 @@ static int ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl,
     *p++ = MBEDTLS_BYTE_0( MBEDTLS_TLS_EXT_USE_SRTP );
 
 
-    *p++ = MBEDTLS_BYTE_1( ext_len & 0xFF00 );
+    *p++ = MBEDTLS_BYTE_1( ext_len );
     *p++ = MBEDTLS_BYTE_0( ext_len );
 
     /* protection profile length: 2*(ssl->conf->dtls_srtp_profile_list_len) */

From 9ab1866b0d0adace1c6c7ac65e0d8c586ad5a320 Mon Sep 17 00:00:00 2001
From: Joe Subbiani <joe.subbiani@arm.com>
Date: Wed, 21 Jul 2021 16:35:48 +0100
Subject: [PATCH 329/966] Remove trailing whitespace

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
---
 library/common.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/common.h b/library/common.h
index d740c7338c..780ce378de 100644
--- a/library/common.h
+++ b/library/common.h
@@ -70,7 +70,7 @@ extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const c
 
 /** Byte Reading Macros
  *
- * Given a multi-byte integer \p x, MBEDTLS_BYTE_n retrieves the n-th 
+ * Given a multi-byte integer \p x, MBEDTLS_BYTE_n retrieves the n-th
  * byte from x, where byte 0 is the least significant byte.
  */
 #define MBEDTLS_BYTE_0( x ) ( (uint8_t) (   ( x )         & 0xff ) )

From 5d3a3c3ee43a54e5ad2cb2e80200cb770435ae67 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Thu, 19 Aug 2021 18:34:41 +0100
Subject: [PATCH 330/966] Fix arguments formatting mistake

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto_driver_wrappers.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c
index 09fff0c6bd..1dd3b2db92 100644
--- a/library/psa_crypto_driver_wrappers.c
+++ b/library/psa_crypto_driver_wrappers.c
@@ -1509,7 +1509,7 @@ psa_status_t psa_driver_wrapper_aead_decrypt_setup(
             operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
             status = mbedtls_test_transparent_aead_decrypt_setup(
                         &operation->ctx.transparent_test_driver_ctx,
-                         attributes,
+                        attributes,
                         key_buffer, key_buffer_size,
                         alg );
 
@@ -1523,7 +1523,7 @@ psa_status_t psa_driver_wrapper_aead_decrypt_setup(
             operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
             status = mbedtls_psa_aead_decrypt_setup(
                         &operation->ctx.mbedtls_ctx,
-                         attributes,
+                        attributes,
                         key_buffer, key_buffer_size,
                         alg );
 

From e0a12bd852b07ee7fdec24585646f31c341391be Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Thu, 19 Aug 2021 18:55:56 +0100
Subject: [PATCH 331/966] Refactor aead setup functions into single function

Move common encrypt / decrypt code into common function, and roll in
previously refactored setup checks function, as this is now the only
place it is called.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto.c | 154 +++++++++++++++++++------------------------
 1 file changed, 66 insertions(+), 88 deletions(-)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index e40e370a00..1566a45342 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3401,26 +3401,82 @@ static psa_algorithm_t psa_aead_get_base_algorithm( psa_algorithm_t alg )
     return PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG( alg );
 }
 
-static psa_status_t psa_aead_setup_checks( psa_aead_operation_t *operation,
-                                           psa_algorithm_t alg )
+/* Set the key for a multipart authenticated operation. */
+static psa_status_t psa_aead_setup( psa_aead_operation_t *operation,
+                                    mbedtls_svc_key_id_t key,
+                                    psa_algorithm_t alg )
 {
+    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+    psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
+    psa_key_slot_t *slot = NULL;
+    psa_key_usage_t key_usage = 0;
+
     if( !PSA_ALG_IS_AEAD( alg ) || PSA_ALG_IS_WILDCARD( alg ) )
     {
-        return( PSA_ERROR_INVALID_ARGUMENT );
+        status = PSA_ERROR_INVALID_ARGUMENT;
+        goto exit;
     }
 
     if( operation->id != 0 )
     {
-        return( PSA_ERROR_BAD_STATE );
+        status = PSA_ERROR_BAD_STATE;
+        goto exit;
     }
 
     if( operation->nonce_set || operation->lengths_set ||
         operation->ad_started || operation->body_started )
     {
-        return( PSA_ERROR_BAD_STATE );
+        status = PSA_ERROR_BAD_STATE;
+        goto exit;
     }
 
-    return( PSA_SUCCESS );
+    if( operation->is_encrypt )
+        key_usage = PSA_KEY_USAGE_ENCRYPT;
+    else
+        key_usage = PSA_KEY_USAGE_DECRYPT;
+
+    status = psa_get_and_lock_key_slot_with_policy( key, &slot, key_usage,
+                                                    alg );
+
+    if( status != PSA_SUCCESS )
+        goto exit;
+
+    psa_key_attributes_t attributes = {
+        .core = slot->attr
+    };
+
+    if( operation->is_encrypt )
+        status = psa_driver_wrapper_aead_encrypt_setup( operation,
+                                                        &attributes,
+                                                        slot->key.data,
+                                                        slot->key.bytes,
+                                                        alg );
+    else
+        status = psa_driver_wrapper_aead_decrypt_setup( operation,
+                                                        &attributes,
+                                                        slot->key.data,
+                                                        slot->key.bytes,
+                                                        alg );
+
+
+    if( status != PSA_SUCCESS )
+        goto exit;
+
+    operation->key_type = psa_get_key_type( &attributes );
+
+exit:
+
+    unlock_status = psa_unlock_key_slot( slot );
+
+    if( status == PSA_SUCCESS )
+    {
+        status = unlock_status;
+        operation->alg = psa_aead_get_base_algorithm( alg );
+    }
+    else
+        psa_aead_abort( operation );
+
+    return( status );
 }
 
 /* Set the key for a multipart authenticated encryption operation. */
@@ -3428,48 +3484,9 @@ psa_status_t psa_aead_encrypt_setup( psa_aead_operation_t *operation,
                                      mbedtls_svc_key_id_t key,
                                      psa_algorithm_t alg )
 {
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-    psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
-    psa_key_slot_t *slot = NULL;
+    operation->is_encrypt = 1;
 
-    status = psa_aead_setup_checks( operation, alg );
-
-    if( status != PSA_SUCCESS )
-        goto exit;
-
-    status = psa_get_and_lock_key_slot_with_policy(
-                 key, &slot, PSA_KEY_USAGE_ENCRYPT, alg );
-
-    if( status != PSA_SUCCESS )
-        goto exit;
-
-    psa_key_attributes_t attributes = {
-      .core = slot->attr
-    };
-
-    status = psa_driver_wrapper_aead_encrypt_setup( operation,
-                                                    &attributes, slot->key.data,
-                                                    slot->key.bytes, alg );
-
-    if( status != PSA_SUCCESS )
-        goto exit;
-
-    operation->key_type = psa_get_key_type( &attributes );
-
-exit:
-
-    unlock_status = psa_unlock_key_slot( slot );
-
-    if( status == PSA_SUCCESS )
-    {
-        status = unlock_status;
-        operation->alg = psa_aead_get_base_algorithm( alg );
-        operation->is_encrypt = 1;
-    }
-    else
-        psa_aead_abort( operation );
-
-    return( status );
+    return( psa_aead_setup( operation, key, alg ) );
 }
 
 /* Set the key for a multipart authenticated decryption operation. */
@@ -3477,48 +3494,9 @@ psa_status_t psa_aead_decrypt_setup( psa_aead_operation_t *operation,
                                      mbedtls_svc_key_id_t key,
                                      psa_algorithm_t alg )
 {
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-    psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
-    psa_key_slot_t *slot = NULL;
+    operation->is_encrypt = 0;
 
-    status = psa_aead_setup_checks( operation, alg );
-
-    if( status != PSA_SUCCESS )
-        goto exit;
-
-    status = psa_get_and_lock_key_slot_with_policy(
-                 key, &slot, PSA_KEY_USAGE_DECRYPT, alg );
-
-    if( status != PSA_SUCCESS )
-        goto exit;
-
-    psa_key_attributes_t attributes = {
-      .core = slot->attr
-    };
-
-    status = psa_driver_wrapper_aead_decrypt_setup( operation,
-                                                    &attributes, slot->key.data,
-                                                    slot->key.bytes, alg );
-
-    if( status != PSA_SUCCESS )
-        goto exit;
-
-    operation->key_type = psa_get_key_type( &attributes );
-
-exit:
-
-    unlock_status = psa_unlock_key_slot( slot );
-
-    if( status == PSA_SUCCESS )
-    {
-        status = unlock_status;
-        operation->alg = psa_aead_get_base_algorithm( alg );
-        operation->is_encrypt = 0;
-    }
-    else
-        psa_aead_abort( operation );
-
-    return( status );
+    return( psa_aead_setup( operation, key, alg ) );
 }
 
 /* Generate a random nonce / IV for multipart AEAD operation */

From 36869706e298e86982587c10903a0d7d4acfd049 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Thu, 19 Aug 2021 19:17:04 +0100
Subject: [PATCH 332/966] Remove duplicated statements in documentation.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto_aead.h | 10 ++--------
 1 file changed, 2 insertions(+), 8 deletions(-)

diff --git a/library/psa_crypto_aead.h b/library/psa_crypto_aead.h
index 38202b6fb4..5ed26d002e 100644
--- a/library/psa_crypto_aead.h
+++ b/library/psa_crypto_aead.h
@@ -159,10 +159,7 @@ psa_status_t mbedtls_psa_aead_decrypt(
  * mbedtls_psa_aead_encrypt_setup(), the operation is reset by the PSA core by a
  * call to mbedtls_psa_aead_abort(). The PSA core may call
  * mbedtls_psa_aead_abort() at any time after the operation has been
- * initialized.
- *
- * After a successful call to mbedtls_psa_aead_encrypt_setup(), the PSA core
- * eventually terminates the operation by calling mbedtls_psa_aead_abort().
+ * initialized, and is required to when the operation is no longer needed.
  *
  * \param[in,out] operation     The operation object to set up. It must have
  *                              been initialized as per the documentation for
@@ -203,10 +200,7 @@ psa_status_t mbedtls_psa_aead_encrypt_setup(
  * mbedtls_psa_aead_decrypt_setup(), the PSA core resets the operation by a
  * call to mbedtls_psa_aead_abort(). The PSA core may call
  * mbedtls_psa_aead_abort() at any time after the operation has been
- * initialized.
- *
- * After a successful call to mbedtls_psa_aead_decrypt_setup(), the PSA core
- * eventually terminates the operation by a call to mbedtls_psa_aead_abort().
+ * initialized, and is required to when the operation is no longer needed.
  *
  * \param[in,out] operation     The operation object to set up. It must have
  *                              been initialized as per the documentation for

From ce0e6a9dea61fa7153c189b2c3b3a07a82e322db Mon Sep 17 00:00:00 2001
From: Mateusz Starzyk <mateusz.starzyk@mobica.com>
Date: Tue, 17 Aug 2021 15:24:32 +0200
Subject: [PATCH 333/966] Require MESSAGE flag in PSA MAC setup.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
---
 library/psa_crypto.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 3574b9842a..f87323c497 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -2329,7 +2329,7 @@ static psa_status_t psa_mac_setup( psa_mac_operation_t *operation,
     status = psa_get_and_lock_key_slot_with_policy(
                  key,
                  &slot,
-                 is_sign ? PSA_KEY_USAGE_SIGN_HASH : PSA_KEY_USAGE_VERIFY_HASH,
+                 is_sign ? PSA_KEY_USAGE_SIGN_MESSAGE : PSA_KEY_USAGE_VERIFY_MESSAGE,
                  alg );
     if( status != PSA_SUCCESS )
         goto exit;
@@ -2514,8 +2514,9 @@ static psa_status_t psa_mac_compute_internal( mbedtls_svc_key_id_t key,
     uint8_t operation_mac_size = 0;
 
     status = psa_get_and_lock_key_slot_with_policy(
-                 key, &slot,
-                 is_sign ? PSA_KEY_USAGE_SIGN_HASH : PSA_KEY_USAGE_VERIFY_HASH,
+                 key,
+                 &slot,
+                 is_sign ? PSA_KEY_USAGE_SIGN_MESSAGE : PSA_KEY_USAGE_VERIFY_MESSAGE,
                  alg );
     if( status != PSA_SUCCESS )
         goto exit;

From cb0a7cd142257658c116a10c9d2926ba1b46bab6 Mon Sep 17 00:00:00 2001
From: Mateusz Starzyk <mateusz.starzyk@mobica.com>
Date: Thu, 19 Aug 2021 15:11:50 +0200
Subject: [PATCH 334/966] Fix mac_key_policy test function

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
---
 tests/suites/test_suite_psa_crypto.function | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 150a3f43e3..3fe512e8e7 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -818,7 +818,7 @@ void mac_key_policy( int policy_usage_arg,
                 mbedtls_test_update_key_usage_flags( policy_usage ) );
 
     status = psa_mac_sign_setup( &operation, key, exercise_alg );
-    if( ( policy_usage & PSA_KEY_USAGE_SIGN_HASH ) == 0 )
+    if( ( mbedtls_test_update_key_usage_flags(policy_usage) & PSA_KEY_USAGE_SIGN_MESSAGE ) == 0 )
         TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
     else
         TEST_EQUAL( status, expected_status );
@@ -827,7 +827,7 @@ void mac_key_policy( int policy_usage_arg,
 
     memset( mac, 0, sizeof( mac ) );
     status = psa_mac_verify_setup( &operation, key, exercise_alg );
-    if( ( policy_usage & PSA_KEY_USAGE_VERIFY_HASH ) == 0 )
+    if( ( mbedtls_test_update_key_usage_flags(policy_usage) & PSA_KEY_USAGE_VERIFY_MESSAGE ) == 0 )
         TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
     else
         TEST_EQUAL( status, expected_status );

From 1f6c3aeb63a40c22af17311ea3a8cf6e3f02e554 Mon Sep 17 00:00:00 2001
From: Joe Subbiani <joe.subbiani@arm.com>
Date: Fri, 20 Aug 2021 11:44:44 +0100
Subject: [PATCH 335/966] Tidy up ssl_*.c grouped MBEDTLS_BYTE_x macros

exchange groups of the byte reading macros with MBEDTLS_PUT_UINTxyz
and then shift the pointer afterwards. Easier to read as you can
see how big the data is that you are putting in, and in the case of
UINT32 AND UINT64 it saves some vertical space.

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
---
 library/ssl_cli.c | 121 +++++++++++++++++++++++-----------------------
 library/ssl_srv.c |  59 +++++++++++-----------
 library/ssl_tls.c |  62 +++++++-----------------
 3 files changed, 106 insertions(+), 136 deletions(-)

diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 0e25b6c60a..df32cfdb67 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -136,18 +136,19 @@ static int ssl_write_hostname_ext( mbedtls_ssl_context *ssl,
      * } ServerNameList;
      *
      */
-    *p++ = MBEDTLS_BYTE_1( MBEDTLS_TLS_EXT_SERVERNAME );
-    *p++ = MBEDTLS_BYTE_0( MBEDTLS_TLS_EXT_SERVERNAME );
+    MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SERVERNAME, p, 0 );
+    p += 2;
 
-    *p++ = MBEDTLS_BYTE_1( hostname_len + 5);
-    *p++ = MBEDTLS_BYTE_0( hostname_len + 5);
+    MBEDTLS_PUT_UINT16_BE( hostname_len + 5, p, 0 );
+    p += 2;
 
-    *p++ = MBEDTLS_BYTE_1( hostname_len + 3 );
-    *p++ = MBEDTLS_BYTE_0( hostname_len + 3 );
+    MBEDTLS_PUT_UINT16_BE( hostname_len + 3, p, 0 );
+    p += 2;
 
     *p++ = MBEDTLS_BYTE_0( MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME );
-    *p++ = MBEDTLS_BYTE_1( hostname_len );
-    *p++ = MBEDTLS_BYTE_0( hostname_len );
+
+    MBEDTLS_PUT_UINT16_BE( hostname_len, p, 0 );
+    p += 2;
 
     memcpy( p, ssl->hostname, hostname_len );
 
@@ -181,8 +182,8 @@ static int ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl,
     /*
      * Secure renegotiation
      */
-    *p++ = MBEDTLS_BYTE_1( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO );
-    *p++ = MBEDTLS_BYTE_0( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO );
+    MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO, p, 0 );
+    p += 2;
 
     *p++ = 0x00;
     *p++ = MBEDTLS_BYTE_0( ssl->verify_data_len + 1 );
@@ -281,14 +282,14 @@ static int ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl,
      * SignatureAndHashAlgorithm
      *   supported_signature_algorithms<2..2^16-2>;
      */
-    *p++ = MBEDTLS_BYTE_1( MBEDTLS_TLS_EXT_SIG_ALG );
-    *p++ = MBEDTLS_BYTE_0( MBEDTLS_TLS_EXT_SIG_ALG );
+    MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SIG_ALG, p, 0 );
+    p += 2;
 
-    *p++ = MBEDTLS_BYTE_1( sig_alg_len + 2 );
-    *p++ = MBEDTLS_BYTE_0( sig_alg_len + 2 );
+    MBEDTLS_PUT_UINT16_BE( sig_alg_len + 2, p, 0 );
+    p += 2;
 
-    *p++ = MBEDTLS_BYTE_1( sig_alg_len );
-    *p++ = MBEDTLS_BYTE_0( sig_alg_len );
+    MBEDTLS_PUT_UINT16_BE( sig_alg_len, p, 0 );
+    p += 2;
 
     *olen = 6 + sig_alg_len;
 
@@ -356,14 +357,14 @@ static int ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl,
         elliptic_curve_list[elliptic_curve_len++] = MBEDTLS_BYTE_0( info->tls_id );
     }
 
-    *p++ = MBEDTLS_BYTE_1( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES );
-    *p++ = MBEDTLS_BYTE_0( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES );
+    MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES, p, 0 );
+    p += 2;
 
-    *p++ = MBEDTLS_BYTE_1( elliptic_curve_len + 2 );
-    *p++ = MBEDTLS_BYTE_0( elliptic_curve_len + 2 );
+    MBEDTLS_PUT_UINT16_BE( elliptic_curve_len + 2, p, 0 );
+    p += 2;
 
-    *p++ = MBEDTLS_BYTE_1( elliptic_curve_len     );
-    *p++ = MBEDTLS_BYTE_0( elliptic_curve_len     );
+    MBEDTLS_PUT_UINT16_BE( elliptic_curve_len, p, 0 );
+    p += 2;
 
     *olen = 6 + elliptic_curve_len;
 
@@ -384,8 +385,8 @@ static int ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl,
         ( "client hello, adding supported_point_formats extension" ) );
     MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 );
 
-    *p++ = MBEDTLS_BYTE_1( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS );
-    *p++ = MBEDTLS_BYTE_0( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS );
+    MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS, p, 0 );
+    p += 2;
 
     *p++ = 0x00;
     *p++ = 2;
@@ -421,8 +422,8 @@ static int ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl,
 
     MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 );
 
-    *p++ = MBEDTLS_BYTE_1( MBEDTLS_TLS_EXT_ECJPAKE_KKPP );
-    *p++ = MBEDTLS_BYTE_0( MBEDTLS_TLS_EXT_ECJPAKE_KKPP );
+    MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_ECJPAKE_KKPP, p, 0 );
+    p += 2;
 
     /*
      * We may need to send ClientHello multiple times for Hello verification.
@@ -464,8 +465,8 @@ static int ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl,
         memcpy( p + 2, ssl->handshake->ecjpake_cache, kkpp_len );
     }
 
-    *p++ = MBEDTLS_BYTE_1( kkpp_len );
-    *p++ = MBEDTLS_BYTE_0( kkpp_len );
+    MBEDTLS_PUT_UINT16_BE( kkpp_len, p, 0 );
+    p += 2;
 
     *olen = kkpp_len + 4;
 
@@ -504,11 +505,11 @@ static int ssl_write_cid_ext( mbedtls_ssl_context *ssl,
     MBEDTLS_SSL_CHK_BUF_PTR( p, end, (unsigned)( ssl->own_cid_len + 5 ) );
 
     /* Add extension ID + size */
-    *p++ = MBEDTLS_BYTE_1( MBEDTLS_TLS_EXT_CID );
-    *p++ = MBEDTLS_BYTE_0( MBEDTLS_TLS_EXT_CID );
+    MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_CID, p, 0 );
+    p += 2;
     ext_len = (size_t) ssl->own_cid_len + 1;
-    *p++ = MBEDTLS_BYTE_1( ext_len );
-    *p++ = MBEDTLS_BYTE_0( ext_len );
+    MBEDTLS_PUT_UINT16_BE( ext_len, p, 0 );
+    p += 2;
 
     *p++ = (uint8_t) ssl->own_cid_len;
     memcpy( p, ssl->own_cid, ssl->own_cid_len );
@@ -537,8 +538,8 @@ static int ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl,
 
     MBEDTLS_SSL_CHK_BUF_PTR( p, end, 5 );
 
-    *p++ = MBEDTLS_BYTE_1( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH );
-    *p++ = MBEDTLS_BYTE_0( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH );
+    MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH, p, 0 );
+    p += 2;
 
     *p++ = 0x00;
     *p++ = 1;
@@ -569,8 +570,8 @@ static int ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl,
 
     MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 );
 
-    *p++ = MBEDTLS_BYTE_1( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC );
-    *p++ = MBEDTLS_BYTE_0( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC );
+    MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC, p, 0 );
+    p += 2;
 
     *p++ = 0x00;
     *p++ = 0x00;
@@ -599,8 +600,8 @@ static int ssl_write_extended_ms_ext( mbedtls_ssl_context *ssl,
 
     MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 );
 
-    *p++ = MBEDTLS_BYTE_1( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET );
-    *p++ = MBEDTLS_BYTE_0( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET );
+    MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET, p, 0 );
+    p += 2;
 
     *p++ = 0x00;
     *p++ = 0x00;
@@ -631,11 +632,11 @@ static int ssl_write_session_ticket_ext( mbedtls_ssl_context *ssl,
     /* The addition is safe here since the ticket length is 16 bit. */
     MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 + tlen );
 
-    *p++ = MBEDTLS_BYTE_1( MBEDTLS_TLS_EXT_SESSION_TICKET );
-    *p++ = MBEDTLS_BYTE_0( MBEDTLS_TLS_EXT_SESSION_TICKET );
+    MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SESSION_TICKET, p, 0 );
+    p += 2;
 
-    *p++ = MBEDTLS_BYTE_1( tlen );
-    *p++ = MBEDTLS_BYTE_0( tlen );
+    MBEDTLS_PUT_UINT16_BE( tlen, p, 0 );
+    p += 2;
 
     *olen = 4;
 
@@ -675,8 +676,8 @@ static int ssl_write_alpn_ext( mbedtls_ssl_context *ssl,
 
     MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 + alpnlen );
 
-    *p++ = MBEDTLS_BYTE_1( MBEDTLS_TLS_EXT_ALPN );
-    *p++ = MBEDTLS_BYTE_0( MBEDTLS_TLS_EXT_ALPN );
+    MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_ALPN, p, 0 );
+    p += 2;
 
     /*
      * opaque ProtocolName<1..2^8-1>;
@@ -758,12 +759,11 @@ static int ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl,
      */
     MBEDTLS_SSL_CHK_BUF_PTR( p, end, ext_len + 4 );
 
-    *p++ = MBEDTLS_BYTE_1( MBEDTLS_TLS_EXT_USE_SRTP );
-    *p++ = MBEDTLS_BYTE_0( MBEDTLS_TLS_EXT_USE_SRTP );
+    MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_USE_SRTP, p, 0 );
+    p += 2;
 
-
-    *p++ = MBEDTLS_BYTE_1( ext_len );
-    *p++ = MBEDTLS_BYTE_0( ext_len );
+    MBEDTLS_PUT_UINT16_BE( ext_len, p, 0 );
+    p += 2;
 
     /* protection profile length: 2*(ssl->conf->dtls_srtp_profile_list_len) */
     /* micro-optimization:
@@ -786,8 +786,9 @@ static int ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl,
         {
             MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_write_use_srtp_ext, add profile: %04x",
                                         profile_value ) );
-            *p++ = MBEDTLS_BYTE_1( profile_value );
-            *p++ = MBEDTLS_BYTE_0( profile_value );
+            MBEDTLS_PUT_UINT16_BE( profile_value, p, 0 );
+            p += 2;
+
         }
         else
         {
@@ -855,10 +856,8 @@ static int ssl_generate_random( mbedtls_ssl_context *ssl )
 
 #if defined(MBEDTLS_HAVE_TIME)
     t = mbedtls_time( NULL );
-    *p++ = MBEDTLS_BYTE_3( t );
-    *p++ = MBEDTLS_BYTE_2( t );
-    *p++ = MBEDTLS_BYTE_1( t );
-    *p++ = MBEDTLS_BYTE_0( t );
+    MBEDTLS_PUT_UINT32_BE( t, p, 0 );
+    p += 4;
 
     MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, current time: %" MBEDTLS_PRINTF_LONGLONG,
                                 (long long) t ) );
@@ -1141,8 +1140,8 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
         MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
 
         n++;
-        *p++ = MBEDTLS_BYTE_1( ciphersuites[i] );
-        *p++ = MBEDTLS_BYTE_0( ciphersuites[i] );
+        MBEDTLS_PUT_UINT16_BE( ciphersuites[i], p, 0 );
+        p += 2;
     }
 
     MBEDTLS_SSL_DEBUG_MSG( 3,
@@ -1157,8 +1156,8 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
     {
         MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding EMPTY_RENEGOTIATION_INFO_SCSV" ) );
         MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
-        *p++ = MBEDTLS_BYTE_1( MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO );
-        *p++ = MBEDTLS_BYTE_0( MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO );
+        MBEDTLS_PUT_UINT16_BE( MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO, p, 0 );
+        p += 2;
         n++;
     }
 
@@ -1321,8 +1320,8 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
     {
         /* No need to check for space here, because the extension
          * writing functions already took care of that. */
-        *p++ = MBEDTLS_BYTE_1( ext_len );
-        *p++ = MBEDTLS_BYTE_0( ext_len );
+        MBEDTLS_PUT_UINT16_BE( ext_len, p, 0 );
+        p += 2;
         p += ext_len;
     }
 
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index a791b80764..c63af7a32a 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -1970,12 +1970,11 @@ static void ssl_write_cid_ext( mbedtls_ssl_context *ssl,
      *      opaque cid<0..2^8-1>;
      *   } ConnectionId;
     */
-
-    *p++ = MBEDTLS_BYTE_1( MBEDTLS_TLS_EXT_CID );
-    *p++ = MBEDTLS_BYTE_0( MBEDTLS_TLS_EXT_CID );
+    MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_CID, p, 0 );
+    p += 2;
     ext_len = (size_t) ssl->own_cid_len + 1;
-    *p++ = MBEDTLS_BYTE_1( ext_len );
-    *p++ = MBEDTLS_BYTE_0( ext_len );
+    MBEDTLS_PUT_UINT16_BE( ext_len, p, 0 );
+    p += 2;
 
     *p++ = (uint8_t) ssl->own_cid_len;
     memcpy( p, ssl->own_cid, ssl->own_cid_len );
@@ -2016,8 +2015,8 @@ static void ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl,
 
     MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding encrypt then mac extension" ) );
 
-    *p++ = MBEDTLS_BYTE_1( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC );
-    *p++ = MBEDTLS_BYTE_0( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC );
+    MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC, p, 0 );
+    p += 2;
 
     *p++ = 0x00;
     *p++ = 0x00;
@@ -2042,8 +2041,8 @@ static void ssl_write_extended_ms_ext( mbedtls_ssl_context *ssl,
     MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding extended master secret "
                         "extension" ) );
 
-    *p++ = MBEDTLS_BYTE_1( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET );
-    *p++ = MBEDTLS_BYTE_0( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET );
+    MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET, p, 0 );
+    p += 2;
 
     *p++ = 0x00;
     *p++ = 0x00;
@@ -2067,8 +2066,8 @@ static void ssl_write_session_ticket_ext( mbedtls_ssl_context *ssl,
 
     MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding session ticket extension" ) );
 
-    *p++ = MBEDTLS_BYTE_1( MBEDTLS_TLS_EXT_SESSION_TICKET );
-    *p++ = MBEDTLS_BYTE_0( MBEDTLS_TLS_EXT_SESSION_TICKET );
+    MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SESSION_TICKET, p, 0 );
+    p += 2;
 
     *p++ = 0x00;
     *p++ = 0x00;
@@ -2091,8 +2090,8 @@ static void ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl,
 
     MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, secure renegotiation extension" ) );
 
-    *p++ = MBEDTLS_BYTE_1( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO );
-    *p++ = MBEDTLS_BYTE_0( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO );
+    MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO, p, 0 );
+    p += 2;
 
 #if defined(MBEDTLS_SSL_RENEGOTIATION)
     if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE )
@@ -2132,8 +2131,8 @@ static void ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl,
 
     MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, max_fragment_length extension" ) );
 
-    *p++ = MBEDTLS_BYTE_1( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH );
-    *p++ = MBEDTLS_BYTE_0( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH );
+    MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH, p, 0 );
+    p += 2;
 
     *p++ = 0x00;
     *p++ = 1;
@@ -2162,8 +2161,8 @@ static void ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl,
 
     MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, supported_point_formats extension" ) );
 
-    *p++ = MBEDTLS_BYTE_1( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS );
-    *p++ = MBEDTLS_BYTE_0( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS );
+    MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS, p, 0 );
+    p += 2;
 
     *p++ = 0x00;
     *p++ = 2;
@@ -2200,8 +2199,8 @@ static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl,
         return;
     }
 
-    *p++ = MBEDTLS_BYTE_1( MBEDTLS_TLS_EXT_ECJPAKE_KKPP );
-    *p++ = MBEDTLS_BYTE_0( MBEDTLS_TLS_EXT_ECJPAKE_KKPP );
+    MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_ECJPAKE_KKPP, p, 0 );
+    p += 2;
 
     ret = mbedtls_ecjpake_write_round_one( &ssl->handshake->ecjpake_ctx,
                                         p + 2, end - p - 2, &kkpp_len,
@@ -2212,8 +2211,8 @@ static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl,
         return;
     }
 
-    *p++ = MBEDTLS_BYTE_1( kkpp_len );
-    *p++ = MBEDTLS_BYTE_0( kkpp_len );
+    MBEDTLS_PUT_UINT16_BE( kkpp_len, p, 0 );
+    p += 2;
 
     *olen = kkpp_len + 4;
 }
@@ -2488,10 +2487,8 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
 
 #if defined(MBEDTLS_HAVE_TIME)
     t = mbedtls_time( NULL );
-    *p++ = MBEDTLS_BYTE_3( t );
-    *p++ = MBEDTLS_BYTE_2( t );
-    *p++ = MBEDTLS_BYTE_1( t );
-    *p++ = MBEDTLS_BYTE_0( t );
+    MBEDTLS_PUT_UINT32_BE( t, p, 0 );
+    p += 4;
 
     MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %" MBEDTLS_PRINTF_LONGLONG,
                                 (long long) t ) );
@@ -2572,8 +2569,8 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
     MBEDTLS_SSL_DEBUG_MSG( 3, ( "%s session has been resumed",
                    ssl->handshake->resume ? "a" : "no" ) );
 
-    *p++ = MBEDTLS_BYTE_1( ssl->session_negotiate->ciphersuite );
-    *p++ = MBEDTLS_BYTE_0( ssl->session_negotiate->ciphersuite );
+    MBEDTLS_PUT_UINT16_BE( ssl->session_negotiate->ciphersuite, p, 0 );
+    p += 2;
     *p++ = MBEDTLS_BYTE_0( ssl->session_negotiate->compression );
 
     MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %s",
@@ -2642,8 +2639,8 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
 
     if( ext_len > 0 )
     {
-        *p++ = MBEDTLS_BYTE_1( ext_len );
-        *p++ = MBEDTLS_BYTE_0( ext_len );
+        MBEDTLS_PUT_UINT16_BE( ext_len, p, 0 );
+        p += 2;
         p += ext_len;
     }
 
@@ -2819,8 +2816,8 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
                 break;
             }
 
-            *p++ = MBEDTLS_BYTE_1( dn_size );
-            *p++ = MBEDTLS_BYTE_0( dn_size );
+            MBEDTLS_PUT_UINT16_BE( dn_size, p, 0 );
+            p += 2;
             memcpy( p, crt->subject_raw.p, dn_size );
             p += dn_size;
 
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 33f026f4d1..abf4c0f5f2 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -4664,14 +4664,8 @@ static size_t ssl_session_save_tls12( const mbedtls_ssl_session *session,
     {
         start = (uint64_t) session->start;
 
-        *p++ = MBEDTLS_BYTE_7( start );
-        *p++ = MBEDTLS_BYTE_6( start );
-        *p++ = MBEDTLS_BYTE_5( start );
-        *p++ = MBEDTLS_BYTE_4( start );
-        *p++ = MBEDTLS_BYTE_3( start );
-        *p++ = MBEDTLS_BYTE_2( start );
-        *p++ = MBEDTLS_BYTE_1( start );
-        *p++ = MBEDTLS_BYTE_0( start );
+        MBEDTLS_PUT_UINT64_BE( start, p, 0 );
+        p += 8;
     }
 #endif /* MBEDTLS_HAVE_TIME */
 
@@ -4687,8 +4681,8 @@ static size_t ssl_session_save_tls12( const mbedtls_ssl_session *session,
 
     if( used <= buf_len )
     {
-        *p++ = MBEDTLS_BYTE_1( session->ciphersuite );
-        *p++ = MBEDTLS_BYTE_0( session->ciphersuite );
+        MBEDTLS_PUT_UINT16_BE( session->ciphersuite, p, 0 );
+        p += 2;
 
         *p++ = MBEDTLS_BYTE_0( session->compression );
 
@@ -4699,10 +4693,8 @@ static size_t ssl_session_save_tls12( const mbedtls_ssl_session *session,
         memcpy( p, session->master, 48 );
         p += 48;
 
-        *p++ = MBEDTLS_BYTE_3( session->verify_result );
-        *p++ = MBEDTLS_BYTE_2( session->verify_result );
-        *p++ = MBEDTLS_BYTE_1( session->verify_result );
-        *p++ = MBEDTLS_BYTE_0( session->verify_result );
+        MBEDTLS_PUT_UINT32_BE( session->verify_result, p, 0 );
+        p += 4;
     }
 
     /*
@@ -4772,10 +4764,8 @@ static size_t ssl_session_save_tls12( const mbedtls_ssl_session *session,
             p += session->ticket_len;
         }
 
-        *p++ = MBEDTLS_BYTE_3( session->ticket_lifetime );
-        *p++ = MBEDTLS_BYTE_2( session->ticket_lifetime );
-        *p++ = MBEDTLS_BYTE_1( session->ticket_lifetime );
-        *p++ = MBEDTLS_BYTE_0( session->ticket_lifetime );
+        MBEDTLS_PUT_UINT32_BE( session->ticket_lifetime, p, 0 );
+        p += 4;
     }
 #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
 
@@ -5713,10 +5703,8 @@ int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl,
     used += 4 + session_len;
     if( used <= buf_len )
     {
-        *p++ = MBEDTLS_BYTE_3( session_len );
-        *p++ = MBEDTLS_BYTE_2( session_len );
-        *p++ = MBEDTLS_BYTE_1( session_len );
-        *p++ = MBEDTLS_BYTE_0( session_len );
+        MBEDTLS_PUT_UINT32_BE( session_len, p, 0 );
+        p += 4;
 
         ret = ssl_session_save( ssl->session, 1,
                                 p, session_len, &session_len );
@@ -5757,33 +5745,19 @@ int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl,
     used += 4;
     if( used <= buf_len )
     {
-        *p++ = MBEDTLS_BYTE_3( ssl->badmac_seen );
-        *p++ = MBEDTLS_BYTE_2( ssl->badmac_seen );
-        *p++ = MBEDTLS_BYTE_1( ssl->badmac_seen );
-        *p++ = MBEDTLS_BYTE_0( ssl->badmac_seen );
+        MBEDTLS_PUT_UINT32_BE( ssl->badmac_seen, p, 0 );
+        p += 4;
     }
 
 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
     used += 16;
     if( used <= buf_len )
     {
-        *p++ = MBEDTLS_BYTE_7( ssl->in_window_top );
-        *p++ = MBEDTLS_BYTE_6( ssl->in_window_top );
-        *p++ = MBEDTLS_BYTE_5( ssl->in_window_top );
-        *p++ = MBEDTLS_BYTE_4( ssl->in_window_top );
-        *p++ = MBEDTLS_BYTE_3( ssl->in_window_top );
-        *p++ = MBEDTLS_BYTE_2( ssl->in_window_top );
-        *p++ = MBEDTLS_BYTE_1( ssl->in_window_top );
-        *p++ = MBEDTLS_BYTE_0( ssl->in_window_top );
+        MBEDTLS_PUT_UINT64_BE( ssl->in_window_top, p, 0 );
+        p += 8;
 
-        *p++ = MBEDTLS_BYTE_7( ssl->in_window );
-        *p++ = MBEDTLS_BYTE_6( ssl->in_window );
-        *p++ = MBEDTLS_BYTE_5( ssl->in_window );
-        *p++ = MBEDTLS_BYTE_4( ssl->in_window );
-        *p++ = MBEDTLS_BYTE_3( ssl->in_window );
-        *p++ = MBEDTLS_BYTE_2( ssl->in_window );
-        *p++ = MBEDTLS_BYTE_1( ssl->in_window );
-        *p++ = MBEDTLS_BYTE_0( ssl->in_window );
+        MBEDTLS_PUT_UINT64_BE( ssl->in_window, p, 0 );
+        p += 8;
     }
 #endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */
 
@@ -5806,8 +5780,8 @@ int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl,
     used += 2;
     if( used <= buf_len )
     {
-        *p++ = MBEDTLS_BYTE_1( ssl->mtu );
-        *p++ = MBEDTLS_BYTE_0( ssl->mtu );
+        MBEDTLS_PUT_UINT16_BE( ssl->mtu, p, 0 );
+        p += 2;
     }
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 

From e4603eece9aa216190edb5edd0dd3f51cf47df48 Mon Sep 17 00:00:00 2001
From: Joe Subbiani <joe.subbiani@arm.com>
Date: Fri, 20 Aug 2021 13:05:30 +0100
Subject: [PATCH 336/966] Compress byte reading macros in if statements

exchange MBEDTLS_BYTE_x in if statements with MBEDTLS_GET_UINT16_BE

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
---
 library/ssl_srv.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index c63af7a32a..1841b55790 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -1848,8 +1848,7 @@ read_record_header:
         for( j = 0, p = buf + ciph_offset + 2; j < ciph_len; j += 2, p += 2 )
             for( i = 0; ciphersuites[i] != 0; i++ )
             {
-                if( p[0] != MBEDTLS_BYTE_1( ciphersuites[i] ) ||
-                    p[1] != MBEDTLS_BYTE_0( ciphersuites[i] ))
+                if( MBEDTLS_GET_UINT16_BE(p, 0) != ciphersuites[i] )
                     continue;
 
                 got_common_suite = 1;
@@ -1865,8 +1864,7 @@ read_record_header:
         for( i = 0; ciphersuites[i] != 0; i++ )
             for( j = 0, p = buf + ciph_offset + 2; j < ciph_len; j += 2, p += 2 )
             {
-                if( p[0] != MBEDTLS_BYTE_1( ciphersuites[i] ) ||
-                    p[1] != MBEDTLS_BYTE_0( ciphersuites[i] ))
+                if( MBEDTLS_GET_UINT16_BE(p, 0) != ciphersuites[i] )
                     continue;
 
                 got_common_suite = 1;

From 94180e708ff9496f7b3bc6bfe50bdaab7226ba34 Mon Sep 17 00:00:00 2001
From: Joe Subbiani <joe.subbiani@arm.com>
Date: Fri, 20 Aug 2021 16:20:44 +0100
Subject: [PATCH 337/966] Minor coding style improvement

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
---
 library/ssl_cli.c | 4 +---
 library/ssl_srv.c | 3 +--
 2 files changed, 2 insertions(+), 5 deletions(-)

diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index df32cfdb67..9120aa2f75 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -788,7 +788,6 @@ static int ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl,
                                         profile_value ) );
             MBEDTLS_PUT_UINT16_BE( profile_value, p, 0 );
             p += 2;
-
         }
         else
         {
@@ -1321,8 +1320,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
         /* No need to check for space here, because the extension
          * writing functions already took care of that. */
         MBEDTLS_PUT_UINT16_BE( ext_len, p, 0 );
-        p += 2;
-        p += ext_len;
+        p += 2 + ext_len;
     }
 
     ssl->out_msglen  = p - buf;
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 1841b55790..b8c4314846 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -2638,8 +2638,7 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
     if( ext_len > 0 )
     {
         MBEDTLS_PUT_UINT16_BE( ext_len, p, 0 );
-        p += 2;
-        p += ext_len;
+        p += 2 + ext_len;
     }
 
     ssl->out_msglen  = p - buf;

From 3879c345ec95be0150b9d076b47a8f83edd250a4 Mon Sep 17 00:00:00 2001
From: Mateusz Starzyk <mateusz.starzyk@mobica.com>
Date: Mon, 23 Aug 2021 10:56:06 +0200
Subject: [PATCH 338/966] Fix typo in the changelog for chunked CCM.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
---
 ChangeLog.d/chunked_ccm.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ChangeLog.d/chunked_ccm.txt b/ChangeLog.d/chunked_ccm.txt
index 4e3065f906..67faecca5e 100644
--- a/ChangeLog.d/chunked_ccm.txt
+++ b/ChangeLog.d/chunked_ccm.txt
@@ -3,6 +3,6 @@ Changes
      The multi-part functions: mbedtls_ccm_starts(), mbedtls_ccm_set_lengths(),
      mbedtls_ccm_update_ad(), mbedtls_ccm_update(), mbedtls_ccm_finish()
      were introduced in mbedTLS 3.0 release, however their implementation was
-     postponed util now.
+     postponed until now.
      Implemented functions support chunked data input for both CCM and CCM*
      algorithms.

From 90cc33aad60b14a7425f751c0d0f2494ac2dd782 Mon Sep 17 00:00:00 2001
From: Andrey Starodubtsev <andrey.starodubtsev@gmail.com>
Date: Mon, 23 Aug 2021 12:14:56 +0300
Subject: [PATCH 339/966] Misprint was fixed

Signed-off-by: Andrey Starodubtsev <andrey.starodubtsev@gmail.com>
---
 include/mbedtls/ssl.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index f08fc89a5b..3cb896cb4c 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -602,7 +602,7 @@ typedef int mbedtls_ssl_recv_t( void *ctx,
  * \param ctx      Context for the receive callback (typically a file descriptor)
  * \param buf      Buffer to write the received data to
  * \param len      Length of the receive buffer
- * \param timeout  Maximum nomber of millisecondes to wait for data
+ * \param timeout  Maximum number of milliseconds to wait for data
  *                 0 means no timeout (potentially waiting forever)
  *
  * \return         The callback must return the number of bytes received,

From a5cb0d24d4737fa02ff9c0df315a582558c0ecc8 Mon Sep 17 00:00:00 2001
From: Joe Subbiani <joe.subbiani@arm.com>
Date: Mon, 23 Aug 2021 11:35:25 +0100
Subject: [PATCH 340/966] Tidy up grouped MBEDTLS_BYTE_x macros

exchange groups of the byte reading macros with MBEDTLS_PUT_UINTxyz
and then shift the pointer afterwards. Easier to read as you can
see how big the data is that you are putting in, and in the case of
UINT32 AND UINT64 it saves some vertical space.

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
---
 library/ctr_drbg.c |  7 ++-----
 library/ecjpake.c  | 11 +++--------
 library/ssl_tls.c  | 18 ++++++++----------
 3 files changed, 13 insertions(+), 23 deletions(-)

diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c
index 68b32a366b..93a7cdcd1f 100644
--- a/library/ctr_drbg.c
+++ b/library/ctr_drbg.c
@@ -152,11 +152,8 @@ static int block_cipher_df( unsigned char *output,
      *     (Total is padded to a multiple of 16-bytes with zeroes)
      */
     p = buf + MBEDTLS_CTR_DRBG_BLOCKSIZE;
-    *p++ = MBEDTLS_BYTE_3( data_len );
-    *p++ = MBEDTLS_BYTE_2( data_len );
-    *p++ = MBEDTLS_BYTE_1( data_len );
-    *p++ = MBEDTLS_BYTE_0( data_len );
-    p += 3;
+    MBEDTLS_PUT_UINT32_BE( data_len, p, 0);
+    p += 4 + 3;
     *p++ = MBEDTLS_CTR_DRBG_SEEDLEN;
     memcpy( p, data, data_len );
     p[data_len] = 0x80;
diff --git a/library/ecjpake.c b/library/ecjpake.c
index a599b1ba48..738a97719c 100644
--- a/library/ecjpake.c
+++ b/library/ecjpake.c
@@ -180,10 +180,7 @@ static int ecjpake_write_len_point( unsigned char **p,
     if( ret != 0 )
         return( ret );
 
-    (*p)[0] = MBEDTLS_BYTE_3( len );
-    (*p)[1] = MBEDTLS_BYTE_2( len );
-    (*p)[2] = MBEDTLS_BYTE_1( len );
-    (*p)[3] = MBEDTLS_BYTE_0( len );
+    MBEDTLS_PUT_UINT32_BE( len, *p, 0 );
 
     *p += 4 + len;
 
@@ -223,10 +220,8 @@ static int ecjpake_hash( const mbedtls_md_info_t *md_info,
     if( end - p < 4 )
         return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
 
-    *p++ = MBEDTLS_BYTE_3( id_len );
-    *p++ = MBEDTLS_BYTE_2( id_len );
-    *p++ = MBEDTLS_BYTE_1( id_len );
-    *p++ = MBEDTLS_BYTE_0( id_len );
+    MBEDTLS_PUT_UINT32_BE( id_len, p, 0 );
+    p += 4;
 
     if( end < p || (size_t)( end - p ) < id_len )
         return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index abf4c0f5f2..5cd47e6ce5 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1487,8 +1487,8 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch
         if( end - p < 2 )
             return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
 
-        *(p++) = MBEDTLS_BYTE_1( psk_len );
-        *(p++) = MBEDTLS_BYTE_0( psk_len );
+        MBEDTLS_PUT_UINT16_BE( psk_len, p, 0 );
+        p += 2;
 
         if( end < p || (size_t)( end - p ) < psk_len )
             return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
@@ -1528,9 +1528,8 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch
             MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_calc_secret", ret );
             return( ret );
         }
-        *(p++) = MBEDTLS_BYTE_1( len );
-        *(p++) = MBEDTLS_BYTE_0( len );
-        p += len;
+        MBEDTLS_PUT_UINT16_BE( len, p, 0 );
+        p += 2 + len;
 
         MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: K ", &ssl->handshake->dhm_ctx.K  );
     }
@@ -1550,9 +1549,8 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch
             return( ret );
         }
 
-        *(p++) = MBEDTLS_BYTE_1( zlen );
-        *(p++) = MBEDTLS_BYTE_0( zlen );
-        p += zlen;
+        MBEDTLS_PUT_UINT16_BE( zlen, p, 0 );
+        p += 2 + zlen;
 
         MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
                                 MBEDTLS_DEBUG_ECDH_Z );
@@ -1568,8 +1566,8 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch
     if( end - p < 2 )
         return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
 
-    *(p++) = MBEDTLS_BYTE_1( psk_len );
-    *(p++) = MBEDTLS_BYTE_0( psk_len );
+    MBEDTLS_PUT_UINT16_BE( psk_len, p, 0 );
+    p += 2;
 
     if( end < p || (size_t)( end - p ) < psk_len )
         return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );

From fc1e9ffcb21fa4e6b23f912522f821c64e12da28 Mon Sep 17 00:00:00 2001
From: Yuto Takano <yuto.takano@arm.com>
Date: Mon, 23 Aug 2021 13:54:56 +0100
Subject: [PATCH 341/966] Use Abstract Base Classes to ensure Problem is not
 instantiated

- Problem() is a parent abstract class that should only be used for
  subclassing.
- With the help of ABC, implement abstract methods that force
  subclasses to implement quiet and verbose outputs.
- The repeated logic of "if self.quiet" is consolidated in Problem.

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
---
 tests/scripts/check_names.py | 60 ++++++++++++++++++++++++++----------
 1 file changed, 43 insertions(+), 17 deletions(-)

diff --git a/tests/scripts/check_names.py b/tests/scripts/check_names.py
index 0eba96740c..a9aa118ea4 100755
--- a/tests/scripts/check_names.py
+++ b/tests/scripts/check_names.py
@@ -42,6 +42,7 @@ The script returns 0 on success, 1 on test failure, and 2 if there is a script
 error. It must be run from Mbed TLS root.
 """
 
+import abc
 import argparse
 import glob
 import textwrap
@@ -92,9 +93,11 @@ class Match(): # pylint: disable=too-few-public-methods
             " {0} | {1}\n".format(" " * len(gutter), underline)
         )
 
-class Problem(): # pylint: disable=too-few-public-methods
+class Problem(abc.ABC): # pylint: disable=too-few-public-methods
     """
-    A parent class representing a form of static analysis error.
+    An abstract parent class representing a form of static analysis error.
+    It extends an Abstract Base Class, which means it is not instantiable, and
+    it also mandates certain abstract methods to be implemented in subclasses.
     """
     # Class variable to control the quietness of all problems
     quiet = False
@@ -104,6 +107,28 @@ class Problem(): # pylint: disable=too-few-public-methods
         self.textwrapper.initial_indent = "    > "
         self.textwrapper.subsequent_indent = "      "
 
+    def __str__(self):
+        """
+        Unified string representation method for all Problems.
+        """
+        if self.__class__.quiet:
+            return self.quiet_output()
+        return self.verbose_output()
+
+    @abc.abstractmethod
+    def quiet_output(self):
+        """
+        The output when --quiet is enabled.
+        """
+        pass
+
+    @abc.abstractmethod
+    def verbose_output(self):
+        """
+        The default output with explanation and code snippet if appropriate.
+        """
+        pass
+
 class SymbolNotInHeader(Problem): # pylint: disable=too-few-public-methods
     """
     A problem that occurs when an exported/available symbol in the object file
@@ -117,10 +142,10 @@ class SymbolNotInHeader(Problem): # pylint: disable=too-few-public-methods
         self.symbol_name = symbol_name
         Problem.__init__(self)
 
-    def __str__(self):
-        if self.quiet:
-            return "{0}".format(self.symbol_name)
+    def quiet_output(self):
+        return "{0}".format(self.symbol_name)
 
+    def verbose_output(self):
         return self.textwrapper.fill(
             "'{0}' was found as an available symbol in the output of nm, "
             "however it was not declared in any header files."
@@ -140,13 +165,14 @@ class PatternMismatch(Problem): # pylint: disable=too-few-public-methods
         self.match = match
         Problem.__init__(self)
 
-    def __str__(self):
-        if self.quiet:
-            return (
-                "{0}:{1}:{2}"
-                .format(self.match.filename, self.match.line_no, self.match.name)
-            )
 
+    def quiet_output(self):
+        return (
+            "{0}:{1}:{2}"
+            .format(self.match.filename, self.match.line_no, self.match.name)
+        )
+
+    def verbose_output(self):
         return self.textwrapper.fill(
             "{0}:{1}: '{2}' does not match the required pattern '{3}'."
             .format(
@@ -169,13 +195,13 @@ class Typo(Problem): # pylint: disable=too-few-public-methods
         self.match = match
         Problem.__init__(self)
 
-    def __str__(self):
-        if self.quiet:
-            return (
-                "{0}:{1}:{2}"
-                .format(self.match.filename, self.match.line_no, self.match.name)
-            )
+    def quiet_output(self):
+        return (
+            "{0}:{1}:{2}"
+            .format(self.match.filename, self.match.line_no, self.match.name)
+        )
 
+    def verbose_output(self):
         return self.textwrapper.fill(
             "{0}:{1}: '{2}' looks like a typo. It was not found in any "
             "macros or any enums. If this is not a typo, put "

From d07f4fc30fec6dcb6d79313b13ebd928559eef24 Mon Sep 17 00:00:00 2001
From: Mateusz Starzyk <mateusz.starzyk@mobica.com>
Date: Tue, 24 Aug 2021 11:01:23 +0200
Subject: [PATCH 342/966] Use separate expected results for MAC sign and verify
 key policy.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
---
 tests/suites/test_suite_psa_crypto.data     | 54 ++++++++++-----------
 tests/suites/test_suite_psa_crypto.function | 16 +++---
 2 files changed, 33 insertions(+), 37 deletions(-)

diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index e3e9a5225a..bc4edb2b7b 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -418,111 +418,111 @@ key_attributes_init:
 
 PSA key policy: MAC, SIGN_HASH -> SIGN_HASH+MESSAGE
 depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
-mac_key_policy:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_SUCCESS
+mac_key_policy:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_SUCCESS:PSA_ERROR_NOT_PERMITTED
 
 PSA key policy: MAC, VERIFY_HASH -> VERIFY_HASH+MESSAGE
 depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
-mac_key_policy:PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_SUCCESS
+mac_key_policy:PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_ERROR_NOT_PERMITTED:PSA_SUCCESS
 
 PSA key policy: MAC, SIGN+VERIFY_HASH -> {SIGN,VERIFY}_{HASH,MESSAGE}
 depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
-mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_SUCCESS
+mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_SUCCESS:PSA_SUCCESS
 
 PSA key policy: MAC, {SIGN,VERIFY}_{HASH,MESSAGE}
 depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
-mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_SUCCESS
+mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_SUCCESS:PSA_SUCCESS
 
 PSA key policy: MAC, SIGN_MESSAGE
 depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
-mac_key_policy:PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_SUCCESS
+mac_key_policy:PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_SUCCESS:PSA_ERROR_NOT_PERMITTED
 
 PSA key policy: MAC, VERIFY_MESSAGE
 depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
-mac_key_policy:PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_SUCCESS
+mac_key_policy:PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_ERROR_NOT_PERMITTED:PSA_SUCCESS
 
 PSA key policy: MAC, SIGN+VERIFY_MESSAGE
 depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
-mac_key_policy:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_SUCCESS
+mac_key_policy:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_SUCCESS:PSA_SUCCESS
 
 PSA key policy: MAC, neither sign nor verify
 depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
-mac_key_policy:0:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_ERROR_NOT_PERMITTED
+mac_key_policy:0:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_ERROR_NOT_PERMITTED:PSA_ERROR_NOT_PERMITTED
 
 PSA key policy: MAC, wrong algorithm
 depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_224:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
-mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_224):PSA_ERROR_NOT_PERMITTED
+mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_224):PSA_ERROR_NOT_PERMITTED:PSA_ERROR_NOT_PERMITTED
 
 PSA key policy: MAC, alg=0 in policy
 depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
-mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_ERROR_NOT_PERMITTED
+mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_ERROR_NOT_PERMITTED:PSA_ERROR_NOT_PERMITTED
 
 PSA key policy: MAC, ANY_HASH in policy is not meaningful
 depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
-mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_HMAC(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_ERROR_NOT_PERMITTED
+mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_HMAC(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_ERROR_NOT_PERMITTED:PSA_ERROR_NOT_PERMITTED
 
 PSA key policy: HMAC, sign-verify, tag length > min-length policy
 depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
-mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 30):PSA_SUCCESS
+mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 30):PSA_SUCCESS:PSA_SUCCESS
 
 PSA key policy: HMAC, sign-verify, tag length = min-length policy
 depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
-mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_SUCCESS
+mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_SUCCESS:PSA_SUCCESS
 
 PSA key policy: HMAC, sign-verify, tag length < min-length policy
 depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
-mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 10):PSA_ERROR_NOT_PERMITTED
+mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 10):PSA_ERROR_NOT_PERMITTED:PSA_ERROR_NOT_PERMITTED
 
 PSA key policy: CMAC, sign-verify, tag length > min-length policy
 depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
-mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_CMAC, 10):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_CMAC, 16):PSA_SUCCESS
+mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_CMAC, 10):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_CMAC, 16):PSA_SUCCESS:PSA_SUCCESS
 
 PSA key policy: CMAC, sign-verify, tag length = min-length policy
 depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
-mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_CMAC, 10):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_CMAC, 10):PSA_SUCCESS
+mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_CMAC, 10):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_CMAC, 10):PSA_SUCCESS:PSA_SUCCESS
 
 PSA key policy: CMAC, sign-verify, tag length < min-length policy
 depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
-mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_CMAC, 10):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_CMAC, 8):PSA_ERROR_NOT_PERMITTED
+mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_CMAC, 10):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_CMAC, 8):PSA_ERROR_NOT_PERMITTED:PSA_ERROR_NOT_PERMITTED
 
 PSA key policy: HMAC, sign-verify, default tag length > min-length policy
 depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
-mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 31):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_SUCCESS
+mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 31):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_SUCCESS:PSA_SUCCESS
 
 PSA key policy: HMAC, sign-verify, default tag length = min-length policy
 depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
-mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 32):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_SUCCESS
+mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 32):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_SUCCESS:PSA_SUCCESS
 
 PSA key policy: HMAC, sign-verify, default tag length < min-length policy
 depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
-mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 33):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_ERROR_NOT_PERMITTED
+mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 33):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_ERROR_NOT_PERMITTED:PSA_ERROR_NOT_PERMITTED
 
 PSA key policy: HMAC, sign-verify, min-length policy, unmatched base alg
 depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
-mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_CMAC, 20):PSA_ERROR_NOT_PERMITTED
+mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_CMAC, 20):PSA_ERROR_NOT_PERMITTED:PSA_ERROR_NOT_PERMITTED
 
 PSA key policy: HMAC, sign-verify, min-length policy, unmatched base alg (different hash base)
 depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_224:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
-mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_224), 20):PSA_ERROR_NOT_PERMITTED
+mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_224), 20):PSA_ERROR_NOT_PERMITTED:PSA_ERROR_NOT_PERMITTED
 
 PSA key policy: HMAC, sign-verify, min-length policy, unmatched base alg (different algorithm)
 depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
-mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 10):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_CMAC:PSA_ERROR_NOT_PERMITTED
+mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 10):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_CMAC:PSA_ERROR_NOT_PERMITTED:PSA_ERROR_NOT_PERMITTED
 
 PSA key policy: HMAC, sign-verify, min-length policy used as algorithm
 depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
-mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_ERROR_INVALID_ARGUMENT
+mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_ERROR_INVALID_ARGUMENT:PSA_ERROR_INVALID_ARGUMENT
 
 PSA key policy: HMAC, sign-verify, tag length > exact-length policy
 depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
-mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 10):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_ERROR_NOT_PERMITTED
+mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 10):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_ERROR_NOT_PERMITTED:PSA_ERROR_NOT_PERMITTED
 
 PSA key policy: HMAC, sign-verify, tag length = exact-length policy
 depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
-mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_SUCCESS
+mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_SUCCESS:PSA_SUCCESS
 
 PSA key policy: HMAC, sign-verify, tag length < exact-length policy
 depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
-mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 10):PSA_ERROR_NOT_PERMITTED
+mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 10):PSA_ERROR_NOT_PERMITTED:PSA_ERROR_NOT_PERMITTED
 
 PSA key policy: cipher, encrypt | decrypt
 depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 3fe512e8e7..cde28a8e75 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -792,7 +792,8 @@ void mac_key_policy( int policy_usage_arg,
                      int key_type_arg,
                      data_t *key_data,
                      int exercise_alg_arg,
-                     int expected_status_arg )
+                     int expected_status_sign_arg,
+                     int expected_status_verify_arg )
 {
     mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
     psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -802,7 +803,8 @@ void mac_key_policy( int policy_usage_arg,
     psa_algorithm_t exercise_alg = exercise_alg_arg;
     psa_key_usage_t policy_usage = policy_usage_arg;
     psa_status_t status;
-    psa_status_t expected_status = expected_status_arg;
+    psa_status_t expected_status_sign = expected_status_sign_arg;
+    psa_status_t expected_status_verify = expected_status_verify_arg;
     unsigned char mac[PSA_MAC_MAX_SIZE];
 
     PSA_ASSERT( psa_crypto_init( ) );
@@ -818,19 +820,13 @@ void mac_key_policy( int policy_usage_arg,
                 mbedtls_test_update_key_usage_flags( policy_usage ) );
 
     status = psa_mac_sign_setup( &operation, key, exercise_alg );
-    if( ( mbedtls_test_update_key_usage_flags(policy_usage) & PSA_KEY_USAGE_SIGN_MESSAGE ) == 0 )
-        TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
-    else
-        TEST_EQUAL( status, expected_status );
+    TEST_EQUAL( status, expected_status_sign );
 
     psa_mac_abort( &operation );
 
     memset( mac, 0, sizeof( mac ) );
     status = psa_mac_verify_setup( &operation, key, exercise_alg );
-    if( ( mbedtls_test_update_key_usage_flags(policy_usage) & PSA_KEY_USAGE_VERIFY_MESSAGE ) == 0 )
-        TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
-    else
-        TEST_EQUAL( status, expected_status );
+    TEST_EQUAL( status, expected_status_verify );
 
 exit:
     psa_mac_abort( &operation );

From cadebe5343c40d2e17b4acb24b5024290f63d98d Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Tue, 24 Aug 2021 10:36:45 +0800
Subject: [PATCH 343/966] fix several format and comment issues

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 include/mbedtls/ssl.h | 2 +-
 library/ssl_tls.c     | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 70dc501c0b..d328d23cdb 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -2582,7 +2582,7 @@ int mbedtls_ssl_session_save( const mbedtls_ssl_session *session,
  *                      the server supports.
  *
  * \warning             The ciphersuites array \p ciphersuites is not copied.
- *                      It must remain valid for the lifetime the SSL
+ *                      It must remain valid for the lifetime of the SSL
  *                      configuration \p conf.
  *
  * \param conf          The SSL configuration to modify.
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 4933980cd9..834a23983f 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -3549,7 +3549,7 @@ void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf,
 }
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
-void mbedtls_ssl_conf_tls13_key_exchange_modes( mbedtls_ssl_config* conf,
+void mbedtls_ssl_conf_tls13_key_exchange_modes( mbedtls_ssl_config *conf,
                                                 const int kex_modes )
 {
     conf->tls13_kex_modes = kex_modes;

From 69e0ec46b7db6c90539e360f2275a41821fbdd8b Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Tue, 24 Aug 2021 10:44:15 +0800
Subject: [PATCH 344/966] Replace SHA512_C with SHA384_C

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_ciphersuites.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c
index 9a416c811d..b10a9634ef 100644
--- a/library/ssl_ciphersuites.c
+++ b/library/ssl_ciphersuites.c
@@ -295,14 +295,14 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
 #if defined(MBEDTLS_AES_C)
 #if defined(MBEDTLS_GCM_C)
-#if defined(MBEDTLS_SHA512_C)
+#if defined(MBEDTLS_SHA384_C)
     { MBEDTLS_TLS1_3_AES_256_GCM_SHA384, "TLS1-3-AES-256-GCM-SHA384",
     MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384,
     MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
     MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_4,
     MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_4,
     0 },
-#endif /* MBEDTLS_SHA512_C */
+#endif /* MBEDTLS_SHA384_C */
 #if defined(MBEDTLS_SHA256_C)
     { MBEDTLS_TLS1_3_AES_128_GCM_SHA256, "TLS1-3-AES-128-GCM-SHA256",
     MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256,

From 31c01d303eddf649ba076fb0e6ee5d1405b16ee8 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Tue, 24 Aug 2021 10:49:06 +0800
Subject: [PATCH 345/966] Rename available values for tls13_kex_modes

Rename `psk_pure` to `psk` and `ephemeral_pure` to `ephemeral`

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 programs/ssl/ssl_client2.c | 6 +++---
 programs/ssl/ssl_server2.c | 6 +++---
 tests/ssl-opt.sh           | 8 ++++----
 3 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 223b7bff2f..f583f2267c 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -339,7 +339,7 @@ int main( void )
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
 #define USAGE_TLS13_KEY_EXCHANGE_MODES \
     "    tls13_kex_modes=%%s   default: all\n"     \
-    "                          options: psk_pure, psk_ephemeral, ephemeral_pure, ephemeral_all, psk_all, all\n"
+    "                          options: psk, psk_ephemeral, ephemeral, ephemeral_all, psk_all, all\n"
 #else
 #define USAGE_TLS13_KEY_EXCHANGE_MODES ""
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
@@ -1091,11 +1091,11 @@ int main( int argc, char *argv[] )
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
         else if( strcmp( p, "tls13_kex_modes" ) == 0 )
         {
-            if( strcmp( q, "psk_pure" ) == 0 )
+            if( strcmp( q, "psk" ) == 0 )
                 opt.tls13_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK;
             else if( strcmp(q, "psk_ephemeral" ) == 0 )
                 opt.tls13_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_EPHEMERAL;
-            else if( strcmp(q, "ephemeral_pure" ) == 0 )
+            else if( strcmp(q, "ephemeral" ) == 0 )
                 opt.tls13_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL;
             else if( strcmp(q, "ephemeral_all" ) == 0 )
                 opt.tls13_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL_ALL;
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 87558f54cb..a339bbf53c 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -436,7 +436,7 @@ int main( void )
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
 #define USAGE_TLS13_KEY_EXCHANGE_MODES \
     "    tls13_kex_modes=%%s   default: all\n"     \
-    "                          options: psk_pure, psk_ephemeral, ephemeral_pure, ephemeral_all, psk_all, all\n"
+    "                          options: psk, psk_ephemeral, ephemeral, ephemeral_all, psk_all, all\n"
 #else
 #define USAGE_TLS13_KEY_EXCHANGE_MODES ""
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
@@ -1734,11 +1734,11 @@ int main( int argc, char *argv[] )
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
         else if( strcmp( p, "tls13_kex_modes" ) == 0 )
         {
-            if( strcmp( q, "psk_pure" ) == 0 )
+            if( strcmp( q, "psk" ) == 0 )
                 opt.tls13_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK;
             else if( strcmp(q, "psk_ephemeral" ) == 0 )
                 opt.tls13_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_EPHEMERAL;
-            else if( strcmp(q, "ephemeral_pure" ) == 0 )
+            else if( strcmp(q, "ephemeral" ) == 0 )
                 opt.tls13_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL;
             else if( strcmp(q, "ephemeral_all" ) == 0 )
                 opt.tls13_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL_ALL;
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 56c4a5fba7..6066bc702a 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -1458,8 +1458,8 @@ run_test    "SHA-256 allowed by default in client certificate" \
 # ssl_client2/ssl_server2 example programs works.
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
 run_test    "TLS 1.3, key exchange mode parameter passing: PSK only" \
-            "$P_SRV tls13_kex_modes=psk_pure" \
-            "$P_CLI tls13_kex_modes=psk_pure" \
+            "$P_SRV tls13_kex_modes=psk" \
+            "$P_CLI tls13_kex_modes=psk" \
             0
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
 run_test    "TLS 1.3, key exchange mode parameter passing: PSK-ephemeral only" \
@@ -1468,8 +1468,8 @@ run_test    "TLS 1.3, key exchange mode parameter passing: PSK-ephemeral only" \
             0
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
 run_test    "TLS 1.3, key exchange mode parameter passing: Pure-ephemeral only" \
-            "$P_SRV tls13_kex_modes=ephemeral_pure" \
-            "$P_CLI tls13_kex_modes=ephemeral_pure" \
+            "$P_SRV tls13_kex_modes=ephemeral" \
+            "$P_CLI tls13_kex_modes=ephemeral" \
             0
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
 run_test    "TLS 1.3, key exchange mode parameter passing: All ephemeral" \

From d85a52c508b49c337b9c5bb294c2636daa4d7aa7 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Tue, 24 Aug 2021 10:55:07 +0800
Subject: [PATCH 346/966] Add mask for kex_modes

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_tls.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 834a23983f..8a65b70adb 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -3552,7 +3552,7 @@ void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf,
 void mbedtls_ssl_conf_tls13_key_exchange_modes( mbedtls_ssl_config *conf,
                                                 const int kex_modes )
 {
-    conf->tls13_kex_modes = kex_modes;
+    conf->tls13_kex_modes = kex_modes & MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_ALL;
 }
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
 

From d9343f2f0ffc48353e44560cdf23ee6e917b921a Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Mon, 23 Aug 2021 18:59:49 +0100
Subject: [PATCH 347/966] Refactor is_encrypt into aead setup arguments

Avoid touching the operation until later.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto.c | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 1566a45342..13116dcad7 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3403,6 +3403,7 @@ static psa_algorithm_t psa_aead_get_base_algorithm( psa_algorithm_t alg )
 
 /* Set the key for a multipart authenticated operation. */
 static psa_status_t psa_aead_setup( psa_aead_operation_t *operation,
+                                    int is_encrypt,
                                     mbedtls_svc_key_id_t key,
                                     psa_algorithm_t alg )
 {
@@ -3430,7 +3431,7 @@ static psa_status_t psa_aead_setup( psa_aead_operation_t *operation,
         goto exit;
     }
 
-    if( operation->is_encrypt )
+    if( is_encrypt )
         key_usage = PSA_KEY_USAGE_ENCRYPT;
     else
         key_usage = PSA_KEY_USAGE_DECRYPT;
@@ -3445,7 +3446,7 @@ static psa_status_t psa_aead_setup( psa_aead_operation_t *operation,
         .core = slot->attr
     };
 
-    if( operation->is_encrypt )
+    if( is_encrypt )
         status = psa_driver_wrapper_aead_encrypt_setup( operation,
                                                         &attributes,
                                                         slot->key.data,
@@ -3472,6 +3473,7 @@ exit:
     {
         status = unlock_status;
         operation->alg = psa_aead_get_base_algorithm( alg );
+        operation->is_encrypt = is_encrypt;
     }
     else
         psa_aead_abort( operation );
@@ -3484,9 +3486,7 @@ psa_status_t psa_aead_encrypt_setup( psa_aead_operation_t *operation,
                                      mbedtls_svc_key_id_t key,
                                      psa_algorithm_t alg )
 {
-    operation->is_encrypt = 1;
-
-    return( psa_aead_setup( operation, key, alg ) );
+    return( psa_aead_setup( operation, 1, key, alg ) );
 }
 
 /* Set the key for a multipart authenticated decryption operation. */
@@ -3494,9 +3494,7 @@ psa_status_t psa_aead_decrypt_setup( psa_aead_operation_t *operation,
                                      mbedtls_svc_key_id_t key,
                                      psa_algorithm_t alg )
 {
-    operation->is_encrypt = 0;
-
-    return( psa_aead_setup( operation, key, alg ) );
+    return( psa_aead_setup( operation, 0, key, alg ) );
 }
 
 /* Generate a random nonce / IV for multipart AEAD operation */

From f127763ec9d234ec50adb01c9697649fdcb2395f Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Tue, 24 Aug 2021 18:11:37 +0100
Subject: [PATCH 348/966] Align generate nonce variables with psa convention

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 tests/suites/test_suite_psa_crypto.function | 45 +++++++++++----------
 1 file changed, 23 insertions(+), 22 deletions(-)

diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 58e43870b8..26c6c768e0 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -3671,8 +3671,8 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data,
 /* BEGIN_CASE */
 void aead_multipart_generate_nonce( int key_type_arg, data_t *key_data,
                                     int alg_arg,
-                                    int nonce_len,
-                                    int expected_generated_len_arg,
+                                    int nonce_length,
+                                    int expected_nonce_length_arg,
                                     data_t *additional_data,
                                     data_t *input_data,
                                     int expected_status_arg )
@@ -3686,13 +3686,13 @@ void aead_multipart_generate_nonce( int key_type_arg, data_t *key_data,
     psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     psa_status_t status = PSA_ERROR_GENERIC_ERROR;
     psa_status_t expected_status = expected_status_arg;
-    size_t nonce_generated_len = 0;
-    size_t expected_generated_len = expected_generated_len_arg;
-    unsigned char *output_data = NULL;
-    unsigned char *final_data = NULL;
+    size_t actual_nonce_length = 0;
+    size_t expected_nonce_length = expected_nonce_length_arg;
+    unsigned char *output = NULL;
+    unsigned char *ciphertext = NULL;
     size_t output_size = 0;
-    size_t finish_output_size = 0;
-    size_t output_length = 0;
+    size_t ciphertext_size = 0;
+    size_t ciphertext_length = 0;
     size_t tag_length = 0;
     uint8_t tag_buffer[PSA_AEAD_TAG_MAX_SIZE];
 
@@ -3709,13 +3709,13 @@ void aead_multipart_generate_nonce( int key_type_arg, data_t *key_data,
 
     output_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, input_data->len );
 
-    ASSERT_ALLOC( output_data, output_size );
+    ASSERT_ALLOC( output, output_size );
 
-    finish_output_size = PSA_AEAD_FINISH_OUTPUT_SIZE( key_type, alg );
+    ciphertext_size = PSA_AEAD_FINISH_OUTPUT_SIZE( key_type, alg );
 
-    TEST_ASSERT( finish_output_size <= PSA_AEAD_FINISH_OUTPUT_MAX_SIZE );
+    TEST_ASSERT( ciphertext_size <= PSA_AEAD_FINISH_OUTPUT_MAX_SIZE );
 
-    ASSERT_ALLOC( final_data, finish_output_size );
+    ASSERT_ALLOC( ciphertext, ciphertext_size );
 
     operation = psa_aead_operation_init( );
 
@@ -3727,20 +3727,20 @@ void aead_multipart_generate_nonce( int key_type_arg, data_t *key_data,
     if( status == PSA_ERROR_NOT_SUPPORTED )
     {
         MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 );
-        MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce_len );
+        MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce_length );
     }
 
     PSA_ASSERT( status );
 
     status = psa_aead_generate_nonce( &operation, nonce_buffer,
-                                      nonce_len,
-                                      &nonce_generated_len );
+                                      nonce_length,
+                                      &actual_nonce_length );
 
     TEST_EQUAL( status, expected_status );
 
-    TEST_EQUAL( nonce_generated_len, expected_generated_len );
+    TEST_EQUAL( actual_nonce_length, expected_nonce_length );
 
-    TEST_ASSERT( nonce_generated_len < PSA_AEAD_NONCE_MAX_SIZE );
+    TEST_ASSERT( actual_nonce_length < PSA_AEAD_NONCE_MAX_SIZE );
 
     if( expected_status == PSA_SUCCESS )
     {
@@ -3751,17 +3751,18 @@ void aead_multipart_generate_nonce( int key_type_arg, data_t *key_data,
                                         additional_data->len ) );
 
         PSA_ASSERT( psa_aead_update( &operation, input_data->x, input_data->len,
-                                     output_data, output_size, &output_length ) );
+                                     output, output_size,
+                                     &ciphertext_length ) );
 
-        PSA_ASSERT( psa_aead_finish( &operation, final_data, finish_output_size,
-                                     &output_length, tag_buffer,
+        PSA_ASSERT( psa_aead_finish( &operation, ciphertext, ciphertext_size,
+                                     &ciphertext_length, tag_buffer,
                                      PSA_AEAD_TAG_MAX_SIZE, &tag_length ) );
     }
 
 exit:
     psa_destroy_key( key );
-    mbedtls_free( output_data );
-    mbedtls_free( final_data );
+    mbedtls_free( output );
+    mbedtls_free( ciphertext );
     psa_aead_abort( &operation );
     PSA_DONE( );
 }

From 6f0e72038d34bc7b26f42170f4bd8f38dfec7cf6 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Wed, 25 Aug 2021 12:57:18 +0100
Subject: [PATCH 349/966] Align set nonce variables with psa convention

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 tests/suites/test_suite_psa_crypto.function | 39 +++++++++++----------
 1 file changed, 20 insertions(+), 19 deletions(-)

diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 26c6c768e0..4ac4210602 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -3771,7 +3771,7 @@ exit:
 /* BEGIN_CASE */
 void aead_multipart_set_nonce( int key_type_arg, data_t *key_data,
                                int alg_arg,
-                               int nonce_len,
+                               int nonce_length,
                                int allow_null_nonce_buffer,
                                data_t *additional_data,
                                data_t *input_data,
@@ -3786,11 +3786,11 @@ void aead_multipart_set_nonce( int key_type_arg, data_t *key_data,
     psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     psa_status_t status = PSA_ERROR_GENERIC_ERROR;
     psa_status_t expected_status = expected_status_arg;
-    unsigned char *output_data = NULL;
-    unsigned char *final_data = NULL;
+    unsigned char *output = NULL;
+    unsigned char *ciphertext = NULL;
     size_t output_size = 0;
-    size_t finish_output_size = 0;
-    size_t output_length = 0;
+    size_t ciphertext_size = 0;
+    size_t ciphertext_length = 0;
     size_t tag_length = 0;
     uint8_t tag_buffer[PSA_AEAD_TAG_MAX_SIZE];
     int index = 0;
@@ -3808,13 +3808,13 @@ void aead_multipart_set_nonce( int key_type_arg, data_t *key_data,
 
     output_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, input_data->len );
 
-    ASSERT_ALLOC( output_data, output_size );
+    ASSERT_ALLOC( output, output_size );
 
-    finish_output_size = PSA_AEAD_FINISH_OUTPUT_SIZE( key_type, alg );
+    ciphertext_size = PSA_AEAD_FINISH_OUTPUT_SIZE( key_type, alg );
 
-    TEST_ASSERT( finish_output_size <= PSA_AEAD_FINISH_OUTPUT_MAX_SIZE );
+    TEST_ASSERT( ciphertext_size <= PSA_AEAD_FINISH_OUTPUT_MAX_SIZE );
 
-    ASSERT_ALLOC( final_data, finish_output_size );
+    ASSERT_ALLOC( ciphertext, ciphertext_size );
 
     operation = psa_aead_operation_init( );
 
@@ -3826,12 +3826,12 @@ void aead_multipart_set_nonce( int key_type_arg, data_t *key_data,
     if( status == PSA_ERROR_NOT_SUPPORTED )
     {
         MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 );
-        MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce_len );
+        MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce_length );
     }
 
     PSA_ASSERT( status );
 
-    if( nonce_len == 0 )
+    if( nonce_length == 0 )
     {
         if( !allow_null_nonce_buffer )
         {
@@ -3841,15 +3841,15 @@ void aead_multipart_set_nonce( int key_type_arg, data_t *key_data,
     }
     else
     {
-        ASSERT_ALLOC( nonce_buffer, nonce_len );
+        ASSERT_ALLOC( nonce_buffer, nonce_length );
 
-        for( index = 0; index < nonce_len - 1; ++index)
+        for( index = 0; index < nonce_length - 1; ++index)
         {
             nonce_buffer[index] = 'a' + index;
         }
     }
 
-    status = psa_aead_set_nonce( &operation, nonce_buffer, nonce_len );
+    status = psa_aead_set_nonce( &operation, nonce_buffer, nonce_length );
 
     TEST_EQUAL( status, expected_status );
 
@@ -3861,17 +3861,18 @@ void aead_multipart_set_nonce( int key_type_arg, data_t *key_data,
                                         additional_data->len ) );
 
         PSA_ASSERT( psa_aead_update( &operation, input_data->x, input_data->len,
-                                     output_data, output_size, &output_length ) );
+                                     output, output_size,
+                                     &ciphertext_length ) );
 
-        PSA_ASSERT( psa_aead_finish( &operation, final_data, finish_output_size,
-                                     &output_length, tag_buffer,
+        PSA_ASSERT( psa_aead_finish( &operation, ciphertext, ciphertext_size,
+                                     &ciphertext_length, tag_buffer,
                                      PSA_AEAD_TAG_MAX_SIZE, &tag_length ) );
     }
 
 exit:
     psa_destroy_key( key );
-    mbedtls_free( output_data );
-    mbedtls_free( final_data );
+    mbedtls_free( output );
+    mbedtls_free( ciphertext );
     mbedtls_free( nonce_buffer );
     psa_aead_abort( &operation );
     PSA_DONE( );

From daf5c8954c121b73f2cb1764e99738eac686ad61 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Wed, 25 Aug 2021 16:24:58 +0100
Subject: [PATCH 350/966] Remove extraneous state checks

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 13116dcad7..0bdbc5bd74 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3514,8 +3514,7 @@ psa_status_t psa_aead_generate_nonce( psa_aead_operation_t *operation,
         goto exit;
     }
 
-    if( operation->nonce_set || operation->ad_started ||
-        operation->body_started || !operation->is_encrypt )
+    if( operation->nonce_set || !operation->is_encrypt )
     {
         status = PSA_ERROR_BAD_STATE;
         goto exit;
@@ -3561,8 +3560,7 @@ psa_status_t psa_aead_set_nonce( psa_aead_operation_t *operation,
         goto exit;
     }
 
-    if( operation->nonce_set || operation->ad_started ||
-        operation->body_started )
+    if( operation->nonce_set  )
     {
         status = PSA_ERROR_BAD_STATE;
         goto exit;

From b8db2c572615c3d6a8563643f591efa87800dbff Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Wed, 25 Aug 2021 16:33:06 +0100
Subject: [PATCH 351/966] Remove extra blank lines

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto.c | 15 ---------------
 1 file changed, 15 deletions(-)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 0bdbc5bd74..79b2618b51 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3438,7 +3438,6 @@ static psa_status_t psa_aead_setup( psa_aead_operation_t *operation,
 
     status = psa_get_and_lock_key_slot_with_policy( key, &slot, key_usage,
                                                     alg );
-
     if( status != PSA_SUCCESS )
         goto exit;
 
@@ -3458,15 +3457,12 @@ static psa_status_t psa_aead_setup( psa_aead_operation_t *operation,
                                                         slot->key.data,
                                                         slot->key.bytes,
                                                         alg );
-
-
     if( status != PSA_SUCCESS )
         goto exit;
 
     operation->key_type = psa_get_key_type( &attributes );
 
 exit:
-
     unlock_status = psa_unlock_key_slot( slot );
 
     if( status == PSA_SUCCESS )
@@ -3522,7 +3518,6 @@ psa_status_t psa_aead_generate_nonce( psa_aead_operation_t *operation,
 
     required_nonce_size = PSA_AEAD_NONCE_LENGTH( operation->key_type,
                                                 operation->alg );
-
     if( nonce_size < required_nonce_size )
     {
         status = PSA_ERROR_BUFFER_TOO_SMALL;
@@ -3530,14 +3525,12 @@ psa_status_t psa_aead_generate_nonce( psa_aead_operation_t *operation,
     }
 
     status = psa_generate_random( nonce, required_nonce_size );
-
     if( status != PSA_SUCCESS )
         goto exit;
 
     status = psa_aead_set_nonce( operation, nonce, required_nonce_size );
 
 exit:
-
     if( status == PSA_SUCCESS )
         *nonce_length = required_nonce_size;
     else
@@ -3576,7 +3569,6 @@ psa_status_t psa_aead_set_nonce( psa_aead_operation_t *operation,
                                                 nonce_length );
 
 exit:
-
     if( status == PSA_SUCCESS )
         operation->nonce_set = 1;
     else
@@ -3609,7 +3601,6 @@ psa_status_t psa_aead_set_lengths( psa_aead_operation_t *operation,
                                                   plaintext_length );
 
 exit:
-
     if( status == PSA_SUCCESS )
     {
         operation->ad_remaining = ad_length;
@@ -3655,7 +3646,6 @@ psa_status_t psa_aead_update_ad( psa_aead_operation_t *operation,
                                                 input_length );
 
 exit:
-
     if( status == PSA_SUCCESS )
         operation->ad_started = 1;
     else
@@ -3714,7 +3704,6 @@ psa_status_t psa_aead_update( psa_aead_operation_t *operation,
                                              output_length );
 
 exit:
-
     if( status == PSA_SUCCESS )
         operation->body_started = 1;
     else
@@ -3750,7 +3739,6 @@ psa_status_t psa_aead_finish( psa_aead_operation_t *operation,
     *tag_length = tag_size;
 
     status = psa_aead_final_checks( operation );
-
     if( status != PSA_SUCCESS )
         goto exit;
 
@@ -3766,7 +3754,6 @@ psa_status_t psa_aead_finish( psa_aead_operation_t *operation,
                                              tag, tag_size, tag_length );
 
 exit:
-
     /* In case the operation fails and the user fails to check for failure or
      * the zero tag size, make sure the tag is set to something impossible.
      * Even if the operation succeeds, make sure we set the rest of the
@@ -3796,7 +3783,6 @@ psa_status_t psa_aead_verify( psa_aead_operation_t *operation,
     *plaintext_length = 0;
 
     status = psa_aead_final_checks( operation );
-
     if( status != PSA_SUCCESS )
         goto exit;
 
@@ -3812,7 +3798,6 @@ psa_status_t psa_aead_verify( psa_aead_operation_t *operation,
                                              tag, tag_length );
 
 exit:
-
     psa_aead_abort( operation );
 
     return( status );

From 3242f6c8efd6f4af7b06725d7a2c720c78a03bb2 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Wed, 25 Aug 2021 16:33:47 +0100
Subject: [PATCH 352/966] Fix formatting issue

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 79b2618b51..c2b318ccaa 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3517,7 +3517,7 @@ psa_status_t psa_aead_generate_nonce( psa_aead_operation_t *operation,
     }
 
     required_nonce_size = PSA_AEAD_NONCE_LENGTH( operation->key_type,
-                                                operation->alg );
+                                                 operation->alg );
     if( nonce_size < required_nonce_size )
     {
         status = PSA_ERROR_BUFFER_TOO_SMALL;

From efda3408ce87fc659e273ed86bf66a75390ffeb1 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Wed, 25 Aug 2021 17:16:52 +0100
Subject: [PATCH 353/966] Fix formatting issues

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto_aead.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c
index 92c5ccf9ea..337748a23b 100644
--- a/library/psa_crypto_aead.c
+++ b/library/psa_crypto_aead.c
@@ -469,7 +469,7 @@ psa_status_t mbedtls_psa_aead_set_nonce(
                                       operation->is_encrypt ?
                                       MBEDTLS_CHACHAPOLY_ENCRYPT :
                                       MBEDTLS_CHACHAPOLY_DECRYPT ) );
-        }
+    }
     else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
     {
@@ -482,6 +482,7 @@ psa_status_t mbedtls_psa_aead_set_nonce(
 
     return( status );
 }
+
  /* Declare the lengths of the message and additional data for AEAD. */
 psa_status_t mbedtls_psa_aead_set_lengths(
     mbedtls_psa_aead_operation_t *operation,

From 2e450093e1a9e217741664dc9b0e7a5b1e62a0d9 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Wed, 25 Aug 2021 17:18:22 +0100
Subject: [PATCH 354/966] Remove variables declared as unused

They are now always being used.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto_aead.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c
index 337748a23b..aa266ea87a 100644
--- a/library/psa_crypto_aead.c
+++ b/library/psa_crypto_aead.c
@@ -473,9 +473,7 @@ psa_status_t mbedtls_psa_aead_set_nonce(
     else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
     {
-        ( void ) operation;
         ( void ) nonce;
-        ( void ) nonce_length;
 
         return ( PSA_ERROR_NOT_SUPPORTED );
     }

From 5e69aa5709bb6f6bf1f089ec8648e800c5c8a82b Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Wed, 25 Aug 2021 17:24:37 +0100
Subject: [PATCH 355/966] Remove NULL check for set nonce

Also remove tests which would pass NULL to this function.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto_aead.c                   |  2 +-
 tests/suites/test_suite_psa_crypto.data     | 23 +++++++--------------
 tests/suites/test_suite_psa_crypto.function |  8 ++-----
 3 files changed, 10 insertions(+), 23 deletions(-)

diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c
index aa266ea87a..033dc82079 100644
--- a/library/psa_crypto_aead.c
+++ b/library/psa_crypto_aead.c
@@ -443,7 +443,7 @@ psa_status_t mbedtls_psa_aead_set_nonce(
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
     if( mbedtls_aead_check_nonce_length( operation, nonce_length )
-        != PSA_SUCCESS || nonce == NULL )
+        != PSA_SUCCESS )
     {
         return( PSA_ERROR_INVALID_ARGUMENT );
     }
diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index f2355d60b8..371fee0247 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -2598,41 +2598,33 @@ PSA Multipart Nonce Generation: ChaCha20 - Poly1305, IV = 16
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
 aead_multipart_generate_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:16:12:"":"":PSA_SUCCESS
 
-PSA Multipart Set Nonce, AES - GCM, IV = 0 (NULL)
-depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):0:1:"":"":PSA_ERROR_INVALID_ARGUMENT
-
 PSA Multipart Set Nonce, AES - GCM, IV = 0
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):0:0:"":"":PSA_ERROR_INVALID_ARGUMENT
+aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):0:"":"":PSA_ERROR_INVALID_ARGUMENT
 
 PSA Multipart Set Nonce, AES - GCM, IV = 16
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):16:0:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS
+aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):16:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS
 
 PSA Multipart Set Nonce, AES - GCM, IV = 20
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):20:0:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS
+aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):20:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS
 
 PSA Multipart Set Nonce: ChaCha20 - Poly1305, IV = 12
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
-aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:12:0:"50515253c0c1c2c3c4c5c6c7":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_SUCCESS
+aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:12:"50515253c0c1c2c3c4c5c6c7":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_SUCCESS
 
 PSA Multipart Set Nonce: ChaCha20 - Poly1305, IV = 8
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
-aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:8:0:"":"":PSA_ERROR_INVALID_ARGUMENT
-
-PSA Multipart Set Nonce: ChaCha20 - Poly1305, IV = 0 (NULL)
-depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
-aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:0:1:"":"":PSA_ERROR_INVALID_ARGUMENT
+aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:8:"":"":PSA_ERROR_INVALID_ARGUMENT
 
 PSA Multipart Set Nonce: ChaCha20 - Poly1305, IV = 0
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
-aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:0:0:"":"":PSA_ERROR_INVALID_ARGUMENT
+aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:0:"":"":PSA_ERROR_INVALID_ARGUMENT
 
 PSA Multipart Set Nonce: ChaCha20 - Poly1305, IV = 16
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
-aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:16:0:"":"":PSA_ERROR_INVALID_ARGUMENT
+aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:16:"":"":PSA_ERROR_INVALID_ARGUMENT
 
 PSA AEAD output buffer test: AES - GCM, IN = 16, BUF = 10
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
@@ -2662,7 +2654,6 @@ PSA AEAD finish buffer test: ChaCha20 - Poly1305, BUF = 0
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
 aead_multipart_finish_buffer_test:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:0:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":PSA_SUCCESS
 
-
 PSA Multipart State Checks, AES - GCM
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_state_test:PSA_KEY_TYPE_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":PSA_ALG_GCM:"000102030405060708090A0B0C0D0E0F":"000102030405060708090A0B":"0C0D0E0F101112131415161718191A1B1C1D1E"
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 4ac4210602..5fb7086a11 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -3772,7 +3772,6 @@ exit:
 void aead_multipart_set_nonce( int key_type_arg, data_t *key_data,
                                int alg_arg,
                                int nonce_length,
-                               int allow_null_nonce_buffer,
                                data_t *additional_data,
                                data_t *input_data,
                                int expected_status_arg )
@@ -3833,11 +3832,8 @@ void aead_multipart_set_nonce( int key_type_arg, data_t *key_data,
 
     if( nonce_length == 0 )
     {
-        if( !allow_null_nonce_buffer )
-        {
-            /* Arbitrary size buffer, to test zero length valid buffer. */
-            ASSERT_ALLOC( nonce_buffer, 4 );
-        }
+         /* Arbitrary size buffer, to test zero length valid buffer. */
+         ASSERT_ALLOC( nonce_buffer, 4 );
     }
     else
     {

From 1ebcd55aface9312859044d43f3b3ae6decc59fa Mon Sep 17 00:00:00 2001
From: Mateusz Starzyk <mateusz.starzyk@mobica.com>
Date: Mon, 30 Aug 2021 17:09:03 +0200
Subject: [PATCH 356/966] Extend mac_key_policy test.

Add checks for psa_mac_compute and psa_mac_verify.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
---
 tests/suites/test_suite_psa_crypto.function | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index cde28a8e75..8df2ceafef 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -822,6 +822,23 @@ void mac_key_policy( int policy_usage_arg,
     status = psa_mac_sign_setup( &operation, key, exercise_alg );
     TEST_EQUAL( status, expected_status_sign );
 
+    /* Calculate the MAC, one-shot case. */
+    uint8_t input[128] = {0};
+    size_t mac_len;
+    TEST_EQUAL( psa_mac_compute( key, exercise_alg,
+                                 input, 128,
+                                 mac, PSA_MAC_MAX_SIZE, &mac_len ),
+                expected_status_sign );
+
+    /* Verify correct MAC, one-shot case. */
+    status = psa_mac_verify( key, exercise_alg, input, 128,
+                                mac, mac_len );
+
+    if( expected_status_sign != PSA_SUCCESS && expected_status_verify == PSA_SUCCESS )
+        TEST_EQUAL( status, PSA_ERROR_INVALID_SIGNATURE );
+    else
+        TEST_EQUAL( status, expected_status_verify );
+
     psa_mac_abort( &operation );
 
     memset( mac, 0, sizeof( mac ) );

From e28d49b3b666d10677fd555090eaf75081267943 Mon Sep 17 00:00:00 2001
From: Kenneth Soerensen <ks@flonidan.dk>
Date: Thu, 3 Jan 2019 12:39:29 +0100
Subject: [PATCH 357/966] Remove compiler warning if only MBEDTLS_PK_PARSE_C is
 defined

Warning reported with IAR compiler:
"mbedtls\library\pkparse.c",1167  Warning[Pe550]: variable "ret" was set but never used

Signed-off-by: Kenneth Soerensen <knnthsrnsn@gmail.com>
---
 library/pkparse.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/library/pkparse.c b/library/pkparse.c
index fe6aaca338..b2d3bb0747 100644
--- a/library/pkparse.c
+++ b/library/pkparse.c
@@ -1370,8 +1370,8 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
     }
 #endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */
 
-    if( ( ret = pk_parse_key_pkcs8_unencrypted_der(
-                    pk, key, keylen, f_rng, p_rng ) ) == 0 )
+    ret = pk_parse_key_pkcs8_unencrypted_der( pk, key, keylen, f_rng, p_rng );
+    if( ret == 0 )
     {
         return( 0 );
     }

From a73b57774451017a0499e24b22c99ae850093471 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Mon, 19 Jul 2021 14:36:03 +0200
Subject: [PATCH 358/966] Make the fields of mbedtls_ecp_curve_info public

The whole point of this structure is to provide information, both for the
library's own sake and to applications.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 include/mbedtls/ecp.h   | 12 ++++++++----
 programs/pkey/gen_key.c | 12 ++++++------
 2 files changed, 14 insertions(+), 10 deletions(-)

diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h
index 384d0608a7..b2a2e32564 100644
--- a/include/mbedtls/ecp.h
+++ b/include/mbedtls/ecp.h
@@ -147,13 +147,17 @@ typedef enum
 
 /**
  * Curve information, for use by other modules.
+ *
+ * The fields of this structure are part of the public API and can be
+ * accessed directly by applications. Future versions of the library may
+ * add extra fields or reorder existing fields.
  */
 typedef struct mbedtls_ecp_curve_info
 {
-    mbedtls_ecp_group_id MBEDTLS_PRIVATE(grp_id);    /*!< An internal identifier. */
-    uint16_t MBEDTLS_PRIVATE(tls_id);                /*!< The TLS NamedCurve identifier. */
-    uint16_t MBEDTLS_PRIVATE(bit_size);              /*!< The curve size in bits. */
-    const char *MBEDTLS_PRIVATE(name);               /*!< A human-friendly name. */
+    mbedtls_ecp_group_id grp_id;    /*!< An internal identifier. */
+    uint16_t tls_id;                /*!< The TLS NamedCurve identifier. */
+    uint16_t bit_size;              /*!< The curve size in bits. */
+    const char *name;               /*!< A human-friendly name. */
 } mbedtls_ecp_curve_info;
 
 /**
diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c
index 4043dfa6e0..7535eee3f3 100644
--- a/programs/pkey/gen_key.c
+++ b/programs/pkey/gen_key.c
@@ -86,7 +86,7 @@ int dev_random_entropy_poll( void *data, unsigned char *output,
 #endif
 
 #if defined(MBEDTLS_ECP_C)
-#define DFL_EC_CURVE            mbedtls_ecp_curve_list()->MBEDTLS_PRIVATE(grp_id)
+#define DFL_EC_CURVE            mbedtls_ecp_curve_list()->grp_id
 #else
 #define DFL_EC_CURVE            0
 #endif
@@ -219,9 +219,9 @@ int main( int argc, char *argv[] )
 #if defined(MBEDTLS_ECP_C)
         mbedtls_printf( " available ec_curve values:\n" );
         curve_info = mbedtls_ecp_curve_list();
-        mbedtls_printf( "    %s (default)\n", curve_info->MBEDTLS_PRIVATE(name) );
-        while( ( ++curve_info )->MBEDTLS_PRIVATE(name) != NULL )
-            mbedtls_printf( "    %s\n", curve_info->MBEDTLS_PRIVATE(name) );
+        mbedtls_printf( "    %s (default)\n", curve_info->name );
+        while( ( ++curve_info )->name != NULL )
+            mbedtls_printf( "    %s\n", curve_info->name );
 #endif /* MBEDTLS_ECP_C */
         goto exit;
     }
@@ -270,7 +270,7 @@ int main( int argc, char *argv[] )
         {
             if( ( curve_info = mbedtls_ecp_curve_info_from_name( q ) ) == NULL )
                 goto usage;
-            opt.ec_curve = curve_info->MBEDTLS_PRIVATE(grp_id);
+            opt.ec_curve = curve_info->grp_id;
         }
 #endif
         else if( strcmp( p, "filename" ) == 0 )
@@ -391,7 +391,7 @@ int main( int argc, char *argv[] )
     {
         mbedtls_ecp_keypair *ecp = mbedtls_pk_ec( key );
         mbedtls_printf( "curve: %s\n",
-                mbedtls_ecp_curve_info_from_grp_id( ecp->MBEDTLS_PRIVATE(grp).id )->MBEDTLS_PRIVATE(name) );
+                mbedtls_ecp_curve_info_from_grp_id( ecp->MBEDTLS_PRIVATE(grp).id )->name );
         mbedtls_mpi_write_file( "X_Q:   ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), 16, NULL );
         mbedtls_mpi_write_file( "Y_Q:   ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y), 16, NULL );
         mbedtls_mpi_write_file( "D:     ", &ecp->MBEDTLS_PRIVATE(d)  , 16, NULL );

From 0be02bd823c07737775a2251e7426270f2c4f902 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Mon, 19 Jul 2021 16:32:54 +0200
Subject: [PATCH 359/966] Add accessor functions for cipher_info fields

Add functions to read the type, mode, name and key_bitlen fields from
mbedtls_cipher_info_t. These are the fields that applications are most
likely to care about.

TLS code also uses iv_size and block_size, which it might make sense to
expose, but most applications shouldn't need those, so I'm not exposing them
for now.

Call the new functions in unit tests, so they're at least smoke-tested.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 include/mbedtls/cipher.h                | 76 +++++++++++++++++++++++++
 tests/suites/test_suite_cipher.function | 42 +++++++++++++-
 2 files changed, 117 insertions(+), 1 deletion(-)

diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h
index 9c9a2e88cd..7921f4d85f 100644
--- a/include/mbedtls/cipher.h
+++ b/include/mbedtls/cipher.h
@@ -414,6 +414,82 @@ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_values( const mbedtls_ciph
                                               int key_bitlen,
                                               const mbedtls_cipher_mode_t mode );
 
+/**
+ * \brief               Retrieve the identifier for a cipher info structure.
+ *
+ * \param[in] info      The cipher info structure to query.
+ *                      This may be \c NULL.
+ *
+ * \return              The full cipher identifier (\c MBEDTLS_CIPHER_xxx).
+ * \return              #MBEDTLS_CIPHER_NONE if \p info is \c NULL.
+ */
+static inline mbedtls_cipher_type_t mbedtls_cipher_info_get_type(
+    const mbedtls_cipher_info_t *info )
+{
+    if( info == NULL )
+        return( MBEDTLS_CIPHER_NONE );
+    else
+        return( info->MBEDTLS_PRIVATE(type) );
+}
+
+/**
+ * \brief               Retrieve the operation mode for a cipher info structure.
+ *
+ * \param[in] info      The cipher info structure to query.
+ *                      This may be \c NULL.
+ *
+ * \return              The cipher mode (\c MBEDTLS_MODE_xxx).
+ * \return              #MBEDTLS_MODE_NONE if \p info is \c NULL.
+ */
+static inline mbedtls_cipher_mode_t mbedtls_cipher_info_get_mode(
+    const mbedtls_cipher_info_t *info )
+{
+    if( info == NULL )
+        return( MBEDTLS_MODE_NONE );
+    else
+        return( info->MBEDTLS_PRIVATE(mode) );
+}
+
+/**
+ * \brief               Retrieve the key size for a cipher info structure.
+ *
+ * \param[in] info      The cipher info structure to query.
+ *                      This may be \c NULL.
+ *
+ * \return              The key length in bits.
+ *                      For variable-sized ciphers, this is the default length.
+ *                      For DES, this includes the parity bits.
+ * \return              \c 0 if \p info is \c NULL.
+ */
+static inline size_t mbedtls_cipher_info_get_key_bitlen(
+    const mbedtls_cipher_info_t *info )
+{
+    if( info == NULL )
+        return( 0 );
+    else
+        return( info->MBEDTLS_PRIVATE(key_bitlen) );
+}
+
+/**
+ * \brief               Retrieve the human-readable name for a
+ *                      cipher info structure.
+ *
+ * \param[in] info      The cipher info structure to query.
+ *                      This may be \c NULL.
+ *
+ * \return              The cipher name, which is a human readable string,
+ *                      with static storage duration.
+ * \return              \c NULL if \c info is \p NULL.
+ */
+static inline const char *mbedtls_cipher_info_get_name(
+    const mbedtls_cipher_info_t *info )
+{
+    if( info == NULL )
+        return( NULL );
+    else
+        return( info->MBEDTLS_PRIVATE(name) );
+}
+
 /**
  * \brief               This function initializes a \p cipher_context as NONE.
  *
diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function
index 674349f764..94ea88f791 100644
--- a/tests/suites/test_suite_cipher.function
+++ b/tests/suites/test_suite_cipher.function
@@ -13,6 +13,38 @@
 #define MBEDTLS_CIPHER_AUTH_CRYPT
 #endif
 
+/* Check the internal consistency of a cipher info structure, and
+ * check it against mbedtls_cipher_info_from_xxx(). */
+static int check_cipher_info( mbedtls_cipher_type_t type,
+                              const mbedtls_cipher_info_t *info )
+{
+    size_t key_bitlen;
+
+    TEST_ASSERT( info != NULL );
+    TEST_EQUAL( type, mbedtls_cipher_info_get_type( info ) );
+    TEST_EQUAL( type, info->type );
+    TEST_ASSERT( mbedtls_cipher_info_from_type( type ) == info );
+
+    TEST_EQUAL( info->mode, mbedtls_cipher_info_get_mode( info ) );
+
+    /* Insist that get_name() return the string from the structure and
+     * not a copy. A copy would have an unknown storage duration. */
+    TEST_ASSERT( mbedtls_cipher_info_get_name( info ) == info->name );
+    TEST_ASSERT( mbedtls_cipher_info_from_string( info->name ) == info );
+
+    key_bitlen = mbedtls_cipher_info_get_key_bitlen( info );
+    TEST_ASSERT( key_bitlen % 8 == 0 );
+    /* All current and plausible supported ciphers use a 64-bit, 128-bit
+     * or 256-bit key, except XTS which uses a double AES key. */
+    TEST_ASSERT( key_bitlen >= 64 );
+    TEST_ASSERT( key_bitlen <= 512 );
+
+    return( 1 );
+
+exit:
+    return( 0 );
+}
+
 #if defined(MBEDTLS_CIPHER_AUTH_CRYPT)
 /* Helper for resetting key/direction
  *
@@ -81,7 +113,13 @@ void mbedtls_cipher_list(  )
     const int *cipher_type;
 
     for( cipher_type = mbedtls_cipher_list(); *cipher_type != 0; cipher_type++ )
-        TEST_ASSERT( mbedtls_cipher_info_from_type( *cipher_type ) != NULL );
+    {
+        const mbedtls_cipher_info_t *info =
+            mbedtls_cipher_info_from_type( *cipher_type );
+        mbedtls_test_set_step( *cipher_type );
+        if( ! check_cipher_info( *cipher_type, info ) )
+            goto exit;
+    }
 }
 /* END_CASE */
 
@@ -309,6 +347,8 @@ void enc_dec_buf( int cipher_id, char * cipher_string, int key_len,
     cipher_info = mbedtls_cipher_info_from_type( cipher_id );
     TEST_ASSERT( NULL != cipher_info );
     TEST_ASSERT( mbedtls_cipher_info_from_string( cipher_string ) == cipher_info );
+    TEST_ASSERT( strcmp( mbedtls_cipher_info_get_name( cipher_info ),
+                         cipher_string ) == 0 );
 
     /* Initialise enc and dec contexts */
     TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx_dec, cipher_info ) );

From 80932fa9448cb6c9016041f660f0d2444b1e27af Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Mon, 19 Jul 2021 17:34:02 +0200
Subject: [PATCH 360/966] Don't access cipher_info private fields in sample
 programs

Use the new accessor functions.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 programs/aes/crypt_and_hash.c | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/programs/aes/crypt_and_hash.c b/programs/aes/crypt_and_hash.c
index a8026a3353..ba9827f45e 100644
--- a/programs/aes/crypt_and_hash.c
+++ b/programs/aes/crypt_and_hash.c
@@ -124,7 +124,7 @@ int main( int argc, char *argv[] )
         while( *list )
         {
             cipher_info = mbedtls_cipher_info_from_type( *list );
-            mbedtls_printf( "  %s\n", cipher_info->MBEDTLS_PRIVATE(name) );
+            mbedtls_printf( "  %s\n", mbedtls_cipher_info_get_name( cipher_info ) );
             list++;
         }
 
@@ -309,7 +309,9 @@ int main( int argc, char *argv[] )
 
         }
 
-        if( mbedtls_cipher_setkey( &cipher_ctx, digest, cipher_info->MBEDTLS_PRIVATE(key_bitlen),
+        if( mbedtls_cipher_setkey( &cipher_ctx,
+                                   digest,
+                                   mbedtls_cipher_info_get_key_bitlen( cipher_info ),
                            MBEDTLS_ENCRYPT ) != 0 )
         {
             mbedtls_fprintf( stderr, "mbedtls_cipher_setkey() returned error\n");
@@ -408,7 +410,7 @@ int main( int argc, char *argv[] )
         /*
          * Check the file size.
          */
-        if( cipher_info->MBEDTLS_PRIVATE(mode) != MBEDTLS_MODE_GCM &&
+        if( mbedtls_cipher_info_get_mode( cipher_info ) != MBEDTLS_MODE_GCM &&
             ( ( filesize - mbedtls_md_get_size( md_info ) ) %
                 mbedtls_cipher_get_block_size( &cipher_ctx ) ) != 0 )
         {
@@ -448,7 +450,9 @@ int main( int argc, char *argv[] )
             mbedtls_md_finish( &md_ctx, digest );
         }
 
-        if( mbedtls_cipher_setkey( &cipher_ctx, digest, cipher_info->MBEDTLS_PRIVATE(key_bitlen),
+        if( mbedtls_cipher_setkey( &cipher_ctx,
+                                   digest,
+                                   mbedtls_cipher_info_get_key_bitlen( cipher_info ),
                            MBEDTLS_DECRYPT ) != 0 )
         {
             mbedtls_fprintf( stderr, "mbedtls_cipher_setkey() returned error\n" );

From e720dbe17762655b86e46b5968ba4e029c78c378 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Mon, 19 Jul 2021 17:37:46 +0200
Subject: [PATCH 361/966] Use cipher_info accessor functions in TLS code

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 library/ssl_ticket.c |  6 +++---
 library/ssl_tls.c    | 22 +++++++++++-----------
 2 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c
index bce9a1cd71..db2bb52b34 100644
--- a/library/ssl_ticket.c
+++ b/library/ssl_ticket.c
@@ -141,13 +141,13 @@ int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx,
     if( cipher_info == NULL )
         return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
 
-    if( cipher_info->mode != MBEDTLS_MODE_GCM &&
-        cipher_info->mode != MBEDTLS_MODE_CCM )
+    if( mbedtls_cipher_info_get_mode( cipher_info ) != MBEDTLS_MODE_GCM &&
+        mbedtls_cipher_info_get_mode( cipher_info ) != MBEDTLS_MODE_CCM )
     {
         return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
     }
 
-    if( cipher_info->key_bitlen > 8 * MAX_KEY_BYTES )
+    if( mbedtls_cipher_info_get_key_bitlen( cipher_info ) > 8 * MAX_KEY_BYTES )
         return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 07b51003ab..1e81384aa7 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -789,14 +789,14 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
      * Determine the appropriate key, IV and MAC length.
      */
 
-    keylen = cipher_info->key_bitlen / 8;
+    keylen = mbedtls_cipher_info_get_key_bitlen( cipher_info ) / 8;
 
 #if defined(MBEDTLS_GCM_C) ||                           \
     defined(MBEDTLS_CCM_C) ||                           \
     defined(MBEDTLS_CHACHAPOLY_C)
-    if( cipher_info->mode == MBEDTLS_MODE_GCM ||
-        cipher_info->mode == MBEDTLS_MODE_CCM ||
-        cipher_info->mode == MBEDTLS_MODE_CHACHAPOLY )
+    if( mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_GCM ||
+        mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_CCM ||
+        mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_CHACHAPOLY )
     {
         size_t explicit_ivlen;
 
@@ -814,7 +814,7 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
          *   sequence number).
          */
         transform->ivlen = 12;
-        if( cipher_info->mode == MBEDTLS_MODE_CHACHAPOLY )
+        if( mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_CHACHAPOLY )
             transform->fixed_ivlen = 12;
         else
             transform->fixed_ivlen = 4;
@@ -826,8 +826,8 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
     else
 #endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C */
 #if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
-    if( cipher_info->mode == MBEDTLS_MODE_STREAM ||
-        cipher_info->mode == MBEDTLS_MODE_CBC )
+    if( mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_STREAM ||
+        mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_CBC )
     {
         /* Initialize HMAC contexts */
         if( ( ret = mbedtls_md_setup( &transform->md_ctx_enc, md_info, 1 ) ) != 0 ||
@@ -845,7 +845,7 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
         transform->ivlen = cipher_info->iv_size;
 
         /* Minimum length */
-        if( cipher_info->mode == MBEDTLS_MODE_STREAM )
+        if( mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_STREAM )
             transform->minlen = transform->maclen;
         else
         {
@@ -1060,7 +1060,7 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
     }
 
     if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx_enc, key1,
-                               cipher_info->key_bitlen,
+                               mbedtls_cipher_info_get_key_bitlen( cipher_info ),
                                MBEDTLS_ENCRYPT ) ) != 0 )
     {
         MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret );
@@ -1068,7 +1068,7 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
     }
 
     if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx_dec, key2,
-                               cipher_info->key_bitlen,
+                               mbedtls_cipher_info_get_key_bitlen( cipher_info ),
                                MBEDTLS_DECRYPT ) ) != 0 )
     {
         MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret );
@@ -1076,7 +1076,7 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
     }
 
 #if defined(MBEDTLS_CIPHER_MODE_CBC)
-    if( cipher_info->mode == MBEDTLS_MODE_CBC )
+    if( mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_CBC )
     {
         if( ( ret = mbedtls_cipher_set_padding_mode( &transform->cipher_ctx_enc,
                                              MBEDTLS_PADDING_NONE ) ) != 0 )

From ce9e3a92fe3db6f20b267005e9f12b3e6ffbd389 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Mon, 19 Jul 2021 17:38:09 +0200
Subject: [PATCH 362/966] Remove redundant null check

mbedtls_cipher_info_get_xxx has well-defined behavior on NULL, so no need to
check first.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 library/ssl_ticket.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c
index db2bb52b34..e998111d93 100644
--- a/library/ssl_ticket.c
+++ b/library/ssl_ticket.c
@@ -138,8 +138,6 @@ int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx,
     ctx->ticket_lifetime = lifetime;
 
     cipher_info = mbedtls_cipher_info_from_type( cipher);
-    if( cipher_info == NULL )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
 
     if( mbedtls_cipher_info_get_mode( cipher_info ) != MBEDTLS_MODE_GCM &&
         mbedtls_cipher_info_get_mode( cipher_info ) != MBEDTLS_MODE_CCM )

From b11d61e095dd656afec02716f350db1e2063a8b9 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Wed, 4 Aug 2021 20:38:59 +0200
Subject: [PATCH 363/966] mbedtls_net_context: make fd public on Unix/POSIX
 platforms

On platforms with BSD-like sockets, it is useful for applications to have
access to the underlying file descriptor so that they can use functions like
select() and poll().

Do not promise that the field will exist on other platforms such as
Windows (where the type and name of the field are technically wrong because
Windows socket handles are actually not file descriptors).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 include/mbedtls/net_sockets.h | 8 +++++++-
 programs/ssl/mini_client.c    | 4 ++--
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/include/mbedtls/net_sockets.h b/include/mbedtls/net_sockets.h
index c8214a2335..0c754b122c 100644
--- a/include/mbedtls/net_sockets.h
+++ b/include/mbedtls/net_sockets.h
@@ -94,7 +94,13 @@ extern "C" {
  */
 typedef struct mbedtls_net_context
 {
-    int MBEDTLS_PRIVATE(fd);             /**< The underlying file descriptor                 */
+    /** The underlying file descriptor.
+     *
+     * This field is only guaranteed to be present on POSIX/Unix-like platforms.
+     * On other platforms, it may have a different type, have a different
+     * meaning, or be absent altogether.
+     */
+    int fd;
 }
 mbedtls_net_context;
 
diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c
index 1e0bef6b1c..97bfe68061 100644
--- a/programs/ssl/mini_client.c
+++ b/programs/ssl/mini_client.c
@@ -246,13 +246,13 @@ int main( void )
     addr.sin_addr.s_addr = *((char *) &ret) == ret ? ADDR_LE : ADDR_BE;
     ret = 0;
 
-    if( ( server_fd.MBEDTLS_PRIVATE(fd) = socket( AF_INET, SOCK_STREAM, 0 ) ) < 0 )
+    if( ( server_fd.fd = socket( AF_INET, SOCK_STREAM, 0 ) ) < 0 )
     {
         ret = socket_failed;
         goto exit;
     }
 
-    if( connect( server_fd.MBEDTLS_PRIVATE(fd),
+    if( connect( server_fd.fd,
                 (const struct sockaddr *) &addr, sizeof( addr ) ) < 0 )
     {
         ret = connect_failed;

From b89d9c05990355b9a7522d62380a41c237195a3b Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Wed, 4 Aug 2021 20:55:33 +0200
Subject: [PATCH 364/966] Make fields of ASN.1 data structures public

The structures mbedtls_asn1_buf, mbedtls_asn1_bitstring,
mbedtls_asn1_sequence and mbedtls_asn1_named_data are designed to allow
access to data after parsing. Make their fields public.

Document that chaining fields are essentially read-only.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 include/mbedtls/asn1.h | 46 +++++++++++++++++++++++++++++++-----------
 1 file changed, 34 insertions(+), 12 deletions(-)

diff --git a/include/mbedtls/asn1.h b/include/mbedtls/asn1.h
index f45fc17511..34a39d9eb9 100644
--- a/include/mbedtls/asn1.h
+++ b/include/mbedtls/asn1.h
@@ -152,9 +152,9 @@ extern "C" {
  */
 typedef struct mbedtls_asn1_buf
 {
-    int MBEDTLS_PRIVATE(tag);                /**< ASN1 type, e.g. MBEDTLS_ASN1_UTF8_STRING. */
-    size_t MBEDTLS_PRIVATE(len);             /**< ASN1 length, in octets. */
-    unsigned char *MBEDTLS_PRIVATE(p);       /**< ASN1 data, e.g. in ASCII. */
+    int tag;                /**< ASN1 type, e.g. MBEDTLS_ASN1_UTF8_STRING. */
+    size_t len;             /**< ASN1 length, in octets. */
+    unsigned char *p;       /**< ASN1 data, e.g. in ASCII. */
 }
 mbedtls_asn1_buf;
 
@@ -163,9 +163,9 @@ mbedtls_asn1_buf;
  */
 typedef struct mbedtls_asn1_bitstring
 {
-    size_t MBEDTLS_PRIVATE(len);                 /**< ASN1 length, in octets. */
-    unsigned char MBEDTLS_PRIVATE(unused_bits);  /**< Number of unused bits at the end of the string */
-    unsigned char *MBEDTLS_PRIVATE(p);           /**< Raw ASN1 data for the bit string */
+    size_t len;                 /**< ASN1 length, in octets. */
+    unsigned char unused_bits;  /**< Number of unused bits at the end of the string */
+    unsigned char *p;           /**< Raw ASN1 data for the bit string */
 }
 mbedtls_asn1_bitstring;
 
@@ -174,8 +174,16 @@ mbedtls_asn1_bitstring;
  */
 typedef struct mbedtls_asn1_sequence
 {
-    mbedtls_asn1_buf MBEDTLS_PRIVATE(buf);                   /**< Buffer containing the given ASN.1 item. */
-    struct mbedtls_asn1_sequence *MBEDTLS_PRIVATE(next);    /**< The next entry in the sequence. */
+    mbedtls_asn1_buf buf;                   /**< Buffer containing the given ASN.1 item. */
+
+    /** The next entry in the sequence.
+     *
+     * The details memory management for sequences are not documented and
+     * may change in future versions. Set this field to \p NULL when
+     * initializing a structure, and do not modify it except  via Mbed TLS
+     * library functions.
+     */
+    struct mbedtls_asn1_sequence *next;
 }
 mbedtls_asn1_sequence;
 
@@ -184,10 +192,24 @@ mbedtls_asn1_sequence;
  */
 typedef struct mbedtls_asn1_named_data
 {
-    mbedtls_asn1_buf MBEDTLS_PRIVATE(oid);                   /**< The object identifier. */
-    mbedtls_asn1_buf MBEDTLS_PRIVATE(val);                   /**< The named value. */
-    struct mbedtls_asn1_named_data *MBEDTLS_PRIVATE(next);  /**< The next entry in the sequence. */
-    unsigned char MBEDTLS_PRIVATE(next_merged);      /**< Merge next item into the current one? */
+    mbedtls_asn1_buf oid;                   /**< The object identifier. */
+    mbedtls_asn1_buf val;                   /**< The named value. */
+
+    /** The next entry in the sequence.
+     *
+     * The details memory management for named data sequences are not documented
+     * and may change in future versions. Set this field to \p NULL when
+     * initializing a structure, and do not modify it except  via Mbed TLS
+     * library functions.
+     */
+    struct mbedtls_asn1_named_data *next;
+
+    /** Merge next item into the current one?
+     *
+     * This field exists for the sake of Mbed TLS's X.509 certificate parsing
+     * code and may change in future versions of the library.
+     */
+    unsigned char MBEDTLS_PRIVATE(next_merged);
 }
 mbedtls_asn1_named_data;
 

From 842edf474c7c4844dd28aab059b931b0793d276d Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Wed, 4 Aug 2021 21:56:10 +0200
Subject: [PATCH 365/966] Make many fields of X.509 structures public

The structures mbedtls_x509_time, mbedtls_x509_crl_entry, mbedtls_x509_crl,
mbedtls_x509_crt, mbedtls_x509_san_other_name,
mbedtls_x509_subject_alternative_name, mbedtls_x509_csr are designed to
expose the result of parsing X.509 data. Document many of their fields as
being publicly readable.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 include/mbedtls/x509.h     |  4 +--
 include/mbedtls/x509_crl.h | 43 ++++++++++++++----------
 include/mbedtls/x509_crt.h | 69 ++++++++++++++++++++++----------------
 include/mbedtls/x509_csr.h | 18 ++++++----
 programs/x509/cert_write.c |  8 ++---
 5 files changed, 83 insertions(+), 59 deletions(-)

diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h
index df187cb098..9a4be95a3e 100644
--- a/include/mbedtls/x509.h
+++ b/include/mbedtls/x509.h
@@ -246,8 +246,8 @@ typedef mbedtls_asn1_sequence mbedtls_x509_sequence;
 /** Container for date and time (precision in seconds). */
 typedef struct mbedtls_x509_time
 {
-    int MBEDTLS_PRIVATE(year), MBEDTLS_PRIVATE(mon), MBEDTLS_PRIVATE(day);         /**< Date. */
-    int MBEDTLS_PRIVATE(hour), MBEDTLS_PRIVATE(min), MBEDTLS_PRIVATE(sec);         /**< Time. */
+    int year, mon, day;         /**< Date. */
+    int hour, min, sec;         /**< Time. */
 }
 mbedtls_x509_time;
 
diff --git a/include/mbedtls/x509_crl.h b/include/mbedtls/x509_crl.h
index 9331827bb2..f65e9847ba 100644
--- a/include/mbedtls/x509_crl.h
+++ b/include/mbedtls/x509_crl.h
@@ -43,16 +43,25 @@ extern "C" {
 /**
  * Certificate revocation list entry.
  * Contains the CA-specific serial numbers and revocation dates.
+ *
+ * Some fields of this structure are publicly readable. Do not modify
+ * them except via Mbed TLS library functions: the effect of modifying
+ * those fields or the data that those fields points to is unspecified.
  */
 typedef struct mbedtls_x509_crl_entry
 {
-    mbedtls_x509_buf MBEDTLS_PRIVATE(raw);
-
-    mbedtls_x509_buf MBEDTLS_PRIVATE(serial);
-
-    mbedtls_x509_time MBEDTLS_PRIVATE(revocation_date);
-
-    mbedtls_x509_buf MBEDTLS_PRIVATE(entry_ext);
+    /** Direct access to the whole entry inside the containing buffer. */
+    mbedtls_x509_buf raw;
+    /** The serial number of the revoked certificate. */
+    mbedtls_x509_buf serial;
+    /** The revocation date of this entry. */
+    mbedtls_x509_time revocation_date;
+    /** Direct access to the list of CRL entry extensions
+     * (an ASN.1 constructed sequence).
+     *
+     * If there are no extensions, `entry_ext.len == 0` and
+     * `entry_ext.p == NULL`. */
+    mbedtls_x509_buf entry_ext;
 
     struct mbedtls_x509_crl_entry *MBEDTLS_PRIVATE(next);
 }
@@ -64,22 +73,22 @@ mbedtls_x509_crl_entry;
  */
 typedef struct mbedtls_x509_crl
 {
-    mbedtls_x509_buf MBEDTLS_PRIVATE(raw);           /**< The raw certificate data (DER). */
-    mbedtls_x509_buf MBEDTLS_PRIVATE(tbs);           /**< The raw certificate body (DER). The part that is To Be Signed. */
+    mbedtls_x509_buf raw;           /**< The raw certificate data (DER). */
+    mbedtls_x509_buf tbs;           /**< The raw certificate body (DER). The part that is To Be Signed. */
 
-    int MBEDTLS_PRIVATE(version);            /**< CRL version (1=v1, 2=v2) */
-    mbedtls_x509_buf MBEDTLS_PRIVATE(sig_oid);       /**< CRL signature type identifier */
+    int version;            /**< CRL version (1=v1, 2=v2) */
+    mbedtls_x509_buf sig_oid;       /**< CRL signature type identifier */
 
-    mbedtls_x509_buf MBEDTLS_PRIVATE(issuer_raw);    /**< The raw issuer data (DER). */
+    mbedtls_x509_buf issuer_raw;    /**< The raw issuer data (DER). */
 
-    mbedtls_x509_name MBEDTLS_PRIVATE(issuer);       /**< The parsed issuer data (named information object). */
+    mbedtls_x509_name issuer;       /**< The parsed issuer data (named information object). */
 
-    mbedtls_x509_time MBEDTLS_PRIVATE(this_update);
-    mbedtls_x509_time MBEDTLS_PRIVATE(next_update);
+    mbedtls_x509_time this_update;
+    mbedtls_x509_time next_update;
 
-    mbedtls_x509_crl_entry MBEDTLS_PRIVATE(entry);   /**< The CRL entries containing the certificate revocation times for this CA. */
+    mbedtls_x509_crl_entry entry;   /**< The CRL entries containing the certificate revocation times for this CA. */
 
-    mbedtls_x509_buf MBEDTLS_PRIVATE(crl_ext);
+    mbedtls_x509_buf crl_ext;
 
     mbedtls_x509_buf MBEDTLS_PRIVATE(sig_oid2);
     mbedtls_x509_buf MBEDTLS_PRIVATE(sig);
diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index 49211a948f..6731100f20 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@@ -45,36 +45,40 @@ extern "C" {
 
 /**
  * Container for an X.509 certificate. The certificate may be chained.
+ *
+ * Some fields of this structure are publicly readable. Do not modify
+ * them except via Mbed TLS library functions: the effect of modifying
+ * those fields or the data that those fields points to is unspecified.
  */
 typedef struct mbedtls_x509_crt
 {
     int MBEDTLS_PRIVATE(own_buffer);                     /**< Indicates if \c raw is owned
                                          *   by the structure or not.        */
-    mbedtls_x509_buf MBEDTLS_PRIVATE(raw);               /**< The raw certificate data (DER). */
-    mbedtls_x509_buf MBEDTLS_PRIVATE(tbs);               /**< The raw certificate body (DER). The part that is To Be Signed. */
+    mbedtls_x509_buf raw;               /**< The raw certificate data (DER). */
+    mbedtls_x509_buf tbs;               /**< The raw certificate body (DER). The part that is To Be Signed. */
 
-    int MBEDTLS_PRIVATE(version);                /**< The X.509 version. (1=v1, 2=v2, 3=v3) */
-    mbedtls_x509_buf MBEDTLS_PRIVATE(serial);            /**< Unique id for certificate issued by a specific CA. */
-    mbedtls_x509_buf MBEDTLS_PRIVATE(sig_oid);           /**< Signature algorithm, e.g. sha1RSA */
+    int version;                /**< The X.509 version. (1=v1, 2=v2, 3=v3) */
+    mbedtls_x509_buf serial;            /**< Unique id for certificate issued by a specific CA. */
+    mbedtls_x509_buf sig_oid;           /**< Signature algorithm, e.g. sha1RSA */
 
-    mbedtls_x509_buf MBEDTLS_PRIVATE(issuer_raw);        /**< The raw issuer data (DER). Used for quick comparison. */
-    mbedtls_x509_buf MBEDTLS_PRIVATE(subject_raw);       /**< The raw subject data (DER). Used for quick comparison. */
+    mbedtls_x509_buf issuer_raw;        /**< The raw issuer data (DER). Used for quick comparison. */
+    mbedtls_x509_buf subject_raw;       /**< The raw subject data (DER). Used for quick comparison. */
 
-    mbedtls_x509_name MBEDTLS_PRIVATE(issuer);           /**< The parsed issuer data (named information object). */
-    mbedtls_x509_name MBEDTLS_PRIVATE(subject);          /**< The parsed subject data (named information object). */
+    mbedtls_x509_name issuer;           /**< The parsed issuer data (named information object). */
+    mbedtls_x509_name subject;          /**< The parsed subject data (named information object). */
 
-    mbedtls_x509_time MBEDTLS_PRIVATE(valid_from);       /**< Start time of certificate validity. */
-    mbedtls_x509_time MBEDTLS_PRIVATE(valid_to);         /**< End time of certificate validity. */
+    mbedtls_x509_time valid_from;       /**< Start time of certificate validity. */
+    mbedtls_x509_time valid_to;         /**< End time of certificate validity. */
 
-    mbedtls_x509_buf MBEDTLS_PRIVATE(pk_raw);
-    mbedtls_pk_context MBEDTLS_PRIVATE(pk);              /**< Container for the public key context. */
+    mbedtls_x509_buf pk_raw;
+    mbedtls_pk_context pk;              /**< Container for the public key context. */
 
-    mbedtls_x509_buf MBEDTLS_PRIVATE(issuer_id);         /**< Optional X.509 v2/v3 issuer unique identifier. */
-    mbedtls_x509_buf MBEDTLS_PRIVATE(subject_id);        /**< Optional X.509 v2/v3 subject unique identifier. */
-    mbedtls_x509_buf MBEDTLS_PRIVATE(v3_ext);            /**< Optional X.509 v3 extensions.  */
-    mbedtls_x509_sequence MBEDTLS_PRIVATE(subject_alt_names);    /**< Optional list of raw entries of Subject Alternative Names extension (currently only dNSName and OtherName are listed). */
+    mbedtls_x509_buf issuer_id;         /**< Optional X.509 v2/v3 issuer unique identifier. */
+    mbedtls_x509_buf subject_id;        /**< Optional X.509 v2/v3 subject unique identifier. */
+    mbedtls_x509_buf v3_ext;            /**< Optional X.509 v3 extensions.  */
+    mbedtls_x509_sequence subject_alt_names;    /**< Optional list of raw entries of Subject Alternative Names extension (currently only dNSName and OtherName are listed). */
 
-    mbedtls_x509_sequence MBEDTLS_PRIVATE(certificate_policies); /**< Optional list of certificate policies (Only anyPolicy is printed and enforced, however the rest of the policies are still listed). */
+    mbedtls_x509_sequence certificate_policies; /**< Optional list of certificate policies (Only anyPolicy is printed and enforced, however the rest of the policies are still listed). */
 
     int MBEDTLS_PRIVATE(ext_types);              /**< Bit string containing detected and parsed extensions */
     int MBEDTLS_PRIVATE(ca_istrue);              /**< Optional Basic Constraint extension value: 1 if this certificate belongs to a CA, 0 otherwise. */
@@ -82,7 +86,7 @@ typedef struct mbedtls_x509_crt
 
     unsigned int MBEDTLS_PRIVATE(key_usage);     /**< Optional key usage extension value: See the values in x509.h */
 
-    mbedtls_x509_sequence MBEDTLS_PRIVATE(ext_key_usage); /**< Optional list of extended key usage OIDs. */
+    mbedtls_x509_sequence ext_key_usage; /**< Optional list of extended key usage OIDs. */
 
     unsigned char MBEDTLS_PRIVATE(ns_cert_type); /**< Optional Netscape certificate type extension value: See the values in x509.h */
 
@@ -100,6 +104,9 @@ mbedtls_x509_crt;
  * OtherName ::= SEQUENCE {
  *      type-id    OBJECT IDENTIFIER,
  *      value      [0] EXPLICIT ANY DEFINED BY type-id }
+ *
+ * Future versions of the library may add new fields to this structure or
+ * to its embedded union and structure.
  */
 typedef struct mbedtls_x509_san_other_name
 {
@@ -108,7 +115,7 @@ typedef struct mbedtls_x509_san_other_name
      * To check the value of the type id, you should use
      * \p MBEDTLS_OID_CMP with a known OID mbedtls_x509_buf.
      */
-    mbedtls_x509_buf MBEDTLS_PRIVATE(type_id);                   /**< The type id. */
+    mbedtls_x509_buf type_id;                   /**< The type id. */
     union
     {
         /**
@@ -119,26 +126,30 @@ typedef struct mbedtls_x509_san_other_name
          */
         struct
         {
-            mbedtls_x509_buf MBEDTLS_PRIVATE(oid);               /**< The object identifier. */
-            mbedtls_x509_buf MBEDTLS_PRIVATE(val);               /**< The named value. */
+            mbedtls_x509_buf oid;               /**< The object identifier. */
+            mbedtls_x509_buf val;               /**< The named value. */
         }
-        MBEDTLS_PRIVATE(hardware_module_name);
+        hardware_module_name;
     }
-    MBEDTLS_PRIVATE(value);
+    value;
 }
 mbedtls_x509_san_other_name;
 
 /**
- * A structure for holding the parsed Subject Alternative Name, according to type
+ * A structure for holding the parsed Subject Alternative Name,
+ * according to type.
+ *
+ * Future versions of the library may add new fields to this structure or
+ * to its embedded union and structure.
  */
 typedef struct mbedtls_x509_subject_alternative_name
 {
-    int MBEDTLS_PRIVATE(type);                              /**< The SAN type, value of MBEDTLS_X509_SAN_XXX. */
+    int type;                              /**< The SAN type, value of MBEDTLS_X509_SAN_XXX. */
     union {
-        mbedtls_x509_san_other_name MBEDTLS_PRIVATE(other_name); /**< The otherName supported type. */
-        mbedtls_x509_buf   MBEDTLS_PRIVATE(unstructured_name); /**< The buffer for the un constructed types. Only dnsName currently supported */
+        mbedtls_x509_san_other_name other_name; /**< The otherName supported type. */
+        mbedtls_x509_buf   unstructured_name; /**< The buffer for the un constructed types. Only dnsName currently supported */
     }
-    MBEDTLS_PRIVATE(san); /**< A union of the supported SAN types */
+    san; /**< A union of the supported SAN types */
 }
 mbedtls_x509_subject_alternative_name;
 
diff --git a/include/mbedtls/x509_csr.h b/include/mbedtls/x509_csr.h
index 674f9ce793..5d1ce0e418 100644
--- a/include/mbedtls/x509_csr.h
+++ b/include/mbedtls/x509_csr.h
@@ -42,20 +42,24 @@ extern "C" {
 
 /**
  * Certificate Signing Request (CSR) structure.
+ *
+ * Some fields of this structure are publicly readable. Do not modify
+ * them except via Mbed TLS library functions: the effect of modifying
+ * those fields or the data that those fields points to is unspecified.
  */
 typedef struct mbedtls_x509_csr
 {
-    mbedtls_x509_buf MBEDTLS_PRIVATE(raw);           /**< The raw CSR data (DER). */
-    mbedtls_x509_buf MBEDTLS_PRIVATE(cri);           /**< The raw CertificateRequestInfo body (DER). */
+    mbedtls_x509_buf raw;           /**< The raw CSR data (DER). */
+    mbedtls_x509_buf cri;           /**< The raw CertificateRequestInfo body (DER). */
 
-    int MBEDTLS_PRIVATE(version);            /**< CSR version (1=v1). */
+    int version;            /**< CSR version (1=v1). */
 
-    mbedtls_x509_buf  MBEDTLS_PRIVATE(subject_raw);  /**< The raw subject data (DER). */
-    mbedtls_x509_name MBEDTLS_PRIVATE(subject);      /**< The parsed subject data (named information object). */
+    mbedtls_x509_buf  subject_raw;  /**< The raw subject data (DER). */
+    mbedtls_x509_name subject;      /**< The parsed subject data (named information object). */
 
-    mbedtls_pk_context MBEDTLS_PRIVATE(pk);          /**< Container for the public key context. */
+    mbedtls_pk_context pk;          /**< Container for the public key context. */
 
-    mbedtls_x509_buf MBEDTLS_PRIVATE(sig_oid);
+    mbedtls_x509_buf sig_oid;
     mbedtls_x509_buf MBEDTLS_PRIVATE(sig);
     mbedtls_md_type_t MBEDTLS_PRIVATE(sig_md);       /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */
     mbedtls_pk_type_t MBEDTLS_PRIVATE(sig_pk);       /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c
index 9a20d63419..763f8684f6 100644
--- a/programs/x509/cert_write.c
+++ b/programs/x509/cert_write.c
@@ -514,7 +514,7 @@ int main( int argc, char *argv[] )
         }
 
         ret = mbedtls_x509_dn_gets( issuer_name, sizeof(issuer_name),
-                                 &issuer_crt.MBEDTLS_PRIVATE(subject) );
+                                 &issuer_crt.subject );
         if( ret < 0 )
         {
             mbedtls_strerror( ret, buf, 1024 );
@@ -548,7 +548,7 @@ int main( int argc, char *argv[] )
         }
 
         ret = mbedtls_x509_dn_gets( subject_name, sizeof(subject_name),
-                                 &csr.MBEDTLS_PRIVATE(subject) );
+                                 &csr.subject );
         if( ret < 0 )
         {
             mbedtls_strerror( ret, buf, 1024 );
@@ -558,7 +558,7 @@ int main( int argc, char *argv[] )
         }
 
         opt.subject_name = subject_name;
-        subject_key = &csr.MBEDTLS_PRIVATE(pk);
+        subject_key = &csr.pk;
 
         mbedtls_printf( " ok\n" );
     }
@@ -602,7 +602,7 @@ int main( int argc, char *argv[] )
     //
     if( strlen( opt.issuer_crt ) )
     {
-        if( mbedtls_pk_check_pair( &issuer_crt.MBEDTLS_PRIVATE(pk), issuer_key,
+        if( mbedtls_pk_check_pair( &issuer_crt.pk, issuer_key,
                                    mbedtls_ctr_drbg_random, &ctr_drbg ) != 0 )
         {
             mbedtls_printf( " failed\n  !  issuer_key does not match "

From 44ffc79d298c172e9bf2000acec9edc0ba0e95f6 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Tue, 31 Aug 2021 22:59:35 +0200
Subject: [PATCH 366/966] Copyediting in comments

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 include/mbedtls/asn1.h     | 10 +++++-----
 include/mbedtls/x509_csr.h |  2 +-
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/include/mbedtls/asn1.h b/include/mbedtls/asn1.h
index 34a39d9eb9..4746c1cb4d 100644
--- a/include/mbedtls/asn1.h
+++ b/include/mbedtls/asn1.h
@@ -178,9 +178,9 @@ typedef struct mbedtls_asn1_sequence
 
     /** The next entry in the sequence.
      *
-     * The details memory management for sequences are not documented and
+     * The details of memory management for sequences are not documented and
      * may change in future versions. Set this field to \p NULL when
-     * initializing a structure, and do not modify it except  via Mbed TLS
+     * initializing a structure, and do not modify it except via Mbed TLS
      * library functions.
      */
     struct mbedtls_asn1_sequence *next;
@@ -197,9 +197,9 @@ typedef struct mbedtls_asn1_named_data
 
     /** The next entry in the sequence.
      *
-     * The details memory management for named data sequences are not documented
-     * and may change in future versions. Set this field to \p NULL when
-     * initializing a structure, and do not modify it except  via Mbed TLS
+     * The details of memory management for named data sequences are not
+     * documented and may change in future versions. Set this field to \p NULL
+     * when initializing a structure, and do not modify it except via Mbed TLS
      * library functions.
      */
     struct mbedtls_asn1_named_data *next;
diff --git a/include/mbedtls/x509_csr.h b/include/mbedtls/x509_csr.h
index 5d1ce0e418..f80a1a1307 100644
--- a/include/mbedtls/x509_csr.h
+++ b/include/mbedtls/x509_csr.h
@@ -45,7 +45,7 @@ extern "C" {
  *
  * Some fields of this structure are publicly readable. Do not modify
  * them except via Mbed TLS library functions: the effect of modifying
- * those fields or the data that those fields points to is unspecified.
+ * those fields or the data that those fields point to is unspecified.
  */
 typedef struct mbedtls_x509_csr
 {

From 2e9d65f928be9287e5e2c5a443beaa845982b8bb Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Tue, 31 Aug 2021 23:05:19 +0200
Subject: [PATCH 367/966] Note that custom info structures are not supported

This was already documented for mbedtls_md_info_t. Also document it for
mbedtls_pk_info_t (where it's fairly obvious since the structure is not
defined in a public header) and for mbedtls_cipher_info_t (where it's not
obvious since the structure is defined in a public header).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 include/mbedtls/cipher.h | 7 +++++++
 include/mbedtls/pk.h     | 4 ++++
 2 files changed, 11 insertions(+)

diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h
index 7921f4d85f..b4630f63cd 100644
--- a/include/mbedtls/cipher.h
+++ b/include/mbedtls/cipher.h
@@ -258,6 +258,13 @@ typedef struct mbedtls_cmac_context_t mbedtls_cmac_context_t;
 /**
  * Cipher information. Allows calling cipher functions
  * in a generic way.
+ *
+ * \note        The library does not support custom cipher info structures,
+ *              only built-in structures returned by the functions
+ *              mbedtls_cipher_info_from_string(),
+ *              mbedtls_cipher_info_from_type(),
+ *              mbedtls_cipher_info_from_values(),
+ *              mbedtls_cipher_info_from_psa().
  */
 typedef struct mbedtls_cipher_info_t
 {
diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h
index ded52225f2..5f9f29ff6d 100644
--- a/include/mbedtls/pk.h
+++ b/include/mbedtls/pk.h
@@ -186,6 +186,10 @@ typedef struct mbedtls_pk_debug_item
 
 /**
  * \brief           Public key information and operations
+ *
+ * \note        The library does not support custom pk info structures,
+ *              only built-in structures returned by
+ *              mbedtls_cipher_info_from_type().
  */
 typedef struct mbedtls_pk_info_t mbedtls_pk_info_t;
 

From ca939959e4d33174176c81900a4a8fb343f357b7 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Tue, 31 Aug 2021 23:18:07 +0200
Subject: [PATCH 368/966] Allow read-only access to lists of certificates, CRL,
 CRL entries

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 include/mbedtls/x509_crl.h     | 10 ++++++++--
 include/mbedtls/x509_crt.h     |  5 ++++-
 programs/ssl/dtls_server.c     |  2 +-
 programs/ssl/ssl_fork_server.c |  2 +-
 programs/ssl/ssl_server.c      |  2 +-
 programs/x509/cert_app.c       |  2 +-
 6 files changed, 16 insertions(+), 7 deletions(-)

diff --git a/include/mbedtls/x509_crl.h b/include/mbedtls/x509_crl.h
index f65e9847ba..52bd43cd3c 100644
--- a/include/mbedtls/x509_crl.h
+++ b/include/mbedtls/x509_crl.h
@@ -63,7 +63,10 @@ typedef struct mbedtls_x509_crl_entry
      * `entry_ext.p == NULL`. */
     mbedtls_x509_buf entry_ext;
 
-    struct mbedtls_x509_crl_entry *MBEDTLS_PRIVATE(next);
+    /** Next element in the linked list of entries.
+     * \p NULL indicates the end of the list.
+     * Do not modify this field directly. */
+    struct mbedtls_x509_crl_entry *next;
 }
 mbedtls_x509_crl_entry;
 
@@ -96,7 +99,10 @@ typedef struct mbedtls_x509_crl
     mbedtls_pk_type_t MBEDTLS_PRIVATE(sig_pk);           /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
     void *MBEDTLS_PRIVATE(sig_opts);             /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */
 
-    struct mbedtls_x509_crl *MBEDTLS_PRIVATE(next);
+    /** Next element in the linked list of CRL.
+     * \p NULL indicates the end of the list.
+     * Do not modify this field directly. */
+    struct mbedtls_x509_crl *next;
 }
 mbedtls_x509_crl;
 
diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index 6731100f20..3c11a99899 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@@ -95,7 +95,10 @@ typedef struct mbedtls_x509_crt
     mbedtls_pk_type_t MBEDTLS_PRIVATE(sig_pk);           /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
     void *MBEDTLS_PRIVATE(sig_opts);             /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */
 
-    struct mbedtls_x509_crt *MBEDTLS_PRIVATE(next);     /**< Next certificate in the CA-chain. */
+    /** Next certificate in the linked list that constitutes the CA chain.
+     * \p NULL indicates the end of the list.
+     * Do not modify this field directly. */
+    struct mbedtls_x509_crt *next;
 }
 mbedtls_x509_crt;
 
diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c
index f2570490f5..5d1cccbe64 100644
--- a/programs/ssl/dtls_server.c
+++ b/programs/ssl/dtls_server.c
@@ -226,7 +226,7 @@ int main( void )
                                    mbedtls_ssl_cache_set );
 #endif
 
-    mbedtls_ssl_conf_ca_chain( &conf, srvcert.MBEDTLS_PRIVATE(next), NULL );
+    mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL );
    if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) ) != 0 )
     {
         printf( " failed\n  ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret );
diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c
index 542a334606..694fc3b7ae 100644
--- a/programs/ssl/ssl_fork_server.c
+++ b/programs/ssl/ssl_fork_server.c
@@ -190,7 +190,7 @@ int main( void )
     mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
     mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
 
-    mbedtls_ssl_conf_ca_chain( &conf, srvcert.MBEDTLS_PRIVATE(next), NULL );
+    mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL );
     if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) ) != 0 )
     {
         mbedtls_printf( " failed!  mbedtls_ssl_conf_own_cert returned %d\n\n", ret );
diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c
index ace657ceba..95557fb059 100644
--- a/programs/ssl/ssl_server.c
+++ b/programs/ssl/ssl_server.c
@@ -212,7 +212,7 @@ int main( void )
                                    mbedtls_ssl_cache_set );
 #endif
 
-    mbedtls_ssl_conf_ca_chain( &conf, srvcert.MBEDTLS_PRIVATE(next), NULL );
+    mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL );
     if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) ) != 0 )
     {
         mbedtls_printf( " failed\n  ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret );
diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c
index aab15db2b7..3d8f37b646 100644
--- a/programs/x509/cert_app.c
+++ b/programs/x509/cert_app.c
@@ -331,7 +331,7 @@ int main( int argc, char *argv[] )
 
             mbedtls_printf( "%s\n", buf );
 
-            cur = cur->MBEDTLS_PRIVATE(next);
+            cur = cur->next;
         }
 
         /*

From 6ac8f94a72cb75071c79797908c4927b37e2f85a Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Wed, 1 Sep 2021 08:31:49 +0200
Subject: [PATCH 369/966] Fix cipher info key length sanity checks

Most supported ciphers have a 128-bit, 192-bit or 256-bit keys. List the
exceptions explicitly.

This commit fixes a test failure with the null cipher and an incorrect
comment that omitted several key lengths.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 tests/suites/test_suite_cipher.function | 31 +++++++++++++++++++++----
 1 file changed, 26 insertions(+), 5 deletions(-)

diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function
index 94ea88f791..c809d9a280 100644
--- a/tests/suites/test_suite_cipher.function
+++ b/tests/suites/test_suite_cipher.function
@@ -33,11 +33,32 @@ static int check_cipher_info( mbedtls_cipher_type_t type,
     TEST_ASSERT( mbedtls_cipher_info_from_string( info->name ) == info );
 
     key_bitlen = mbedtls_cipher_info_get_key_bitlen( info );
-    TEST_ASSERT( key_bitlen % 8 == 0 );
-    /* All current and plausible supported ciphers use a 64-bit, 128-bit
-     * or 256-bit key, except XTS which uses a double AES key. */
-    TEST_ASSERT( key_bitlen >= 64 );
-    TEST_ASSERT( key_bitlen <= 512 );
+    if( info->type == MBEDTLS_CIPHER_NULL )
+        TEST_ASSERT( key_bitlen == 0 );
+    else if( info->mode == MBEDTLS_MODE_XTS )
+    {
+        TEST_ASSERT( key_bitlen == 256 ||
+                     key_bitlen == 384 ||
+                     key_bitlen == 512 );
+    }
+    else if( ! strncmp( info->name, "DES-EDE3-", 9 ) )
+    {
+        TEST_ASSERT( key_bitlen == 192 );
+    }
+    else if( ! strncmp( info->name, "DES-EDE-", 8 ) )
+    {
+        TEST_ASSERT( key_bitlen == 128 );
+    }
+    else if( ! strncmp( info->name, "DES-", 4 ) )
+    {
+        TEST_ASSERT( key_bitlen == 64 );
+    }
+    else
+    {
+        TEST_ASSERT( key_bitlen == 128 ||
+                     key_bitlen == 192 ||
+                     key_bitlen == 256 );
+    }
 
     return( 1 );
 

From e40ae6bbed2af4b792b1704359fac3b6669052de Mon Sep 17 00:00:00 2001
From: Mateusz Starzyk <mateusz.starzyk@mobica.com>
Date: Wed, 1 Sep 2021 12:47:49 +0200
Subject: [PATCH 370/966] Fix typo

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
---
 include/mbedtls/ccm.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h
index 8aacfce55e..c78af48e4a 100644
--- a/include/mbedtls/ccm.h
+++ b/include/mbedtls/ccm.h
@@ -86,7 +86,7 @@ typedef struct mbedtls_ccm_context
     size_t MBEDTLS_PRIVATE(tag_len);         /*!< Total tag length */
     size_t MBEDTLS_PRIVATE(processed);       /*!< Track how many bytes of input data
                                                   were processed (chunked input).
-                                                  Used indepenedantly for both auth data
+                                                  Used independently for both auth data
                                                   and plaintext/ciphertext.
                                                   This variable is set to zero after
                                                   auth data input is finished. */

From 7251eda6ff7106752eab172862cc74f476e2b049 Mon Sep 17 00:00:00 2001
From: Mateusz Starzyk <mateusz.starzyk@mobica.com>
Date: Wed, 1 Sep 2021 13:26:44 +0200
Subject: [PATCH 371/966] Replace BAD_SEQUENCE error with BAD_INPUT

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
---
 include/mbedtls/ccm.h                | 2 --
 library/ccm.c                        | 6 +++---
 tests/suites/test_suite_ccm.function | 8 ++++----
 3 files changed, 7 insertions(+), 9 deletions(-)

diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h
index c78af48e4a..6f991fefbd 100644
--- a/include/mbedtls/ccm.h
+++ b/include/mbedtls/ccm.h
@@ -61,8 +61,6 @@
 #define MBEDTLS_ERR_CCM_BAD_INPUT       -0x000D
 /** Authenticated decryption failed. */
 #define MBEDTLS_ERR_CCM_AUTH_FAILED     -0x000F
-/** CCM functions called in the wrong sequence. */
-#define MBEDTLS_ERR_CCM_BAD_SEQUENCE    -0x0011
 
 #ifdef __cplusplus
 extern "C" {
diff --git a/library/ccm.c b/library/ccm.c
index 0a904613ed..d9d25cecd9 100644
--- a/library/ccm.c
+++ b/library/ccm.c
@@ -270,7 +270,7 @@ int mbedtls_ccm_update_ad( mbedtls_ccm_context *ctx,
     {
         if( ctx->state & CCM_STATE__AUTH_DATA_FINISHED )
         {
-            return MBEDTLS_ERR_CCM_BAD_SEQUENCE;
+            return MBEDTLS_ERR_CCM_BAD_INPUT;
         }
 
         if( !(ctx->state & CCM_STATE__AUTH_DATA_STARTED) )
@@ -444,12 +444,12 @@ int mbedtls_ccm_finish( mbedtls_ccm_context *ctx,
 
     if( ctx->add_len > 0 && !( ctx->state & CCM_STATE__AUTH_DATA_FINISHED ) )
     {
-        return MBEDTLS_ERR_CCM_BAD_SEQUENCE;
+        return MBEDTLS_ERR_CCM_BAD_INPUT;
     }
 
     if( ctx->plaintext_len > 0 && ctx->processed != ctx->plaintext_len )
     {
-        return MBEDTLS_ERR_CCM_BAD_SEQUENCE;
+        return MBEDTLS_ERR_CCM_BAD_INPUT;
     }
 
     /*
diff --git a/tests/suites/test_suite_ccm.function b/tests/suites/test_suite_ccm.function
index 48c4fe919d..128bd86d98 100644
--- a/tests/suites/test_suite_ccm.function
+++ b/tests/suites/test_suite_ccm.function
@@ -559,7 +559,7 @@ void mbedtls_ccm_incomplete_ad( int cipher_id, int mode,
     TEST_EQUAL( 0, mbedtls_ccm_update_ad( &ctx, add->x, add->len/2) );
 
     ASSERT_ALLOC( output, 16 );
-    TEST_EQUAL( MBEDTLS_ERR_CCM_BAD_SEQUENCE, mbedtls_ccm_finish( &ctx, output, 16 ) );
+    TEST_EQUAL( MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_finish( &ctx, output, 16 ) );
 
 exit:
     mbedtls_free( output );
@@ -585,7 +585,7 @@ void mbedtls_ccm_full_ad_and_overflow( int cipher_id, int mode,
     // pass full auth data
     TEST_EQUAL( 0, mbedtls_ccm_update_ad( &ctx, add->x, add->len) );
     // pass 1 extra byte
-    TEST_EQUAL( MBEDTLS_ERR_CCM_BAD_SEQUENCE, mbedtls_ccm_update_ad( &ctx, add->x, 1) );
+    TEST_EQUAL( MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_update_ad( &ctx, add->x, 1) );
 exit:
     mbedtls_ccm_free( &ctx );
 }
@@ -644,7 +644,7 @@ void mbedtls_ccm_incomplete_update( int cipher_id, int mode,
     output = NULL;
 
     ASSERT_ALLOC( output, 16 );
-    TEST_EQUAL( MBEDTLS_ERR_CCM_BAD_SEQUENCE, mbedtls_ccm_finish( &ctx, output, 16 ) );
+    TEST_EQUAL( MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_finish( &ctx, output, 16 ) );
 
 exit:
     mbedtls_free( output );
@@ -699,7 +699,7 @@ void mbedtls_ccm_instant_finish( int cipher_id, int mode,
     TEST_EQUAL( 0, mbedtls_ccm_set_lengths( &ctx, 16, 16, 16 ) );
 
     ASSERT_ALLOC( output, 16 );
-    TEST_EQUAL( MBEDTLS_ERR_CCM_BAD_SEQUENCE, mbedtls_ccm_finish( &ctx, output, 16 ) );
+    TEST_EQUAL( MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_finish( &ctx, output, 16 ) );
 
 exit:
     mbedtls_free( output );

From 3d7d52c2edba82ec109e533379727099b3073deb Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Wed, 1 Sep 2021 10:33:14 +0100
Subject: [PATCH 372/966] Formatting fixes

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index c2b318ccaa..b335aa37c5 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3553,7 +3553,7 @@ psa_status_t psa_aead_set_nonce( psa_aead_operation_t *operation,
         goto exit;
     }
 
-    if( operation->nonce_set  )
+    if( operation->nonce_set )
     {
         status = PSA_ERROR_BAD_STATE;
         goto exit;
@@ -3612,7 +3612,8 @@ exit:
 
     return( status );
 }
- /* Pass additional data to an active multipart AEAD operation. */
+
+/* Pass additional data to an active multipart AEAD operation. */
 psa_status_t psa_aead_update_ad( psa_aead_operation_t *operation,
                                  const uint8_t *input,
                                  size_t input_length )

From c6d11d02f5223f62a35954dc2b8c5342a246ad8f Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Wed, 1 Sep 2021 12:04:23 +0100
Subject: [PATCH 373/966] Aligh update buffer test variables with psa naming

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 tests/suites/test_suite_psa_crypto.function | 29 ++++++++++-----------
 1 file changed, 14 insertions(+), 15 deletions(-)

diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 5fb7086a11..e01c49588e 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -3878,7 +3878,7 @@ exit:
 /* BEGIN_CASE */
 void aead_multipart_update_buffer_test( int key_type_arg, data_t *key_data,
                                        int alg_arg,
-                                       int buffer_size,
+                                       int output_size_arg,
                                        data_t *nonce,
                                        data_t *additional_data,
                                        data_t *input_data,
@@ -3892,10 +3892,11 @@ void aead_multipart_update_buffer_test( int key_type_arg, data_t *key_data,
     psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     psa_status_t status = PSA_ERROR_GENERIC_ERROR;
     psa_status_t expected_status = expected_status_arg;
-    unsigned char *output_data = NULL;
-    unsigned char *final_data = NULL;
-    size_t finish_output_size = 0;
-    size_t output_length = 0;
+    unsigned char *output = NULL;
+    unsigned char *ciphertext = NULL;
+    size_t output_size = output_size_arg;
+    size_t ciphertext_size = 0;
+    size_t ciphertext_length = 0;
     size_t tag_length = 0;
     uint8_t tag_buffer[PSA_AEAD_TAG_MAX_SIZE];
 
@@ -3910,13 +3911,11 @@ void aead_multipart_update_buffer_test( int key_type_arg, data_t *key_data,
 
     PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
 
-    ASSERT_ALLOC( output_data, buffer_size );
+    ASSERT_ALLOC( output, output_size );
 
-    finish_output_size = PSA_AEAD_FINISH_OUTPUT_SIZE( key_type, alg );
+    ciphertext_size = PSA_AEAD_FINISH_OUTPUT_SIZE( key_type, alg );
 
-    TEST_ASSERT( finish_output_size <= PSA_AEAD_FINISH_OUTPUT_MAX_SIZE );
-
-    ASSERT_ALLOC( final_data, finish_output_size );
+    ASSERT_ALLOC( ciphertext, ciphertext_size );
 
     operation = psa_aead_operation_init( );
 
@@ -3939,22 +3938,22 @@ void aead_multipart_update_buffer_test( int key_type_arg, data_t *key_data,
                                     additional_data->len ) );
 
     status = psa_aead_update( &operation, input_data->x, input_data->len,
-                              output_data, buffer_size, &output_length );
+                              output, output_size, &ciphertext_length );
 
     TEST_EQUAL( status, expected_status );
 
     if( expected_status == PSA_SUCCESS )
     {
         /* Ensure we can still complete operation. */
-        PSA_ASSERT( psa_aead_finish( &operation, final_data, finish_output_size,
-                                     &output_length, tag_buffer,
+        PSA_ASSERT( psa_aead_finish( &operation, ciphertext, ciphertext_size,
+                                     &ciphertext_length, tag_buffer,
                                      PSA_AEAD_TAG_MAX_SIZE, &tag_length ) );
     }
 
 exit:
     psa_destroy_key( key );
-    mbedtls_free( output_data );
-    mbedtls_free( final_data );
+    mbedtls_free( output );
+    mbedtls_free( ciphertext );
     psa_aead_abort( &operation );
     PSA_DONE( );
 }

From 7f6284224799746a0c93a31fc46afc49249acbbd Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Wed, 1 Sep 2021 12:08:29 +0100
Subject: [PATCH 374/966] Add test for calling update when nonce not set

Previously only testing calling update_ad in this state.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 tests/suites/test_suite_psa_crypto.function | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index e01c49588e..0c009811c7 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -4224,6 +4224,19 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data,
 
     psa_aead_abort( &operation );
 
+    /* ------------------------------------------------------- */
+
+    operation = psa_aead_operation_init( );
+
+    PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) );
+
+    TEST_EQUAL( psa_aead_update( &operation, input_data->x,
+                                 input_data->len, output_data,
+                                 output_size, &output_length ),
+                PSA_ERROR_BAD_STATE );
+
+    psa_aead_abort( &operation );
+
     /* Test for double setting nonce. */
 
     operation = psa_aead_operation_init( );

From b0450febe6fc546b9744b8637b8671a16d809bf6 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Wed, 1 Sep 2021 15:06:26 +0100
Subject: [PATCH 375/966] Tests for sending too much data after set lengths

We previously had tests for not sending enough (additional) data, but
were missing tests for sending too much. I have added these to the state
tests, as I don't think this is complex enough to deserve a standalone
test.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 tests/suites/test_suite_psa_crypto.function | 34 +++++++++++++++++++++
 1 file changed, 34 insertions(+)

diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 0c009811c7..a881087151 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -4407,6 +4407,40 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data,
 
     psa_aead_abort( &operation );
 
+    /* Test for sending too much additional data after setting lengths. */
+
+    operation = psa_aead_operation_init( );
+
+    PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) );
+
+    PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) );
+
+    PSA_ASSERT( psa_aead_set_lengths( &operation, 0, 0 ) );
+
+
+    TEST_EQUAL( psa_aead_update_ad( &operation, additional_data->x,
+                                    additional_data->len ),
+                PSA_ERROR_INVALID_ARGUMENT );
+
+    psa_aead_abort( &operation );
+
+    /* Test for sending too much data after setting lengths. */
+
+    operation = psa_aead_operation_init( );
+
+    PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) );
+
+    PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) );
+
+    PSA_ASSERT( psa_aead_set_lengths( &operation, 0, 0 ) );
+
+    TEST_EQUAL( psa_aead_update( &operation, input_data->x,
+                                 input_data->len, output_data,
+                                 output_size, &output_length ),
+                PSA_ERROR_INVALID_ARGUMENT );
+
+    psa_aead_abort( &operation );
+
     /* Test sending additional data after data. */
 
     operation = psa_aead_operation_init( );

From 88d681ca35a11644a4c492c8a6d8cfd90e0ef391 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Wed, 1 Sep 2021 11:19:33 +0200
Subject: [PATCH 376/966] Make size_t -> int downcasts explicit

mbedtls_cipher_setkey takes an int argument. Cast explicitly, otherwise MSVC
complains.

Where possible, just stick to size_t.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 library/ssl_tls.c             | 6 +++---
 programs/aes/crypt_and_hash.c | 4 ++--
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 1e81384aa7..754c76f80a 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -689,7 +689,7 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
     unsigned char *mac_dec;
     size_t mac_key_len = 0;
     size_t iv_copy_len;
-    unsigned keylen;
+    size_t keylen;
     const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
     const mbedtls_cipher_info_t *cipher_info;
     const mbedtls_md_info_t *md_info;
@@ -1060,7 +1060,7 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
     }
 
     if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx_enc, key1,
-                               mbedtls_cipher_info_get_key_bitlen( cipher_info ),
+                               (int) mbedtls_cipher_info_get_key_bitlen( cipher_info ),
                                MBEDTLS_ENCRYPT ) ) != 0 )
     {
         MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret );
@@ -1068,7 +1068,7 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
     }
 
     if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx_dec, key2,
-                               mbedtls_cipher_info_get_key_bitlen( cipher_info ),
+                               (int) mbedtls_cipher_info_get_key_bitlen( cipher_info ),
                                MBEDTLS_DECRYPT ) ) != 0 )
     {
         MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret );
diff --git a/programs/aes/crypt_and_hash.c b/programs/aes/crypt_and_hash.c
index ba9827f45e..5ed2ece702 100644
--- a/programs/aes/crypt_and_hash.c
+++ b/programs/aes/crypt_and_hash.c
@@ -311,7 +311,7 @@ int main( int argc, char *argv[] )
 
         if( mbedtls_cipher_setkey( &cipher_ctx,
                                    digest,
-                                   mbedtls_cipher_info_get_key_bitlen( cipher_info ),
+                                   (int) mbedtls_cipher_info_get_key_bitlen( cipher_info ),
                            MBEDTLS_ENCRYPT ) != 0 )
         {
             mbedtls_fprintf( stderr, "mbedtls_cipher_setkey() returned error\n");
@@ -452,7 +452,7 @@ int main( int argc, char *argv[] )
 
         if( mbedtls_cipher_setkey( &cipher_ctx,
                                    digest,
-                                   mbedtls_cipher_info_get_key_bitlen( cipher_info ),
+                                   (int) mbedtls_cipher_info_get_key_bitlen( cipher_info ),
                            MBEDTLS_DECRYPT ) != 0 )
         {
             mbedtls_fprintf( stderr, "mbedtls_cipher_setkey() returned error\n" );

From ab46aa0436eb60b4ff15af69758d41fcfe8f7254 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Tue, 17 Aug 2021 10:48:26 +0800
Subject: [PATCH 377/966] Upgrade gnutls-next to 3.7.2

v3.7.2 introduces DISABLE_TLS13_COMPAT_MODE. That can be
used to verify if TLS13 COMPATIBLE is not available.

Change-Id: Id68748e92504835b5a63b2565a618f728e7222f6
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 tests/compat-in-docker.sh      |  4 ++--
 tests/docker/bionic/Dockerfile | 18 +++++++++---------
 tests/ssl-opt-in-docker.sh     |  4 ++--
 3 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/tests/compat-in-docker.sh b/tests/compat-in-docker.sh
index aef0a07289..3a1cd2144c 100755
--- a/tests/compat-in-docker.sh
+++ b/tests/compat-in-docker.sh
@@ -42,13 +42,13 @@ esac
 
 case "${GNUTLS_CLI:-default}" in
     "legacy")  export GNUTLS_CLI="/usr/local/gnutls-3.3.8/bin/gnutls-cli";;
-    "next")  export GNUTLS_CLI="/usr/local/gnutls-3.6.5/bin/gnutls-cli";;
+    "next")  export GNUTLS_CLI="/usr/local/gnutls-3.7.2/bin/gnutls-cli";;
     *) ;;
 esac
 
 case "${GNUTLS_SERV:-default}" in
     "legacy")  export GNUTLS_SERV="/usr/local/gnutls-3.3.8/bin/gnutls-serv";;
-    "next")  export GNUTLS_SERV="/usr/local/gnutls-3.6.5/bin/gnutls-serv";;
+    "next")  export GNUTLS_SERV="/usr/local/gnutls-3.7.2/bin/gnutls-serv";;
     *) ;;
 esac
 
diff --git a/tests/docker/bionic/Dockerfile b/tests/docker/bionic/Dockerfile
index 1d24aa3268..41789c677c 100644
--- a/tests/docker/bionic/Dockerfile
+++ b/tests/docker/bionic/Dockerfile
@@ -137,29 +137,29 @@ RUN cd /tmp \
 ENV GNUTLS_CLI=/usr/local/gnutls-3.4.10/bin/gnutls-cli
 ENV GNUTLS_SERV=/usr/local/gnutls-3.4.10/bin/gnutls-serv
 
-# Build libnettle 3.4 (needed by gnutls next)
+# Build libnettle 3.7.3 (needed by gnutls next)
 RUN cd /tmp \
-    && wget https://ftp.gnu.org/gnu/nettle/nettle-3.4.1.tar.gz -qO- | tar xz \
-    && cd nettle-3.4.1 \
+    && wget https://ftp.gnu.org/gnu/nettle/nettle-3.7.3.tar.gz -qO- | tar xz \
+    && cd nettle-3.7.3 \
     && ./configure --disable-documentation \
     && make ${MAKEFLAGS_PARALLEL} \
     && make install \
     && /sbin/ldconfig \
     && rm -rf /tmp/nettle*
 
-# Build gnutls next (3.6.5)
+# Build gnutls next (3.7.2)
 RUN cd /tmp \
-    && wget https://www.gnupg.org/ftp/gcrypt/gnutls/v3.6/gnutls-3.6.5.tar.xz -qO- | tar xJ \
-    && cd gnutls-3.6.5 \
-    && ./configure --prefix=/usr/local/gnutls-3.6.5 --exec_prefix=/usr/local/gnutls-3.6.5 \
+    && wget https://www.gnupg.org/ftp/gcrypt/gnutls/v3.7/gnutls-3.7.2.tar.xz -qO- | tar xJ \
+    && cd gnutls-3.7.2 \
+    && ./configure --prefix=/usr/local/gnutls-3.7.2 --exec_prefix=/usr/local/gnutls-3.7.2 \
         --with-included-libtasn1 --with-included-unistring --without-p11-kit \
         --disable-shared --disable-guile --disable-doc \
     && make ${MAKEFLAGS_PARALLEL} \
     && make install \
     && rm -rf /tmp/gnutls*
 
-ENV GNUTLS_NEXT_CLI=/usr/local/gnutls-3.6.5/bin/gnutls-cli
-ENV GNUTLS_NEXT_SERV=/usr/local/gnutls-3.6.5/bin/gnutls-serv
+ENV GNUTLS_NEXT_CLI=/usr/local/gnutls-3.7.2/bin/gnutls-cli
+ENV GNUTLS_NEXT_SERV=/usr/local/gnutls-3.7.2/bin/gnutls-serv
 
 RUN pip3 install --no-cache-dir \
     mbed-host-tests \
diff --git a/tests/ssl-opt-in-docker.sh b/tests/ssl-opt-in-docker.sh
index 401a69c569..e7bb01d8ca 100755
--- a/tests/ssl-opt-in-docker.sh
+++ b/tests/ssl-opt-in-docker.sh
@@ -42,13 +42,13 @@ esac
 
 case "${GNUTLS_CLI:-default}" in
     "legacy")  export GNUTLS_CLI="/usr/local/gnutls-3.3.8/bin/gnutls-cli";;
-    "next")  export GNUTLS_CLI="/usr/local/gnutls-3.6.5/bin/gnutls-cli";;
+    "next")  export GNUTLS_CLI="/usr/local/gnutls-3.7.2/bin/gnutls-cli";;
     *) ;;
 esac
 
 case "${GNUTLS_SERV:-default}" in
     "legacy")  export GNUTLS_SERV="/usr/local/gnutls-3.3.8/bin/gnutls-serv";;
-    "next")  export GNUTLS_SERV="/usr/local/gnutls-3.6.5/bin/gnutls-serv";;
+    "next")  export GNUTLS_SERV="/usr/local/gnutls-3.7.2/bin/gnutls-serv";;
     *) ;;
 esac
 

From b12d81d1a30656305e3dd8dc39b9489bc3988002 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Tue, 17 Aug 2021 10:56:08 +0800
Subject: [PATCH 378/966] Add feature tests for gnutls-next

Test NO_TICKETS and DISABLE_TLS13_COMPAT_MODE

Change-Id: Idf21b36bd64c7eefe4e0e6fb875b2e06ebb0aa07
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 tests/ssl-opt.sh | 46 +++++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 43 insertions(+), 3 deletions(-)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index ad925f0f0c..bf5d9dbd97 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -405,6 +405,44 @@ requires_gnutls_tls1_3() {
     fi
 }
 
+# check %NO_TICKETS option
+requires_gnutls_next_no_ticket() {
+    requires_gnutls_next
+    if [ "$GNUTLS_NEXT_AVAILABLE" = "NO" ]; then
+        GNUTLS_NO_TICKETS_AVAILABLE="NO"
+    fi
+    if [ -z "${GNUTLS_NO_TICKETS_AVAILABLE:-}" ]; then
+        if $GNUTLS_NEXT_CLI --priority-list 2>&1 | grep NO_TICKETS >/dev/null
+        then
+            GNUTLS_NO_TICKETS_AVAILABLE="YES"
+        else
+            GNUTLS_NO_TICKETS_AVAILABLE="NO"
+        fi
+    fi
+    if [ "$GNUTLS_NO_TICKETS_AVAILABLE" = "NO" ]; then
+        SKIP_NEXT="YES"
+    fi
+}
+
+# check %%DISABLE_TLS13_COMPAT_MODE option
+requires_gnutls_next_disable_tls13_compat() {
+    requires_gnutls_next
+    if [ "$GNUTLS_NEXT_AVAILABLE" = "NO" ]; then
+        GNUTLS_DISABLE_TLS13_COMPAT_MODE_AVAILABLE="NO"
+    fi
+    if [ -z "${GNUTLS_DISABLE_TLS13_COMPAT_MODE_AVAILABLE:-}" ]; then
+        if $GNUTLS_NEXT_CLI --priority-list 2>&1 | grep DISABLE_TLS13_COMPAT_MODE >/dev/null
+        then
+            GNUTLS_DISABLE_TLS13_COMPAT_MODE_AVAILABLE="YES"
+        else
+            GNUTLS_DISABLE_TLS13_COMPAT_MODE_AVAILABLE="NO"
+        fi
+    fi
+    if [ "$GNUTLS_DISABLE_TLS13_COMPAT_MODE_AVAILABLE" = "NO" ]; then
+        SKIP_NEXT="YES"
+    fi
+}
+
 # skip next test if IPv6 isn't available on this host
 requires_ipv6() {
     if [ -z "${HAS_IPV6:-}" ]; then
@@ -8589,11 +8627,13 @@ run_test    "TLS1.3: Test openssl tls1_3 feature" \
             -c "TLS 1.3" \
             -s "TLS 1.3"
 
-# gnutls feature tests: check if tls1.3 exists.
+# gnutls feature tests: check if tls1.3,NO_TICKETS and DISABLE_TLS13_COMPAT_MODE exist.
 requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
 run_test    "TLS1.3: Test gnutls tls1_3 feature" \
-            "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3" \
-            "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V" \
+            "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
+            "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \
             0 \
             -s "Version: TLS1.3" \
             -c "Version: TLS1.3"

From 64f0b5f454092950fb4ddc5eff5b415a2bad71d7 Mon Sep 17 00:00:00 2001
From: Mateusz Starzyk <mateusz.starzyk@mobica.com>
Date: Thu, 2 Sep 2021 11:50:38 +0200
Subject: [PATCH 379/966] Return BAD_INPUT error for CCM context's erroneous
 state

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
---
 library/ccm.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/library/ccm.c b/library/ccm.c
index d9d25cecd9..ca95b8eeb7 100644
--- a/library/ccm.c
+++ b/library/ccm.c
@@ -263,7 +263,7 @@ int mbedtls_ccm_update_ad( mbedtls_ccm_context *ctx,
 
     if( ctx->state & CCM_STATE__ERROR )
     {
-        return ret;
+        return MBEDTLS_ERR_CCM_BAD_INPUT;
     }
 
     if( ctx->add_len > 0 && add_len > 0 )
@@ -339,7 +339,7 @@ int mbedtls_ccm_update( mbedtls_ccm_context *ctx,
 
     if( ctx->state & CCM_STATE__ERROR )
     {
-        return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+        return MBEDTLS_ERR_CCM_BAD_INPUT;
     }
 
     if( ctx->processed + input_len > ctx->plaintext_len )

From 75261df2e3c9d9e892291e23b7af375a91386e71 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Thu, 2 Sep 2021 17:40:08 +0800
Subject: [PATCH 380/966] fix comment issues

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 tests/ssl-opt.sh | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index bf5d9dbd97..3e199e2881 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -405,7 +405,7 @@ requires_gnutls_tls1_3() {
     fi
 }
 
-# check %NO_TICKETS option
+# Check %NO_TICKETS option
 requires_gnutls_next_no_ticket() {
     requires_gnutls_next
     if [ "$GNUTLS_NEXT_AVAILABLE" = "NO" ]; then
@@ -424,7 +424,7 @@ requires_gnutls_next_no_ticket() {
     fi
 }
 
-# check %%DISABLE_TLS13_COMPAT_MODE option
+# Check %DISABLE_TLS13_COMPAT_MODE option
 requires_gnutls_next_disable_tls13_compat() {
     requires_gnutls_next
     if [ "$GNUTLS_NEXT_AVAILABLE" = "NO" ]; then
@@ -8627,7 +8627,7 @@ run_test    "TLS1.3: Test openssl tls1_3 feature" \
             -c "TLS 1.3" \
             -s "TLS 1.3"
 
-# gnutls feature tests: check if tls1.3,NO_TICKETS and DISABLE_TLS13_COMPAT_MODE exist.
+# gnutls feature tests: check if TLS 1.3 is supported as well as the NO_TICKETS and DISABLE_TLS13_COMPAT_MODE options.
 requires_gnutls_tls1_3
 requires_gnutls_next_no_ticket
 requires_gnutls_next_disable_tls13_compat

From df2507301b12e9247cad8dbb94e5bee144ed8ec0 Mon Sep 17 00:00:00 2001
From: Mateusz Starzyk <mateusz.starzyk@mobica.com>
Date: Thu, 2 Sep 2021 12:36:02 +0200
Subject: [PATCH 381/966] Use AES-128 for multipart CCM corner cases tests

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
---
 tests/suites/test_suite_ccm.data | 112 +++++++++++++++----------------
 1 file changed, 56 insertions(+), 56 deletions(-)

diff --git a/tests/suites/test_suite_ccm.data b/tests/suites/test_suite_ccm.data
index 91aa98bd43..c8f6351633 100644
--- a/tests/suites/test_suite_ccm.data
+++ b/tests/suites/test_suite_ccm.data
@@ -1550,110 +1550,110 @@ CCM* decrypt, skip update NIST DVPT AES-256 #23 (P=0, N=13, A=32, T=16)
 depends_on:MBEDTLS_AES_C
 mbedtls_ccm_skip_update:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_DECRYPT:"8c5cf3457ff22228c39c051c4e05ed4093657eb303f859a9d4b0f8be0127d88a":"a544218dadd3c10583db49cf39":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e09a1005e024f6907":"867b0d87cf6e0f718200a97b4f6d5ad5"
 
-CCM encrypt, overflow ad NIST VADT AES-192 #14 (P=24, N=13, A=13, T=16)
+CCM encrypt, overflow ad NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_overflow_ad:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_ENCRYPT:"b5f43f3ae38a6165f0f990abe9ee50cd9ad7e847a0a51731":"13501aebda19a9bf1b5ffaa42a":"ead4c45ff9db54f9902a6de181"
+mbedtls_ccm_overflow_ad:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_ENCRYPT:"d32088d50df9aba14d9022c870a0cb85":"e16c69861efc206e85aab1255e":"a6f73242f2f227350c0277e4e72cdaa6"
 
-CCM encrypt, incomplete ad NIST VADT AES-192 #14 (P=24, N=13, A=13, T=16)
+CCM encrypt, incomplete ad NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_incomplete_ad:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_ENCRYPT:"b5f43f3ae38a6165f0f990abe9ee50cd9ad7e847a0a51731":"13501aebda19a9bf1b5ffaa42a":"ead4c45ff9db54f9902a6de181"
+mbedtls_ccm_incomplete_ad:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_ENCRYPT:"d32088d50df9aba14d9022c870a0cb85":"e16c69861efc206e85aab1255e":"a6f73242f2f227350c0277e4e72cdaa6"
 
-CCM encrypt, full ad and overflow NIST VADT AES-192 #14 (P=24, N=13, A=13, T=16)
+CCM encrypt, full ad and overflow NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_full_ad_and_overflow:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_ENCRYPT:"b5f43f3ae38a6165f0f990abe9ee50cd9ad7e847a0a51731":"13501aebda19a9bf1b5ffaa42a":"ead4c45ff9db54f9902a6de181"
+mbedtls_ccm_full_ad_and_overflow:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_ENCRYPT:"d32088d50df9aba14d9022c870a0cb85":"e16c69861efc206e85aab1255e":"a6f73242f2f227350c0277e4e72cdaa6"
 
-CCM encrypt, overflow update NIST VADT AES-192 #14 (P=24, N=13, A=13, T=16)
+CCM encrypt, overflow update NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_overflow_update:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_ENCRYPT:"b5f43f3ae38a6165f0f990abe9ee50cd9ad7e847a0a51731":"3726c1aaf85ee8099a7ebd3268700e07d4b3f292c65bba34":"13501aebda19a9bf1b5ffaa42a":"ead4c45ff9db54f9902a6de181"
+mbedtls_ccm_overflow_update:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_ENCRYPT:"d32088d50df9aba14d9022c870a0cb85":"4b10788c1a03bca656f04f1f98":"e16c69861efc206e85aab1255e":"0eff7d7bcceb873c3203a8df74f4e91b04bd607ec11202f96cfeb99f5bcdb7aa"
 
-CCM encrypt, incomplete update NIST VADT AES-192 #14 (P=24, N=13, A=13, T=16)
+CCM encrypt, incomplete update NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_incomplete_update:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_ENCRYPT:"b5f43f3ae38a6165f0f990abe9ee50cd9ad7e847a0a51731":"3726c1aaf85ee8099a7ebd3268700e07d4b3f292c65bba34":"13501aebda19a9bf1b5ffaa42a":"ead4c45ff9db54f9902a6de181"
+mbedtls_ccm_incomplete_update:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_ENCRYPT:"d32088d50df9aba14d9022c870a0cb85":"4b10788c1a03bca656f04f1f98":"e16c69861efc206e85aab1255e":"0eff7d7bcceb873c3203a8df74f4e91b04bd607ec11202f96cfeb99f5bcdb7aa"
 
-CCM encrypt, full update and overflow NIST VADT AES-192 #14 (P=24, N=13, A=13, T=16)
+CCM encrypt, full update and overflow NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_full_update_and_overflow:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_ENCRYPT:"b5f43f3ae38a6165f0f990abe9ee50cd9ad7e847a0a51731":"3726c1aaf85ee8099a7ebd3268700e07d4b3f292c65bba34":"13501aebda19a9bf1b5ffaa42a":"ead4c45ff9db54f9902a6de181"
+mbedtls_ccm_full_update_and_overflow:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_ENCRYPT:"d32088d50df9aba14d9022c870a0cb85":"4b10788c1a03bca656f04f1f98":"e16c69861efc206e85aab1255e":"0eff7d7bcceb873c3203a8df74f4e91b04bd607ec11202f96cfeb99f5bcdb7aa"
 
-CCM decrypt, overflow ad NIST VADT AES-192 #14 (P=24, N=13, A=13, T=16)
+CCM decrypt, overflow ad NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_overflow_ad:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_DECRYPT:"b5f43f3ae38a6165f0f990abe9ee50cd9ad7e847a0a51731":"13501aebda19a9bf1b5ffaa42a":"ead4c45ff9db54f9902a6de181"
+mbedtls_ccm_overflow_ad:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_DECRYPT:"d32088d50df9aba14d9022c870a0cb85":"e16c69861efc206e85aab1255e":"a6f73242f2f227350c0277e4e72cdaa6"
 
-CCM decrypt, incomplete ad NIST VADT AES-192 #14 (P=24, N=13, A=13, T=16)
+CCM decrypt, incomplete ad NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_incomplete_ad:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_DECRYPT:"b5f43f3ae38a6165f0f990abe9ee50cd9ad7e847a0a51731":"13501aebda19a9bf1b5ffaa42a":"ead4c45ff9db54f9902a6de181"
+mbedtls_ccm_incomplete_ad:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_DECRYPT:"d32088d50df9aba14d9022c870a0cb85":"e16c69861efc206e85aab1255e":"a6f73242f2f227350c0277e4e72cdaa6"
 
-CCM decrypt, full ad and overflow NIST VADT AES-192 #14 (P=24, N=13, A=13, T=16)
+CCM decrypt, full ad and overflow NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_full_ad_and_overflow:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_DECRYPT:"b5f43f3ae38a6165f0f990abe9ee50cd9ad7e847a0a51731":"13501aebda19a9bf1b5ffaa42a":"ead4c45ff9db54f9902a6de181"
+mbedtls_ccm_full_ad_and_overflow:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_DECRYPT:"d32088d50df9aba14d9022c870a0cb85":"e16c69861efc206e85aab1255e":"a6f73242f2f227350c0277e4e72cdaa6"
 
-CCM decrypt, overflow update NIST VADT AES-192 #14 (P=24, N=13, A=13, T=16)
+CCM decrypt, overflow update NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16))
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_overflow_update:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_DECRYPT:"b5f43f3ae38a6165f0f990abe9ee50cd9ad7e847a0a51731":"3726c1aaf85ee8099a7ebd3268700e07d4b3f292c65bba34":"13501aebda19a9bf1b5ffaa42a":"ead4c45ff9db54f9902a6de181"
+mbedtls_ccm_overflow_update:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_DECRYPT:"d32088d50df9aba14d9022c870a0cb85":"4b10788c1a03bca656f04f1f98":"e16c69861efc206e85aab1255e":"0eff7d7bcceb873c3203a8df74f4e91b04bd607ec11202f96cfeb99f5bcdb7aa"
 
-CCM decrypt, incomplete update NIST VADT AES-192 #14 (P=24, N=13, A=13, T=16)
+CCM decrypt, incomplete update NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16))
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_incomplete_update:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_DECRYPT:"b5f43f3ae38a6165f0f990abe9ee50cd9ad7e847a0a51731":"3726c1aaf85ee8099a7ebd3268700e07d4b3f292c65bba34":"13501aebda19a9bf1b5ffaa42a":"ead4c45ff9db54f9902a6de181"
+mbedtls_ccm_incomplete_update:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_DECRYPT:"d32088d50df9aba14d9022c870a0cb85":"4b10788c1a03bca656f04f1f98":"e16c69861efc206e85aab1255e":"0eff7d7bcceb873c3203a8df74f4e91b04bd607ec11202f96cfeb99f5bcdb7aa"
 
-CCM decrypt, full update and overflow NIST VADT AES-192 #14 (P=24, N=13, A=13, T=16)
+CCM decrypt, full update and overflow NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_full_update_and_overflow:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_DECRYPT:"b5f43f3ae38a6165f0f990abe9ee50cd9ad7e847a0a51731":"3726c1aaf85ee8099a7ebd3268700e07d4b3f292c65bba34":"13501aebda19a9bf1b5ffaa42a":"ead4c45ff9db54f9902a6de181"
+mbedtls_ccm_full_update_and_overflow:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_DECRYPT:"d32088d50df9aba14d9022c870a0cb85":"4b10788c1a03bca656f04f1f98":"e16c69861efc206e85aab1255e":"0eff7d7bcceb873c3203a8df74f4e91b04bd607ec11202f96cfeb99f5bcdb7aa"
 
-CCM* encrypt, overflow ad NIST VADT AES-192 #14 (P=24, N=13, A=13, T=16)
+CCM* encrypt, overflow ad NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_overflow_ad:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_ENCRYPT:"b5f43f3ae38a6165f0f990abe9ee50cd9ad7e847a0a51731":"13501aebda19a9bf1b5ffaa42a":"ead4c45ff9db54f9902a6de181"
+mbedtls_ccm_overflow_ad:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_ENCRYPT:"d32088d50df9aba14d9022c870a0cb85":"e16c69861efc206e85aab1255e":"a6f73242f2f227350c0277e4e72cdaa6"
 
-CCM* encrypt, incomplete ad NIST VADT AES-192 #14 (P=24, N=13, A=13, T=16)
+CCM* encrypt, incomplete ad NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_incomplete_ad:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_ENCRYPT:"b5f43f3ae38a6165f0f990abe9ee50cd9ad7e847a0a51731":"13501aebda19a9bf1b5ffaa42a":"ead4c45ff9db54f9902a6de181"
+mbedtls_ccm_incomplete_ad:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_ENCRYPT:"d32088d50df9aba14d9022c870a0cb85":"e16c69861efc206e85aab1255e":"a6f73242f2f227350c0277e4e72cdaa6"
 
-CCM* encrypt, full ad and overflow NIST VADT AES-192 #14 (P=24, N=13, A=13, T=16)
+CCM* encrypt, full ad and overflow NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_full_ad_and_overflow:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_ENCRYPT:"b5f43f3ae38a6165f0f990abe9ee50cd9ad7e847a0a51731":"13501aebda19a9bf1b5ffaa42a":"ead4c45ff9db54f9902a6de181"
+mbedtls_ccm_full_ad_and_overflow:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_ENCRYPT:"d32088d50df9aba14d9022c870a0cb85":"e16c69861efc206e85aab1255e":"a6f73242f2f227350c0277e4e72cdaa6"
 
-CCM* encrypt, overflow update NIST VADT AES-192 #14 (P=24, N=13, A=13, T=16)
+CCM* encrypt, overflow update NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_overflow_update:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_ENCRYPT:"b5f43f3ae38a6165f0f990abe9ee50cd9ad7e847a0a51731":"3726c1aaf85ee8099a7ebd3268700e07d4b3f292c65bba34":"13501aebda19a9bf1b5ffaa42a":"ead4c45ff9db54f9902a6de181"
+mbedtls_ccm_overflow_update:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_ENCRYPT:"d32088d50df9aba14d9022c870a0cb85":"4b10788c1a03bca656f04f1f98":"e16c69861efc206e85aab1255e":"0eff7d7bcceb873c3203a8df74f4e91b04bd607ec11202f96cfeb99f5bcdb7aa"
 
-CCM* encrypt, incomplete update NIST VADT AES-192 #14 (P=24, N=13, A=13, T=16)
+CCM* encrypt, incomplete update NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_incomplete_update:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_ENCRYPT:"b5f43f3ae38a6165f0f990abe9ee50cd9ad7e847a0a51731":"3726c1aaf85ee8099a7ebd3268700e07d4b3f292c65bba34":"13501aebda19a9bf1b5ffaa42a":"ead4c45ff9db54f9902a6de181"
+mbedtls_ccm_incomplete_update:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_ENCRYPT:"d32088d50df9aba14d9022c870a0cb85":"4b10788c1a03bca656f04f1f98":"e16c69861efc206e85aab1255e":"0eff7d7bcceb873c3203a8df74f4e91b04bd607ec11202f96cfeb99f5bcdb7aa"
 
-CCM* encrypt, full update and overflow NIST VADT AES-192 #14 (P=24, N=13, A=13, T=16)
+CCM* encrypt, full update and overflow NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_full_update_and_overflow:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_ENCRYPT:"b5f43f3ae38a6165f0f990abe9ee50cd9ad7e847a0a51731":"3726c1aaf85ee8099a7ebd3268700e07d4b3f292c65bba34":"13501aebda19a9bf1b5ffaa42a":"ead4c45ff9db54f9902a6de181"
+mbedtls_ccm_full_update_and_overflow:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_ENCRYPT:"d32088d50df9aba14d9022c870a0cb85":"4b10788c1a03bca656f04f1f98":"e16c69861efc206e85aab1255e":"0eff7d7bcceb873c3203a8df74f4e91b04bd607ec11202f96cfeb99f5bcdb7aa"
 
-CCM* decrypt, overflow ad NIST VADT AES-192 #14 (P=24, N=13, A=13, T=16)
+CCM* decrypt, overflow ad NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_overflow_ad:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_DECRYPT:"b5f43f3ae38a6165f0f990abe9ee50cd9ad7e847a0a51731":"13501aebda19a9bf1b5ffaa42a":"ead4c45ff9db54f9902a6de181"
+mbedtls_ccm_overflow_ad:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_DECRYPT:"d32088d50df9aba14d9022c870a0cb85":"e16c69861efc206e85aab1255e":"a6f73242f2f227350c0277e4e72cdaa6"
 
-CCM* decrypt, incomplete ad NIST VADT AES-192 #14 (P=24, N=13, A=13, T=16)
+CCM* decrypt, incomplete ad NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_incomplete_ad:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_DECRYPT:"b5f43f3ae38a6165f0f990abe9ee50cd9ad7e847a0a51731":"13501aebda19a9bf1b5ffaa42a":"ead4c45ff9db54f9902a6de181"
+mbedtls_ccm_incomplete_ad:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_DECRYPT:"d32088d50df9aba14d9022c870a0cb85":"e16c69861efc206e85aab1255e":"a6f73242f2f227350c0277e4e72cdaa6"
 
-CCM* decrypt, full ad and overflow NIST VADT AES-192 #14 (P=24, N=13, A=13, T=16)
+CCM* decrypt, full ad and overflow NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_full_ad_and_overflow:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_DECRYPT:"b5f43f3ae38a6165f0f990abe9ee50cd9ad7e847a0a51731":"13501aebda19a9bf1b5ffaa42a":"ead4c45ff9db54f9902a6de181"
+mbedtls_ccm_full_ad_and_overflow:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_DECRYPT:"d32088d50df9aba14d9022c870a0cb85":"e16c69861efc206e85aab1255e":"a6f73242f2f227350c0277e4e72cdaa6"
 
-CCM* decrypt, overflow update NIST VADT AES-192 #14 (P=24, N=13, A=13, T=16)
+CCM* decrypt, overflow update NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_overflow_update:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_DECRYPT:"b5f43f3ae38a6165f0f990abe9ee50cd9ad7e847a0a51731":"3726c1aaf85ee8099a7ebd3268700e07d4b3f292c65bba34":"13501aebda19a9bf1b5ffaa42a":"ead4c45ff9db54f9902a6de181"
+mbedtls_ccm_overflow_update:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_DECRYPT:"d32088d50df9aba14d9022c870a0cb85":"4b10788c1a03bca656f04f1f98":"e16c69861efc206e85aab1255e":"0eff7d7bcceb873c3203a8df74f4e91b04bd607ec11202f96cfeb99f5bcdb7aa"
 
-CCM* decrypt, incomplete update NIST VADT AES-192 #14 (P=24, N=13, A=13, T=16)
+CCM* decrypt, incomplete update NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_incomplete_update:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_DECRYPT:"b5f43f3ae38a6165f0f990abe9ee50cd9ad7e847a0a51731":"3726c1aaf85ee8099a7ebd3268700e07d4b3f292c65bba34":"13501aebda19a9bf1b5ffaa42a":"ead4c45ff9db54f9902a6de181"
+mbedtls_ccm_incomplete_update:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_DECRYPT:"d32088d50df9aba14d9022c870a0cb85":"4b10788c1a03bca656f04f1f98":"e16c69861efc206e85aab1255e":"0eff7d7bcceb873c3203a8df74f4e91b04bd607ec11202f96cfeb99f5bcdb7aa"
 
-CCM* decrypt, full update and overflow NIST VADT AES-192 #14 (P=24, N=13, A=13, T=16)
+CCM* decrypt, full update and overflow NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_full_update_and_overflow:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_DECRYPT:"b5f43f3ae38a6165f0f990abe9ee50cd9ad7e847a0a51731":"3726c1aaf85ee8099a7ebd3268700e07d4b3f292c65bba34":"13501aebda19a9bf1b5ffaa42a":"ead4c45ff9db54f9902a6de181"
+mbedtls_ccm_full_update_and_overflow:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_DECRYPT:"d32088d50df9aba14d9022c870a0cb85":"4b10788c1a03bca656f04f1f98":"e16c69861efc206e85aab1255e":"0eff7d7bcceb873c3203a8df74f4e91b04bd607ec11202f96cfeb99f5bcdb7aa"
 
-CCM encrypt, instant finish NIST VADT AES-192 #14 (P=24, N=13, A=13, T=16)
-mbedtls_ccm_instant_finish:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_ENCRYPT:"b5f43f3ae38a6165f0f990abe9ee50cd9ad7e847a0a51731":"13501aebda19a9bf1b5ffaa42a"
+CCM encrypt, instant finish NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16)
+mbedtls_ccm_instant_finish:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_ENCRYPT:"d32088d50df9aba14d9022c870a0cb85":"4b10788c1a03bca656f04f1f98"
 
-CCM decrypt, instant finish NIST VADT AES-192 #14 (P=24, N=13, A=13, T=16)
-mbedtls_ccm_instant_finish:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_DECRYPT:"b5f43f3ae38a6165f0f990abe9ee50cd9ad7e847a0a51731":"13501aebda19a9bf1b5ffaa42a"
+CCM decrypt, instant finish NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16)
+mbedtls_ccm_instant_finish:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_DECRYPT:"d32088d50df9aba14d9022c870a0cb85":"4b10788c1a03bca656f04f1f98"
 
-CCM* encrypt, instant finish NIST VADT AES-192 #14 (P=24, N=13, A=13, T=16)
-mbedtls_ccm_instant_finish:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_ENCRYPT:"b5f43f3ae38a6165f0f990abe9ee50cd9ad7e847a0a51731":"13501aebda19a9bf1b5ffaa42a"
+CCM* encrypt, instant finish NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16)
+mbedtls_ccm_instant_finish:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_ENCRYPT:"d32088d50df9aba14d9022c870a0cb85":"4b10788c1a03bca656f04f1f98"
 
-CCM* decrypt, instant finish NIST VADT AES-192 #14 (P=24, N=13, A=13, T=16)
-mbedtls_ccm_instant_finish:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_DECRYPT:"b5f43f3ae38a6165f0f990abe9ee50cd9ad7e847a0a51731":"13501aebda19a9bf1b5ffaa42a"
+CCM* decrypt, instant finish NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16)
+mbedtls_ccm_instant_finish:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_DECRYPT:"d32088d50df9aba14d9022c870a0cb85":"4b10788c1a03bca656f04f1f98"

From 8394484f0ade7173c00bc08b3e2c42021893b140 Mon Sep 17 00:00:00 2001
From: Joe Subbiani <joe.subbiani@arm.com>
Date: Tue, 20 Jul 2021 18:26:03 +0100
Subject: [PATCH 382/966] Add draft python tool to translate MBed ciphersuites

Created 2 functions
 - translate_gnu()
 - translate_ossl()

Each function takes a parameter `m_cipher` (expected in the MBedTLS naming
standard), and through a series of edge cases/replaces, modifies the
ciphersuite name to match the GNU and OpenSSL naming conventions respectively.

This will serve as to maintain a single list that can be translated, rather
than maintaining 3 lists for OpenSSL and GNU also.

This commit serves as a checkpoint, and the program will be cleaned up in the
future.

The program currently runs a series of tests to check every given ciphersuite name
combination in compat.sh to ensure they are translated correctly.

Some OpenSSL names appear to have typos and as such have been corrected in
this program until I have recieved more information. The errors were commented
out to keep note of.

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
---
 translate_ciphers.py | 485 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 485 insertions(+)
 create mode 100644 translate_ciphers.py

diff --git a/translate_ciphers.py b/translate_ciphers.py
new file mode 100644
index 0000000000..cf0be7257d
--- /dev/null
+++ b/translate_ciphers.py
@@ -0,0 +1,485 @@
+
+def translate_gnu(m_cipher):
+
+    m_cipher = "+" + m_cipher[4:]
+    m_cipher = m_cipher.replace("-WITH-", ":+")
+    m_cipher = m_cipher.replace("-EDE", "")
+    if m_cipher.split("-")[-1] == "SHA":
+        m_cipher = m_cipher+"1"
+    
+    
+    if m_cipher.split("-")[-1] == "8" or m_cipher.split("-")[-1] == "CCM":
+        m_cipher = m_cipher+":+AEAD"
+    else:
+        index=m_cipher.rindex("-")
+        m_cipher = m_cipher[:index]+":+"+m_cipher[index+1:]
+        m_cipher = m_cipher.replace("GCM:+SHA256", "GCM:+AEAD")
+        m_cipher = m_cipher.replace("GCM:+SHA384", "GCM:+AEAD")
+
+    return m_cipher
+    
+def translate_ossl(m_cipher):
+    m_cipher = m_cipher[4:]
+    m_cipher = m_cipher.replace("-WITH", "")
+    m_cipher = m_cipher.replace("AES-", "AES")
+    m_cipher = m_cipher.replace("CAMELLIA-", "CAMELLIA")
+    m_cipher = m_cipher.replace("ARIA-", "ARIA")
+        
+    m_cipher = m_cipher.replace("-EDE", "")
+
+    m_cipher = m_cipher.replace("3DES-CBC", "DES-CBC3")
+    try:
+        index = m_cipher.rindex("CBC")
+        if m_cipher[index-4:index-1] != "DES":
+            m_cipher = m_cipher.replace("CBC-", "")
+    except:
+        pass
+
+    if m_cipher[:4] == "RSA-":
+        m_cipher = m_cipher[4:]
+
+    m_cipher = m_cipher.replace("ECDHE-RSA-ARIA", "ECDHE-ARIA")
+
+    try:
+        index = m_cipher.rindex("POLY1305")
+        m_cipher=m_cipher[:index+8]
+    except Exception as e:
+        pass#print(e)
+
+    return m_cipher
+
+def test_all_common():
+    m_ciphers = [
+        "TLS-ECDHE-ECDSA-WITH-NULL-SHA",
+        "TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA",
+        "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA",
+        "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA",
+
+        "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256",
+        "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384",
+        "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256",
+        "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384",
+
+        "TLS-DHE-RSA-WITH-AES-128-CBC-SHA",
+        "TLS-DHE-RSA-WITH-AES-256-CBC-SHA",
+        "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA",
+        "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA",
+        "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA",
+        "TLS-RSA-WITH-AES-256-CBC-SHA",
+        "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA",
+        "TLS-RSA-WITH-AES-128-CBC-SHA",
+        "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA",
+        "TLS-RSA-WITH-3DES-EDE-CBC-SHA",
+        "TLS-RSA-WITH-NULL-MD5",
+        "TLS-RSA-WITH-NULL-SHA",
+
+        "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA",
+        "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA",
+        "TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA",
+        "TLS-ECDHE-RSA-WITH-NULL-SHA",
+
+        "TLS-RSA-WITH-AES-128-CBC-SHA256",
+        "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256",
+        "TLS-RSA-WITH-AES-256-CBC-SHA256",
+        "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256",
+        "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256",
+        "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384",
+        "TLS-RSA-WITH-AES-128-GCM-SHA256",
+        "TLS-RSA-WITH-AES-256-GCM-SHA384",
+        "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256",
+        "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384",
+        "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256",
+        "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384",
+                    
+        "TLS-PSK-WITH-3DES-EDE-CBC-SHA",
+        "TLS-PSK-WITH-AES-128-CBC-SHA",
+        "TLS-PSK-WITH-AES-256-CBC-SHA",
+    ]
+    g_ciphers = [
+        "+ECDHE-ECDSA:+NULL:+SHA1",
+        "+ECDHE-ECDSA:+3DES-CBC:+SHA1",
+        "+ECDHE-ECDSA:+AES-128-CBC:+SHA1",
+        "+ECDHE-ECDSA:+AES-256-CBC:+SHA1",
+
+        "+ECDHE-ECDSA:+AES-128-CBC:+SHA256",
+        "+ECDHE-ECDSA:+AES-256-CBC:+SHA384",
+        "+ECDHE-ECDSA:+AES-128-GCM:+AEAD",
+        "+ECDHE-ECDSA:+AES-256-GCM:+AEAD",
+                    
+        "+DHE-RSA:+AES-128-CBC:+SHA1",
+        "+DHE-RSA:+AES-256-CBC:+SHA1",
+        "+DHE-RSA:+CAMELLIA-128-CBC:+SHA1",
+        "+DHE-RSA:+CAMELLIA-256-CBC:+SHA1",
+        "+DHE-RSA:+3DES-CBC:+SHA1",
+        "+RSA:+AES-256-CBC:+SHA1",
+        "+RSA:+CAMELLIA-256-CBC:+SHA1",
+        "+RSA:+AES-128-CBC:+SHA1",
+        "+RSA:+CAMELLIA-128-CBC:+SHA1",
+        "+RSA:+3DES-CBC:+SHA1",
+        "+RSA:+NULL:+MD5",
+        "+RSA:+NULL:+SHA1",
+
+        "+ECDHE-RSA:+AES-128-CBC:+SHA1",
+        "+ECDHE-RSA:+AES-256-CBC:+SHA1",
+        "+ECDHE-RSA:+3DES-CBC:+SHA1",
+        "+ECDHE-RSA:+NULL:+SHA1",
+                    
+        "+RSA:+AES-128-CBC:+SHA256",
+        "+DHE-RSA:+AES-128-CBC:+SHA256",
+        "+RSA:+AES-256-CBC:+SHA256",
+        "+DHE-RSA:+AES-256-CBC:+SHA256",
+        "+ECDHE-RSA:+AES-128-CBC:+SHA256",
+        "+ECDHE-RSA:+AES-256-CBC:+SHA384",
+        "+RSA:+AES-128-GCM:+AEAD",
+        "+RSA:+AES-256-GCM:+AEAD",
+        "+DHE-RSA:+AES-128-GCM:+AEAD",
+        "+DHE-RSA:+AES-256-GCM:+AEAD",
+        "+ECDHE-RSA:+AES-128-GCM:+AEAD",
+        "+ECDHE-RSA:+AES-256-GCM:+AEAD",
+        
+        "+PSK:+3DES-CBC:+SHA1",
+        "+PSK:+AES-128-CBC:+SHA1",
+        "+PSK:+AES-256-CBC:+SHA1",
+    ]
+    o_ciphers = [
+        "ECDHE-ECDSA-NULL-SHA",
+        "ECDHE-ECDSA-DES-CBC3-SHA",
+        "ECDHE-ECDSA-AES128-SHA",
+        "ECDHE-ECDSA-AES256-SHA",
+
+        "ECDHE-ECDSA-AES128-SHA256",
+        "ECDHE-ECDSA-AES256-SHA384",
+        "ECDHE-ECDSA-AES128-GCM-SHA256",
+        "ECDHE-ECDSA-AES256-GCM-SHA384",
+
+        "DHE-RSA-AES128-SHA",
+        "DHE-RSA-AES256-SHA",
+        "DHE-RSA-CAMELLIA128-SHA",
+        "DHE-RSA-CAMELLIA256-SHA",
+        #"EDH-RSA-DES-CBC3-SHA",
+        "DHE-RSA-DES-CBC3-SHA",
+        "AES256-SHA",
+        "CAMELLIA256-SHA",
+        "AES128-SHA",
+        "CAMELLIA128-SHA",
+        "DES-CBC3-SHA",
+        "NULL-MD5",
+        "NULL-SHA",
+
+        "ECDHE-RSA-AES128-SHA",
+        "ECDHE-RSA-AES256-SHA",
+        "ECDHE-RSA-DES-CBC3-SHA",
+        "ECDHE-RSA-NULL-SHA",
+
+        #"NULL-SHA256",
+        "AES128-SHA256",
+        "DHE-RSA-AES128-SHA256",
+        "AES256-SHA256",
+        "DHE-RSA-AES256-SHA256",
+        "ECDHE-RSA-AES128-SHA256",
+        "ECDHE-RSA-AES256-SHA384",
+        "AES128-GCM-SHA256",
+        "AES256-GCM-SHA384",
+        "DHE-RSA-AES128-GCM-SHA256",
+        "DHE-RSA-AES256-GCM-SHA384",
+        "ECDHE-RSA-AES128-GCM-SHA256",
+        "ECDHE-RSA-AES256-GCM-SHA384",
+
+        #"PSK-3DES-EDE-CBC-SHA",
+        #"PSK-AES128-CBC-SHA",
+        #"PSK-AES256-CBC-SHA",
+
+        "PSK-DES-CBC3-SHA",
+        "PSK-AES128-SHA",
+        "PSK-AES256-SHA",
+    ]
+    
+    for i in range(len(m_ciphers)):
+
+        g = translate_gnu(m_ciphers[i])
+        if g!=g_ciphers[i]:
+            print("GNU", i)
+            print("new".ljust(10), g)
+            print("original".ljust(10), g_ciphers[i])
+        #    break
+
+        
+        o = translate_ossl(m_ciphers[i])
+        if o!=o_ciphers[i]:
+            print("OpenSSL", i)
+            print("new".ljust(10), o)
+            print("original".ljust(10), o_ciphers[i])
+        #    break
+        
+def test_mbed_ossl_common():
+    m_ciphers = [
+        "TLS-ECDH-ECDSA-WITH-NULL-SHA",
+        "TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA",
+        "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA",
+        "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA",
+
+        "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256",
+        "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384",
+        "TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256",
+        "TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384",
+        "TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384",
+        "TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256",
+        "TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256",
+
+        "TLS-RSA-WITH-DES-CBC-SHA",
+        "TLS-DHE-RSA-WITH-DES-CBC-SHA",
+
+        "TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384",
+        "TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384",
+        "TLS-RSA-WITH-ARIA-256-GCM-SHA384",
+        "TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256",
+        "TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256",
+        "TLS-RSA-WITH-ARIA-128-GCM-SHA256",
+        "TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
+        "TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
+
+        "TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384",
+        "TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256",
+        "TLS-PSK-WITH-ARIA-256-GCM-SHA384",
+        "TLS-PSK-WITH-ARIA-128-GCM-SHA256",
+        "TLS-PSK-WITH-CHACHA20-POLY1305-SHA256",
+        "TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256",
+        "TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256",
+    ]
+    o_ciphers = [
+        "ECDH-ECDSA-NULL-SHA",
+        "ECDH-ECDSA-DES-CBC3-SHA",
+        "ECDH-ECDSA-AES128-SHA",
+        "ECDH-ECDSA-AES256-SHA",
+
+        "ECDH-ECDSA-AES128-SHA256",
+        "ECDH-ECDSA-AES256-SHA384",
+        "ECDH-ECDSA-AES128-GCM-SHA256",
+        "ECDH-ECDSA-AES256-GCM-SHA384",
+        "ECDHE-ECDSA-ARIA256-GCM-SHA384",
+        "ECDHE-ECDSA-ARIA128-GCM-SHA256",
+        "ECDHE-ECDSA-CHACHA20-POLY1305",
+
+        "DES-CBC-SHA",
+        #"EDH-RSA-DES-CBC-SHA",
+        "DHE-RSA-DES-CBC-SHA",
+
+        "ECDHE-ARIA256-GCM-SHA384",
+        "DHE-RSA-ARIA256-GCM-SHA384",
+        "ARIA256-GCM-SHA384",
+        "ECDHE-ARIA128-GCM-SHA256",
+        "DHE-RSA-ARIA128-GCM-SHA256",
+        "ARIA128-GCM-SHA256",
+        "DHE-RSA-CHACHA20-POLY1305",
+        "ECDHE-RSA-CHACHA20-POLY1305",
+
+        "DHE-PSK-ARIA256-GCM-SHA384",
+        "DHE-PSK-ARIA128-GCM-SHA256",
+        "PSK-ARIA256-GCM-SHA384",
+        "PSK-ARIA128-GCM-SHA256",
+        "PSK-CHACHA20-POLY1305",
+        "ECDHE-PSK-CHACHA20-POLY1305",
+        "DHE-PSK-CHACHA20-POLY1305",
+    ]
+
+    for i in range(len(m_ciphers)):
+
+        o = translate_ossl(m_ciphers[i])
+        if o!=o_ciphers[i]:
+            print("OpenSSL", i)
+            print("new".ljust(10), o)
+            print("original".ljust(10), o_ciphers[i])
+        #    break
+
+def test_mbed_gnu_common():
+    m_ciphers = [
+        "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
+        "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
+        "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256",
+        "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384",
+        "TLS-ECDHE-ECDSA-WITH-AES-128-CCM",
+        "TLS-ECDHE-ECDSA-WITH-AES-256-CCM",
+        "TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8",
+        "TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8",
+
+        "TLS-RSA-WITH-NULL-SHA256",
+
+        "TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
+        "TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384",
+        "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256",
+        "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256",
+        "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
+        "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256",
+        "TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
+        "TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
+        "TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
+        "TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
+        "TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256",
+        "TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384",
+        "TLS-RSA-WITH-AES-128-CCM",
+        "TLS-RSA-WITH-AES-256-CCM",
+        "TLS-DHE-RSA-WITH-AES-128-CCM",
+        "TLS-DHE-RSA-WITH-AES-256-CCM",
+        "TLS-RSA-WITH-AES-128-CCM-8",
+        "TLS-RSA-WITH-AES-256-CCM-8",
+        "TLS-DHE-RSA-WITH-AES-128-CCM-8",
+        "TLS-DHE-RSA-WITH-AES-256-CCM-8",                    
+
+        "TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA",
+        "TLS-DHE-PSK-WITH-AES-128-CBC-SHA",
+        "TLS-DHE-PSK-WITH-AES-256-CBC-SHA",
+
+        "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA",
+        "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA",
+        "TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA",
+        "TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA",
+        "TLS-RSA-PSK-WITH-AES-256-CBC-SHA",
+        "TLS-RSA-PSK-WITH-AES-128-CBC-SHA",
+
+        "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384",
+        "TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
+        "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256",
+        "TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
+        "TLS-ECDHE-PSK-WITH-NULL-SHA384",
+        "TLS-ECDHE-PSK-WITH-NULL-SHA256",
+        "TLS-PSK-WITH-AES-128-CBC-SHA256",
+        "TLS-PSK-WITH-AES-256-CBC-SHA384",
+        "TLS-DHE-PSK-WITH-AES-128-CBC-SHA256",
+        "TLS-DHE-PSK-WITH-AES-256-CBC-SHA384",
+        "TLS-PSK-WITH-NULL-SHA256",
+        "TLS-PSK-WITH-NULL-SHA384",
+        "TLS-DHE-PSK-WITH-NULL-SHA256",
+        "TLS-DHE-PSK-WITH-NULL-SHA384",
+        "TLS-RSA-PSK-WITH-AES-256-CBC-SHA384",
+        "TLS-RSA-PSK-WITH-AES-128-CBC-SHA256",
+        "TLS-RSA-PSK-WITH-NULL-SHA256",
+        "TLS-RSA-PSK-WITH-NULL-SHA384",
+        "TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
+        "TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
+        "TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256",
+        "TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384",
+        "TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384",
+        "TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256",
+        "TLS-PSK-WITH-AES-128-GCM-SHA256",
+        "TLS-PSK-WITH-AES-256-GCM-SHA384",
+        "TLS-DHE-PSK-WITH-AES-128-GCM-SHA256",
+        "TLS-DHE-PSK-WITH-AES-256-GCM-SHA384",
+        "TLS-PSK-WITH-AES-128-CCM",
+        "TLS-PSK-WITH-AES-256-CCM",
+        "TLS-DHE-PSK-WITH-AES-128-CCM",
+        "TLS-DHE-PSK-WITH-AES-256-CCM",
+        "TLS-PSK-WITH-AES-128-CCM-8",
+        "TLS-PSK-WITH-AES-256-CCM-8",
+        "TLS-DHE-PSK-WITH-AES-128-CCM-8",
+        "TLS-DHE-PSK-WITH-AES-256-CCM-8",
+        "TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256",
+        "TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384",
+        "TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256",
+        "TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384",
+        "TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256",
+        "TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384",
+        "TLS-RSA-PSK-WITH-AES-256-GCM-SHA384",
+        "TLS-RSA-PSK-WITH-AES-128-GCM-SHA256",
+    ]
+    g_ciphers = [
+        "+ECDHE-ECDSA:+CAMELLIA-128-CBC:+SHA256",
+        "+ECDHE-ECDSA:+CAMELLIA-256-CBC:+SHA384",
+        "+ECDHE-ECDSA:+CAMELLIA-128-GCM:+AEAD",
+        "+ECDHE-ECDSA:+CAMELLIA-256-GCM:+AEAD",
+        "+ECDHE-ECDSA:+AES-128-CCM:+AEAD",
+        "+ECDHE-ECDSA:+AES-256-CCM:+AEAD",
+        "+ECDHE-ECDSA:+AES-128-CCM-8:+AEAD",
+        "+ECDHE-ECDSA:+AES-256-CCM-8:+AEAD",
+
+        "+RSA:+NULL:+SHA256",
+
+        "+ECDHE-RSA:+CAMELLIA-128-CBC:+SHA256",
+        "+ECDHE-RSA:+CAMELLIA-256-CBC:+SHA384",
+        "+RSA:+CAMELLIA-128-CBC:+SHA256",
+        "+RSA:+CAMELLIA-256-CBC:+SHA256",
+        "+DHE-RSA:+CAMELLIA-128-CBC:+SHA256",
+        "+DHE-RSA:+CAMELLIA-256-CBC:+SHA256",
+        "+ECDHE-RSA:+CAMELLIA-128-GCM:+AEAD",
+        "+ECDHE-RSA:+CAMELLIA-256-GCM:+AEAD",
+        "+DHE-RSA:+CAMELLIA-128-GCM:+AEAD",
+        "+DHE-RSA:+CAMELLIA-256-GCM:+AEAD",
+        "+RSA:+CAMELLIA-128-GCM:+AEAD",
+        "+RSA:+CAMELLIA-256-GCM:+AEAD",
+        "+RSA:+AES-128-CCM:+AEAD",
+        "+RSA:+AES-256-CCM:+AEAD",
+        "+DHE-RSA:+AES-128-CCM:+AEAD",
+        "+DHE-RSA:+AES-256-CCM:+AEAD",
+        "+RSA:+AES-128-CCM-8:+AEAD",
+        "+RSA:+AES-256-CCM-8:+AEAD",
+        "+DHE-RSA:+AES-128-CCM-8:+AEAD",
+        "+DHE-RSA:+AES-256-CCM-8:+AEAD",
+        
+        "+DHE-PSK:+3DES-CBC:+SHA1",
+        "+DHE-PSK:+AES-128-CBC:+SHA1",
+        "+DHE-PSK:+AES-256-CBC:+SHA1",
+
+        "+ECDHE-PSK:+AES-256-CBC:+SHA1",
+        "+ECDHE-PSK:+AES-128-CBC:+SHA1",
+        "+ECDHE-PSK:+3DES-CBC:+SHA1",
+        "+RSA-PSK:+3DES-CBC:+SHA1",
+        "+RSA-PSK:+AES-256-CBC:+SHA1",
+        "+RSA-PSK:+AES-128-CBC:+SHA1",
+        
+        "+ECDHE-PSK:+AES-256-CBC:+SHA384",
+        "+ECDHE-PSK:+CAMELLIA-256-CBC:+SHA384",
+        "+ECDHE-PSK:+AES-128-CBC:+SHA256",
+        "+ECDHE-PSK:+CAMELLIA-128-CBC:+SHA256",
+        "+ECDHE-PSK:+NULL:+SHA384",
+        "+ECDHE-PSK:+NULL:+SHA256",
+        "+PSK:+AES-128-CBC:+SHA256",
+        "+PSK:+AES-256-CBC:+SHA384",
+        "+DHE-PSK:+AES-128-CBC:+SHA256",
+        "+DHE-PSK:+AES-256-CBC:+SHA384",
+        "+PSK:+NULL:+SHA256",
+        "+PSK:+NULL:+SHA384",
+        "+DHE-PSK:+NULL:+SHA256",
+        "+DHE-PSK:+NULL:+SHA384",
+        "+RSA-PSK:+AES-256-CBC:+SHA384",
+        "+RSA-PSK:+AES-128-CBC:+SHA256",
+        "+RSA-PSK:+NULL:+SHA256",
+        "+RSA-PSK:+NULL:+SHA384",
+        "+DHE-PSK:+CAMELLIA-128-CBC:+SHA256",
+        "+DHE-PSK:+CAMELLIA-256-CBC:+SHA384",
+        "+PSK:+CAMELLIA-128-CBC:+SHA256",
+        "+PSK:+CAMELLIA-256-CBC:+SHA384",
+        "+RSA-PSK:+CAMELLIA-256-CBC:+SHA384",
+        "+RSA-PSK:+CAMELLIA-128-CBC:+SHA256",
+        "+PSK:+AES-128-GCM:+AEAD",
+        "+PSK:+AES-256-GCM:+AEAD",
+        "+DHE-PSK:+AES-128-GCM:+AEAD",
+        "+DHE-PSK:+AES-256-GCM:+AEAD",
+        "+PSK:+AES-128-CCM:+AEAD",
+        "+PSK:+AES-256-CCM:+AEAD",
+        "+DHE-PSK:+AES-128-CCM:+AEAD",
+        "+DHE-PSK:+AES-256-CCM:+AEAD",
+        "+PSK:+AES-128-CCM-8:+AEAD",
+        "+PSK:+AES-256-CCM-8:+AEAD",
+        "+DHE-PSK:+AES-128-CCM-8:+AEAD",
+        "+DHE-PSK:+AES-256-CCM-8:+AEAD",
+        "+RSA-PSK:+CAMELLIA-128-GCM:+AEAD",
+        "+RSA-PSK:+CAMELLIA-256-GCM:+AEAD",
+        "+PSK:+CAMELLIA-128-GCM:+AEAD",
+        "+PSK:+CAMELLIA-256-GCM:+AEAD",
+        "+DHE-PSK:+CAMELLIA-128-GCM:+AEAD",
+        "+DHE-PSK:+CAMELLIA-256-GCM:+AEAD",
+        "+RSA-PSK:+AES-256-GCM:+AEAD",
+        "+RSA-PSK:+AES-128-GCM:+AEAD",
+    ]
+
+    for i in range(len(m_ciphers)):
+
+        g = translate_gnu(m_ciphers[i])
+        if g!=g_ciphers[i]:
+            print("GNU", i)
+            print("new".ljust(10), g)
+            print("original".ljust(10), g_ciphers[i])
+        #    break
+
+test_all_common()
+test_mbed_ossl_common()
+test_mbed_gnu_common()
\ No newline at end of file

From 3ad58329da67e6eed6148da2c6ceade44a84c5bb Mon Sep 17 00:00:00 2001
From: Joe Subbiani <joe.subbiani@arm.com>
Date: Wed, 21 Jul 2021 16:48:54 +0100
Subject: [PATCH 383/966] Reformat translation functions and test in seperate
 file

Moved the test over to a seperate file, where I can start experimenting with
how the script will be called.
Commented and improved the translation functions. They should be more readable,
however I added comments anyway to quickly identify every step involved with
te translation from MBedTLS to GNU or OpenSSL

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
---
 test_translate.py    | 427 +++++++++++++++++++++++++++++++++++++
 translate_ciphers.py | 495 ++++---------------------------------------
 2 files changed, 465 insertions(+), 457 deletions(-)
 create mode 100644 test_translate.py

diff --git a/test_translate.py b/test_translate.py
new file mode 100644
index 0000000000..9de283059c
--- /dev/null
+++ b/test_translate.py
@@ -0,0 +1,427 @@
+from translate_ciphers import *
+
+def assert_equal(translate, original):
+    try:
+        assert(translate == original)
+    except AssertionError:
+        print("%s\n%s\n" %(translate, original))
+
+def test_all_common():
+    m_ciphers = [
+        "TLS-ECDHE-ECDSA-WITH-NULL-SHA",
+        "TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA",
+        "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA",
+        "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA",
+
+        "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256",
+        "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384",
+        "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256",
+        "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384",
+
+        "TLS-DHE-RSA-WITH-AES-128-CBC-SHA",
+        "TLS-DHE-RSA-WITH-AES-256-CBC-SHA",
+        "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA",
+        "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA",
+        "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA",
+        "TLS-RSA-WITH-AES-256-CBC-SHA",
+        "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA",
+        "TLS-RSA-WITH-AES-128-CBC-SHA",
+        "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA",
+        "TLS-RSA-WITH-3DES-EDE-CBC-SHA",
+        "TLS-RSA-WITH-NULL-MD5",
+        "TLS-RSA-WITH-NULL-SHA",
+
+        "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA",
+        "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA",
+        "TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA",
+        "TLS-ECDHE-RSA-WITH-NULL-SHA",
+
+        "TLS-RSA-WITH-AES-128-CBC-SHA256",
+        "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256",
+        "TLS-RSA-WITH-AES-256-CBC-SHA256",
+        "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256",
+        "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256",
+        "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384",
+        "TLS-RSA-WITH-AES-128-GCM-SHA256",
+        "TLS-RSA-WITH-AES-256-GCM-SHA384",
+        "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256",
+        "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384",
+        "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256",
+        "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384",
+
+        "TLS-PSK-WITH-3DES-EDE-CBC-SHA",
+        "TLS-PSK-WITH-AES-128-CBC-SHA",
+        "TLS-PSK-WITH-AES-256-CBC-SHA",
+    ]
+    g_ciphers = [
+        "+ECDHE-ECDSA:+NULL:+SHA1",
+        "+ECDHE-ECDSA:+3DES-CBC:+SHA1",
+        "+ECDHE-ECDSA:+AES-128-CBC:+SHA1",
+        "+ECDHE-ECDSA:+AES-256-CBC:+SHA1",
+
+        "+ECDHE-ECDSA:+AES-128-CBC:+SHA256",
+        "+ECDHE-ECDSA:+AES-256-CBC:+SHA384",
+        "+ECDHE-ECDSA:+AES-128-GCM:+AEAD",
+        "+ECDHE-ECDSA:+AES-256-GCM:+AEAD",
+
+        "+DHE-RSA:+AES-128-CBC:+SHA1",
+        "+DHE-RSA:+AES-256-CBC:+SHA1",
+        "+DHE-RSA:+CAMELLIA-128-CBC:+SHA1",
+        "+DHE-RSA:+CAMELLIA-256-CBC:+SHA1",
+        "+DHE-RSA:+3DES-CBC:+SHA1",
+        "+RSA:+AES-256-CBC:+SHA1",
+        "+RSA:+CAMELLIA-256-CBC:+SHA1",
+        "+RSA:+AES-128-CBC:+SHA1",
+        "+RSA:+CAMELLIA-128-CBC:+SHA1",
+        "+RSA:+3DES-CBC:+SHA1",
+        "+RSA:+NULL:+MD5",
+        "+RSA:+NULL:+SHA1",
+
+        "+ECDHE-RSA:+AES-128-CBC:+SHA1",
+        "+ECDHE-RSA:+AES-256-CBC:+SHA1",
+        "+ECDHE-RSA:+3DES-CBC:+SHA1",
+        "+ECDHE-RSA:+NULL:+SHA1",
+
+        "+RSA:+AES-128-CBC:+SHA256",
+        "+DHE-RSA:+AES-128-CBC:+SHA256",
+        "+RSA:+AES-256-CBC:+SHA256",
+        "+DHE-RSA:+AES-256-CBC:+SHA256",
+        "+ECDHE-RSA:+AES-128-CBC:+SHA256",
+        "+ECDHE-RSA:+AES-256-CBC:+SHA384",
+        "+RSA:+AES-128-GCM:+AEAD",
+        "+RSA:+AES-256-GCM:+AEAD",
+        "+DHE-RSA:+AES-128-GCM:+AEAD",
+        "+DHE-RSA:+AES-256-GCM:+AEAD",
+        "+ECDHE-RSA:+AES-128-GCM:+AEAD",
+        "+ECDHE-RSA:+AES-256-GCM:+AEAD",
+
+        "+PSK:+3DES-CBC:+SHA1",
+        "+PSK:+AES-128-CBC:+SHA1",
+        "+PSK:+AES-256-CBC:+SHA1",
+    ]
+    o_ciphers = [
+        "ECDHE-ECDSA-NULL-SHA",
+        "ECDHE-ECDSA-DES-CBC3-SHA",
+        "ECDHE-ECDSA-AES128-SHA",
+        "ECDHE-ECDSA-AES256-SHA",
+
+        "ECDHE-ECDSA-AES128-SHA256",
+        "ECDHE-ECDSA-AES256-SHA384",
+        "ECDHE-ECDSA-AES128-GCM-SHA256",
+        "ECDHE-ECDSA-AES256-GCM-SHA384",
+
+        "DHE-RSA-AES128-SHA",
+        "DHE-RSA-AES256-SHA",
+        "DHE-RSA-CAMELLIA128-SHA",
+        "DHE-RSA-CAMELLIA256-SHA",
+        "EDH-RSA-DES-CBC3-SHA",
+        "AES256-SHA",
+        "CAMELLIA256-SHA",
+        "AES128-SHA",
+        "CAMELLIA128-SHA",
+        "DES-CBC3-SHA",
+        "NULL-MD5",
+        "NULL-SHA",
+
+        "ECDHE-RSA-AES128-SHA",
+        "ECDHE-RSA-AES256-SHA",
+        "ECDHE-RSA-DES-CBC3-SHA",
+        "ECDHE-RSA-NULL-SHA",
+
+        #"NULL-SHA256",
+        "AES128-SHA256",
+        "DHE-RSA-AES128-SHA256",
+        "AES256-SHA256",
+        "DHE-RSA-AES256-SHA256",
+        "ECDHE-RSA-AES128-SHA256",
+        "ECDHE-RSA-AES256-SHA384",
+        "AES128-GCM-SHA256",
+        "AES256-GCM-SHA384",
+        "DHE-RSA-AES128-GCM-SHA256",
+        "DHE-RSA-AES256-GCM-SHA384",
+        "ECDHE-RSA-AES128-GCM-SHA256",
+        "ECDHE-RSA-AES256-GCM-SHA384",
+
+        "PSK-3DES-EDE-CBC-SHA",
+        "PSK-AES128-CBC-SHA",
+        "PSK-AES256-CBC-SHA",
+
+        #"PSK-DES-CBC3-SHA",
+        #"PSK-AES128-SHA",
+        #"PSK-AES256-SHA",
+    ]
+
+    for i in range(len(m_ciphers)):
+
+        g = translate_gnu(m_ciphers[i])
+        assert_equal(g, g_ciphers[i])
+
+        o = translate_ossl(m_ciphers[i])
+        assert_equal(o, o_ciphers[i])
+
+def test_mbed_ossl_common():
+    m_ciphers = [
+        "TLS-ECDH-ECDSA-WITH-NULL-SHA",
+        "TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA",
+        "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA",
+        "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA",
+
+        "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256",
+        "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384",
+        "TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256",
+        "TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384",
+        "TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384",
+        "TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256",
+        "TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256",
+
+        "TLS-RSA-WITH-DES-CBC-SHA",
+        "TLS-DHE-RSA-WITH-DES-CBC-SHA",
+
+        "TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384",
+        "TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384",
+        "TLS-RSA-WITH-ARIA-256-GCM-SHA384",
+        "TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256",
+        "TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256",
+        "TLS-RSA-WITH-ARIA-128-GCM-SHA256",
+        "TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
+        "TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
+
+        "TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384",
+        "TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256",
+        "TLS-PSK-WITH-ARIA-256-GCM-SHA384",
+        "TLS-PSK-WITH-ARIA-128-GCM-SHA256",
+        "TLS-PSK-WITH-CHACHA20-POLY1305-SHA256",
+        "TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256",
+        "TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256",
+    ]
+    o_ciphers = [
+        "ECDH-ECDSA-NULL-SHA",
+        "ECDH-ECDSA-DES-CBC3-SHA",
+        "ECDH-ECDSA-AES128-SHA",
+        "ECDH-ECDSA-AES256-SHA",
+
+        "ECDH-ECDSA-AES128-SHA256",
+        "ECDH-ECDSA-AES256-SHA384",
+        "ECDH-ECDSA-AES128-GCM-SHA256",
+        "ECDH-ECDSA-AES256-GCM-SHA384",
+        "ECDHE-ECDSA-ARIA256-GCM-SHA384",
+        "ECDHE-ECDSA-ARIA128-GCM-SHA256",
+        "ECDHE-ECDSA-CHACHA20-POLY1305",
+
+        "DES-CBC-SHA",
+        "EDH-RSA-DES-CBC-SHA",
+        #"DHE-RSA-DES-CBC-SHA",
+
+        "ECDHE-ARIA256-GCM-SHA384",
+        "DHE-RSA-ARIA256-GCM-SHA384",
+        "ARIA256-GCM-SHA384",
+        "ECDHE-ARIA128-GCM-SHA256",
+        "DHE-RSA-ARIA128-GCM-SHA256",
+        "ARIA128-GCM-SHA256",
+        "DHE-RSA-CHACHA20-POLY1305",
+        "ECDHE-RSA-CHACHA20-POLY1305",
+
+        "DHE-PSK-ARIA256-GCM-SHA384",
+        "DHE-PSK-ARIA128-GCM-SHA256",
+        "PSK-ARIA256-GCM-SHA384",
+        "PSK-ARIA128-GCM-SHA256",
+        "PSK-CHACHA20-POLY1305",
+        "ECDHE-PSK-CHACHA20-POLY1305",
+        "DHE-PSK-CHACHA20-POLY1305",
+    ]
+
+    for i in range(len(m_ciphers)):
+
+        o = translate_ossl(m_ciphers[i])
+        assert_equal(o, o_ciphers[i])
+
+        
+def test_mbed_gnu_common():
+    m_ciphers = [
+        "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
+        "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
+        "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256",
+        "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384",
+        "TLS-ECDHE-ECDSA-WITH-AES-128-CCM",
+        "TLS-ECDHE-ECDSA-WITH-AES-256-CCM",
+        "TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8",
+        "TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8",
+
+        "TLS-RSA-WITH-NULL-SHA256",
+
+        "TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
+        "TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384",
+        "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256",
+        "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256",
+        "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
+        "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256",
+        "TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
+        "TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
+        "TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
+        "TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
+        "TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256",
+        "TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384",
+        "TLS-RSA-WITH-AES-128-CCM",
+        "TLS-RSA-WITH-AES-256-CCM",
+        "TLS-DHE-RSA-WITH-AES-128-CCM",
+        "TLS-DHE-RSA-WITH-AES-256-CCM",
+        "TLS-RSA-WITH-AES-128-CCM-8",
+        "TLS-RSA-WITH-AES-256-CCM-8",
+        "TLS-DHE-RSA-WITH-AES-128-CCM-8",
+        "TLS-DHE-RSA-WITH-AES-256-CCM-8",
+
+        "TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA",
+        "TLS-DHE-PSK-WITH-AES-128-CBC-SHA",
+        "TLS-DHE-PSK-WITH-AES-256-CBC-SHA",
+
+        "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA",
+        "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA",
+        "TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA",
+        "TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA",
+        "TLS-RSA-PSK-WITH-AES-256-CBC-SHA",
+        "TLS-RSA-PSK-WITH-AES-128-CBC-SHA",
+
+        "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384",
+        "TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
+        "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256",
+        "TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
+        "TLS-ECDHE-PSK-WITH-NULL-SHA384",
+        "TLS-ECDHE-PSK-WITH-NULL-SHA256",
+        "TLS-PSK-WITH-AES-128-CBC-SHA256",
+        "TLS-PSK-WITH-AES-256-CBC-SHA384",
+        "TLS-DHE-PSK-WITH-AES-128-CBC-SHA256",
+        "TLS-DHE-PSK-WITH-AES-256-CBC-SHA384",
+        "TLS-PSK-WITH-NULL-SHA256",
+        "TLS-PSK-WITH-NULL-SHA384",
+        "TLS-DHE-PSK-WITH-NULL-SHA256",
+        "TLS-DHE-PSK-WITH-NULL-SHA384",
+        "TLS-RSA-PSK-WITH-AES-256-CBC-SHA384",
+        "TLS-RSA-PSK-WITH-AES-128-CBC-SHA256",
+        "TLS-RSA-PSK-WITH-NULL-SHA256",
+        "TLS-RSA-PSK-WITH-NULL-SHA384",
+        "TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
+        "TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
+        "TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256",
+        "TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384",
+        "TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384",
+        "TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256",
+        "TLS-PSK-WITH-AES-128-GCM-SHA256",
+        "TLS-PSK-WITH-AES-256-GCM-SHA384",
+        "TLS-DHE-PSK-WITH-AES-128-GCM-SHA256",
+        "TLS-DHE-PSK-WITH-AES-256-GCM-SHA384",
+        "TLS-PSK-WITH-AES-128-CCM",
+        "TLS-PSK-WITH-AES-256-CCM",
+        "TLS-DHE-PSK-WITH-AES-128-CCM",
+        "TLS-DHE-PSK-WITH-AES-256-CCM",
+        "TLS-PSK-WITH-AES-128-CCM-8",
+        "TLS-PSK-WITH-AES-256-CCM-8",
+        "TLS-DHE-PSK-WITH-AES-128-CCM-8",
+        "TLS-DHE-PSK-WITH-AES-256-CCM-8",
+        "TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256",
+        "TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384",
+        "TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256",
+        "TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384",
+        "TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256",
+        "TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384",
+        "TLS-RSA-PSK-WITH-AES-256-GCM-SHA384",
+        "TLS-RSA-PSK-WITH-AES-128-GCM-SHA256",
+    ]
+    g_ciphers = [
+        "+ECDHE-ECDSA:+CAMELLIA-128-CBC:+SHA256",
+        "+ECDHE-ECDSA:+CAMELLIA-256-CBC:+SHA384",
+        "+ECDHE-ECDSA:+CAMELLIA-128-GCM:+AEAD",
+        "+ECDHE-ECDSA:+CAMELLIA-256-GCM:+AEAD",
+        "+ECDHE-ECDSA:+AES-128-CCM:+AEAD",
+        "+ECDHE-ECDSA:+AES-256-CCM:+AEAD",
+        "+ECDHE-ECDSA:+AES-128-CCM-8:+AEAD",
+        "+ECDHE-ECDSA:+AES-256-CCM-8:+AEAD",
+
+        "+RSA:+NULL:+SHA256",
+
+        "+ECDHE-RSA:+CAMELLIA-128-CBC:+SHA256",
+        "+ECDHE-RSA:+CAMELLIA-256-CBC:+SHA384",
+        "+RSA:+CAMELLIA-128-CBC:+SHA256",
+        "+RSA:+CAMELLIA-256-CBC:+SHA256",
+        "+DHE-RSA:+CAMELLIA-128-CBC:+SHA256",
+        "+DHE-RSA:+CAMELLIA-256-CBC:+SHA256",
+        "+ECDHE-RSA:+CAMELLIA-128-GCM:+AEAD",
+        "+ECDHE-RSA:+CAMELLIA-256-GCM:+AEAD",
+        "+DHE-RSA:+CAMELLIA-128-GCM:+AEAD",
+        "+DHE-RSA:+CAMELLIA-256-GCM:+AEAD",
+        "+RSA:+CAMELLIA-128-GCM:+AEAD",
+        "+RSA:+CAMELLIA-256-GCM:+AEAD",
+        "+RSA:+AES-128-CCM:+AEAD",
+        "+RSA:+AES-256-CCM:+AEAD",
+        "+DHE-RSA:+AES-128-CCM:+AEAD",
+        "+DHE-RSA:+AES-256-CCM:+AEAD",
+        "+RSA:+AES-128-CCM-8:+AEAD",
+        "+RSA:+AES-256-CCM-8:+AEAD",
+        "+DHE-RSA:+AES-128-CCM-8:+AEAD",
+        "+DHE-RSA:+AES-256-CCM-8:+AEAD",
+
+        "+DHE-PSK:+3DES-CBC:+SHA1",
+        "+DHE-PSK:+AES-128-CBC:+SHA1",
+        "+DHE-PSK:+AES-256-CBC:+SHA1",
+
+        "+ECDHE-PSK:+AES-256-CBC:+SHA1",
+        "+ECDHE-PSK:+AES-128-CBC:+SHA1",
+        "+ECDHE-PSK:+3DES-CBC:+SHA1",
+        "+RSA-PSK:+3DES-CBC:+SHA1",
+        "+RSA-PSK:+AES-256-CBC:+SHA1",
+        "+RSA-PSK:+AES-128-CBC:+SHA1",
+
+        "+ECDHE-PSK:+AES-256-CBC:+SHA384",
+        "+ECDHE-PSK:+CAMELLIA-256-CBC:+SHA384",
+        "+ECDHE-PSK:+AES-128-CBC:+SHA256",
+        "+ECDHE-PSK:+CAMELLIA-128-CBC:+SHA256",
+        "+ECDHE-PSK:+NULL:+SHA384",
+        "+ECDHE-PSK:+NULL:+SHA256",
+        "+PSK:+AES-128-CBC:+SHA256",
+        "+PSK:+AES-256-CBC:+SHA384",
+        "+DHE-PSK:+AES-128-CBC:+SHA256",
+        "+DHE-PSK:+AES-256-CBC:+SHA384",
+        "+PSK:+NULL:+SHA256",
+        "+PSK:+NULL:+SHA384",
+        "+DHE-PSK:+NULL:+SHA256",
+        "+DHE-PSK:+NULL:+SHA384",
+        "+RSA-PSK:+AES-256-CBC:+SHA384",
+        "+RSA-PSK:+AES-128-CBC:+SHA256",
+        "+RSA-PSK:+NULL:+SHA256",
+        "+RSA-PSK:+NULL:+SHA384",
+        "+DHE-PSK:+CAMELLIA-128-CBC:+SHA256",
+        "+DHE-PSK:+CAMELLIA-256-CBC:+SHA384",
+        "+PSK:+CAMELLIA-128-CBC:+SHA256",
+        "+PSK:+CAMELLIA-256-CBC:+SHA384",
+        "+RSA-PSK:+CAMELLIA-256-CBC:+SHA384",
+        "+RSA-PSK:+CAMELLIA-128-CBC:+SHA256",
+        "+PSK:+AES-128-GCM:+AEAD",
+        "+PSK:+AES-256-GCM:+AEAD",
+        "+DHE-PSK:+AES-128-GCM:+AEAD",
+        "+DHE-PSK:+AES-256-GCM:+AEAD",
+        "+PSK:+AES-128-CCM:+AEAD",
+        "+PSK:+AES-256-CCM:+AEAD",
+        "+DHE-PSK:+AES-128-CCM:+AEAD",
+        "+DHE-PSK:+AES-256-CCM:+AEAD",
+        "+PSK:+AES-128-CCM-8:+AEAD",
+        "+PSK:+AES-256-CCM-8:+AEAD",
+        "+DHE-PSK:+AES-128-CCM-8:+AEAD",
+        "+DHE-PSK:+AES-256-CCM-8:+AEAD",
+        "+RSA-PSK:+CAMELLIA-128-GCM:+AEAD",
+        "+RSA-PSK:+CAMELLIA-256-GCM:+AEAD",
+        "+PSK:+CAMELLIA-128-GCM:+AEAD",
+        "+PSK:+CAMELLIA-256-GCM:+AEAD",
+        "+DHE-PSK:+CAMELLIA-128-GCM:+AEAD",
+        "+DHE-PSK:+CAMELLIA-256-GCM:+AEAD",
+        "+RSA-PSK:+AES-256-GCM:+AEAD",
+        "+RSA-PSK:+AES-128-GCM:+AEAD",
+    ]
+
+    for i in range(len(m_ciphers)):
+
+        g = translate_gnu(m_ciphers[i])
+        assert_equal(g, g_ciphers[i])
+        
+
+test_all_common()
+test_mbed_ossl_common()
+test_mbed_gnu_common()
diff --git a/translate_ciphers.py b/translate_ciphers.py
index cf0be7257d..e17d41c75b 100644
--- a/translate_ciphers.py
+++ b/translate_ciphers.py
@@ -1,485 +1,66 @@
+import re
 
 def translate_gnu(m_cipher):
-
+    # Remove "TLS-"
+    # Replace "-WITH-" with ":+"
+    # Remove "EDE"
     m_cipher = "+" + m_cipher[4:]
     m_cipher = m_cipher.replace("-WITH-", ":+")
     m_cipher = m_cipher.replace("-EDE", "")
-    if m_cipher.split("-")[-1] == "SHA":
+
+    # SHA == SHA1, if the last 3 chars are SHA append 1
+    if m_cipher[-3:] == "SHA":
         m_cipher = m_cipher+"1"
-    
-    
-    if m_cipher.split("-")[-1] == "8" or m_cipher.split("-")[-1] == "CCM":
+
+    # CCM or CCM-8 should be followed by ":+AEAD"
+    if "CCM" in m_cipher:
         m_cipher = m_cipher+":+AEAD"
+
+    # Replace the last "-" with ":+"
+    # Replace "GCM:+SHAxyz" with "GCM:+AEAD"
     else:
         index=m_cipher.rindex("-")
         m_cipher = m_cipher[:index]+":+"+m_cipher[index+1:]
-        m_cipher = m_cipher.replace("GCM:+SHA256", "GCM:+AEAD")
-        m_cipher = m_cipher.replace("GCM:+SHA384", "GCM:+AEAD")
+        m_cipher = re.sub(r"GCM\:\+SHA\d\d\d", "GCM:+AEAD", m_cipher)
 
     return m_cipher
-    
+
 def translate_ossl(m_cipher):
+    # Remove "TLS-"
+    # Remove "WITH"
     m_cipher = m_cipher[4:]
     m_cipher = m_cipher.replace("-WITH", "")
+
+    # Remove the "-" from "ABC-xyz"
     m_cipher = m_cipher.replace("AES-", "AES")
     m_cipher = m_cipher.replace("CAMELLIA-", "CAMELLIA")
     m_cipher = m_cipher.replace("ARIA-", "ARIA")
-        
-    m_cipher = m_cipher.replace("-EDE", "")
-
-    m_cipher = m_cipher.replace("3DES-CBC", "DES-CBC3")
-    try:
-        index = m_cipher.rindex("CBC")
-        if m_cipher[index-4:index-1] != "DES":
-            m_cipher = m_cipher.replace("CBC-", "")
-    except:
-        pass
 
+    # Remove "RSA" if it is at the beginning
     if m_cipher[:4] == "RSA-":
         m_cipher = m_cipher[4:]
 
+    # For all circumstances outside of PSK
+    if "PSK" not in m_cipher:
+        m_cipher = m_cipher.replace("-EDE", "")
+        m_cipher = m_cipher.replace("3DES-CBC", "DES-CBC3")
+
+        # Remove "CBC" if it is not prefixed by DES
+        if "CBC" in m_cipher:
+            index = m_cipher.rindex("CBC")
+            if m_cipher[index-4:index-1] != "DES":
+                m_cipher = m_cipher.replace("CBC-", "")
+
+    # ECDHE-RSA-ARIA does not exist in OpenSSL
     m_cipher = m_cipher.replace("ECDHE-RSA-ARIA", "ECDHE-ARIA")
 
-    try:
+    # POLY1305 should not be followed by anything
+    if "POLY1305" in m_cipher:
         index = m_cipher.rindex("POLY1305")
         m_cipher=m_cipher[:index+8]
-    except Exception as e:
-        pass#print(e)
+
+    # If DES is being used, Replace DHE with EDH
+    if "DES" in m_cipher and "DHE" in m_cipher and "ECDHE" not in m_cipher:
+        m_cipher = m_cipher.replace("DHE", "EDH")
 
     return m_cipher
-
-def test_all_common():
-    m_ciphers = [
-        "TLS-ECDHE-ECDSA-WITH-NULL-SHA",
-        "TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA",
-        "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA",
-        "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA",
-
-        "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256",
-        "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384",
-        "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256",
-        "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384",
-
-        "TLS-DHE-RSA-WITH-AES-128-CBC-SHA",
-        "TLS-DHE-RSA-WITH-AES-256-CBC-SHA",
-        "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA",
-        "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA",
-        "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA",
-        "TLS-RSA-WITH-AES-256-CBC-SHA",
-        "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA",
-        "TLS-RSA-WITH-AES-128-CBC-SHA",
-        "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA",
-        "TLS-RSA-WITH-3DES-EDE-CBC-SHA",
-        "TLS-RSA-WITH-NULL-MD5",
-        "TLS-RSA-WITH-NULL-SHA",
-
-        "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA",
-        "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA",
-        "TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA",
-        "TLS-ECDHE-RSA-WITH-NULL-SHA",
-
-        "TLS-RSA-WITH-AES-128-CBC-SHA256",
-        "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256",
-        "TLS-RSA-WITH-AES-256-CBC-SHA256",
-        "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256",
-        "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256",
-        "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384",
-        "TLS-RSA-WITH-AES-128-GCM-SHA256",
-        "TLS-RSA-WITH-AES-256-GCM-SHA384",
-        "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256",
-        "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384",
-        "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256",
-        "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384",
-                    
-        "TLS-PSK-WITH-3DES-EDE-CBC-SHA",
-        "TLS-PSK-WITH-AES-128-CBC-SHA",
-        "TLS-PSK-WITH-AES-256-CBC-SHA",
-    ]
-    g_ciphers = [
-        "+ECDHE-ECDSA:+NULL:+SHA1",
-        "+ECDHE-ECDSA:+3DES-CBC:+SHA1",
-        "+ECDHE-ECDSA:+AES-128-CBC:+SHA1",
-        "+ECDHE-ECDSA:+AES-256-CBC:+SHA1",
-
-        "+ECDHE-ECDSA:+AES-128-CBC:+SHA256",
-        "+ECDHE-ECDSA:+AES-256-CBC:+SHA384",
-        "+ECDHE-ECDSA:+AES-128-GCM:+AEAD",
-        "+ECDHE-ECDSA:+AES-256-GCM:+AEAD",
-                    
-        "+DHE-RSA:+AES-128-CBC:+SHA1",
-        "+DHE-RSA:+AES-256-CBC:+SHA1",
-        "+DHE-RSA:+CAMELLIA-128-CBC:+SHA1",
-        "+DHE-RSA:+CAMELLIA-256-CBC:+SHA1",
-        "+DHE-RSA:+3DES-CBC:+SHA1",
-        "+RSA:+AES-256-CBC:+SHA1",
-        "+RSA:+CAMELLIA-256-CBC:+SHA1",
-        "+RSA:+AES-128-CBC:+SHA1",
-        "+RSA:+CAMELLIA-128-CBC:+SHA1",
-        "+RSA:+3DES-CBC:+SHA1",
-        "+RSA:+NULL:+MD5",
-        "+RSA:+NULL:+SHA1",
-
-        "+ECDHE-RSA:+AES-128-CBC:+SHA1",
-        "+ECDHE-RSA:+AES-256-CBC:+SHA1",
-        "+ECDHE-RSA:+3DES-CBC:+SHA1",
-        "+ECDHE-RSA:+NULL:+SHA1",
-                    
-        "+RSA:+AES-128-CBC:+SHA256",
-        "+DHE-RSA:+AES-128-CBC:+SHA256",
-        "+RSA:+AES-256-CBC:+SHA256",
-        "+DHE-RSA:+AES-256-CBC:+SHA256",
-        "+ECDHE-RSA:+AES-128-CBC:+SHA256",
-        "+ECDHE-RSA:+AES-256-CBC:+SHA384",
-        "+RSA:+AES-128-GCM:+AEAD",
-        "+RSA:+AES-256-GCM:+AEAD",
-        "+DHE-RSA:+AES-128-GCM:+AEAD",
-        "+DHE-RSA:+AES-256-GCM:+AEAD",
-        "+ECDHE-RSA:+AES-128-GCM:+AEAD",
-        "+ECDHE-RSA:+AES-256-GCM:+AEAD",
-        
-        "+PSK:+3DES-CBC:+SHA1",
-        "+PSK:+AES-128-CBC:+SHA1",
-        "+PSK:+AES-256-CBC:+SHA1",
-    ]
-    o_ciphers = [
-        "ECDHE-ECDSA-NULL-SHA",
-        "ECDHE-ECDSA-DES-CBC3-SHA",
-        "ECDHE-ECDSA-AES128-SHA",
-        "ECDHE-ECDSA-AES256-SHA",
-
-        "ECDHE-ECDSA-AES128-SHA256",
-        "ECDHE-ECDSA-AES256-SHA384",
-        "ECDHE-ECDSA-AES128-GCM-SHA256",
-        "ECDHE-ECDSA-AES256-GCM-SHA384",
-
-        "DHE-RSA-AES128-SHA",
-        "DHE-RSA-AES256-SHA",
-        "DHE-RSA-CAMELLIA128-SHA",
-        "DHE-RSA-CAMELLIA256-SHA",
-        #"EDH-RSA-DES-CBC3-SHA",
-        "DHE-RSA-DES-CBC3-SHA",
-        "AES256-SHA",
-        "CAMELLIA256-SHA",
-        "AES128-SHA",
-        "CAMELLIA128-SHA",
-        "DES-CBC3-SHA",
-        "NULL-MD5",
-        "NULL-SHA",
-
-        "ECDHE-RSA-AES128-SHA",
-        "ECDHE-RSA-AES256-SHA",
-        "ECDHE-RSA-DES-CBC3-SHA",
-        "ECDHE-RSA-NULL-SHA",
-
-        #"NULL-SHA256",
-        "AES128-SHA256",
-        "DHE-RSA-AES128-SHA256",
-        "AES256-SHA256",
-        "DHE-RSA-AES256-SHA256",
-        "ECDHE-RSA-AES128-SHA256",
-        "ECDHE-RSA-AES256-SHA384",
-        "AES128-GCM-SHA256",
-        "AES256-GCM-SHA384",
-        "DHE-RSA-AES128-GCM-SHA256",
-        "DHE-RSA-AES256-GCM-SHA384",
-        "ECDHE-RSA-AES128-GCM-SHA256",
-        "ECDHE-RSA-AES256-GCM-SHA384",
-
-        #"PSK-3DES-EDE-CBC-SHA",
-        #"PSK-AES128-CBC-SHA",
-        #"PSK-AES256-CBC-SHA",
-
-        "PSK-DES-CBC3-SHA",
-        "PSK-AES128-SHA",
-        "PSK-AES256-SHA",
-    ]
-    
-    for i in range(len(m_ciphers)):
-
-        g = translate_gnu(m_ciphers[i])
-        if g!=g_ciphers[i]:
-            print("GNU", i)
-            print("new".ljust(10), g)
-            print("original".ljust(10), g_ciphers[i])
-        #    break
-
-        
-        o = translate_ossl(m_ciphers[i])
-        if o!=o_ciphers[i]:
-            print("OpenSSL", i)
-            print("new".ljust(10), o)
-            print("original".ljust(10), o_ciphers[i])
-        #    break
-        
-def test_mbed_ossl_common():
-    m_ciphers = [
-        "TLS-ECDH-ECDSA-WITH-NULL-SHA",
-        "TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA",
-        "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA",
-        "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA",
-
-        "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256",
-        "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384",
-        "TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256",
-        "TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384",
-        "TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384",
-        "TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256",
-        "TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256",
-
-        "TLS-RSA-WITH-DES-CBC-SHA",
-        "TLS-DHE-RSA-WITH-DES-CBC-SHA",
-
-        "TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384",
-        "TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384",
-        "TLS-RSA-WITH-ARIA-256-GCM-SHA384",
-        "TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256",
-        "TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256",
-        "TLS-RSA-WITH-ARIA-128-GCM-SHA256",
-        "TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
-        "TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
-
-        "TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384",
-        "TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256",
-        "TLS-PSK-WITH-ARIA-256-GCM-SHA384",
-        "TLS-PSK-WITH-ARIA-128-GCM-SHA256",
-        "TLS-PSK-WITH-CHACHA20-POLY1305-SHA256",
-        "TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256",
-        "TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256",
-    ]
-    o_ciphers = [
-        "ECDH-ECDSA-NULL-SHA",
-        "ECDH-ECDSA-DES-CBC3-SHA",
-        "ECDH-ECDSA-AES128-SHA",
-        "ECDH-ECDSA-AES256-SHA",
-
-        "ECDH-ECDSA-AES128-SHA256",
-        "ECDH-ECDSA-AES256-SHA384",
-        "ECDH-ECDSA-AES128-GCM-SHA256",
-        "ECDH-ECDSA-AES256-GCM-SHA384",
-        "ECDHE-ECDSA-ARIA256-GCM-SHA384",
-        "ECDHE-ECDSA-ARIA128-GCM-SHA256",
-        "ECDHE-ECDSA-CHACHA20-POLY1305",
-
-        "DES-CBC-SHA",
-        #"EDH-RSA-DES-CBC-SHA",
-        "DHE-RSA-DES-CBC-SHA",
-
-        "ECDHE-ARIA256-GCM-SHA384",
-        "DHE-RSA-ARIA256-GCM-SHA384",
-        "ARIA256-GCM-SHA384",
-        "ECDHE-ARIA128-GCM-SHA256",
-        "DHE-RSA-ARIA128-GCM-SHA256",
-        "ARIA128-GCM-SHA256",
-        "DHE-RSA-CHACHA20-POLY1305",
-        "ECDHE-RSA-CHACHA20-POLY1305",
-
-        "DHE-PSK-ARIA256-GCM-SHA384",
-        "DHE-PSK-ARIA128-GCM-SHA256",
-        "PSK-ARIA256-GCM-SHA384",
-        "PSK-ARIA128-GCM-SHA256",
-        "PSK-CHACHA20-POLY1305",
-        "ECDHE-PSK-CHACHA20-POLY1305",
-        "DHE-PSK-CHACHA20-POLY1305",
-    ]
-
-    for i in range(len(m_ciphers)):
-
-        o = translate_ossl(m_ciphers[i])
-        if o!=o_ciphers[i]:
-            print("OpenSSL", i)
-            print("new".ljust(10), o)
-            print("original".ljust(10), o_ciphers[i])
-        #    break
-
-def test_mbed_gnu_common():
-    m_ciphers = [
-        "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
-        "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
-        "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256",
-        "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384",
-        "TLS-ECDHE-ECDSA-WITH-AES-128-CCM",
-        "TLS-ECDHE-ECDSA-WITH-AES-256-CCM",
-        "TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8",
-        "TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8",
-
-        "TLS-RSA-WITH-NULL-SHA256",
-
-        "TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
-        "TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384",
-        "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256",
-        "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256",
-        "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
-        "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256",
-        "TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
-        "TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
-        "TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
-        "TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
-        "TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256",
-        "TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384",
-        "TLS-RSA-WITH-AES-128-CCM",
-        "TLS-RSA-WITH-AES-256-CCM",
-        "TLS-DHE-RSA-WITH-AES-128-CCM",
-        "TLS-DHE-RSA-WITH-AES-256-CCM",
-        "TLS-RSA-WITH-AES-128-CCM-8",
-        "TLS-RSA-WITH-AES-256-CCM-8",
-        "TLS-DHE-RSA-WITH-AES-128-CCM-8",
-        "TLS-DHE-RSA-WITH-AES-256-CCM-8",                    
-
-        "TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA",
-        "TLS-DHE-PSK-WITH-AES-128-CBC-SHA",
-        "TLS-DHE-PSK-WITH-AES-256-CBC-SHA",
-
-        "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA",
-        "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA",
-        "TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA",
-        "TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA",
-        "TLS-RSA-PSK-WITH-AES-256-CBC-SHA",
-        "TLS-RSA-PSK-WITH-AES-128-CBC-SHA",
-
-        "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384",
-        "TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
-        "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256",
-        "TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
-        "TLS-ECDHE-PSK-WITH-NULL-SHA384",
-        "TLS-ECDHE-PSK-WITH-NULL-SHA256",
-        "TLS-PSK-WITH-AES-128-CBC-SHA256",
-        "TLS-PSK-WITH-AES-256-CBC-SHA384",
-        "TLS-DHE-PSK-WITH-AES-128-CBC-SHA256",
-        "TLS-DHE-PSK-WITH-AES-256-CBC-SHA384",
-        "TLS-PSK-WITH-NULL-SHA256",
-        "TLS-PSK-WITH-NULL-SHA384",
-        "TLS-DHE-PSK-WITH-NULL-SHA256",
-        "TLS-DHE-PSK-WITH-NULL-SHA384",
-        "TLS-RSA-PSK-WITH-AES-256-CBC-SHA384",
-        "TLS-RSA-PSK-WITH-AES-128-CBC-SHA256",
-        "TLS-RSA-PSK-WITH-NULL-SHA256",
-        "TLS-RSA-PSK-WITH-NULL-SHA384",
-        "TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
-        "TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
-        "TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256",
-        "TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384",
-        "TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384",
-        "TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256",
-        "TLS-PSK-WITH-AES-128-GCM-SHA256",
-        "TLS-PSK-WITH-AES-256-GCM-SHA384",
-        "TLS-DHE-PSK-WITH-AES-128-GCM-SHA256",
-        "TLS-DHE-PSK-WITH-AES-256-GCM-SHA384",
-        "TLS-PSK-WITH-AES-128-CCM",
-        "TLS-PSK-WITH-AES-256-CCM",
-        "TLS-DHE-PSK-WITH-AES-128-CCM",
-        "TLS-DHE-PSK-WITH-AES-256-CCM",
-        "TLS-PSK-WITH-AES-128-CCM-8",
-        "TLS-PSK-WITH-AES-256-CCM-8",
-        "TLS-DHE-PSK-WITH-AES-128-CCM-8",
-        "TLS-DHE-PSK-WITH-AES-256-CCM-8",
-        "TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256",
-        "TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384",
-        "TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256",
-        "TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384",
-        "TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256",
-        "TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384",
-        "TLS-RSA-PSK-WITH-AES-256-GCM-SHA384",
-        "TLS-RSA-PSK-WITH-AES-128-GCM-SHA256",
-    ]
-    g_ciphers = [
-        "+ECDHE-ECDSA:+CAMELLIA-128-CBC:+SHA256",
-        "+ECDHE-ECDSA:+CAMELLIA-256-CBC:+SHA384",
-        "+ECDHE-ECDSA:+CAMELLIA-128-GCM:+AEAD",
-        "+ECDHE-ECDSA:+CAMELLIA-256-GCM:+AEAD",
-        "+ECDHE-ECDSA:+AES-128-CCM:+AEAD",
-        "+ECDHE-ECDSA:+AES-256-CCM:+AEAD",
-        "+ECDHE-ECDSA:+AES-128-CCM-8:+AEAD",
-        "+ECDHE-ECDSA:+AES-256-CCM-8:+AEAD",
-
-        "+RSA:+NULL:+SHA256",
-
-        "+ECDHE-RSA:+CAMELLIA-128-CBC:+SHA256",
-        "+ECDHE-RSA:+CAMELLIA-256-CBC:+SHA384",
-        "+RSA:+CAMELLIA-128-CBC:+SHA256",
-        "+RSA:+CAMELLIA-256-CBC:+SHA256",
-        "+DHE-RSA:+CAMELLIA-128-CBC:+SHA256",
-        "+DHE-RSA:+CAMELLIA-256-CBC:+SHA256",
-        "+ECDHE-RSA:+CAMELLIA-128-GCM:+AEAD",
-        "+ECDHE-RSA:+CAMELLIA-256-GCM:+AEAD",
-        "+DHE-RSA:+CAMELLIA-128-GCM:+AEAD",
-        "+DHE-RSA:+CAMELLIA-256-GCM:+AEAD",
-        "+RSA:+CAMELLIA-128-GCM:+AEAD",
-        "+RSA:+CAMELLIA-256-GCM:+AEAD",
-        "+RSA:+AES-128-CCM:+AEAD",
-        "+RSA:+AES-256-CCM:+AEAD",
-        "+DHE-RSA:+AES-128-CCM:+AEAD",
-        "+DHE-RSA:+AES-256-CCM:+AEAD",
-        "+RSA:+AES-128-CCM-8:+AEAD",
-        "+RSA:+AES-256-CCM-8:+AEAD",
-        "+DHE-RSA:+AES-128-CCM-8:+AEAD",
-        "+DHE-RSA:+AES-256-CCM-8:+AEAD",
-        
-        "+DHE-PSK:+3DES-CBC:+SHA1",
-        "+DHE-PSK:+AES-128-CBC:+SHA1",
-        "+DHE-PSK:+AES-256-CBC:+SHA1",
-
-        "+ECDHE-PSK:+AES-256-CBC:+SHA1",
-        "+ECDHE-PSK:+AES-128-CBC:+SHA1",
-        "+ECDHE-PSK:+3DES-CBC:+SHA1",
-        "+RSA-PSK:+3DES-CBC:+SHA1",
-        "+RSA-PSK:+AES-256-CBC:+SHA1",
-        "+RSA-PSK:+AES-128-CBC:+SHA1",
-        
-        "+ECDHE-PSK:+AES-256-CBC:+SHA384",
-        "+ECDHE-PSK:+CAMELLIA-256-CBC:+SHA384",
-        "+ECDHE-PSK:+AES-128-CBC:+SHA256",
-        "+ECDHE-PSK:+CAMELLIA-128-CBC:+SHA256",
-        "+ECDHE-PSK:+NULL:+SHA384",
-        "+ECDHE-PSK:+NULL:+SHA256",
-        "+PSK:+AES-128-CBC:+SHA256",
-        "+PSK:+AES-256-CBC:+SHA384",
-        "+DHE-PSK:+AES-128-CBC:+SHA256",
-        "+DHE-PSK:+AES-256-CBC:+SHA384",
-        "+PSK:+NULL:+SHA256",
-        "+PSK:+NULL:+SHA384",
-        "+DHE-PSK:+NULL:+SHA256",
-        "+DHE-PSK:+NULL:+SHA384",
-        "+RSA-PSK:+AES-256-CBC:+SHA384",
-        "+RSA-PSK:+AES-128-CBC:+SHA256",
-        "+RSA-PSK:+NULL:+SHA256",
-        "+RSA-PSK:+NULL:+SHA384",
-        "+DHE-PSK:+CAMELLIA-128-CBC:+SHA256",
-        "+DHE-PSK:+CAMELLIA-256-CBC:+SHA384",
-        "+PSK:+CAMELLIA-128-CBC:+SHA256",
-        "+PSK:+CAMELLIA-256-CBC:+SHA384",
-        "+RSA-PSK:+CAMELLIA-256-CBC:+SHA384",
-        "+RSA-PSK:+CAMELLIA-128-CBC:+SHA256",
-        "+PSK:+AES-128-GCM:+AEAD",
-        "+PSK:+AES-256-GCM:+AEAD",
-        "+DHE-PSK:+AES-128-GCM:+AEAD",
-        "+DHE-PSK:+AES-256-GCM:+AEAD",
-        "+PSK:+AES-128-CCM:+AEAD",
-        "+PSK:+AES-256-CCM:+AEAD",
-        "+DHE-PSK:+AES-128-CCM:+AEAD",
-        "+DHE-PSK:+AES-256-CCM:+AEAD",
-        "+PSK:+AES-128-CCM-8:+AEAD",
-        "+PSK:+AES-256-CCM-8:+AEAD",
-        "+DHE-PSK:+AES-128-CCM-8:+AEAD",
-        "+DHE-PSK:+AES-256-CCM-8:+AEAD",
-        "+RSA-PSK:+CAMELLIA-128-GCM:+AEAD",
-        "+RSA-PSK:+CAMELLIA-256-GCM:+AEAD",
-        "+PSK:+CAMELLIA-128-GCM:+AEAD",
-        "+PSK:+CAMELLIA-256-GCM:+AEAD",
-        "+DHE-PSK:+CAMELLIA-128-GCM:+AEAD",
-        "+DHE-PSK:+CAMELLIA-256-GCM:+AEAD",
-        "+RSA-PSK:+AES-256-GCM:+AEAD",
-        "+RSA-PSK:+AES-128-GCM:+AEAD",
-    ]
-
-    for i in range(len(m_ciphers)):
-
-        g = translate_gnu(m_ciphers[i])
-        if g!=g_ciphers[i]:
-            print("GNU", i)
-            print("new".ljust(10), g)
-            print("original".ljust(10), g_ciphers[i])
-        #    break
-
-test_all_common()
-test_mbed_ossl_common()
-test_mbed_gnu_common()
\ No newline at end of file

From 97cd599545087b5fc7a4d551be6301ac6e1d881e Mon Sep 17 00:00:00 2001
From: Joe Subbiani <joe.subbiani@arm.com>
Date: Thu, 22 Jul 2021 16:08:29 +0100
Subject: [PATCH 384/966] Implement bash script for testing

Added formatting functions to translate_ciphersuite.py to take a string
of multiple ciphersuite names, in the current compat.sh and output the
translated ciphersuite names in the same format

Created test_translate.sh which uses samples from compat.sh to compare
against the translated versions to ensure the translations are produced
in the correct format

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
---
 test_translate.py    |   0
 test_translate.sh    | 113 +++++++++++++++++++++++++++++++++++++++++++
 translate_ciphers.py |  32 ++++++++++++
 3 files changed, 145 insertions(+)
 mode change 100644 => 100755 test_translate.py
 create mode 100755 test_translate.sh
 mode change 100644 => 100755 translate_ciphers.py

diff --git a/test_translate.py b/test_translate.py
old mode 100644
new mode 100755
diff --git a/test_translate.sh b/test_translate.sh
new file mode 100755
index 0000000000..43b7ff4e39
--- /dev/null
+++ b/test_translate.sh
@@ -0,0 +1,113 @@
+#!/bin/sh
+
+# Ciphers that will use translate_ciphers.py
+M_CIPHERS=""
+O_CIPHERS=""
+G_CIPHERS=""
+
+# Ciphers taken directly from compat.sh
+Mt_CIPHERS=""
+Ot_CIPHERS=""
+Gt_CIPHERS=""
+
+# Initial list to be split into 3
+CIPHERS="TLS-ECDHE-ECDSA-WITH-NULL-SHA      \
+    TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA   \
+    TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA    \
+    TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA    \
+    "
+
+M_CIPHERS="$M_CIPHERS                       \
+           $CIPHERS"
+                
+G=`python3 translate_ciphers.py g "$CIPHERS"`
+G_CIPHERS="$G_CIPHERS                       \
+           $G"
+
+O=`python3 translate_ciphers.py o "$CIPHERS"`
+O_CIPHERS="$O_CIPHERS                       \
+           $O"
+
+Mt_CIPHERS="$Mt_CIPHERS                       \
+    TLS-ECDHE-ECDSA-WITH-NULL-SHA           \
+    TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA   \
+    TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA    \
+    TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA    \
+    "
+Gt_CIPHERS="$Gt_CIPHERS                       \
+    +ECDHE-ECDSA:+NULL:+SHA1                \
+    +ECDHE-ECDSA:+3DES-CBC:+SHA1            \
+    +ECDHE-ECDSA:+AES-128-CBC:+SHA1         \
+    +ECDHE-ECDSA:+AES-256-CBC:+SHA1         \
+    "
+Ot_CIPHERS="$Ot_CIPHERS               \
+    ECDHE-ECDSA-NULL-SHA            \
+    ECDHE-ECDSA-DES-CBC3-SHA        \
+    ECDHE-ECDSA-AES128-SHA          \
+    ECDHE-ECDSA-AES256-SHA          \
+    "
+
+
+# Initial list to be split into 3
+CIPHERS="TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256         \
+          TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384         \
+          TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256         \
+          TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384         \
+         "
+
+M_CIPHERS="$M_CIPHERS                       \
+           $CIPHERS"
+
+G=`python3 translate_ciphers.py g "$CIPHERS"`
+G_CIPHERS="$G_CIPHERS                       \
+           $G"
+
+O=`python3 translate_ciphers.py o "$CIPHERS"`
+O_CIPHERS="$O_CIPHERS                       \
+           $O"
+
+Mt_CIPHERS="$Mt_CIPHERS                               \
+    TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256         \
+    TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384         \
+    TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256         \
+    TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384         \
+    "
+Gt_CIPHERS="$Gt_CIPHERS                               \
+    +ECDHE-ECDSA:+AES-128-CBC:+SHA256               \
+    +ECDHE-ECDSA:+AES-256-CBC:+SHA384               \
+    +ECDHE-ECDSA:+AES-128-GCM:+AEAD                 \
+    +ECDHE-ECDSA:+AES-256-GCM:+AEAD                 \
+    "
+Ot_CIPHERS="$Ot_CIPHERS               \
+    ECDHE-ECDSA-AES128-SHA256       \
+    ECDHE-ECDSA-AES256-SHA384       \
+    ECDHE-ECDSA-AES128-GCM-SHA256   \
+    ECDHE-ECDSA-AES256-GCM-SHA384   \
+    "
+
+# Normalise spacing
+M_CIPHERS=$( echo "$M_CIPHERS" | sed -e 's/[[:space:]][[:space:]]*/ /g' -e 's/^ //' -e 's/ $//')
+G_CIPHERS=$( echo "$G_CIPHERS" | sed -e 's/[[:space:]][[:space:]]*/ /g' -e 's/^ //' -e 's/ $//')
+O_CIPHERS=$( echo "$O_CIPHERS" | sed -e 's/[[:space:]][[:space:]]*/ /g' -e 's/^ //' -e 's/ $//')
+
+Mt_CIPHERS=$( echo "$Mt_CIPHERS" | sed -e 's/[[:space:]][[:space:]]*/ /g' -e 's/^ //' -e 's/ $//')
+Gt_CIPHERS=$( echo "$Gt_CIPHERS" | sed -e 's/[[:space:]][[:space:]]*/ /g' -e 's/^ //' -e 's/ $//')
+Ot_CIPHERS=$( echo "$Ot_CIPHERS" | sed -e 's/[[:space:]][[:space:]]*/ /g' -e 's/^ //' -e 's/ $//')
+
+# Compare the compat.sh names with the translated names
+# Upon fail, print them to view the differences
+if [ "$Mt_CIPHERS" != "$M_CIPHERS" ]
+then
+    echo "MBED Translated:   $M_CIPHERS"
+    echo "MBED Original:     $Mt_CIPHERS"
+fi
+if [ "$Gt_CIPHERS" != "$G_CIPHERS" ]
+then
+    echo "GNU Translated:    $G_CIPHERS"
+    echo "GNU Original:      $Gt_CIPHERS"
+fi
+if [ "$Ot_CIPHERS" != "$O_CIPHERS" ]
+then
+    echo "OpenSSL Translated: $O_CIPHERS"
+    echo "OpenSSL Original:   $Ot_CIPHERS"
+fi
\ No newline at end of file
diff --git a/translate_ciphers.py b/translate_ciphers.py
old mode 100644
new mode 100755
index e17d41c75b..b9a2d53747
--- a/translate_ciphers.py
+++ b/translate_ciphers.py
@@ -1,4 +1,5 @@
 import re
+import sys
 
 def translate_gnu(m_cipher):
     # Remove "TLS-"
@@ -64,3 +65,34 @@ def translate_ossl(m_cipher):
         m_cipher = m_cipher.replace("DHE", "EDH")
 
     return m_cipher
+
+def format_g(m_ciphers):
+    #ciphers = (re.findall(r"TLS-.+\s*\\", m_ciphers))
+    m_ciphers = m_ciphers.split()
+    g_ciphers = []
+    for i in m_ciphers:
+        g_ciphers.append(translate_gnu(i))
+    return " ".join(g_ciphers)
+
+def format_o(m_ciphers):
+    m_ciphers = m_ciphers.split()
+    o_ciphers = []
+    for i in m_ciphers:
+        o_ciphers.append(translate_ossl(i))
+    return " ".join(o_ciphers)
+
+def main():
+    # print command line arguments
+    if len(sys.argv) <= 2:
+        exit(1)
+    if sys.argv[1] == "g":
+        print(format_g(sys.argv[2]))
+        exit(0)
+    elif sys.argv[1] == "o":
+        print(format_o(sys.argv[2]))
+        exit(0)
+    else: 
+        exit(1)
+
+if __name__ == "__main__":
+    main()
\ No newline at end of file

From 29239b00a672564e39221905d5063c5f5f9815b6 Mon Sep 17 00:00:00 2001
From: Joe Subbiani <joe.subbiani@arm.com>
Date: Thu, 22 Jul 2021 17:33:59 +0100
Subject: [PATCH 385/966] Move translate scripts to test directory

To be used by compat.sh, the files were moved to the same directory.
The files were also renamed to be distinguishable aside from their
file extensions

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
---
 test_translate.sh => tests/test_translate_format.sh | 0
 test_translate.py => tests/test_translate_names.py  | 0
 translate_ciphers.py => tests/translate_ciphers.py  | 0
 3 files changed, 0 insertions(+), 0 deletions(-)
 rename test_translate.sh => tests/test_translate_format.sh (100%)
 rename test_translate.py => tests/test_translate_names.py (100%)
 rename translate_ciphers.py => tests/translate_ciphers.py (100%)

diff --git a/test_translate.sh b/tests/test_translate_format.sh
similarity index 100%
rename from test_translate.sh
rename to tests/test_translate_format.sh
diff --git a/test_translate.py b/tests/test_translate_names.py
similarity index 100%
rename from test_translate.py
rename to tests/test_translate_names.py
diff --git a/translate_ciphers.py b/tests/translate_ciphers.py
similarity index 100%
rename from translate_ciphers.py
rename to tests/translate_ciphers.py

From a16ccac1d9a8a8c16d2f74e0d16f83463e0faab5 Mon Sep 17 00:00:00 2001
From: Joe Subbiani <joe.subbiani@arm.com>
Date: Thu, 22 Jul 2021 18:52:17 +0100
Subject: [PATCH 386/966] Format files and add license comment

Changes to pass tests/scripts/check_files.py
-Add missing new line at end of each file
-Remove any trailing whitespaces
-Added file shebang comments

Added license info and purpose of file descriptions. The 2 test_translate...
files may not be stay later down the line, but incase they do become
permanent, it is good to add the appropriate comments now.

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
---
 tests/test_translate_format.sh | 33 ++++++++++++++++++++++++++++++--
 tests/test_translate_names.py  | 27 ++++++++++++++++++++++++--
 tests/translate_ciphers.py     | 35 ++++++++++++++++++++++++++++++++--
 3 files changed, 89 insertions(+), 6 deletions(-)

diff --git a/tests/test_translate_format.sh b/tests/test_translate_format.sh
index 43b7ff4e39..55d8a8a8e8 100755
--- a/tests/test_translate_format.sh
+++ b/tests/test_translate_format.sh
@@ -1,5 +1,34 @@
 #!/bin/sh
 
+# test_translate_format.sh
+#
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# Purpose
+#
+# Test translate_ciphers.py formatting by comparing the translated
+# ciphersuite names to the true names. As in compat.sh, the spaces between
+# the ciphersuite names are normalised.
+#
+# On fail, the translated cipher suite names do not match the correct ones.
+# In this case the difference will be printed in stdout.
+#
+# This files main purpose is to ensure translate_ciphers.py can take strings
+# in the expected format and return them in the format compat.sh will expect.
+
 # Ciphers that will use translate_ciphers.py
 M_CIPHERS=""
 O_CIPHERS=""
@@ -19,7 +48,7 @@ CIPHERS="TLS-ECDHE-ECDSA-WITH-NULL-SHA      \
 
 M_CIPHERS="$M_CIPHERS                       \
            $CIPHERS"
-                
+
 G=`python3 translate_ciphers.py g "$CIPHERS"`
 G_CIPHERS="$G_CIPHERS                       \
            $G"
@@ -110,4 +139,4 @@ if [ "$Ot_CIPHERS" != "$O_CIPHERS" ]
 then
     echo "OpenSSL Translated: $O_CIPHERS"
     echo "OpenSSL Original:   $Ot_CIPHERS"
-fi
\ No newline at end of file
+fi
diff --git a/tests/test_translate_names.py b/tests/test_translate_names.py
index 9de283059c..d018c10916 100755
--- a/tests/test_translate_names.py
+++ b/tests/test_translate_names.py
@@ -1,3 +1,28 @@
+#!/usr/bin/env python3
+
+# test_translate_names.py
+#
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# Purpose
+#
+# Test translate_ciphers.py by running every MBedTLS ciphersuite name
+# combination through the translate functions and comparing them to their
+# correct GNU or OpenSSL counterpart.
+
 from translate_ciphers import *
 
 def assert_equal(translate, original):
@@ -235,7 +260,6 @@ def test_mbed_ossl_common():
         o = translate_ossl(m_ciphers[i])
         assert_equal(o, o_ciphers[i])
 
-        
 def test_mbed_gnu_common():
     m_ciphers = [
         "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
@@ -420,7 +444,6 @@ def test_mbed_gnu_common():
 
         g = translate_gnu(m_ciphers[i])
         assert_equal(g, g_ciphers[i])
-        
 
 test_all_common()
 test_mbed_ossl_common()
diff --git a/tests/translate_ciphers.py b/tests/translate_ciphers.py
index b9a2d53747..07affb290d 100755
--- a/tests/translate_ciphers.py
+++ b/tests/translate_ciphers.py
@@ -1,3 +1,34 @@
+#!/usr/bin/env python3
+
+# translate_ciphers.py
+#
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# Purpose
+#
+# Translate ciphersuite names in MBedTLS format to OpenSSL and GNU
+# standards.
+#
+# Format and analyse strings past in via input arguments to match
+# the expected strings utilised in compat.sh.
+#
+# sys.argv[1] should be "g" or "o" for GNU or OpenSSL.
+# sys.argv[2] should be a string containing one or more
+# ciphersuite names.
+
 import re
 import sys
 
@@ -91,8 +122,8 @@ def main():
     elif sys.argv[1] == "o":
         print(format_o(sys.argv[2]))
         exit(0)
-    else: 
+    else:
         exit(1)
 
 if __name__ == "__main__":
-    main()
\ No newline at end of file
+    main()

From 15d7124661e79a87f389be39fc21524fa0f30cc3 Mon Sep 17 00:00:00 2001
From: Joe Subbiani <joe.subbiani@arm.com>
Date: Mon, 26 Jul 2021 12:20:00 +0100
Subject: [PATCH 387/966] Replace lists with calls to translate_ciphersuite.py

Replace the OpenSSL $O_CIPHERS and GNU $G_CIPHERS declarations
with calls to translate_ciphersuite.py

Declared a new variable for each sublist $CIPHERS which is appended
to MBedTLS $M_CIPHERS and translated+appended to the OpenSSL and GNU
lists.

Fixes #4674

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
---
 tests/compat.sh                | 391 ++++++++++-----------------------
 tests/test_translate_format.sh |  18 +-
 2 files changed, 120 insertions(+), 289 deletions(-)

diff --git a/tests/compat.sh b/tests/compat.sh
index c2bef26121..04b4dd521c 100755
--- a/tests/compat.sh
+++ b/tests/compat.sh
@@ -246,51 +246,38 @@ add_common_ciphersuites()
         "ECDSA")
             if [ `minor_ver "$MODE"` -gt 0 ]
             then
-                M_CIPHERS="$M_CIPHERS                       \
-                    TLS-ECDHE-ECDSA-WITH-NULL-SHA           \
+                CIPHERS="TLS-ECDHE-ECDSA-WITH-NULL-SHA      \
                     TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA   \
                     TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA    \
                     TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA    \
                     "
-                G_CIPHERS="$G_CIPHERS                       \
-                    +ECDHE-ECDSA:+NULL:+SHA1                \
-                    +ECDHE-ECDSA:+3DES-CBC:+SHA1            \
-                    +ECDHE-ECDSA:+AES-128-CBC:+SHA1         \
-                    +ECDHE-ECDSA:+AES-256-CBC:+SHA1         \
-                    "
-                O_CIPHERS="$O_CIPHERS               \
-                    ECDHE-ECDSA-NULL-SHA            \
-                    ECDHE-ECDSA-DES-CBC3-SHA        \
-                    ECDHE-ECDSA-AES128-SHA          \
-                    ECDHE-ECDSA-AES256-SHA          \
-                    "
+                M_CIPHERS="$M_CIPHERS $CIPHERS"
+
+                G=`python3 translate_ciphers.py g "$CIPHERS"`
+                G_CIPHERS="$G_CIPHERS $G"
+
+                O=`python3 translate_ciphers.py o "$CIPHERS"`
+                O_CIPHERS="$O_CIPHERS $O"
             fi
             if [ `minor_ver "$MODE"` -ge 3 ]
             then
-                M_CIPHERS="$M_CIPHERS                               \
-                    TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256         \
+                CIPHERS="TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256    \
                     TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384         \
                     TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256         \
                     TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384         \
                     "
-                G_CIPHERS="$G_CIPHERS                               \
-                    +ECDHE-ECDSA:+AES-128-CBC:+SHA256               \
-                    +ECDHE-ECDSA:+AES-256-CBC:+SHA384               \
-                    +ECDHE-ECDSA:+AES-128-GCM:+AEAD                 \
-                    +ECDHE-ECDSA:+AES-256-GCM:+AEAD                 \
-                    "
-                O_CIPHERS="$O_CIPHERS               \
-                    ECDHE-ECDSA-AES128-SHA256       \
-                    ECDHE-ECDSA-AES256-SHA384       \
-                    ECDHE-ECDSA-AES128-GCM-SHA256   \
-                    ECDHE-ECDSA-AES256-GCM-SHA384   \
-                    "
+                M_CIPHERS="$M_CIPHERS $CIPHERS"
+
+                G=`python3 translate_ciphers.py g "$CIPHERS"`
+                G_CIPHERS="$G_CIPHERS $G"
+
+                O=`python3 translate_ciphers.py o "$CIPHERS"`
+                O_CIPHERS="$O_CIPHERS $O"
             fi
             ;;
 
         "RSA")
-            M_CIPHERS="$M_CIPHERS                       \
-                TLS-DHE-RSA-WITH-AES-128-CBC-SHA        \
+            CIPHERS="TLS-DHE-RSA-WITH-AES-128-CBC-SHA        \
                 TLS-DHE-RSA-WITH-AES-256-CBC-SHA        \
                 TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA   \
                 TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA   \
@@ -303,59 +290,32 @@ add_common_ciphersuites()
                 TLS-RSA-WITH-NULL-MD5                   \
                 TLS-RSA-WITH-NULL-SHA                   \
                 "
-            G_CIPHERS="$G_CIPHERS                       \
-                +DHE-RSA:+AES-128-CBC:+SHA1             \
-                +DHE-RSA:+AES-256-CBC:+SHA1             \
-                +DHE-RSA:+CAMELLIA-128-CBC:+SHA1        \
-                +DHE-RSA:+CAMELLIA-256-CBC:+SHA1        \
-                +DHE-RSA:+3DES-CBC:+SHA1                \
-                +RSA:+AES-256-CBC:+SHA1                 \
-                +RSA:+CAMELLIA-256-CBC:+SHA1            \
-                +RSA:+AES-128-CBC:+SHA1                 \
-                +RSA:+CAMELLIA-128-CBC:+SHA1            \
-                +RSA:+3DES-CBC:+SHA1                    \
-                +RSA:+NULL:+MD5                         \
-                +RSA:+NULL:+SHA1                        \
-                "
-            O_CIPHERS="$O_CIPHERS               \
-                DHE-RSA-AES128-SHA              \
-                DHE-RSA-AES256-SHA              \
-                DHE-RSA-CAMELLIA128-SHA         \
-                DHE-RSA-CAMELLIA256-SHA         \
-                EDH-RSA-DES-CBC3-SHA            \
-                AES256-SHA                      \
-                CAMELLIA256-SHA                 \
-                AES128-SHA                      \
-                CAMELLIA128-SHA                 \
-                DES-CBC3-SHA                    \
-                NULL-MD5                        \
-                NULL-SHA                        \
-                "
+            M_CIPHERS="$M_CIPHERS $CIPHERS"
+
+            G=`python3 translate_ciphers.py g "$CIPHERS"`
+            G_CIPHERS="$G_CIPHERS $G"
+
+            O=`python3 translate_ciphers.py o "$CIPHERS"`
+            O_CIPHERS="$O_CIPHERS $O"
+
             if [ `minor_ver "$MODE"` -gt 0 ]
             then
-                M_CIPHERS="$M_CIPHERS                       \
-                    TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA      \
+                CIPHERS="TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA \
                     TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA      \
                     TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA     \
                     TLS-ECDHE-RSA-WITH-NULL-SHA             \
                     "
-                G_CIPHERS="$G_CIPHERS                       \
-                    +ECDHE-RSA:+AES-128-CBC:+SHA1           \
-                    +ECDHE-RSA:+AES-256-CBC:+SHA1           \
-                    +ECDHE-RSA:+3DES-CBC:+SHA1              \
-                    +ECDHE-RSA:+NULL:+SHA1                  \
-                    "
-                O_CIPHERS="$O_CIPHERS               \
-                    ECDHE-RSA-AES256-SHA            \
-                    ECDHE-RSA-AES128-SHA            \
-                    ECDHE-RSA-DES-CBC3-SHA          \
-                    ECDHE-RSA-NULL-SHA              \
-                    "
+                M_CIPHERS="$M_CIPHERS $CIPHERS"
+
+                G=`python3 translate_ciphers.py g "$CIPHERS"`
+                G_CIPHERS="$G_CIPHERS $G"
+
+                O=`python3 translate_ciphers.py o "$CIPHERS"`
+                O_CIPHERS="$O_CIPHERS $O"
             fi
             if [ `minor_ver "$MODE"` -ge 3 ]
             then
-                M_CIPHERS="$M_CIPHERS                       \
-                    TLS-RSA-WITH-AES-128-CBC-SHA256         \
+                CIPHERS="TLS-RSA-WITH-AES-128-CBC-SHA256    \
                     TLS-DHE-RSA-WITH-AES-128-CBC-SHA256     \
                     TLS-RSA-WITH-AES-256-CBC-SHA256         \
                     TLS-DHE-RSA-WITH-AES-256-CBC-SHA256     \
@@ -368,54 +328,28 @@ add_common_ciphersuites()
                     TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256   \
                     TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384   \
                     "
-                G_CIPHERS="$G_CIPHERS                       \
-                    +RSA:+AES-128-CBC:+SHA256               \
-                    +DHE-RSA:+AES-128-CBC:+SHA256           \
-                    +RSA:+AES-256-CBC:+SHA256               \
-                    +DHE-RSA:+AES-256-CBC:+SHA256           \
-                    +ECDHE-RSA:+AES-128-CBC:+SHA256         \
-                    +ECDHE-RSA:+AES-256-CBC:+SHA384         \
-                    +RSA:+AES-128-GCM:+AEAD                 \
-                    +RSA:+AES-256-GCM:+AEAD                 \
-                    +DHE-RSA:+AES-128-GCM:+AEAD             \
-                    +DHE-RSA:+AES-256-GCM:+AEAD             \
-                    +ECDHE-RSA:+AES-128-GCM:+AEAD           \
-                    +ECDHE-RSA:+AES-256-GCM:+AEAD           \
-                    "
-                O_CIPHERS="$O_CIPHERS           \
-                    NULL-SHA256                 \
-                    AES128-SHA256               \
-                    DHE-RSA-AES128-SHA256       \
-                    AES256-SHA256               \
-                    DHE-RSA-AES256-SHA256       \
-                    ECDHE-RSA-AES128-SHA256     \
-                    ECDHE-RSA-AES256-SHA384     \
-                    AES128-GCM-SHA256           \
-                    DHE-RSA-AES128-GCM-SHA256   \
-                    AES256-GCM-SHA384           \
-                    DHE-RSA-AES256-GCM-SHA384   \
-                    ECDHE-RSA-AES128-GCM-SHA256 \
-                    ECDHE-RSA-AES256-GCM-SHA384 \
-                    "
+                M_CIPHERS="$M_CIPHERS $CIPHERS"
+
+                G=`python3 translate_ciphers.py g "$CIPHERS"`
+                G_CIPHERS="$G_CIPHERS $G"
+
+                O=`python3 translate_ciphers.py o "$CIPHERS"`
+                O_CIPHERS="$O_CIPHERS NULL-SHA256  $O"
             fi
             ;;
 
         "PSK")
-            M_CIPHERS="$M_CIPHERS                       \
-                TLS-PSK-WITH-3DES-EDE-CBC-SHA           \
+            CIPHERS="TLS-PSK-WITH-3DES-EDE-CBC-SH       \
                 TLS-PSK-WITH-AES-128-CBC-SHA            \
                 TLS-PSK-WITH-AES-256-CBC-SHA            \
                 "
-            G_CIPHERS="$G_CIPHERS                       \
-                +PSK:+3DES-CBC:+SHA1                    \
-                +PSK:+AES-128-CBC:+SHA1                 \
-                +PSK:+AES-256-CBC:+SHA1                 \
-                "
-            O_CIPHERS="$O_CIPHERS               \
-                PSK-3DES-EDE-CBC-SHA            \
-                PSK-AES128-CBC-SHA              \
-                PSK-AES256-CBC-SHA              \
-                "
+            M_CIPHERS="$M_CIPHERS $CIPHERS"
+
+            G=`python3 translate_ciphers.py g "$CIPHERS"`
+            G_CIPHERS="$G_CIPHERS $G"
+
+            O=`python3 translate_ciphers.py o "$CIPHERS"`
+            O_CIPHERS="$O_CIPHERS $O"
             ;;
     esac
 }
@@ -437,23 +371,19 @@ add_openssl_ciphersuites()
         "ECDSA")
             if [ `minor_ver "$MODE"` -gt 0 ]
             then
-                M_CIPHERS="$M_CIPHERS                       \
-                    TLS-ECDH-ECDSA-WITH-NULL-SHA            \
+                CIPHERS="TLS-ECDH-ECDSA-WITH-NULL-SHA       \
                     TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA    \
                     TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA     \
                     TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA     \
                     "
-                O_CIPHERS="$O_CIPHERS               \
-                    ECDH-ECDSA-NULL-SHA             \
-                    ECDH-ECDSA-DES-CBC3-SHA         \
-                    ECDH-ECDSA-AES128-SHA           \
-                    ECDH-ECDSA-AES256-SHA           \
-                    "
+                M_CIPHERS="$M_CIPHERS $CIPHERS"
+
+                O=`python3 translate_ciphers.py o "$CIPHERS"`
+                O_CIPHERS="$O_CIPHERS $O"
             fi
             if [ `minor_ver "$MODE"` -ge 3 ]
             then
-                M_CIPHERS="$M_CIPHERS                               \
-                    TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256          \
+                CIPHERS="TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256     \
                     TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384          \
                     TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256          \
                     TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384          \
@@ -461,31 +391,25 @@ add_openssl_ciphersuites()
                     TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256        \
                     TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256   \
                     "
-                O_CIPHERS="$O_CIPHERS               \
-                    ECDH-ECDSA-AES128-SHA256        \
-                    ECDH-ECDSA-AES256-SHA384        \
-                    ECDH-ECDSA-AES128-GCM-SHA256    \
-                    ECDH-ECDSA-AES256-GCM-SHA384    \
-                    ECDHE-ECDSA-ARIA256-GCM-SHA384  \
-                    ECDHE-ECDSA-ARIA128-GCM-SHA256  \
-                    ECDHE-ECDSA-CHACHA20-POLY1305   \
-                    "
+                M_CIPHERS="$M_CIPHERS $CIPHERS"
+
+                O=`python3 translate_ciphers.py o "$CIPHERS"`
+                O_CIPHERS="$O_CIPHERS $O"
             fi
             ;;
 
         "RSA")
-            M_CIPHERS="$M_CIPHERS                       \
-                TLS-RSA-WITH-DES-CBC-SHA                \
+            CIPHERS="TLS-RSA-WITH-DES-CBC-SHA           \
                 TLS-DHE-RSA-WITH-DES-CBC-SHA            \
                 "
-            O_CIPHERS="$O_CIPHERS               \
-                DES-CBC-SHA                     \
-                EDH-RSA-DES-CBC-SHA             \
-                "
+            M_CIPHERS="$M_CIPHERS $CIPHERS"
+
+            O=`python3 translate_ciphers.py o "$CIPHERS"`
+            O_CIPHERS="$O_CIPHERS $O"
+
             if [ `minor_ver "$MODE"` -ge 3 ]
             then
-                M_CIPHERS="$M_CIPHERS                               \
-                    TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384          \
+                CIPHERS="TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384     \
                     TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384            \
                     TLS-RSA-WITH-ARIA-256-GCM-SHA384                \
                     TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256          \
@@ -494,24 +418,17 @@ add_openssl_ciphersuites()
                     TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256       \
                     TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256     \
                     "
-                O_CIPHERS="$O_CIPHERS               \
-                    ECDHE-ARIA256-GCM-SHA384        \
-                    DHE-RSA-ARIA256-GCM-SHA384      \
-                    ARIA256-GCM-SHA384              \
-                    ECDHE-ARIA128-GCM-SHA256        \
-                    DHE-RSA-ARIA128-GCM-SHA256      \
-                    ARIA128-GCM-SHA256              \
-                    DHE-RSA-CHACHA20-POLY1305       \
-                    ECDHE-RSA-CHACHA20-POLY1305     \
-                    "
+                M_CIPHERS="$M_CIPHERS $CIPHERS"
+
+                O=`python3 translate_ciphers.py o "$CIPHERS"`
+                O_CIPHERS="$O_CIPHERS $O"
             fi
             ;;
 
         "PSK")
             if [ `minor_ver "$MODE"` -ge 3 ]
             then
-                M_CIPHERS="$M_CIPHERS                               \
-                    TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384            \
+                CIPHERS="TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384       \
                     TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256            \
                     TLS-PSK-WITH-ARIA-256-GCM-SHA384                \
                     TLS-PSK-WITH-ARIA-128-GCM-SHA256                \
@@ -519,15 +436,10 @@ add_openssl_ciphersuites()
                     TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256     \
                     TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256       \
                     "
-                O_CIPHERS="$O_CIPHERS               \
-                    DHE-PSK-ARIA256-GCM-SHA384      \
-                    DHE-PSK-ARIA128-GCM-SHA256      \
-                    PSK-ARIA256-GCM-SHA384          \
-                    PSK-ARIA128-GCM-SHA256          \
-                    DHE-PSK-CHACHA20-POLY1305       \
-                    ECDHE-PSK-CHACHA20-POLY1305     \
-                    PSK-CHACHA20-POLY1305           \
-                    "
+                M_CIPHERS="$M_CIPHERS $CIPHERS"
+
+                O=`python3 translate_ciphers.py o "$CIPHERS"`
+                O_CIPHERS="$O_CIPHERS $O"
             fi
             ;;
     esac
@@ -543,43 +455,34 @@ add_gnutls_ciphersuites()
         "ECDSA")
             if [ `minor_ver "$MODE"` -ge 3 ]
             then
-                M_CIPHERS="$M_CIPHERS                               \
-                    TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256    \
-                    TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384    \
-                    TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256    \
-                    TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384    \
-                    TLS-ECDHE-ECDSA-WITH-AES-128-CCM                \
-                    TLS-ECDHE-ECDSA-WITH-AES-256-CCM                \
-                    TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8              \
-                    TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8              \
-                   "
-                G_CIPHERS="$G_CIPHERS                               \
-                    +ECDHE-ECDSA:+CAMELLIA-128-CBC:+SHA256          \
-                    +ECDHE-ECDSA:+CAMELLIA-256-CBC:+SHA384          \
-                    +ECDHE-ECDSA:+CAMELLIA-128-GCM:+AEAD            \
-                    +ECDHE-ECDSA:+CAMELLIA-256-GCM:+AEAD            \
-                    +ECDHE-ECDSA:+AES-128-CCM:+AEAD                 \
-                    +ECDHE-ECDSA:+AES-256-CCM:+AEAD                 \
-                    +ECDHE-ECDSA:+AES-128-CCM-8:+AEAD               \
-                    +ECDHE-ECDSA:+AES-256-CCM-8:+AEAD               \
+                CIPHERS="TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256   \
+                    TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384        \
+                    TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256        \
+                    TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384        \
+                    TLS-ECDHE-ECDSA-WITH-AES-128-CCM                    \
+                    TLS-ECDHE-ECDSA-WITH-AES-256-CCM                    \
+                    TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8                  \
+                    TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8                  \
                    "
+                M_CIPHERS="$M_CIPHERS $CIPHERS"
+
+                G=`python3 translate_ciphers.py g "$CIPHERS"`
+                G_CIPHERS="$G_CIPHERS $G"
             fi
             ;;
 
         "RSA")
             if [ `minor_ver "$MODE"` -gt 0 ]
             then
-                M_CIPHERS="$M_CIPHERS                           \
-                    TLS-RSA-WITH-NULL-SHA256                    \
-                    "
-                G_CIPHERS="$G_CIPHERS                           \
-                    +RSA:+NULL:+SHA256                          \
-                    "
+                CIPHERS="TLS-RSA-WITH-NULL-SHA256"
+                M_CIPHERS="$M_CIPHERS $CIPHERS"
+
+                G=`python3 translate_ciphers.py g "$CIPHERS"`
+                G_CIPHERS="$G_CIPHERS $G"
             fi
             if [ `minor_ver "$MODE"` -ge 3 ]
             then
-                M_CIPHERS="$M_CIPHERS                           \
-                    TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256  \
+                CIPHERS="TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256  \
                     TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384  \
                     TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256        \
                     TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256        \
@@ -600,65 +503,41 @@ add_gnutls_ciphersuites()
                     TLS-DHE-RSA-WITH-AES-128-CCM-8              \
                     TLS-DHE-RSA-WITH-AES-256-CCM-8              \
                     "
-                G_CIPHERS="$G_CIPHERS                           \
-                    +ECDHE-RSA:+CAMELLIA-128-CBC:+SHA256        \
-                    +ECDHE-RSA:+CAMELLIA-256-CBC:+SHA384        \
-                    +RSA:+CAMELLIA-128-CBC:+SHA256              \
-                    +RSA:+CAMELLIA-256-CBC:+SHA256              \
-                    +DHE-RSA:+CAMELLIA-128-CBC:+SHA256          \
-                    +DHE-RSA:+CAMELLIA-256-CBC:+SHA256          \
-                    +ECDHE-RSA:+CAMELLIA-128-GCM:+AEAD          \
-                    +ECDHE-RSA:+CAMELLIA-256-GCM:+AEAD          \
-                    +DHE-RSA:+CAMELLIA-128-GCM:+AEAD            \
-                    +DHE-RSA:+CAMELLIA-256-GCM:+AEAD            \
-                    +RSA:+CAMELLIA-128-GCM:+AEAD                \
-                    +RSA:+CAMELLIA-256-GCM:+AEAD                \
-                    +RSA:+AES-128-CCM:+AEAD                     \
-                    +RSA:+AES-256-CCM:+AEAD                     \
-                    +RSA:+AES-128-CCM-8:+AEAD                   \
-                    +RSA:+AES-256-CCM-8:+AEAD                   \
-                    +DHE-RSA:+AES-128-CCM:+AEAD                 \
-                    +DHE-RSA:+AES-256-CCM:+AEAD                 \
-                    +DHE-RSA:+AES-128-CCM-8:+AEAD               \
-                    +DHE-RSA:+AES-256-CCM-8:+AEAD               \
-                    "
+                M_CIPHERS="$M_CIPHERS $CIPHERS"
+
+                G=`python3 translate_ciphers.py g "$CIPHERS"`
+                G_CIPHERS="$G_CIPHERS $G"
             fi
             ;;
 
         "PSK")
-            M_CIPHERS="$M_CIPHERS                               \
-                TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA               \
+            CIPHERS="TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA          \
                 TLS-DHE-PSK-WITH-AES-128-CBC-SHA                \
                 TLS-DHE-PSK-WITH-AES-256-CBC-SHA                \
                 "
-            G_CIPHERS="$G_CIPHERS                               \
-                +DHE-PSK:+3DES-CBC:+SHA1                        \
-                +DHE-PSK:+AES-128-CBC:+SHA1                     \
-                +DHE-PSK:+AES-256-CBC:+SHA1                     \
-                "
+            M_CIPHERS="$M_CIPHERS $CIPHERS"
+
+            G=`python3 translate_ciphers.py g "$CIPHERS"`
+            G_CIPHERS="$G_CIPHERS $G"
+
             if [ `minor_ver "$MODE"` -gt 0 ]
             then
-                M_CIPHERS="$M_CIPHERS                           \
-                    TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA          \
+                CIPHERS="TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA     \
                     TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA          \
                     TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA         \
                     TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA           \
                     TLS-RSA-PSK-WITH-AES-256-CBC-SHA            \
                     TLS-RSA-PSK-WITH-AES-128-CBC-SHA            \
                     "
-                G_CIPHERS="$G_CIPHERS                           \
-                    +ECDHE-PSK:+3DES-CBC:+SHA1                  \
-                    +ECDHE-PSK:+AES-128-CBC:+SHA1               \
-                    +ECDHE-PSK:+AES-256-CBC:+SHA1               \
-                    +RSA-PSK:+3DES-CBC:+SHA1                    \
-                    +RSA-PSK:+AES-256-CBC:+SHA1                 \
-                    +RSA-PSK:+AES-128-CBC:+SHA1                 \
-                    "
+                M_CIPHERS="$M_CIPHERS $CIPHERS"
+
+                G=`python3 translate_ciphers.py g "$CIPHERS"`
+                G_CIPHERS="$G_CIPHERS $G"
+
             fi
             if [ `minor_ver "$MODE"` -ge 3 ]
             then
-                M_CIPHERS="$M_CIPHERS                           \
-                    TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384       \
+                CIPHERS="TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384  \
                     TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384  \
                     TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256       \
                     TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256  \
@@ -703,52 +582,10 @@ add_gnutls_ciphersuites()
                     TLS-RSA-PSK-WITH-AES-256-GCM-SHA384         \
                     TLS-RSA-PSK-WITH-AES-128-GCM-SHA256         \
                     "
-                G_CIPHERS="$G_CIPHERS                           \
-                    +ECDHE-PSK:+AES-256-CBC:+SHA384             \
-                    +ECDHE-PSK:+CAMELLIA-256-CBC:+SHA384        \
-                    +ECDHE-PSK:+AES-128-CBC:+SHA256             \
-                    +ECDHE-PSK:+CAMELLIA-128-CBC:+SHA256        \
-                    +PSK:+AES-128-CBC:+SHA256                   \
-                    +PSK:+AES-256-CBC:+SHA384                   \
-                    +DHE-PSK:+AES-128-CBC:+SHA256               \
-                    +DHE-PSK:+AES-256-CBC:+SHA384               \
-                    +RSA-PSK:+AES-256-CBC:+SHA384               \
-                    +RSA-PSK:+AES-128-CBC:+SHA256               \
-                    +DHE-PSK:+CAMELLIA-128-CBC:+SHA256          \
-                    +DHE-PSK:+CAMELLIA-256-CBC:+SHA384          \
-                    +PSK:+CAMELLIA-128-CBC:+SHA256              \
-                    +PSK:+CAMELLIA-256-CBC:+SHA384              \
-                    +RSA-PSK:+CAMELLIA-256-CBC:+SHA384          \
-                    +RSA-PSK:+CAMELLIA-128-CBC:+SHA256          \
-                    +PSK:+AES-128-GCM:+AEAD                     \
-                    +PSK:+AES-256-GCM:+AEAD                     \
-                    +DHE-PSK:+AES-128-GCM:+AEAD                 \
-                    +DHE-PSK:+AES-256-GCM:+AEAD                 \
-                    +PSK:+AES-128-CCM:+AEAD                     \
-                    +PSK:+AES-256-CCM:+AEAD                     \
-                    +DHE-PSK:+AES-128-CCM:+AEAD                 \
-                    +DHE-PSK:+AES-256-CCM:+AEAD                 \
-                    +PSK:+AES-128-CCM-8:+AEAD                   \
-                    +PSK:+AES-256-CCM-8:+AEAD                   \
-                    +DHE-PSK:+AES-128-CCM-8:+AEAD               \
-                    +DHE-PSK:+AES-256-CCM-8:+AEAD               \
-                    +RSA-PSK:+CAMELLIA-128-GCM:+AEAD            \
-                    +RSA-PSK:+CAMELLIA-256-GCM:+AEAD            \
-                    +PSK:+CAMELLIA-128-GCM:+AEAD                \
-                    +PSK:+CAMELLIA-256-GCM:+AEAD                \
-                    +DHE-PSK:+CAMELLIA-128-GCM:+AEAD            \
-                    +DHE-PSK:+CAMELLIA-256-GCM:+AEAD            \
-                    +RSA-PSK:+AES-256-GCM:+AEAD                 \
-                    +RSA-PSK:+AES-128-GCM:+AEAD                 \
-                    +ECDHE-PSK:+NULL:+SHA384                    \
-                    +ECDHE-PSK:+NULL:+SHA256                    \
-                    +PSK:+NULL:+SHA256                          \
-                    +PSK:+NULL:+SHA384                          \
-                    +DHE-PSK:+NULL:+SHA256                      \
-                    +DHE-PSK:+NULL:+SHA384                      \
-                    +RSA-PSK:+NULL:+SHA256                      \
-                    +RSA-PSK:+NULL:+SHA384                      \
-                    "
+                M_CIPHERS="$M_CIPHERS $CIPHERS"
+
+                G=`python3 translate_ciphers.py g "$CIPHERS"`
+                G_CIPHERS="$G_CIPHERS $G"
             fi
             ;;
     esac
diff --git a/tests/test_translate_format.sh b/tests/test_translate_format.sh
index 55d8a8a8e8..241db47398 100755
--- a/tests/test_translate_format.sh
+++ b/tests/test_translate_format.sh
@@ -46,16 +46,13 @@ CIPHERS="TLS-ECDHE-ECDSA-WITH-NULL-SHA      \
     TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA    \
     "
 
-M_CIPHERS="$M_CIPHERS                       \
-           $CIPHERS"
+M_CIPHERS="$M_CIPHERS $CIPHERS"
 
 G=`python3 translate_ciphers.py g "$CIPHERS"`
-G_CIPHERS="$G_CIPHERS                       \
-           $G"
+G_CIPHERS="$G_CIPHERS $G"
 
 O=`python3 translate_ciphers.py o "$CIPHERS"`
-O_CIPHERS="$O_CIPHERS                       \
-           $O"
+O_CIPHERS="$O_CIPHERS $O"
 
 Mt_CIPHERS="$Mt_CIPHERS                       \
     TLS-ECDHE-ECDSA-WITH-NULL-SHA           \
@@ -84,16 +81,13 @@ CIPHERS="TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256         \
           TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384         \
          "
 
-M_CIPHERS="$M_CIPHERS                       \
-           $CIPHERS"
+M_CIPHERS="$M_CIPHERS $CIPHERS"
 
 G=`python3 translate_ciphers.py g "$CIPHERS"`
-G_CIPHERS="$G_CIPHERS                       \
-           $G"
+G_CIPHERS="$G_CIPHERS $G"
 
 O=`python3 translate_ciphers.py o "$CIPHERS"`
-O_CIPHERS="$O_CIPHERS                       \
-           $O"
+O_CIPHERS="$O_CIPHERS $O"
 
 Mt_CIPHERS="$Mt_CIPHERS                               \
     TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256         \

From d16d273a40a87838fa53d994905b5c86f67cd9e5 Mon Sep 17 00:00:00 2001
From: Joe Subbiani <joe.subbiani@arm.com>
Date: Mon, 26 Jul 2021 13:33:35 +0100
Subject: [PATCH 388/966] Compact 2 format functions to 1

In translate_ciphers.py there were 2 format functions that were
virtually identical and a check was made beforehand to decide
which one to call. Now the check is made inside a single function
to reduce duplicate code

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
---
 tests/translate_ciphers.py | 32 +++++++++++---------------------
 1 file changed, 11 insertions(+), 21 deletions(-)

diff --git a/tests/translate_ciphers.py b/tests/translate_ciphers.py
index 07affb290d..d6b604dd3d 100755
--- a/tests/translate_ciphers.py
+++ b/tests/translate_ciphers.py
@@ -97,33 +97,23 @@ def translate_ossl(m_cipher):
 
     return m_cipher
 
-def format_g(m_ciphers):
-    #ciphers = (re.findall(r"TLS-.+\s*\\", m_ciphers))
-    m_ciphers = m_ciphers.split()
-    g_ciphers = []
-    for i in m_ciphers:
-        g_ciphers.append(translate_gnu(i))
-    return " ".join(g_ciphers)
-
-def format_o(m_ciphers):
-    m_ciphers = m_ciphers.split()
-    o_ciphers = []
-    for i in m_ciphers:
-        o_ciphers.append(translate_ossl(i))
-    return " ".join(o_ciphers)
+def format(mode, ciphers):
+    ciphers = ciphers.split()
+    t_ciphers = []
+    if mode == "g":
+        for i in ciphers:
+            t_ciphers.append(translate_gnu(i))
+    if mode == "o":
+        for i in ciphers:
+            t_ciphers.append(translate_ossl(i))
+    return " ".join(t_ciphers)
 
 def main():
     # print command line arguments
     if len(sys.argv) <= 2:
         exit(1)
-    if sys.argv[1] == "g":
-        print(format_g(sys.argv[2]))
-        exit(0)
-    elif sys.argv[1] == "o":
-        print(format_o(sys.argv[2]))
-        exit(0)
     else:
-        exit(1)
+        print(format(sys.argv[1], sys.argv[2]))
 
 if __name__ == "__main__":
     main()

From 34d62620fb1d915c99e16e3f780a3c1f69647a5f Mon Sep 17 00:00:00 2001
From: Joe Subbiani <joe.subbiani@arm.com>
Date: Tue, 27 Jul 2021 14:55:56 +0100
Subject: [PATCH 389/966] Reduce calls to translate_ciphers.py in compat.sh

After every edge case to append which ciphers were being used
a call to translate_ciphers.py was being made.

Now a call to translate_ciphers are made at the end of every
function where ciphersuite names are being added. This occurs
3 times. 1 for MBedTLS, GNUTLS and OpenSSL. 1 for MBedTLS and
OpenSSL and another 1 for MBedTLS and GNUTLS.

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
---
 tests/compat.sh | 166 +++++++++++++++++-------------------------------
 1 file changed, 57 insertions(+), 109 deletions(-)

diff --git a/tests/compat.sh b/tests/compat.sh
index 04b4dd521c..8e0988e998 100755
--- a/tests/compat.sh
+++ b/tests/compat.sh
@@ -241,43 +241,33 @@ reset_ciphersuites()
 # three times: in each peer's list (with the name that this peer uses).
 add_common_ciphersuites()
 {
+    CIPHERS=""
     case $TYPE in
 
         "ECDSA")
             if [ `minor_ver "$MODE"` -gt 0 ]
             then
-                CIPHERS="TLS-ECDHE-ECDSA-WITH-NULL-SHA      \
+                CIPHERS="$CIPHERS                           \
+                    TLS-ECDHE-ECDSA-WITH-NULL-SHA           \
                     TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA   \
                     TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA    \
                     TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA    \
                     "
-                M_CIPHERS="$M_CIPHERS $CIPHERS"
-
-                G=`python3 translate_ciphers.py g "$CIPHERS"`
-                G_CIPHERS="$G_CIPHERS $G"
-
-                O=`python3 translate_ciphers.py o "$CIPHERS"`
-                O_CIPHERS="$O_CIPHERS $O"
             fi
             if [ `minor_ver "$MODE"` -ge 3 ]
             then
-                CIPHERS="TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256    \
+                CIPHERS="$CIPHERS                                   \
+                    TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256         \
                     TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384         \
                     TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256         \
                     TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384         \
                     "
-                M_CIPHERS="$M_CIPHERS $CIPHERS"
-
-                G=`python3 translate_ciphers.py g "$CIPHERS"`
-                G_CIPHERS="$G_CIPHERS $G"
-
-                O=`python3 translate_ciphers.py o "$CIPHERS"`
-                O_CIPHERS="$O_CIPHERS $O"
             fi
             ;;
 
         "RSA")
-            CIPHERS="TLS-DHE-RSA-WITH-AES-128-CBC-SHA        \
+            CIPHERS="$CIPHERS                           \
+                TLS-DHE-RSA-WITH-AES-128-CBC-SHA        \
                 TLS-DHE-RSA-WITH-AES-256-CBC-SHA        \
                 TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA   \
                 TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA   \
@@ -290,32 +280,19 @@ add_common_ciphersuites()
                 TLS-RSA-WITH-NULL-MD5                   \
                 TLS-RSA-WITH-NULL-SHA                   \
                 "
-            M_CIPHERS="$M_CIPHERS $CIPHERS"
-
-            G=`python3 translate_ciphers.py g "$CIPHERS"`
-            G_CIPHERS="$G_CIPHERS $G"
-
-            O=`python3 translate_ciphers.py o "$CIPHERS"`
-            O_CIPHERS="$O_CIPHERS $O"
-
             if [ `minor_ver "$MODE"` -gt 0 ]
             then
-                CIPHERS="TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA \
+                CIPHERS="$CIPHERS                           \
+                    TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA      \
                     TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA      \
                     TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA     \
                     TLS-ECDHE-RSA-WITH-NULL-SHA             \
                     "
-                M_CIPHERS="$M_CIPHERS $CIPHERS"
-
-                G=`python3 translate_ciphers.py g "$CIPHERS"`
-                G_CIPHERS="$G_CIPHERS $G"
-
-                O=`python3 translate_ciphers.py o "$CIPHERS"`
-                O_CIPHERS="$O_CIPHERS $O"
             fi
             if [ `minor_ver "$MODE"` -ge 3 ]
             then
-                CIPHERS="TLS-RSA-WITH-AES-128-CBC-SHA256    \
+                CIPHERS="$CIPHERS                           \
+                    TLS-RSA-WITH-AES-128-CBC-SHA256         \
                     TLS-DHE-RSA-WITH-AES-128-CBC-SHA256     \
                     TLS-RSA-WITH-AES-256-CBC-SHA256         \
                     TLS-DHE-RSA-WITH-AES-256-CBC-SHA256     \
@@ -328,30 +305,26 @@ add_common_ciphersuites()
                     TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256   \
                     TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384   \
                     "
-                M_CIPHERS="$M_CIPHERS $CIPHERS"
-
-                G=`python3 translate_ciphers.py g "$CIPHERS"`
-                G_CIPHERS="$G_CIPHERS $G"
-
-                O=`python3 translate_ciphers.py o "$CIPHERS"`
-                O_CIPHERS="$O_CIPHERS NULL-SHA256  $O"
+                O_CIPHERS="$O_CIPHERS NULL-SHA256"
             fi
             ;;
 
         "PSK")
-            CIPHERS="TLS-PSK-WITH-3DES-EDE-CBC-SH       \
+            CIPHERS="$CIPHERS                           \
+                TLS-PSK-WITH-3DES-EDE-CBC-SHA           \
                 TLS-PSK-WITH-AES-128-CBC-SHA            \
                 TLS-PSK-WITH-AES-256-CBC-SHA            \
                 "
-            M_CIPHERS="$M_CIPHERS $CIPHERS"
-
-            G=`python3 translate_ciphers.py g "$CIPHERS"`
-            G_CIPHERS="$G_CIPHERS $G"
-
-            O=`python3 translate_ciphers.py o "$CIPHERS"`
-            O_CIPHERS="$O_CIPHERS $O"
             ;;
     esac
+
+    M_CIPHERS="$M_CIPHERS $CIPHERS"
+
+    G=`python3 translate_ciphers.py g "$CIPHERS"`
+    G_CIPHERS="$G_CIPHERS $G"
+
+    O=`python3 translate_ciphers.py o "$CIPHERS"`
+    O_CIPHERS="$O_CIPHERS $O"
 }
 
 # Ciphersuites usable only with Mbed TLS and OpenSSL
@@ -366,24 +339,23 @@ add_common_ciphersuites()
 # GnuTLS in 3.5.0 and the CI only has 3.4.x so far.
 add_openssl_ciphersuites()
 {
+    CIPHERS=""
     case $TYPE in
 
         "ECDSA")
             if [ `minor_ver "$MODE"` -gt 0 ]
             then
-                CIPHERS="TLS-ECDH-ECDSA-WITH-NULL-SHA       \
+                CIPHERS="$CIPHERS                           \
+                    TLS-ECDH-ECDSA-WITH-NULL-SHA       \
                     TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA    \
                     TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA     \
                     TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA     \
                     "
-                M_CIPHERS="$M_CIPHERS $CIPHERS"
-
-                O=`python3 translate_ciphers.py o "$CIPHERS"`
-                O_CIPHERS="$O_CIPHERS $O"
             fi
             if [ `minor_ver "$MODE"` -ge 3 ]
             then
-                CIPHERS="TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256     \
+                CIPHERS="$CIPHERS                           \
+                    TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256     \
                     TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384          \
                     TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256          \
                     TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384          \
@@ -391,25 +363,18 @@ add_openssl_ciphersuites()
                     TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256        \
                     TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256   \
                     "
-                M_CIPHERS="$M_CIPHERS $CIPHERS"
-
-                O=`python3 translate_ciphers.py o "$CIPHERS"`
-                O_CIPHERS="$O_CIPHERS $O"
             fi
             ;;
 
         "RSA")
-            CIPHERS="TLS-RSA-WITH-DES-CBC-SHA           \
+            CIPHERS="$CIPHERS                           \
+                TLS-RSA-WITH-DES-CBC-SHA           \
                 TLS-DHE-RSA-WITH-DES-CBC-SHA            \
                 "
-            M_CIPHERS="$M_CIPHERS $CIPHERS"
-
-            O=`python3 translate_ciphers.py o "$CIPHERS"`
-            O_CIPHERS="$O_CIPHERS $O"
-
             if [ `minor_ver "$MODE"` -ge 3 ]
             then
-                CIPHERS="TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384     \
+                CIPHERS="$CIPHERS                           \
+                    TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384     \
                     TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384            \
                     TLS-RSA-WITH-ARIA-256-GCM-SHA384                \
                     TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256          \
@@ -418,17 +383,14 @@ add_openssl_ciphersuites()
                     TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256       \
                     TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256     \
                     "
-                M_CIPHERS="$M_CIPHERS $CIPHERS"
-
-                O=`python3 translate_ciphers.py o "$CIPHERS"`
-                O_CIPHERS="$O_CIPHERS $O"
             fi
             ;;
 
         "PSK")
             if [ `minor_ver "$MODE"` -ge 3 ]
             then
-                CIPHERS="TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384       \
+                CIPHERS="$CIPHERS                           \
+                    TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384       \
                     TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256            \
                     TLS-PSK-WITH-ARIA-256-GCM-SHA384                \
                     TLS-PSK-WITH-ARIA-128-GCM-SHA256                \
@@ -436,13 +398,14 @@ add_openssl_ciphersuites()
                     TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256     \
                     TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256       \
                     "
-                M_CIPHERS="$M_CIPHERS $CIPHERS"
-
-                O=`python3 translate_ciphers.py o "$CIPHERS"`
-                O_CIPHERS="$O_CIPHERS $O"
             fi
             ;;
     esac
+
+    M_CIPHERS="$M_CIPHERS $CIPHERS"
+
+    O=`python3 translate_ciphers.py o "$CIPHERS"`
+    O_CIPHERS="$O_CIPHERS $O"
 }
 
 # Ciphersuites usable only with Mbed TLS and GnuTLS
@@ -450,12 +413,14 @@ add_openssl_ciphersuites()
 # with its Mbed TLS name.
 add_gnutls_ciphersuites()
 {
+    CIPHERS=""
     case $TYPE in
 
         "ECDSA")
             if [ `minor_ver "$MODE"` -ge 3 ]
             then
-                CIPHERS="TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256   \
+                CIPHERS="$CIPHERS                           \
+                    TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256   \
                     TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384        \
                     TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256        \
                     TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384        \
@@ -464,25 +429,18 @@ add_gnutls_ciphersuites()
                     TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8                  \
                     TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8                  \
                    "
-                M_CIPHERS="$M_CIPHERS $CIPHERS"
-
-                G=`python3 translate_ciphers.py g "$CIPHERS"`
-                G_CIPHERS="$G_CIPHERS $G"
             fi
             ;;
 
         "RSA")
             if [ `minor_ver "$MODE"` -gt 0 ]
             then
-                CIPHERS="TLS-RSA-WITH-NULL-SHA256"
-                M_CIPHERS="$M_CIPHERS $CIPHERS"
-
-                G=`python3 translate_ciphers.py g "$CIPHERS"`
-                G_CIPHERS="$G_CIPHERS $G"
+                CIPHERS="$CIPHERS TLS-RSA-WITH-NULL-SHA256"
             fi
             if [ `minor_ver "$MODE"` -ge 3 ]
             then
-                CIPHERS="TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256  \
+                CIPHERS="$CIPHERS                               \
+                    TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256  \
                     TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384  \
                     TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256        \
                     TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256        \
@@ -503,41 +461,30 @@ add_gnutls_ciphersuites()
                     TLS-DHE-RSA-WITH-AES-128-CCM-8              \
                     TLS-DHE-RSA-WITH-AES-256-CCM-8              \
                     "
-                M_CIPHERS="$M_CIPHERS $CIPHERS"
-
-                G=`python3 translate_ciphers.py g "$CIPHERS"`
-                G_CIPHERS="$G_CIPHERS $G"
             fi
             ;;
 
         "PSK")
-            CIPHERS="TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA          \
-                TLS-DHE-PSK-WITH-AES-128-CBC-SHA                \
-                TLS-DHE-PSK-WITH-AES-256-CBC-SHA                \
+            CIPHERS="$CIPHERS                                 \
+                TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA             \
+                TLS-DHE-PSK-WITH-AES-128-CBC-SHA              \
+                TLS-DHE-PSK-WITH-AES-256-CBC-SHA              \
                 "
-            M_CIPHERS="$M_CIPHERS $CIPHERS"
-
-            G=`python3 translate_ciphers.py g "$CIPHERS"`
-            G_CIPHERS="$G_CIPHERS $G"
-
             if [ `minor_ver "$MODE"` -gt 0 ]
             then
-                CIPHERS="TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA     \
+                CIPHERS="$CIPHERS                               \
+                    TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA          \
                     TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA          \
                     TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA         \
                     TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA           \
                     TLS-RSA-PSK-WITH-AES-256-CBC-SHA            \
                     TLS-RSA-PSK-WITH-AES-128-CBC-SHA            \
                     "
-                M_CIPHERS="$M_CIPHERS $CIPHERS"
-
-                G=`python3 translate_ciphers.py g "$CIPHERS"`
-                G_CIPHERS="$G_CIPHERS $G"
-
             fi
             if [ `minor_ver "$MODE"` -ge 3 ]
             then
-                CIPHERS="TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384  \
+                CIPHERS="$CIPHERS                               \
+                    TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384       \
                     TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384  \
                     TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256       \
                     TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256  \
@@ -582,13 +529,14 @@ add_gnutls_ciphersuites()
                     TLS-RSA-PSK-WITH-AES-256-GCM-SHA384         \
                     TLS-RSA-PSK-WITH-AES-128-GCM-SHA256         \
                     "
-                M_CIPHERS="$M_CIPHERS $CIPHERS"
-
-                G=`python3 translate_ciphers.py g "$CIPHERS"`
-                G_CIPHERS="$G_CIPHERS $G"
             fi
             ;;
     esac
+    
+    M_CIPHERS="$M_CIPHERS $CIPHERS"
+
+    G=`python3 translate_ciphers.py g "$CIPHERS"`
+    G_CIPHERS="$G_CIPHERS $G"
 }
 
 # Ciphersuites usable only with Mbed TLS (not currently supported by another

From 0fadf8ef7dd25f7aee9df0db09bf6d52a7b3b20b Mon Sep 17 00:00:00 2001
From: Joe Subbiani <joe.subbiani@arm.com>
Date: Tue, 27 Jul 2021 15:22:26 +0100
Subject: [PATCH 390/966] Improve coding style and consistancy

 - Replace uses of mbed and gnu with mbedtls and gnutls respectivley.
 - Uses sys.exit() rather than exit()
 - Rename format() as it is an inbuilt python function
 - Add error information if incorrect arguments are passsed to
   translate_ciphers.py

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
---
 ...at.sh => test_translate_ciphers_format.sh} |  8 ++--
 ...mes.py => test_translate_ciphers_names.py} | 19 +++-----
 tests/translate_ciphers.py                    | 48 ++++++++++++-------
 3 files changed, 41 insertions(+), 34 deletions(-)
 rename tests/{test_translate_format.sh => test_translate_ciphers_format.sh} (96%)
 rename tests/{test_translate_names.py => test_translate_ciphers_names.py} (97%)

diff --git a/tests/test_translate_format.sh b/tests/test_translate_ciphers_format.sh
similarity index 96%
rename from tests/test_translate_format.sh
rename to tests/test_translate_ciphers_format.sh
index 241db47398..9b3b4bb823 100755
--- a/tests/test_translate_format.sh
+++ b/tests/test_translate_ciphers_format.sh
@@ -121,13 +121,13 @@ Ot_CIPHERS=$( echo "$Ot_CIPHERS" | sed -e 's/[[:space:]][[:space:]]*/ /g' -e 's/
 # Upon fail, print them to view the differences
 if [ "$Mt_CIPHERS" != "$M_CIPHERS" ]
 then
-    echo "MBED Translated:   $M_CIPHERS"
-    echo "MBED Original:     $Mt_CIPHERS"
+    echo "MBEDTLS Translated:   $M_CIPHERS"
+    echo "MBEDTLS Original:     $Mt_CIPHERS"
 fi
 if [ "$Gt_CIPHERS" != "$G_CIPHERS" ]
 then
-    echo "GNU Translated:    $G_CIPHERS"
-    echo "GNU Original:      $Gt_CIPHERS"
+    echo "GNUTLS Translated:    $G_CIPHERS"
+    echo "GNUTLS Original:      $Gt_CIPHERS"
 fi
 if [ "$Ot_CIPHERS" != "$O_CIPHERS" ]
 then
diff --git a/tests/test_translate_names.py b/tests/test_translate_ciphers_names.py
similarity index 97%
rename from tests/test_translate_names.py
rename to tests/test_translate_ciphers_names.py
index d018c10916..70b2a8fc7d 100755
--- a/tests/test_translate_names.py
+++ b/tests/test_translate_ciphers_names.py
@@ -21,7 +21,7 @@
 #
 # Test translate_ciphers.py by running every MBedTLS ciphersuite name
 # combination through the translate functions and comparing them to their
-# correct GNU or OpenSSL counterpart.
+# correct GNUTLS or OpenSSL counterpart.
 
 from translate_ciphers import *
 
@@ -170,21 +170,17 @@ def test_all_common():
         "PSK-3DES-EDE-CBC-SHA",
         "PSK-AES128-CBC-SHA",
         "PSK-AES256-CBC-SHA",
-
-        #"PSK-DES-CBC3-SHA",
-        #"PSK-AES128-SHA",
-        #"PSK-AES256-SHA",
     ]
 
     for i in range(len(m_ciphers)):
 
-        g = translate_gnu(m_ciphers[i])
+        g = translate_gnutls(m_ciphers[i])
         assert_equal(g, g_ciphers[i])
 
         o = translate_ossl(m_ciphers[i])
         assert_equal(o, o_ciphers[i])
 
-def test_mbed_ossl_common():
+def test_mbedtls_ossl_common():
     m_ciphers = [
         "TLS-ECDH-ECDSA-WITH-NULL-SHA",
         "TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA",
@@ -235,7 +231,6 @@ def test_mbed_ossl_common():
 
         "DES-CBC-SHA",
         "EDH-RSA-DES-CBC-SHA",
-        #"DHE-RSA-DES-CBC-SHA",
 
         "ECDHE-ARIA256-GCM-SHA384",
         "DHE-RSA-ARIA256-GCM-SHA384",
@@ -260,7 +255,7 @@ def test_mbed_ossl_common():
         o = translate_ossl(m_ciphers[i])
         assert_equal(o, o_ciphers[i])
 
-def test_mbed_gnu_common():
+def test_mbedtls_gnutls_common():
     m_ciphers = [
         "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
         "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
@@ -442,9 +437,9 @@ def test_mbed_gnu_common():
 
     for i in range(len(m_ciphers)):
 
-        g = translate_gnu(m_ciphers[i])
+        g = translate_gnutls(m_ciphers[i])
         assert_equal(g, g_ciphers[i])
 
 test_all_common()
-test_mbed_ossl_common()
-test_mbed_gnu_common()
+test_mbedtls_ossl_common()
+test_mbedtls_gnutls_common()
diff --git a/tests/translate_ciphers.py b/tests/translate_ciphers.py
index d6b604dd3d..0f76cf5083 100755
--- a/tests/translate_ciphers.py
+++ b/tests/translate_ciphers.py
@@ -19,20 +19,20 @@
 #
 # Purpose
 #
-# Translate ciphersuite names in MBedTLS format to OpenSSL and GNU
+# Translate ciphersuite names in MBedTLS format to OpenSSL and GNUTLS
 # standards.
 #
 # Format and analyse strings past in via input arguments to match
 # the expected strings utilised in compat.sh.
 #
-# sys.argv[1] should be "g" or "o" for GNU or OpenSSL.
+# sys.argv[1] should be "g" or "o" for GNUTLS or OpenSSL.
 # sys.argv[2] should be a string containing one or more
 # ciphersuite names.
 
 import re
 import sys
 
-def translate_gnu(m_cipher):
+def translate_gnutls(m_cipher):
     # Remove "TLS-"
     # Replace "-WITH-" with ":+"
     # Remove "EDE"
@@ -97,23 +97,35 @@ def translate_ossl(m_cipher):
 
     return m_cipher
 
-def format(mode, ciphers):
-    ciphers = ciphers.split()
-    t_ciphers = []
-    if mode == "g":
-        for i in ciphers:
-            t_ciphers.append(translate_gnu(i))
-    if mode == "o":
-        for i in ciphers:
-            t_ciphers.append(translate_ossl(i))
-    return " ".join(t_ciphers)
+def format_ciphersuite_names(mode, ciphers):
+    #ciphers = ciphers.split()
+    #t_ciphers = []
+    #if mode == "g":
+    #    for i in ciphers:
+    #        t_ciphers.append(translate_gnutls(i))
+    #elif mode == "o":
+    #    for i in ciphers:
+    #        t_ciphers.append(translate_ossl(i))
+    #else:
+    #    print("Incorrect use of argument 1, should be either \"g\" or \"o\"")
+    #    exit(1)
+    #return " ".join(t_ciphers)
+    try:
+        t = {"g": translate_gnutls, "o": translate_ossl}[mode]
+        return " ".join(t(c) for c in ciphers.split())
+    except Exception as E:
+        if E != mode: print(E)
+        else: print("Incorrect use of argument 1, should be either \"g\" or \"o\"")
+        sys.exit(1)
 
 def main():
-    # print command line arguments
-    if len(sys.argv) <= 2:
-        exit(1)
-    else:
-        print(format(sys.argv[1], sys.argv[2]))
+    if len(sys.argv) != 3:
+        print("""Incorrect number of arguments. 
+The first argument with either an \"o\" for OpenSSL or \"g\" for GNUTLS.
+The second argument should a single space seperated string of MBedTLS ciphersuite names""")
+        sys.exit(1)
+    print(format_ciphersuite_names(sys.argv[1], sys.argv[2]))
+    sys.exit(0)
 
 if __name__ == "__main__":
     main()

From 6452f1ee35cc19d964390021c8ca71df14143360 Mon Sep 17 00:00:00 2001
From: Joe Subbiani <joe.subbiani@arm.com>
Date: Tue, 27 Jul 2021 15:28:07 +0100
Subject: [PATCH 391/966] Modify file name comments to match the file rename

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
---
 tests/test_translate_ciphers_format.sh | 2 +-
 tests/test_translate_ciphers_names.py  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/test_translate_ciphers_format.sh b/tests/test_translate_ciphers_format.sh
index 9b3b4bb823..97a6c23c70 100755
--- a/tests/test_translate_ciphers_format.sh
+++ b/tests/test_translate_ciphers_format.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 
-# test_translate_format.sh
+# test_translate_ciphers_format.sh
 #
 # Copyright The Mbed TLS Contributors
 # SPDX-License-Identifier: Apache-2.0
diff --git a/tests/test_translate_ciphers_names.py b/tests/test_translate_ciphers_names.py
index 70b2a8fc7d..f6cfa6db5a 100755
--- a/tests/test_translate_ciphers_names.py
+++ b/tests/test_translate_ciphers_names.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 
-# test_translate_names.py
+# test_translate_ciphers_names.py
 #
 # Copyright The Mbed TLS Contributors
 # SPDX-License-Identifier: Apache-2.0

From a032963d65f025205cc72406e8b813021e8e18d6 Mon Sep 17 00:00:00 2001
From: Joe Subbiani <joe.subbiani@arm.com>
Date: Tue, 27 Jul 2021 15:40:12 +0100
Subject: [PATCH 392/966] Modify comment descriptions of add_xxx_ciphersuites()

Modify the comments to include the use of the translate function
and retire the explanation of maintaining 2 seperate lists

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
---
 tests/compat.sh | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/tests/compat.sh b/tests/compat.sh
index 8e0988e998..ffad4ec4f8 100755
--- a/tests/compat.sh
+++ b/tests/compat.sh
@@ -328,8 +328,10 @@ add_common_ciphersuites()
 }
 
 # Ciphersuites usable only with Mbed TLS and OpenSSL
-# Each ciphersuite should appear two times, once with its OpenSSL name, once
-# with its Mbed TLS name.
+# Each ciphersuite is compiled case by case in the MBedTLS standard, and
+# is appended to the list of MBedTLS ciphersuites $M_CIPHERS. The same list
+# is translated to the OpenSSL naming standard and appended to the list of 
+# OpenSSL ciphersuites $O_CIPHERS
 #
 # NOTE: for some reason RSA-PSK doesn't work with OpenSSL,
 # so RSA-PSK ciphersuites need to go in other sections, see
@@ -409,8 +411,10 @@ add_openssl_ciphersuites()
 }
 
 # Ciphersuites usable only with Mbed TLS and GnuTLS
-# Each ciphersuite should appear two times, once with its GnuTLS name, once
-# with its Mbed TLS name.
+# Each ciphersuite is compiled case by case in the MBedTLS standard, and
+# is appended to the list of MBedTLS ciphersuites $M_CIPHERS. The same list
+# is translated to the GnuTLS naming standard and appended to the list of 
+# GnuTLS ciphersuites $G_CIPHERS
 add_gnutls_ciphersuites()
 {
     CIPHERS=""

From 43592bd1f9c708a38b95a3bbf62ffb825304d7e9 Mon Sep 17 00:00:00 2001
From: Joe Subbiani <joe.subbiani@arm.com>
Date: Tue, 27 Jul 2021 16:32:21 +0100
Subject: [PATCH 393/966] Remove trailing whitespaces

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
---
 tests/compat.sh            | 6 +++---
 tests/translate_ciphers.py | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/tests/compat.sh b/tests/compat.sh
index ffad4ec4f8..391a1e045d 100755
--- a/tests/compat.sh
+++ b/tests/compat.sh
@@ -330,7 +330,7 @@ add_common_ciphersuites()
 # Ciphersuites usable only with Mbed TLS and OpenSSL
 # Each ciphersuite is compiled case by case in the MBedTLS standard, and
 # is appended to the list of MBedTLS ciphersuites $M_CIPHERS. The same list
-# is translated to the OpenSSL naming standard and appended to the list of 
+# is translated to the OpenSSL naming standard and appended to the list of
 # OpenSSL ciphersuites $O_CIPHERS
 #
 # NOTE: for some reason RSA-PSK doesn't work with OpenSSL,
@@ -413,7 +413,7 @@ add_openssl_ciphersuites()
 # Ciphersuites usable only with Mbed TLS and GnuTLS
 # Each ciphersuite is compiled case by case in the MBedTLS standard, and
 # is appended to the list of MBedTLS ciphersuites $M_CIPHERS. The same list
-# is translated to the GnuTLS naming standard and appended to the list of 
+# is translated to the GnuTLS naming standard and appended to the list of
 # GnuTLS ciphersuites $G_CIPHERS
 add_gnutls_ciphersuites()
 {
@@ -536,7 +536,7 @@ add_gnutls_ciphersuites()
             fi
             ;;
     esac
-    
+
     M_CIPHERS="$M_CIPHERS $CIPHERS"
 
     G=`python3 translate_ciphers.py g "$CIPHERS"`
diff --git a/tests/translate_ciphers.py b/tests/translate_ciphers.py
index 0f76cf5083..5f9a5e384b 100755
--- a/tests/translate_ciphers.py
+++ b/tests/translate_ciphers.py
@@ -120,7 +120,7 @@ def format_ciphersuite_names(mode, ciphers):
 
 def main():
     if len(sys.argv) != 3:
-        print("""Incorrect number of arguments. 
+        print("""Incorrect number of arguments.
 The first argument with either an \"o\" for OpenSSL or \"g\" for GNUTLS.
 The second argument should a single space seperated string of MBedTLS ciphersuite names""")
         sys.exit(1)

From 4a703cef899ab5a644a6b19993fdedc02f315dc8 Mon Sep 17 00:00:00 2001
From: Joe Subbiani <joe.subbiani@arm.com>
Date: Wed, 28 Jul 2021 09:59:25 +0100
Subject: [PATCH 394/966] Remove commented out old code

When making a modified function I commented out the previous code
in case I needed to use some of it, and forgot to remove it. This
has now been resolved

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
---
 tests/translate_ciphers.py | 12 ------------
 1 file changed, 12 deletions(-)

diff --git a/tests/translate_ciphers.py b/tests/translate_ciphers.py
index 5f9a5e384b..2f1543c045 100755
--- a/tests/translate_ciphers.py
+++ b/tests/translate_ciphers.py
@@ -98,18 +98,6 @@ def translate_ossl(m_cipher):
     return m_cipher
 
 def format_ciphersuite_names(mode, ciphers):
-    #ciphers = ciphers.split()
-    #t_ciphers = []
-    #if mode == "g":
-    #    for i in ciphers:
-    #        t_ciphers.append(translate_gnutls(i))
-    #elif mode == "o":
-    #    for i in ciphers:
-    #        t_ciphers.append(translate_ossl(i))
-    #else:
-    #    print("Incorrect use of argument 1, should be either \"g\" or \"o\"")
-    #    exit(1)
-    #return " ".join(t_ciphers)
     try:
         t = {"g": translate_gnutls, "o": translate_ossl}[mode]
         return " ".join(t(c) for c in ciphers.split())

From f3fcc29eb159152dc05fbe40bd5d47f0ccbac042 Mon Sep 17 00:00:00 2001
From: Joe Subbiani <joe.subbiani@arm.com>
Date: Wed, 28 Jul 2021 15:51:02 +0100
Subject: [PATCH 395/966] Move translate scripts to appropriate folder

"tests/scripts/*.py is executable programs used only for testing"

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
---
 tests/compat.sh                                      | 8 ++++----
 tests/{ => scripts}/test_translate_ciphers_format.sh | 0
 tests/{ => scripts}/test_translate_ciphers_names.py  | 0
 tests/{ => scripts}/translate_ciphers.py             | 0
 4 files changed, 4 insertions(+), 4 deletions(-)
 rename tests/{ => scripts}/test_translate_ciphers_format.sh (100%)
 rename tests/{ => scripts}/test_translate_ciphers_names.py (100%)
 rename tests/{ => scripts}/translate_ciphers.py (100%)

diff --git a/tests/compat.sh b/tests/compat.sh
index 391a1e045d..e814e9db16 100755
--- a/tests/compat.sh
+++ b/tests/compat.sh
@@ -320,10 +320,10 @@ add_common_ciphersuites()
 
     M_CIPHERS="$M_CIPHERS $CIPHERS"
 
-    G=`python3 translate_ciphers.py g "$CIPHERS"`
+    G=`python3 scripts/translate_ciphers.py g "$CIPHERS"`
     G_CIPHERS="$G_CIPHERS $G"
 
-    O=`python3 translate_ciphers.py o "$CIPHERS"`
+    O=`python3 scripts/translate_ciphers.py o "$CIPHERS"`
     O_CIPHERS="$O_CIPHERS $O"
 }
 
@@ -406,7 +406,7 @@ add_openssl_ciphersuites()
 
     M_CIPHERS="$M_CIPHERS $CIPHERS"
 
-    O=`python3 translate_ciphers.py o "$CIPHERS"`
+    O=`python3 scripts/translate_ciphers.py o "$CIPHERS"`
     O_CIPHERS="$O_CIPHERS $O"
 }
 
@@ -539,7 +539,7 @@ add_gnutls_ciphersuites()
 
     M_CIPHERS="$M_CIPHERS $CIPHERS"
 
-    G=`python3 translate_ciphers.py g "$CIPHERS"`
+    G=`python3 scripts/translate_ciphers.py g "$CIPHERS"`
     G_CIPHERS="$G_CIPHERS $G"
 }
 
diff --git a/tests/test_translate_ciphers_format.sh b/tests/scripts/test_translate_ciphers_format.sh
similarity index 100%
rename from tests/test_translate_ciphers_format.sh
rename to tests/scripts/test_translate_ciphers_format.sh
diff --git a/tests/test_translate_ciphers_names.py b/tests/scripts/test_translate_ciphers_names.py
similarity index 100%
rename from tests/test_translate_ciphers_names.py
rename to tests/scripts/test_translate_ciphers_names.py
diff --git a/tests/translate_ciphers.py b/tests/scripts/translate_ciphers.py
similarity index 100%
rename from tests/translate_ciphers.py
rename to tests/scripts/translate_ciphers.py

From f849a93d94e1f9d0122352598c0f6f47be532a85 Mon Sep 17 00:00:00 2001
From: Joe Subbiani <joe.subbiani@arm.com>
Date: Wed, 28 Jul 2021 16:50:30 +0100
Subject: [PATCH 396/966] Improve python coding style

As per check-python-files.sh, added string documentation for
files and functions.

Modified for loops to use enumerate rather than range(len(
although as the same iteration index is used for multiple
lists it does not seem quite appropriate

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
---
 tests/scripts/test_translate_ciphers_names.py | 49 +++++++++++++------
 tests/scripts/translate_ciphers.py            | 43 +++++++++-------
 2 files changed, 61 insertions(+), 31 deletions(-)

diff --git a/tests/scripts/test_translate_ciphers_names.py b/tests/scripts/test_translate_ciphers_names.py
index f6cfa6db5a..c40d376974 100755
--- a/tests/scripts/test_translate_ciphers_names.py
+++ b/tests/scripts/test_translate_ciphers_names.py
@@ -17,21 +17,32 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
-# Purpose
-#
-# Test translate_ciphers.py by running every MBedTLS ciphersuite name
-# combination through the translate functions and comparing them to their
-# correct GNUTLS or OpenSSL counterpart.
 
-from translate_ciphers import *
+"""
+Test translate_ciphers.py by running every MBedTLS ciphersuite name
+combination through the translate functions and comparing them to their
+correct GNUTLS or OpenSSL counterpart.
+"""
+
+from translate_ciphers import translate_gnutls, translate_ossl
 
 def assert_equal(translate, original):
+    """
+    Compare the translated ciphersuite name against the original
+    On fail, print the mismatch on the screen to directly compare the
+    differences
+    """
     try:
-        assert(translate == original)
+        assert translate == original
     except AssertionError:
         print("%s\n%s\n" %(translate, original))
 
 def test_all_common():
+    """
+    Translate the MBedTLS ciphersuite names to the common OpenSSL and
+    GnuTLS ciphersite names, and compare them with the true, expected
+    corresponding OpenSSL and GnuTLS ciphersuite names
+    """
     m_ciphers = [
         "TLS-ECDHE-ECDSA-WITH-NULL-SHA",
         "TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA",
@@ -172,15 +183,20 @@ def test_all_common():
         "PSK-AES256-CBC-SHA",
     ]
 
-    for i in range(len(m_ciphers)):
+    for i, m_cipher in enumerate(m_ciphers):
 
-        g = translate_gnutls(m_ciphers[i])
+        g = translate_gnutls(m_cipher)
         assert_equal(g, g_ciphers[i])
 
-        o = translate_ossl(m_ciphers[i])
+        o = translate_ossl(m_cipher)
         assert_equal(o, o_ciphers[i])
 
 def test_mbedtls_ossl_common():
+    """
+    Translate the MBedTLS ciphersuite names to the common OpenSSL
+    ciphersite names, and compare them with the true, expected
+    corresponding OpenSSL ciphersuite name
+    """
     m_ciphers = [
         "TLS-ECDH-ECDSA-WITH-NULL-SHA",
         "TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA",
@@ -250,12 +266,17 @@ def test_mbedtls_ossl_common():
         "DHE-PSK-CHACHA20-POLY1305",
     ]
 
-    for i in range(len(m_ciphers)):
+    for i, m_cipher in enumerate(m_ciphers):
 
-        o = translate_ossl(m_ciphers[i])
+        o = translate_ossl(m_cipher)
         assert_equal(o, o_ciphers[i])
 
 def test_mbedtls_gnutls_common():
+    """
+    Translate the MBedTLS ciphersuite names to the common GnuTLS
+    ciphersite names, and compare them with the true, expected
+    corresponding GnuTLS ciphersuite names
+    """
     m_ciphers = [
         "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
         "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
@@ -435,9 +456,9 @@ def test_mbedtls_gnutls_common():
         "+RSA-PSK:+AES-128-GCM:+AEAD",
     ]
 
-    for i in range(len(m_ciphers)):
+    for i, m_ciphers in enumerate(m_ciphers):
 
-        g = translate_gnutls(m_ciphers[i])
+        g = translate_gnutls(m_ciphers)
         assert_equal(g, g_ciphers[i])
 
 test_all_common()
diff --git a/tests/scripts/translate_ciphers.py b/tests/scripts/translate_ciphers.py
index 2f1543c045..66c878ac39 100755
--- a/tests/scripts/translate_ciphers.py
+++ b/tests/scripts/translate_ciphers.py
@@ -16,23 +16,27 @@
 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-#
-# Purpose
-#
-# Translate ciphersuite names in MBedTLS format to OpenSSL and GNUTLS
-# standards.
-#
-# Format and analyse strings past in via input arguments to match
-# the expected strings utilised in compat.sh.
-#
-# sys.argv[1] should be "g" or "o" for GNUTLS or OpenSSL.
-# sys.argv[2] should be a string containing one or more
-# ciphersuite names.
+
+"""
+Translate ciphersuite names in MBedTLS format to OpenSSL and GNUTLS
+standards.
+
+Format and analyse strings past in via input arguments to match
+the expected strings utilised in compat.sh.
+
+sys.argv[1] should be "g" or "o" for GNUTLS or OpenSSL.
+sys.argv[2] should be a string containing one or more ciphersuite names.
+"""
 
 import re
 import sys
 
 def translate_gnutls(m_cipher):
+    """
+    Translate m_cipher from MBedTLS ciphersuite naming convention
+    and return the GnuTLS naming convention
+    """
+
     # Remove "TLS-"
     # Replace "-WITH-" with ":+"
     # Remove "EDE"
@@ -51,13 +55,18 @@ def translate_gnutls(m_cipher):
     # Replace the last "-" with ":+"
     # Replace "GCM:+SHAxyz" with "GCM:+AEAD"
     else:
-        index=m_cipher.rindex("-")
+        index = m_cipher.rindex("-")
         m_cipher = m_cipher[:index]+":+"+m_cipher[index+1:]
         m_cipher = re.sub(r"GCM\:\+SHA\d\d\d", "GCM:+AEAD", m_cipher)
 
     return m_cipher
 
 def translate_ossl(m_cipher):
+    """
+    Translate m_cipher from MBedTLS ciphersuite naming convention
+    and return the OpenSSL naming convention
+    """
+
     # Remove "TLS-"
     # Remove "WITH"
     m_cipher = m_cipher[4:]
@@ -89,7 +98,7 @@ def translate_ossl(m_cipher):
     # POLY1305 should not be followed by anything
     if "POLY1305" in m_cipher:
         index = m_cipher.rindex("POLY1305")
-        m_cipher=m_cipher[:index+8]
+        m_cipher = m_cipher[:index+8]
 
     # If DES is being used, Replace DHE with EDH
     if "DES" in m_cipher and "DHE" in m_cipher and "ECDHE" not in m_cipher:
@@ -101,9 +110,9 @@ def format_ciphersuite_names(mode, ciphers):
     try:
         t = {"g": translate_gnutls, "o": translate_ossl}[mode]
         return " ".join(t(c) for c in ciphers.split())
-    except Exception as E:
-        if E != mode: print(E)
-        else: print("Incorrect use of argument 1, should be either \"g\" or \"o\"")
+    except (KeyError) as e:
+        print(e)
+        print("Incorrect use of argument 1, should be either \"g\" or \"o\"")
         sys.exit(1)
 
 def main():

From a56e10db4ccc2ce71a2b27b3ebd019a6f6503665 Mon Sep 17 00:00:00 2001
From: Joe Subbiani <joe.subbiani@arm.com>
Date: Thu, 29 Jul 2021 10:01:26 +0100
Subject: [PATCH 397/966] Run test_translate_ciphers_format.sh from root

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
---
 tests/scripts/test_translate_ciphers_format.sh | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/tests/scripts/test_translate_ciphers_format.sh b/tests/scripts/test_translate_ciphers_format.sh
index 97a6c23c70..6f1bdd08be 100755
--- a/tests/scripts/test_translate_ciphers_format.sh
+++ b/tests/scripts/test_translate_ciphers_format.sh
@@ -29,6 +29,11 @@
 # This files main purpose is to ensure translate_ciphers.py can take strings
 # in the expected format and return them in the format compat.sh will expect.
 
+if cd $( dirname $0 ); then :; else
+    echo "cd $( dirname $0 ) failed" >&2
+    exit 1
+fi
+
 # Ciphers that will use translate_ciphers.py
 M_CIPHERS=""
 O_CIPHERS=""

From 3eac5b9c6ded3797c595d447ebd14ee74452c776 Mon Sep 17 00:00:00 2001
From: Joe Subbiani <joe.subbiani@arm.com>
Date: Thu, 29 Jul 2021 10:07:05 +0100
Subject: [PATCH 398/966] Use zip rather than enumerate

After improving coding style, pylint suggeted using enumerate but
zip is more appropriate to avoid indexing

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
---
 tests/scripts/test_translate_ciphers_names.py | 22 +++++++++----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/tests/scripts/test_translate_ciphers_names.py b/tests/scripts/test_translate_ciphers_names.py
index c40d376974..84bcc9931d 100755
--- a/tests/scripts/test_translate_ciphers_names.py
+++ b/tests/scripts/test_translate_ciphers_names.py
@@ -183,13 +183,13 @@ def test_all_common():
         "PSK-AES256-CBC-SHA",
     ]
 
-    for i, m_cipher in enumerate(m_ciphers):
+    for m, g_exp, o_exp in zip(m_ciphers, g_ciphers, o_ciphers):
 
-        g = translate_gnutls(m_cipher)
-        assert_equal(g, g_ciphers[i])
+        g = translate_gnutls(m)
+        assert_equal(g, g_exp)
 
-        o = translate_ossl(m_cipher)
-        assert_equal(o, o_ciphers[i])
+        o = translate_ossl(m)
+        assert_equal(o, o_exp)
 
 def test_mbedtls_ossl_common():
     """
@@ -266,10 +266,10 @@ def test_mbedtls_ossl_common():
         "DHE-PSK-CHACHA20-POLY1305",
     ]
 
-    for i, m_cipher in enumerate(m_ciphers):
+    for m, o_exp in zip(m_ciphers, o_ciphers):
 
-        o = translate_ossl(m_cipher)
-        assert_equal(o, o_ciphers[i])
+        o = translate_ossl(m)
+        assert_equal(o, o_exp)
 
 def test_mbedtls_gnutls_common():
     """
@@ -456,10 +456,10 @@ def test_mbedtls_gnutls_common():
         "+RSA-PSK:+AES-128-GCM:+AEAD",
     ]
 
-    for i, m_ciphers in enumerate(m_ciphers):
+    for m, g_exp in zip(m_ciphers, g_ciphers):
 
-        g = translate_gnutls(m_ciphers)
-        assert_equal(g, g_ciphers[i])
+        g = translate_gnutls(m)
+        assert_equal(g, g_exp)
 
 test_all_common()
 test_mbedtls_ossl_common()

From beb3f41f2f528277d86840ec7bdbefce8d7194cd Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Mon, 16 Aug 2021 15:00:55 +0800
Subject: [PATCH 399/966] Add handshake_set_state helper function

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_misc.h | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index b4f841a373..36754a3237 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -1323,4 +1323,14 @@ static inline int mbedtls_ssl_conf_is_hybrid_tls12_tls13( const mbedtls_ssl_conf
 }
 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL*/
 
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+
+static inline void mbedtls_ssl_handshake_set_state( mbedtls_ssl_context* ssl,
+    int state )
+{
+    ssl->state = state;
+}
+
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
+
 #endif /* ssl_misc.h */

From a13c7e739cf3200d4784e1fbbf1b0412d9aee467 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Tue, 17 Aug 2021 10:44:40 +0800
Subject: [PATCH 400/966] add dummy client hello process

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 include/mbedtls/ssl.h      |  3 +++
 library/ssl_tls13_client.c | 51 ++++++++++++++++++++++++++++++++++++--
 2 files changed, 52 insertions(+), 2 deletions(-)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 2909dc8e5b..54be3a5b9f 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -573,6 +573,9 @@ typedef enum
     MBEDTLS_SSL_HANDSHAKE_OVER,
     MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET,
     MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT,
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+    MBEDTLS_SSL_ENCRYPTED_EXTENSIONS,
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
 }
 mbedtls_ssl_states;
 
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 368b5572db..d619d80ed9 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -26,11 +26,58 @@
 #if defined(MBEDTLS_SSL_CLI_C)
 
 #include "ssl_misc.h"
+#include <mbedtls/debug.h>
+
+static int ssl_client_hello_process( mbedtls_ssl_context* ssl );
 
 int mbedtls_ssl_handshake_client_step_tls1_3( mbedtls_ssl_context *ssl )
 {
-    ((void) ssl);
-    return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+    int ret = 0;
+
+    if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER || ssl->handshake == NULL )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "Handshake completed but ssl->handshake is NULL.\n" ) );
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    }
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "client state: %d", ssl->state ) );
+
+    switch( ssl->state )
+    {
+        case MBEDTLS_SSL_HELLO_REQUEST:
+            mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_HELLO );
+            break;
+
+        case MBEDTLS_SSL_CLIENT_HELLO:
+            ret = ssl_client_hello_process( ssl );
+            break;
+
+        case MBEDTLS_SSL_SERVER_HELLO:
+            // Stop here : we haven't finished whole flow
+            ret=MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
+            mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS );
+            break;
+
+        default:
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid state %d", ssl->state ) );
+            return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    }
+
+    return( ret );
+}
+
+static int ssl_client_hello_process( mbedtls_ssl_context* ssl )
+{
+    int ret = 0;
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write client hello" ) );
+
+    mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_HELLO );
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write client hello" ) );
+    /* client_hello_process haven't finished */
+    ret=MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
+    return ret;
 }
 
 #endif /* MBEDTLS_SSL_CLI_C */

From 65dd2ccfe696d6cfaecfc376038db1d71dc1c28e Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Wed, 18 Aug 2021 16:38:40 +0800
Subject: [PATCH 401/966] Add dummy stages for `client_hello_process`

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/CMakeLists.txt      |  1 +
 library/Makefile            |  1 +
 library/ssl_misc.h          | 37 ++++++++++++++++++++
 library/ssl_tls13_client.c  | 54 ++++++++++++++++++++++++++++++
 library/ssl_tls13_generic.c | 67 +++++++++++++++++++++++++++++++++++++
 5 files changed, 160 insertions(+)
 create mode 100644 library/ssl_tls13_generic.c

diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index 5adc128c96..a5d692cbe4 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -106,6 +106,7 @@ set(src_tls
     ssl_tls13_keys.c
     ssl_tls13_server.c
     ssl_tls13_client.c
+    ssl_tls13_generic.c
 )
 
 if(CMAKE_COMPILER_IS_GNUCC)
diff --git a/library/Makefile b/library/Makefile
index 8c58fb8501..13cd7db0c6 100644
--- a/library/Makefile
+++ b/library/Makefile
@@ -169,6 +169,7 @@ OBJS_TLS= \
 	  ssl_tls13_keys.o \
 	  ssl_tls13_client.o \
 	  ssl_tls13_server.o \
+	  ssl_tls13_generic.o \
 	  # This line is intentionally left blank
 
 .SILENT:
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 36754a3237..4c3f6c0d5e 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -26,6 +26,7 @@
 
 #include "mbedtls/ssl.h"
 #include "mbedtls/cipher.h"
+#include "mbedtls/debug.h"
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
 #include "psa/crypto.h"
@@ -102,6 +103,30 @@
 #define MBEDTLS_SSL_RENEGOTIATION_DONE          2   /* Done or aborted */
 #define MBEDTLS_SSL_RENEGOTIATION_PENDING       3   /* Requested (server only) */
 
+#define MBEDTLS_SSL_PROC_STRIP_PARENS( ... )   __VA_ARGS__
+
+#define MBEDTLS_SSL_PROC_CHK( fn, args )                        \
+    do {                                                        \
+        ret = fn(MBEDTLS_SSL_PROC_STRIP_PARENS args);           \
+        if( ret != 0 )                                          \
+        {                                                       \
+            if( ret > 0 )                                       \
+                ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;           \
+            MBEDTLS_SSL_DEBUG_RET( 1, #fn, ret );               \
+            goto cleanup;                                       \
+        }                                                       \
+    } while( 0 )
+
+#define MBEDTLS_SSL_PROC_CHK_NEG( fn, args )                    \
+    do {                                                        \
+        ret = fn(MBEDTLS_SSL_PROC_STRIP_PARENS args);           \
+        if( ret < 0 )                                           \
+        {                                                       \
+            MBEDTLS_SSL_DEBUG_RET( 1, #fn, ret );               \
+            goto cleanup;                                       \
+        }                                                       \
+    } while( 0 )
+
 /*
  * DTLS retransmission states, see RFC 6347 4.2.4
  *
@@ -1331,6 +1356,18 @@ static inline void mbedtls_ssl_handshake_set_state( mbedtls_ssl_context* ssl,
     ssl->state = state;
 }
 
+int mbedtls_ssl_start_handshake_msg( mbedtls_ssl_context *ssl,
+                                     unsigned hs_type,
+                                     unsigned char **buf,
+                                     size_t *buflen );
+int mbedtls_ssl_finish_handshake_msg( mbedtls_ssl_context *ssl,
+                                      size_t buf_len,
+                                      size_t msg_len );
+void mbedtls_ssl_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl,
+                                         unsigned hs_type,
+                                         size_t total_hs_len );
+
+
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
 
 #endif /* ssl_misc.h */
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index d619d80ed9..46c071b6bb 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -28,6 +28,7 @@
 #include "ssl_misc.h"
 #include <mbedtls/debug.h>
 
+/* Main entry point; orchestrates the other functions */
 static int ssl_client_hello_process( mbedtls_ssl_context* ssl );
 
 int mbedtls_ssl_handshake_client_step_tls1_3( mbedtls_ssl_context *ssl )
@@ -66,20 +67,73 @@ int mbedtls_ssl_handshake_client_step_tls1_3( mbedtls_ssl_context *ssl )
     return( ret );
 }
 
+
+static int ssl_client_hello_prepare( mbedtls_ssl_context* ssl );
+static int ssl_client_hello_write_partial( mbedtls_ssl_context* ssl,
+                                           unsigned char* buf, size_t buflen,
+                                           size_t* len_without_binders,
+                                           size_t* len_with_binders );
+static int ssl_client_hello_postprocess( mbedtls_ssl_context* ssl );
+
 static int ssl_client_hello_process( mbedtls_ssl_context* ssl )
 {
     int ret = 0;
+    unsigned char *buf;
+    size_t buf_len, msg_len;
+    size_t len_without_binders = 0;
 
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write client hello" ) );
 
+    MBEDTLS_SSL_PROC_CHK( ssl_client_hello_prepare, ( ssl ) );
+
+    MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_start_handshake_msg, ( ssl,
+                 MBEDTLS_SSL_HS_CLIENT_HELLO, &buf, &buf_len ) );
+
+    MBEDTLS_SSL_PROC_CHK( ssl_client_hello_write_partial, ( ssl, buf, buf_len,
+                                                  &len_without_binders,
+                                                  &msg_len ) );
+
+    mbedtls_ssl_add_hs_hdr_to_checksum( ssl, MBEDTLS_SSL_HS_CLIENT_HELLO,
+                                        msg_len );
+    ssl->handshake->update_checksum( ssl, buf, len_without_binders );
+
+    MBEDTLS_SSL_PROC_CHK( ssl_client_hello_postprocess, ( ssl ) );
+    MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_finish_handshake_msg, ( ssl, buf_len, msg_len ) );
     mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_HELLO );
 
+cleanup:
+
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write client hello" ) );
     /* client_hello_process haven't finished */
     ret=MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
     return ret;
 }
 
+static int ssl_client_hello_prepare( mbedtls_ssl_context* ssl )
+{
+    ((void) ssl);
+    return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+}
+
+static int ssl_client_hello_write_partial( mbedtls_ssl_context* ssl,
+                                           unsigned char* buf, size_t buflen,
+                                           size_t* len_without_binders,
+                                           size_t* len_with_binders )
+{
+    ((void) ssl);
+    ((void) buf);
+    ((void) buflen);
+    ((void) len_without_binders);
+    ((void) len_with_binders);
+    return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+}
+
+static int ssl_client_hello_postprocess( mbedtls_ssl_context* ssl )
+{
+    ((void) ssl);
+    return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+}
+
 #endif /* MBEDTLS_SSL_CLI_C */
 
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
new file mode 100644
index 0000000000..51c8fe3bd5
--- /dev/null
+++ b/library/ssl_tls13_generic.c
@@ -0,0 +1,67 @@
+/*
+ *  TLS 1.3 functionality shared between client and server
+ *
+ *  Copyright The Mbed TLS Contributors
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+#include "common.h"
+
+#if defined(MBEDTLS_SSL_TLS_C)
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+
+#include "ssl_misc.h"
+
+int mbedtls_ssl_start_handshake_msg( mbedtls_ssl_context *ssl,
+                                     unsigned hs_type,
+                                     unsigned char **buf,
+                                     size_t *buflen )
+{
+    ((void) ssl);
+    ((void) hs_type);
+    ((void) buf);
+    ((void) buflen);
+    return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+}
+
+int mbedtls_ssl_finish_handshake_msg( mbedtls_ssl_context *ssl,
+                                      size_t buf_len,
+                                      size_t msg_len )
+{
+    ((void) ssl);
+    ((void) buf_len);
+    ((void) msg_len);
+    return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+}
+
+void mbedtls_ssl_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl,
+                                         unsigned hs_type,
+                                         size_t total_hs_len )
+{
+    unsigned char hs_hdr[4];
+
+    /* Build HS header for checksum update. */
+    hs_hdr[0] = hs_type;
+    hs_hdr[1] = (unsigned char)( total_hs_len >> 16 );
+    hs_hdr[2] = (unsigned char)( total_hs_len >>  8 );
+    hs_hdr[3] = (unsigned char)( total_hs_len >>  0 );
+
+    ssl->handshake->update_checksum( ssl, hs_hdr, sizeof( hs_hdr ) );
+}
+
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
+
+#endif /* MBEDTLS_SSL_TLS_C */

From c8a392c47e1c71b67b90c47f509f47fc57cefdc9 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Wed, 18 Aug 2021 16:46:28 +0800
Subject: [PATCH 402/966] Implement stages except write_partial

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_tls13_client.c  | 34 ++++++++++++++++++++++++++--------
 library/ssl_tls13_generic.c | 24 ++++++++++++++++--------
 2 files changed, 42 insertions(+), 16 deletions(-)

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 46c071b6bb..b06147c0c9 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -99,7 +99,6 @@ static int ssl_client_hello_process( mbedtls_ssl_context* ssl )
 
     MBEDTLS_SSL_PROC_CHK( ssl_client_hello_postprocess, ( ssl ) );
     MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_finish_handshake_msg, ( ssl, buf_len, msg_len ) );
-    mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_HELLO );
 
 cleanup:
 
@@ -111,8 +110,31 @@ cleanup:
 
 static int ssl_client_hello_prepare( mbedtls_ssl_context* ssl )
 {
-    ((void) ssl);
-    return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+    int ret;
+    size_t rand_bytes_len;
+
+    if( ssl->conf->f_rng == NULL )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "no RNG provided" ) );
+        return( MBEDTLS_ERR_SSL_NO_RNG );
+    }
+
+    rand_bytes_len = 32;
+
+    if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, ssl->handshake->randbytes, rand_bytes_len ) ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "ssl_generate_random", ret );
+        return( ret );
+    }
+
+    return( 0 );
+}
+
+static int ssl_client_hello_postprocess( mbedtls_ssl_context* ssl )
+{
+    mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_HELLO );
+
+    return( 0 );
 }
 
 static int ssl_client_hello_write_partial( mbedtls_ssl_context* ssl,
@@ -128,11 +150,7 @@ static int ssl_client_hello_write_partial( mbedtls_ssl_context* ssl,
     return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
 }
 
-static int ssl_client_hello_postprocess( mbedtls_ssl_context* ssl )
-{
-    ((void) ssl);
-    return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
-}
+
 
 #endif /* MBEDTLS_SSL_CLI_C */
 
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 51c8fe3bd5..5aa5d8a014 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -23,6 +23,8 @@
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
 
+#include "mbedtls/error.h"
+
 #include "ssl_misc.h"
 
 int mbedtls_ssl_start_handshake_msg( mbedtls_ssl_context *ssl,
@@ -30,21 +32,27 @@ int mbedtls_ssl_start_handshake_msg( mbedtls_ssl_context *ssl,
                                      unsigned char **buf,
                                      size_t *buflen )
 {
-    ((void) ssl);
-    ((void) hs_type);
-    ((void) buf);
-    ((void) buflen);
-    return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+    *buf = ssl->out_msg + 4;
+    *buflen = MBEDTLS_SSL_OUT_CONTENT_LEN - 4;
+
+    ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
+    ssl->out_msg[0]  = hs_type;
+
+    return( 0 );
 }
 
 int mbedtls_ssl_finish_handshake_msg( mbedtls_ssl_context *ssl,
                                       size_t buf_len,
                                       size_t msg_len )
 {
-    ((void) ssl);
+    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     ((void) buf_len);
-    ((void) msg_len);
-    return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+
+    ssl->out_msglen = msg_len + 4;
+    MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_write_handshake_msg_ext, ( ssl, 0 ) );
+
+cleanup:
+    return( ret );
 }
 
 void mbedtls_ssl_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl,

From 93bcd61a414c9e320b149a9d1e66009cd94dfd87 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Wed, 18 Aug 2021 12:47:24 +0800
Subject: [PATCH 403/966] Add field into handshake params

Add `extensions_present` field. It represents
which are present.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_misc.h | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 4c3f6c0d5e..5f15b8da77 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -103,6 +103,21 @@
 #define MBEDTLS_SSL_RENEGOTIATION_DONE          2   /* Done or aborted */
 #define MBEDTLS_SSL_RENEGOTIATION_PENDING       3   /* Requested (server only) */
 
+/* List of extensions used in extensions_present of mbedtls_ssl_handshake_params */
+#define MBEDTLS_SSL_EXT_NONE                      0
+#define MBEDTLS_SSL_EXT_PRE_SHARED_KEY            ( 1 <<  0 )
+#define MBEDTLS_SSL_EXT_KEY_SHARE                 ( 1 <<  1 )
+#define MBEDTLS_SSL_EXT_SIGNATURE_ALGORITHM       ( 1 <<  2 )
+#define MBEDTLS_SSL_EXT_SUPPORTED_GROUPS          ( 1 <<  3 )
+#define MBEDTLS_SSL_EXT_MAX_FRAGMENT_LENGTH       ( 1 <<  4 )
+#define MBEDTLS_SSL_EXT_ALPN                      ( 1 <<  5 )
+#define MBEDTLS_SSL_EXT_SUPPORTED_VERSION         ( 1 <<  6 )
+#define MBEDTLS_SSL_EXT_PSK_KEY_EXCHANGE_MODES    ( 1 <<  7 )
+#define MBEDTLS_SSL_EXT_EARLY_DATA                ( 1 <<  8 )
+#define MBEDTLS_SSL_EXT_SERVERNAME                ( 1 <<  9 )
+#define MBEDTLS_SSL_EXT_COOKIE                    ( 1 << 10 )
+#define MBEDTLS_SSL_EXT_CID                       ( 1 << 11 )
+
 #define MBEDTLS_SSL_PROC_STRIP_PARENS( ... )   __VA_ARGS__
 
 #define MBEDTLS_SSL_PROC_CHK( fn, args )                        \
@@ -631,6 +646,9 @@ struct mbedtls_ssl_handshake_params
     int max_major_ver;                  /*!< max. major version client*/
     int max_minor_ver;                  /*!< max. minor version client*/
     int cli_exts;                       /*!< client extension presence*/
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+    int extensions_present;             /*!< extension presence; Each bitfield represents an extension and defined as \c MBEDTLS_SSL_EXT_XXX */
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
 
 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
     int new_session_ticket;             /*!< use NewSessionTicket?    */

From 7984d9931e549d040a75b964dd8a24dfd96f0b3d Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Wed, 18 Aug 2021 10:31:29 +0800
Subject: [PATCH 404/966] Add tls1.3 extension IANA values

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 include/mbedtls/ssl.h | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 54be3a5b9f..f988c0d8f1 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -474,6 +474,8 @@
 #define MBEDTLS_TLS_EXT_TRUNCATED_HMAC               4
 
 #define MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES   10
+#define MBEDTLS_TLS_EXT_SUPPORTED_GROUPS            10 /* Renamed in TLS 1.3 */
+
 #define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS     11
 
 #define MBEDTLS_TLS_EXT_SIG_ALG                     13
@@ -487,6 +489,15 @@
 
 #define MBEDTLS_TLS_EXT_SESSION_TICKET              35
 
+/* TLS 1.3 */
+#define MBEDTLS_TLS_EXT_PRE_SHARED_KEY              41
+#define MBEDTLS_TLS_EXT_EARLY_DATA                  42
+#define MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS          43
+#define MBEDTLS_TLS_EXT_COOKIE                      44
+#define MBEDTLS_TLS_EXT_PSK_KEY_EXCHANGE_MODES      45
+
+#define MBEDTLS_TLS_EXT_KEY_SHARES                  51
+
 /* The value of the CID extension is still TBD as of
  * draft-ietf-tls-dtls-connection-id-05
  * (https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05).

From bc20bdd3a9f271ac0605716714111090436d18d9 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Tue, 24 Aug 2021 15:59:48 +0800
Subject: [PATCH 405/966] Implement write_partial with dummy exts

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_misc.h          |   3 +
 library/ssl_tls13_client.c  | 293 +++++++++++++++++++++++++++++++++++-
 library/ssl_tls13_generic.c |  34 +++++
 3 files changed, 327 insertions(+), 3 deletions(-)

diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 5f15b8da77..dfb5634974 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -1385,6 +1385,9 @@ void mbedtls_ssl_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl,
                                          unsigned hs_type,
                                          size_t total_hs_len );
 
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+int mbedtls_ssl_write_signature_algorithms_ext(mbedtls_ssl_context* ssl, unsigned char* buf, unsigned char* end, size_t* olen);
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
 
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
 
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index b06147c0c9..fbc8fd5fb4 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -25,6 +25,8 @@
 
 #if defined(MBEDTLS_SSL_CLI_C)
 
+#include <string.h>
+
 #include "ssl_misc.h"
 #include <mbedtls/debug.h>
 
@@ -137,20 +139,305 @@ static int ssl_client_hello_postprocess( mbedtls_ssl_context* ssl )
     return( 0 );
 }
 
+/* Write extensions */
+
+static void ssl_write_supported_versions_ext( mbedtls_ssl_context *ssl,
+                                             unsigned char* buf,
+                                             unsigned char* end,
+                                             size_t* olen );
+
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+
+static int ssl_write_supported_groups_ext( mbedtls_ssl_context *ssl,
+                                          unsigned char* buf,
+                                          unsigned char* end,
+                                          size_t* olen );
+
+static int ssl_write_key_shares_ext( mbedtls_ssl_context *ssl,
+                                     unsigned char* buf,
+                                     unsigned char* end,
+                                     size_t* olen );
+
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+
 static int ssl_client_hello_write_partial( mbedtls_ssl_context* ssl,
                                            unsigned char* buf, size_t buflen,
                                            size_t* len_without_binders,
                                            size_t* len_with_binders )
+{
+     /* Extensions */
+
+    /* extension_start
+     *    Used during extension writing where the
+     *    buffer pointer to the beginning of the
+     *    extension list must be kept to write
+     *    the total extension list size in the end.
+     */
+
+    int ret;
+    unsigned char* extension_start;
+    size_t cur_ext_len;          /* Size of the current extension */
+    size_t total_ext_len;        /* Size of list of extensions    */
+
+    /* Length information */
+    size_t rand_bytes_len;
+    size_t version_len;
+
+    /* Buffer management */
+    unsigned char* start = buf;
+    unsigned char* end = buf + buflen;
+
+    /* Ciphersuite-related variables */
+    const int* ciphersuites;
+    const mbedtls_ssl_ciphersuite_t* ciphersuite_info;
+    size_t i; /* used to iterate through ciphersuite list */
+    /* ciphersuite_start points to the start of the ciphersuite list, i.e. to the length field*/
+    unsigned char* ciphersuite_start;
+    size_t ciphersuite_count;
+
+    /* Keeping track of the included extensions */
+    ssl->handshake->extensions_present = MBEDTLS_SSL_EXT_NONE;
+
+    rand_bytes_len = 32;
+
+    /* NOTE:
+     * Even for DTLS 1.3, we are writing a TLS handshake header here.
+     * The actual DTLS 1.3 handshake header is inserted in
+     * the record writing routine mbedtls_ssl_write_record().
+     *
+     * For cTLS the length, and the version field
+     * are elided. The random bytes are shorter.
+     */
+    version_len = 2;
+
+    if( ssl->conf->max_major_ver == 0 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "configured max major version is invalid, "
+                                    "consider using mbedtls_ssl_config_defaults()" ) );
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    }
+
+    ssl->major_ver = ssl->conf->min_major_ver;
+    ssl->minor_ver = ssl->conf->min_minor_ver;
+
+    /* For TLS 1.3 we use the legacy version number {0x03, 0x03}
+     *  instead of the true version number.
+     *
+     *  For DTLS 1.3 we use the legacy version number
+     *  {254,253}.
+     *
+     *  In cTLS the version number is elided.
+     */
+    *buf++ = 0x03;
+    *buf++ = 0x03;
+    buflen -= version_len;
+
+    /* Write random bytes */
+    memcpy( buf, ssl->handshake->randbytes, rand_bytes_len );
+    MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, random bytes", buf, rand_bytes_len );
+
+    buf += rand_bytes_len;
+    buflen -= rand_bytes_len;
+
+    /* Versions of TLS before TLS 1.3 supported a
+     * "session resumption" feature which has been merged with pre-shared
+     * keys in this version. A client which has a
+     * cached session ID set by a pre-TLS 1.3 server SHOULD set this
+     * field to that value. In compatibility mode,
+     * this field MUST be non-empty, so a client not offering a
+     * pre-TLS 1.3 session MUST generate a new 32-byte value. This value
+     * need not be random but SHOULD be unpredictable to avoid
+     * implementations fixating on a specific value ( also known as
+     * ossification ). Otherwise, it MUST be set as a zero-length vector
+     * ( i.e., a zero-valued single byte length field ).
+     */
+    if( buflen < 1 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small to hold ClientHello" ) );
+        return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+    }
+
+    *buf++ = 0; /* session id length set to zero */
+    buflen -= 1;
+
+    /*
+     * Ciphersuite list
+     *
+     * This is a list of the symmetric cipher options supported by
+     * the client, specifically the record protection algorithm
+     * ( including secret key length ) and a hash to be used with
+     * HKDF, in descending order of client preference.
+     */
+    ciphersuites = ssl->conf->ciphersuite_list;
+
+    if( buflen < 2 /* for ciphersuite list length */ )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small to hold ClientHello" ) );
+        return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+    }
+
+    /* Skip writing ciphersuite length for now */
+    ciphersuite_count = 0;
+    ciphersuite_start = buf;
+    buf += 2;
+    buflen -= 2;
+
+    for ( i = 0; ciphersuites[i] != 0; i++ )
+    {
+        ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( ciphersuites[i] );
+
+        if( ciphersuite_info == NULL )
+            continue;
+
+        if( ciphersuite_info->min_minor_ver != MBEDTLS_SSL_MINOR_VERSION_4 ||
+            ciphersuite_info->max_minor_ver != MBEDTLS_SSL_MINOR_VERSION_4 )
+            continue;
+
+        MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, add ciphersuite: %04x, %s",
+                                    (unsigned int) ciphersuites[i], ciphersuite_info->name ) );
+
+        ciphersuite_count++;
+
+        if( buflen < 2 /* for ciphersuite list length */ )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small to hold ClientHello" ) );
+            return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+        }
+
+        *buf++ = (unsigned char)( ciphersuites[i] >> 8 );
+        *buf++ = (unsigned char)( ciphersuites[i] );
+
+        buflen -= 2;
+
+    }
+
+    /* write ciphersuite length now */
+    *ciphersuite_start++ = (unsigned char)( ciphersuite_count*2 >> 8 );
+    *ciphersuite_start++ = (unsigned char)( ciphersuite_count*2 );
+
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, got %" MBEDTLS_PRINTF_SIZET " ciphersuites", ciphersuite_count ) );
+
+    /* For every TLS 1.3 ClientHello, this vector MUST contain exactly
+     * one byte set to zero, which corresponds to the 'null' compression
+     * method in prior versions of TLS.
+     *
+     * For cTLS this field is elided.
+     */
+    if( buflen < 2 /* for ciphersuite list length */ )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small to hold ClientHello" ) );
+        return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+    }
+
+    *buf++ = 1;
+    *buf++ = MBEDTLS_SSL_COMPRESS_NULL;
+
+    buflen -= 2;
+
+    /* First write extensions, then the total length */
+    extension_start = buf;
+    total_ext_len = 0;
+    buf += 2;
+
+    /* Supported Versions Extension is mandatory with TLS 1.3.
+     *
+     * For cTLS we only need to provide it if there is more than one version
+     * and currently there is only one.
+     */
+    ssl_write_supported_versions_ext( ssl, buf, end, &cur_ext_len );
+    total_ext_len += cur_ext_len;
+    buf += cur_ext_len;
+
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+    /* The supported_groups and the key_share extensions are
+     * REQUIRED for ECDHE ciphersuites.
+     */
+    ret = ssl_write_supported_groups_ext( ssl, buf, end, &cur_ext_len );
+    if( ret != 0 )
+        return( ret );
+
+    total_ext_len += cur_ext_len;
+    buf += cur_ext_len;
+
+    /* The supported_signature_algorithms extension is REQUIRED for
+     * certificate authenticated ciphersuites. */
+    ret = mbedtls_ssl_write_signature_algorithms_ext( ssl, buf, end, &cur_ext_len );
+    if( ret != 0 )
+        return( ret );
+
+    total_ext_len += cur_ext_len;
+    buf += cur_ext_len;
+
+    /* We need to send the key shares under three conditions:
+     * 1 ) A certificate-based ciphersuite is being offered. In this case
+     *    supported_groups and supported_signature extensions have been successfully added.
+     * 2 ) A PSK-based ciphersuite with ECDHE is offered. In this case the
+     *    psk_key_exchange_modes has been added as the last extension.
+     * 3 ) Or, in case all ciphers are supported ( which includes #1 and #2 from above )
+     */
+
+    ret = ssl_write_key_shares_ext( ssl, buf, end, &cur_ext_len );
+    if( ret != 0 )
+        return( ret );
+
+    total_ext_len += cur_ext_len;
+    buf += cur_ext_len;
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+
+    /* Add more extensions here */
+
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, total extension length: %" MBEDTLS_PRINTF_SIZET ,
+                                total_ext_len ) );
+
+    MBEDTLS_SSL_DEBUG_BUF( 3, "client hello extensions", extension_start, total_ext_len );
+
+    /* Write extension length */
+    *extension_start++ = (unsigned char)( ( total_ext_len >> 8 ) & 0xFF );
+    *extension_start++ = (unsigned char)( ( total_ext_len ) & 0xFF );
+
+    *len_without_binders = buf - start;
+    *len_with_binders = ( extension_start + total_ext_len ) - start;
+    return( 0 );
+}
+
+static void ssl_write_supported_versions_ext( mbedtls_ssl_context *ssl,
+                                             unsigned char* buf,
+                                             unsigned char* end,
+                                             size_t* olen )
 {
     ((void) ssl);
     ((void) buf);
-    ((void) buflen);
-    ((void) len_without_binders);
-    ((void) len_with_binders);
+    ((void) end);
+    ((void) olen);
+}
+
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+
+static int ssl_write_supported_groups_ext( mbedtls_ssl_context *ssl,
+                                          unsigned char* buf,
+                                          unsigned char* end,
+                                          size_t* olen )
+{
+    ((void) ssl);
+    ((void) buf);
+    ((void) end);
+    ((void) olen);
     return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
 }
 
+static int ssl_write_key_shares_ext( mbedtls_ssl_context *ssl,
+                                     unsigned char* buf,
+                                     unsigned char* end,
+                                     size_t* olen )
+{
+    ((void) ssl);
+    ((void) buf);
+    ((void) end);
+    ((void) olen);
+    return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+}
 
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
 
 #endif /* MBEDTLS_SSL_CLI_C */
 
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 5aa5d8a014..7ec7423ea0 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -70,6 +70,40 @@ void mbedtls_ssl_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl,
     ssl->handshake->update_checksum( ssl, hs_hdr, sizeof( hs_hdr ) );
 }
 
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+
+/*
+ * mbedtls_ssl_write_signature_algorithms_ext( )
+ *
+ * enum {
+ *    ....
+ *   ecdsa_secp256r1_sha256( 0x0403 ),
+ *   ecdsa_secp384r1_sha384( 0x0503 ),
+ *   ecdsa_secp521r1_sha512( 0x0603 ),
+ *    ....
+ * } SignatureScheme;
+ *
+ * struct {
+ *    SignatureScheme supported_signature_algorithms<2..2^16-2>;
+ * } SignatureSchemeList;
+ *
+ * Only if we handle at least one key exchange that needs signatures.
+ */
+
+int mbedtls_ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl,
+                                        unsigned char* buf,
+                                        unsigned char* end,
+                                        size_t* olen )
+{
+    ((void) ssl);
+    ((void) buf);
+    ((void) end);
+    ((void) olen);
+    return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+}
+
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
 
 #endif /* MBEDTLS_SSL_TLS_C */

From ef6b36b484ea00bae37c5833d14b15127d76ea98 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Tue, 24 Aug 2021 16:29:02 +0800
Subject: [PATCH 406/966] add supported versions extension

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_tls13_client.c | 42 ++++++++++++++++++++++++++++++++++----
 1 file changed, 38 insertions(+), 4 deletions(-)

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index fbc8fd5fb4..0b10b12f41 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -400,15 +400,49 @@ static int ssl_client_hello_write_partial( mbedtls_ssl_context* ssl,
     return( 0 );
 }
 
+/*
+ * ssl_write_supported_versions_ext():
+ *
+ * struct {
+ *      ProtocolVersion versions<2..254>;
+ * } SupportedVersions;
+ */
 static void ssl_write_supported_versions_ext( mbedtls_ssl_context *ssl,
                                              unsigned char* buf,
                                              unsigned char* end,
                                              size_t* olen )
 {
-    ((void) ssl);
-    ((void) buf);
-    ((void) end);
-    ((void) olen);
+    unsigned char *p = buf;
+
+    *olen = 0;
+
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported version extension" ) );
+
+    if( end < p || (size_t)( end - p ) < 7 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
+        return;
+    }
+
+    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS >> 8 ) & 0xFF );
+    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS ) & 0xFF );
+
+    /* total length */
+    *p++ = 0x00;
+    *p++ = 3;
+
+    /* length of next field */
+    *p++ = 0x2;
+
+    /* This implementation only supports a single TLS version, and only
+     * advertises a single value.
+     */
+    mbedtls_ssl_write_version( ssl->conf->max_major_ver, ssl->conf->max_minor_ver,
+                              ssl->conf->transport, p );
+
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "supported version: [%d:%d]", ssl->conf->max_major_ver, ssl->conf->max_minor_ver ) );
+
+    *olen = 7;
 }
 
 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)

From 32cd5b19dc15ece9669e6e40a1730301082297ff Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Tue, 24 Aug 2021 18:07:13 +0800
Subject: [PATCH 407/966] fix unused variable warning

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_tls13_client.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 0b10b12f41..f6e145b294 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -173,8 +173,9 @@ static int ssl_client_hello_write_partial( mbedtls_ssl_context* ssl,
      *    extension list must be kept to write
      *    the total extension list size in the end.
      */
-
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
     int ret;
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
     unsigned char* extension_start;
     size_t cur_ext_len;          /* Size of the current extension */
     size_t total_ext_len;        /* Size of list of extensions    */

From b3317e1a01d2754e7ca1a9fbfb1566a8b5798d83 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Thu, 26 Aug 2021 14:30:22 +0800
Subject: [PATCH 408/966] Add extension types in rfc8446

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 include/mbedtls/ssl.h | 30 ++++++++++++++++++------------
 1 file changed, 18 insertions(+), 12 deletions(-)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index f988c0d8f1..b7b22c20d4 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -472,31 +472,37 @@
 #define MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH          1
 
 #define MBEDTLS_TLS_EXT_TRUNCATED_HMAC               4
+#define MBEDTLS_TLS_EXT_STATUS_REQUEST               5 /* RFC 8446 TLS 1.3 */
 
 #define MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES   10
-#define MBEDTLS_TLS_EXT_SUPPORTED_GROUPS            10 /* Renamed in TLS 1.3 */
-
+#define MBEDTLS_TLS_EXT_SUPPORTED_GROUPS            10 /* RFC 8446 TLS 1.3 */
 #define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS     11
 
-#define MBEDTLS_TLS_EXT_SIG_ALG                     13
-
+#define MBEDTLS_TLS_EXT_SIG_ALG                     13 /* RFC 8446 TLS 1.3 */
 #define MBEDTLS_TLS_EXT_USE_SRTP                    14
-
+#define MBEDTLS_TLS_EXT_HEARTBEAT                   15 /* RFC 8446 TLS 1.3 */
 #define MBEDTLS_TLS_EXT_ALPN                        16
 
+#define MBEDTLS_TLS_EXT_SCT                         18 /* RFC 8446 TLS 1.3 */
+#define MBEDTLS_TLS_EXT_SERV_CERT_TYPE              19 /* RFC 8446 TLS 1.3 */
+#define MBEDTLS_TLS_EXT_CLI_CERT_TYPE               20 /* RFC 8446 TLS 1.3 */
+#define MBEDTLS_TLS_EXT_PADDING                     21 /* RFC 8446 TLS 1.3 */
 #define MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC            22 /* 0x16 */
 #define MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET  0x0017 /* 23 */
 
 #define MBEDTLS_TLS_EXT_SESSION_TICKET              35
 
-/* TLS 1.3 */
-#define MBEDTLS_TLS_EXT_PRE_SHARED_KEY              41
-#define MBEDTLS_TLS_EXT_EARLY_DATA                  42
-#define MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS          43
-#define MBEDTLS_TLS_EXT_COOKIE                      44
-#define MBEDTLS_TLS_EXT_PSK_KEY_EXCHANGE_MODES      45
+#define MBEDTLS_TLS_EXT_PRE_SHARED_KEY              41 /* RFC 8446 TLS 1.3 */
+#define MBEDTLS_TLS_EXT_EARLY_DATA                  42 /* RFC 8446 TLS 1.3 */
+#define MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS          43 /* RFC 8446 TLS 1.3 */
+#define MBEDTLS_TLS_EXT_COOKIE                      44 /* RFC 8446 TLS 1.3 */
+#define MBEDTLS_TLS_EXT_PSK_KEY_EXCHANGE_MODES      45 /* RFC 8446 TLS 1.3 */
 
-#define MBEDTLS_TLS_EXT_KEY_SHARES                  51
+#define MBEDTLS_TLS_EXT_CERT_AUTH                   47 /* RFC 8446 TLS 1.3 */
+#define MBEDTLS_TLS_EXT_OID_FILTERS                 48 /* RFC 8446 TLS 1.3 */
+#define MBEDTLS_TLS_EXT_POST_HANDSHAKE_AUTH         49 /* RFC 8446 TLS 1.3 */
+#define MBEDTLS_TLS_EXT_SIG_ALG_CERT                50 /* RFC 8446 TLS 1.3 */
+#define MBEDTLS_TLS_EXT_KEY_SHARE                   51 /* RFC 8446 TLS 1.3 */
 
 /* The value of the CID extension is still TBD as of
  * draft-ietf-tls-dtls-connection-id-05

From 8e7ca0432ef291e1e0502e352cf830cfbabdd875 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Thu, 26 Aug 2021 15:31:37 +0800
Subject: [PATCH 409/966] fix extensions_present issues

fix comments for the mask values. follow same order
as IANA values.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_misc.h | 46 +++++++++++++++++++++++++++++++---------------
 1 file changed, 31 insertions(+), 15 deletions(-)

diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index dfb5634974..bda2a7a1a6 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -103,20 +103,34 @@
 #define MBEDTLS_SSL_RENEGOTIATION_DONE          2   /* Done or aborted */
 #define MBEDTLS_SSL_RENEGOTIATION_PENDING       3   /* Requested (server only) */
 
-/* List of extensions used in extensions_present of mbedtls_ssl_handshake_params */
-#define MBEDTLS_SSL_EXT_NONE                      0
-#define MBEDTLS_SSL_EXT_PRE_SHARED_KEY            ( 1 <<  0 )
-#define MBEDTLS_SSL_EXT_KEY_SHARE                 ( 1 <<  1 )
-#define MBEDTLS_SSL_EXT_SIGNATURE_ALGORITHM       ( 1 <<  2 )
-#define MBEDTLS_SSL_EXT_SUPPORTED_GROUPS          ( 1 <<  3 )
-#define MBEDTLS_SSL_EXT_MAX_FRAGMENT_LENGTH       ( 1 <<  4 )
-#define MBEDTLS_SSL_EXT_ALPN                      ( 1 <<  5 )
-#define MBEDTLS_SSL_EXT_SUPPORTED_VERSION         ( 1 <<  6 )
-#define MBEDTLS_SSL_EXT_PSK_KEY_EXCHANGE_MODES    ( 1 <<  7 )
-#define MBEDTLS_SSL_EXT_EARLY_DATA                ( 1 <<  8 )
-#define MBEDTLS_SSL_EXT_SERVERNAME                ( 1 <<  9 )
-#define MBEDTLS_SSL_EXT_COOKIE                    ( 1 << 10 )
-#define MBEDTLS_SSL_EXT_CID                       ( 1 << 11 )
+/*
+ * Mask of TLS 1.3 handshake extensions used in extensions_present
+ * of mbedtls_ssl_handshake_params.
+ */
+#define MBEDTLS_SSL_EXT_NONE                        0
+
+#define MBEDTLS_SSL_EXT_SERVERNAME                  ( 1 <<  0 )
+#define MBEDTLS_SSL_EXT_MAX_FRAGMENT_LENGTH         ( 1 <<  1 )
+#define MBEDTLS_SSL_EXT_STATUS_REQUEST              ( 1 <<  2 )
+#define MBEDTLS_SSL_EXT_SUPPORTED_GROUPS            ( 1 <<  3 )
+#define MBEDTLS_SSL_EXT_SIG_ALG                     ( 1 <<  4 )
+#define MBEDTLS_SSL_EXT_USE_SRTP                    ( 1 <<  5 )
+#define MBEDTLS_SSL_EXT_HEARTBEAT                   ( 1 <<  6 )
+#define MBEDTLS_SSL_EXT_ALPN                        ( 1 <<  7 )
+#define MBEDTLS_SSL_EXT_SCT                         ( 1 <<  8 )
+#define MBEDTLS_SSL_EXT_SERV_CERT_TYPE              ( 1 <<  9 )
+#define MBEDTLS_SSL_EXT_CLI_CERT_TYPE               ( 1 << 10 )
+#define MBEDTLS_SSL_EXT_PADDING                     ( 1 << 11 )
+#define MBEDTLS_SSL_EXT_PRE_SHARED_KEY              ( 1 << 12 )
+#define MBEDTLS_SSL_EXT_EARLY_DATA                  ( 1 << 13 )
+#define MBEDTLS_SSL_EXT_SUPPORTED_VERSIONS          ( 1 << 14 )
+#define MBEDTLS_SSL_EXT_COOKIE                      ( 1 << 15 )
+#define MBEDTLS_SSL_EXT_PSK_KEY_EXCHANGE_MODES      ( 1 << 16 )
+#define MBEDTLS_SSL_EXT_CERT_AUTH                   ( 1 << 17 )
+#define MBEDTLS_SSL_EXT_OID_FILTERS                 ( 1 << 18 )
+#define MBEDTLS_SSL_EXT_POST_HANDSHAKE_AUTH         ( 1 << 19 )
+#define MBEDTLS_SSL_EXT_SIG_ALG_CERT                ( 1 << 20 )
+#define MBEDTLS_SSL_EXT_KEY_SHARE                   ( 1 << 21 )
 
 #define MBEDTLS_SSL_PROC_STRIP_PARENS( ... )   __VA_ARGS__
 
@@ -647,7 +661,9 @@ struct mbedtls_ssl_handshake_params
     int max_minor_ver;                  /*!< max. minor version client*/
     int cli_exts;                       /*!< client extension presence*/
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
-    int extensions_present;             /*!< extension presence; Each bitfield represents an extension and defined as \c MBEDTLS_SSL_EXT_XXX */
+    int extensions_present;             /*!< extension presence; Each bitfield
+                                             represents an extension and defined
+                                             as \c MBEDTLS_SSL_EXT_XXX */
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
 
 #if defined(MBEDTLS_SSL_SESSION_TICKETS)

From c7ddeec22988235608aa7a4f3647b14d74546a53 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Thu, 26 Aug 2021 16:23:47 +0800
Subject: [PATCH 410/966] Remove `len_without_binders`

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_tls13_client.c | 14 ++++----------
 1 file changed, 4 insertions(+), 10 deletions(-)

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index f6e145b294..2cada0deca 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -73,8 +73,7 @@ int mbedtls_ssl_handshake_client_step_tls1_3( mbedtls_ssl_context *ssl )
 static int ssl_client_hello_prepare( mbedtls_ssl_context* ssl );
 static int ssl_client_hello_write_partial( mbedtls_ssl_context* ssl,
                                            unsigned char* buf, size_t buflen,
-                                           size_t* len_without_binders,
-                                           size_t* len_with_binders );
+                                           size_t *len_with_binders );
 static int ssl_client_hello_postprocess( mbedtls_ssl_context* ssl );
 
 static int ssl_client_hello_process( mbedtls_ssl_context* ssl )
@@ -82,7 +81,6 @@ static int ssl_client_hello_process( mbedtls_ssl_context* ssl )
     int ret = 0;
     unsigned char *buf;
     size_t buf_len, msg_len;
-    size_t len_without_binders = 0;
 
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write client hello" ) );
 
@@ -91,13 +89,11 @@ static int ssl_client_hello_process( mbedtls_ssl_context* ssl )
     MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_start_handshake_msg, ( ssl,
                  MBEDTLS_SSL_HS_CLIENT_HELLO, &buf, &buf_len ) );
 
-    MBEDTLS_SSL_PROC_CHK( ssl_client_hello_write_partial, ( ssl, buf, buf_len,
-                                                  &len_without_binders,
-                                                  &msg_len ) );
+    MBEDTLS_SSL_PROC_CHK( ssl_client_hello_write_partial, ( ssl, buf, buf_len, &msg_len ) );
 
     mbedtls_ssl_add_hs_hdr_to_checksum( ssl, MBEDTLS_SSL_HS_CLIENT_HELLO,
                                         msg_len );
-    ssl->handshake->update_checksum( ssl, buf, len_without_binders );
+    ssl->handshake->update_checksum( ssl, buf, 0 );
 
     MBEDTLS_SSL_PROC_CHK( ssl_client_hello_postprocess, ( ssl ) );
     MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_finish_handshake_msg, ( ssl, buf_len, msg_len ) );
@@ -162,8 +158,7 @@ static int ssl_write_key_shares_ext( mbedtls_ssl_context *ssl,
 
 static int ssl_client_hello_write_partial( mbedtls_ssl_context* ssl,
                                            unsigned char* buf, size_t buflen,
-                                           size_t* len_without_binders,
-                                           size_t* len_with_binders )
+                                           size_t *len_with_binders )
 {
      /* Extensions */
 
@@ -396,7 +391,6 @@ static int ssl_client_hello_write_partial( mbedtls_ssl_context* ssl,
     *extension_start++ = (unsigned char)( ( total_ext_len >> 8 ) & 0xFF );
     *extension_start++ = (unsigned char)( ( total_ext_len ) & 0xFF );
 
-    *len_without_binders = buf - start;
     *len_with_binders = ( extension_start + total_ext_len ) - start;
     return( 0 );
 }

From 708202b7d08812f3859b854cd8e534e4154655b0 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Thu, 26 Aug 2021 16:28:36 +0800
Subject: [PATCH 411/966] Move random function check

move to `ssl_conf_check`

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_tls.c          | 6 ++++++
 library/ssl_tls13_client.c | 6 ------
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 07b51003ab..1c8c7bd734 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -3182,6 +3182,12 @@ static int ssl_conf_check(const mbedtls_ssl_context *ssl)
     if( ret != 0 )
         return( ret );
 
+    if( ssl->conf->f_rng == NULL )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "no RNG provided" ) );
+        return( MBEDTLS_ERR_SSL_NO_RNG );
+    }
+
     /* Space for further checks */
 
     return( 0 );
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 2cada0deca..036c5e5537 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -111,12 +111,6 @@ static int ssl_client_hello_prepare( mbedtls_ssl_context* ssl )
     int ret;
     size_t rand_bytes_len;
 
-    if( ssl->conf->f_rng == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "no RNG provided" ) );
-        return( MBEDTLS_ERR_SSL_NO_RNG );
-    }
-
     rand_bytes_len = 32;
 
     if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, ssl->handshake->randbytes, rand_bytes_len ) ) != 0 )

From 6f13f64aa668155a91e39e99f361687927a4b6f6 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Thu, 26 Aug 2021 17:18:15 +0800
Subject: [PATCH 412/966] fix various format issues

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_misc.h         |  4 +-
 library/ssl_tls13_client.c | 94 ++++++++++++++++++--------------------
 2 files changed, 47 insertions(+), 51 deletions(-)

diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index bda2a7a1a6..9cf1e4ff39 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -1402,7 +1402,9 @@ void mbedtls_ssl_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl,
                                          size_t total_hs_len );
 
 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
-int mbedtls_ssl_write_signature_algorithms_ext(mbedtls_ssl_context* ssl, unsigned char* buf, unsigned char* end, size_t* olen);
+int mbedtls_ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl,
+                                                unsigned char *buf, unsigned char *end,
+                                                size_t *olen);
 #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
 
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 036c5e5537..62b6ce18f8 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -30,8 +30,10 @@
 #include "ssl_misc.h"
 #include <mbedtls/debug.h>
 
+#define CLIENT_HELLO_RAND_BYTES_LEN 32
+#define CLIENT_HELLO_VERSION_LEN    2
 /* Main entry point; orchestrates the other functions */
-static int ssl_client_hello_process( mbedtls_ssl_context* ssl );
+static int ssl_client_hello_process( mbedtls_ssl_context *ssl );
 
 int mbedtls_ssl_handshake_client_step_tls1_3( mbedtls_ssl_context *ssl )
 {
@@ -70,13 +72,13 @@ int mbedtls_ssl_handshake_client_step_tls1_3( mbedtls_ssl_context *ssl )
 }
 
 
-static int ssl_client_hello_prepare( mbedtls_ssl_context* ssl );
-static int ssl_client_hello_write_partial( mbedtls_ssl_context* ssl,
-                                           unsigned char* buf, size_t buflen,
+static int ssl_client_hello_prepare( mbedtls_ssl_context *ssl );
+static int ssl_client_hello_write_partial( mbedtls_ssl_context *ssl,
+                                           unsigned char *buf, size_t buflen,
                                            size_t *len_with_binders );
-static int ssl_client_hello_postprocess( mbedtls_ssl_context* ssl );
+static int ssl_client_hello_postprocess( mbedtls_ssl_context *ssl );
 
-static int ssl_client_hello_process( mbedtls_ssl_context* ssl )
+static int ssl_client_hello_process( mbedtls_ssl_context *ssl )
 {
     int ret = 0;
     unsigned char *buf;
@@ -106,14 +108,13 @@ cleanup:
     return ret;
 }
 
-static int ssl_client_hello_prepare( mbedtls_ssl_context* ssl )
+static int ssl_client_hello_prepare( mbedtls_ssl_context *ssl )
 {
     int ret;
-    size_t rand_bytes_len;
 
-    rand_bytes_len = 32;
-
-    if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, ssl->handshake->randbytes, rand_bytes_len ) ) != 0 )
+    if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, 
+                                  ssl->handshake->randbytes, 
+                                  CLIENT_HELLO_RAND_BYTES_LEN ) ) != 0 )
     {
         MBEDTLS_SSL_DEBUG_RET( 1, "ssl_generate_random", ret );
         return( ret );
@@ -131,27 +132,27 @@ static int ssl_client_hello_postprocess( mbedtls_ssl_context* ssl )
 
 /* Write extensions */
 
-static void ssl_write_supported_versions_ext( mbedtls_ssl_context *ssl,
-                                             unsigned char* buf,
-                                             unsigned char* end,
-                                             size_t* olen );
+static int ssl_write_supported_versions_ext( mbedtls_ssl_context *ssl,
+                                              unsigned char *buf,
+                                              unsigned char *end,
+                                              size_t *olen );
 
 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
 
 static int ssl_write_supported_groups_ext( mbedtls_ssl_context *ssl,
-                                          unsigned char* buf,
-                                          unsigned char* end,
-                                          size_t* olen );
+                                          unsigned char *buf,
+                                          unsigned char *end,
+                                          size_t *olen );
 
 static int ssl_write_key_shares_ext( mbedtls_ssl_context *ssl,
-                                     unsigned char* buf,
-                                     unsigned char* end,
-                                     size_t* olen );
+                                     unsigned char *buf,
+                                     unsigned char *end,
+                                     size_t *olen );
 
 #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
 
-static int ssl_client_hello_write_partial( mbedtls_ssl_context* ssl,
-                                           unsigned char* buf, size_t buflen,
+static int ssl_client_hello_write_partial( mbedtls_ssl_context *ssl,
+                                           unsigned char *buf, size_t buflen,
                                            size_t *len_with_binders )
 {
      /* Extensions */
@@ -169,10 +170,6 @@ static int ssl_client_hello_write_partial( mbedtls_ssl_context* ssl,
     size_t cur_ext_len;          /* Size of the current extension */
     size_t total_ext_len;        /* Size of list of extensions    */
 
-    /* Length information */
-    size_t rand_bytes_len;
-    size_t version_len;
-
     /* Buffer management */
     unsigned char* start = buf;
     unsigned char* end = buf + buflen;
@@ -188,8 +185,6 @@ static int ssl_client_hello_write_partial( mbedtls_ssl_context* ssl,
     /* Keeping track of the included extensions */
     ssl->handshake->extensions_present = MBEDTLS_SSL_EXT_NONE;
 
-    rand_bytes_len = 32;
-
     /* NOTE:
      * Even for DTLS 1.3, we are writing a TLS handshake header here.
      * The actual DTLS 1.3 handshake header is inserted in
@@ -198,7 +193,6 @@ static int ssl_client_hello_write_partial( mbedtls_ssl_context* ssl,
      * For cTLS the length, and the version field
      * are elided. The random bytes are shorter.
      */
-    version_len = 2;
 
     if( ssl->conf->max_major_ver == 0 )
     {
@@ -218,16 +212,18 @@ static int ssl_client_hello_write_partial( mbedtls_ssl_context* ssl,
      *
      *  In cTLS the version number is elided.
      */
+    MBEDTLS_SSL_CHK_BUF_PTR( buf, end, CLIENT_HELLO_VERSION_LEN);
     *buf++ = 0x03;
     *buf++ = 0x03;
-    buflen -= version_len;
+    buflen -= CLIENT_HELLO_VERSION_LEN;
 
     /* Write random bytes */
-    memcpy( buf, ssl->handshake->randbytes, rand_bytes_len );
-    MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, random bytes", buf, rand_bytes_len );
+    MBEDTLS_SSL_CHK_BUF_PTR( buf, end, CLIENT_HELLO_RAND_BYTES_LEN);
+    memcpy( buf, ssl->handshake->randbytes, CLIENT_HELLO_RAND_BYTES_LEN );
+    MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, random bytes", buf, CLIENT_HELLO_RAND_BYTES_LEN );
 
-    buf += rand_bytes_len;
-    buflen -= rand_bytes_len;
+    buf += CLIENT_HELLO_RAND_BYTES_LEN;
+    buflen -= CLIENT_HELLO_RAND_BYTES_LEN;
 
     /* Versions of TLS before TLS 1.3 supported a
      * "session resumption" feature which has been merged with pre-shared
@@ -396,10 +392,10 @@ static int ssl_client_hello_write_partial( mbedtls_ssl_context* ssl,
  *      ProtocolVersion versions<2..254>;
  * } SupportedVersions;
  */
-static void ssl_write_supported_versions_ext( mbedtls_ssl_context *ssl,
-                                             unsigned char* buf,
-                                             unsigned char* end,
-                                             size_t* olen )
+static int ssl_write_supported_versions_ext( mbedtls_ssl_context *ssl,
+                                              unsigned char *buf,
+                                              unsigned char *end,
+                                              size_t *olen )
 {
     unsigned char *p = buf;
 
@@ -407,11 +403,7 @@ static void ssl_write_supported_versions_ext( mbedtls_ssl_context *ssl,
 
     MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported version extension" ) );
 
-    if( end < p || (size_t)( end - p ) < 7 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
-        return;
-    }
+    MBEDTLS_SSL_CHK_BUF_PTR( p, end, 7 );
 
     *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS >> 8 ) & 0xFF );
     *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS ) & 0xFF );
@@ -432,14 +424,16 @@ static void ssl_write_supported_versions_ext( mbedtls_ssl_context *ssl,
     MBEDTLS_SSL_DEBUG_MSG( 3, ( "supported version: [%d:%d]", ssl->conf->max_major_ver, ssl->conf->max_minor_ver ) );
 
     *olen = 7;
+
+    return( 0 );
 }
 
 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
 
 static int ssl_write_supported_groups_ext( mbedtls_ssl_context *ssl,
-                                          unsigned char* buf,
-                                          unsigned char* end,
-                                          size_t* olen )
+                                           unsigned char *buf,
+                                           unsigned char *end,
+                                           size_t *olen )
 {
     ((void) ssl);
     ((void) buf);
@@ -449,9 +443,9 @@ static int ssl_write_supported_groups_ext( mbedtls_ssl_context *ssl,
 }
 
 static int ssl_write_key_shares_ext( mbedtls_ssl_context *ssl,
-                                     unsigned char* buf,
-                                     unsigned char* end,
-                                     size_t* olen )
+                                     unsigned char *buf,
+                                     unsigned char *end,
+                                     size_t *olen )
 {
     ((void) ssl);
     ((void) buf);

From e885b7698062920884a4e6b85b08129d2ab8c334 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Thu, 26 Aug 2021 17:32:34 +0800
Subject: [PATCH 413/966] fix too long lines

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_tls13_client.c | 36 ++++++++++++++++++++++--------------
 1 file changed, 22 insertions(+), 14 deletions(-)

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 62b6ce18f8..d293629857 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -59,7 +59,7 @@ int mbedtls_ssl_handshake_client_step_tls1_3( mbedtls_ssl_context *ssl )
 
         case MBEDTLS_SSL_SERVER_HELLO:
             // Stop here : we haven't finished whole flow
-            ret=MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
+            ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
             mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS );
             break;
 
@@ -88,17 +88,20 @@ static int ssl_client_hello_process( mbedtls_ssl_context *ssl )
 
     MBEDTLS_SSL_PROC_CHK( ssl_client_hello_prepare, ( ssl ) );
 
-    MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_start_handshake_msg, ( ssl,
-                 MBEDTLS_SSL_HS_CLIENT_HELLO, &buf, &buf_len ) );
+    MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_start_handshake_msg,
+                          ( ssl, MBEDTLS_SSL_HS_CLIENT_HELLO,
+                          &buf, &buf_len ) );
 
-    MBEDTLS_SSL_PROC_CHK( ssl_client_hello_write_partial, ( ssl, buf, buf_len, &msg_len ) );
+    MBEDTLS_SSL_PROC_CHK( ssl_client_hello_write_partial,
+                          ( ssl, buf, buf_len, &msg_len ) );
 
     mbedtls_ssl_add_hs_hdr_to_checksum( ssl, MBEDTLS_SSL_HS_CLIENT_HELLO,
                                         msg_len );
     ssl->handshake->update_checksum( ssl, buf, 0 );
 
     MBEDTLS_SSL_PROC_CHK( ssl_client_hello_postprocess, ( ssl ) );
-    MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_finish_handshake_msg, ( ssl, buf_len, msg_len ) );
+    MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_finish_handshake_msg,
+                          ( ssl, buf_len, msg_len ) );
 
 cleanup:
 
@@ -112,8 +115,8 @@ static int ssl_client_hello_prepare( mbedtls_ssl_context *ssl )
 {
     int ret;
 
-    if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, 
-                                  ssl->handshake->randbytes, 
+    if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng,
+                                  ssl->handshake->randbytes,
                                   CLIENT_HELLO_RAND_BYTES_LEN ) ) != 0 )
     {
         MBEDTLS_SSL_DEBUG_RET( 1, "ssl_generate_random", ret );
@@ -177,8 +180,8 @@ static int ssl_client_hello_write_partial( mbedtls_ssl_context *ssl,
     /* Ciphersuite-related variables */
     const int* ciphersuites;
     const mbedtls_ssl_ciphersuite_t* ciphersuite_info;
-    size_t i; /* used to iterate through ciphersuite list */
-    /* ciphersuite_start points to the start of the ciphersuite list, i.e. to the length field*/
+    /*  ciphersuite_start points to the start of
+        the ciphersuite list, i.e. to the length field*/
     unsigned char* ciphersuite_start;
     size_t ciphersuite_count;
 
@@ -220,7 +223,8 @@ static int ssl_client_hello_write_partial( mbedtls_ssl_context *ssl,
     /* Write random bytes */
     MBEDTLS_SSL_CHK_BUF_PTR( buf, end, CLIENT_HELLO_RAND_BYTES_LEN);
     memcpy( buf, ssl->handshake->randbytes, CLIENT_HELLO_RAND_BYTES_LEN );
-    MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, random bytes", buf, CLIENT_HELLO_RAND_BYTES_LEN );
+    MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, random bytes",
+                           buf, CLIENT_HELLO_RAND_BYTES_LEN );
 
     buf += CLIENT_HELLO_RAND_BYTES_LEN;
     buflen -= CLIENT_HELLO_RAND_BYTES_LEN;
@@ -268,7 +272,7 @@ static int ssl_client_hello_write_partial( mbedtls_ssl_context *ssl,
     buf += 2;
     buflen -= 2;
 
-    for ( i = 0; ciphersuites[i] != 0; i++ )
+    for ( size_t i = 0; ciphersuites[i] != 0; i++ )
     {
         ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( ciphersuites[i] );
 
@@ -280,7 +284,8 @@ static int ssl_client_hello_write_partial( mbedtls_ssl_context *ssl,
             continue;
 
         MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, add ciphersuite: %04x, %s",
-                                    (unsigned int) ciphersuites[i], ciphersuite_info->name ) );
+                                    (unsigned int) ciphersuites[i],
+                                    ciphersuite_info->name ) );
 
         ciphersuite_count++;
 
@@ -301,7 +306,9 @@ static int ssl_client_hello_write_partial( mbedtls_ssl_context *ssl,
     *ciphersuite_start++ = (unsigned char)( ciphersuite_count*2 >> 8 );
     *ciphersuite_start++ = (unsigned char)( ciphersuite_count*2 );
 
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, got %" MBEDTLS_PRINTF_SIZET " ciphersuites", ciphersuite_count ) );
+    MBEDTLS_SSL_DEBUG_MSG( 3,
+                           ( "client hello, got %" MBEDTLS_PRINTF_SIZET " ciphersuites",
+                             ciphersuite_count ) );
 
     /* For every TLS 1.3 ClientHello, this vector MUST contain exactly
      * one byte set to zero, which corresponds to the 'null' compression
@@ -421,7 +428,8 @@ static int ssl_write_supported_versions_ext( mbedtls_ssl_context *ssl,
     mbedtls_ssl_write_version( ssl->conf->max_major_ver, ssl->conf->max_minor_ver,
                               ssl->conf->transport, p );
 
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "supported version: [%d:%d]", ssl->conf->max_major_ver, ssl->conf->max_minor_ver ) );
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "supported version: [%d:%d]",
+                                ssl->conf->max_major_ver, ssl->conf->max_minor_ver ) );
 
     *olen = 7;
 

From 2ac64193ad5cafa401e69d40b1ff7bc93a584cda Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Thu, 26 Aug 2021 18:38:58 +0800
Subject: [PATCH 414/966] Apply MBEDTLS_PUT_xyz

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_tls13_client.c  | 24 ++++++++++++------------
 library/ssl_tls13_generic.c |  8 ++++----
 2 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index d293629857..cd929ce7ed 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -216,8 +216,8 @@ static int ssl_client_hello_write_partial( mbedtls_ssl_context *ssl,
      *  In cTLS the version number is elided.
      */
     MBEDTLS_SSL_CHK_BUF_PTR( buf, end, CLIENT_HELLO_VERSION_LEN);
-    *buf++ = 0x03;
-    *buf++ = 0x03;
+    MBEDTLS_PUT_UINT16_BE( 0x0303, buf, 0);
+    buf += 2;
     buflen -= CLIENT_HELLO_VERSION_LEN;
 
     /* Write random bytes */
@@ -295,16 +295,16 @@ static int ssl_client_hello_write_partial( mbedtls_ssl_context *ssl,
             return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
         }
 
-        *buf++ = (unsigned char)( ciphersuites[i] >> 8 );
-        *buf++ = (unsigned char)( ciphersuites[i] );
+        MBEDTLS_PUT_UINT16_BE( ciphersuites[i], buf, 0);
 
+        buf += 2;
         buflen -= 2;
 
     }
 
     /* write ciphersuite length now */
-    *ciphersuite_start++ = (unsigned char)( ciphersuite_count*2 >> 8 );
-    *ciphersuite_start++ = (unsigned char)( ciphersuite_count*2 );
+    MBEDTLS_PUT_UINT16_BE( ciphersuite_count*2, ciphersuite_start, 0);
+    ciphersuite_start += 2;
 
     MBEDTLS_SSL_DEBUG_MSG( 3,
                            ( "client hello, got %" MBEDTLS_PRINTF_SIZET " ciphersuites",
@@ -385,8 +385,8 @@ static int ssl_client_hello_write_partial( mbedtls_ssl_context *ssl,
     MBEDTLS_SSL_DEBUG_BUF( 3, "client hello extensions", extension_start, total_ext_len );
 
     /* Write extension length */
-    *extension_start++ = (unsigned char)( ( total_ext_len >> 8 ) & 0xFF );
-    *extension_start++ = (unsigned char)( ( total_ext_len ) & 0xFF );
+    MBEDTLS_PUT_UINT16_BE( total_ext_len, extension_start, 0);
+    extension_start += 2;
 
     *len_with_binders = ( extension_start + total_ext_len ) - start;
     return( 0 );
@@ -412,12 +412,12 @@ static int ssl_write_supported_versions_ext( mbedtls_ssl_context *ssl,
 
     MBEDTLS_SSL_CHK_BUF_PTR( p, end, 7 );
 
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS >> 8 ) & 0xFF );
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS ) & 0xFF );
+    MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS, p, 0);
 
     /* total length */
-    *p++ = 0x00;
-    *p++ = 3;
+    MBEDTLS_PUT_UINT16_BE( 3, p, 2);
+
+    p+=4;
 
     /* length of next field */
     *p++ = 0x2;
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 7ec7423ea0..4a0493a940 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -62,10 +62,10 @@ void mbedtls_ssl_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl,
     unsigned char hs_hdr[4];
 
     /* Build HS header for checksum update. */
-    hs_hdr[0] = hs_type;
-    hs_hdr[1] = (unsigned char)( total_hs_len >> 16 );
-    hs_hdr[2] = (unsigned char)( total_hs_len >>  8 );
-    hs_hdr[3] = (unsigned char)( total_hs_len >>  0 );
+    hs_hdr[0] = MBEDTLS_BYTE_0( hs_type );
+    hs_hdr[1] = MBEDTLS_BYTE_2( total_hs_len );
+    hs_hdr[2] = MBEDTLS_BYTE_1( total_hs_len );
+    hs_hdr[3] = MBEDTLS_BYTE_0( total_hs_len );
 
     ssl->handshake->update_checksum( ssl, hs_hdr, sizeof( hs_hdr ) );
 }

From 55b90386004e882922bbb045144e047865ba2fd2 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Thu, 26 Aug 2021 18:42:05 +0800
Subject: [PATCH 415/966] fix coding style issue

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_tls13_client.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index cd929ce7ed..8996e8adcb 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -107,7 +107,7 @@ cleanup:
 
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write client hello" ) );
     /* client_hello_process haven't finished */
-    ret=MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
+    ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
     return ret;
 }
 

From f443681f561e604740f6626f8fb411c52e2bf696 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Thu, 26 Aug 2021 22:59:56 +0800
Subject: [PATCH 416/966] fix function name conversion issues

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_misc.h          | 12 ++++----
 library/ssl_tls.c           |  2 +-
 library/ssl_tls13_client.c  | 55 +++++++++++++++++++------------------
 library/ssl_tls13_generic.c | 10 +++----
 4 files changed, 40 insertions(+), 39 deletions(-)

diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 9cf1e4ff39..016dfe162e 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -949,7 +949,7 @@ int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl );
 int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl );
 void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl );
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
-int mbedtls_ssl_handshake_client_step_tls1_3( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl );
 int mbedtls_ssl_handshake_server_step_tls1_3( mbedtls_ssl_context *ssl );
 #endif
 
@@ -1385,24 +1385,24 @@ static inline int mbedtls_ssl_conf_is_hybrid_tls12_tls13( const mbedtls_ssl_conf
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
 
 static inline void mbedtls_ssl_handshake_set_state( mbedtls_ssl_context* ssl,
-    int state )
+    mbedtls_ssl_states state )
 {
     ssl->state = state;
 }
 
-int mbedtls_ssl_start_handshake_msg( mbedtls_ssl_context *ssl,
+int mbedtls_ssl_tls13_start_handshake_msg( mbedtls_ssl_context *ssl,
                                      unsigned hs_type,
                                      unsigned char **buf,
                                      size_t *buflen );
-int mbedtls_ssl_finish_handshake_msg( mbedtls_ssl_context *ssl,
+int mbedtls_ssl_tls13_finish_handshake_msg( mbedtls_ssl_context *ssl,
                                       size_t buf_len,
                                       size_t msg_len );
-void mbedtls_ssl_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl,
+void mbedtls_ssl_tls13_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl,
                                          unsigned hs_type,
                                          size_t total_hs_len );
 
 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
-int mbedtls_ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl,
+int mbedtls_ssl_tls13_write_signature_algorithms_ext( mbedtls_ssl_context *ssl,
                                                 unsigned char *buf, unsigned char *end,
                                                 size_t *olen);
 #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 1c8c7bd734..831cc52ac0 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -5181,7 +5181,7 @@ int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl )
     {
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
         if( mbedtls_ssl_conf_is_tls13_only( ssl->conf ) )
-            ret = mbedtls_ssl_handshake_client_step_tls1_3( ssl );
+            ret = mbedtls_ssl_tls13_handshake_client_step( ssl );
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 8996e8adcb..ceb692ea56 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -33,9 +33,9 @@
 #define CLIENT_HELLO_RAND_BYTES_LEN 32
 #define CLIENT_HELLO_VERSION_LEN    2
 /* Main entry point; orchestrates the other functions */
-static int ssl_client_hello_process( mbedtls_ssl_context *ssl );
+static int ssl_tls13_write_client_hello( mbedtls_ssl_context *ssl );
 
-int mbedtls_ssl_handshake_client_step_tls1_3( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl )
 {
     int ret = 0;
 
@@ -54,7 +54,7 @@ int mbedtls_ssl_handshake_client_step_tls1_3( mbedtls_ssl_context *ssl )
             break;
 
         case MBEDTLS_SSL_CLIENT_HELLO:
-            ret = ssl_client_hello_process( ssl );
+            ret = ssl_tls13_write_client_hello( ssl );
             break;
 
         case MBEDTLS_SSL_SERVER_HELLO:
@@ -72,13 +72,13 @@ int mbedtls_ssl_handshake_client_step_tls1_3( mbedtls_ssl_context *ssl )
 }
 
 
-static int ssl_client_hello_prepare( mbedtls_ssl_context *ssl );
-static int ssl_client_hello_write_partial( mbedtls_ssl_context *ssl,
+static int ssl_tls13_prepare_client_hello( mbedtls_ssl_context *ssl );
+static int ssl_tls13_write_exts_client_hello( mbedtls_ssl_context *ssl,
                                            unsigned char *buf, size_t buflen,
                                            size_t *len_with_binders );
-static int ssl_client_hello_postprocess( mbedtls_ssl_context *ssl );
+static int ssl_tls13_finalize_client_hello( mbedtls_ssl_context *ssl );
 
-static int ssl_client_hello_process( mbedtls_ssl_context *ssl )
+static int ssl_tls13_write_client_hello( mbedtls_ssl_context *ssl )
 {
     int ret = 0;
     unsigned char *buf;
@@ -86,21 +86,21 @@ static int ssl_client_hello_process( mbedtls_ssl_context *ssl )
 
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write client hello" ) );
 
-    MBEDTLS_SSL_PROC_CHK( ssl_client_hello_prepare, ( ssl ) );
+    MBEDTLS_SSL_PROC_CHK( ssl_tls13_prepare_client_hello, ( ssl ) );
 
-    MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_start_handshake_msg,
+    MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_start_handshake_msg,
                           ( ssl, MBEDTLS_SSL_HS_CLIENT_HELLO,
                           &buf, &buf_len ) );
 
-    MBEDTLS_SSL_PROC_CHK( ssl_client_hello_write_partial,
+    MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_exts_client_hello,
                           ( ssl, buf, buf_len, &msg_len ) );
 
-    mbedtls_ssl_add_hs_hdr_to_checksum( ssl, MBEDTLS_SSL_HS_CLIENT_HELLO,
+    mbedtls_ssl_tls13_add_hs_hdr_to_checksum( ssl, MBEDTLS_SSL_HS_CLIENT_HELLO,
                                         msg_len );
     ssl->handshake->update_checksum( ssl, buf, 0 );
 
-    MBEDTLS_SSL_PROC_CHK( ssl_client_hello_postprocess, ( ssl ) );
-    MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_finish_handshake_msg,
+    MBEDTLS_SSL_PROC_CHK( ssl_tls13_finalize_client_hello, ( ssl ) );
+    MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_finish_handshake_msg,
                           ( ssl, buf_len, msg_len ) );
 
 cleanup:
@@ -111,7 +111,7 @@ cleanup:
     return ret;
 }
 
-static int ssl_client_hello_prepare( mbedtls_ssl_context *ssl )
+static int ssl_tls13_prepare_client_hello( mbedtls_ssl_context *ssl )
 {
     int ret;
 
@@ -126,7 +126,7 @@ static int ssl_client_hello_prepare( mbedtls_ssl_context *ssl )
     return( 0 );
 }
 
-static int ssl_client_hello_postprocess( mbedtls_ssl_context* ssl )
+static int ssl_tls13_finalize_client_hello( mbedtls_ssl_context* ssl )
 {
     mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_HELLO );
 
@@ -135,26 +135,26 @@ static int ssl_client_hello_postprocess( mbedtls_ssl_context* ssl )
 
 /* Write extensions */
 
-static int ssl_write_supported_versions_ext( mbedtls_ssl_context *ssl,
+static int ssl_tls13_write_supported_versions_ext( mbedtls_ssl_context *ssl,
                                               unsigned char *buf,
                                               unsigned char *end,
                                               size_t *olen );
 
 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
 
-static int ssl_write_supported_groups_ext( mbedtls_ssl_context *ssl,
+static int ssl_tls13_write_supported_groups_ext( mbedtls_ssl_context *ssl,
                                           unsigned char *buf,
                                           unsigned char *end,
                                           size_t *olen );
 
-static int ssl_write_key_shares_ext( mbedtls_ssl_context *ssl,
+static int ssl_tls13_write_key_shares_ext( mbedtls_ssl_context *ssl,
                                      unsigned char *buf,
                                      unsigned char *end,
                                      size_t *olen );
 
 #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
 
-static int ssl_client_hello_write_partial( mbedtls_ssl_context *ssl,
+static int ssl_tls13_write_exts_client_hello( mbedtls_ssl_context *ssl,
                                            unsigned char *buf, size_t buflen,
                                            size_t *len_with_binders )
 {
@@ -337,7 +337,7 @@ static int ssl_client_hello_write_partial( mbedtls_ssl_context *ssl,
      * For cTLS we only need to provide it if there is more than one version
      * and currently there is only one.
      */
-    ssl_write_supported_versions_ext( ssl, buf, end, &cur_ext_len );
+    ssl_tls13_write_supported_versions_ext( ssl, buf, end, &cur_ext_len );
     total_ext_len += cur_ext_len;
     buf += cur_ext_len;
 
@@ -345,7 +345,7 @@ static int ssl_client_hello_write_partial( mbedtls_ssl_context *ssl,
     /* The supported_groups and the key_share extensions are
      * REQUIRED for ECDHE ciphersuites.
      */
-    ret = ssl_write_supported_groups_ext( ssl, buf, end, &cur_ext_len );
+    ret = ssl_tls13_write_supported_groups_ext( ssl, buf, end, &cur_ext_len );
     if( ret != 0 )
         return( ret );
 
@@ -354,7 +354,8 @@ static int ssl_client_hello_write_partial( mbedtls_ssl_context *ssl,
 
     /* The supported_signature_algorithms extension is REQUIRED for
      * certificate authenticated ciphersuites. */
-    ret = mbedtls_ssl_write_signature_algorithms_ext( ssl, buf, end, &cur_ext_len );
+    ret = mbedtls_ssl_tls13_write_signature_algorithms_ext( ssl, buf, 
+                                                            end, &cur_ext_len );
     if( ret != 0 )
         return( ret );
 
@@ -369,7 +370,7 @@ static int ssl_client_hello_write_partial( mbedtls_ssl_context *ssl,
      * 3 ) Or, in case all ciphers are supported ( which includes #1 and #2 from above )
      */
 
-    ret = ssl_write_key_shares_ext( ssl, buf, end, &cur_ext_len );
+    ret = ssl_tls13_write_key_shares_ext( ssl, buf, end, &cur_ext_len );
     if( ret != 0 )
         return( ret );
 
@@ -393,13 +394,13 @@ static int ssl_client_hello_write_partial( mbedtls_ssl_context *ssl,
 }
 
 /*
- * ssl_write_supported_versions_ext():
+ * ssl_tls13_write_supported_versions_ext():
  *
  * struct {
  *      ProtocolVersion versions<2..254>;
  * } SupportedVersions;
  */
-static int ssl_write_supported_versions_ext( mbedtls_ssl_context *ssl,
+static int ssl_tls13_write_supported_versions_ext( mbedtls_ssl_context *ssl,
                                               unsigned char *buf,
                                               unsigned char *end,
                                               size_t *olen )
@@ -438,7 +439,7 @@ static int ssl_write_supported_versions_ext( mbedtls_ssl_context *ssl,
 
 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
 
-static int ssl_write_supported_groups_ext( mbedtls_ssl_context *ssl,
+static int ssl_tls13_write_supported_groups_ext( mbedtls_ssl_context *ssl,
                                            unsigned char *buf,
                                            unsigned char *end,
                                            size_t *olen )
@@ -450,7 +451,7 @@ static int ssl_write_supported_groups_ext( mbedtls_ssl_context *ssl,
     return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
 }
 
-static int ssl_write_key_shares_ext( mbedtls_ssl_context *ssl,
+static int ssl_tls13_write_key_shares_ext( mbedtls_ssl_context *ssl,
                                      unsigned char *buf,
                                      unsigned char *end,
                                      size_t *olen )
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 4a0493a940..be44141518 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -27,7 +27,7 @@
 
 #include "ssl_misc.h"
 
-int mbedtls_ssl_start_handshake_msg( mbedtls_ssl_context *ssl,
+int mbedtls_ssl_tls13_start_handshake_msg( mbedtls_ssl_context *ssl,
                                      unsigned hs_type,
                                      unsigned char **buf,
                                      size_t *buflen )
@@ -41,7 +41,7 @@ int mbedtls_ssl_start_handshake_msg( mbedtls_ssl_context *ssl,
     return( 0 );
 }
 
-int mbedtls_ssl_finish_handshake_msg( mbedtls_ssl_context *ssl,
+int mbedtls_ssl_tls13_finish_handshake_msg( mbedtls_ssl_context *ssl,
                                       size_t buf_len,
                                       size_t msg_len )
 {
@@ -55,7 +55,7 @@ cleanup:
     return( ret );
 }
 
-void mbedtls_ssl_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl,
+void mbedtls_ssl_tls13_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl,
                                          unsigned hs_type,
                                          size_t total_hs_len )
 {
@@ -73,7 +73,7 @@ void mbedtls_ssl_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl,
 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
 
 /*
- * mbedtls_ssl_write_signature_algorithms_ext( )
+ * mbedtls_ssl_tls13_write_signature_algorithms_ext( )
  *
  * enum {
  *    ....
@@ -90,7 +90,7 @@ void mbedtls_ssl_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl,
  * Only if we handle at least one key exchange that needs signatures.
  */
 
-int mbedtls_ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl,
+int mbedtls_ssl_tls13_write_signature_algorithms_ext( mbedtls_ssl_context *ssl,
                                         unsigned char* buf,
                                         unsigned char* end,
                                         size_t* olen )

From d532fe77206296f428aba403416e394bb0a1dc7c Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Thu, 26 Aug 2021 23:11:55 +0800
Subject: [PATCH 417/966] write client hello also in hello reqeust

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_tls13_client.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index ceb692ea56..0a07e06c40 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -49,10 +49,11 @@ int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl )
 
     switch( ssl->state )
     {
+        /* 
+         * ssl->state is initialized as HELLO_REQUEST. It is same
+         * with CLIENT_HELLO status
+         */
         case MBEDTLS_SSL_HELLO_REQUEST:
-            mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_HELLO );
-            break;
-
         case MBEDTLS_SSL_CLIENT_HELLO:
             ret = ssl_tls13_write_client_hello( ssl );
             break;

From 9e42f6efd36a661f177da276487a5242fd1006fc Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Fri, 27 Aug 2021 15:14:01 +0800
Subject: [PATCH 418/966] Revert "Move random function check"

This reverts commit cc88b34f7942f57ea0fd27ee4b3e29f49c91f10e.

It causes many test fail. It should be re-considered.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_tls.c          | 6 ------
 library/ssl_tls13_client.c | 6 ++++++
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 831cc52ac0..c43f95ee1b 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -3182,12 +3182,6 @@ static int ssl_conf_check(const mbedtls_ssl_context *ssl)
     if( ret != 0 )
         return( ret );
 
-    if( ssl->conf->f_rng == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "no RNG provided" ) );
-        return( MBEDTLS_ERR_SSL_NO_RNG );
-    }
-
     /* Space for further checks */
 
     return( 0 );
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 0a07e06c40..f5a6e20cab 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -116,6 +116,12 @@ static int ssl_tls13_prepare_client_hello( mbedtls_ssl_context *ssl )
 {
     int ret;
 
+    if( ssl->conf->f_rng == NULL )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "no RNG provided" ) );
+        return( MBEDTLS_ERR_SSL_NO_RNG );
+    }
+
     if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng,
                                   ssl->handshake->randbytes,
                                   CLIENT_HELLO_RAND_BYTES_LEN ) ) != 0 )

From 9176c3ad8c58b68d1770dcdf46fd90bbd5072968 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Fri, 27 Aug 2021 14:58:49 +0800
Subject: [PATCH 419/966] trim spaces

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_tls13_client.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index f5a6e20cab..3611f70b0d 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -49,7 +49,7 @@ int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl )
 
     switch( ssl->state )
     {
-        /* 
+        /*
          * ssl->state is initialized as HELLO_REQUEST. It is same
          * with CLIENT_HELLO status
          */
@@ -361,7 +361,7 @@ static int ssl_tls13_write_exts_client_hello( mbedtls_ssl_context *ssl,
 
     /* The supported_signature_algorithms extension is REQUIRED for
      * certificate authenticated ciphersuites. */
-    ret = mbedtls_ssl_tls13_write_signature_algorithms_ext( ssl, buf, 
+    ret = mbedtls_ssl_tls13_write_signature_algorithms_ext( ssl, buf,
                                                             end, &cur_ext_len );
     if( ret != 0 )
         return( ret );

From 92c6b402d7ccf127d4700b49af5a9977c908ee3f Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Fri, 27 Aug 2021 16:59:09 +0800
Subject: [PATCH 420/966] Remove prototype of static functions

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_tls13_client.c | 318 +++++++++++++++++--------------------
 1 file changed, 147 insertions(+), 171 deletions(-)

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 3611f70b0d..41b133437d 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -32,135 +32,82 @@
 
 #define CLIENT_HELLO_RAND_BYTES_LEN 32
 #define CLIENT_HELLO_VERSION_LEN    2
-/* Main entry point; orchestrates the other functions */
-static int ssl_tls13_write_client_hello( mbedtls_ssl_context *ssl );
-
-int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl )
-{
-    int ret = 0;
-
-    if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER || ssl->handshake == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "Handshake completed but ssl->handshake is NULL.\n" ) );
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-    }
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "client state: %d", ssl->state ) );
-
-    switch( ssl->state )
-    {
-        /*
-         * ssl->state is initialized as HELLO_REQUEST. It is same
-         * with CLIENT_HELLO status
-         */
-        case MBEDTLS_SSL_HELLO_REQUEST:
-        case MBEDTLS_SSL_CLIENT_HELLO:
-            ret = ssl_tls13_write_client_hello( ssl );
-            break;
-
-        case MBEDTLS_SSL_SERVER_HELLO:
-            // Stop here : we haven't finished whole flow
-            ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
-            mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS );
-            break;
-
-        default:
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid state %d", ssl->state ) );
-            return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-    }
-
-    return( ret );
-}
-
-
-static int ssl_tls13_prepare_client_hello( mbedtls_ssl_context *ssl );
-static int ssl_tls13_write_exts_client_hello( mbedtls_ssl_context *ssl,
-                                           unsigned char *buf, size_t buflen,
-                                           size_t *len_with_binders );
-static int ssl_tls13_finalize_client_hello( mbedtls_ssl_context *ssl );
-
-static int ssl_tls13_write_client_hello( mbedtls_ssl_context *ssl )
-{
-    int ret = 0;
-    unsigned char *buf;
-    size_t buf_len, msg_len;
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write client hello" ) );
-
-    MBEDTLS_SSL_PROC_CHK( ssl_tls13_prepare_client_hello, ( ssl ) );
-
-    MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_start_handshake_msg,
-                          ( ssl, MBEDTLS_SSL_HS_CLIENT_HELLO,
-                          &buf, &buf_len ) );
-
-    MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_exts_client_hello,
-                          ( ssl, buf, buf_len, &msg_len ) );
-
-    mbedtls_ssl_tls13_add_hs_hdr_to_checksum( ssl, MBEDTLS_SSL_HS_CLIENT_HELLO,
-                                        msg_len );
-    ssl->handshake->update_checksum( ssl, buf, 0 );
-
-    MBEDTLS_SSL_PROC_CHK( ssl_tls13_finalize_client_hello, ( ssl ) );
-    MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_finish_handshake_msg,
-                          ( ssl, buf_len, msg_len ) );
-
-cleanup:
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write client hello" ) );
-    /* client_hello_process haven't finished */
-    ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
-    return ret;
-}
-
-static int ssl_tls13_prepare_client_hello( mbedtls_ssl_context *ssl )
-{
-    int ret;
-
-    if( ssl->conf->f_rng == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "no RNG provided" ) );
-        return( MBEDTLS_ERR_SSL_NO_RNG );
-    }
-
-    if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng,
-                                  ssl->handshake->randbytes,
-                                  CLIENT_HELLO_RAND_BYTES_LEN ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "ssl_generate_random", ret );
-        return( ret );
-    }
-
-    return( 0 );
-}
-
-static int ssl_tls13_finalize_client_hello( mbedtls_ssl_context* ssl )
-{
-    mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_HELLO );
-
-    return( 0 );
-}
 
 /* Write extensions */
 
+/*
+ * ssl_tls13_write_supported_versions_ext():
+ *
+ * struct {
+ *      ProtocolVersion versions<2..254>;
+ * } SupportedVersions;
+ */
 static int ssl_tls13_write_supported_versions_ext( mbedtls_ssl_context *ssl,
                                               unsigned char *buf,
                                               unsigned char *end,
-                                              size_t *olen );
+                                              size_t *olen )
+{
+    unsigned char *p = buf;
+
+    *olen = 0;
+
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported version extension" ) );
+
+    MBEDTLS_SSL_CHK_BUF_PTR( p, end, 7 );
+
+    MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS, p, 0);
+
+    /* total length */
+    MBEDTLS_PUT_UINT16_BE( 3, p, 2);
+    p+=4;
+
+    /* length of next field */
+    *p++ = 0x2;
+
+    /* This implementation only supports a single TLS version, and only
+     * advertises a single value.
+     */
+    mbedtls_ssl_write_version( ssl->conf->max_major_ver, ssl->conf->max_minor_ver,
+                              ssl->conf->transport, p );
+
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "supported version: [%d:%d]",
+                                ssl->conf->max_major_ver, ssl->conf->max_minor_ver ) );
+
+    *olen = 7;
+
+    return( 0 );
+}
 
 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
 
 static int ssl_tls13_write_supported_groups_ext( mbedtls_ssl_context *ssl,
-                                          unsigned char *buf,
-                                          unsigned char *end,
-                                          size_t *olen );
+                                           unsigned char *buf,
+                                           unsigned char *end,
+                                           size_t *olen )
+{
+    ((void) ssl);
+    ((void) buf);
+    ((void) end);
+    ((void) olen);
+    return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+}
 
 static int ssl_tls13_write_key_shares_ext( mbedtls_ssl_context *ssl,
                                      unsigned char *buf,
                                      unsigned char *end,
-                                     size_t *olen );
+                                     size_t *olen )
+{
+    ((void) ssl);
+    ((void) buf);
+    ((void) end);
+    ((void) olen);
+    return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+}
 
 #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
 
+/* Functions for ClientHello */
+
 static int ssl_tls13_write_exts_client_hello( mbedtls_ssl_context *ssl,
                                            unsigned char *buf, size_t buflen,
                                            size_t *len_with_binders )
@@ -344,7 +291,9 @@ static int ssl_tls13_write_exts_client_hello( mbedtls_ssl_context *ssl,
      * For cTLS we only need to provide it if there is more than one version
      * and currently there is only one.
      */
-    ssl_tls13_write_supported_versions_ext( ssl, buf, end, &cur_ext_len );
+    ret = ssl_tls13_write_supported_versions_ext( ssl, buf, end, &cur_ext_len );
+    if( ret != 0 )
+        return( ret );
     total_ext_len += cur_ext_len;
     buf += cur_ext_len;
 
@@ -400,77 +349,104 @@ static int ssl_tls13_write_exts_client_hello( mbedtls_ssl_context *ssl,
     return( 0 );
 }
 
-/*
- * ssl_tls13_write_supported_versions_ext():
- *
- * struct {
- *      ProtocolVersion versions<2..254>;
- * } SupportedVersions;
- */
-static int ssl_tls13_write_supported_versions_ext( mbedtls_ssl_context *ssl,
-                                              unsigned char *buf,
-                                              unsigned char *end,
-                                              size_t *olen )
+static int ssl_tls13_finalize_client_hello( mbedtls_ssl_context* ssl )
 {
-    unsigned char *p = buf;
+    mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_HELLO );
+    return( 0 );
+}
 
-    *olen = 0;
+static int ssl_tls13_prepare_client_hello( mbedtls_ssl_context *ssl )
+{
+    int ret;
 
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported version extension" ) );
+    if( ssl->conf->f_rng == NULL )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "no RNG provided" ) );
+        return( MBEDTLS_ERR_SSL_NO_RNG );
+    }
 
-    MBEDTLS_SSL_CHK_BUF_PTR( p, end, 7 );
-
-    MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS, p, 0);
-
-    /* total length */
-    MBEDTLS_PUT_UINT16_BE( 3, p, 2);
-
-    p+=4;
-
-    /* length of next field */
-    *p++ = 0x2;
-
-    /* This implementation only supports a single TLS version, and only
-     * advertises a single value.
-     */
-    mbedtls_ssl_write_version( ssl->conf->max_major_ver, ssl->conf->max_minor_ver,
-                              ssl->conf->transport, p );
-
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "supported version: [%d:%d]",
-                                ssl->conf->max_major_ver, ssl->conf->max_minor_ver ) );
-
-    *olen = 7;
+    if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng,
+                                  ssl->handshake->randbytes,
+                                  CLIENT_HELLO_RAND_BYTES_LEN ) ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "ssl_generate_random", ret );
+        return( ret );
+    }
 
     return( 0 );
 }
 
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
-
-static int ssl_tls13_write_supported_groups_ext( mbedtls_ssl_context *ssl,
-                                           unsigned char *buf,
-                                           unsigned char *end,
-                                           size_t *olen )
+/*
+ * ClientHello Main entry point.
+ * orchestrates the other functions.
+ */
+static int ssl_tls13_write_client_hello( mbedtls_ssl_context *ssl )
 {
-    ((void) ssl);
-    ((void) buf);
-    ((void) end);
-    ((void) olen);
-    return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+    int ret = 0;
+    unsigned char *buf;
+    size_t buf_len, msg_len;
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write client hello" ) );
+
+    MBEDTLS_SSL_PROC_CHK( ssl_tls13_prepare_client_hello, ( ssl ) );
+
+    MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_start_handshake_msg,
+                          ( ssl, MBEDTLS_SSL_HS_CLIENT_HELLO,
+                          &buf, &buf_len ) );
+
+    MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_exts_client_hello,
+                          ( ssl, buf, buf_len, &msg_len ) );
+
+    mbedtls_ssl_tls13_add_hs_hdr_to_checksum( ssl, MBEDTLS_SSL_HS_CLIENT_HELLO,
+                                        msg_len );
+    ssl->handshake->update_checksum( ssl, buf, 0 );
+
+    MBEDTLS_SSL_PROC_CHK( ssl_tls13_finalize_client_hello, ( ssl ) );
+    MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_finish_handshake_msg,
+                          ( ssl, buf_len, msg_len ) );
+
+cleanup:
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write client hello" ) );
+    return ret;
 }
 
-static int ssl_tls13_write_key_shares_ext( mbedtls_ssl_context *ssl,
-                                     unsigned char *buf,
-                                     unsigned char *end,
-                                     size_t *olen )
+int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl )
 {
-    ((void) ssl);
-    ((void) buf);
-    ((void) end);
-    ((void) olen);
-    return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
-}
+    int ret = 0;
 
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+    if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER || ssl->handshake == NULL )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "Handshake completed but ssl->handshake is NULL.\n" ) );
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    }
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "client state: %d", ssl->state ) );
+
+    switch( ssl->state )
+    {
+        /*
+         * ssl->state is initialized as HELLO_REQUEST. It is same
+         * with CLIENT_HELLO status
+         */
+        case MBEDTLS_SSL_HELLO_REQUEST:
+        case MBEDTLS_SSL_CLIENT_HELLO:
+            ret = ssl_tls13_write_client_hello( ssl );
+            break;
+
+        case MBEDTLS_SSL_SERVER_HELLO:
+            // Stop here : we haven't finished whole flow
+            ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
+            mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS );
+            break;
+
+        default:
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid state %d", ssl->state ) );
+            return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    }
+
+    return( ret );
+}
 
 #endif /* MBEDTLS_SSL_CLI_C */
 

From 275619336a78c6879f82168e00fa6b510ee63ccc Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Fri, 27 Aug 2021 17:07:38 +0800
Subject: [PATCH 421/966] fix name conversion issue for tls13 server entry

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_misc.h         | 2 +-
 library/ssl_tls.c          | 2 +-
 library/ssl_tls13_server.c | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 016dfe162e..10b07b751a 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -950,7 +950,7 @@ int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl );
 void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl );
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
 int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl );
-int mbedtls_ssl_handshake_server_step_tls1_3( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_tls13_handshake_server_step( mbedtls_ssl_context *ssl );
 #endif
 
 int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl );
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index c43f95ee1b..360419240f 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -5189,7 +5189,7 @@ int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl )
     {
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
         if( mbedtls_ssl_conf_is_tls13_only( ssl->conf ) )
-            ret = mbedtls_ssl_handshake_server_step_tls1_3( ssl );
+            ret = mbedtls_ssl_tls13_handshake_server_step( ssl );
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index a56727741b..0dcd7ed602 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -25,7 +25,7 @@
 
 #include "ssl_misc.h"
 
-int mbedtls_ssl_handshake_server_step_tls1_3( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_tls13_handshake_server_step( mbedtls_ssl_context *ssl )
 {
     ((void) ssl);
     return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );

From 5cc8f0a0d849407adac6e033a80a0b8cf34eb58a Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Fri, 27 Aug 2021 17:21:44 +0800
Subject: [PATCH 422/966] Add simple document for tls13 functions

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_misc.h | 33 +++++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)

diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 10b07b751a..8c38cd06e1 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -132,8 +132,15 @@
 #define MBEDTLS_SSL_EXT_SIG_ALG_CERT                ( 1 << 20 )
 #define MBEDTLS_SSL_EXT_KEY_SHARE                   ( 1 << 21 )
 
+/*
+ * Helper macros for function call with returen check.
+ */
+/* utils for strip parens in marcro */
 #define MBEDTLS_SSL_PROC_STRIP_PARENS( ... )   __VA_ARGS__
 
+/*
+ * Exit and print debug message when return none zero value
+ */
 #define MBEDTLS_SSL_PROC_CHK( fn, args )                        \
     do {                                                        \
         ret = fn(MBEDTLS_SSL_PROC_STRIP_PARENS args);           \
@@ -146,6 +153,9 @@
         }                                                       \
     } while( 0 )
 
+/*
+ * Exit and print debug message when return negative value
+ */
 #define MBEDTLS_SSL_PROC_CHK_NEG( fn, args )                    \
     do {                                                        \
         ret = fn(MBEDTLS_SSL_PROC_STRIP_PARENS args);           \
@@ -949,7 +959,18 @@ int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl );
 int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl );
 void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl );
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+/**
+ * \brief           TLS1.3 client side state machine entry
+ *
+ * \param ssl       SSL context
+ */
 int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl );
+
+/**
+ * \brief           TLS1.3 server side state machine entry
+ *
+ * \param ssl       SSL context
+ */
 int mbedtls_ssl_tls13_handshake_server_step( mbedtls_ssl_context *ssl );
 #endif
 
@@ -1390,18 +1411,30 @@ static inline void mbedtls_ssl_handshake_set_state( mbedtls_ssl_context* ssl,
     ssl->state = state;
 }
 
+/*
+ * Write tls13 handshake message header
+ */
 int mbedtls_ssl_tls13_start_handshake_msg( mbedtls_ssl_context *ssl,
                                      unsigned hs_type,
                                      unsigned char **buf,
                                      size_t *buflen );
+/*
+ * Write tls13 handshake message tail
+ */
 int mbedtls_ssl_tls13_finish_handshake_msg( mbedtls_ssl_context *ssl,
                                       size_t buf_len,
                                       size_t msg_len );
+/*
+ * Update checksum with handshake header
+ */
 void mbedtls_ssl_tls13_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl,
                                          unsigned hs_type,
                                          size_t total_hs_len );
 
 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+/*
+ * Write TLS1.3 Signature Algorithm extesion
+ */
 int mbedtls_ssl_tls13_write_signature_algorithms_ext( mbedtls_ssl_context *ssl,
                                                 unsigned char *buf, unsigned char *end,
                                                 size_t *olen);

From c4d22444d65c6483e349f3019ed38454c41176e8 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Fri, 27 Aug 2021 20:04:33 +0800
Subject: [PATCH 423/966] fix undeclared variable error

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>

# Conflicts:
#	library/ssl_tls13_client.c
---
 library/ssl_tls13_client.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 41b133437d..a03aa8e461 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -112,7 +112,7 @@ static int ssl_tls13_write_exts_client_hello( mbedtls_ssl_context *ssl,
                                            unsigned char *buf, size_t buflen,
                                            size_t *len_with_binders )
 {
-     /* Extensions */
+    /* Extensions */
 
     /* extension_start
      *    Used during extension writing where the
@@ -120,9 +120,7 @@ static int ssl_tls13_write_exts_client_hello( mbedtls_ssl_context *ssl,
      *    extension list must be kept to write
      *    the total extension list size in the end.
      */
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
     int ret;
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
     unsigned char* extension_start;
     size_t cur_ext_len;          /* Size of the current extension */
     size_t total_ext_len;        /* Size of list of extensions    */

From 995ecd396ffbba84dcf84d3399c6fd270ec1b820 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Mon, 30 Aug 2021 17:53:49 +0800
Subject: [PATCH 424/966] fix wrong iana values and comments

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 include/mbedtls/ssl.h | 14 +++++++-------
 library/ssl_misc.h    |  4 ++--
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index b7b22c20d4..540ff1fc52 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -472,21 +472,21 @@
 #define MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH          1
 
 #define MBEDTLS_TLS_EXT_TRUNCATED_HMAC               4
-#define MBEDTLS_TLS_EXT_STATUS_REQUEST               5 /* RFC 8446 TLS 1.3 */
+#define MBEDTLS_TLS_EXT_STATUS_REQUEST               5 /* RFC 6066 TLS 1.3 */
 
 #define MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES   10
-#define MBEDTLS_TLS_EXT_SUPPORTED_GROUPS            10 /* RFC 8446 TLS 1.3 */
+#define MBEDTLS_TLS_EXT_SUPPORTED_GROUPS            10 /* RFC 8422,7919 TLS 1.3 */
 #define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS     11
 
 #define MBEDTLS_TLS_EXT_SIG_ALG                     13 /* RFC 8446 TLS 1.3 */
 #define MBEDTLS_TLS_EXT_USE_SRTP                    14
-#define MBEDTLS_TLS_EXT_HEARTBEAT                   15 /* RFC 8446 TLS 1.3 */
+#define MBEDTLS_TLS_EXT_HEARTBEAT                   15 /* RFC 6520 TLS 1.3 */
 #define MBEDTLS_TLS_EXT_ALPN                        16
 
-#define MBEDTLS_TLS_EXT_SCT                         18 /* RFC 8446 TLS 1.3 */
-#define MBEDTLS_TLS_EXT_SERV_CERT_TYPE              19 /* RFC 8446 TLS 1.3 */
-#define MBEDTLS_TLS_EXT_CLI_CERT_TYPE               20 /* RFC 8446 TLS 1.3 */
-#define MBEDTLS_TLS_EXT_PADDING                     21 /* RFC 8446 TLS 1.3 */
+#define MBEDTLS_TLS_EXT_SCT                         18 /* RFC 6962 TLS 1.3 */
+#define MBEDTLS_TLS_EXT_CLI_CERT_TYPE               19 /* RFC 7259 TLS 1.3 */
+#define MBEDTLS_TLS_EXT_SERV_CERT_TYPE              20 /* RFC 7250 TLS 1.3 */
+#define MBEDTLS_TLS_EXT_PADDING                     21 /* RFC 7685 TLS 1.3 */
 #define MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC            22 /* 0x16 */
 #define MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET  0x0017 /* 23 */
 
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 8c38cd06e1..32017f3458 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -118,8 +118,8 @@
 #define MBEDTLS_SSL_EXT_HEARTBEAT                   ( 1 <<  6 )
 #define MBEDTLS_SSL_EXT_ALPN                        ( 1 <<  7 )
 #define MBEDTLS_SSL_EXT_SCT                         ( 1 <<  8 )
-#define MBEDTLS_SSL_EXT_SERV_CERT_TYPE              ( 1 <<  9 )
-#define MBEDTLS_SSL_EXT_CLI_CERT_TYPE               ( 1 << 10 )
+#define MBEDTLS_SSL_EXT_CLI_CERT_TYPE               ( 1 <<  9 )
+#define MBEDTLS_SSL_EXT_SERV_CERT_TYPE              ( 1 << 10 )
 #define MBEDTLS_SSL_EXT_PADDING                     ( 1 << 11 )
 #define MBEDTLS_SSL_EXT_PRE_SHARED_KEY              ( 1 << 12 )
 #define MBEDTLS_SSL_EXT_EARLY_DATA                  ( 1 << 13 )

From eecfbf001cb6dff76bb6756e259818ce40fc38d1 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Mon, 30 Aug 2021 18:32:07 +0800
Subject: [PATCH 425/966] fix format issues

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_misc.h          | 23 ++++++++--------
 library/ssl_tls13_client.c  | 55 +++++++++++++++++++------------------
 library/ssl_tls13_generic.c | 23 ++++++++--------
 3 files changed, 53 insertions(+), 48 deletions(-)

diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 32017f3458..50aee6ffd2 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -1405,8 +1405,8 @@ static inline int mbedtls_ssl_conf_is_hybrid_tls12_tls13( const mbedtls_ssl_conf
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
 
-static inline void mbedtls_ssl_handshake_set_state( mbedtls_ssl_context* ssl,
-    mbedtls_ssl_states state )
+static inline void mbedtls_ssl_handshake_set_state( mbedtls_ssl_context *ssl,
+                                                    mbedtls_ssl_states state )
 {
     ssl->state = state;
 }
@@ -1415,29 +1415,30 @@ static inline void mbedtls_ssl_handshake_set_state( mbedtls_ssl_context* ssl,
  * Write tls13 handshake message header
  */
 int mbedtls_ssl_tls13_start_handshake_msg( mbedtls_ssl_context *ssl,
-                                     unsigned hs_type,
-                                     unsigned char **buf,
-                                     size_t *buflen );
+                                           unsigned hs_type,
+                                           unsigned char **buf,
+                                           size_t *buflen );
 /*
  * Write tls13 handshake message tail
  */
 int mbedtls_ssl_tls13_finish_handshake_msg( mbedtls_ssl_context *ssl,
-                                      size_t buf_len,
-                                      size_t msg_len );
+                                            size_t buf_len,
+                                            size_t msg_len );
 /*
  * Update checksum with handshake header
  */
 void mbedtls_ssl_tls13_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl,
-                                         unsigned hs_type,
-                                         size_t total_hs_len );
+                                               unsigned hs_type,
+                                               size_t total_hs_len );
 
 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
 /*
  * Write TLS1.3 Signature Algorithm extesion
  */
 int mbedtls_ssl_tls13_write_signature_algorithms_ext( mbedtls_ssl_context *ssl,
-                                                unsigned char *buf, unsigned char *end,
-                                                size_t *olen);
+                                                      unsigned char *buf,
+                                                      unsigned char *end,
+                                                      size_t *olen);
 #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
 
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index a03aa8e461..ef9836d195 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -43,9 +43,9 @@
  * } SupportedVersions;
  */
 static int ssl_tls13_write_supported_versions_ext( mbedtls_ssl_context *ssl,
-                                              unsigned char *buf,
-                                              unsigned char *end,
-                                              size_t *olen )
+                                                   unsigned char *buf,
+                                                   unsigned char *end,
+                                                   size_t *olen )
 {
     unsigned char *p = buf;
 
@@ -55,11 +55,11 @@ static int ssl_tls13_write_supported_versions_ext( mbedtls_ssl_context *ssl,
 
     MBEDTLS_SSL_CHK_BUF_PTR( p, end, 7 );
 
-    MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS, p, 0);
+    MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS, p, 0 );
 
     /* total length */
     MBEDTLS_PUT_UINT16_BE( 3, p, 2);
-    p+=4;
+    p += 4;
 
     /* length of next field */
     *p++ = 0x2;
@@ -67,11 +67,13 @@ static int ssl_tls13_write_supported_versions_ext( mbedtls_ssl_context *ssl,
     /* This implementation only supports a single TLS version, and only
      * advertises a single value.
      */
-    mbedtls_ssl_write_version( ssl->conf->max_major_ver, ssl->conf->max_minor_ver,
-                              ssl->conf->transport, p );
+    mbedtls_ssl_write_version( ssl->conf->max_major_ver,
+                               ssl->conf->max_minor_ver,
+                               ssl->conf->transport, p );
 
     MBEDTLS_SSL_DEBUG_MSG( 3, ( "supported version: [%d:%d]",
-                                ssl->conf->max_major_ver, ssl->conf->max_minor_ver ) );
+                                ssl->conf->max_major_ver,
+                                ssl->conf->max_minor_ver ) );
 
     *olen = 7;
 
@@ -81,9 +83,9 @@ static int ssl_tls13_write_supported_versions_ext( mbedtls_ssl_context *ssl,
 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
 
 static int ssl_tls13_write_supported_groups_ext( mbedtls_ssl_context *ssl,
-                                           unsigned char *buf,
-                                           unsigned char *end,
-                                           size_t *olen )
+                                                 unsigned char *buf,
+                                                 unsigned char *end,
+                                                 size_t *olen )
 {
     ((void) ssl);
     ((void) buf);
@@ -93,9 +95,9 @@ static int ssl_tls13_write_supported_groups_ext( mbedtls_ssl_context *ssl,
 }
 
 static int ssl_tls13_write_key_shares_ext( mbedtls_ssl_context *ssl,
-                                     unsigned char *buf,
-                                     unsigned char *end,
-                                     size_t *olen )
+                                           unsigned char *buf,
+                                           unsigned char *end,
+                                           size_t *olen )
 {
     ((void) ssl);
     ((void) buf);
@@ -109,8 +111,9 @@ static int ssl_tls13_write_key_shares_ext( mbedtls_ssl_context *ssl,
 /* Functions for ClientHello */
 
 static int ssl_tls13_write_exts_client_hello( mbedtls_ssl_context *ssl,
-                                           unsigned char *buf, size_t buflen,
-                                           size_t *len_with_binders )
+                                              unsigned char *buf,
+                                              size_t buflen,
+                                              size_t *len_with_binders )
 {
     /* Extensions */
 
@@ -121,20 +124,20 @@ static int ssl_tls13_write_exts_client_hello( mbedtls_ssl_context *ssl,
      *    the total extension list size in the end.
      */
     int ret;
-    unsigned char* extension_start;
+    unsigned char *extension_start;
     size_t cur_ext_len;          /* Size of the current extension */
     size_t total_ext_len;        /* Size of list of extensions    */
 
     /* Buffer management */
-    unsigned char* start = buf;
-    unsigned char* end = buf + buflen;
+    unsigned char *start = buf;
+    unsigned char *end = buf + buflen;
 
     /* Ciphersuite-related variables */
-    const int* ciphersuites;
-    const mbedtls_ssl_ciphersuite_t* ciphersuite_info;
+    const int *ciphersuites;
+    const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
     /*  ciphersuite_start points to the start of
         the ciphersuite list, i.e. to the length field*/
-    unsigned char* ciphersuite_start;
+    unsigned char *ciphersuite_start;
     size_t ciphersuite_count;
 
     /* Keeping track of the included extensions */
@@ -167,13 +170,13 @@ static int ssl_tls13_write_exts_client_hello( mbedtls_ssl_context *ssl,
      *
      *  In cTLS the version number is elided.
      */
-    MBEDTLS_SSL_CHK_BUF_PTR( buf, end, CLIENT_HELLO_VERSION_LEN);
+    MBEDTLS_SSL_CHK_BUF_PTR( buf, end, CLIENT_HELLO_VERSION_LEN );
     MBEDTLS_PUT_UINT16_BE( 0x0303, buf, 0);
     buf += 2;
     buflen -= CLIENT_HELLO_VERSION_LEN;
 
     /* Write random bytes */
-    MBEDTLS_SSL_CHK_BUF_PTR( buf, end, CLIENT_HELLO_RAND_BYTES_LEN);
+    MBEDTLS_SSL_CHK_BUF_PTR( buf, end, CLIENT_HELLO_RAND_BYTES_LEN );
     memcpy( buf, ssl->handshake->randbytes, CLIENT_HELLO_RAND_BYTES_LEN );
     MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, random bytes",
                            buf, CLIENT_HELLO_RAND_BYTES_LEN );
@@ -255,7 +258,7 @@ static int ssl_tls13_write_exts_client_hello( mbedtls_ssl_context *ssl,
     }
 
     /* write ciphersuite length now */
-    MBEDTLS_PUT_UINT16_BE( ciphersuite_count*2, ciphersuite_start, 0);
+    MBEDTLS_PUT_UINT16_BE( ciphersuite_count*2, ciphersuite_start, 0 );
     ciphersuite_start += 2;
 
     MBEDTLS_SSL_DEBUG_MSG( 3,
@@ -340,7 +343,7 @@ static int ssl_tls13_write_exts_client_hello( mbedtls_ssl_context *ssl,
     MBEDTLS_SSL_DEBUG_BUF( 3, "client hello extensions", extension_start, total_ext_len );
 
     /* Write extension length */
-    MBEDTLS_PUT_UINT16_BE( total_ext_len, extension_start, 0);
+    MBEDTLS_PUT_UINT16_BE( total_ext_len, extension_start, 0 );
     extension_start += 2;
 
     *len_with_binders = ( extension_start + total_ext_len ) - start;
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index be44141518..4b087baa26 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -28,9 +28,9 @@
 #include "ssl_misc.h"
 
 int mbedtls_ssl_tls13_start_handshake_msg( mbedtls_ssl_context *ssl,
-                                     unsigned hs_type,
-                                     unsigned char **buf,
-                                     size_t *buflen )
+                                           unsigned hs_type,
+                                           unsigned char **buf,
+                                           size_t *buflen )
 {
     *buf = ssl->out_msg + 4;
     *buflen = MBEDTLS_SSL_OUT_CONTENT_LEN - 4;
@@ -42,8 +42,8 @@ int mbedtls_ssl_tls13_start_handshake_msg( mbedtls_ssl_context *ssl,
 }
 
 int mbedtls_ssl_tls13_finish_handshake_msg( mbedtls_ssl_context *ssl,
-                                      size_t buf_len,
-                                      size_t msg_len )
+                                            size_t buf_len,
+                                            size_t msg_len )
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     ((void) buf_len);
@@ -56,8 +56,8 @@ cleanup:
 }
 
 void mbedtls_ssl_tls13_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl,
-                                         unsigned hs_type,
-                                         size_t total_hs_len )
+                                               unsigned hs_type,
+                                               size_t total_hs_len )
 {
     unsigned char hs_hdr[4];
 
@@ -90,10 +90,11 @@ void mbedtls_ssl_tls13_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl,
  * Only if we handle at least one key exchange that needs signatures.
  */
 
-int mbedtls_ssl_tls13_write_signature_algorithms_ext( mbedtls_ssl_context *ssl,
-                                        unsigned char* buf,
-                                        unsigned char* end,
-                                        size_t* olen )
+int mbedtls_ssl_tls13_write_signature_algorithms_ext( 
+    mbedtls_ssl_context *ssl,
+    unsigned char *buf,
+    unsigned char *end,
+    size_t *olen )
 {
     ((void) ssl);
     ((void) buf);

From e41dec015846b3e0d461654f6ef06814d10bde61 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Tue, 31 Aug 2021 10:57:07 +0800
Subject: [PATCH 426/966] Rename write signature algorithms function

To keep similar name with other place.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_misc.h          |  8 ++++----
 library/ssl_tls13_client.c  |  3 +--
 library/ssl_tls13_generic.c | 11 +++++------
 3 files changed, 10 insertions(+), 12 deletions(-)

diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 50aee6ffd2..6b0bf574b6 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -1435,10 +1435,10 @@ void mbedtls_ssl_tls13_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl,
 /*
  * Write TLS1.3 Signature Algorithm extesion
  */
-int mbedtls_ssl_tls13_write_signature_algorithms_ext( mbedtls_ssl_context *ssl,
-                                                      unsigned char *buf,
-                                                      unsigned char *end,
-                                                      size_t *olen);
+int mbedtls_ssl_tls13_write_sig_alg_ext( mbedtls_ssl_context *ssl,
+                                         unsigned char *buf,
+                                         unsigned char *end,
+                                         size_t *olen);
 #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
 
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index ef9836d195..dce83f427b 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -311,8 +311,7 @@ static int ssl_tls13_write_exts_client_hello( mbedtls_ssl_context *ssl,
 
     /* The supported_signature_algorithms extension is REQUIRED for
      * certificate authenticated ciphersuites. */
-    ret = mbedtls_ssl_tls13_write_signature_algorithms_ext( ssl, buf,
-                                                            end, &cur_ext_len );
+    ret = mbedtls_ssl_tls13_write_sig_alg_ext( ssl, buf, end, &cur_ext_len );
     if( ret != 0 )
         return( ret );
 
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 4b087baa26..1713d4c813 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -73,7 +73,7 @@ void mbedtls_ssl_tls13_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl,
 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
 
 /*
- * mbedtls_ssl_tls13_write_signature_algorithms_ext( )
+ * mbedtls_ssl_tls13_write_sig_alg_ext( )
  *
  * enum {
  *    ....
@@ -90,11 +90,10 @@ void mbedtls_ssl_tls13_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl,
  * Only if we handle at least one key exchange that needs signatures.
  */
 
-int mbedtls_ssl_tls13_write_signature_algorithms_ext( 
-    mbedtls_ssl_context *ssl,
-    unsigned char *buf,
-    unsigned char *end,
-    size_t *olen )
+int mbedtls_ssl_tls13_write_sig_alg_ext( mbedtls_ssl_context *ssl,
+                                         unsigned char *buf,
+                                         unsigned char *end,
+                                         size_t *olen )
 {
     ((void) ssl);
     ((void) buf);

From 08906d006b01566791587a2a9e6e9623bbea7a93 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Tue, 31 Aug 2021 11:05:27 +0800
Subject: [PATCH 427/966] fix name conversion issues

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_tls13_client.c | 26 +++++++++++++-------------
 1 file changed, 13 insertions(+), 13 deletions(-)

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index dce83f427b..80386c80d3 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -30,8 +30,8 @@
 #include "ssl_misc.h"
 #include <mbedtls/debug.h>
 
-#define CLIENT_HELLO_RAND_BYTES_LEN 32
-#define CLIENT_HELLO_VERSION_LEN    2
+#define CLIENT_HELLO_RANDOM_LEN 32
+#define CLIENT_HELLO_LEGACY_VERSION_LEN    2
 
 /* Write extensions */
 
@@ -110,7 +110,7 @@ static int ssl_tls13_write_key_shares_ext( mbedtls_ssl_context *ssl,
 
 /* Functions for ClientHello */
 
-static int ssl_tls13_write_exts_client_hello( mbedtls_ssl_context *ssl,
+static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl,
                                               unsigned char *buf,
                                               size_t buflen,
                                               size_t *len_with_binders )
@@ -170,19 +170,19 @@ static int ssl_tls13_write_exts_client_hello( mbedtls_ssl_context *ssl,
      *
      *  In cTLS the version number is elided.
      */
-    MBEDTLS_SSL_CHK_BUF_PTR( buf, end, CLIENT_HELLO_VERSION_LEN );
+    MBEDTLS_SSL_CHK_BUF_PTR( buf, end, CLIENT_HELLO_LEGACY_VERSION_LEN );
     MBEDTLS_PUT_UINT16_BE( 0x0303, buf, 0);
-    buf += 2;
-    buflen -= CLIENT_HELLO_VERSION_LEN;
+    buf += CLIENT_HELLO_LEGACY_VERSION_LEN;
+    buflen -= CLIENT_HELLO_LEGACY_VERSION_LEN;
 
     /* Write random bytes */
-    MBEDTLS_SSL_CHK_BUF_PTR( buf, end, CLIENT_HELLO_RAND_BYTES_LEN );
-    memcpy( buf, ssl->handshake->randbytes, CLIENT_HELLO_RAND_BYTES_LEN );
+    MBEDTLS_SSL_CHK_BUF_PTR( buf, end, CLIENT_HELLO_RANDOM_LEN );
+    memcpy( buf, ssl->handshake->randbytes, CLIENT_HELLO_RANDOM_LEN );
     MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, random bytes",
-                           buf, CLIENT_HELLO_RAND_BYTES_LEN );
+                           buf, CLIENT_HELLO_RANDOM_LEN );
 
-    buf += CLIENT_HELLO_RAND_BYTES_LEN;
-    buflen -= CLIENT_HELLO_RAND_BYTES_LEN;
+    buf += CLIENT_HELLO_RANDOM_LEN;
+    buflen -= CLIENT_HELLO_RANDOM_LEN;
 
     /* Versions of TLS before TLS 1.3 supported a
      * "session resumption" feature which has been merged with pre-shared
@@ -367,7 +367,7 @@ static int ssl_tls13_prepare_client_hello( mbedtls_ssl_context *ssl )
 
     if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng,
                                   ssl->handshake->randbytes,
-                                  CLIENT_HELLO_RAND_BYTES_LEN ) ) != 0 )
+                                  CLIENT_HELLO_RANDOM_LEN ) ) != 0 )
     {
         MBEDTLS_SSL_DEBUG_RET( 1, "ssl_generate_random", ret );
         return( ret );
@@ -394,7 +394,7 @@ static int ssl_tls13_write_client_hello( mbedtls_ssl_context *ssl )
                           ( ssl, MBEDTLS_SSL_HS_CLIENT_HELLO,
                           &buf, &buf_len ) );
 
-    MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_exts_client_hello,
+    MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_client_hello_body,
                           ( ssl, buf, buf_len, &msg_len ) );
 
     mbedtls_ssl_tls13_add_hs_hdr_to_checksum( ssl, MBEDTLS_SSL_HS_CLIENT_HELLO,

From 159c5a0e12b3769b14ae7c7e7aab2fe310eafd05 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Tue, 31 Aug 2021 12:51:25 +0800
Subject: [PATCH 428/966] fix comments issues

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_misc.h         |  6 +++---
 library/ssl_tls13_client.c | 42 +++++++++++++++++++++++++++++---------
 2 files changed, 35 insertions(+), 13 deletions(-)

diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 6b0bf574b6..b1f5f36f55 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -1412,14 +1412,14 @@ static inline void mbedtls_ssl_handshake_set_state( mbedtls_ssl_context *ssl,
 }
 
 /*
- * Write tls13 handshake message header
+ * Write TLS 1.3 handshake message header
  */
 int mbedtls_ssl_tls13_start_handshake_msg( mbedtls_ssl_context *ssl,
                                            unsigned hs_type,
                                            unsigned char **buf,
                                            size_t *buflen );
 /*
- * Write tls13 handshake message tail
+ * Write TLS 1.3 handshake message tail
  */
 int mbedtls_ssl_tls13_finish_handshake_msg( mbedtls_ssl_context *ssl,
                                             size_t buf_len,
@@ -1433,7 +1433,7 @@ void mbedtls_ssl_tls13_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl,
 
 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
 /*
- * Write TLS1.3 Signature Algorithm extesion
+ * Write TLS 1.3 Signature Algorithm extension
  */
 int mbedtls_ssl_tls13_write_sig_alg_ext( mbedtls_ssl_context *ssl,
                                          unsigned char *buf,
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 80386c80d3..f30d408230 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -51,17 +51,24 @@ static int ssl_tls13_write_supported_versions_ext( mbedtls_ssl_context *ssl,
 
     *olen = 0;
 
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported version extension" ) );
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported versions extension" ) );
 
+    /*
+     * ExtensionType    2
+     * ExtensionLength  2
+     * VersionSLength   1
+     * Version          2
+     */
     MBEDTLS_SSL_CHK_BUF_PTR( p, end, 7 );
 
+    /* Write Extension Type */
     MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS, p, 0 );
 
-    /* total length */
+    /* Write Extension Length */
     MBEDTLS_PUT_UINT16_BE( 3, p, 2);
     p += 4;
 
-    /* length of next field */
+    /* Length of the SupportedVersions field data */
     *p++ = 0x2;
 
     /* This implementation only supports a single TLS version, and only
@@ -108,7 +115,7 @@ static int ssl_tls13_write_key_shares_ext( mbedtls_ssl_context *ssl,
 
 #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
 
-/* Functions for ClientHello */
+/* Functions for writing ClientHello message */
 
 static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl,
                                               unsigned char *buf,
@@ -319,11 +326,13 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl,
     buf += cur_ext_len;
 
     /* We need to send the key shares under three conditions:
-     * 1 ) A certificate-based ciphersuite is being offered. In this case
-     *    supported_groups and supported_signature extensions have been successfully added.
-     * 2 ) A PSK-based ciphersuite with ECDHE is offered. In this case the
+     * 1) A certificate-based ciphersuite is being offered. In this case
+     *    supported_groups and supported_signature extensions have been
+     *    successfully added.
+     * 2) A PSK-based ciphersuite with ECDHE is offered. In this case the
      *    psk_key_exchange_modes has been added as the last extension.
-     * 3 ) Or, in case all ciphers are supported ( which includes #1 and #2 from above )
+     * 3) Or, in case all ciphers are supported ( which includes #1 and #2
+     *    from above )
      */
 
     ret = ssl_tls13_write_key_shares_ext( ssl, buf, end, &cur_ext_len );
@@ -377,8 +386,21 @@ static int ssl_tls13_prepare_client_hello( mbedtls_ssl_context *ssl )
 }
 
 /*
- * ClientHello Main entry point.
- * orchestrates the other functions.
+ * Write ClientHello handshake message.
+ *
+ * Structure of this message:
+ *
+ *    uint16 ProtocolVersion;
+ *    opaque Random[32];
+ *    uint8 CipherSuite[2];     // Cryptographic suite selector
+ *    struct {
+ *        ProtocolVersion legacy_version = 0x0303;    // TLS v1.2
+ *        Random random;
+ *        opaque legacy_session_id<0..32>;
+ *        CipherSuite cipher_suites<2..2^16-2>;
+ *        opaque legacy_compression_methods<1..2^8-1>;
+ *        Extension extensions<8..2^16-1>;
+ *    } ClientHello;
  */
 static int ssl_tls13_write_client_hello( mbedtls_ssl_context *ssl )
 {

From 67d4ed5b22d846d05144989ad2ba33cb0656cb17 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Tue, 31 Aug 2021 13:12:43 +0800
Subject: [PATCH 429/966] force change state type

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_misc.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index b1f5f36f55..e93e55b633 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -1408,7 +1408,7 @@ static inline int mbedtls_ssl_conf_is_hybrid_tls12_tls13( const mbedtls_ssl_conf
 static inline void mbedtls_ssl_handshake_set_state( mbedtls_ssl_context *ssl,
                                                     mbedtls_ssl_states state )
 {
-    ssl->state = state;
+    ssl->state = ( int ) state;
 }
 
 /*

From 6a643100029d4e739f0f45d5290b81fd3d9e836d Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Tue, 31 Aug 2021 14:40:36 +0800
Subject: [PATCH 430/966] Cleanup client_hello body.

cleanup `ssl_tls13_write_client_hello_body`, fix comments issues.
And move ciphersuites to separate function

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_tls13_client.c | 186 ++++++++++++++++++-------------------
 1 file changed, 89 insertions(+), 97 deletions(-)

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index f30d408230..f9cfff5217 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -115,8 +115,79 @@ static int ssl_tls13_write_key_shares_ext( mbedtls_ssl_context *ssl,
 
 #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
 
-/* Functions for writing ClientHello message */
+/* Write ciphersuites
+ * CipherSuite cipher_suites<2..2^16-2>;
+ */
+static int ssl_tls13_write_client_hello_ciphersuites(
+            mbedtls_ssl_context *ssl,
+            unsigned char *buf,
+            unsigned char *end,
+            size_t *olen )
+{
+    /* Ciphersuite-related variables */
+    const int *ciphersuites;
+    const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
+    /*  ciphersuite_start points to the start of
+        the ciphersuite list, i.e. to the length field*/
+    unsigned char *ciphersuite_start, *ciphersuite_iter;
+    size_t buf_len;
 
+    *olen = 0 ;
+
+    /*
+     * Ciphersuite list
+     *
+     * This is a list of the symmetric cipher options supported by
+     * the client, specifically the record protection algorithm
+     * ( including secret key length ) and a hash to be used with
+     * HKDF, in descending order of client preference.
+     */
+    ciphersuites = ssl->conf->ciphersuite_list;
+
+    /* Check available spaces for ciphersuite */
+    MBEDTLS_SSL_CHK_BUF_PTR( buf, end, 2 );
+
+    /* Write ciphersuites */
+    ciphersuite_start = buf + 2;
+    ciphersuite_iter  = ciphersuite_start;
+
+    for ( size_t i = 0; ciphersuites[i] != 0; i++ )
+    {
+        ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( ciphersuites[i] );
+
+        if( ciphersuite_info == NULL )
+            continue;
+
+        if( ciphersuite_info->min_minor_ver != MBEDTLS_SSL_MINOR_VERSION_4 ||
+            ciphersuite_info->max_minor_ver != MBEDTLS_SSL_MINOR_VERSION_4 )
+            continue;
+
+        MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, add ciphersuite: %04x, %s",
+                                    (unsigned int) ciphersuites[i],
+                                    ciphersuite_info->name ) );
+
+        /* Check for available spaces */
+        MBEDTLS_SSL_CHK_BUF_PTR( buf, end, 2 );
+
+        MBEDTLS_PUT_UINT16_BE( ciphersuites[i], ciphersuite_iter, 0);
+        ciphersuite_iter += 2;
+
+    }
+
+    buf_len = ciphersuite_iter - ciphersuite_start;
+
+    /* write ciphersuite buf length */
+    MBEDTLS_PUT_UINT16_BE( buf_len, buf, 0 );
+
+
+    MBEDTLS_SSL_DEBUG_MSG( 3,
+                           ( "client hello, got %" MBEDTLS_PRINTF_SIZET " ciphersuites",
+                             buf_len/2 ) );
+
+    return( 0 );
+}
+
+/* Functions for writing ClientHello message */
 static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl,
                                               unsigned char *buf,
                                               size_t buflen,
@@ -139,13 +210,7 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl,
     unsigned char *start = buf;
     unsigned char *end = buf + buflen;
 
-    /* Ciphersuite-related variables */
-    const int *ciphersuites;
-    const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
-    /*  ciphersuite_start points to the start of
-        the ciphersuite list, i.e. to the length field*/
-    unsigned char *ciphersuite_start;
-    size_t ciphersuite_count;
+    *len_with_binders = 0;
 
     /* Keeping track of the included extensions */
     ssl->handshake->extensions_present = MBEDTLS_SSL_EXT_NONE;
@@ -169,7 +234,9 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl,
     ssl->major_ver = ssl->conf->min_major_ver;
     ssl->minor_ver = ssl->conf->min_minor_ver;
 
-    /* For TLS 1.3 we use the legacy version number {0x03, 0x03}
+    /* Write legacy_version
+     *    ProtocolVersion legacy_version = 0x0303;    // TLS v1.2
+     * For TLS 1.3 we use the legacy version number {0x03, 0x03}
      *  instead of the true version number.
      *
      *  For DTLS 1.3 we use the legacy version number
@@ -180,16 +247,16 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl,
     MBEDTLS_SSL_CHK_BUF_PTR( buf, end, CLIENT_HELLO_LEGACY_VERSION_LEN );
     MBEDTLS_PUT_UINT16_BE( 0x0303, buf, 0);
     buf += CLIENT_HELLO_LEGACY_VERSION_LEN;
-    buflen -= CLIENT_HELLO_LEGACY_VERSION_LEN;
 
-    /* Write random bytes */
+    /* Write random bytes
+            Random random
+    */
     MBEDTLS_SSL_CHK_BUF_PTR( buf, end, CLIENT_HELLO_RANDOM_LEN );
     memcpy( buf, ssl->handshake->randbytes, CLIENT_HELLO_RANDOM_LEN );
     MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, random bytes",
                            buf, CLIENT_HELLO_RANDOM_LEN );
 
     buf += CLIENT_HELLO_RANDOM_LEN;
-    buflen -= CLIENT_HELLO_RANDOM_LEN;
 
     /* Versions of TLS before TLS 1.3 supported a
      * "session resumption" feature which has been merged with pre-shared
@@ -203,74 +270,14 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl,
      * ossification ). Otherwise, it MUST be set as a zero-length vector
      * ( i.e., a zero-valued single byte length field ).
      */
-    if( buflen < 1 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small to hold ClientHello" ) );
-        return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
-    }
-
+    MBEDTLS_SSL_CHK_BUF_PTR( buf, end, 1 );
     *buf++ = 0; /* session id length set to zero */
-    buflen -= 1;
 
-    /*
-     * Ciphersuite list
-     *
-     * This is a list of the symmetric cipher options supported by
-     * the client, specifically the record protection algorithm
-     * ( including secret key length ) and a hash to be used with
-     * HKDF, in descending order of client preference.
-     */
-    ciphersuites = ssl->conf->ciphersuite_list;
-
-    if( buflen < 2 /* for ciphersuite list length */ )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small to hold ClientHello" ) );
-        return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
-    }
-
-    /* Skip writing ciphersuite length for now */
-    ciphersuite_count = 0;
-    ciphersuite_start = buf;
-    buf += 2;
-    buflen -= 2;
-
-    for ( size_t i = 0; ciphersuites[i] != 0; i++ )
-    {
-        ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( ciphersuites[i] );
-
-        if( ciphersuite_info == NULL )
-            continue;
-
-        if( ciphersuite_info->min_minor_ver != MBEDTLS_SSL_MINOR_VERSION_4 ||
-            ciphersuite_info->max_minor_ver != MBEDTLS_SSL_MINOR_VERSION_4 )
-            continue;
-
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, add ciphersuite: %04x, %s",
-                                    (unsigned int) ciphersuites[i],
-                                    ciphersuite_info->name ) );
-
-        ciphersuite_count++;
-
-        if( buflen < 2 /* for ciphersuite list length */ )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small to hold ClientHello" ) );
-            return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
-        }
-
-        MBEDTLS_PUT_UINT16_BE( ciphersuites[i], buf, 0);
-
-        buf += 2;
-        buflen -= 2;
-
-    }
-
-    /* write ciphersuite length now */
-    MBEDTLS_PUT_UINT16_BE( ciphersuite_count*2, ciphersuite_start, 0 );
-    ciphersuite_start += 2;
-
-    MBEDTLS_SSL_DEBUG_MSG( 3,
-                           ( "client hello, got %" MBEDTLS_PRINTF_SIZET " ciphersuites",
-                             ciphersuite_count ) );
+    /* Write ciphersuites */
+    ret = ssl_tls13_write_client_hello_ciphersuites( ssl, buf, end, &cur_ext_len );
+    if( ret != 0)
+        return( ret );
+    buf += cur_ext_len;
 
     /* For every TLS 1.3 ClientHello, this vector MUST contain exactly
      * one byte set to zero, which corresponds to the 'null' compression
@@ -278,20 +285,13 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl,
      *
      * For cTLS this field is elided.
      */
-    if( buflen < 2 /* for ciphersuite list length */ )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small to hold ClientHello" ) );
-        return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
-    }
-
+    MBEDTLS_SSL_CHK_BUF_PTR( buf, end, 2 );
     *buf++ = 1;
     *buf++ = MBEDTLS_SSL_COMPRESS_NULL;
 
-    buflen -= 2;
 
     /* First write extensions, then the total length */
     extension_start = buf;
-    total_ext_len = 0;
     buf += 2;
 
     /* Supported Versions Extension is mandatory with TLS 1.3.
@@ -302,7 +302,6 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl,
     ret = ssl_tls13_write_supported_versions_ext( ssl, buf, end, &cur_ext_len );
     if( ret != 0 )
         return( ret );
-    total_ext_len += cur_ext_len;
     buf += cur_ext_len;
 
 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
@@ -312,8 +311,6 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl,
     ret = ssl_tls13_write_supported_groups_ext( ssl, buf, end, &cur_ext_len );
     if( ret != 0 )
         return( ret );
-
-    total_ext_len += cur_ext_len;
     buf += cur_ext_len;
 
     /* The supported_signature_algorithms extension is REQUIRED for
@@ -321,8 +318,6 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl,
     ret = mbedtls_ssl_tls13_write_sig_alg_ext( ssl, buf, end, &cur_ext_len );
     if( ret != 0 )
         return( ret );
-
-    total_ext_len += cur_ext_len;
     buf += cur_ext_len;
 
     /* We need to send the key shares under three conditions:
@@ -338,13 +333,13 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl,
     ret = ssl_tls13_write_key_shares_ext( ssl, buf, end, &cur_ext_len );
     if( ret != 0 )
         return( ret );
-
-    total_ext_len += cur_ext_len;
     buf += cur_ext_len;
+
 #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
 
     /* Add more extensions here */
 
+    total_ext_len = buf - extension_start - 2;
     MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, total extension length: %" MBEDTLS_PRINTF_SIZET ,
                                 total_ext_len ) );
 
@@ -354,7 +349,7 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl,
     MBEDTLS_PUT_UINT16_BE( total_ext_len, extension_start, 0 );
     extension_start += 2;
 
-    *len_with_binders = ( extension_start + total_ext_len ) - start;
+    *len_with_binders = buf - start;
     return( 0 );
 }
 
@@ -390,9 +385,6 @@ static int ssl_tls13_prepare_client_hello( mbedtls_ssl_context *ssl )
  *
  * Structure of this message:
  *
- *    uint16 ProtocolVersion;
- *    opaque Random[32];
- *    uint8 CipherSuite[2];     // Cryptographic suite selector
  *    struct {
  *        ProtocolVersion legacy_version = 0x0303;    // TLS v1.2
  *        Random random;

From a2cf7bd2436f3ad506272547e3674bc40a827527 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Tue, 31 Aug 2021 16:12:00 +0800
Subject: [PATCH 431/966] fix comment issues

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 include/mbedtls/ssl.h | 10 +++++-----
 library/ssl_misc.h    |  4 ++--
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 540ff1fc52..b0491bfead 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -472,19 +472,19 @@
 #define MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH          1
 
 #define MBEDTLS_TLS_EXT_TRUNCATED_HMAC               4
-#define MBEDTLS_TLS_EXT_STATUS_REQUEST               5 /* RFC 6066 TLS 1.3 */
+#define MBEDTLS_TLS_EXT_STATUS_REQUEST               5 /* RFC 6066 TLS 1.2 and 1.3 */
 
 #define MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES   10
-#define MBEDTLS_TLS_EXT_SUPPORTED_GROUPS            10 /* RFC 8422,7919 TLS 1.3 */
+#define MBEDTLS_TLS_EXT_SUPPORTED_GROUPS            10 /* RFC 8422,7919 TLS 1.2 and 1.3 */
 #define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS     11
 
 #define MBEDTLS_TLS_EXT_SIG_ALG                     13 /* RFC 8446 TLS 1.3 */
 #define MBEDTLS_TLS_EXT_USE_SRTP                    14
-#define MBEDTLS_TLS_EXT_HEARTBEAT                   15 /* RFC 6520 TLS 1.3 */
+#define MBEDTLS_TLS_EXT_HEARTBEAT                   15 /* RFC 6520 TLS 1.2 and 1.3 */
 #define MBEDTLS_TLS_EXT_ALPN                        16
 
-#define MBEDTLS_TLS_EXT_SCT                         18 /* RFC 6962 TLS 1.3 */
-#define MBEDTLS_TLS_EXT_CLI_CERT_TYPE               19 /* RFC 7259 TLS 1.3 */
+#define MBEDTLS_TLS_EXT_SCT                         18 /* RFC 6962 TLS 1.2 and 1.3 */
+#define MBEDTLS_TLS_EXT_CLI_CERT_TYPE               19 /* RFC 7250 TLS 1.3 */
 #define MBEDTLS_TLS_EXT_SERV_CERT_TYPE              20 /* RFC 7250 TLS 1.3 */
 #define MBEDTLS_TLS_EXT_PADDING                     21 /* RFC 7685 TLS 1.3 */
 #define MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC            22 /* 0x16 */
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index e93e55b633..6b17667bfe 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -960,14 +960,14 @@ int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl );
 void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl );
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
 /**
- * \brief           TLS1.3 client side state machine entry
+ * \brief           TLS 1.3 client side state machine entry
  *
  * \param ssl       SSL context
  */
 int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl );
 
 /**
- * \brief           TLS1.3 server side state machine entry
+ * \brief           TLS 1.3 server side state machine entry
  *
  * \param ssl       SSL context
  */

From b7ab336b3a98c2d2e8c8ff0bd5d328647e01849a Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Tue, 31 Aug 2021 16:16:19 +0800
Subject: [PATCH 432/966] fix format issue

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_tls13_client.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index f9cfff5217..736cd208e4 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -65,7 +65,7 @@ static int ssl_tls13_write_supported_versions_ext( mbedtls_ssl_context *ssl,
     MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS, p, 0 );
 
     /* Write Extension Length */
-    MBEDTLS_PUT_UINT16_BE( 3, p, 2);
+    MBEDTLS_PUT_UINT16_BE( 3, p, 2 );
     p += 4;
 
     /* Length of the SupportedVersions field data */
@@ -169,7 +169,7 @@ static int ssl_tls13_write_client_hello_ciphersuites(
         /* Check for available spaces */
         MBEDTLS_SSL_CHK_BUF_PTR( buf, end, 2 );
 
-        MBEDTLS_PUT_UINT16_BE( ciphersuites[i], ciphersuite_iter, 0);
+        MBEDTLS_PUT_UINT16_BE( ciphersuites[i], ciphersuite_iter, 0 );
         ciphersuite_iter += 2;
 
     }
@@ -245,7 +245,7 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl,
      *  In cTLS the version number is elided.
      */
     MBEDTLS_SSL_CHK_BUF_PTR( buf, end, CLIENT_HELLO_LEGACY_VERSION_LEN );
-    MBEDTLS_PUT_UINT16_BE( 0x0303, buf, 0);
+    MBEDTLS_PUT_UINT16_BE( 0x0303, buf, 0 );
     buf += CLIENT_HELLO_LEGACY_VERSION_LEN;
 
     /* Write random bytes

From f171e836eb58f79f315f0d12cde0c50847a22647 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Tue, 31 Aug 2021 18:31:09 +0800
Subject: [PATCH 433/966] fix lenght mismatch error

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_tls13_client.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 736cd208e4..41d2a321ec 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -184,6 +184,8 @@ static int ssl_tls13_write_client_hello_ciphersuites(
                            ( "client hello, got %" MBEDTLS_PRINTF_SIZET " ciphersuites",
                              buf_len/2 ) );
 
+    *olen = ciphersuite_iter - buf;
+
     return( 0 );
 }
 

From 1bc2c1f1a3086a0d20c0251580f1ecd7564a0e7c Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Wed, 1 Sep 2021 12:57:29 +0800
Subject: [PATCH 434/966] fix various issues

fix comments, format and name conversion issues

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 include/mbedtls/ssl.h       |   6 +-
 library/ssl_tls13_client.c  | 240 ++++++++++++++++--------------------
 library/ssl_tls13_generic.c |   8 ++
 3 files changed, 120 insertions(+), 134 deletions(-)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index b0491bfead..f533859959 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -484,9 +484,9 @@
 #define MBEDTLS_TLS_EXT_ALPN                        16
 
 #define MBEDTLS_TLS_EXT_SCT                         18 /* RFC 6962 TLS 1.2 and 1.3 */
-#define MBEDTLS_TLS_EXT_CLI_CERT_TYPE               19 /* RFC 7250 TLS 1.3 */
-#define MBEDTLS_TLS_EXT_SERV_CERT_TYPE              20 /* RFC 7250 TLS 1.3 */
-#define MBEDTLS_TLS_EXT_PADDING                     21 /* RFC 7685 TLS 1.3 */
+#define MBEDTLS_TLS_EXT_CLI_CERT_TYPE               19 /* RFC 7250 TLS 1.2 and 1.3 */
+#define MBEDTLS_TLS_EXT_SERV_CERT_TYPE              20 /* RFC 7250 TLS 1.2 and 1.3 */
+#define MBEDTLS_TLS_EXT_PADDING                     21 /* RFC 7685 TLS 1.2 and 1.3 */
 #define MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC            22 /* 0x16 */
 #define MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET  0x0017 /* 23 */
 
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 41d2a321ec..944e5b50c3 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -31,7 +31,7 @@
 #include <mbedtls/debug.h>
 
 #define CLIENT_HELLO_RANDOM_LEN 32
-#define CLIENT_HELLO_LEGACY_VERSION_LEN    2
+#define CLIENT_HELLO_LEGACY_VERSION_LEN 2
 
 /* Write extensions */
 
@@ -54,25 +54,31 @@ static int ssl_tls13_write_supported_versions_ext( mbedtls_ssl_context *ssl,
     MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported versions extension" ) );
 
     /*
-     * ExtensionType    2
-     * ExtensionLength  2
-     * VersionSLength   1
-     * Version          2
+     * Reserve space for extension header.
+     *
+     * extension_type           2
+     * extension_data_length    2
+     * version_length           1
+     * versions                 2
      */
     MBEDTLS_SSL_CHK_BUF_PTR( p, end, 7 );
 
-    /* Write Extension Type */
+    /* Write extension_type */
     MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS, p, 0 );
 
-    /* Write Extension Length */
+    /* Write extension_data_length */
     MBEDTLS_PUT_UINT16_BE( 3, p, 2 );
     p += 4;
 
-    /* Length of the SupportedVersions field data */
+    /* Length of versions */
     *p++ = 0x2;
 
-    /* This implementation only supports a single TLS version, and only
-     * advertises a single value.
+    /* Write values of supported version.
+     *
+     * They are come from configuration values. And
+     * ssl_conf_check has valided the values.
+     *
+     * Currently, only one vesrion is advertised.
      */
     mbedtls_ssl_write_version( ssl->conf->max_major_ver,
                                ssl->conf->max_minor_ver,
@@ -115,22 +121,22 @@ static int ssl_tls13_write_key_shares_ext( mbedtls_ssl_context *ssl,
 
 #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
 
-/* Write ciphersuites
+/*
+ * Functions for writing ClientHello message.
+ */
+/* Write cipher_suites
  * CipherSuite cipher_suites<2..2^16-2>;
  */
-static int ssl_tls13_write_client_hello_ciphersuites(
+static int ssl_tls13_write_client_hello_cipher_suites(
             mbedtls_ssl_context *ssl,
             unsigned char *buf,
             unsigned char *end,
             size_t *olen )
 {
-    /* Ciphersuite-related variables */
-    const int *ciphersuites;
-    const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
-    /*  ciphersuite_start points to the start of
-        the ciphersuite list, i.e. to the length field*/
-    unsigned char *ciphersuite_start, *ciphersuite_iter;
-    size_t buf_len;
+    const int *cipher_suite_list;
+    unsigned char *cipher_suites_start; /* start of the cipher_suite_list */
+    unsigned char *cipher_suites_iter;  /* iteration of the cipher_suite_list */
+    size_t cipher_suites_len;
 
     *olen = 0 ;
 
@@ -142,164 +148,146 @@ static int ssl_tls13_write_client_hello_ciphersuites(
      * ( including secret key length ) and a hash to be used with
      * HKDF, in descending order of client preference.
      */
-    ciphersuites = ssl->conf->ciphersuite_list;
+    cipher_suite_list = ssl->conf->ciphersuite_list;
 
-    /* Check available spaces for ciphersuite */
+    /* Check there is space for the cipher suite list length (2 bytes). */
     MBEDTLS_SSL_CHK_BUF_PTR( buf, end, 2 );
 
-    /* Write ciphersuites */
-    ciphersuite_start = buf + 2;
-    ciphersuite_iter  = ciphersuite_start;
+    /* Write cipher_suite_list */
+    cipher_suites_start = buf + 2;
+    cipher_suites_iter  = cipher_suites_start;
 
-    for ( size_t i = 0; ciphersuites[i] != 0; i++ )
+    for ( size_t i = 0; cipher_suite_list[i] != 0; i++ )
     {
-        ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( ciphersuites[i] );
+        int cipher_suite = cipher_suite_list[i];
+        const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
 
+        ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( cipher_suite );
         if( ciphersuite_info == NULL )
             continue;
-
         if( ciphersuite_info->min_minor_ver != MBEDTLS_SSL_MINOR_VERSION_4 ||
             ciphersuite_info->max_minor_ver != MBEDTLS_SSL_MINOR_VERSION_4 )
             continue;
 
         MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, add ciphersuite: %04x, %s",
-                                    (unsigned int) ciphersuites[i],
+                                    (unsigned int) cipher_suite,
                                     ciphersuite_info->name ) );
 
-        /* Check for available spaces */
+        /* Check there is space for the cipher suite identifier (2 bytes). */
         MBEDTLS_SSL_CHK_BUF_PTR( buf, end, 2 );
-
-        MBEDTLS_PUT_UINT16_BE( ciphersuites[i], ciphersuite_iter, 0 );
-        ciphersuite_iter += 2;
-
+        MBEDTLS_PUT_UINT16_BE( cipher_suite, cipher_suites_iter, 0 );
+        cipher_suites_iter += 2;
     }
 
-    buf_len = ciphersuite_iter - ciphersuite_start;
-
-    /* write ciphersuite buf length */
-    MBEDTLS_PUT_UINT16_BE( buf_len, buf, 0 );
-
-
+    /* Write the cipher_suite_list length in number of bytes */
+    cipher_suites_len = cipher_suites_iter - cipher_suites_start;
+    MBEDTLS_PUT_UINT16_BE( cipher_suites_len, buf, 0 );
     MBEDTLS_SSL_DEBUG_MSG( 3,
-                           ( "client hello, got %" MBEDTLS_PRINTF_SIZET " ciphersuites",
-                             buf_len/2 ) );
+                           ( "client hello, got %" MBEDTLS_PRINTF_SIZET " cipher suites",
+                             cipher_suites_len/2 ) );
 
-    *olen = ciphersuite_iter - buf;
+    /* Output the total length of cipher_suites field. */
+    *olen = cipher_suites_iter - buf;
 
     return( 0 );
 }
 
-/* Functions for writing ClientHello message */
+/*
+ * Structure of ClientHello message:
+ *
+ *    struct {
+ *        ProtocolVersion legacy_version = 0x0303;    // TLS v1.2
+ *        Random random;
+ *        opaque legacy_session_id<0..32>;
+ *        CipherSuite cipher_suites<2..2^16-2>;
+ *        opaque legacy_compression_methods<1..2^8-1>;
+ *        Extension extensions<8..2^16-1>;
+ *    } ClientHello;
+ */
 static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl,
                                               unsigned char *buf,
                                               size_t buflen,
-                                              size_t *len_with_binders )
+                                              size_t *olen )
 {
-    /* Extensions */
 
-    /* extension_start
-     *    Used during extension writing where the
-     *    buffer pointer to the beginning of the
-     *    extension list must be kept to write
-     *    the total extension list size in the end.
-     */
     int ret;
-    unsigned char *extension_start;
-    size_t cur_ext_len;          /* Size of the current extension */
-    size_t total_ext_len;        /* Size of list of extensions    */
+    unsigned char *extension_start; /* Start of extensions buffer */
+    size_t cur_ext_len;             /* Size of the current extension */
+    size_t total_ext_len;           /* Size of list of extensions    */
 
     /* Buffer management */
     unsigned char *start = buf;
     unsigned char *end = buf + buflen;
 
-    *len_with_binders = 0;
-
-    /* Keeping track of the included extensions */
-    ssl->handshake->extensions_present = MBEDTLS_SSL_EXT_NONE;
-
-    /* NOTE:
-     * Even for DTLS 1.3, we are writing a TLS handshake header here.
-     * The actual DTLS 1.3 handshake header is inserted in
-     * the record writing routine mbedtls_ssl_write_record().
-     *
-     * For cTLS the length, and the version field
-     * are elided. The random bytes are shorter.
-     */
-
-    if( ssl->conf->max_major_ver == 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "configured max major version is invalid, "
-                                    "consider using mbedtls_ssl_config_defaults()" ) );
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-    }
+    *olen = 0;
 
+    /* No validation needed here. It has been done by ssl_conf_check() */
     ssl->major_ver = ssl->conf->min_major_ver;
     ssl->minor_ver = ssl->conf->min_minor_ver;
 
-    /* Write legacy_version
+    /*
+     * Write legacy_version
      *    ProtocolVersion legacy_version = 0x0303;    // TLS v1.2
-     * For TLS 1.3 we use the legacy version number {0x03, 0x03}
+     *
+     *  For TLS 1.3 we use the legacy version number {0x03, 0x03}
      *  instead of the true version number.
-     *
-     *  For DTLS 1.3 we use the legacy version number
-     *  {254,253}.
-     *
-     *  In cTLS the version number is elided.
      */
     MBEDTLS_SSL_CHK_BUF_PTR( buf, end, CLIENT_HELLO_LEGACY_VERSION_LEN );
     MBEDTLS_PUT_UINT16_BE( 0x0303, buf, 0 );
     buf += CLIENT_HELLO_LEGACY_VERSION_LEN;
 
-    /* Write random bytes
-            Random random
-    */
+    /* Write the random bytes ( random ).*/
     MBEDTLS_SSL_CHK_BUF_PTR( buf, end, CLIENT_HELLO_RANDOM_LEN );
     memcpy( buf, ssl->handshake->randbytes, CLIENT_HELLO_RANDOM_LEN );
     MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, random bytes",
                            buf, CLIENT_HELLO_RANDOM_LEN );
-
     buf += CLIENT_HELLO_RANDOM_LEN;
 
-    /* Versions of TLS before TLS 1.3 supported a
-     * "session resumption" feature which has been merged with pre-shared
-     * keys in this version. A client which has a
-     * cached session ID set by a pre-TLS 1.3 server SHOULD set this
-     * field to that value. In compatibility mode,
-     * this field MUST be non-empty, so a client not offering a
-     * pre-TLS 1.3 session MUST generate a new 32-byte value. This value
-     * need not be random but SHOULD be unpredictable to avoid
-     * implementations fixating on a specific value ( also known as
-     * ossification ). Otherwise, it MUST be set as a zero-length vector
-     * ( i.e., a zero-valued single byte length field ).
+    /*
+     * Write legacy_session_id
+     *
+     * Versions of TLS before TLS 1.3 supported a "session resumption" feature
+     * which has been merged with pre-shared keys in this version. A client
+     * which has a cached session ID set by a pre-TLS 1.3 server SHOULD set
+     * this field to that value. In compatibility mode, this field MUST be
+     * non-empty, so a client not offering a pre-TLS 1.3 session MUST generate
+     * a new 32-byte value. This value need not be random but SHOULD be
+     * unpredictable to avoid implementations fixating on a specific value
+     * ( also known as ossification ). Otherwise, it MUST be set as a zero-length
+     * vector ( i.e., a zero-valued single byte length field ).
      */
     MBEDTLS_SSL_CHK_BUF_PTR( buf, end, 1 );
     *buf++ = 0; /* session id length set to zero */
 
-    /* Write ciphersuites */
-    ret = ssl_tls13_write_client_hello_ciphersuites( ssl, buf, end, &cur_ext_len );
+    /* Write cipher_suites */
+    ret = ssl_tls13_write_client_hello_cipher_suites( ssl, buf, end, &cur_ext_len );
     if( ret != 0)
         return( ret );
     buf += cur_ext_len;
 
-    /* For every TLS 1.3 ClientHello, this vector MUST contain exactly
+    /* Write legacy_compression_methods
+     *
+     * For every TLS 1.3 ClientHello, this vector MUST contain exactly
      * one byte set to zero, which corresponds to the 'null' compression
      * method in prior versions of TLS.
-     *
-     * For cTLS this field is elided.
      */
     MBEDTLS_SSL_CHK_BUF_PTR( buf, end, 2 );
     *buf++ = 1;
     *buf++ = MBEDTLS_SSL_COMPRESS_NULL;
 
+    /* Write extensions */
+
+    /* Keeping track of the included extensions */
+    ssl->handshake->extensions_present = MBEDTLS_SSL_EXT_NONE;
 
     /* First write extensions, then the total length */
+    MBEDTLS_SSL_CHK_BUF_PTR( buf, end, 2 );
     extension_start = buf;
     buf += 2;
 
-    /* Supported Versions Extension is mandatory with TLS 1.3.
+    /* Write supported_versions extension
      *
-     * For cTLS we only need to provide it if there is more than one version
-     * and currently there is only one.
+     * Supported Versions Extension is mandatory with TLS 1.3.
      */
     ret = ssl_tls13_write_supported_versions_ext( ssl, buf, end, &cur_ext_len );
     if( ret != 0 )
@@ -307,22 +295,18 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl,
     buf += cur_ext_len;
 
 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
-    /* The supported_groups and the key_share extensions are
-     * REQUIRED for ECDHE ciphersuites.
+    /* Write supported_groups extension
+     *
+     * It is REQUIRED for ECDHE cipher_suites.
      */
     ret = ssl_tls13_write_supported_groups_ext( ssl, buf, end, &cur_ext_len );
     if( ret != 0 )
         return( ret );
     buf += cur_ext_len;
 
-    /* The supported_signature_algorithms extension is REQUIRED for
-     * certificate authenticated ciphersuites. */
-    ret = mbedtls_ssl_tls13_write_sig_alg_ext( ssl, buf, end, &cur_ext_len );
-    if( ret != 0 )
-        return( ret );
-    buf += cur_ext_len;
-
-    /* We need to send the key shares under three conditions:
+    /* Write key_share extension
+     *
+     * We need to send the key shares under three conditions:
      * 1) A certificate-based ciphersuite is being offered. In this case
      *    supported_groups and supported_signature extensions have been
      *    successfully added.
@@ -331,27 +315,32 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl,
      * 3) Or, in case all ciphers are supported ( which includes #1 and #2
      *    from above )
      */
-
     ret = ssl_tls13_write_key_shares_ext( ssl, buf, end, &cur_ext_len );
     if( ret != 0 )
         return( ret );
     buf += cur_ext_len;
 
+    /* Write signature_algorithms extension
+     *
+     * It is REQUIRED for certificate authenticated cipher_suites.
+     */
+    ret = mbedtls_ssl_tls13_write_sig_alg_ext( ssl, buf, end, &cur_ext_len );
+    if( ret != 0 )
+        return( ret );
+    buf += cur_ext_len;
+
 #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
 
     /* Add more extensions here */
 
+    /* Write the length of the list of extensions. */
     total_ext_len = buf - extension_start - 2;
     MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, total extension length: %" MBEDTLS_PRINTF_SIZET ,
                                 total_ext_len ) );
-
     MBEDTLS_SSL_DEBUG_BUF( 3, "client hello extensions", extension_start, total_ext_len );
-
-    /* Write extension length */
     MBEDTLS_PUT_UINT16_BE( total_ext_len, extension_start, 0 );
-    extension_start += 2;
 
-    *len_with_binders = buf - start;
+    *olen = buf - start;
     return( 0 );
 }
 
@@ -384,17 +373,6 @@ static int ssl_tls13_prepare_client_hello( mbedtls_ssl_context *ssl )
 
 /*
  * Write ClientHello handshake message.
- *
- * Structure of this message:
- *
- *    struct {
- *        ProtocolVersion legacy_version = 0x0303;    // TLS v1.2
- *        Random random;
- *        opaque legacy_session_id<0..32>;
- *        CipherSuite cipher_suites<2..2^16-2>;
- *        opaque legacy_compression_methods<1..2^8-1>;
- *        Extension extensions<8..2^16-1>;
- *    } ClientHello;
  */
 static int ssl_tls13_write_client_hello( mbedtls_ssl_context *ssl )
 {
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 1713d4c813..f33c2f636b 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -32,6 +32,13 @@ int mbedtls_ssl_tls13_start_handshake_msg( mbedtls_ssl_context *ssl,
                                            unsigned char **buf,
                                            size_t *buflen )
 {
+    /*
+     * Reserve 4 bytes for hanshake header. ( Section 4,RFC 8446 )
+     *    ...
+     *    HandshakeType msg_type;
+     *    uint24 length;
+     *    ...
+     */
     *buf = ssl->out_msg + 4;
     *buflen = MBEDTLS_SSL_OUT_CONTENT_LEN - 4;
 
@@ -48,6 +55,7 @@ int mbedtls_ssl_tls13_finish_handshake_msg( mbedtls_ssl_context *ssl,
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     ((void) buf_len);
 
+    /* Add reserved 4 bytes for handshake header */
     ssl->out_msglen = msg_len + 4;
     MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_write_handshake_msg_ext, ( ssl, 0 ) );
 

From 790656a0a61961296552b75b446bc3f4c50d1b32 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Wed, 1 Sep 2021 15:51:48 +0800
Subject: [PATCH 435/966] fix name conversion issues

fix name conversion issues in `ssl_tls13_write_client_hello_body`

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_tls13_client.c | 36 ++++++++++++++++++------------------
 1 file changed, 18 insertions(+), 18 deletions(-)

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 944e5b50c3..d354087413 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -211,9 +211,9 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl,
 {
 
     int ret;
-    unsigned char *extension_start; /* Start of extensions buffer */
-    size_t cur_ext_len;             /* Size of the current extension */
-    size_t total_ext_len;           /* Size of list of extensions    */
+    unsigned char *extensions_len_ptr; /* pointer of extensions length */
+    size_t output_len;                 /* Length of buffer used by function */
+    size_t extensions_len;             /* Length of the list of extensions*/
 
     /* Buffer management */
     unsigned char *start = buf;
@@ -260,10 +260,10 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl,
     *buf++ = 0; /* session id length set to zero */
 
     /* Write cipher_suites */
-    ret = ssl_tls13_write_client_hello_cipher_suites( ssl, buf, end, &cur_ext_len );
+    ret = ssl_tls13_write_client_hello_cipher_suites( ssl, buf, end, &output_len );
     if( ret != 0)
         return( ret );
-    buf += cur_ext_len;
+    buf += output_len;
 
     /* Write legacy_compression_methods
      *
@@ -282,27 +282,27 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl,
 
     /* First write extensions, then the total length */
     MBEDTLS_SSL_CHK_BUF_PTR( buf, end, 2 );
-    extension_start = buf;
+    extensions_len_ptr = buf;
     buf += 2;
 
     /* Write supported_versions extension
      *
      * Supported Versions Extension is mandatory with TLS 1.3.
      */
-    ret = ssl_tls13_write_supported_versions_ext( ssl, buf, end, &cur_ext_len );
+    ret = ssl_tls13_write_supported_versions_ext( ssl, buf, end, &output_len );
     if( ret != 0 )
         return( ret );
-    buf += cur_ext_len;
+    buf += output_len;
 
 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
     /* Write supported_groups extension
      *
      * It is REQUIRED for ECDHE cipher_suites.
      */
-    ret = ssl_tls13_write_supported_groups_ext( ssl, buf, end, &cur_ext_len );
+    ret = ssl_tls13_write_supported_groups_ext( ssl, buf, end, &output_len );
     if( ret != 0 )
         return( ret );
-    buf += cur_ext_len;
+    buf += output_len;
 
     /* Write key_share extension
      *
@@ -315,30 +315,30 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl,
      * 3) Or, in case all ciphers are supported ( which includes #1 and #2
      *    from above )
      */
-    ret = ssl_tls13_write_key_shares_ext( ssl, buf, end, &cur_ext_len );
+    ret = ssl_tls13_write_key_shares_ext( ssl, buf, end, &output_len );
     if( ret != 0 )
         return( ret );
-    buf += cur_ext_len;
+    buf += output_len;
 
     /* Write signature_algorithms extension
      *
      * It is REQUIRED for certificate authenticated cipher_suites.
      */
-    ret = mbedtls_ssl_tls13_write_sig_alg_ext( ssl, buf, end, &cur_ext_len );
+    ret = mbedtls_ssl_tls13_write_sig_alg_ext( ssl, buf, end, &output_len );
     if( ret != 0 )
         return( ret );
-    buf += cur_ext_len;
+    buf += output_len;
 
 #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
 
     /* Add more extensions here */
 
     /* Write the length of the list of extensions. */
-    total_ext_len = buf - extension_start - 2;
+    extensions_len = buf - extensions_len_ptr - 2;
+    MBEDTLS_PUT_UINT16_BE( extensions_len, extensions_len_ptr, 0 );
     MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, total extension length: %" MBEDTLS_PRINTF_SIZET ,
-                                total_ext_len ) );
-    MBEDTLS_SSL_DEBUG_BUF( 3, "client hello extensions", extension_start, total_ext_len );
-    MBEDTLS_PUT_UINT16_BE( total_ext_len, extension_start, 0 );
+                                extensions_len ) );
+    MBEDTLS_SSL_DEBUG_BUF( 3, "client hello extensions", extensions_len_ptr, extensions_len );
 
     *olen = buf - start;
     return( 0 );

From 0c63af6ed6576aebdb8dcc3ec9852ae42b53c75e Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Thu, 2 Sep 2021 12:59:12 +0800
Subject: [PATCH 436/966] fix comment issues

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_tls13_client.c  | 35 +++++++++++++++++------------------
 library/ssl_tls13_generic.c |  4 ++--
 2 files changed, 19 insertions(+), 20 deletions(-)

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index d354087413..373efff10f 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -54,7 +54,7 @@ static int ssl_tls13_write_supported_versions_ext( mbedtls_ssl_context *ssl,
     MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported versions extension" ) );
 
     /*
-     * Reserve space for extension header.
+     * Check space for extension header.
      *
      * extension_type           2
      * extension_data_length    2
@@ -73,12 +73,11 @@ static int ssl_tls13_write_supported_versions_ext( mbedtls_ssl_context *ssl,
     /* Length of versions */
     *p++ = 0x2;
 
-    /* Write values of supported version.
+    /* Write values of supported versions.
      *
-     * They are come from configuration values. And
-     * ssl_conf_check has valided the values.
+     * They are defined by the configuration.
      *
-     * Currently, only one vesrion is advertised.
+     * Currently, only one version is advertised.
      */
     mbedtls_ssl_write_version( ssl->conf->max_major_ver,
                                ssl->conf->max_minor_ver,
@@ -133,9 +132,9 @@ static int ssl_tls13_write_client_hello_cipher_suites(
             unsigned char *end,
             size_t *olen )
 {
-    const int *cipher_suite_list;
-    unsigned char *cipher_suites_start; /* start of the cipher_suite_list */
-    unsigned char *cipher_suites_iter;  /* iteration of the cipher_suite_list */
+    const int *ciphersuite_list;
+    unsigned char *cipher_suites_start; /* Start of the cipher_suites list */
+    unsigned char *cipher_suites_iter;  /* Iteration over the cipher_suites list */
     size_t cipher_suites_len;
 
     *olen = 0 ;
@@ -148,18 +147,18 @@ static int ssl_tls13_write_client_hello_cipher_suites(
      * ( including secret key length ) and a hash to be used with
      * HKDF, in descending order of client preference.
      */
-    cipher_suite_list = ssl->conf->ciphersuite_list;
+    ciphersuite_list = ssl->conf->ciphersuite_list;
 
     /* Check there is space for the cipher suite list length (2 bytes). */
     MBEDTLS_SSL_CHK_BUF_PTR( buf, end, 2 );
 
-    /* Write cipher_suite_list */
+    /* Write cipher_suites */
     cipher_suites_start = buf + 2;
     cipher_suites_iter  = cipher_suites_start;
 
-    for ( size_t i = 0; cipher_suite_list[i] != 0; i++ )
+    for ( size_t i = 0; ciphersuite_list[i] != 0; i++ )
     {
-        int cipher_suite = cipher_suite_list[i];
+        int cipher_suite = ciphersuite_list[i];
         const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
 
         ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( cipher_suite );
@@ -179,7 +178,7 @@ static int ssl_tls13_write_client_hello_cipher_suites(
         cipher_suites_iter += 2;
     }
 
-    /* Write the cipher_suite_list length in number of bytes */
+    /* Write the cipher_suites length in number of bytes */
     cipher_suites_len = cipher_suites_iter - cipher_suites_start;
     MBEDTLS_PUT_UINT16_BE( cipher_suites_len, buf, 0 );
     MBEDTLS_SSL_DEBUG_MSG( 3,
@@ -211,7 +210,7 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl,
 {
 
     int ret;
-    unsigned char *extensions_len_ptr; /* pointer of extensions length */
+    unsigned char *extensions_len_ptr; /* Pointer of extensions length */
     size_t output_len;                 /* Length of buffer used by function */
     size_t extensions_len;             /* Length of the list of extensions*/
 
@@ -392,8 +391,8 @@ static int ssl_tls13_write_client_hello( mbedtls_ssl_context *ssl )
                           ( ssl, buf, buf_len, &msg_len ) );
 
     mbedtls_ssl_tls13_add_hs_hdr_to_checksum( ssl, MBEDTLS_SSL_HS_CLIENT_HELLO,
-                                        msg_len );
-    ssl->handshake->update_checksum( ssl, buf, 0 );
+                                              msg_len );
+    ssl->handshake->update_checksum( ssl, buf, msg_len );
 
     MBEDTLS_SSL_PROC_CHK( ssl_tls13_finalize_client_hello, ( ssl ) );
     MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_finish_handshake_msg,
@@ -420,8 +419,8 @@ int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl )
     switch( ssl->state )
     {
         /*
-         * ssl->state is initialized as HELLO_REQUEST. It is same
-         * with CLIENT_HELLO status
+         * ssl->state is initialized as HELLO_REQUEST. It is the same
+         * as CLIENT_HELLO state.
          */
         case MBEDTLS_SSL_HELLO_REQUEST:
         case MBEDTLS_SSL_CLIENT_HELLO:
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index f33c2f636b..fb6da346fc 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -30,7 +30,7 @@
 int mbedtls_ssl_tls13_start_handshake_msg( mbedtls_ssl_context *ssl,
                                            unsigned hs_type,
                                            unsigned char **buf,
-                                           size_t *buflen )
+                                           size_t *buf_len )
 {
     /*
      * Reserve 4 bytes for hanshake header. ( Section 4,RFC 8446 )
@@ -40,7 +40,7 @@ int mbedtls_ssl_tls13_start_handshake_msg( mbedtls_ssl_context *ssl,
      *    ...
      */
     *buf = ssl->out_msg + 4;
-    *buflen = MBEDTLS_SSL_OUT_CONTENT_LEN - 4;
+    *buf_len = MBEDTLS_SSL_OUT_CONTENT_LEN - 4;
 
     ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
     ssl->out_msg[0]  = hs_type;

From 2c0fbf3405aa1d71f8f2d966a06399454a53afce Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Thu, 2 Sep 2021 13:53:46 +0800
Subject: [PATCH 437/966] modify proc_chk macros

- change the parameter
- remove debug output
- remove return value modify

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_misc.h          | 17 ++++-------------
 library/ssl_tls13_client.c  | 23 +++++++++++++----------
 library/ssl_tls13_generic.c |  2 +-
 3 files changed, 18 insertions(+), 24 deletions(-)

diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 6b17667bfe..e16c674cb0 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -26,7 +26,6 @@
 
 #include "mbedtls/ssl.h"
 #include "mbedtls/cipher.h"
-#include "mbedtls/debug.h"
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
 #include "psa/crypto.h"
@@ -135,33 +134,25 @@
 /*
  * Helper macros for function call with returen check.
  */
-/* utils for strip parens in marcro */
-#define MBEDTLS_SSL_PROC_STRIP_PARENS( ... )   __VA_ARGS__
-
 /*
  * Exit and print debug message when return none zero value
  */
-#define MBEDTLS_SSL_PROC_CHK( fn, args )                        \
+#define MBEDTLS_SSL_PROC_CHK( f )                               \
     do {                                                        \
-        ret = fn(MBEDTLS_SSL_PROC_STRIP_PARENS args);           \
+        ret = ( f );                                            \
         if( ret != 0 )                                          \
         {                                                       \
-            if( ret > 0 )                                       \
-                ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;           \
-            MBEDTLS_SSL_DEBUG_RET( 1, #fn, ret );               \
             goto cleanup;                                       \
         }                                                       \
     } while( 0 )
-
 /*
  * Exit and print debug message when return negative value
  */
-#define MBEDTLS_SSL_PROC_CHK_NEG( fn, args )                    \
+#define MBEDTLS_SSL_PROC_CHK_NEG( f )                           \
     do {                                                        \
-        ret = fn(MBEDTLS_SSL_PROC_STRIP_PARENS args);           \
+        ret = ( f );                                            \
         if( ret < 0 )                                           \
         {                                                       \
-            MBEDTLS_SSL_DEBUG_RET( 1, #fn, ret );               \
             goto cleanup;                                       \
         }                                                       \
     } while( 0 )
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 373efff10f..6b89273353 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -381,22 +381,25 @@ static int ssl_tls13_write_client_hello( mbedtls_ssl_context *ssl )
 
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write client hello" ) );
 
-    MBEDTLS_SSL_PROC_CHK( ssl_tls13_prepare_client_hello, ( ssl ) );
+    MBEDTLS_SSL_PROC_CHK( ssl_tls13_prepare_client_hello( ssl ) );
 
-    MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_start_handshake_msg,
-                          ( ssl, MBEDTLS_SSL_HS_CLIENT_HELLO,
-                          &buf, &buf_len ) );
+    MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_start_handshake_msg(
+                                ssl, MBEDTLS_SSL_HS_CLIENT_HELLO,
+                                &buf, &buf_len ) );
 
-    MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_client_hello_body,
-                          ( ssl, buf, buf_len, &msg_len ) );
+    MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_client_hello_body( ssl, buf,
+                                                             buf_len,
+                                                             &msg_len ) );
 
-    mbedtls_ssl_tls13_add_hs_hdr_to_checksum( ssl, MBEDTLS_SSL_HS_CLIENT_HELLO,
+    mbedtls_ssl_tls13_add_hs_hdr_to_checksum( ssl,
+                                              MBEDTLS_SSL_HS_CLIENT_HELLO,
                                               msg_len );
     ssl->handshake->update_checksum( ssl, buf, msg_len );
 
-    MBEDTLS_SSL_PROC_CHK( ssl_tls13_finalize_client_hello, ( ssl ) );
-    MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_finish_handshake_msg,
-                          ( ssl, buf_len, msg_len ) );
+    MBEDTLS_SSL_PROC_CHK( ssl_tls13_finalize_client_hello( ssl ) );
+    MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_finish_handshake_msg( ssl,
+                                                                  buf_len,
+                                                                  msg_len ) );
 
 cleanup:
 
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index fb6da346fc..3c49a379bd 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -57,7 +57,7 @@ int mbedtls_ssl_tls13_finish_handshake_msg( mbedtls_ssl_context *ssl,
 
     /* Add reserved 4 bytes for handshake header */
     ssl->out_msglen = msg_len + 4;
-    MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_write_handshake_msg_ext, ( ssl, 0 ) );
+    MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_write_handshake_msg_ext( ssl, 0 ) );
 
 cleanup:
     return( ret );

From ef387d79a467c77b68605bcfd91a2981518e9b62 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Thu, 2 Sep 2021 13:59:41 +0800
Subject: [PATCH 438/966] change prototype of write body

To keep consistence with others

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_tls13_client.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 6b89273353..262481c6a7 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -205,7 +205,7 @@ static int ssl_tls13_write_client_hello_cipher_suites(
  */
 static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl,
                                               unsigned char *buf,
-                                              size_t buflen,
+                                              unsigned char *end,
                                               size_t *olen )
 {
 
@@ -216,7 +216,6 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl,
 
     /* Buffer management */
     unsigned char *start = buf;
-    unsigned char *end = buf + buflen;
 
     *olen = 0;
 
@@ -388,7 +387,7 @@ static int ssl_tls13_write_client_hello( mbedtls_ssl_context *ssl )
                                 &buf, &buf_len ) );
 
     MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_client_hello_body( ssl, buf,
-                                                             buf_len,
+                                                             buf + buf_len,
                                                              &msg_len ) );
 
     mbedtls_ssl_tls13_add_hs_hdr_to_checksum( ssl,

From 3050f054f23e1f1b8e23df6d7593aa97848e6159 Mon Sep 17 00:00:00 2001
From: Mateusz Starzyk <mateusz.starzyk@mobica.com>
Date: Thu, 2 Sep 2021 12:38:51 +0200
Subject: [PATCH 439/966] Subtract 1 from input in CCM's incomplete data tests

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
---
 tests/suites/test_suite_ccm.function | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/tests/suites/test_suite_ccm.function b/tests/suites/test_suite_ccm.function
index 128bd86d98..57f13e3d85 100644
--- a/tests/suites/test_suite_ccm.function
+++ b/tests/suites/test_suite_ccm.function
@@ -533,8 +533,8 @@ void mbedtls_ccm_overflow_ad( int cipher_id, int mode,
     TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 );
     TEST_EQUAL( 0, mbedtls_ccm_starts( &ctx, mode, iv->x, iv->len ) );
     // use hardcoded values for msg length and tag length. They are not a part of this test
-    // set half of auth data length to provoke an overflow
-    TEST_EQUAL( 0, mbedtls_ccm_set_lengths( &ctx, add->len / 2, 16, 16 ) );
+    // subtract 1 from configured auth data length to provoke an overflow
+    TEST_EQUAL( 0, mbedtls_ccm_set_lengths( &ctx, add->len - 1, 16, 16 ) );
 
     TEST_EQUAL( MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_update_ad( &ctx, add->x, add->len) );
 exit:
@@ -556,7 +556,7 @@ void mbedtls_ccm_incomplete_ad( int cipher_id, int mode,
     // use hardcoded values for msg length and tag length. They are not a part of this test
     TEST_EQUAL( 0, mbedtls_ccm_set_lengths( &ctx, add->len, 0, 16 ) );
 
-    TEST_EQUAL( 0, mbedtls_ccm_update_ad( &ctx, add->x, add->len/2) );
+    TEST_EQUAL( 0, mbedtls_ccm_update_ad( &ctx, add->x, add->len - 1) );
 
     ASSERT_ALLOC( output, 16 );
     TEST_EQUAL( MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_finish( &ctx, output, 16 ) );
@@ -605,8 +605,8 @@ void mbedtls_ccm_overflow_update( int cipher_id, int mode,
     TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 );
     TEST_EQUAL( 0, mbedtls_ccm_starts( &ctx, mode, iv->x, iv->len ) );
     // use hardcoded value for tag length. It is a not a part of this test
-    // set half of msg length to provoke an overflow
-    TEST_EQUAL( 0, mbedtls_ccm_set_lengths( &ctx, add->len, msg->len / 2, 16 ) );
+    // subtract 1 from configured msg length to provoke an overflow
+    TEST_EQUAL( 0, mbedtls_ccm_set_lengths( &ctx, add->len, msg->len - 1, 16 ) );
 
     TEST_EQUAL( 0, mbedtls_ccm_update_ad( &ctx, add->x, add->len) );
 
@@ -639,7 +639,7 @@ void mbedtls_ccm_incomplete_update( int cipher_id, int mode,
 
     ASSERT_ALLOC( output, msg->len );
     olen = 0xdeadbeef;
-    TEST_EQUAL( 0, mbedtls_ccm_update( &ctx, msg->x, msg->len/2, output, msg->len, &olen ) );
+    TEST_EQUAL( 0, mbedtls_ccm_update( &ctx, msg->x, msg->len - 1, output, msg->len, &olen ) );
     mbedtls_free( output );
     output = NULL;
 

From d614c0b197a25870fb8ddfa56fdabec01590580c Mon Sep 17 00:00:00 2001
From: Joe Subbiani <joe.subbiani@arm.com>
Date: Thu, 29 Jul 2021 11:18:29 +0100
Subject: [PATCH 440/966] Include translate ciphers tests in all.sh

To run test_translate_ciphers_names.py and _format.sh in the CI, include
it in all.sh component_check_generate_test_code.

Rename check_generate_test_code to check_test_helpers

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
---
 tests/scripts/all.sh | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 9944a853f5..c3517b1403 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -2743,12 +2743,16 @@ component_check_python_files () {
     tests/scripts/check-python-files.sh
 }
 
-component_check_generate_test_code () {
-    msg "uint test: generate_test_code.py"
+component_check_test_helpers () {
+    msg "unit test: generate_test_code.py"
     # unittest writes out mundane stuff like number or tests run on stderr.
     # Our convention is to reserve stderr for actual errors, and write
     # harmless info on stdout so it can be suppress with --quiet.
     ./tests/scripts/test_generate_test_code.py 2>&1
+
+    msg "test: translate_ciphers.py"
+    ./tests/scripts/test_translate_ciphers_format.sh
+    ./tests/scripts/test_translate_ciphers_names.py
 }
 
 ################################################################

From c3610baddf63f85e97fcff8ab766ad9b7f43cb3a Mon Sep 17 00:00:00 2001
From: Joe Subbiani <joe.subbiani@arm.com>
Date: Thu, 29 Jul 2021 11:35:59 +0100
Subject: [PATCH 441/966] Check exit status of translate_ciphers.py

If a call to translate_ciphers.py from compat.sh returns an exit 1
status, the error message will be echod and the program will exit

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
---
 tests/compat.sh | 28 ++++++++++++++++++++--------
 1 file changed, 20 insertions(+), 8 deletions(-)

diff --git a/tests/compat.sh b/tests/compat.sh
index e814e9db16..e532604bf3 100755
--- a/tests/compat.sh
+++ b/tests/compat.sh
@@ -236,6 +236,14 @@ reset_ciphersuites()
     G_CIPHERS=""
 }
 
+check_translation()
+{
+    if [ $? -eq 1 ]; then
+        echo $T
+        exit 1
+    fi
+}
+
 # Ciphersuites that can be used with all peers.
 # Since we currently have three possible peers, each ciphersuite should appear
 # three times: in each peer's list (with the name that this peer uses).
@@ -320,11 +328,13 @@ add_common_ciphersuites()
 
     M_CIPHERS="$M_CIPHERS $CIPHERS"
 
-    G=`python3 scripts/translate_ciphers.py g "$CIPHERS"`
-    G_CIPHERS="$G_CIPHERS $G"
+    T=`python3 scripts/translate_ciphers.py g "$CIPHERS"`
+    check_translation $? $T
+    G_CIPHERS="$G_CIPHERS $T"
 
-    O=`python3 scripts/translate_ciphers.py o "$CIPHERS"`
-    O_CIPHERS="$O_CIPHERS $O"
+    T=`python3 scripts/translate_ciphers.py o "$CIPHERS"`
+    check_translation $? $T
+    O_CIPHERS="$O_CIPHERS $T"
 }
 
 # Ciphersuites usable only with Mbed TLS and OpenSSL
@@ -406,8 +416,9 @@ add_openssl_ciphersuites()
 
     M_CIPHERS="$M_CIPHERS $CIPHERS"
 
-    O=`python3 scripts/translate_ciphers.py o "$CIPHERS"`
-    O_CIPHERS="$O_CIPHERS $O"
+    T=`python3 scripts/translate_ciphers.py o "$CIPHERS"`
+    check_translation $? $T
+    O_CIPHERS="$O_CIPHERS $T"
 }
 
 # Ciphersuites usable only with Mbed TLS and GnuTLS
@@ -539,8 +550,9 @@ add_gnutls_ciphersuites()
 
     M_CIPHERS="$M_CIPHERS $CIPHERS"
 
-    G=`python3 scripts/translate_ciphers.py g "$CIPHERS"`
-    G_CIPHERS="$G_CIPHERS $G"
+    T=`python3 scripts/translate_ciphers.py g "$CIPHERS"`
+    check_translation $? $T
+    G_CIPHERS="$G_CIPHERS $T"
 }
 
 # Ciphersuites usable only with Mbed TLS (not currently supported by another

From 439a696903a9aaa45ed5d3909466c23c2b324b46 Mon Sep 17 00:00:00 2001
From: Joe Subbiani <joe.subbiani@arm.com>
Date: Thu, 29 Jul 2021 12:51:09 +0100
Subject: [PATCH 442/966] Improve translation error checking

If translate_ciphers.py is used incorrectly in compat.sh, an error
check function - check_translation - is called to evaluate and inform
the user of the error that has occured.

Added an output that informs the users an error has taken place in
translate_ciphers.py incase the error response is an empty string.

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
---
 tests/compat.sh | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/tests/compat.sh b/tests/compat.sh
index e532604bf3..36018f2d18 100755
--- a/tests/compat.sh
+++ b/tests/compat.sh
@@ -238,8 +238,9 @@ reset_ciphersuites()
 
 check_translation()
 {
-    if [ $? -eq 1 ]; then
-        echo $T
+    if [ $1 -ne 0 ]; then
+        echo "translate_ciphers.py failed with exit code $1" >&2
+        echo "$2" >&2
         exit 1
     fi
 }
@@ -329,11 +330,11 @@ add_common_ciphersuites()
     M_CIPHERS="$M_CIPHERS $CIPHERS"
 
     T=`python3 scripts/translate_ciphers.py g "$CIPHERS"`
-    check_translation $? $T
+    check_translation $? "$T"
     G_CIPHERS="$G_CIPHERS $T"
 
     T=`python3 scripts/translate_ciphers.py o "$CIPHERS"`
-    check_translation $? $T
+    check_translation $? "$T"
     O_CIPHERS="$O_CIPHERS $T"
 }
 
@@ -417,7 +418,7 @@ add_openssl_ciphersuites()
     M_CIPHERS="$M_CIPHERS $CIPHERS"
 
     T=`python3 scripts/translate_ciphers.py o "$CIPHERS"`
-    check_translation $? $T
+    check_translation $? "$T"
     O_CIPHERS="$O_CIPHERS $T"
 }
 
@@ -551,7 +552,7 @@ add_gnutls_ciphersuites()
     M_CIPHERS="$M_CIPHERS $CIPHERS"
 
     T=`python3 scripts/translate_ciphers.py g "$CIPHERS"`
-    check_translation $? $T
+    check_translation $? "$T"
     G_CIPHERS="$G_CIPHERS $T"
 }
 

From 918ee797cecfeaa8a18da4b159d41eced0e5e266 Mon Sep 17 00:00:00 2001
From: Joe Subbiani <joe.subbiani@arm.com>
Date: Fri, 30 Jul 2021 16:57:04 +0100
Subject: [PATCH 443/966] Improve consitancy and useability

test_translate_ciphers_names.py
- Combined m, o and g ciphers all into one a single list of tuples to
  avoid needing to rely on indexes

test_translate_ciphers_format.sh
- Removed redundant test
- Added return errors

compat.sh
- Improved how translate_ciphers.py is called

translate_ciphers.py
- Improve regex and translation to be more intutive and efficient
- change how arguments are taken and handelled to be more reliable

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
---
 tests/compat.sh                               |   8 +-
 .../scripts/test_translate_ciphers_format.sh  |  96 +-
 tests/scripts/test_translate_ciphers_names.py | 877 +++++++++---------
 tests/scripts/translate_ciphers.py            |  59 +-
 4 files changed, 525 insertions(+), 515 deletions(-)

diff --git a/tests/compat.sh b/tests/compat.sh
index 36018f2d18..4e18fce2d2 100755
--- a/tests/compat.sh
+++ b/tests/compat.sh
@@ -329,11 +329,11 @@ add_common_ciphersuites()
 
     M_CIPHERS="$M_CIPHERS $CIPHERS"
 
-    T=`python3 scripts/translate_ciphers.py g "$CIPHERS"`
+    T=$(./scripts/translate_ciphers.py g $CIPHERS)
     check_translation $? "$T"
     G_CIPHERS="$G_CIPHERS $T"
 
-    T=`python3 scripts/translate_ciphers.py o "$CIPHERS"`
+    T=$(./scripts/translate_ciphers.py o $CIPHERS)
     check_translation $? "$T"
     O_CIPHERS="$O_CIPHERS $T"
 }
@@ -417,7 +417,7 @@ add_openssl_ciphersuites()
 
     M_CIPHERS="$M_CIPHERS $CIPHERS"
 
-    T=`python3 scripts/translate_ciphers.py o "$CIPHERS"`
+    T=$(./scripts/translate_ciphers.py o $CIPHERS)
     check_translation $? "$T"
     O_CIPHERS="$O_CIPHERS $T"
 }
@@ -551,7 +551,7 @@ add_gnutls_ciphersuites()
 
     M_CIPHERS="$M_CIPHERS $CIPHERS"
 
-    T=`python3 scripts/translate_ciphers.py g "$CIPHERS"`
+    T=$(./scripts/translate_ciphers.py g $CIPHERS)
     check_translation $? "$T"
     G_CIPHERS="$G_CIPHERS $T"
 }
diff --git a/tests/scripts/test_translate_ciphers_format.sh b/tests/scripts/test_translate_ciphers_format.sh
index 6f1bdd08be..1dc7bbc0e8 100755
--- a/tests/scripts/test_translate_ciphers_format.sh
+++ b/tests/scripts/test_translate_ciphers_format.sh
@@ -29,84 +29,71 @@
 # This files main purpose is to ensure translate_ciphers.py can take strings
 # in the expected format and return them in the format compat.sh will expect.
 
+set -eu
+
 if cd $( dirname $0 ); then :; else
     echo "cd $( dirname $0 ) failed" >&2
     exit 1
 fi
 
-# Ciphers that will use translate_ciphers.py
-M_CIPHERS=""
+fail=0
+
+# Initalize ciphers translated from Mbed TLS using translate_ciphers.py
+O_TRANSLATED_CIPHERS=""
+G_TRANSLATED_CIPHERS=""
+
+# Initalize ciphers that are known to be in the correct format
 O_CIPHERS=""
 G_CIPHERS=""
 
-# Ciphers taken directly from compat.sh
-Mt_CIPHERS=""
-Ot_CIPHERS=""
-Gt_CIPHERS=""
-
-# Initial list to be split into 3
+# Mbed TLS ciphersuite names to be translated
+# into GnuTLS and OpenSSL
 CIPHERS="TLS-ECDHE-ECDSA-WITH-NULL-SHA      \
     TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA   \
     TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA    \
     TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA    \
     "
 
-M_CIPHERS="$M_CIPHERS $CIPHERS"
+G=$(./translate_ciphers.py g $CIPHERS) || fail=1
+G_TRANSLATED_CIPHERS="$G_TRANSLATED_CIPHERS $G"
 
-G=`python3 translate_ciphers.py g "$CIPHERS"`
-G_CIPHERS="$G_CIPHERS $G"
+O=$(./translate_ciphers.py o $CIPHERS) || fail=1
+O_TRANSLATED_CIPHERS="$O_TRANSLATED_CIPHERS $O"
 
-O=`python3 translate_ciphers.py o "$CIPHERS"`
-O_CIPHERS="$O_CIPHERS $O"
-
-Mt_CIPHERS="$Mt_CIPHERS                       \
-    TLS-ECDHE-ECDSA-WITH-NULL-SHA           \
-    TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA   \
-    TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA    \
-    TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA    \
-    "
-Gt_CIPHERS="$Gt_CIPHERS                       \
+G_CIPHERS="$G_CIPHERS                     \
     +ECDHE-ECDSA:+NULL:+SHA1                \
     +ECDHE-ECDSA:+3DES-CBC:+SHA1            \
     +ECDHE-ECDSA:+AES-128-CBC:+SHA1         \
     +ECDHE-ECDSA:+AES-256-CBC:+SHA1         \
     "
-Ot_CIPHERS="$Ot_CIPHERS               \
+O_CIPHERS="$O_CIPHERS             \
     ECDHE-ECDSA-NULL-SHA            \
     ECDHE-ECDSA-DES-CBC3-SHA        \
     ECDHE-ECDSA-AES128-SHA          \
     ECDHE-ECDSA-AES256-SHA          \
     "
 
-
-# Initial list to be split into 3
-CIPHERS="TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256         \
+# Mbed TLS ciphersuite names to be translated
+# into GnuTLS and OpenSSL
+CIPHERS="TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256          \
           TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384         \
           TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256         \
           TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384         \
          "
 
-M_CIPHERS="$M_CIPHERS $CIPHERS"
+G=$(./translate_ciphers.py g $CIPHERS) || fail=1
+G_TRANSLATED_CIPHERS="$G_TRANSLATED_CIPHERS $G"
 
-G=`python3 translate_ciphers.py g "$CIPHERS"`
-G_CIPHERS="$G_CIPHERS $G"
+O=$(./translate_ciphers.py o $CIPHERS) || fail=1
+O_TRANSLATED_CIPHERS="$O_TRANSLATED_CIPHERS $O"
 
-O=`python3 translate_ciphers.py o "$CIPHERS"`
-O_CIPHERS="$O_CIPHERS $O"
-
-Mt_CIPHERS="$Mt_CIPHERS                               \
-    TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256         \
-    TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384         \
-    TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256         \
-    TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384         \
-    "
-Gt_CIPHERS="$Gt_CIPHERS                               \
+G_CIPHERS="$G_CIPHERS                             \
     +ECDHE-ECDSA:+AES-128-CBC:+SHA256               \
     +ECDHE-ECDSA:+AES-256-CBC:+SHA384               \
     +ECDHE-ECDSA:+AES-128-GCM:+AEAD                 \
     +ECDHE-ECDSA:+AES-256-GCM:+AEAD                 \
     "
-Ot_CIPHERS="$Ot_CIPHERS               \
+O_CIPHERS="$O_CIPHERS             \
     ECDHE-ECDSA-AES128-SHA256       \
     ECDHE-ECDSA-AES256-SHA384       \
     ECDHE-ECDSA-AES128-GCM-SHA256   \
@@ -114,28 +101,25 @@ Ot_CIPHERS="$Ot_CIPHERS               \
     "
 
 # Normalise spacing
-M_CIPHERS=$( echo "$M_CIPHERS" | sed -e 's/[[:space:]][[:space:]]*/ /g' -e 's/^ //' -e 's/ $//')
-G_CIPHERS=$( echo "$G_CIPHERS" | sed -e 's/[[:space:]][[:space:]]*/ /g' -e 's/^ //' -e 's/ $//')
-O_CIPHERS=$( echo "$O_CIPHERS" | sed -e 's/[[:space:]][[:space:]]*/ /g' -e 's/^ //' -e 's/ $//')
+G_TRANSLATED_CIPHERS=$( echo $G_TRANSLATED_CIPHERS )
+O_TRANSLATED_CIPHERS=$( echo $O_TRANSLATED_CIPHERS )
 
-Mt_CIPHERS=$( echo "$Mt_CIPHERS" | sed -e 's/[[:space:]][[:space:]]*/ /g' -e 's/^ //' -e 's/ $//')
-Gt_CIPHERS=$( echo "$Gt_CIPHERS" | sed -e 's/[[:space:]][[:space:]]*/ /g' -e 's/^ //' -e 's/ $//')
-Ot_CIPHERS=$( echo "$Ot_CIPHERS" | sed -e 's/[[:space:]][[:space:]]*/ /g' -e 's/^ //' -e 's/ $//')
+G_CIPHERS=$( echo $G_CIPHERS )
+O_CIPHERS=$( echo $O_CIPHERS )
 
 # Compare the compat.sh names with the translated names
 # Upon fail, print them to view the differences
-if [ "$Mt_CIPHERS" != "$M_CIPHERS" ]
+if [ "$G_TRANSLATED_CIPHERS" != "$G_CIPHERS" ]
 then
-    echo "MBEDTLS Translated:   $M_CIPHERS"
-    echo "MBEDTLS Original:     $Mt_CIPHERS"
+    echo "GnuTLS Translated:    $G_TRANSLATED_CIPHERS"
+    echo "GnuTLS Original:      $G_CIPHERS"
+    fail=1
 fi
-if [ "$Gt_CIPHERS" != "$G_CIPHERS" ]
+if [ "$O_TRANSLATED_CIPHERS" != "$O_CIPHERS" ]
 then
-    echo "GNUTLS Translated:    $G_CIPHERS"
-    echo "GNUTLS Original:      $Gt_CIPHERS"
-fi
-if [ "$Ot_CIPHERS" != "$O_CIPHERS" ]
-then
-    echo "OpenSSL Translated: $O_CIPHERS"
-    echo "OpenSSL Original:   $Ot_CIPHERS"
+    echo "OpenSSL Translated: $O_TRANSLATED_CIPHERS"
+    echo "OpenSSL Original:   $O_CIPHERS"
+    fail=1
 fi
+
+exit $fail
diff --git a/tests/scripts/test_translate_ciphers_names.py b/tests/scripts/test_translate_ciphers_names.py
index 84bcc9931d..33ad4e3db7 100755
--- a/tests/scripts/test_translate_ciphers_names.py
+++ b/tests/scripts/test_translate_ciphers_names.py
@@ -19,11 +19,11 @@
 #
 
 """
-Test translate_ciphers.py by running every MBedTLS ciphersuite name
+Test translate_ciphers.py by running every Mbed TLS ciphersuite name
 combination through the translate functions and comparing them to their
 correct GNUTLS or OpenSSL counterpart.
 """
-
+import sys
 from translate_ciphers import translate_gnutls, translate_ossl
 
 def assert_equal(translate, original):
@@ -36,431 +36,474 @@ def assert_equal(translate, original):
         assert translate == original
     except AssertionError:
         print("%s\n%s\n" %(translate, original))
+        sys.exit(1)
 
 def test_all_common():
     """
-    Translate the MBedTLS ciphersuite names to the common OpenSSL and
-    GnuTLS ciphersite names, and compare them with the true, expected
+    Translate the Mbed TLS ciphersuite names to the common OpenSSL and
+    GnuTLS ciphersuite names, and compare them with the true, expected
     corresponding OpenSSL and GnuTLS ciphersuite names
     """
-    m_ciphers = [
-        "TLS-ECDHE-ECDSA-WITH-NULL-SHA",
-        "TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA",
-        "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA",
-        "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA",
+    ciphers = [
+        ("TLS-ECDHE-ECDSA-WITH-NULL-SHA",
+         "+ECDHE-ECDSA:+NULL:+SHA1",
+         "ECDHE-ECDSA-NULL-SHA"),
+        ("TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA",
+         "+ECDHE-ECDSA:+3DES-CBC:+SHA1",
+         "ECDHE-ECDSA-DES-CBC3-SHA"),
+        ("TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA",
+         "+ECDHE-ECDSA:+AES-128-CBC:+SHA1",
+         "ECDHE-ECDSA-AES128-SHA"),
+        ("TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA",
+         "+ECDHE-ECDSA:+AES-256-CBC:+SHA1",
+         "ECDHE-ECDSA-AES256-SHA"),
+        ("TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256",
+         "+ECDHE-ECDSA:+AES-128-CBC:+SHA256",
+         "ECDHE-ECDSA-AES128-SHA256"),
+        ("TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384",
+         "+ECDHE-ECDSA:+AES-256-CBC:+SHA384",
+         "ECDHE-ECDSA-AES256-SHA384"),
+        ("TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256",
+         "+ECDHE-ECDSA:+AES-128-GCM:+AEAD",
+         "ECDHE-ECDSA-AES128-GCM-SHA256"),
+        ("TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384",
+         "+ECDHE-ECDSA:+AES-256-GCM:+AEAD",
+         "ECDHE-ECDSA-AES256-GCM-SHA384"),
+        ("TLS-DHE-RSA-WITH-AES-128-CBC-SHA",
+         "+DHE-RSA:+AES-128-CBC:+SHA1",
+         "DHE-RSA-AES128-SHA"),
+        ("TLS-DHE-RSA-WITH-AES-256-CBC-SHA",
+         "+DHE-RSA:+AES-256-CBC:+SHA1",
+         "DHE-RSA-AES256-SHA"),
+        ("TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA",
+         "+DHE-RSA:+CAMELLIA-128-CBC:+SHA1",
+         "DHE-RSA-CAMELLIA128-SHA"),
+        ("TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA",
+         "+DHE-RSA:+CAMELLIA-256-CBC:+SHA1",
+         "DHE-RSA-CAMELLIA256-SHA"),
+        ("TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA",
+         "+DHE-RSA:+3DES-CBC:+SHA1",
+         "EDH-RSA-DES-CBC3-SHA"),
+        ("TLS-RSA-WITH-AES-256-CBC-SHA",
+         "+RSA:+AES-256-CBC:+SHA1",
+         "AES256-SHA"),
+        ("TLS-RSA-WITH-CAMELLIA-256-CBC-SHA",
+         "+RSA:+CAMELLIA-256-CBC:+SHA1",
+         "CAMELLIA256-SHA"),
+        ("TLS-RSA-WITH-AES-128-CBC-SHA",
+         "+RSA:+AES-128-CBC:+SHA1",
+         "AES128-SHA"),
+        ("TLS-RSA-WITH-CAMELLIA-128-CBC-SHA",
+         "+RSA:+CAMELLIA-128-CBC:+SHA1",
+         "CAMELLIA128-SHA"),
+        ("TLS-RSA-WITH-3DES-EDE-CBC-SHA",
+         "+RSA:+3DES-CBC:+SHA1",
+         "DES-CBC3-SHA"),
+        ("TLS-RSA-WITH-NULL-MD5",
+         "+RSA:+NULL:+MD5",
+         "NULL-MD5"),
+        ("TLS-RSA-WITH-NULL-SHA",
+         "+RSA:+NULL:+SHA1",
+         "NULL-SHA"),
+        ("TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA",
+         "+ECDHE-RSA:+AES-128-CBC:+SHA1",
+         "ECDHE-RSA-AES128-SHA"),
+        ("TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA",
+         "+ECDHE-RSA:+AES-256-CBC:+SHA1",
+         "ECDHE-RSA-AES256-SHA"),
+        ("TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA",
+         "+ECDHE-RSA:+3DES-CBC:+SHA1",
+         "ECDHE-RSA-DES-CBC3-SHA"),
+        ("TLS-ECDHE-RSA-WITH-NULL-SHA",
+         "+ECDHE-RSA:+NULL:+SHA1",
+         "ECDHE-RSA-NULL-SHA"),
+        ("TLS-RSA-WITH-AES-128-CBC-SHA256",
+         "+RSA:+AES-128-CBC:+SHA256",
+         "AES128-SHA256"),
+        ("TLS-DHE-RSA-WITH-AES-128-CBC-SHA256",
+         "+DHE-RSA:+AES-128-CBC:+SHA256",
+         "DHE-RSA-AES128-SHA256"),
+        ("TLS-RSA-WITH-AES-256-CBC-SHA256",
+         "+RSA:+AES-256-CBC:+SHA256",
+         "AES256-SHA256"),
+        ("TLS-DHE-RSA-WITH-AES-256-CBC-SHA256",
+         "+DHE-RSA:+AES-256-CBC:+SHA256",
+         "DHE-RSA-AES256-SHA256"),
+        ("TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256",
+         "+ECDHE-RSA:+AES-128-CBC:+SHA256",
+         "ECDHE-RSA-AES128-SHA256"),
+        ("TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384",
+         "+ECDHE-RSA:+AES-256-CBC:+SHA384",
+         "ECDHE-RSA-AES256-SHA384"),
+        ("TLS-RSA-WITH-AES-128-GCM-SHA256",
+         "+RSA:+AES-128-GCM:+AEAD",
+         "AES128-GCM-SHA256"),
+        ("TLS-RSA-WITH-AES-256-GCM-SHA384",
+         "+RSA:+AES-256-GCM:+AEAD",
+         "AES256-GCM-SHA384"),
+        ("TLS-DHE-RSA-WITH-AES-128-GCM-SHA256",
+         "+DHE-RSA:+AES-128-GCM:+AEAD",
+         "DHE-RSA-AES128-GCM-SHA256"),
+        ("TLS-DHE-RSA-WITH-AES-256-GCM-SHA384",
+         "+DHE-RSA:+AES-256-GCM:+AEAD",
+         "DHE-RSA-AES256-GCM-SHA384"),
+        ("TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256",
+         "+ECDHE-RSA:+AES-128-GCM:+AEAD",
+         "ECDHE-RSA-AES128-GCM-SHA256"),
+        ("TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384",
+         "+ECDHE-RSA:+AES-256-GCM:+AEAD",
+         "ECDHE-RSA-AES256-GCM-SHA384"),
+        ("TLS-PSK-WITH-3DES-EDE-CBC-SHA",
+         "+PSK:+3DES-CBC:+SHA1",
+         "PSK-3DES-EDE-CBC-SHA"),
+        ("TLS-PSK-WITH-AES-128-CBC-SHA",
+         "+PSK:+AES-128-CBC:+SHA1",
+         "PSK-AES128-CBC-SHA"),
+        ("TLS-PSK-WITH-AES-256-CBC-SHA",
+         "+PSK:+AES-256-CBC:+SHA1",
+         "PSK-AES256-CBC-SHA"),
 
-        "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256",
-        "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384",
-        "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256",
-        "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384",
+        ("TLS-ECDH-ECDSA-WITH-NULL-SHA",
+         None,
+         "ECDH-ECDSA-NULL-SHA"),
+        ("TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA",
+         None,
+         "ECDH-ECDSA-DES-CBC3-SHA"),
+        ("TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA",
+         None,
+         "ECDH-ECDSA-AES128-SHA"),
+        ("TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA",
+         None,
+         "ECDH-ECDSA-AES256-SHA"),
+        ("TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256",
+         None,
+         "ECDH-ECDSA-AES128-SHA256"),
+        ("TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384",
+         None,
+         "ECDH-ECDSA-AES256-SHA384"),
+        ("TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256",
+         None,
+         "ECDH-ECDSA-AES128-GCM-SHA256"),
+        ("TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384",
+         None,
+         "ECDH-ECDSA-AES256-GCM-SHA384"),
+        ("TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384",
+         None,
+         "ECDHE-ECDSA-ARIA256-GCM-SHA384"),
+        ("TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256",
+         None,
+         "ECDHE-ECDSA-ARIA128-GCM-SHA256"),
+        ("TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256",
+         None,
+         "ECDHE-ECDSA-CHACHA20-POLY1305"),
+        ("TLS-RSA-WITH-DES-CBC-SHA",
+         None,
+         "DES-CBC-SHA"),
+        ("TLS-DHE-RSA-WITH-DES-CBC-SHA",
+         None,
+         "EDH-RSA-DES-CBC-SHA"),
+        ("TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384",
+         None,
+         "ECDHE-ARIA256-GCM-SHA384"),
+        ("TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384",
+         None,
+         "DHE-RSA-ARIA256-GCM-SHA384"),
+        ("TLS-RSA-WITH-ARIA-256-GCM-SHA384",
+         None,
+         "ARIA256-GCM-SHA384"),
+        ("TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256",
+         None,
+         "ECDHE-ARIA128-GCM-SHA256"),
+        ("TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256",
+         None,
+         "DHE-RSA-ARIA128-GCM-SHA256"),
+        ("TLS-RSA-WITH-ARIA-128-GCM-SHA256",
+         None,
+         "ARIA128-GCM-SHA256"),
+        ("TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
+         None,
+         "DHE-RSA-CHACHA20-POLY1305"),
+        ("TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
+         None,
+         "ECDHE-RSA-CHACHA20-POLY1305"),
+        ("TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384",
+         None,
+         "DHE-PSK-ARIA256-GCM-SHA384"),
+        ("TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256",
+         None,
+         "DHE-PSK-ARIA128-GCM-SHA256"),
+        ("TLS-PSK-WITH-ARIA-256-GCM-SHA384",
+         None,
+         "PSK-ARIA256-GCM-SHA384"),
+        ("TLS-PSK-WITH-ARIA-128-GCM-SHA256",
+         None,
+         "PSK-ARIA128-GCM-SHA256"),
+        ("TLS-PSK-WITH-CHACHA20-POLY1305-SHA256",
+         None,
+         "PSK-CHACHA20-POLY1305"),
+        ("TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256",
+         None,
+         "ECDHE-PSK-CHACHA20-POLY1305"),
+        ("TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256",
+         None,
+         "DHE-PSK-CHACHA20-POLY1305"),
 
-        "TLS-DHE-RSA-WITH-AES-128-CBC-SHA",
-        "TLS-DHE-RSA-WITH-AES-256-CBC-SHA",
-        "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA",
-        "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA",
-        "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA",
-        "TLS-RSA-WITH-AES-256-CBC-SHA",
-        "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA",
-        "TLS-RSA-WITH-AES-128-CBC-SHA",
-        "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA",
-        "TLS-RSA-WITH-3DES-EDE-CBC-SHA",
-        "TLS-RSA-WITH-NULL-MD5",
-        "TLS-RSA-WITH-NULL-SHA",
-
-        "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA",
-        "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA",
-        "TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA",
-        "TLS-ECDHE-RSA-WITH-NULL-SHA",
-
-        "TLS-RSA-WITH-AES-128-CBC-SHA256",
-        "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256",
-        "TLS-RSA-WITH-AES-256-CBC-SHA256",
-        "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256",
-        "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256",
-        "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384",
-        "TLS-RSA-WITH-AES-128-GCM-SHA256",
-        "TLS-RSA-WITH-AES-256-GCM-SHA384",
-        "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256",
-        "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384",
-        "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256",
-        "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384",
-
-        "TLS-PSK-WITH-3DES-EDE-CBC-SHA",
-        "TLS-PSK-WITH-AES-128-CBC-SHA",
-        "TLS-PSK-WITH-AES-256-CBC-SHA",
-    ]
-    g_ciphers = [
-        "+ECDHE-ECDSA:+NULL:+SHA1",
-        "+ECDHE-ECDSA:+3DES-CBC:+SHA1",
-        "+ECDHE-ECDSA:+AES-128-CBC:+SHA1",
-        "+ECDHE-ECDSA:+AES-256-CBC:+SHA1",
-
-        "+ECDHE-ECDSA:+AES-128-CBC:+SHA256",
-        "+ECDHE-ECDSA:+AES-256-CBC:+SHA384",
-        "+ECDHE-ECDSA:+AES-128-GCM:+AEAD",
-        "+ECDHE-ECDSA:+AES-256-GCM:+AEAD",
-
-        "+DHE-RSA:+AES-128-CBC:+SHA1",
-        "+DHE-RSA:+AES-256-CBC:+SHA1",
-        "+DHE-RSA:+CAMELLIA-128-CBC:+SHA1",
-        "+DHE-RSA:+CAMELLIA-256-CBC:+SHA1",
-        "+DHE-RSA:+3DES-CBC:+SHA1",
-        "+RSA:+AES-256-CBC:+SHA1",
-        "+RSA:+CAMELLIA-256-CBC:+SHA1",
-        "+RSA:+AES-128-CBC:+SHA1",
-        "+RSA:+CAMELLIA-128-CBC:+SHA1",
-        "+RSA:+3DES-CBC:+SHA1",
-        "+RSA:+NULL:+MD5",
-        "+RSA:+NULL:+SHA1",
-
-        "+ECDHE-RSA:+AES-128-CBC:+SHA1",
-        "+ECDHE-RSA:+AES-256-CBC:+SHA1",
-        "+ECDHE-RSA:+3DES-CBC:+SHA1",
-        "+ECDHE-RSA:+NULL:+SHA1",
-
-        "+RSA:+AES-128-CBC:+SHA256",
-        "+DHE-RSA:+AES-128-CBC:+SHA256",
-        "+RSA:+AES-256-CBC:+SHA256",
-        "+DHE-RSA:+AES-256-CBC:+SHA256",
-        "+ECDHE-RSA:+AES-128-CBC:+SHA256",
-        "+ECDHE-RSA:+AES-256-CBC:+SHA384",
-        "+RSA:+AES-128-GCM:+AEAD",
-        "+RSA:+AES-256-GCM:+AEAD",
-        "+DHE-RSA:+AES-128-GCM:+AEAD",
-        "+DHE-RSA:+AES-256-GCM:+AEAD",
-        "+ECDHE-RSA:+AES-128-GCM:+AEAD",
-        "+ECDHE-RSA:+AES-256-GCM:+AEAD",
-
-        "+PSK:+3DES-CBC:+SHA1",
-        "+PSK:+AES-128-CBC:+SHA1",
-        "+PSK:+AES-256-CBC:+SHA1",
-    ]
-    o_ciphers = [
-        "ECDHE-ECDSA-NULL-SHA",
-        "ECDHE-ECDSA-DES-CBC3-SHA",
-        "ECDHE-ECDSA-AES128-SHA",
-        "ECDHE-ECDSA-AES256-SHA",
-
-        "ECDHE-ECDSA-AES128-SHA256",
-        "ECDHE-ECDSA-AES256-SHA384",
-        "ECDHE-ECDSA-AES128-GCM-SHA256",
-        "ECDHE-ECDSA-AES256-GCM-SHA384",
-
-        "DHE-RSA-AES128-SHA",
-        "DHE-RSA-AES256-SHA",
-        "DHE-RSA-CAMELLIA128-SHA",
-        "DHE-RSA-CAMELLIA256-SHA",
-        "EDH-RSA-DES-CBC3-SHA",
-        "AES256-SHA",
-        "CAMELLIA256-SHA",
-        "AES128-SHA",
-        "CAMELLIA128-SHA",
-        "DES-CBC3-SHA",
-        "NULL-MD5",
-        "NULL-SHA",
-
-        "ECDHE-RSA-AES128-SHA",
-        "ECDHE-RSA-AES256-SHA",
-        "ECDHE-RSA-DES-CBC3-SHA",
-        "ECDHE-RSA-NULL-SHA",
-
-        #"NULL-SHA256",
-        "AES128-SHA256",
-        "DHE-RSA-AES128-SHA256",
-        "AES256-SHA256",
-        "DHE-RSA-AES256-SHA256",
-        "ECDHE-RSA-AES128-SHA256",
-        "ECDHE-RSA-AES256-SHA384",
-        "AES128-GCM-SHA256",
-        "AES256-GCM-SHA384",
-        "DHE-RSA-AES128-GCM-SHA256",
-        "DHE-RSA-AES256-GCM-SHA384",
-        "ECDHE-RSA-AES128-GCM-SHA256",
-        "ECDHE-RSA-AES256-GCM-SHA384",
-
-        "PSK-3DES-EDE-CBC-SHA",
-        "PSK-AES128-CBC-SHA",
-        "PSK-AES256-CBC-SHA",
+        ("TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
+         "+ECDHE-ECDSA:+CAMELLIA-128-CBC:+SHA256",
+         None),
+        ("TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
+         "+ECDHE-ECDSA:+CAMELLIA-256-CBC:+SHA384",
+         None),
+        ("TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256",
+         "+ECDHE-ECDSA:+CAMELLIA-128-GCM:+AEAD",
+         None),
+        ("TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384",
+         "+ECDHE-ECDSA:+CAMELLIA-256-GCM:+AEAD",
+         None),
+        ("TLS-ECDHE-ECDSA-WITH-AES-128-CCM",
+         "+ECDHE-ECDSA:+AES-128-CCM:+AEAD",
+         None),
+        ("TLS-ECDHE-ECDSA-WITH-AES-256-CCM",
+         "+ECDHE-ECDSA:+AES-256-CCM:+AEAD",
+         None),
+        ("TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8",
+         "+ECDHE-ECDSA:+AES-128-CCM-8:+AEAD",
+         None),
+        ("TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8",
+         "+ECDHE-ECDSA:+AES-256-CCM-8:+AEAD",
+         None),
+        ("TLS-RSA-WITH-NULL-SHA256",
+         "+RSA:+NULL:+SHA256",
+         None),
+        ("TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
+         "+ECDHE-RSA:+CAMELLIA-128-CBC:+SHA256",
+         None),
+        ("TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384",
+         "+ECDHE-RSA:+CAMELLIA-256-CBC:+SHA384",
+         None),
+        ("TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256",
+         "+RSA:+CAMELLIA-128-CBC:+SHA256",
+         None),
+        ("TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256",
+         "+RSA:+CAMELLIA-256-CBC:+SHA256",
+         None),
+        ("TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
+         "+DHE-RSA:+CAMELLIA-128-CBC:+SHA256",
+         None),
+        ("TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256",
+         "+DHE-RSA:+CAMELLIA-256-CBC:+SHA256",
+         None),
+        ("TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
+         "+ECDHE-RSA:+CAMELLIA-128-GCM:+AEAD",
+         None),
+        ("TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
+         "+ECDHE-RSA:+CAMELLIA-256-GCM:+AEAD",
+         None),
+        ("TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
+         "+DHE-RSA:+CAMELLIA-128-GCM:+AEAD",
+         None),
+        ("TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
+         "+DHE-RSA:+CAMELLIA-256-GCM:+AEAD",
+         None),
+        ("TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256",
+         "+RSA:+CAMELLIA-128-GCM:+AEAD",
+         None),
+        ("TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384",
+         "+RSA:+CAMELLIA-256-GCM:+AEAD",
+         None),
+        ("TLS-RSA-WITH-AES-128-CCM",
+         "+RSA:+AES-128-CCM:+AEAD",
+         None),
+        ("TLS-RSA-WITH-AES-256-CCM",
+         "+RSA:+AES-256-CCM:+AEAD",
+         None),
+        ("TLS-DHE-RSA-WITH-AES-128-CCM",
+         "+DHE-RSA:+AES-128-CCM:+AEAD",
+         None),
+        ("TLS-DHE-RSA-WITH-AES-256-CCM",
+         "+DHE-RSA:+AES-256-CCM:+AEAD",
+         None),
+        ("TLS-RSA-WITH-AES-128-CCM-8",
+         "+RSA:+AES-128-CCM-8:+AEAD",
+         None),
+        ("TLS-RSA-WITH-AES-256-CCM-8",
+         "+RSA:+AES-256-CCM-8:+AEAD",
+         None),
+        ("TLS-DHE-RSA-WITH-AES-128-CCM-8",
+         "+DHE-RSA:+AES-128-CCM-8:+AEAD",
+         None),
+        ("TLS-DHE-RSA-WITH-AES-256-CCM-8",
+         "+DHE-RSA:+AES-256-CCM-8:+AEAD",
+         None),
+        ("TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA",
+         "+DHE-PSK:+3DES-CBC:+SHA1",
+         None),
+        ("TLS-DHE-PSK-WITH-AES-128-CBC-SHA",
+         "+DHE-PSK:+AES-128-CBC:+SHA1",
+         None),
+        ("TLS-DHE-PSK-WITH-AES-256-CBC-SHA",
+         "+DHE-PSK:+AES-256-CBC:+SHA1",
+         None),
+        ("TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA",
+         "+ECDHE-PSK:+AES-256-CBC:+SHA1",
+         None),
+        ("TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA",
+         "+ECDHE-PSK:+AES-128-CBC:+SHA1",
+         None),
+        ("TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA",
+         "+ECDHE-PSK:+3DES-CBC:+SHA1",
+         None),
+        ("TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA",
+         "+RSA-PSK:+3DES-CBC:+SHA1",
+         None),
+        ("TLS-RSA-PSK-WITH-AES-256-CBC-SHA",
+         "+RSA-PSK:+AES-256-CBC:+SHA1",
+         None),
+        ("TLS-RSA-PSK-WITH-AES-128-CBC-SHA",
+         "+RSA-PSK:+AES-128-CBC:+SHA1",
+         None),
+        ("TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384",
+         "+ECDHE-PSK:+AES-256-CBC:+SHA384",
+         None),
+        ("TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
+         "+ECDHE-PSK:+CAMELLIA-256-CBC:+SHA384",
+         None),
+        ("TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256",
+         "+ECDHE-PSK:+AES-128-CBC:+SHA256",
+         None),
+        ("TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
+         "+ECDHE-PSK:+CAMELLIA-128-CBC:+SHA256",
+         None),
+        ("TLS-ECDHE-PSK-WITH-NULL-SHA384",
+         "+ECDHE-PSK:+NULL:+SHA384",
+         None),
+        ("TLS-ECDHE-PSK-WITH-NULL-SHA256",
+         "+ECDHE-PSK:+NULL:+SHA256",
+         None),
+        ("TLS-PSK-WITH-AES-128-CBC-SHA256",
+         "+PSK:+AES-128-CBC:+SHA256",
+         None),
+        ("TLS-PSK-WITH-AES-256-CBC-SHA384",
+         "+PSK:+AES-256-CBC:+SHA384",
+         None),
+        ("TLS-DHE-PSK-WITH-AES-128-CBC-SHA256",
+         "+DHE-PSK:+AES-128-CBC:+SHA256",
+         None),
+        ("TLS-DHE-PSK-WITH-AES-256-CBC-SHA384",
+         "+DHE-PSK:+AES-256-CBC:+SHA384",
+         None),
+        ("TLS-PSK-WITH-NULL-SHA256",
+         "+PSK:+NULL:+SHA256",
+         None),
+        ("TLS-PSK-WITH-NULL-SHA384",
+         "+PSK:+NULL:+SHA384",
+         None),
+        ("TLS-DHE-PSK-WITH-NULL-SHA256",
+         "+DHE-PSK:+NULL:+SHA256",
+         None),
+        ("TLS-DHE-PSK-WITH-NULL-SHA384",
+         "+DHE-PSK:+NULL:+SHA384",
+         None),
+        ("TLS-RSA-PSK-WITH-AES-256-CBC-SHA384",
+         "+RSA-PSK:+AES-256-CBC:+SHA384",
+         None),
+        ("TLS-RSA-PSK-WITH-AES-128-CBC-SHA256",
+         "+RSA-PSK:+AES-128-CBC:+SHA256",
+         None),
+        ("TLS-RSA-PSK-WITH-NULL-SHA256",
+         "+RSA-PSK:+NULL:+SHA256",
+         None),
+        ("TLS-RSA-PSK-WITH-NULL-SHA384",
+         "+RSA-PSK:+NULL:+SHA384",
+         None),
+        ("TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
+         "+DHE-PSK:+CAMELLIA-128-CBC:+SHA256",
+         None),
+        ("TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
+         "+DHE-PSK:+CAMELLIA-256-CBC:+SHA384",
+         None),
+        ("TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256",
+         "+PSK:+CAMELLIA-128-CBC:+SHA256",
+         None),
+        ("TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384",
+         "+PSK:+CAMELLIA-256-CBC:+SHA384",
+         None),
+        ("TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384",
+         "+RSA-PSK:+CAMELLIA-256-CBC:+SHA384",
+         None),
+        ("TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256",
+         "+RSA-PSK:+CAMELLIA-128-CBC:+SHA256",
+         None),
+        ("TLS-PSK-WITH-AES-128-GCM-SHA256",
+         "+PSK:+AES-128-GCM:+AEAD",
+         None),
+        ("TLS-PSK-WITH-AES-256-GCM-SHA384",
+         "+PSK:+AES-256-GCM:+AEAD",
+         None),
+        ("TLS-DHE-PSK-WITH-AES-128-GCM-SHA256",
+         "+DHE-PSK:+AES-128-GCM:+AEAD",
+         None),
+        ("TLS-DHE-PSK-WITH-AES-256-GCM-SHA384",
+         "+DHE-PSK:+AES-256-GCM:+AEAD",
+         None),
+        ("TLS-PSK-WITH-AES-128-CCM",
+         "+PSK:+AES-128-CCM:+AEAD",
+         None),
+        ("TLS-PSK-WITH-AES-256-CCM",
+         "+PSK:+AES-256-CCM:+AEAD",
+         None),
+        ("TLS-DHE-PSK-WITH-AES-128-CCM",
+         "+DHE-PSK:+AES-128-CCM:+AEAD",
+         None),
+        ("TLS-DHE-PSK-WITH-AES-256-CCM",
+         "+DHE-PSK:+AES-256-CCM:+AEAD",
+         None),
+        ("TLS-PSK-WITH-AES-128-CCM-8",
+         "+PSK:+AES-128-CCM-8:+AEAD",
+         None),
+        ("TLS-PSK-WITH-AES-256-CCM-8",
+         "+PSK:+AES-256-CCM-8:+AEAD",
+         None),
+        ("TLS-DHE-PSK-WITH-AES-128-CCM-8",
+         "+DHE-PSK:+AES-128-CCM-8:+AEAD",
+         None),
+        ("TLS-DHE-PSK-WITH-AES-256-CCM-8",
+         "+DHE-PSK:+AES-256-CCM-8:+AEAD",
+         None),
+        ("TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256",
+         "+RSA-PSK:+CAMELLIA-128-GCM:+AEAD",
+         None),
+        ("TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384",
+         "+RSA-PSK:+CAMELLIA-256-GCM:+AEAD",
+         None),
+        ("TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256",
+         "+PSK:+CAMELLIA-128-GCM:+AEAD",
+         None),
+        ("TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384",
+         "+PSK:+CAMELLIA-256-GCM:+AEAD",
+         None),
+        ("TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256",
+         "+DHE-PSK:+CAMELLIA-128-GCM:+AEAD",
+         None),
+        ("TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384",
+         "+DHE-PSK:+CAMELLIA-256-GCM:+AEAD",
+         None),
+        ("TLS-RSA-PSK-WITH-AES-256-GCM-SHA384",
+         "+RSA-PSK:+AES-256-GCM:+AEAD",
+         None),
+        ("TLS-RSA-PSK-WITH-AES-128-GCM-SHA256",
+         "+RSA-PSK:+AES-128-GCM:+AEAD",
+         None),
     ]
 
-    for m, g_exp, o_exp in zip(m_ciphers, g_ciphers, o_ciphers):
+    for m, g_exp, o_exp in ciphers:
 
-        g = translate_gnutls(m)
-        assert_equal(g, g_exp)
+        if g_exp != None:
+            g = translate_gnutls(m)
+            assert_equal(g, g_exp)
 
-        o = translate_ossl(m)
-        assert_equal(o, o_exp)
-
-def test_mbedtls_ossl_common():
-    """
-    Translate the MBedTLS ciphersuite names to the common OpenSSL
-    ciphersite names, and compare them with the true, expected
-    corresponding OpenSSL ciphersuite name
-    """
-    m_ciphers = [
-        "TLS-ECDH-ECDSA-WITH-NULL-SHA",
-        "TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA",
-        "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA",
-        "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA",
-
-        "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256",
-        "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384",
-        "TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256",
-        "TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384",
-        "TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384",
-        "TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256",
-        "TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256",
-
-        "TLS-RSA-WITH-DES-CBC-SHA",
-        "TLS-DHE-RSA-WITH-DES-CBC-SHA",
-
-        "TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384",
-        "TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384",
-        "TLS-RSA-WITH-ARIA-256-GCM-SHA384",
-        "TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256",
-        "TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256",
-        "TLS-RSA-WITH-ARIA-128-GCM-SHA256",
-        "TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
-        "TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
-
-        "TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384",
-        "TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256",
-        "TLS-PSK-WITH-ARIA-256-GCM-SHA384",
-        "TLS-PSK-WITH-ARIA-128-GCM-SHA256",
-        "TLS-PSK-WITH-CHACHA20-POLY1305-SHA256",
-        "TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256",
-        "TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256",
-    ]
-    o_ciphers = [
-        "ECDH-ECDSA-NULL-SHA",
-        "ECDH-ECDSA-DES-CBC3-SHA",
-        "ECDH-ECDSA-AES128-SHA",
-        "ECDH-ECDSA-AES256-SHA",
-
-        "ECDH-ECDSA-AES128-SHA256",
-        "ECDH-ECDSA-AES256-SHA384",
-        "ECDH-ECDSA-AES128-GCM-SHA256",
-        "ECDH-ECDSA-AES256-GCM-SHA384",
-        "ECDHE-ECDSA-ARIA256-GCM-SHA384",
-        "ECDHE-ECDSA-ARIA128-GCM-SHA256",
-        "ECDHE-ECDSA-CHACHA20-POLY1305",
-
-        "DES-CBC-SHA",
-        "EDH-RSA-DES-CBC-SHA",
-
-        "ECDHE-ARIA256-GCM-SHA384",
-        "DHE-RSA-ARIA256-GCM-SHA384",
-        "ARIA256-GCM-SHA384",
-        "ECDHE-ARIA128-GCM-SHA256",
-        "DHE-RSA-ARIA128-GCM-SHA256",
-        "ARIA128-GCM-SHA256",
-        "DHE-RSA-CHACHA20-POLY1305",
-        "ECDHE-RSA-CHACHA20-POLY1305",
-
-        "DHE-PSK-ARIA256-GCM-SHA384",
-        "DHE-PSK-ARIA128-GCM-SHA256",
-        "PSK-ARIA256-GCM-SHA384",
-        "PSK-ARIA128-GCM-SHA256",
-        "PSK-CHACHA20-POLY1305",
-        "ECDHE-PSK-CHACHA20-POLY1305",
-        "DHE-PSK-CHACHA20-POLY1305",
-    ]
-
-    for m, o_exp in zip(m_ciphers, o_ciphers):
-
-        o = translate_ossl(m)
-        assert_equal(o, o_exp)
-
-def test_mbedtls_gnutls_common():
-    """
-    Translate the MBedTLS ciphersuite names to the common GnuTLS
-    ciphersite names, and compare them with the true, expected
-    corresponding GnuTLS ciphersuite names
-    """
-    m_ciphers = [
-        "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
-        "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
-        "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256",
-        "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384",
-        "TLS-ECDHE-ECDSA-WITH-AES-128-CCM",
-        "TLS-ECDHE-ECDSA-WITH-AES-256-CCM",
-        "TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8",
-        "TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8",
-
-        "TLS-RSA-WITH-NULL-SHA256",
-
-        "TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
-        "TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384",
-        "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256",
-        "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256",
-        "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
-        "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256",
-        "TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
-        "TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
-        "TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
-        "TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
-        "TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256",
-        "TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384",
-        "TLS-RSA-WITH-AES-128-CCM",
-        "TLS-RSA-WITH-AES-256-CCM",
-        "TLS-DHE-RSA-WITH-AES-128-CCM",
-        "TLS-DHE-RSA-WITH-AES-256-CCM",
-        "TLS-RSA-WITH-AES-128-CCM-8",
-        "TLS-RSA-WITH-AES-256-CCM-8",
-        "TLS-DHE-RSA-WITH-AES-128-CCM-8",
-        "TLS-DHE-RSA-WITH-AES-256-CCM-8",
-
-        "TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA",
-        "TLS-DHE-PSK-WITH-AES-128-CBC-SHA",
-        "TLS-DHE-PSK-WITH-AES-256-CBC-SHA",
-
-        "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA",
-        "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA",
-        "TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA",
-        "TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA",
-        "TLS-RSA-PSK-WITH-AES-256-CBC-SHA",
-        "TLS-RSA-PSK-WITH-AES-128-CBC-SHA",
-
-        "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384",
-        "TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
-        "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256",
-        "TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
-        "TLS-ECDHE-PSK-WITH-NULL-SHA384",
-        "TLS-ECDHE-PSK-WITH-NULL-SHA256",
-        "TLS-PSK-WITH-AES-128-CBC-SHA256",
-        "TLS-PSK-WITH-AES-256-CBC-SHA384",
-        "TLS-DHE-PSK-WITH-AES-128-CBC-SHA256",
-        "TLS-DHE-PSK-WITH-AES-256-CBC-SHA384",
-        "TLS-PSK-WITH-NULL-SHA256",
-        "TLS-PSK-WITH-NULL-SHA384",
-        "TLS-DHE-PSK-WITH-NULL-SHA256",
-        "TLS-DHE-PSK-WITH-NULL-SHA384",
-        "TLS-RSA-PSK-WITH-AES-256-CBC-SHA384",
-        "TLS-RSA-PSK-WITH-AES-128-CBC-SHA256",
-        "TLS-RSA-PSK-WITH-NULL-SHA256",
-        "TLS-RSA-PSK-WITH-NULL-SHA384",
-        "TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
-        "TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
-        "TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256",
-        "TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384",
-        "TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384",
-        "TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256",
-        "TLS-PSK-WITH-AES-128-GCM-SHA256",
-        "TLS-PSK-WITH-AES-256-GCM-SHA384",
-        "TLS-DHE-PSK-WITH-AES-128-GCM-SHA256",
-        "TLS-DHE-PSK-WITH-AES-256-GCM-SHA384",
-        "TLS-PSK-WITH-AES-128-CCM",
-        "TLS-PSK-WITH-AES-256-CCM",
-        "TLS-DHE-PSK-WITH-AES-128-CCM",
-        "TLS-DHE-PSK-WITH-AES-256-CCM",
-        "TLS-PSK-WITH-AES-128-CCM-8",
-        "TLS-PSK-WITH-AES-256-CCM-8",
-        "TLS-DHE-PSK-WITH-AES-128-CCM-8",
-        "TLS-DHE-PSK-WITH-AES-256-CCM-8",
-        "TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256",
-        "TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384",
-        "TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256",
-        "TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384",
-        "TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256",
-        "TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384",
-        "TLS-RSA-PSK-WITH-AES-256-GCM-SHA384",
-        "TLS-RSA-PSK-WITH-AES-128-GCM-SHA256",
-    ]
-    g_ciphers = [
-        "+ECDHE-ECDSA:+CAMELLIA-128-CBC:+SHA256",
-        "+ECDHE-ECDSA:+CAMELLIA-256-CBC:+SHA384",
-        "+ECDHE-ECDSA:+CAMELLIA-128-GCM:+AEAD",
-        "+ECDHE-ECDSA:+CAMELLIA-256-GCM:+AEAD",
-        "+ECDHE-ECDSA:+AES-128-CCM:+AEAD",
-        "+ECDHE-ECDSA:+AES-256-CCM:+AEAD",
-        "+ECDHE-ECDSA:+AES-128-CCM-8:+AEAD",
-        "+ECDHE-ECDSA:+AES-256-CCM-8:+AEAD",
-
-        "+RSA:+NULL:+SHA256",
-
-        "+ECDHE-RSA:+CAMELLIA-128-CBC:+SHA256",
-        "+ECDHE-RSA:+CAMELLIA-256-CBC:+SHA384",
-        "+RSA:+CAMELLIA-128-CBC:+SHA256",
-        "+RSA:+CAMELLIA-256-CBC:+SHA256",
-        "+DHE-RSA:+CAMELLIA-128-CBC:+SHA256",
-        "+DHE-RSA:+CAMELLIA-256-CBC:+SHA256",
-        "+ECDHE-RSA:+CAMELLIA-128-GCM:+AEAD",
-        "+ECDHE-RSA:+CAMELLIA-256-GCM:+AEAD",
-        "+DHE-RSA:+CAMELLIA-128-GCM:+AEAD",
-        "+DHE-RSA:+CAMELLIA-256-GCM:+AEAD",
-        "+RSA:+CAMELLIA-128-GCM:+AEAD",
-        "+RSA:+CAMELLIA-256-GCM:+AEAD",
-        "+RSA:+AES-128-CCM:+AEAD",
-        "+RSA:+AES-256-CCM:+AEAD",
-        "+DHE-RSA:+AES-128-CCM:+AEAD",
-        "+DHE-RSA:+AES-256-CCM:+AEAD",
-        "+RSA:+AES-128-CCM-8:+AEAD",
-        "+RSA:+AES-256-CCM-8:+AEAD",
-        "+DHE-RSA:+AES-128-CCM-8:+AEAD",
-        "+DHE-RSA:+AES-256-CCM-8:+AEAD",
-
-        "+DHE-PSK:+3DES-CBC:+SHA1",
-        "+DHE-PSK:+AES-128-CBC:+SHA1",
-        "+DHE-PSK:+AES-256-CBC:+SHA1",
-
-        "+ECDHE-PSK:+AES-256-CBC:+SHA1",
-        "+ECDHE-PSK:+AES-128-CBC:+SHA1",
-        "+ECDHE-PSK:+3DES-CBC:+SHA1",
-        "+RSA-PSK:+3DES-CBC:+SHA1",
-        "+RSA-PSK:+AES-256-CBC:+SHA1",
-        "+RSA-PSK:+AES-128-CBC:+SHA1",
-
-        "+ECDHE-PSK:+AES-256-CBC:+SHA384",
-        "+ECDHE-PSK:+CAMELLIA-256-CBC:+SHA384",
-        "+ECDHE-PSK:+AES-128-CBC:+SHA256",
-        "+ECDHE-PSK:+CAMELLIA-128-CBC:+SHA256",
-        "+ECDHE-PSK:+NULL:+SHA384",
-        "+ECDHE-PSK:+NULL:+SHA256",
-        "+PSK:+AES-128-CBC:+SHA256",
-        "+PSK:+AES-256-CBC:+SHA384",
-        "+DHE-PSK:+AES-128-CBC:+SHA256",
-        "+DHE-PSK:+AES-256-CBC:+SHA384",
-        "+PSK:+NULL:+SHA256",
-        "+PSK:+NULL:+SHA384",
-        "+DHE-PSK:+NULL:+SHA256",
-        "+DHE-PSK:+NULL:+SHA384",
-        "+RSA-PSK:+AES-256-CBC:+SHA384",
-        "+RSA-PSK:+AES-128-CBC:+SHA256",
-        "+RSA-PSK:+NULL:+SHA256",
-        "+RSA-PSK:+NULL:+SHA384",
-        "+DHE-PSK:+CAMELLIA-128-CBC:+SHA256",
-        "+DHE-PSK:+CAMELLIA-256-CBC:+SHA384",
-        "+PSK:+CAMELLIA-128-CBC:+SHA256",
-        "+PSK:+CAMELLIA-256-CBC:+SHA384",
-        "+RSA-PSK:+CAMELLIA-256-CBC:+SHA384",
-        "+RSA-PSK:+CAMELLIA-128-CBC:+SHA256",
-        "+PSK:+AES-128-GCM:+AEAD",
-        "+PSK:+AES-256-GCM:+AEAD",
-        "+DHE-PSK:+AES-128-GCM:+AEAD",
-        "+DHE-PSK:+AES-256-GCM:+AEAD",
-        "+PSK:+AES-128-CCM:+AEAD",
-        "+PSK:+AES-256-CCM:+AEAD",
-        "+DHE-PSK:+AES-128-CCM:+AEAD",
-        "+DHE-PSK:+AES-256-CCM:+AEAD",
-        "+PSK:+AES-128-CCM-8:+AEAD",
-        "+PSK:+AES-256-CCM-8:+AEAD",
-        "+DHE-PSK:+AES-128-CCM-8:+AEAD",
-        "+DHE-PSK:+AES-256-CCM-8:+AEAD",
-        "+RSA-PSK:+CAMELLIA-128-GCM:+AEAD",
-        "+RSA-PSK:+CAMELLIA-256-GCM:+AEAD",
-        "+PSK:+CAMELLIA-128-GCM:+AEAD",
-        "+PSK:+CAMELLIA-256-GCM:+AEAD",
-        "+DHE-PSK:+CAMELLIA-128-GCM:+AEAD",
-        "+DHE-PSK:+CAMELLIA-256-GCM:+AEAD",
-        "+RSA-PSK:+AES-256-GCM:+AEAD",
-        "+RSA-PSK:+AES-128-GCM:+AEAD",
-    ]
-
-    for m, g_exp in zip(m_ciphers, g_ciphers):
-
-        g = translate_gnutls(m)
-        assert_equal(g, g_exp)
+        if o_exp != None:
+            o = translate_ossl(m)
+            assert_equal(o, o_exp)
 
 test_all_common()
-test_mbedtls_ossl_common()
-test_mbedtls_gnutls_common()
diff --git a/tests/scripts/translate_ciphers.py b/tests/scripts/translate_ciphers.py
index 66c878ac39..39339c3d23 100755
--- a/tests/scripts/translate_ciphers.py
+++ b/tests/scripts/translate_ciphers.py
@@ -21,15 +21,13 @@
 Translate ciphersuite names in MBedTLS format to OpenSSL and GNUTLS
 standards.
 
-Format and analyse strings past in via input arguments to match
-the expected strings utilised in compat.sh.
-
 sys.argv[1] should be "g" or "o" for GNUTLS or OpenSSL.
 sys.argv[2] should be a string containing one or more ciphersuite names.
 """
 
 import re
 import sys
+import argparse
 
 def translate_gnutls(m_cipher):
     """
@@ -37,27 +35,25 @@ def translate_gnutls(m_cipher):
     and return the GnuTLS naming convention
     """
 
-    # Remove "TLS-"
-    # Replace "-WITH-" with ":+"
-    # Remove "EDE"
-    m_cipher = "+" + m_cipher[4:]
+    m_cipher = re.sub(r'\ATLS-', '+', m_cipher)
     m_cipher = m_cipher.replace("-WITH-", ":+")
     m_cipher = m_cipher.replace("-EDE", "")
 
-    # SHA == SHA1, if the last 3 chars are SHA append 1
+    # SHA in Mbed TLS == SHA1 GnuTLS,
+    # if the last 3 chars are SHA append 1
     if m_cipher[-3:] == "SHA":
         m_cipher = m_cipher+"1"
 
     # CCM or CCM-8 should be followed by ":+AEAD"
-    if "CCM" in m_cipher:
+    # Replace "GCM:+SHAxyz" with "GCM:+AEAD"
+    if "CCM" in m_cipher or "GCM" in m_cipher:
+        m_cipher = re.sub(r"GCM-SHA\d\d\d", "GCM", m_cipher)
         m_cipher = m_cipher+":+AEAD"
 
     # Replace the last "-" with ":+"
-    # Replace "GCM:+SHAxyz" with "GCM:+AEAD"
     else:
         index = m_cipher.rindex("-")
-        m_cipher = m_cipher[:index]+":+"+m_cipher[index+1:]
-        m_cipher = re.sub(r"GCM\:\+SHA\d\d\d", "GCM:+AEAD", m_cipher)
+        m_cipher = m_cipher[:index] + ":+" + m_cipher[index+1:]
 
     return m_cipher
 
@@ -67,9 +63,7 @@ def translate_ossl(m_cipher):
     and return the OpenSSL naming convention
     """
 
-    # Remove "TLS-"
-    # Remove "WITH"
-    m_cipher = m_cipher[4:]
+    m_cipher = re.sub(r'^TLS-', '', m_cipher)
     m_cipher = m_cipher.replace("-WITH", "")
 
     # Remove the "-" from "ABC-xyz"
@@ -78,8 +72,7 @@ def translate_ossl(m_cipher):
     m_cipher = m_cipher.replace("ARIA-", "ARIA")
 
     # Remove "RSA" if it is at the beginning
-    if m_cipher[:4] == "RSA-":
-        m_cipher = m_cipher[4:]
+    m_cipher = re.sub(r'^RSA-', r'', m_cipher)
 
     # For all circumstances outside of PSK
     if "PSK" not in m_cipher:
@@ -87,10 +80,7 @@ def translate_ossl(m_cipher):
         m_cipher = m_cipher.replace("3DES-CBC", "DES-CBC3")
 
         # Remove "CBC" if it is not prefixed by DES
-        if "CBC" in m_cipher:
-            index = m_cipher.rindex("CBC")
-            if m_cipher[index-4:index-1] != "DES":
-                m_cipher = m_cipher.replace("CBC-", "")
+        m_cipher = re.sub(r'(?<!DES-)CBC-', r'', m_cipher)
 
     # ECDHE-RSA-ARIA does not exist in OpenSSL
     m_cipher = m_cipher.replace("ECDHE-RSA-ARIA", "ECDHE-ARIA")
@@ -106,23 +96,16 @@ def translate_ossl(m_cipher):
 
     return m_cipher
 
-def format_ciphersuite_names(mode, ciphers):
-    try:
-        t = {"g": translate_gnutls, "o": translate_ossl}[mode]
-        return " ".join(t(c) for c in ciphers.split())
-    except (KeyError) as e:
-        print(e)
-        print("Incorrect use of argument 1, should be either \"g\" or \"o\"")
-        sys.exit(1)
+def format_ciphersuite_names(mode, names):
+    t = {"g": translate_gnutls, "o": translate_ossl}[mode]
+    return " ".join(t(c) for c in names)
 
-def main():
-    if len(sys.argv) != 3:
-        print("""Incorrect number of arguments.
-The first argument with either an \"o\" for OpenSSL or \"g\" for GNUTLS.
-The second argument should a single space seperated string of MBedTLS ciphersuite names""")
-        sys.exit(1)
-    print(format_ciphersuite_names(sys.argv[1], sys.argv[2]))
-    sys.exit(0)
+def main(target, names):
+    print(format_ciphersuite_names(target, names))
 
 if __name__ == "__main__":
-    main()
+    PARSER = argparse.ArgumentParser()
+    PARSER.add_argument('target', metavar='TARGET', choices=['o', 'g'])
+    PARSER.add_argument('names', metavar='NAMES', nargs='+')
+    ARGS = PARSER.parse_args()
+    main(ARGS.target, ARGS.names)

From a3d991c3d049d35ba21d53921d59a2d8bd1944bd Mon Sep 17 00:00:00 2001
From: Joe Subbiani <joe.subbiani@arm.com>
Date: Fri, 30 Jul 2021 17:47:52 +0100
Subject: [PATCH 444/966] Improve python coding style

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
---
 tests/scripts/test_translate_ciphers_names.py | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/tests/scripts/test_translate_ciphers_names.py b/tests/scripts/test_translate_ciphers_names.py
index 33ad4e3db7..59ebef1d46 100755
--- a/tests/scripts/test_translate_ciphers_names.py
+++ b/tests/scripts/test_translate_ciphers_names.py
@@ -23,7 +23,6 @@ Test translate_ciphers.py by running every Mbed TLS ciphersuite name
 combination through the translate functions and comparing them to their
 correct GNUTLS or OpenSSL counterpart.
 """
-import sys
 from translate_ciphers import translate_gnutls, translate_ossl
 
 def assert_equal(translate, original):
@@ -36,7 +35,7 @@ def assert_equal(translate, original):
         assert translate == original
     except AssertionError:
         print("%s\n%s\n" %(translate, original))
-        sys.exit(1)
+        raise AssertionError
 
 def test_all_common():
     """
@@ -498,11 +497,11 @@ def test_all_common():
 
     for m, g_exp, o_exp in ciphers:
 
-        if g_exp != None:
+        if g_exp is not None:
             g = translate_gnutls(m)
             assert_equal(g, g_exp)
 
-        if o_exp != None:
+        if o_exp is not None:
             o = translate_ossl(m)
             assert_equal(o, o_exp)
 

From f2de374fc1f16ffa0c9c0ee6612d2ada23e699fb Mon Sep 17 00:00:00 2001
From: Joe Subbiani <joe.subbiani@arm.com>
Date: Sat, 31 Jul 2021 11:37:25 +0100
Subject: [PATCH 445/966] Remove unused import

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
---
 tests/scripts/translate_ciphers.py | 1 -
 1 file changed, 1 deletion(-)

diff --git a/tests/scripts/translate_ciphers.py b/tests/scripts/translate_ciphers.py
index 39339c3d23..eec340735b 100755
--- a/tests/scripts/translate_ciphers.py
+++ b/tests/scripts/translate_ciphers.py
@@ -26,7 +26,6 @@ sys.argv[2] should be a string containing one or more ciphersuite names.
 """
 
 import re
-import sys
 import argparse
 
 def translate_gnutls(m_cipher):

From a25ffab4227326e314771235953e347b5257ff85 Mon Sep 17 00:00:00 2001
From: Joe Subbiani <joe.subbiani@arm.com>
Date: Fri, 6 Aug 2021 09:41:27 +0100
Subject: [PATCH 446/966] Integrate tests as unit tests into one file

Rather than having the tests seperated into different files, they were integrated
into translate_ciphers.py and can be run from root using:
`python -m unittest tests/scripts/translate_ciphers.py`

test_translate_ciphers_format.sh was originally made as a testing ground before
having the translation tool being implmented into compat.sh. Translating it to
python code makes it redundant and therefore it will be removed.

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
---
 tests/scripts/all.sh                          |   5 +-
 .../scripts/test_translate_ciphers_format.sh  | 125 ----
 tests/scripts/test_translate_ciphers_names.py | 508 -----------------
 tests/scripts/translate_ciphers.py            | 533 +++++++++++++++++-
 4 files changed, 533 insertions(+), 638 deletions(-)
 delete mode 100755 tests/scripts/test_translate_ciphers_format.sh
 delete mode 100755 tests/scripts/test_translate_ciphers_names.py

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index c3517b1403..fbb55db8e9 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -2750,9 +2750,8 @@ component_check_test_helpers () {
     # harmless info on stdout so it can be suppress with --quiet.
     ./tests/scripts/test_generate_test_code.py 2>&1
 
-    msg "test: translate_ciphers.py"
-    ./tests/scripts/test_translate_ciphers_format.sh
-    ./tests/scripts/test_translate_ciphers_names.py
+    msg "unit test: translate_ciphers.py"
+    python3 -m unittest tests/scripts/translate_ciphers.py 2>&1
 }
 
 ################################################################
diff --git a/tests/scripts/test_translate_ciphers_format.sh b/tests/scripts/test_translate_ciphers_format.sh
deleted file mode 100755
index 1dc7bbc0e8..0000000000
--- a/tests/scripts/test_translate_ciphers_format.sh
+++ /dev/null
@@ -1,125 +0,0 @@
-#!/bin/sh
-
-# test_translate_ciphers_format.sh
-#
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# Purpose
-#
-# Test translate_ciphers.py formatting by comparing the translated
-# ciphersuite names to the true names. As in compat.sh, the spaces between
-# the ciphersuite names are normalised.
-#
-# On fail, the translated cipher suite names do not match the correct ones.
-# In this case the difference will be printed in stdout.
-#
-# This files main purpose is to ensure translate_ciphers.py can take strings
-# in the expected format and return them in the format compat.sh will expect.
-
-set -eu
-
-if cd $( dirname $0 ); then :; else
-    echo "cd $( dirname $0 ) failed" >&2
-    exit 1
-fi
-
-fail=0
-
-# Initalize ciphers translated from Mbed TLS using translate_ciphers.py
-O_TRANSLATED_CIPHERS=""
-G_TRANSLATED_CIPHERS=""
-
-# Initalize ciphers that are known to be in the correct format
-O_CIPHERS=""
-G_CIPHERS=""
-
-# Mbed TLS ciphersuite names to be translated
-# into GnuTLS and OpenSSL
-CIPHERS="TLS-ECDHE-ECDSA-WITH-NULL-SHA      \
-    TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA   \
-    TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA    \
-    TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA    \
-    "
-
-G=$(./translate_ciphers.py g $CIPHERS) || fail=1
-G_TRANSLATED_CIPHERS="$G_TRANSLATED_CIPHERS $G"
-
-O=$(./translate_ciphers.py o $CIPHERS) || fail=1
-O_TRANSLATED_CIPHERS="$O_TRANSLATED_CIPHERS $O"
-
-G_CIPHERS="$G_CIPHERS                     \
-    +ECDHE-ECDSA:+NULL:+SHA1                \
-    +ECDHE-ECDSA:+3DES-CBC:+SHA1            \
-    +ECDHE-ECDSA:+AES-128-CBC:+SHA1         \
-    +ECDHE-ECDSA:+AES-256-CBC:+SHA1         \
-    "
-O_CIPHERS="$O_CIPHERS             \
-    ECDHE-ECDSA-NULL-SHA            \
-    ECDHE-ECDSA-DES-CBC3-SHA        \
-    ECDHE-ECDSA-AES128-SHA          \
-    ECDHE-ECDSA-AES256-SHA          \
-    "
-
-# Mbed TLS ciphersuite names to be translated
-# into GnuTLS and OpenSSL
-CIPHERS="TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256          \
-          TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384         \
-          TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256         \
-          TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384         \
-         "
-
-G=$(./translate_ciphers.py g $CIPHERS) || fail=1
-G_TRANSLATED_CIPHERS="$G_TRANSLATED_CIPHERS $G"
-
-O=$(./translate_ciphers.py o $CIPHERS) || fail=1
-O_TRANSLATED_CIPHERS="$O_TRANSLATED_CIPHERS $O"
-
-G_CIPHERS="$G_CIPHERS                             \
-    +ECDHE-ECDSA:+AES-128-CBC:+SHA256               \
-    +ECDHE-ECDSA:+AES-256-CBC:+SHA384               \
-    +ECDHE-ECDSA:+AES-128-GCM:+AEAD                 \
-    +ECDHE-ECDSA:+AES-256-GCM:+AEAD                 \
-    "
-O_CIPHERS="$O_CIPHERS             \
-    ECDHE-ECDSA-AES128-SHA256       \
-    ECDHE-ECDSA-AES256-SHA384       \
-    ECDHE-ECDSA-AES128-GCM-SHA256   \
-    ECDHE-ECDSA-AES256-GCM-SHA384   \
-    "
-
-# Normalise spacing
-G_TRANSLATED_CIPHERS=$( echo $G_TRANSLATED_CIPHERS )
-O_TRANSLATED_CIPHERS=$( echo $O_TRANSLATED_CIPHERS )
-
-G_CIPHERS=$( echo $G_CIPHERS )
-O_CIPHERS=$( echo $O_CIPHERS )
-
-# Compare the compat.sh names with the translated names
-# Upon fail, print them to view the differences
-if [ "$G_TRANSLATED_CIPHERS" != "$G_CIPHERS" ]
-then
-    echo "GnuTLS Translated:    $G_TRANSLATED_CIPHERS"
-    echo "GnuTLS Original:      $G_CIPHERS"
-    fail=1
-fi
-if [ "$O_TRANSLATED_CIPHERS" != "$O_CIPHERS" ]
-then
-    echo "OpenSSL Translated: $O_TRANSLATED_CIPHERS"
-    echo "OpenSSL Original:   $O_CIPHERS"
-    fail=1
-fi
-
-exit $fail
diff --git a/tests/scripts/test_translate_ciphers_names.py b/tests/scripts/test_translate_ciphers_names.py
deleted file mode 100755
index 59ebef1d46..0000000000
--- a/tests/scripts/test_translate_ciphers_names.py
+++ /dev/null
@@ -1,508 +0,0 @@
-#!/usr/bin/env python3
-
-# test_translate_ciphers_names.py
-#
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-"""
-Test translate_ciphers.py by running every Mbed TLS ciphersuite name
-combination through the translate functions and comparing them to their
-correct GNUTLS or OpenSSL counterpart.
-"""
-from translate_ciphers import translate_gnutls, translate_ossl
-
-def assert_equal(translate, original):
-    """
-    Compare the translated ciphersuite name against the original
-    On fail, print the mismatch on the screen to directly compare the
-    differences
-    """
-    try:
-        assert translate == original
-    except AssertionError:
-        print("%s\n%s\n" %(translate, original))
-        raise AssertionError
-
-def test_all_common():
-    """
-    Translate the Mbed TLS ciphersuite names to the common OpenSSL and
-    GnuTLS ciphersuite names, and compare them with the true, expected
-    corresponding OpenSSL and GnuTLS ciphersuite names
-    """
-    ciphers = [
-        ("TLS-ECDHE-ECDSA-WITH-NULL-SHA",
-         "+ECDHE-ECDSA:+NULL:+SHA1",
-         "ECDHE-ECDSA-NULL-SHA"),
-        ("TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA",
-         "+ECDHE-ECDSA:+3DES-CBC:+SHA1",
-         "ECDHE-ECDSA-DES-CBC3-SHA"),
-        ("TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA",
-         "+ECDHE-ECDSA:+AES-128-CBC:+SHA1",
-         "ECDHE-ECDSA-AES128-SHA"),
-        ("TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA",
-         "+ECDHE-ECDSA:+AES-256-CBC:+SHA1",
-         "ECDHE-ECDSA-AES256-SHA"),
-        ("TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256",
-         "+ECDHE-ECDSA:+AES-128-CBC:+SHA256",
-         "ECDHE-ECDSA-AES128-SHA256"),
-        ("TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384",
-         "+ECDHE-ECDSA:+AES-256-CBC:+SHA384",
-         "ECDHE-ECDSA-AES256-SHA384"),
-        ("TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256",
-         "+ECDHE-ECDSA:+AES-128-GCM:+AEAD",
-         "ECDHE-ECDSA-AES128-GCM-SHA256"),
-        ("TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384",
-         "+ECDHE-ECDSA:+AES-256-GCM:+AEAD",
-         "ECDHE-ECDSA-AES256-GCM-SHA384"),
-        ("TLS-DHE-RSA-WITH-AES-128-CBC-SHA",
-         "+DHE-RSA:+AES-128-CBC:+SHA1",
-         "DHE-RSA-AES128-SHA"),
-        ("TLS-DHE-RSA-WITH-AES-256-CBC-SHA",
-         "+DHE-RSA:+AES-256-CBC:+SHA1",
-         "DHE-RSA-AES256-SHA"),
-        ("TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA",
-         "+DHE-RSA:+CAMELLIA-128-CBC:+SHA1",
-         "DHE-RSA-CAMELLIA128-SHA"),
-        ("TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA",
-         "+DHE-RSA:+CAMELLIA-256-CBC:+SHA1",
-         "DHE-RSA-CAMELLIA256-SHA"),
-        ("TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA",
-         "+DHE-RSA:+3DES-CBC:+SHA1",
-         "EDH-RSA-DES-CBC3-SHA"),
-        ("TLS-RSA-WITH-AES-256-CBC-SHA",
-         "+RSA:+AES-256-CBC:+SHA1",
-         "AES256-SHA"),
-        ("TLS-RSA-WITH-CAMELLIA-256-CBC-SHA",
-         "+RSA:+CAMELLIA-256-CBC:+SHA1",
-         "CAMELLIA256-SHA"),
-        ("TLS-RSA-WITH-AES-128-CBC-SHA",
-         "+RSA:+AES-128-CBC:+SHA1",
-         "AES128-SHA"),
-        ("TLS-RSA-WITH-CAMELLIA-128-CBC-SHA",
-         "+RSA:+CAMELLIA-128-CBC:+SHA1",
-         "CAMELLIA128-SHA"),
-        ("TLS-RSA-WITH-3DES-EDE-CBC-SHA",
-         "+RSA:+3DES-CBC:+SHA1",
-         "DES-CBC3-SHA"),
-        ("TLS-RSA-WITH-NULL-MD5",
-         "+RSA:+NULL:+MD5",
-         "NULL-MD5"),
-        ("TLS-RSA-WITH-NULL-SHA",
-         "+RSA:+NULL:+SHA1",
-         "NULL-SHA"),
-        ("TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA",
-         "+ECDHE-RSA:+AES-128-CBC:+SHA1",
-         "ECDHE-RSA-AES128-SHA"),
-        ("TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA",
-         "+ECDHE-RSA:+AES-256-CBC:+SHA1",
-         "ECDHE-RSA-AES256-SHA"),
-        ("TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA",
-         "+ECDHE-RSA:+3DES-CBC:+SHA1",
-         "ECDHE-RSA-DES-CBC3-SHA"),
-        ("TLS-ECDHE-RSA-WITH-NULL-SHA",
-         "+ECDHE-RSA:+NULL:+SHA1",
-         "ECDHE-RSA-NULL-SHA"),
-        ("TLS-RSA-WITH-AES-128-CBC-SHA256",
-         "+RSA:+AES-128-CBC:+SHA256",
-         "AES128-SHA256"),
-        ("TLS-DHE-RSA-WITH-AES-128-CBC-SHA256",
-         "+DHE-RSA:+AES-128-CBC:+SHA256",
-         "DHE-RSA-AES128-SHA256"),
-        ("TLS-RSA-WITH-AES-256-CBC-SHA256",
-         "+RSA:+AES-256-CBC:+SHA256",
-         "AES256-SHA256"),
-        ("TLS-DHE-RSA-WITH-AES-256-CBC-SHA256",
-         "+DHE-RSA:+AES-256-CBC:+SHA256",
-         "DHE-RSA-AES256-SHA256"),
-        ("TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256",
-         "+ECDHE-RSA:+AES-128-CBC:+SHA256",
-         "ECDHE-RSA-AES128-SHA256"),
-        ("TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384",
-         "+ECDHE-RSA:+AES-256-CBC:+SHA384",
-         "ECDHE-RSA-AES256-SHA384"),
-        ("TLS-RSA-WITH-AES-128-GCM-SHA256",
-         "+RSA:+AES-128-GCM:+AEAD",
-         "AES128-GCM-SHA256"),
-        ("TLS-RSA-WITH-AES-256-GCM-SHA384",
-         "+RSA:+AES-256-GCM:+AEAD",
-         "AES256-GCM-SHA384"),
-        ("TLS-DHE-RSA-WITH-AES-128-GCM-SHA256",
-         "+DHE-RSA:+AES-128-GCM:+AEAD",
-         "DHE-RSA-AES128-GCM-SHA256"),
-        ("TLS-DHE-RSA-WITH-AES-256-GCM-SHA384",
-         "+DHE-RSA:+AES-256-GCM:+AEAD",
-         "DHE-RSA-AES256-GCM-SHA384"),
-        ("TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256",
-         "+ECDHE-RSA:+AES-128-GCM:+AEAD",
-         "ECDHE-RSA-AES128-GCM-SHA256"),
-        ("TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384",
-         "+ECDHE-RSA:+AES-256-GCM:+AEAD",
-         "ECDHE-RSA-AES256-GCM-SHA384"),
-        ("TLS-PSK-WITH-3DES-EDE-CBC-SHA",
-         "+PSK:+3DES-CBC:+SHA1",
-         "PSK-3DES-EDE-CBC-SHA"),
-        ("TLS-PSK-WITH-AES-128-CBC-SHA",
-         "+PSK:+AES-128-CBC:+SHA1",
-         "PSK-AES128-CBC-SHA"),
-        ("TLS-PSK-WITH-AES-256-CBC-SHA",
-         "+PSK:+AES-256-CBC:+SHA1",
-         "PSK-AES256-CBC-SHA"),
-
-        ("TLS-ECDH-ECDSA-WITH-NULL-SHA",
-         None,
-         "ECDH-ECDSA-NULL-SHA"),
-        ("TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA",
-         None,
-         "ECDH-ECDSA-DES-CBC3-SHA"),
-        ("TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA",
-         None,
-         "ECDH-ECDSA-AES128-SHA"),
-        ("TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA",
-         None,
-         "ECDH-ECDSA-AES256-SHA"),
-        ("TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256",
-         None,
-         "ECDH-ECDSA-AES128-SHA256"),
-        ("TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384",
-         None,
-         "ECDH-ECDSA-AES256-SHA384"),
-        ("TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256",
-         None,
-         "ECDH-ECDSA-AES128-GCM-SHA256"),
-        ("TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384",
-         None,
-         "ECDH-ECDSA-AES256-GCM-SHA384"),
-        ("TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384",
-         None,
-         "ECDHE-ECDSA-ARIA256-GCM-SHA384"),
-        ("TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256",
-         None,
-         "ECDHE-ECDSA-ARIA128-GCM-SHA256"),
-        ("TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256",
-         None,
-         "ECDHE-ECDSA-CHACHA20-POLY1305"),
-        ("TLS-RSA-WITH-DES-CBC-SHA",
-         None,
-         "DES-CBC-SHA"),
-        ("TLS-DHE-RSA-WITH-DES-CBC-SHA",
-         None,
-         "EDH-RSA-DES-CBC-SHA"),
-        ("TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384",
-         None,
-         "ECDHE-ARIA256-GCM-SHA384"),
-        ("TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384",
-         None,
-         "DHE-RSA-ARIA256-GCM-SHA384"),
-        ("TLS-RSA-WITH-ARIA-256-GCM-SHA384",
-         None,
-         "ARIA256-GCM-SHA384"),
-        ("TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256",
-         None,
-         "ECDHE-ARIA128-GCM-SHA256"),
-        ("TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256",
-         None,
-         "DHE-RSA-ARIA128-GCM-SHA256"),
-        ("TLS-RSA-WITH-ARIA-128-GCM-SHA256",
-         None,
-         "ARIA128-GCM-SHA256"),
-        ("TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
-         None,
-         "DHE-RSA-CHACHA20-POLY1305"),
-        ("TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
-         None,
-         "ECDHE-RSA-CHACHA20-POLY1305"),
-        ("TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384",
-         None,
-         "DHE-PSK-ARIA256-GCM-SHA384"),
-        ("TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256",
-         None,
-         "DHE-PSK-ARIA128-GCM-SHA256"),
-        ("TLS-PSK-WITH-ARIA-256-GCM-SHA384",
-         None,
-         "PSK-ARIA256-GCM-SHA384"),
-        ("TLS-PSK-WITH-ARIA-128-GCM-SHA256",
-         None,
-         "PSK-ARIA128-GCM-SHA256"),
-        ("TLS-PSK-WITH-CHACHA20-POLY1305-SHA256",
-         None,
-         "PSK-CHACHA20-POLY1305"),
-        ("TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256",
-         None,
-         "ECDHE-PSK-CHACHA20-POLY1305"),
-        ("TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256",
-         None,
-         "DHE-PSK-CHACHA20-POLY1305"),
-
-        ("TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
-         "+ECDHE-ECDSA:+CAMELLIA-128-CBC:+SHA256",
-         None),
-        ("TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
-         "+ECDHE-ECDSA:+CAMELLIA-256-CBC:+SHA384",
-         None),
-        ("TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256",
-         "+ECDHE-ECDSA:+CAMELLIA-128-GCM:+AEAD",
-         None),
-        ("TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384",
-         "+ECDHE-ECDSA:+CAMELLIA-256-GCM:+AEAD",
-         None),
-        ("TLS-ECDHE-ECDSA-WITH-AES-128-CCM",
-         "+ECDHE-ECDSA:+AES-128-CCM:+AEAD",
-         None),
-        ("TLS-ECDHE-ECDSA-WITH-AES-256-CCM",
-         "+ECDHE-ECDSA:+AES-256-CCM:+AEAD",
-         None),
-        ("TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8",
-         "+ECDHE-ECDSA:+AES-128-CCM-8:+AEAD",
-         None),
-        ("TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8",
-         "+ECDHE-ECDSA:+AES-256-CCM-8:+AEAD",
-         None),
-        ("TLS-RSA-WITH-NULL-SHA256",
-         "+RSA:+NULL:+SHA256",
-         None),
-        ("TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
-         "+ECDHE-RSA:+CAMELLIA-128-CBC:+SHA256",
-         None),
-        ("TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384",
-         "+ECDHE-RSA:+CAMELLIA-256-CBC:+SHA384",
-         None),
-        ("TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256",
-         "+RSA:+CAMELLIA-128-CBC:+SHA256",
-         None),
-        ("TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256",
-         "+RSA:+CAMELLIA-256-CBC:+SHA256",
-         None),
-        ("TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
-         "+DHE-RSA:+CAMELLIA-128-CBC:+SHA256",
-         None),
-        ("TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256",
-         "+DHE-RSA:+CAMELLIA-256-CBC:+SHA256",
-         None),
-        ("TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
-         "+ECDHE-RSA:+CAMELLIA-128-GCM:+AEAD",
-         None),
-        ("TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
-         "+ECDHE-RSA:+CAMELLIA-256-GCM:+AEAD",
-         None),
-        ("TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
-         "+DHE-RSA:+CAMELLIA-128-GCM:+AEAD",
-         None),
-        ("TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
-         "+DHE-RSA:+CAMELLIA-256-GCM:+AEAD",
-         None),
-        ("TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256",
-         "+RSA:+CAMELLIA-128-GCM:+AEAD",
-         None),
-        ("TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384",
-         "+RSA:+CAMELLIA-256-GCM:+AEAD",
-         None),
-        ("TLS-RSA-WITH-AES-128-CCM",
-         "+RSA:+AES-128-CCM:+AEAD",
-         None),
-        ("TLS-RSA-WITH-AES-256-CCM",
-         "+RSA:+AES-256-CCM:+AEAD",
-         None),
-        ("TLS-DHE-RSA-WITH-AES-128-CCM",
-         "+DHE-RSA:+AES-128-CCM:+AEAD",
-         None),
-        ("TLS-DHE-RSA-WITH-AES-256-CCM",
-         "+DHE-RSA:+AES-256-CCM:+AEAD",
-         None),
-        ("TLS-RSA-WITH-AES-128-CCM-8",
-         "+RSA:+AES-128-CCM-8:+AEAD",
-         None),
-        ("TLS-RSA-WITH-AES-256-CCM-8",
-         "+RSA:+AES-256-CCM-8:+AEAD",
-         None),
-        ("TLS-DHE-RSA-WITH-AES-128-CCM-8",
-         "+DHE-RSA:+AES-128-CCM-8:+AEAD",
-         None),
-        ("TLS-DHE-RSA-WITH-AES-256-CCM-8",
-         "+DHE-RSA:+AES-256-CCM-8:+AEAD",
-         None),
-        ("TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA",
-         "+DHE-PSK:+3DES-CBC:+SHA1",
-         None),
-        ("TLS-DHE-PSK-WITH-AES-128-CBC-SHA",
-         "+DHE-PSK:+AES-128-CBC:+SHA1",
-         None),
-        ("TLS-DHE-PSK-WITH-AES-256-CBC-SHA",
-         "+DHE-PSK:+AES-256-CBC:+SHA1",
-         None),
-        ("TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA",
-         "+ECDHE-PSK:+AES-256-CBC:+SHA1",
-         None),
-        ("TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA",
-         "+ECDHE-PSK:+AES-128-CBC:+SHA1",
-         None),
-        ("TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA",
-         "+ECDHE-PSK:+3DES-CBC:+SHA1",
-         None),
-        ("TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA",
-         "+RSA-PSK:+3DES-CBC:+SHA1",
-         None),
-        ("TLS-RSA-PSK-WITH-AES-256-CBC-SHA",
-         "+RSA-PSK:+AES-256-CBC:+SHA1",
-         None),
-        ("TLS-RSA-PSK-WITH-AES-128-CBC-SHA",
-         "+RSA-PSK:+AES-128-CBC:+SHA1",
-         None),
-        ("TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384",
-         "+ECDHE-PSK:+AES-256-CBC:+SHA384",
-         None),
-        ("TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
-         "+ECDHE-PSK:+CAMELLIA-256-CBC:+SHA384",
-         None),
-        ("TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256",
-         "+ECDHE-PSK:+AES-128-CBC:+SHA256",
-         None),
-        ("TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
-         "+ECDHE-PSK:+CAMELLIA-128-CBC:+SHA256",
-         None),
-        ("TLS-ECDHE-PSK-WITH-NULL-SHA384",
-         "+ECDHE-PSK:+NULL:+SHA384",
-         None),
-        ("TLS-ECDHE-PSK-WITH-NULL-SHA256",
-         "+ECDHE-PSK:+NULL:+SHA256",
-         None),
-        ("TLS-PSK-WITH-AES-128-CBC-SHA256",
-         "+PSK:+AES-128-CBC:+SHA256",
-         None),
-        ("TLS-PSK-WITH-AES-256-CBC-SHA384",
-         "+PSK:+AES-256-CBC:+SHA384",
-         None),
-        ("TLS-DHE-PSK-WITH-AES-128-CBC-SHA256",
-         "+DHE-PSK:+AES-128-CBC:+SHA256",
-         None),
-        ("TLS-DHE-PSK-WITH-AES-256-CBC-SHA384",
-         "+DHE-PSK:+AES-256-CBC:+SHA384",
-         None),
-        ("TLS-PSK-WITH-NULL-SHA256",
-         "+PSK:+NULL:+SHA256",
-         None),
-        ("TLS-PSK-WITH-NULL-SHA384",
-         "+PSK:+NULL:+SHA384",
-         None),
-        ("TLS-DHE-PSK-WITH-NULL-SHA256",
-         "+DHE-PSK:+NULL:+SHA256",
-         None),
-        ("TLS-DHE-PSK-WITH-NULL-SHA384",
-         "+DHE-PSK:+NULL:+SHA384",
-         None),
-        ("TLS-RSA-PSK-WITH-AES-256-CBC-SHA384",
-         "+RSA-PSK:+AES-256-CBC:+SHA384",
-         None),
-        ("TLS-RSA-PSK-WITH-AES-128-CBC-SHA256",
-         "+RSA-PSK:+AES-128-CBC:+SHA256",
-         None),
-        ("TLS-RSA-PSK-WITH-NULL-SHA256",
-         "+RSA-PSK:+NULL:+SHA256",
-         None),
-        ("TLS-RSA-PSK-WITH-NULL-SHA384",
-         "+RSA-PSK:+NULL:+SHA384",
-         None),
-        ("TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
-         "+DHE-PSK:+CAMELLIA-128-CBC:+SHA256",
-         None),
-        ("TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
-         "+DHE-PSK:+CAMELLIA-256-CBC:+SHA384",
-         None),
-        ("TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256",
-         "+PSK:+CAMELLIA-128-CBC:+SHA256",
-         None),
-        ("TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384",
-         "+PSK:+CAMELLIA-256-CBC:+SHA384",
-         None),
-        ("TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384",
-         "+RSA-PSK:+CAMELLIA-256-CBC:+SHA384",
-         None),
-        ("TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256",
-         "+RSA-PSK:+CAMELLIA-128-CBC:+SHA256",
-         None),
-        ("TLS-PSK-WITH-AES-128-GCM-SHA256",
-         "+PSK:+AES-128-GCM:+AEAD",
-         None),
-        ("TLS-PSK-WITH-AES-256-GCM-SHA384",
-         "+PSK:+AES-256-GCM:+AEAD",
-         None),
-        ("TLS-DHE-PSK-WITH-AES-128-GCM-SHA256",
-         "+DHE-PSK:+AES-128-GCM:+AEAD",
-         None),
-        ("TLS-DHE-PSK-WITH-AES-256-GCM-SHA384",
-         "+DHE-PSK:+AES-256-GCM:+AEAD",
-         None),
-        ("TLS-PSK-WITH-AES-128-CCM",
-         "+PSK:+AES-128-CCM:+AEAD",
-         None),
-        ("TLS-PSK-WITH-AES-256-CCM",
-         "+PSK:+AES-256-CCM:+AEAD",
-         None),
-        ("TLS-DHE-PSK-WITH-AES-128-CCM",
-         "+DHE-PSK:+AES-128-CCM:+AEAD",
-         None),
-        ("TLS-DHE-PSK-WITH-AES-256-CCM",
-         "+DHE-PSK:+AES-256-CCM:+AEAD",
-         None),
-        ("TLS-PSK-WITH-AES-128-CCM-8",
-         "+PSK:+AES-128-CCM-8:+AEAD",
-         None),
-        ("TLS-PSK-WITH-AES-256-CCM-8",
-         "+PSK:+AES-256-CCM-8:+AEAD",
-         None),
-        ("TLS-DHE-PSK-WITH-AES-128-CCM-8",
-         "+DHE-PSK:+AES-128-CCM-8:+AEAD",
-         None),
-        ("TLS-DHE-PSK-WITH-AES-256-CCM-8",
-         "+DHE-PSK:+AES-256-CCM-8:+AEAD",
-         None),
-        ("TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256",
-         "+RSA-PSK:+CAMELLIA-128-GCM:+AEAD",
-         None),
-        ("TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384",
-         "+RSA-PSK:+CAMELLIA-256-GCM:+AEAD",
-         None),
-        ("TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256",
-         "+PSK:+CAMELLIA-128-GCM:+AEAD",
-         None),
-        ("TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384",
-         "+PSK:+CAMELLIA-256-GCM:+AEAD",
-         None),
-        ("TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256",
-         "+DHE-PSK:+CAMELLIA-128-GCM:+AEAD",
-         None),
-        ("TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384",
-         "+DHE-PSK:+CAMELLIA-256-GCM:+AEAD",
-         None),
-        ("TLS-RSA-PSK-WITH-AES-256-GCM-SHA384",
-         "+RSA-PSK:+AES-256-GCM:+AEAD",
-         None),
-        ("TLS-RSA-PSK-WITH-AES-128-GCM-SHA256",
-         "+RSA-PSK:+AES-128-GCM:+AEAD",
-         None),
-    ]
-
-    for m, g_exp, o_exp in ciphers:
-
-        if g_exp is not None:
-            g = translate_gnutls(m)
-            assert_equal(g, g_exp)
-
-        if o_exp is not None:
-            o = translate_ossl(m)
-            assert_equal(o, o_exp)
-
-test_all_common()
diff --git a/tests/scripts/translate_ciphers.py b/tests/scripts/translate_ciphers.py
index eec340735b..44ffb400bb 100755
--- a/tests/scripts/translate_ciphers.py
+++ b/tests/scripts/translate_ciphers.py
@@ -21,12 +21,541 @@
 Translate ciphersuite names in MBedTLS format to OpenSSL and GNUTLS
 standards.
 
-sys.argv[1] should be "g" or "o" for GNUTLS or OpenSSL.
-sys.argv[2] should be a string containing one or more ciphersuite names.
+To test the translation functions run:
+python3 -m unittest translate_cipher.py
 """
 
 import re
 import argparse
+import unittest
+
+class TestTranslateCiphers(unittest.TestCase):
+    """
+    Ensure translate_ciphers.py translates and formats ciphersuite names
+    correctly
+    """
+    def test_translate_all_cipher_names(self):
+        """
+        Translate the Mbed TLS ciphersuite names to the common OpenSSL and
+        GnuTLS ciphersuite names, and compare them with the true, expected
+        corresponding OpenSSL and GnuTLS ciphersuite names
+        """
+        ciphers = [
+            ("TLS-ECDHE-ECDSA-WITH-NULL-SHA",
+             "+ECDHE-ECDSA:+NULL:+SHA1",
+             "ECDHE-ECDSA-NULL-SHA"),
+            ("TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA",
+             "+ECDHE-ECDSA:+3DES-CBC:+SHA1",
+             "ECDHE-ECDSA-DES-CBC3-SHA"),
+            ("TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA",
+             "+ECDHE-ECDSA:+AES-128-CBC:+SHA1",
+             "ECDHE-ECDSA-AES128-SHA"),
+            ("TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA",
+             "+ECDHE-ECDSA:+AES-256-CBC:+SHA1",
+             "ECDHE-ECDSA-AES256-SHA"),
+            ("TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256",
+             "+ECDHE-ECDSA:+AES-128-CBC:+SHA256",
+             "ECDHE-ECDSA-AES128-SHA256"),
+            ("TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384",
+             "+ECDHE-ECDSA:+AES-256-CBC:+SHA384",
+             "ECDHE-ECDSA-AES256-SHA384"),
+            ("TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256",
+             "+ECDHE-ECDSA:+AES-128-GCM:+AEAD",
+             "ECDHE-ECDSA-AES128-GCM-SHA256"),
+            ("TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384",
+             "+ECDHE-ECDSA:+AES-256-GCM:+AEAD",
+             "ECDHE-ECDSA-AES256-GCM-SHA384"),
+            ("TLS-DHE-RSA-WITH-AES-128-CBC-SHA",
+             "+DHE-RSA:+AES-128-CBC:+SHA1",
+             "DHE-RSA-AES128-SHA"),
+            ("TLS-DHE-RSA-WITH-AES-256-CBC-SHA",
+             "+DHE-RSA:+AES-256-CBC:+SHA1",
+             "DHE-RSA-AES256-SHA"),
+            ("TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA",
+             "+DHE-RSA:+CAMELLIA-128-CBC:+SHA1",
+             "DHE-RSA-CAMELLIA128-SHA"),
+            ("TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA",
+             "+DHE-RSA:+CAMELLIA-256-CBC:+SHA1",
+             "DHE-RSA-CAMELLIA256-SHA"),
+            ("TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA",
+             "+DHE-RSA:+3DES-CBC:+SHA1",
+             "EDH-RSA-DES-CBC3-SHA"),
+            ("TLS-RSA-WITH-AES-256-CBC-SHA",
+             "+RSA:+AES-256-CBC:+SHA1",
+             "AES256-SHA"),
+            ("TLS-RSA-WITH-CAMELLIA-256-CBC-SHA",
+             "+RSA:+CAMELLIA-256-CBC:+SHA1",
+             "CAMELLIA256-SHA"),
+            ("TLS-RSA-WITH-AES-128-CBC-SHA",
+             "+RSA:+AES-128-CBC:+SHA1",
+             "AES128-SHA"),
+            ("TLS-RSA-WITH-CAMELLIA-128-CBC-SHA",
+             "+RSA:+CAMELLIA-128-CBC:+SHA1",
+             "CAMELLIA128-SHA"),
+            ("TLS-RSA-WITH-3DES-EDE-CBC-SHA",
+             "+RSA:+3DES-CBC:+SHA1",
+             "DES-CBC3-SHA"),
+            ("TLS-RSA-WITH-NULL-MD5",
+             "+RSA:+NULL:+MD5",
+             "NULL-MD5"),
+            ("TLS-RSA-WITH-NULL-SHA",
+             "+RSA:+NULL:+SHA1",
+             "NULL-SHA"),
+            ("TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA",
+             "+ECDHE-RSA:+AES-128-CBC:+SHA1",
+             "ECDHE-RSA-AES128-SHA"),
+            ("TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA",
+             "+ECDHE-RSA:+AES-256-CBC:+SHA1",
+             "ECDHE-RSA-AES256-SHA"),
+            ("TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA",
+             "+ECDHE-RSA:+3DES-CBC:+SHA1",
+             "ECDHE-RSA-DES-CBC3-SHA"),
+            ("TLS-ECDHE-RSA-WITH-NULL-SHA",
+             "+ECDHE-RSA:+NULL:+SHA1",
+             "ECDHE-RSA-NULL-SHA"),
+            ("TLS-RSA-WITH-AES-128-CBC-SHA256",
+             "+RSA:+AES-128-CBC:+SHA256",
+             "AES128-SHA256"),
+            ("TLS-DHE-RSA-WITH-AES-128-CBC-SHA256",
+             "+DHE-RSA:+AES-128-CBC:+SHA256",
+             "DHE-RSA-AES128-SHA256"),
+            ("TLS-RSA-WITH-AES-256-CBC-SHA256",
+             "+RSA:+AES-256-CBC:+SHA256",
+             "AES256-SHA256"),
+            ("TLS-DHE-RSA-WITH-AES-256-CBC-SHA256",
+             "+DHE-RSA:+AES-256-CBC:+SHA256",
+             "DHE-RSA-AES256-SHA256"),
+            ("TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256",
+             "+ECDHE-RSA:+AES-128-CBC:+SHA256",
+             "ECDHE-RSA-AES128-SHA256"),
+            ("TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384",
+             "+ECDHE-RSA:+AES-256-CBC:+SHA384",
+             "ECDHE-RSA-AES256-SHA384"),
+            ("TLS-RSA-WITH-AES-128-GCM-SHA256",
+             "+RSA:+AES-128-GCM:+AEAD",
+             "AES128-GCM-SHA256"),
+            ("TLS-RSA-WITH-AES-256-GCM-SHA384",
+             "+RSA:+AES-256-GCM:+AEAD",
+             "AES256-GCM-SHA384"),
+            ("TLS-DHE-RSA-WITH-AES-128-GCM-SHA256",
+             "+DHE-RSA:+AES-128-GCM:+AEAD",
+             "DHE-RSA-AES128-GCM-SHA256"),
+            ("TLS-DHE-RSA-WITH-AES-256-GCM-SHA384",
+             "+DHE-RSA:+AES-256-GCM:+AEAD",
+             "DHE-RSA-AES256-GCM-SHA384"),
+            ("TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256",
+             "+ECDHE-RSA:+AES-128-GCM:+AEAD",
+             "ECDHE-RSA-AES128-GCM-SHA256"),
+            ("TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384",
+             "+ECDHE-RSA:+AES-256-GCM:+AEAD",
+             "ECDHE-RSA-AES256-GCM-SHA384"),
+            ("TLS-PSK-WITH-3DES-EDE-CBC-SHA",
+             "+PSK:+3DES-CBC:+SHA1",
+             "PSK-3DES-EDE-CBC-SHA"),
+            ("TLS-PSK-WITH-AES-128-CBC-SHA",
+             "+PSK:+AES-128-CBC:+SHA1",
+             "PSK-AES128-CBC-SHA"),
+            ("TLS-PSK-WITH-AES-256-CBC-SHA",
+             "+PSK:+AES-256-CBC:+SHA1",
+             "PSK-AES256-CBC-SHA"),
+
+            ("TLS-ECDH-ECDSA-WITH-NULL-SHA",
+             None,
+             "ECDH-ECDSA-NULL-SHA"),
+            ("TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA",
+             None,
+             "ECDH-ECDSA-DES-CBC3-SHA"),
+            ("TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA",
+             None,
+             "ECDH-ECDSA-AES128-SHA"),
+            ("TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA",
+             None,
+             "ECDH-ECDSA-AES256-SHA"),
+            ("TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256",
+             None,
+             "ECDH-ECDSA-AES128-SHA256"),
+            ("TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384",
+             None,
+             "ECDH-ECDSA-AES256-SHA384"),
+            ("TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256",
+             None,
+             "ECDH-ECDSA-AES128-GCM-SHA256"),
+            ("TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384",
+             None,
+             "ECDH-ECDSA-AES256-GCM-SHA384"),
+            ("TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384",
+             None,
+             "ECDHE-ECDSA-ARIA256-GCM-SHA384"),
+            ("TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256",
+             None,
+             "ECDHE-ECDSA-ARIA128-GCM-SHA256"),
+            ("TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256",
+             None,
+             "ECDHE-ECDSA-CHACHA20-POLY1305"),
+            ("TLS-RSA-WITH-DES-CBC-SHA",
+             None,
+             "DES-CBC-SHA"),
+            ("TLS-DHE-RSA-WITH-DES-CBC-SHA",
+             None,
+             "EDH-RSA-DES-CBC-SHA"),
+            ("TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384",
+             None,
+             "ECDHE-ARIA256-GCM-SHA384"),
+            ("TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384",
+             None,
+             "DHE-RSA-ARIA256-GCM-SHA384"),
+            ("TLS-RSA-WITH-ARIA-256-GCM-SHA384",
+             None,
+             "ARIA256-GCM-SHA384"),
+            ("TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256",
+             None,
+             "ECDHE-ARIA128-GCM-SHA256"),
+            ("TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256",
+             None,
+             "DHE-RSA-ARIA128-GCM-SHA256"),
+            ("TLS-RSA-WITH-ARIA-128-GCM-SHA256",
+             None,
+             "ARIA128-GCM-SHA256"),
+            ("TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
+             None,
+             "DHE-RSA-CHACHA20-POLY1305"),
+            ("TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
+             None,
+             "ECDHE-RSA-CHACHA20-POLY1305"),
+            ("TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384",
+             None,
+             "DHE-PSK-ARIA256-GCM-SHA384"),
+            ("TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256",
+             None,
+             "DHE-PSK-ARIA128-GCM-SHA256"),
+            ("TLS-PSK-WITH-ARIA-256-GCM-SHA384",
+             None,
+             "PSK-ARIA256-GCM-SHA384"),
+            ("TLS-PSK-WITH-ARIA-128-GCM-SHA256",
+             None,
+             "PSK-ARIA128-GCM-SHA256"),
+            ("TLS-PSK-WITH-CHACHA20-POLY1305-SHA256",
+             None,
+             "PSK-CHACHA20-POLY1305"),
+            ("TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256",
+             None,
+             "ECDHE-PSK-CHACHA20-POLY1305"),
+            ("TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256",
+             None,
+             "DHE-PSK-CHACHA20-POLY1305"),
+
+            ("TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
+             "+ECDHE-ECDSA:+CAMELLIA-128-CBC:+SHA256",
+             None),
+            ("TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
+             "+ECDHE-ECDSA:+CAMELLIA-256-CBC:+SHA384",
+             None),
+            ("TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256",
+             "+ECDHE-ECDSA:+CAMELLIA-128-GCM:+AEAD",
+             None),
+            ("TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384",
+             "+ECDHE-ECDSA:+CAMELLIA-256-GCM:+AEAD",
+             None),
+            ("TLS-ECDHE-ECDSA-WITH-AES-128-CCM",
+             "+ECDHE-ECDSA:+AES-128-CCM:+AEAD",
+             None),
+            ("TLS-ECDHE-ECDSA-WITH-AES-256-CCM",
+             "+ECDHE-ECDSA:+AES-256-CCM:+AEAD",
+             None),
+            ("TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8",
+             "+ECDHE-ECDSA:+AES-128-CCM-8:+AEAD",
+             None),
+            ("TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8",
+             "+ECDHE-ECDSA:+AES-256-CCM-8:+AEAD",
+             None),
+            ("TLS-RSA-WITH-NULL-SHA256",
+             "+RSA:+NULL:+SHA256",
+             None),
+            ("TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
+             "+ECDHE-RSA:+CAMELLIA-128-CBC:+SHA256",
+             None),
+            ("TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384",
+             "+ECDHE-RSA:+CAMELLIA-256-CBC:+SHA384",
+             None),
+            ("TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256",
+             "+RSA:+CAMELLIA-128-CBC:+SHA256",
+             None),
+            ("TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256",
+             "+RSA:+CAMELLIA-256-CBC:+SHA256",
+             None),
+            ("TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
+             "+DHE-RSA:+CAMELLIA-128-CBC:+SHA256",
+             None),
+            ("TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256",
+             "+DHE-RSA:+CAMELLIA-256-CBC:+SHA256",
+             None),
+            ("TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
+             "+ECDHE-RSA:+CAMELLIA-128-GCM:+AEAD",
+             None),
+            ("TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
+             "+ECDHE-RSA:+CAMELLIA-256-GCM:+AEAD",
+             None),
+            ("TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
+             "+DHE-RSA:+CAMELLIA-128-GCM:+AEAD",
+             None),
+            ("TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
+             "+DHE-RSA:+CAMELLIA-256-GCM:+AEAD",
+             None),
+            ("TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256",
+             "+RSA:+CAMELLIA-128-GCM:+AEAD",
+             None),
+            ("TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384",
+             "+RSA:+CAMELLIA-256-GCM:+AEAD",
+             None),
+            ("TLS-RSA-WITH-AES-128-CCM",
+             "+RSA:+AES-128-CCM:+AEAD",
+             None),
+            ("TLS-RSA-WITH-AES-256-CCM",
+             "+RSA:+AES-256-CCM:+AEAD",
+             None),
+            ("TLS-DHE-RSA-WITH-AES-128-CCM",
+             "+DHE-RSA:+AES-128-CCM:+AEAD",
+             None),
+            ("TLS-DHE-RSA-WITH-AES-256-CCM",
+             "+DHE-RSA:+AES-256-CCM:+AEAD",
+             None),
+            ("TLS-RSA-WITH-AES-128-CCM-8",
+             "+RSA:+AES-128-CCM-8:+AEAD",
+             None),
+            ("TLS-RSA-WITH-AES-256-CCM-8",
+             "+RSA:+AES-256-CCM-8:+AEAD",
+             None),
+            ("TLS-DHE-RSA-WITH-AES-128-CCM-8",
+             "+DHE-RSA:+AES-128-CCM-8:+AEAD",
+             None),
+            ("TLS-DHE-RSA-WITH-AES-256-CCM-8",
+             "+DHE-RSA:+AES-256-CCM-8:+AEAD",
+             None),
+            ("TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA",
+             "+DHE-PSK:+3DES-CBC:+SHA1",
+             None),
+            ("TLS-DHE-PSK-WITH-AES-128-CBC-SHA",
+             "+DHE-PSK:+AES-128-CBC:+SHA1",
+             None),
+            ("TLS-DHE-PSK-WITH-AES-256-CBC-SHA",
+             "+DHE-PSK:+AES-256-CBC:+SHA1",
+             None),
+            ("TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA",
+             "+ECDHE-PSK:+AES-256-CBC:+SHA1",
+             None),
+            ("TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA",
+             "+ECDHE-PSK:+AES-128-CBC:+SHA1",
+             None),
+            ("TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA",
+             "+ECDHE-PSK:+3DES-CBC:+SHA1",
+             None),
+            ("TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA",
+             "+RSA-PSK:+3DES-CBC:+SHA1",
+             None),
+            ("TLS-RSA-PSK-WITH-AES-256-CBC-SHA",
+             "+RSA-PSK:+AES-256-CBC:+SHA1",
+             None),
+            ("TLS-RSA-PSK-WITH-AES-128-CBC-SHA",
+             "+RSA-PSK:+AES-128-CBC:+SHA1",
+             None),
+            ("TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384",
+             "+ECDHE-PSK:+AES-256-CBC:+SHA384",
+             None),
+            ("TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
+             "+ECDHE-PSK:+CAMELLIA-256-CBC:+SHA384",
+             None),
+            ("TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256",
+             "+ECDHE-PSK:+AES-128-CBC:+SHA256",
+             None),
+            ("TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
+             "+ECDHE-PSK:+CAMELLIA-128-CBC:+SHA256",
+             None),
+            ("TLS-ECDHE-PSK-WITH-NULL-SHA384",
+             "+ECDHE-PSK:+NULL:+SHA384",
+             None),
+            ("TLS-ECDHE-PSK-WITH-NULL-SHA256",
+             "+ECDHE-PSK:+NULL:+SHA256",
+             None),
+            ("TLS-PSK-WITH-AES-128-CBC-SHA256",
+             "+PSK:+AES-128-CBC:+SHA256",
+             None),
+            ("TLS-PSK-WITH-AES-256-CBC-SHA384",
+             "+PSK:+AES-256-CBC:+SHA384",
+             None),
+            ("TLS-DHE-PSK-WITH-AES-128-CBC-SHA256",
+             "+DHE-PSK:+AES-128-CBC:+SHA256",
+             None),
+            ("TLS-DHE-PSK-WITH-AES-256-CBC-SHA384",
+             "+DHE-PSK:+AES-256-CBC:+SHA384",
+             None),
+            ("TLS-PSK-WITH-NULL-SHA256",
+             "+PSK:+NULL:+SHA256",
+             None),
+            ("TLS-PSK-WITH-NULL-SHA384",
+             "+PSK:+NULL:+SHA384",
+             None),
+            ("TLS-DHE-PSK-WITH-NULL-SHA256",
+             "+DHE-PSK:+NULL:+SHA256",
+             None),
+            ("TLS-DHE-PSK-WITH-NULL-SHA384",
+             "+DHE-PSK:+NULL:+SHA384",
+             None),
+            ("TLS-RSA-PSK-WITH-AES-256-CBC-SHA384",
+             "+RSA-PSK:+AES-256-CBC:+SHA384",
+             None),
+            ("TLS-RSA-PSK-WITH-AES-128-CBC-SHA256",
+             "+RSA-PSK:+AES-128-CBC:+SHA256",
+             None),
+            ("TLS-RSA-PSK-WITH-NULL-SHA256",
+             "+RSA-PSK:+NULL:+SHA256",
+             None),
+            ("TLS-RSA-PSK-WITH-NULL-SHA384",
+             "+RSA-PSK:+NULL:+SHA384",
+             None),
+            ("TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
+             "+DHE-PSK:+CAMELLIA-128-CBC:+SHA256",
+             None),
+            ("TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
+             "+DHE-PSK:+CAMELLIA-256-CBC:+SHA384",
+             None),
+            ("TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256",
+             "+PSK:+CAMELLIA-128-CBC:+SHA256",
+             None),
+            ("TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384",
+             "+PSK:+CAMELLIA-256-CBC:+SHA384",
+             None),
+            ("TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384",
+             "+RSA-PSK:+CAMELLIA-256-CBC:+SHA384",
+             None),
+            ("TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256",
+             "+RSA-PSK:+CAMELLIA-128-CBC:+SHA256",
+             None),
+            ("TLS-PSK-WITH-AES-128-GCM-SHA256",
+             "+PSK:+AES-128-GCM:+AEAD",
+             None),
+            ("TLS-PSK-WITH-AES-256-GCM-SHA384",
+             "+PSK:+AES-256-GCM:+AEAD",
+             None),
+            ("TLS-DHE-PSK-WITH-AES-128-GCM-SHA256",
+             "+DHE-PSK:+AES-128-GCM:+AEAD",
+             None),
+            ("TLS-DHE-PSK-WITH-AES-256-GCM-SHA384",
+             "+DHE-PSK:+AES-256-GCM:+AEAD",
+             None),
+            ("TLS-PSK-WITH-AES-128-CCM",
+             "+PSK:+AES-128-CCM:+AEAD",
+             None),
+            ("TLS-PSK-WITH-AES-256-CCM",
+             "+PSK:+AES-256-CCM:+AEAD",
+             None),
+            ("TLS-DHE-PSK-WITH-AES-128-CCM",
+             "+DHE-PSK:+AES-128-CCM:+AEAD",
+             None),
+            ("TLS-DHE-PSK-WITH-AES-256-CCM",
+             "+DHE-PSK:+AES-256-CCM:+AEAD",
+             None),
+            ("TLS-PSK-WITH-AES-128-CCM-8",
+             "+PSK:+AES-128-CCM-8:+AEAD",
+             None),
+            ("TLS-PSK-WITH-AES-256-CCM-8",
+             "+PSK:+AES-256-CCM-8:+AEAD",
+             None),
+            ("TLS-DHE-PSK-WITH-AES-128-CCM-8",
+             "+DHE-PSK:+AES-128-CCM-8:+AEAD",
+             None),
+            ("TLS-DHE-PSK-WITH-AES-256-CCM-8",
+             "+DHE-PSK:+AES-256-CCM-8:+AEAD",
+             None),
+            ("TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256",
+             "+RSA-PSK:+CAMELLIA-128-GCM:+AEAD",
+             None),
+            ("TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384",
+             "+RSA-PSK:+CAMELLIA-256-GCM:+AEAD",
+             None),
+            ("TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256",
+             "+PSK:+CAMELLIA-128-GCM:+AEAD",
+             None),
+            ("TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384",
+             "+PSK:+CAMELLIA-256-GCM:+AEAD",
+             None),
+            ("TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256",
+             "+DHE-PSK:+CAMELLIA-128-GCM:+AEAD",
+             None),
+            ("TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384",
+             "+DHE-PSK:+CAMELLIA-256-GCM:+AEAD",
+             None),
+            ("TLS-RSA-PSK-WITH-AES-256-GCM-SHA384",
+             "+RSA-PSK:+AES-256-GCM:+AEAD",
+             None),
+            ("TLS-RSA-PSK-WITH-AES-128-GCM-SHA256",
+             "+RSA-PSK:+AES-128-GCM:+AEAD",
+             None),
+        ]
+
+        for m, g_exp, o_exp in ciphers:
+
+            if g_exp is not None:
+                g = translate_gnutls(m)
+                self.assertEqual(g, g_exp)
+
+            if o_exp is not None:
+                o = translate_ossl(m)
+                self.assertEqual(o, o_exp)
+
+    def test_cipher_format(self):
+        """
+        Ensure translate_ciphers.py can take names in the expected
+        format and return them in the format compat.sh will expect.
+        """
+        # Ciphers in Mbed TLS format
+        ciphers = "TLS-ECDHE-ECDSA-WITH-NULL-SHA                  \
+                   TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA          \
+                   TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA           \
+                   TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA           \
+                  "
+        ciphers = "%s                                             \
+                   TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256        \
+                   TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384        \
+                   TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256        \
+                   TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384        \
+                  " % ciphers
+
+        # Corresponding ciphers in GnuTLS format
+        g_ciphers = "+ECDHE-ECDSA:+NULL:+SHA1                \
+                     +ECDHE-ECDSA:+3DES-CBC:+SHA1            \
+                     +ECDHE-ECDSA:+AES-128-CBC:+SHA1         \
+                     +ECDHE-ECDSA:+AES-256-CBC:+SHA1         \
+                    "
+        g_ciphers = "%s                                      \
+                     +ECDHE-ECDSA:+AES-128-CBC:+SHA256       \
+                     +ECDHE-ECDSA:+AES-256-CBC:+SHA384       \
+                     +ECDHE-ECDSA:+AES-128-GCM:+AEAD         \
+                     +ECDHE-ECDSA:+AES-256-GCM:+AEAD         \
+                    " % g_ciphers
+
+        # Corresponding ciphers in OpenSSL format
+        o_ciphers = "ECDHE-ECDSA-NULL-SHA            \
+                     ECDHE-ECDSA-DES-CBC3-SHA        \
+                     ECDHE-ECDSA-AES128-SHA          \
+                     ECDHE-ECDSA-AES256-SHA          \
+                    "
+        o_ciphers = "%s                              \
+                     ECDHE-ECDSA-AES128-SHA256       \
+                     ECDHE-ECDSA-AES256-SHA384       \
+                     ECDHE-ECDSA-AES128-GCM-SHA256   \
+                     ECDHE-ECDSA-AES256-GCM-SHA384   \
+                    " % o_ciphers
+
+        # Translate ciphers in mbedtls format
+        g_translated = format_ciphersuite_names("g", ciphers.split())
+        o_translated = format_ciphersuite_names("o", ciphers.split())
+
+        # Normalise whitespace
+        g_ciphers = (" ").join(g_ciphers.split())
+        o_ciphers = (" ").join(o_ciphers.split())
+
+        self.assertEqual(g_translated, g_ciphers)
+        self.assertEqual(o_translated, o_ciphers)
 
 def translate_gnutls(m_cipher):
     """

From 79f579037044f66c2aa2adec586776af9aad59ef Mon Sep 17 00:00:00 2001
From: Joe Subbiani <joe.subbiani@arm.com>
Date: Fri, 6 Aug 2021 09:46:42 +0100
Subject: [PATCH 447/966] Remove test_translate_format()

As test_translate_ciphers_format.sh was made as a testing ground before
utilising translate_ciphers.py in compat.sh, once it was translated to
python code - as a unit test, it became redundant.

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
---
 tests/scripts/translate_ciphers.py | 55 ------------------------------
 1 file changed, 55 deletions(-)

diff --git a/tests/scripts/translate_ciphers.py b/tests/scripts/translate_ciphers.py
index 44ffb400bb..7bbc1d74d0 100755
--- a/tests/scripts/translate_ciphers.py
+++ b/tests/scripts/translate_ciphers.py
@@ -502,61 +502,6 @@ class TestTranslateCiphers(unittest.TestCase):
                 o = translate_ossl(m)
                 self.assertEqual(o, o_exp)
 
-    def test_cipher_format(self):
-        """
-        Ensure translate_ciphers.py can take names in the expected
-        format and return them in the format compat.sh will expect.
-        """
-        # Ciphers in Mbed TLS format
-        ciphers = "TLS-ECDHE-ECDSA-WITH-NULL-SHA                  \
-                   TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA          \
-                   TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA           \
-                   TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA           \
-                  "
-        ciphers = "%s                                             \
-                   TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256        \
-                   TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384        \
-                   TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256        \
-                   TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384        \
-                  " % ciphers
-
-        # Corresponding ciphers in GnuTLS format
-        g_ciphers = "+ECDHE-ECDSA:+NULL:+SHA1                \
-                     +ECDHE-ECDSA:+3DES-CBC:+SHA1            \
-                     +ECDHE-ECDSA:+AES-128-CBC:+SHA1         \
-                     +ECDHE-ECDSA:+AES-256-CBC:+SHA1         \
-                    "
-        g_ciphers = "%s                                      \
-                     +ECDHE-ECDSA:+AES-128-CBC:+SHA256       \
-                     +ECDHE-ECDSA:+AES-256-CBC:+SHA384       \
-                     +ECDHE-ECDSA:+AES-128-GCM:+AEAD         \
-                     +ECDHE-ECDSA:+AES-256-GCM:+AEAD         \
-                    " % g_ciphers
-
-        # Corresponding ciphers in OpenSSL format
-        o_ciphers = "ECDHE-ECDSA-NULL-SHA            \
-                     ECDHE-ECDSA-DES-CBC3-SHA        \
-                     ECDHE-ECDSA-AES128-SHA          \
-                     ECDHE-ECDSA-AES256-SHA          \
-                    "
-        o_ciphers = "%s                              \
-                     ECDHE-ECDSA-AES128-SHA256       \
-                     ECDHE-ECDSA-AES256-SHA384       \
-                     ECDHE-ECDSA-AES128-GCM-SHA256   \
-                     ECDHE-ECDSA-AES256-GCM-SHA384   \
-                    " % o_ciphers
-
-        # Translate ciphers in mbedtls format
-        g_translated = format_ciphersuite_names("g", ciphers.split())
-        o_translated = format_ciphersuite_names("o", ciphers.split())
-
-        # Normalise whitespace
-        g_ciphers = (" ").join(g_ciphers.split())
-        o_ciphers = (" ").join(o_ciphers.split())
-
-        self.assertEqual(g_translated, g_ciphers)
-        self.assertEqual(o_translated, o_ciphers)
-
 def translate_gnutls(m_cipher):
     """
     Translate m_cipher from MBedTLS ciphersuite naming convention

From 1d592cba5c0c6b8ca2db64718a05a0e01dd899d9 Mon Sep 17 00:00:00 2001
From: Joe Subbiani <joe.subbiani@arm.com>
Date: Fri, 13 Aug 2021 12:30:28 +0100
Subject: [PATCH 448/966] Remove NULL-SHA256 specific to OpenSSL

Instead add TLS-RSA-WITH-NULL-SHA256 to list of common ciphersuites.
It therefore has to be removed from GnuTLS as it could then duplicate.

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
---
 tests/compat.sh | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/tests/compat.sh b/tests/compat.sh
index 4e18fce2d2..dbd5e39009 100755
--- a/tests/compat.sh
+++ b/tests/compat.sh
@@ -313,8 +313,8 @@ add_common_ciphersuites()
                     TLS-DHE-RSA-WITH-AES-256-GCM-SHA384     \
                     TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256   \
                     TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384   \
+                    TLS-RSA-WITH-NULL-SHA256                \
                     "
-                O_CIPHERS="$O_CIPHERS NULL-SHA256"
             fi
             ;;
 
@@ -449,10 +449,6 @@ add_gnutls_ciphersuites()
             ;;
 
         "RSA")
-            if [ `minor_ver "$MODE"` -gt 0 ]
-            then
-                CIPHERS="$CIPHERS TLS-RSA-WITH-NULL-SHA256"
-            fi
             if [ `minor_ver "$MODE"` -ge 3 ]
             then
                 CIPHERS="$CIPHERS                               \

From b0aba9a46e4c327b0da97139e23fa477ed06fc75 Mon Sep 17 00:00:00 2001
From: Joe Subbiani <joe.subbiani@arm.com>
Date: Wed, 25 Aug 2021 09:56:57 +0100
Subject: [PATCH 449/966] Improve comments to be more accurate

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
---
 tests/compat.sh                    | 16 ++++++++--------
 tests/scripts/translate_ciphers.py |  6 +++---
 2 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/tests/compat.sh b/tests/compat.sh
index dbd5e39009..f4c611ae77 100755
--- a/tests/compat.sh
+++ b/tests/compat.sh
@@ -339,10 +339,10 @@ add_common_ciphersuites()
 }
 
 # Ciphersuites usable only with Mbed TLS and OpenSSL
-# Each ciphersuite is compiled case by case in the MBedTLS standard, and
-# is appended to the list of MBedTLS ciphersuites $M_CIPHERS. The same list
-# is translated to the OpenSSL naming standard and appended to the list of
-# OpenSSL ciphersuites $O_CIPHERS
+# A list of ciphersuites in the Mbed TLS convention is compiled and
+# appended to the list of Mbed TLS ciphersuites $M_CIPHERS. The same list
+# is translated to the OpenSSL naming convention and appended to the list of
+# OpenSSL ciphersuites $O_CIPHERS.
 #
 # NOTE: for some reason RSA-PSK doesn't work with OpenSSL,
 # so RSA-PSK ciphersuites need to go in other sections, see
@@ -423,10 +423,10 @@ add_openssl_ciphersuites()
 }
 
 # Ciphersuites usable only with Mbed TLS and GnuTLS
-# Each ciphersuite is compiled case by case in the MBedTLS standard, and
-# is appended to the list of MBedTLS ciphersuites $M_CIPHERS. The same list
-# is translated to the GnuTLS naming standard and appended to the list of
-# GnuTLS ciphersuites $G_CIPHERS
+# A list of ciphersuites in the Mbed TLS convention is compiled and
+# appended to the list of Mbed TLS ciphersuites $M_CIPHERS. The same list
+# is translated to the GnuTLS naming convention and appended to the list of
+# GnuTLS ciphersuites $G_CIPHERS.
 add_gnutls_ciphersuites()
 {
     CIPHERS=""
diff --git a/tests/scripts/translate_ciphers.py b/tests/scripts/translate_ciphers.py
index 7bbc1d74d0..6f6c5d8243 100755
--- a/tests/scripts/translate_ciphers.py
+++ b/tests/scripts/translate_ciphers.py
@@ -18,7 +18,7 @@
 # limitations under the License.
 
 """
-Translate ciphersuite names in MBedTLS format to OpenSSL and GNUTLS
+Translate ciphersuite names in Mbed TLS format to OpenSSL and GNUTLS
 standards.
 
 To test the translation functions run:
@@ -504,7 +504,7 @@ class TestTranslateCiphers(unittest.TestCase):
 
 def translate_gnutls(m_cipher):
     """
-    Translate m_cipher from MBedTLS ciphersuite naming convention
+    Translate m_cipher from Mbed TLS ciphersuite naming convention
     and return the GnuTLS naming convention
     """
 
@@ -532,7 +532,7 @@ def translate_gnutls(m_cipher):
 
 def translate_ossl(m_cipher):
     """
-    Translate m_cipher from MBedTLS ciphersuite naming convention
+    Translate m_cipher from Mbed TLS ciphersuite naming convention
     and return the OpenSSL naming convention
     """
 

From 54110b3b6f571b9e1195a3f1e4094bb24d1eafac Mon Sep 17 00:00:00 2001
From: Joe Subbiani <joe.subbiani@arm.com>
Date: Thu, 2 Sep 2021 13:02:29 +0100
Subject: [PATCH 450/966] Reduce translate_ciphers.py test list

Having a list of every ciphersuite suggests that it should be maintained with
any new ciphersuites that are added in the future. This in turn almost defeats
the purpose of having translation functions to begin with
Instead, the unit test now only test a much smaller subset of ciphersuite names
that exercise each stage in the OpenSSL and GnuTLS translate functions.
In the future, if a new cipersuite is added that requires an extra stage in
translation, then that cipher can be added to the test suite, otherwise it
should not be necessary.

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
---
 tests/scripts/translate_ciphers.py | 470 ++---------------------------
 1 file changed, 18 insertions(+), 452 deletions(-)

diff --git a/tests/scripts/translate_ciphers.py b/tests/scripts/translate_ciphers.py
index 6f6c5d8243..d04b8f32fa 100755
--- a/tests/scripts/translate_ciphers.py
+++ b/tests/scripts/translate_ciphers.py
@@ -36,460 +36,26 @@ class TestTranslateCiphers(unittest.TestCase):
     """
     def test_translate_all_cipher_names(self):
         """
-        Translate the Mbed TLS ciphersuite names to the common OpenSSL and
-        GnuTLS ciphersuite names, and compare them with the true, expected
-        corresponding OpenSSL and GnuTLS ciphersuite names
+        Translate MbedTLS ciphersuite names to their OpenSSL and
+        GnuTLS counterpart. Use only a small subset of ciphers
+        that exercise each step of the translate functions
         """
         ciphers = [
-            ("TLS-ECDHE-ECDSA-WITH-NULL-SHA",
-             "+ECDHE-ECDSA:+NULL:+SHA1",
-             "ECDHE-ECDSA-NULL-SHA"),
-            ("TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA",
-             "+ECDHE-ECDSA:+3DES-CBC:+SHA1",
-             "ECDHE-ECDSA-DES-CBC3-SHA"),
-            ("TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA",
-             "+ECDHE-ECDSA:+AES-128-CBC:+SHA1",
-             "ECDHE-ECDSA-AES128-SHA"),
-            ("TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA",
-             "+ECDHE-ECDSA:+AES-256-CBC:+SHA1",
-             "ECDHE-ECDSA-AES256-SHA"),
-            ("TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256",
-             "+ECDHE-ECDSA:+AES-128-CBC:+SHA256",
-             "ECDHE-ECDSA-AES128-SHA256"),
-            ("TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384",
-             "+ECDHE-ECDSA:+AES-256-CBC:+SHA384",
-             "ECDHE-ECDSA-AES256-SHA384"),
-            ("TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256",
-             "+ECDHE-ECDSA:+AES-128-GCM:+AEAD",
-             "ECDHE-ECDSA-AES128-GCM-SHA256"),
-            ("TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384",
-             "+ECDHE-ECDSA:+AES-256-GCM:+AEAD",
-             "ECDHE-ECDSA-AES256-GCM-SHA384"),
-            ("TLS-DHE-RSA-WITH-AES-128-CBC-SHA",
-             "+DHE-RSA:+AES-128-CBC:+SHA1",
-             "DHE-RSA-AES128-SHA"),
-            ("TLS-DHE-RSA-WITH-AES-256-CBC-SHA",
-             "+DHE-RSA:+AES-256-CBC:+SHA1",
-             "DHE-RSA-AES256-SHA"),
-            ("TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA",
-             "+DHE-RSA:+CAMELLIA-128-CBC:+SHA1",
-             "DHE-RSA-CAMELLIA128-SHA"),
-            ("TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA",
-             "+DHE-RSA:+CAMELLIA-256-CBC:+SHA1",
-             "DHE-RSA-CAMELLIA256-SHA"),
-            ("TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA",
-             "+DHE-RSA:+3DES-CBC:+SHA1",
-             "EDH-RSA-DES-CBC3-SHA"),
-            ("TLS-RSA-WITH-AES-256-CBC-SHA",
-             "+RSA:+AES-256-CBC:+SHA1",
-             "AES256-SHA"),
-            ("TLS-RSA-WITH-CAMELLIA-256-CBC-SHA",
-             "+RSA:+CAMELLIA-256-CBC:+SHA1",
-             "CAMELLIA256-SHA"),
-            ("TLS-RSA-WITH-AES-128-CBC-SHA",
-             "+RSA:+AES-128-CBC:+SHA1",
-             "AES128-SHA"),
-            ("TLS-RSA-WITH-CAMELLIA-128-CBC-SHA",
-             "+RSA:+CAMELLIA-128-CBC:+SHA1",
-             "CAMELLIA128-SHA"),
-            ("TLS-RSA-WITH-3DES-EDE-CBC-SHA",
-             "+RSA:+3DES-CBC:+SHA1",
-             "DES-CBC3-SHA"),
-            ("TLS-RSA-WITH-NULL-MD5",
-             "+RSA:+NULL:+MD5",
-             "NULL-MD5"),
-            ("TLS-RSA-WITH-NULL-SHA",
-             "+RSA:+NULL:+SHA1",
-             "NULL-SHA"),
-            ("TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA",
-             "+ECDHE-RSA:+AES-128-CBC:+SHA1",
-             "ECDHE-RSA-AES128-SHA"),
-            ("TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA",
-             "+ECDHE-RSA:+AES-256-CBC:+SHA1",
-             "ECDHE-RSA-AES256-SHA"),
-            ("TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA",
-             "+ECDHE-RSA:+3DES-CBC:+SHA1",
-             "ECDHE-RSA-DES-CBC3-SHA"),
-            ("TLS-ECDHE-RSA-WITH-NULL-SHA",
-             "+ECDHE-RSA:+NULL:+SHA1",
-             "ECDHE-RSA-NULL-SHA"),
-            ("TLS-RSA-WITH-AES-128-CBC-SHA256",
-             "+RSA:+AES-128-CBC:+SHA256",
-             "AES128-SHA256"),
-            ("TLS-DHE-RSA-WITH-AES-128-CBC-SHA256",
-             "+DHE-RSA:+AES-128-CBC:+SHA256",
-             "DHE-RSA-AES128-SHA256"),
-            ("TLS-RSA-WITH-AES-256-CBC-SHA256",
-             "+RSA:+AES-256-CBC:+SHA256",
-             "AES256-SHA256"),
-            ("TLS-DHE-RSA-WITH-AES-256-CBC-SHA256",
-             "+DHE-RSA:+AES-256-CBC:+SHA256",
-             "DHE-RSA-AES256-SHA256"),
-            ("TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256",
-             "+ECDHE-RSA:+AES-128-CBC:+SHA256",
-             "ECDHE-RSA-AES128-SHA256"),
-            ("TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384",
-             "+ECDHE-RSA:+AES-256-CBC:+SHA384",
-             "ECDHE-RSA-AES256-SHA384"),
-            ("TLS-RSA-WITH-AES-128-GCM-SHA256",
-             "+RSA:+AES-128-GCM:+AEAD",
-             "AES128-GCM-SHA256"),
-            ("TLS-RSA-WITH-AES-256-GCM-SHA384",
-             "+RSA:+AES-256-GCM:+AEAD",
-             "AES256-GCM-SHA384"),
-            ("TLS-DHE-RSA-WITH-AES-128-GCM-SHA256",
-             "+DHE-RSA:+AES-128-GCM:+AEAD",
-             "DHE-RSA-AES128-GCM-SHA256"),
-            ("TLS-DHE-RSA-WITH-AES-256-GCM-SHA384",
-             "+DHE-RSA:+AES-256-GCM:+AEAD",
-             "DHE-RSA-AES256-GCM-SHA384"),
-            ("TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256",
-             "+ECDHE-RSA:+AES-128-GCM:+AEAD",
-             "ECDHE-RSA-AES128-GCM-SHA256"),
-            ("TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384",
-             "+ECDHE-RSA:+AES-256-GCM:+AEAD",
-             "ECDHE-RSA-AES256-GCM-SHA384"),
-            ("TLS-PSK-WITH-3DES-EDE-CBC-SHA",
-             "+PSK:+3DES-CBC:+SHA1",
-             "PSK-3DES-EDE-CBC-SHA"),
-            ("TLS-PSK-WITH-AES-128-CBC-SHA",
-             "+PSK:+AES-128-CBC:+SHA1",
-             "PSK-AES128-CBC-SHA"),
-            ("TLS-PSK-WITH-AES-256-CBC-SHA",
-             "+PSK:+AES-256-CBC:+SHA1",
-             "PSK-AES256-CBC-SHA"),
-
-            ("TLS-ECDH-ECDSA-WITH-NULL-SHA",
-             None,
-             "ECDH-ECDSA-NULL-SHA"),
-            ("TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA",
-             None,
-             "ECDH-ECDSA-DES-CBC3-SHA"),
-            ("TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA",
-             None,
-             "ECDH-ECDSA-AES128-SHA"),
-            ("TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA",
-             None,
-             "ECDH-ECDSA-AES256-SHA"),
-            ("TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256",
-             None,
-             "ECDH-ECDSA-AES128-SHA256"),
-            ("TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384",
-             None,
-             "ECDH-ECDSA-AES256-SHA384"),
-            ("TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256",
-             None,
-             "ECDH-ECDSA-AES128-GCM-SHA256"),
-            ("TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384",
-             None,
-             "ECDH-ECDSA-AES256-GCM-SHA384"),
-            ("TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384",
-             None,
-             "ECDHE-ECDSA-ARIA256-GCM-SHA384"),
-            ("TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256",
-             None,
-             "ECDHE-ECDSA-ARIA128-GCM-SHA256"),
-            ("TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256",
-             None,
-             "ECDHE-ECDSA-CHACHA20-POLY1305"),
-            ("TLS-RSA-WITH-DES-CBC-SHA",
-             None,
-             "DES-CBC-SHA"),
-            ("TLS-DHE-RSA-WITH-DES-CBC-SHA",
-             None,
-             "EDH-RSA-DES-CBC-SHA"),
-            ("TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384",
-             None,
-             "ECDHE-ARIA256-GCM-SHA384"),
-            ("TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384",
-             None,
-             "DHE-RSA-ARIA256-GCM-SHA384"),
-            ("TLS-RSA-WITH-ARIA-256-GCM-SHA384",
-             None,
-             "ARIA256-GCM-SHA384"),
-            ("TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256",
-             None,
-             "ECDHE-ARIA128-GCM-SHA256"),
-            ("TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256",
-             None,
-             "DHE-RSA-ARIA128-GCM-SHA256"),
-            ("TLS-RSA-WITH-ARIA-128-GCM-SHA256",
-             None,
-             "ARIA128-GCM-SHA256"),
-            ("TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
-             None,
-             "DHE-RSA-CHACHA20-POLY1305"),
-            ("TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
-             None,
-             "ECDHE-RSA-CHACHA20-POLY1305"),
-            ("TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384",
-             None,
-             "DHE-PSK-ARIA256-GCM-SHA384"),
-            ("TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256",
-             None,
-             "DHE-PSK-ARIA128-GCM-SHA256"),
-            ("TLS-PSK-WITH-ARIA-256-GCM-SHA384",
-             None,
-             "PSK-ARIA256-GCM-SHA384"),
-            ("TLS-PSK-WITH-ARIA-128-GCM-SHA256",
-             None,
-             "PSK-ARIA128-GCM-SHA256"),
-            ("TLS-PSK-WITH-CHACHA20-POLY1305-SHA256",
-             None,
-             "PSK-CHACHA20-POLY1305"),
-            ("TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256",
-             None,
-             "ECDHE-PSK-CHACHA20-POLY1305"),
-            ("TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256",
-             None,
-             "DHE-PSK-CHACHA20-POLY1305"),
-
-            ("TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
-             "+ECDHE-ECDSA:+CAMELLIA-128-CBC:+SHA256",
-             None),
-            ("TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
-             "+ECDHE-ECDSA:+CAMELLIA-256-CBC:+SHA384",
-             None),
-            ("TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256",
-             "+ECDHE-ECDSA:+CAMELLIA-128-GCM:+AEAD",
-             None),
-            ("TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384",
-             "+ECDHE-ECDSA:+CAMELLIA-256-GCM:+AEAD",
-             None),
-            ("TLS-ECDHE-ECDSA-WITH-AES-128-CCM",
-             "+ECDHE-ECDSA:+AES-128-CCM:+AEAD",
-             None),
-            ("TLS-ECDHE-ECDSA-WITH-AES-256-CCM",
-             "+ECDHE-ECDSA:+AES-256-CCM:+AEAD",
-             None),
-            ("TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8",
-             "+ECDHE-ECDSA:+AES-128-CCM-8:+AEAD",
-             None),
-            ("TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8",
-             "+ECDHE-ECDSA:+AES-256-CCM-8:+AEAD",
-             None),
-            ("TLS-RSA-WITH-NULL-SHA256",
-             "+RSA:+NULL:+SHA256",
-             None),
-            ("TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
-             "+ECDHE-RSA:+CAMELLIA-128-CBC:+SHA256",
-             None),
-            ("TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384",
-             "+ECDHE-RSA:+CAMELLIA-256-CBC:+SHA384",
-             None),
-            ("TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256",
-             "+RSA:+CAMELLIA-128-CBC:+SHA256",
-             None),
-            ("TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256",
-             "+RSA:+CAMELLIA-256-CBC:+SHA256",
-             None),
-            ("TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
-             "+DHE-RSA:+CAMELLIA-128-CBC:+SHA256",
-             None),
-            ("TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256",
-             "+DHE-RSA:+CAMELLIA-256-CBC:+SHA256",
-             None),
-            ("TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
-             "+ECDHE-RSA:+CAMELLIA-128-GCM:+AEAD",
-             None),
-            ("TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
-             "+ECDHE-RSA:+CAMELLIA-256-GCM:+AEAD",
-             None),
-            ("TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
-             "+DHE-RSA:+CAMELLIA-128-GCM:+AEAD",
-             None),
-            ("TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
-             "+DHE-RSA:+CAMELLIA-256-GCM:+AEAD",
-             None),
-            ("TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256",
-             "+RSA:+CAMELLIA-128-GCM:+AEAD",
-             None),
-            ("TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384",
-             "+RSA:+CAMELLIA-256-GCM:+AEAD",
-             None),
-            ("TLS-RSA-WITH-AES-128-CCM",
-             "+RSA:+AES-128-CCM:+AEAD",
-             None),
-            ("TLS-RSA-WITH-AES-256-CCM",
-             "+RSA:+AES-256-CCM:+AEAD",
-             None),
-            ("TLS-DHE-RSA-WITH-AES-128-CCM",
-             "+DHE-RSA:+AES-128-CCM:+AEAD",
-             None),
-            ("TLS-DHE-RSA-WITH-AES-256-CCM",
-             "+DHE-RSA:+AES-256-CCM:+AEAD",
-             None),
-            ("TLS-RSA-WITH-AES-128-CCM-8",
-             "+RSA:+AES-128-CCM-8:+AEAD",
-             None),
-            ("TLS-RSA-WITH-AES-256-CCM-8",
-             "+RSA:+AES-256-CCM-8:+AEAD",
-             None),
-            ("TLS-DHE-RSA-WITH-AES-128-CCM-8",
-             "+DHE-RSA:+AES-128-CCM-8:+AEAD",
-             None),
-            ("TLS-DHE-RSA-WITH-AES-256-CCM-8",
-             "+DHE-RSA:+AES-256-CCM-8:+AEAD",
-             None),
-            ("TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA",
-             "+DHE-PSK:+3DES-CBC:+SHA1",
-             None),
-            ("TLS-DHE-PSK-WITH-AES-128-CBC-SHA",
-             "+DHE-PSK:+AES-128-CBC:+SHA1",
-             None),
-            ("TLS-DHE-PSK-WITH-AES-256-CBC-SHA",
-             "+DHE-PSK:+AES-256-CBC:+SHA1",
-             None),
-            ("TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA",
-             "+ECDHE-PSK:+AES-256-CBC:+SHA1",
-             None),
-            ("TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA",
-             "+ECDHE-PSK:+AES-128-CBC:+SHA1",
-             None),
-            ("TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA",
-             "+ECDHE-PSK:+3DES-CBC:+SHA1",
-             None),
-            ("TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA",
-             "+RSA-PSK:+3DES-CBC:+SHA1",
-             None),
-            ("TLS-RSA-PSK-WITH-AES-256-CBC-SHA",
-             "+RSA-PSK:+AES-256-CBC:+SHA1",
-             None),
-            ("TLS-RSA-PSK-WITH-AES-128-CBC-SHA",
-             "+RSA-PSK:+AES-128-CBC:+SHA1",
-             None),
-            ("TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384",
-             "+ECDHE-PSK:+AES-256-CBC:+SHA384",
-             None),
-            ("TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
-             "+ECDHE-PSK:+CAMELLIA-256-CBC:+SHA384",
-             None),
-            ("TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256",
-             "+ECDHE-PSK:+AES-128-CBC:+SHA256",
-             None),
-            ("TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
-             "+ECDHE-PSK:+CAMELLIA-128-CBC:+SHA256",
-             None),
-            ("TLS-ECDHE-PSK-WITH-NULL-SHA384",
-             "+ECDHE-PSK:+NULL:+SHA384",
-             None),
-            ("TLS-ECDHE-PSK-WITH-NULL-SHA256",
-             "+ECDHE-PSK:+NULL:+SHA256",
-             None),
-            ("TLS-PSK-WITH-AES-128-CBC-SHA256",
-             "+PSK:+AES-128-CBC:+SHA256",
-             None),
-            ("TLS-PSK-WITH-AES-256-CBC-SHA384",
-             "+PSK:+AES-256-CBC:+SHA384",
-             None),
-            ("TLS-DHE-PSK-WITH-AES-128-CBC-SHA256",
-             "+DHE-PSK:+AES-128-CBC:+SHA256",
-             None),
-            ("TLS-DHE-PSK-WITH-AES-256-CBC-SHA384",
-             "+DHE-PSK:+AES-256-CBC:+SHA384",
-             None),
-            ("TLS-PSK-WITH-NULL-SHA256",
-             "+PSK:+NULL:+SHA256",
-             None),
-            ("TLS-PSK-WITH-NULL-SHA384",
-             "+PSK:+NULL:+SHA384",
-             None),
-            ("TLS-DHE-PSK-WITH-NULL-SHA256",
-             "+DHE-PSK:+NULL:+SHA256",
-             None),
-            ("TLS-DHE-PSK-WITH-NULL-SHA384",
-             "+DHE-PSK:+NULL:+SHA384",
-             None),
-            ("TLS-RSA-PSK-WITH-AES-256-CBC-SHA384",
-             "+RSA-PSK:+AES-256-CBC:+SHA384",
-             None),
-            ("TLS-RSA-PSK-WITH-AES-128-CBC-SHA256",
-             "+RSA-PSK:+AES-128-CBC:+SHA256",
-             None),
-            ("TLS-RSA-PSK-WITH-NULL-SHA256",
-             "+RSA-PSK:+NULL:+SHA256",
-             None),
-            ("TLS-RSA-PSK-WITH-NULL-SHA384",
-             "+RSA-PSK:+NULL:+SHA384",
-             None),
-            ("TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
-             "+DHE-PSK:+CAMELLIA-128-CBC:+SHA256",
-             None),
-            ("TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
-             "+DHE-PSK:+CAMELLIA-256-CBC:+SHA384",
-             None),
-            ("TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256",
-             "+PSK:+CAMELLIA-128-CBC:+SHA256",
-             None),
-            ("TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384",
-             "+PSK:+CAMELLIA-256-CBC:+SHA384",
-             None),
-            ("TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384",
-             "+RSA-PSK:+CAMELLIA-256-CBC:+SHA384",
-             None),
-            ("TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256",
-             "+RSA-PSK:+CAMELLIA-128-CBC:+SHA256",
-             None),
-            ("TLS-PSK-WITH-AES-128-GCM-SHA256",
-             "+PSK:+AES-128-GCM:+AEAD",
-             None),
-            ("TLS-PSK-WITH-AES-256-GCM-SHA384",
-             "+PSK:+AES-256-GCM:+AEAD",
-             None),
-            ("TLS-DHE-PSK-WITH-AES-128-GCM-SHA256",
-             "+DHE-PSK:+AES-128-GCM:+AEAD",
-             None),
-            ("TLS-DHE-PSK-WITH-AES-256-GCM-SHA384",
-             "+DHE-PSK:+AES-256-GCM:+AEAD",
-             None),
-            ("TLS-PSK-WITH-AES-128-CCM",
-             "+PSK:+AES-128-CCM:+AEAD",
-             None),
-            ("TLS-PSK-WITH-AES-256-CCM",
-             "+PSK:+AES-256-CCM:+AEAD",
-             None),
-            ("TLS-DHE-PSK-WITH-AES-128-CCM",
-             "+DHE-PSK:+AES-128-CCM:+AEAD",
-             None),
-            ("TLS-DHE-PSK-WITH-AES-256-CCM",
-             "+DHE-PSK:+AES-256-CCM:+AEAD",
-             None),
-            ("TLS-PSK-WITH-AES-128-CCM-8",
-             "+PSK:+AES-128-CCM-8:+AEAD",
-             None),
-            ("TLS-PSK-WITH-AES-256-CCM-8",
-             "+PSK:+AES-256-CCM-8:+AEAD",
-             None),
-            ("TLS-DHE-PSK-WITH-AES-128-CCM-8",
-             "+DHE-PSK:+AES-128-CCM-8:+AEAD",
-             None),
-            ("TLS-DHE-PSK-WITH-AES-256-CCM-8",
-             "+DHE-PSK:+AES-256-CCM-8:+AEAD",
-             None),
-            ("TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256",
-             "+RSA-PSK:+CAMELLIA-128-GCM:+AEAD",
-             None),
-            ("TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384",
-             "+RSA-PSK:+CAMELLIA-256-GCM:+AEAD",
-             None),
-            ("TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256",
-             "+PSK:+CAMELLIA-128-GCM:+AEAD",
-             None),
-            ("TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384",
-             "+PSK:+CAMELLIA-256-GCM:+AEAD",
-             None),
-            ("TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256",
-             "+DHE-PSK:+CAMELLIA-128-GCM:+AEAD",
-             None),
-            ("TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384",
-             "+DHE-PSK:+CAMELLIA-256-GCM:+AEAD",
-             None),
-            ("TLS-RSA-PSK-WITH-AES-256-GCM-SHA384",
-             "+RSA-PSK:+AES-256-GCM:+AEAD",
-             None),
-            ("TLS-RSA-PSK-WITH-AES-128-GCM-SHA256",
-             "+RSA-PSK:+AES-128-GCM:+AEAD",
-             None),
+             ("TLS-ECDHE-ECDSA-WITH-NULL-SHA",
+              "+ECDHE-ECDSA:+NULL:+SHA1",
+              "ECDHE-ECDSA-NULL-SHA"),
+             ("TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256",
+              "+ECDHE-ECDSA:+AES-128-GCM:+AEAD",
+              "ECDHE-ECDSA-AES128-GCM-SHA256"),
+             ("TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA",
+              "+DHE-RSA:+3DES-CBC:+SHA1",
+              "EDH-RSA-DES-CBC3-SHA"),
+             ("TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256",
+              None,
+              "ECDHE-ECDSA-CHACHA20-POLY1305"),
+             ("TLS-ECDHE-ECDSA-WITH-AES-128-CCM",
+              "+ECDHE-ECDSA:+AES-128-CCM:+AEAD",
+              None),
         ]
 
         for m, g_exp, o_exp in ciphers:

From 49d57bcf19cdbd54c81bbeaad8a1ac002ae0248a Mon Sep 17 00:00:00 2001
From: Joe Subbiani <joe.subbiani@arm.com>
Date: Thu, 2 Sep 2021 18:50:30 +0100
Subject: [PATCH 451/966] Improve indentation according to pylint

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
---
 tests/scripts/translate_ciphers.py | 30 +++++++++++++++---------------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/tests/scripts/translate_ciphers.py b/tests/scripts/translate_ciphers.py
index d04b8f32fa..207c884cf6 100755
--- a/tests/scripts/translate_ciphers.py
+++ b/tests/scripts/translate_ciphers.py
@@ -41,21 +41,21 @@ class TestTranslateCiphers(unittest.TestCase):
         that exercise each step of the translate functions
         """
         ciphers = [
-             ("TLS-ECDHE-ECDSA-WITH-NULL-SHA",
-              "+ECDHE-ECDSA:+NULL:+SHA1",
-              "ECDHE-ECDSA-NULL-SHA"),
-             ("TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256",
-              "+ECDHE-ECDSA:+AES-128-GCM:+AEAD",
-              "ECDHE-ECDSA-AES128-GCM-SHA256"),
-             ("TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA",
-              "+DHE-RSA:+3DES-CBC:+SHA1",
-              "EDH-RSA-DES-CBC3-SHA"),
-             ("TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256",
-              None,
-              "ECDHE-ECDSA-CHACHA20-POLY1305"),
-             ("TLS-ECDHE-ECDSA-WITH-AES-128-CCM",
-              "+ECDHE-ECDSA:+AES-128-CCM:+AEAD",
-              None),
+            ("TLS-ECDHE-ECDSA-WITH-NULL-SHA",
+             "+ECDHE-ECDSA:+NULL:+SHA1",
+             "ECDHE-ECDSA-NULL-SHA"),
+            ("TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256",
+             "+ECDHE-ECDSA:+AES-128-GCM:+AEAD",
+             "ECDHE-ECDSA-AES128-GCM-SHA256"),
+            ("TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA",
+             "+DHE-RSA:+3DES-CBC:+SHA1",
+             "EDH-RSA-DES-CBC3-SHA"),
+            ("TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256",
+             None,
+             "ECDHE-ECDSA-CHACHA20-POLY1305"),
+            ("TLS-ECDHE-ECDSA-WITH-AES-128-CCM",
+             "+ECDHE-ECDSA:+AES-128-CCM:+AEAD",
+             None),
         ]
 
         for m, g_exp, o_exp in ciphers:

From e5d6106071654c505b07c76e5be6469e4092ef00 Mon Sep 17 00:00:00 2001
From: Joe Subbiani <joe.subbiani@arm.com>
Date: Fri, 3 Sep 2021 13:30:44 +0100
Subject: [PATCH 452/966] Extend test in translate_ciphers.py

The list was trimmed previously according to code coverage, however
this did not really evalute all test cases, e.g in the case of re.sub
or m_cipher.replace. These lines are executed no matter what, so code
coverage is not suitable.

I have gone through each step in the translate functions and made sure
there is at least one ciphersuite per step

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
---
 tests/scripts/translate_ciphers.py | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/tests/scripts/translate_ciphers.py b/tests/scripts/translate_ciphers.py
index 207c884cf6..d5f847fd54 100755
--- a/tests/scripts/translate_ciphers.py
+++ b/tests/scripts/translate_ciphers.py
@@ -50,12 +50,21 @@ class TestTranslateCiphers(unittest.TestCase):
             ("TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA",
              "+DHE-RSA:+3DES-CBC:+SHA1",
              "EDH-RSA-DES-CBC3-SHA"),
+            ("TLS-RSA-WITH-AES-256-CBC-SHA",
+             "+RSA:+AES-256-CBC:+SHA1",
+             "AES256-SHA"),
+            ("TLS-PSK-WITH-3DES-EDE-CBC-SHA",
+             "+PSK:+3DES-CBC:+SHA1",
+             "PSK-3DES-EDE-CBC-SHA"),
             ("TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256",
              None,
              "ECDHE-ECDSA-CHACHA20-POLY1305"),
             ("TLS-ECDHE-ECDSA-WITH-AES-128-CCM",
              "+ECDHE-ECDSA:+AES-128-CCM:+AEAD",
              None),
+            ("TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384",
+             None,
+             "ECDHE-ARIA256-GCM-SHA384"),
         ]
 
         for m, g_exp, o_exp in ciphers:

From 8c02bb4b7194631f1a901745400ac76e1180f1a3 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Fri, 3 Sep 2021 21:09:22 +0800
Subject: [PATCH 453/966] fix various comment issues

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_misc.h         |  6 +++---
 library/ssl_tls13_client.c | 16 +++++-----------
 2 files changed, 8 insertions(+), 14 deletions(-)

diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index e16c674cb0..7035c278cf 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -132,10 +132,10 @@
 #define MBEDTLS_SSL_EXT_KEY_SHARE                   ( 1 << 21 )
 
 /*
- * Helper macros for function call with returen check.
+ * Helper macros for function call with return check.
  */
 /*
- * Exit and print debug message when return none zero value
+ * Exit when return non-zero value
  */
 #define MBEDTLS_SSL_PROC_CHK( f )                               \
     do {                                                        \
@@ -146,7 +146,7 @@
         }                                                       \
     } while( 0 )
 /*
- * Exit and print debug message when return negative value
+ * Exit when return negative value
  */
 #define MBEDTLS_SSL_PROC_CHK_NEG( f )                           \
     do {                                                        \
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 262481c6a7..f8779a09fd 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -164,8 +164,8 @@ static int ssl_tls13_write_client_hello_cipher_suites(
         ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( cipher_suite );
         if( ciphersuite_info == NULL )
             continue;
-        if( ciphersuite_info->min_minor_ver != MBEDTLS_SSL_MINOR_VERSION_4 ||
-            ciphersuite_info->max_minor_ver != MBEDTLS_SSL_MINOR_VERSION_4 )
+        if( !( MBEDTLS_SSL_MINOR_VERSION_4 > ciphersuite_info->min_minor_ver &&
+               MBEDTLS_SSL_MINOR_VERSION_4 < ciphersuite_info->max_minor_ver ) )
             continue;
 
         MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, add ciphersuite: %04x, %s",
@@ -173,7 +173,7 @@ static int ssl_tls13_write_client_hello_cipher_suites(
                                     ciphersuite_info->name ) );
 
         /* Check there is space for the cipher suite identifier (2 bytes). */
-        MBEDTLS_SSL_CHK_BUF_PTR( buf, end, 2 );
+        MBEDTLS_SSL_CHK_BUF_PTR( cipher_suites_iter, end, 2 );
         MBEDTLS_PUT_UINT16_BE( cipher_suite, cipher_suites_iter, 0 );
         cipher_suites_iter += 2;
     }
@@ -210,7 +210,7 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl,
 {
 
     int ret;
-    unsigned char *extensions_len_ptr; /* Pointer of extensions length */
+    unsigned char *extensions_len_ptr; /* Pointer to extensions length */
     size_t output_len;                 /* Length of buffer used by function */
     size_t extensions_len;             /* Length of the list of extensions*/
 
@@ -362,7 +362,7 @@ static int ssl_tls13_prepare_client_hello( mbedtls_ssl_context *ssl )
                                   ssl->handshake->randbytes,
                                   CLIENT_HELLO_RANDOM_LEN ) ) != 0 )
     {
-        MBEDTLS_SSL_DEBUG_RET( 1, "ssl_generate_random", ret );
+        MBEDTLS_SSL_DEBUG_RET( 1, "f_rng", ret );
         return( ret );
     }
 
@@ -410,12 +410,6 @@ int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl )
 {
     int ret = 0;
 
-    if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER || ssl->handshake == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "Handshake completed but ssl->handshake is NULL.\n" ) );
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-    }
-
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "client state: %d", ssl->state ) );
 
     switch( ssl->state )

From dbfb7bd873dfa8e5bf9afb5aae3aa2680e9e2fd4 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Sat, 4 Sep 2021 09:58:58 +0800
Subject: [PATCH 454/966] fix various issues

- wrong cipher suite filter condition
- name conversion
- format issue

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_tls13_client.c  | 6 +++---
 library/ssl_tls13_generic.c | 4 +++-
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index f8779a09fd..2a62dc6fdd 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -164,8 +164,8 @@ static int ssl_tls13_write_client_hello_cipher_suites(
         ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( cipher_suite );
         if( ciphersuite_info == NULL )
             continue;
-        if( !( MBEDTLS_SSL_MINOR_VERSION_4 > ciphersuite_info->min_minor_ver &&
-               MBEDTLS_SSL_MINOR_VERSION_4 < ciphersuite_info->max_minor_ver ) )
+        if( !( MBEDTLS_SSL_MINOR_VERSION_4 >= ciphersuite_info->min_minor_ver &&
+               MBEDTLS_SSL_MINOR_VERSION_4 <= ciphersuite_info->max_minor_ver ) )
             continue;
 
         MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, add ciphersuite: %04x, %s",
@@ -259,7 +259,7 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl,
 
     /* Write cipher_suites */
     ret = ssl_tls13_write_client_hello_cipher_suites( ssl, buf, end, &output_len );
-    if( ret != 0)
+    if( ret != 0 )
         return( ret );
     buf += output_len;
 
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 3c49a379bd..ca4c167132 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -53,10 +53,12 @@ int mbedtls_ssl_tls13_finish_handshake_msg( mbedtls_ssl_context *ssl,
                                             size_t msg_len )
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+    size_t msg_len_with_header;
     ((void) buf_len);
 
     /* Add reserved 4 bytes for handshake header */
-    ssl->out_msglen = msg_len + 4;
+    msg_len_with_header = msg_len + 4;
+    ssl->out_msglen = msg_len_with_header;
     MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_write_handshake_msg_ext( ssl, 0 ) );
 
 cleanup:

From cd975e4645bbf6057d0aff68866bb655a822b202 Mon Sep 17 00:00:00 2001
From: Mateusz Starzyk <mateusz.starzyk@mobica.com>
Date: Thu, 2 Sep 2021 13:25:19 +0200
Subject: [PATCH 455/966] Extend CCM corner cases tests.

Add tests for passing incomplete input data in
the first call and too much data in the second call.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
---
 tests/suites/test_suite_ccm.data     | 32 ++++++++++++
 tests/suites/test_suite_ccm.function | 77 ++++++++++++++++++++++++++++
 2 files changed, 109 insertions(+)

diff --git a/tests/suites/test_suite_ccm.data b/tests/suites/test_suite_ccm.data
index c8f6351633..169a885f94 100644
--- a/tests/suites/test_suite_ccm.data
+++ b/tests/suites/test_suite_ccm.data
@@ -1562,6 +1562,10 @@ CCM encrypt, full ad and overflow NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16)
 depends_on:MBEDTLS_AES_C
 mbedtls_ccm_full_ad_and_overflow:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_ENCRYPT:"d32088d50df9aba14d9022c870a0cb85":"e16c69861efc206e85aab1255e":"a6f73242f2f227350c0277e4e72cdaa6"
 
+CCM encrypt, incomplete ad and overflow NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16)
+depends_on:MBEDTLS_AES_C
+mbedtls_ccm_incomplete_ad_and_overflow:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_ENCRYPT:"d32088d50df9aba14d9022c870a0cb85":"e16c69861efc206e85aab1255e":"a6f73242f2f227350c0277e4e72cdaa6"
+
 CCM encrypt, overflow update NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16)
 depends_on:MBEDTLS_AES_C
 mbedtls_ccm_overflow_update:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_ENCRYPT:"d32088d50df9aba14d9022c870a0cb85":"4b10788c1a03bca656f04f1f98":"e16c69861efc206e85aab1255e":"0eff7d7bcceb873c3203a8df74f4e91b04bd607ec11202f96cfeb99f5bcdb7aa"
@@ -1574,6 +1578,10 @@ CCM encrypt, full update and overflow NIST VPT AES-128 #14 (P=13, N=13, A=32, T=
 depends_on:MBEDTLS_AES_C
 mbedtls_ccm_full_update_and_overflow:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_ENCRYPT:"d32088d50df9aba14d9022c870a0cb85":"4b10788c1a03bca656f04f1f98":"e16c69861efc206e85aab1255e":"0eff7d7bcceb873c3203a8df74f4e91b04bd607ec11202f96cfeb99f5bcdb7aa"
 
+CCM encrypt, incomplete update and overflow NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16)
+depends_on:MBEDTLS_AES_C
+mbedtls_ccm_incomplete_update_overflow:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_ENCRYPT:"d32088d50df9aba14d9022c870a0cb85":"4b10788c1a03bca656f04f1f98":"e16c69861efc206e85aab1255e":"0eff7d7bcceb873c3203a8df74f4e91b04bd607ec11202f96cfeb99f5bcdb7aa"
+
 CCM decrypt, overflow ad NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16)
 depends_on:MBEDTLS_AES_C
 mbedtls_ccm_overflow_ad:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_DECRYPT:"d32088d50df9aba14d9022c870a0cb85":"e16c69861efc206e85aab1255e":"a6f73242f2f227350c0277e4e72cdaa6"
@@ -1586,6 +1594,10 @@ CCM decrypt, full ad and overflow NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16)
 depends_on:MBEDTLS_AES_C
 mbedtls_ccm_full_ad_and_overflow:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_DECRYPT:"d32088d50df9aba14d9022c870a0cb85":"e16c69861efc206e85aab1255e":"a6f73242f2f227350c0277e4e72cdaa6"
 
+CCM decrypt, incomplete ad and overflow NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16)
+depends_on:MBEDTLS_AES_C
+mbedtls_ccm_incomplete_ad_and_overflow:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_DECRYPT:"d32088d50df9aba14d9022c870a0cb85":"e16c69861efc206e85aab1255e":"a6f73242f2f227350c0277e4e72cdaa6"
+
 CCM decrypt, overflow update NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16))
 depends_on:MBEDTLS_AES_C
 mbedtls_ccm_overflow_update:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_DECRYPT:"d32088d50df9aba14d9022c870a0cb85":"4b10788c1a03bca656f04f1f98":"e16c69861efc206e85aab1255e":"0eff7d7bcceb873c3203a8df74f4e91b04bd607ec11202f96cfeb99f5bcdb7aa"
@@ -1598,6 +1610,10 @@ CCM decrypt, full update and overflow NIST VPT AES-128 #14 (P=13, N=13, A=32, T=
 depends_on:MBEDTLS_AES_C
 mbedtls_ccm_full_update_and_overflow:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_DECRYPT:"d32088d50df9aba14d9022c870a0cb85":"4b10788c1a03bca656f04f1f98":"e16c69861efc206e85aab1255e":"0eff7d7bcceb873c3203a8df74f4e91b04bd607ec11202f96cfeb99f5bcdb7aa"
 
+CCM decrypt, incomplete update and overflow NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16)
+depends_on:MBEDTLS_AES_C
+mbedtls_ccm_incomplete_update_overflow:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_DECRYPT:"d32088d50df9aba14d9022c870a0cb85":"4b10788c1a03bca656f04f1f98":"e16c69861efc206e85aab1255e":"0eff7d7bcceb873c3203a8df74f4e91b04bd607ec11202f96cfeb99f5bcdb7aa"
+
 CCM* encrypt, overflow ad NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16)
 depends_on:MBEDTLS_AES_C
 mbedtls_ccm_overflow_ad:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_ENCRYPT:"d32088d50df9aba14d9022c870a0cb85":"e16c69861efc206e85aab1255e":"a6f73242f2f227350c0277e4e72cdaa6"
@@ -1614,6 +1630,10 @@ CCM* encrypt, overflow update NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16)
 depends_on:MBEDTLS_AES_C
 mbedtls_ccm_overflow_update:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_ENCRYPT:"d32088d50df9aba14d9022c870a0cb85":"4b10788c1a03bca656f04f1f98":"e16c69861efc206e85aab1255e":"0eff7d7bcceb873c3203a8df74f4e91b04bd607ec11202f96cfeb99f5bcdb7aa"
 
+CCM* encrypt, incomplete ad and overflow NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16)
+depends_on:MBEDTLS_AES_C
+mbedtls_ccm_incomplete_ad_and_overflow:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_ENCRYPT:"d32088d50df9aba14d9022c870a0cb85":"e16c69861efc206e85aab1255e":"a6f73242f2f227350c0277e4e72cdaa6"
+
 CCM* encrypt, incomplete update NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16)
 depends_on:MBEDTLS_AES_C
 mbedtls_ccm_incomplete_update:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_ENCRYPT:"d32088d50df9aba14d9022c870a0cb85":"4b10788c1a03bca656f04f1f98":"e16c69861efc206e85aab1255e":"0eff7d7bcceb873c3203a8df74f4e91b04bd607ec11202f96cfeb99f5bcdb7aa"
@@ -1622,6 +1642,10 @@ CCM* encrypt, full update and overflow NIST VPT AES-128 #14 (P=13, N=13, A=32, T
 depends_on:MBEDTLS_AES_C
 mbedtls_ccm_full_update_and_overflow:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_ENCRYPT:"d32088d50df9aba14d9022c870a0cb85":"4b10788c1a03bca656f04f1f98":"e16c69861efc206e85aab1255e":"0eff7d7bcceb873c3203a8df74f4e91b04bd607ec11202f96cfeb99f5bcdb7aa"
 
+CCM* encrypt, incomplete update and overflow NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16)
+depends_on:MBEDTLS_AES_C
+mbedtls_ccm_incomplete_update_overflow:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_ENCRYPT:"d32088d50df9aba14d9022c870a0cb85":"4b10788c1a03bca656f04f1f98":"e16c69861efc206e85aab1255e":"0eff7d7bcceb873c3203a8df74f4e91b04bd607ec11202f96cfeb99f5bcdb7aa"
+
 CCM* decrypt, overflow ad NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16)
 depends_on:MBEDTLS_AES_C
 mbedtls_ccm_overflow_ad:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_DECRYPT:"d32088d50df9aba14d9022c870a0cb85":"e16c69861efc206e85aab1255e":"a6f73242f2f227350c0277e4e72cdaa6"
@@ -1634,6 +1658,10 @@ CCM* decrypt, full ad and overflow NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16)
 depends_on:MBEDTLS_AES_C
 mbedtls_ccm_full_ad_and_overflow:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_DECRYPT:"d32088d50df9aba14d9022c870a0cb85":"e16c69861efc206e85aab1255e":"a6f73242f2f227350c0277e4e72cdaa6"
 
+CCM* decrypt, incomplete ad and overflow NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16)
+depends_on:MBEDTLS_AES_C
+mbedtls_ccm_incomplete_ad_and_overflow:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_DECRYPT:"d32088d50df9aba14d9022c870a0cb85":"e16c69861efc206e85aab1255e":"a6f73242f2f227350c0277e4e72cdaa6"
+
 CCM* decrypt, overflow update NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16)
 depends_on:MBEDTLS_AES_C
 mbedtls_ccm_overflow_update:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_DECRYPT:"d32088d50df9aba14d9022c870a0cb85":"4b10788c1a03bca656f04f1f98":"e16c69861efc206e85aab1255e":"0eff7d7bcceb873c3203a8df74f4e91b04bd607ec11202f96cfeb99f5bcdb7aa"
@@ -1646,6 +1674,10 @@ CCM* decrypt, full update and overflow NIST VPT AES-128 #14 (P=13, N=13, A=32, T
 depends_on:MBEDTLS_AES_C
 mbedtls_ccm_full_update_and_overflow:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_DECRYPT:"d32088d50df9aba14d9022c870a0cb85":"4b10788c1a03bca656f04f1f98":"e16c69861efc206e85aab1255e":"0eff7d7bcceb873c3203a8df74f4e91b04bd607ec11202f96cfeb99f5bcdb7aa"
 
+CCM* decrypt, incomplete update and overflow NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16)
+depends_on:MBEDTLS_AES_C
+mbedtls_ccm_incomplete_update_overflow:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_DECRYPT:"d32088d50df9aba14d9022c870a0cb85":"4b10788c1a03bca656f04f1f98":"e16c69861efc206e85aab1255e":"0eff7d7bcceb873c3203a8df74f4e91b04bd607ec11202f96cfeb99f5bcdb7aa"
+
 CCM encrypt, instant finish NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16)
 mbedtls_ccm_instant_finish:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_ENCRYPT:"d32088d50df9aba14d9022c870a0cb85":"4b10788c1a03bca656f04f1f98"
 
diff --git a/tests/suites/test_suite_ccm.function b/tests/suites/test_suite_ccm.function
index 57f13e3d85..311ccc429d 100644
--- a/tests/suites/test_suite_ccm.function
+++ b/tests/suites/test_suite_ccm.function
@@ -591,6 +591,41 @@ exit:
 }
 /* END_CASE */
 
+/* Provide incomplete auth data on first update_ad.
+ * Provide too much auth data on second update_ad */
+/* BEGIN_CASE */
+void mbedtls_ccm_incomplete_ad_and_overflow( int cipher_id, int mode,
+                                             data_t * key, data_t * iv,
+                                             data_t * add )
+{
+    mbedtls_ccm_context ctx;
+
+    /* New auth buffer containing same data as original one,
+     * with added extra byte at the end */
+    uint8_t* add_extended = NULL;
+    ASSERT_ALLOC( add_extended, add->len + 1 );
+    if( add_extended )
+    {
+        memcpy( add_extended, add->x, add->len );
+        add_extended[add->len] = 0xAB; // some magic value
+    }
+
+    mbedtls_ccm_init( &ctx );
+    TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 );
+    TEST_EQUAL( 0, mbedtls_ccm_starts( &ctx, mode, iv->x, iv->len ) );
+    // use hardcoded values for msg length and tag length. They are not a part of this test
+    TEST_EQUAL( 0, mbedtls_ccm_set_lengths( &ctx, add->len, 16, 16 ) );
+
+    // pass incomplete auth data
+    TEST_EQUAL( 0, mbedtls_ccm_update_ad( &ctx, add_extended, add->len - 1) );
+    // pass 2 extra bytes (1 missing byte from previous incomplete pass, and 1 unexpected byte)
+    TEST_EQUAL( MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_update_ad( &ctx, add_extended + add->len - 1, 2) );
+exit:
+    mbedtls_free( add_extended );
+    mbedtls_ccm_free( &ctx );
+}
+/* END_CASE */
+
 /* Provide too much plaintext/ciphertext */
 /* BEGIN_CASE */
 void mbedtls_ccm_overflow_update( int cipher_id, int mode,
@@ -683,6 +718,48 @@ exit:
 }
 /* END_CASE */
 
+/* Provide incomplete plaintext/ciphertext of first update
+ * Provide too much plaintext/ciphertext on second update */
+/* BEGIN_CASE */
+void mbedtls_ccm_incomplete_update_overflow( int cipher_id, int mode,
+                                             data_t * key, data_t * msg, data_t * iv,
+                                             data_t * add )
+{
+    mbedtls_ccm_context ctx;
+    uint8_t *output = NULL;
+    size_t olen;
+
+    /* New plaintext/ciphertext buffer containing same data as original one,
+     * with added extra byte at the end */
+    uint8_t* msg_extended = NULL;
+    ASSERT_ALLOC( msg_extended, msg->len + 1 );
+    if( msg_extended )
+    {
+        memcpy( msg_extended, msg->x, msg->len );
+        msg_extended[msg->len] = 0xAB; // some magic value
+    }
+
+    mbedtls_ccm_init( &ctx );
+    TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 );
+    TEST_EQUAL( 0, mbedtls_ccm_starts( &ctx, mode, iv->x, iv->len ) );
+    // use hardcoded value for tag length. It is a not a part of this test
+    TEST_EQUAL( 0, mbedtls_ccm_set_lengths( &ctx, add->len, msg->len, 16 ) );
+
+    TEST_EQUAL( 0, mbedtls_ccm_update_ad( &ctx, add->x, add->len) );
+
+    ASSERT_ALLOC( output, msg->len + 1 );
+    // pass incomplete text
+    TEST_EQUAL( 0, mbedtls_ccm_update( &ctx, msg_extended, msg->len - 1, output, msg->len + 1, &olen ) );
+    // pass 2 extra bytes (1 missing byte from previous incomplete pass, and 1 unexpected byte)
+    TEST_EQUAL( MBEDTLS_ERR_CCM_BAD_INPUT, \
+                mbedtls_ccm_update( &ctx, msg_extended + msg->len - 1, 2, output +  msg->len - 1, 2, &olen ) );
+exit:
+    mbedtls_free( msg_extended );
+    mbedtls_free( output );
+    mbedtls_ccm_free( &ctx );
+}
+/* END_CASE */
+
 /* Finish without passing any auth data or plaintext/ciphertext input */
 /* BEGIN_CASE */
 void mbedtls_ccm_instant_finish( int cipher_id, int mode,

From 5d7f6b1fd5ae89282d3cd0806a37dcfca14d06bc Mon Sep 17 00:00:00 2001
From: Mateusz Starzyk <mateusz.starzyk@mobica.com>
Date: Thu, 2 Sep 2021 15:11:14 +0200
Subject: [PATCH 456/966] Remove rendundat ctx->add_len check.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
---
 library/ccm.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/ccm.c b/library/ccm.c
index ca95b8eeb7..15efff79f0 100644
--- a/library/ccm.c
+++ b/library/ccm.c
@@ -266,7 +266,7 @@ int mbedtls_ccm_update_ad( mbedtls_ccm_context *ctx,
         return MBEDTLS_ERR_CCM_BAD_INPUT;
     }
 
-    if( ctx->add_len > 0 && add_len > 0 )
+    if( add_len > 0 )
     {
         if( ctx->state & CCM_STATE__AUTH_DATA_FINISHED )
         {

From efec38bb292f9c74050c3816443333eae7be5d5a Mon Sep 17 00:00:00 2001
From: Mateusz Starzyk <mateusz.starzyk@mobica.com>
Date: Fri, 3 Sep 2021 11:59:26 +0200
Subject: [PATCH 457/966] Extend CCM corner cases tests.

Add tests covering skipped update() or update_ad()
for empty plaintext/ciphertext and empty auth data.

Test vector for P=0, A=0 generated using python's
cryptography.hazmat library.

Python script used for test vector generation:
```
import os
from cryptography.hazmat.primitives.ciphers.aead import AESCCM

def encrypt(key, iv, plaintext, associated_data):

    key = bytes.fromhex(key)
    iv = bytes.fromhex(iv)
    plaintext = bytes.fromhex(plaintext)
    associated_data = bytes.fromhex(associated_data)

    aesccm = AESCCM(key)
    ct = aesccm.encrypt(iv, plaintext, associated_data)
    return ct.hex()

def decrypt(key, associated_data, iv, ciphertext):

    key = bytes.fromhex(key)
    associated_data = bytes.fromhex(associated_data)
    iv = bytes.fromhex(iv)
    ciphertext = bytes.fromhex(ciphertext)

    aesccm = AESCCM(key)
    pt = aesccm.decrypt(iv, ciphertext, associated_data)
    return pt.hex()

key = "54caf96ef6d448734700aadab50faf7a"
plaintext = ""
iv = "a3803e752ae849c910d8da36af"
aad = ""

encrypted = encrypt(key, iv, plaintext, aad)

print(f"key: {key}")
print(f"iv: {iv}")
print(f"encrypted: {encrypted}")

print("--------------------------------------")

decrypted = decrypt(
    key,
    aad,
    iv,
    encrypted
)

print(f"decrypted: {decrypted}")
```

Results:
```
key: 54caf96ef6d448734700aadab50faf7a
iv: a3803e752ae849c910d8da36af
encrypted: eba8347baa6d61f87b67c2dd7c6d2053
--------------------------------------
decrypted:
```

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
---
 tests/suites/test_suite_ccm.data | 48 ++++++++++++++++++++++++++++++++
 1 file changed, 48 insertions(+)

diff --git a/tests/suites/test_suite_ccm.data b/tests/suites/test_suite_ccm.data
index 169a885f94..05c20fd40b 100644
--- a/tests/suites/test_suite_ccm.data
+++ b/tests/suites/test_suite_ccm.data
@@ -174,6 +174,10 @@ CCM encrypt and tag RFC 3610 #24
 depends_on:MBEDTLS_AES_C
 mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"D7828D13B2B0BDC325A76236DF93CC6B":"ABF21C0B02FEB88F856DF4A37381BCE3CC128517D4":"008D493B30AE8B3C9696766CFA":"6E37A6EF546D955D34AB6059":"F32905B88A641B04B9C9FFB58CC390900F3DA12AB16DCE9E82EFA16DA62059"
 
+CCM encrypt and tag AES-128 (P=0, N=13, A=0, T=16)
+depends_on:MBEDTLS_AES_C
+mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"54caf96ef6d448734700aadab50faf7a":"":"a3803e752ae849c910d8da36af":"":"eba8347baa6d61f87b67c2dd7c6d2053"
+
 CCM encrypt and tag NIST VTT AES-128 #1 (P=24, N=13, A=32, T=4)
 depends_on:MBEDTLS_AES_C
 mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"43b1a6bc8d0d22d6d1ca95c18593cca5":"a2b381c7d1545c408fe29817a21dc435a154c87256346b05":"9882578e750b9682c6ca7f8f86":"2084f3861c9ad0ccee7c63a7e05aece5db8b34bd8724cc06b4ca99a7f9c4914f":"cc69ed76985e0ed4c8365a72775e5a19bfccc71aeb116c85a8c74677"
@@ -1518,6 +1522,22 @@ CCM-Camellia encrypt and tag RFC 5528 #24
 depends_on:MBEDTLS_CAMELLIA_C
 mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_CAMELLIA:"D75C2778078CA93D971F96FDE720F4CD":"9DC9EDAE2FF5DF8636E8C6DE0EED55F7867E33337D":"003B8FD8D3A937B160B6A31C1C":"A4D499F78419728C19178B0C":"4B198156393B0F7796086AAFB454F8C3F034CCA966945F1FCEA7E11BEE6A2F"
 
+CCM encrypt, skip ad AES-128 (P=0, N=13, A=0, T=16)
+depends_on:MBEDTLS_AES_C
+mbedtls_ccm_skip_ad:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_ENCRYPT:"54caf96ef6d448734700aadab50faf7a":"":"a3803e752ae849c910d8da36af":"":"eba8347baa6d61f87b67c2dd7c6d2053"
+
+CCM* encrypt, skip ad AES-128 (P=0, N=13, A=0, T=16)
+depends_on:MBEDTLS_AES_C
+mbedtls_ccm_skip_ad:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_ENCRYPT:"54caf96ef6d448734700aadab50faf7a":"":"a3803e752ae849c910d8da36af":"":"eba8347baa6d61f87b67c2dd7c6d2053"
+
+CCM decrypt, skip ad AES-128 (P=0, N=13, A=0, T=16)
+depends_on:MBEDTLS_AES_C
+mbedtls_ccm_skip_ad:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_DECRYPT:"54caf96ef6d448734700aadab50faf7a":"":"a3803e752ae849c910d8da36af":"":"eba8347baa6d61f87b67c2dd7c6d2053"
+
+CCM* decrypt, skip ad AES-128 (P=0, N=13, A=0, T=16)
+depends_on:MBEDTLS_AES_C
+mbedtls_ccm_skip_ad:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_DECRYPT:"54caf96ef6d448734700aadab50faf7a":"":"a3803e752ae849c910d8da36af":"":"eba8347baa6d61f87b67c2dd7c6d2053"
+
 CCM encrypt, skip ad NIST VADT AES-128 (P=24, N=13, A=0, T=16)
 depends_on:MBEDTLS_AES_C
 mbedtls_ccm_skip_ad:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_ENCRYPT:"d24a3d3dde8c84830280cb87abad0bb3":"7c86135ed9c2a515aaae0e9a208133897269220f30870006":"f1100035bb24a8d26004e0e24b":"1faeb0ee2ca2cd52f0aa3966578344f24e69b742c4ab37ab":"1123301219c70599b7c373ad4b3ad67b"
@@ -1534,6 +1554,22 @@ CCM* decrypt, skip ad NIST DVPT AES-192 (P=24, N=7, A=0, T=4)
 depends_on:MBEDTLS_AES_C
 mbedtls_ccm_skip_ad:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_DECRYPT:"19ebfde2d5468ba0a3031bde629b11fd4094afcb205393fa":"411986d04d6463100bff03f7d0bde7ea2c3488784378138c":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22":"ddc93a54"
 
+CCM encrypt, skip update AES-128 (P=0, N=13, A=0, T=16)
+depends_on:MBEDTLS_AES_C
+mbedtls_ccm_skip_update:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_ENCRYPT:"54caf96ef6d448734700aadab50faf7a":"a3803e752ae849c910d8da36af":"":"eba8347baa6d61f87b67c2dd7c6d2053"
+
+CCM decrypt, skip update AES-128 (P=0, N=13, A=0, T=16)
+depends_on:MBEDTLS_AES_C
+mbedtls_ccm_skip_update:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_DECRYPT:"54caf96ef6d448734700aadab50faf7a":"a3803e752ae849c910d8da36af":"":"eba8347baa6d61f87b67c2dd7c6d2053"
+
+CCM* encrypt, skip update AES-128 (P=0, N=13, A=0, T=16)
+depends_on:MBEDTLS_AES_C
+mbedtls_ccm_skip_update:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_ENCRYPT:"54caf96ef6d448734700aadab50faf7a":"a3803e752ae849c910d8da36af":"":"eba8347baa6d61f87b67c2dd7c6d2053"
+
+CCM* decrypt, skip update AES-128 (P=0, N=13, A=0, T=16)
+depends_on:MBEDTLS_AES_C
+mbedtls_ccm_skip_update:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_DECRYPT:"54caf96ef6d448734700aadab50faf7a":"a3803e752ae849c910d8da36af":"":"eba8347baa6d61f87b67c2dd7c6d2053"
+
 CCM encrypt, skip update NIST VPT AES-128 #1 (P=0, N=13, A=32, T=16)
 depends_on:MBEDTLS_AES_C
 mbedtls_ccm_skip_update:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_ENCRYPT:"2ebf60f0969013a54a3dedb19d20f6c8":"1de8c5e21f9db33123ff870add":"e1de6c6119d7db471136285d10b47a450221b16978569190ef6a22b055295603":"0ead29ef205fbb86d11abe5ed704b880"
@@ -1689,3 +1725,15 @@ mbedtls_ccm_instant_finish:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_ENCRYPT:"d3208
 
 CCM* decrypt, instant finish NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16)
 mbedtls_ccm_instant_finish:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_DECRYPT:"d32088d50df9aba14d9022c870a0cb85":"4b10788c1a03bca656f04f1f98"
+
+CCM encrypt, instant finish AES-128 (P=0, N=13, A=0, T=16)
+mbedtls_ccm_instant_finish:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_ENCRYPT:"54caf96ef6d448734700aadab50faf7a":"a3803e752ae849c910d8da36af"
+
+CCM decrypt, instant finish AES-128 (P=0, N=13, A=0, T=16)
+mbedtls_ccm_instant_finish:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_DECRYPT:"54caf96ef6d448734700aadab50faf7a":"a3803e752ae849c910d8da36af"
+
+CCM* encrypt, instant finish AES-128 (P=0, N=13, A=0, T=16)
+mbedtls_ccm_instant_finish:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_ENCRYPT:"54caf96ef6d448734700aadab50faf7a":"a3803e752ae849c910d8da36af"
+
+CCM* decrypt, instant finish AES-128 (P=0, N=13, A=0, T=16)
+mbedtls_ccm_instant_finish:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_DECRYPT:"54caf96ef6d448734700aadab50faf7a":"a3803e752ae849c910d8da36af"

From 83e4c1270a24c7a63ea1cb8f799478172ecdaa96 Mon Sep 17 00:00:00 2001
From: Mateusz Starzyk <mateusz.starzyk@mobica.com>
Date: Fri, 3 Sep 2021 14:07:21 +0200
Subject: [PATCH 458/966] Add CCM tests for passing unexpected input.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
---
 tests/suites/test_suite_ccm.data     |  7 +++++
 tests/suites/test_suite_ccm.function | 47 ++++++++++++++++++++++++++++
 2 files changed, 54 insertions(+)

diff --git a/tests/suites/test_suite_ccm.data b/tests/suites/test_suite_ccm.data
index 05c20fd40b..591e0d9067 100644
--- a/tests/suites/test_suite_ccm.data
+++ b/tests/suites/test_suite_ccm.data
@@ -1737,3 +1737,10 @@ mbedtls_ccm_instant_finish:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_ENCRYPT:"54caf
 
 CCM* decrypt, instant finish AES-128 (P=0, N=13, A=0, T=16)
 mbedtls_ccm_instant_finish:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_DECRYPT:"54caf96ef6d448734700aadab50faf7a":"a3803e752ae849c910d8da36af"
+
+CCM pass unexpected auth data, NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16)
+mbedtls_ccm_unexpected_ad::MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_ENCRYPT:"d32088d50df9aba14d9022c870a0cb85":"e16c69861efc206e85aab1255e":"0eff7d7bcceb873c3203a8df74f4e91b04bd607ec11202f96cfeb99f5bcdb7aa"
+
+CCM encrypt, unexpected ciphertext/plaintext data, NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16)
+depends_on:MBEDTLS_AES_C
+mbedtls_ccm_unexpected_text:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_ENCRYPT:"d32088d50df9aba14d9022c870a0cb85":"4b10788c1a03bca656f04f1f98":"e16c69861efc206e85aab1255e":"0eff7d7bcceb873c3203a8df74f4e91b04bd607ec11202f96cfeb99f5bcdb7aa"
diff --git a/tests/suites/test_suite_ccm.function b/tests/suites/test_suite_ccm.function
index 311ccc429d..472be64540 100644
--- a/tests/suites/test_suite_ccm.function
+++ b/tests/suites/test_suite_ccm.function
@@ -542,6 +542,53 @@ exit:
 }
 /* END_CASE */
 
+/* Provide unexpected auth data */
+/* BEGIN_CASE */
+void mbedtls_ccm_unexpected_ad( int cipher_id, int mode,
+                                 data_t * key, data_t * iv,
+                                 data_t * add )
+{
+    mbedtls_ccm_context ctx;
+
+    mbedtls_ccm_init( &ctx );
+    TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 );
+    TEST_EQUAL( 0, mbedtls_ccm_starts( &ctx, mode, iv->x, iv->len ) );
+    // use hardcoded values for msg length and tag length. They are not a part of this test
+    TEST_EQUAL( 0, mbedtls_ccm_set_lengths( &ctx, 0, 16, 16 ) );
+
+    TEST_EQUAL( MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_update_ad( &ctx, add->x, add->len) );
+exit:
+    mbedtls_ccm_free( &ctx );
+}
+/* END_CASE */
+
+/* Provide unexpected plaintext/ciphertext data */
+/* BEGIN_CASE */
+void mbedtls_ccm_unexpected_text( int cipher_id, int mode,
+                                  data_t * key, data_t * msg, data_t * iv,
+                                  data_t * add )
+{
+    mbedtls_ccm_context ctx;
+    uint8_t *output = NULL;
+    size_t olen;
+
+    mbedtls_ccm_init( &ctx );
+    TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 );
+    TEST_EQUAL( 0, mbedtls_ccm_starts( &ctx, mode, iv->x, iv->len ) );
+    // use hardcoded value for tag length. It is not a part of this test
+    TEST_EQUAL( 0, mbedtls_ccm_set_lengths( &ctx, add->len, 0, 16 ) );
+
+    TEST_EQUAL( 0, mbedtls_ccm_update_ad( &ctx, add->x, add->len) );
+
+    ASSERT_ALLOC( output, msg->len );
+    olen = 0xdeadbeef;
+    TEST_EQUAL( MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_update( &ctx, msg->x, msg->len, output, msg->len, &olen ) );
+exit:
+    mbedtls_free( output );
+    mbedtls_ccm_free( &ctx );
+}
+/* END_CASE */
+
 /* Provide incomplete auth data and finish */
 /* BEGIN_CASE */
 void mbedtls_ccm_incomplete_ad( int cipher_id, int mode,

From bbe09526b78746e37ebdfcb4d62a0f66581412a4 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Mon, 6 Sep 2021 21:17:54 +0800
Subject: [PATCH 459/966] fix name conversion issues

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_tls13_client.c | 74 +++++++++++++++++++-------------------
 1 file changed, 37 insertions(+), 37 deletions(-)

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 2a62dc6fdd..fe2e6f850b 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -133,8 +133,8 @@ static int ssl_tls13_write_client_hello_cipher_suites(
             size_t *olen )
 {
     const int *ciphersuite_list;
-    unsigned char *cipher_suites_start; /* Start of the cipher_suites list */
-    unsigned char *cipher_suites_iter;  /* Iteration over the cipher_suites list */
+    unsigned char *cipher_suites_ptr; /* Start of the cipher_suites list */
+    unsigned char *p;  /* Iteration over the cipher_suites list */
     size_t cipher_suites_len;
 
     *olen = 0 ;
@@ -153,8 +153,8 @@ static int ssl_tls13_write_client_hello_cipher_suites(
     MBEDTLS_SSL_CHK_BUF_PTR( buf, end, 2 );
 
     /* Write cipher_suites */
-    cipher_suites_start = buf + 2;
-    cipher_suites_iter  = cipher_suites_start;
+    cipher_suites_ptr = buf + 2;
+    p  = cipher_suites_ptr;
 
     for ( size_t i = 0; ciphersuite_list[i] != 0; i++ )
     {
@@ -173,20 +173,20 @@ static int ssl_tls13_write_client_hello_cipher_suites(
                                     ciphersuite_info->name ) );
 
         /* Check there is space for the cipher suite identifier (2 bytes). */
-        MBEDTLS_SSL_CHK_BUF_PTR( cipher_suites_iter, end, 2 );
-        MBEDTLS_PUT_UINT16_BE( cipher_suite, cipher_suites_iter, 0 );
-        cipher_suites_iter += 2;
+        MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
+        MBEDTLS_PUT_UINT16_BE( cipher_suite, p, 0 );
+        p += 2;
     }
 
     /* Write the cipher_suites length in number of bytes */
-    cipher_suites_len = cipher_suites_iter - cipher_suites_start;
+    cipher_suites_len = p - cipher_suites_ptr;
     MBEDTLS_PUT_UINT16_BE( cipher_suites_len, buf, 0 );
     MBEDTLS_SSL_DEBUG_MSG( 3,
                            ( "client hello, got %" MBEDTLS_PRINTF_SIZET " cipher suites",
                              cipher_suites_len/2 ) );
 
     /* Output the total length of cipher_suites field. */
-    *olen = cipher_suites_iter - buf;
+    *olen = p - buf;
 
     return( 0 );
 }
@@ -215,7 +215,7 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl,
     size_t extensions_len;             /* Length of the list of extensions*/
 
     /* Buffer management */
-    unsigned char *start = buf;
+    unsigned char *p = buf;
 
     *olen = 0;
 
@@ -230,16 +230,16 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl,
      *  For TLS 1.3 we use the legacy version number {0x03, 0x03}
      *  instead of the true version number.
      */
-    MBEDTLS_SSL_CHK_BUF_PTR( buf, end, CLIENT_HELLO_LEGACY_VERSION_LEN );
-    MBEDTLS_PUT_UINT16_BE( 0x0303, buf, 0 );
-    buf += CLIENT_HELLO_LEGACY_VERSION_LEN;
+    MBEDTLS_SSL_CHK_BUF_PTR( p, end, CLIENT_HELLO_LEGACY_VERSION_LEN );
+    MBEDTLS_PUT_UINT16_BE( 0x0303, p, 0 );
+    p += CLIENT_HELLO_LEGACY_VERSION_LEN;
 
     /* Write the random bytes ( random ).*/
-    MBEDTLS_SSL_CHK_BUF_PTR( buf, end, CLIENT_HELLO_RANDOM_LEN );
-    memcpy( buf, ssl->handshake->randbytes, CLIENT_HELLO_RANDOM_LEN );
+    MBEDTLS_SSL_CHK_BUF_PTR( p, end, CLIENT_HELLO_RANDOM_LEN );
+    memcpy( p, ssl->handshake->randbytes, CLIENT_HELLO_RANDOM_LEN );
     MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, random bytes",
-                           buf, CLIENT_HELLO_RANDOM_LEN );
-    buf += CLIENT_HELLO_RANDOM_LEN;
+                           p, CLIENT_HELLO_RANDOM_LEN );
+    p += CLIENT_HELLO_RANDOM_LEN;
 
     /*
      * Write legacy_session_id
@@ -254,14 +254,14 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl,
      * ( also known as ossification ). Otherwise, it MUST be set as a zero-length
      * vector ( i.e., a zero-valued single byte length field ).
      */
-    MBEDTLS_SSL_CHK_BUF_PTR( buf, end, 1 );
-    *buf++ = 0; /* session id length set to zero */
+    MBEDTLS_SSL_CHK_BUF_PTR( p, end, 1 );
+    *p++ = 0; /* session id length set to zero */
 
     /* Write cipher_suites */
-    ret = ssl_tls13_write_client_hello_cipher_suites( ssl, buf, end, &output_len );
+    ret = ssl_tls13_write_client_hello_cipher_suites( ssl, p, end, &output_len );
     if( ret != 0 )
         return( ret );
-    buf += output_len;
+    p += output_len;
 
     /* Write legacy_compression_methods
      *
@@ -269,9 +269,9 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl,
      * one byte set to zero, which corresponds to the 'null' compression
      * method in prior versions of TLS.
      */
-    MBEDTLS_SSL_CHK_BUF_PTR( buf, end, 2 );
-    *buf++ = 1;
-    *buf++ = MBEDTLS_SSL_COMPRESS_NULL;
+    MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
+    *p++ = 1;
+    *p++ = MBEDTLS_SSL_COMPRESS_NULL;
 
     /* Write extensions */
 
@@ -279,28 +279,28 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl,
     ssl->handshake->extensions_present = MBEDTLS_SSL_EXT_NONE;
 
     /* First write extensions, then the total length */
-    MBEDTLS_SSL_CHK_BUF_PTR( buf, end, 2 );
-    extensions_len_ptr = buf;
-    buf += 2;
+    MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
+    extensions_len_ptr = p;
+    p += 2;
 
     /* Write supported_versions extension
      *
      * Supported Versions Extension is mandatory with TLS 1.3.
      */
-    ret = ssl_tls13_write_supported_versions_ext( ssl, buf, end, &output_len );
+    ret = ssl_tls13_write_supported_versions_ext( ssl, p, end, &output_len );
     if( ret != 0 )
         return( ret );
-    buf += output_len;
+    p += output_len;
 
 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
     /* Write supported_groups extension
      *
      * It is REQUIRED for ECDHE cipher_suites.
      */
-    ret = ssl_tls13_write_supported_groups_ext( ssl, buf, end, &output_len );
+    ret = ssl_tls13_write_supported_groups_ext( ssl, p, end, &output_len );
     if( ret != 0 )
         return( ret );
-    buf += output_len;
+    p += output_len;
 
     /* Write key_share extension
      *
@@ -313,32 +313,32 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl,
      * 3) Or, in case all ciphers are supported ( which includes #1 and #2
      *    from above )
      */
-    ret = ssl_tls13_write_key_shares_ext( ssl, buf, end, &output_len );
+    ret = ssl_tls13_write_key_shares_ext( ssl, p, end, &output_len );
     if( ret != 0 )
         return( ret );
-    buf += output_len;
+    p += output_len;
 
     /* Write signature_algorithms extension
      *
      * It is REQUIRED for certificate authenticated cipher_suites.
      */
-    ret = mbedtls_ssl_tls13_write_sig_alg_ext( ssl, buf, end, &output_len );
+    ret = mbedtls_ssl_tls13_write_sig_alg_ext( ssl, p, end, &output_len );
     if( ret != 0 )
         return( ret );
-    buf += output_len;
+    p += output_len;
 
 #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
 
     /* Add more extensions here */
 
     /* Write the length of the list of extensions. */
-    extensions_len = buf - extensions_len_ptr - 2;
+    extensions_len = p - extensions_len_ptr - 2;
     MBEDTLS_PUT_UINT16_BE( extensions_len, extensions_len_ptr, 0 );
     MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, total extension length: %" MBEDTLS_PRINTF_SIZET ,
                                 extensions_len ) );
     MBEDTLS_SSL_DEBUG_BUF( 3, "client hello extensions", extensions_len_ptr, extensions_len );
 
-    *olen = buf - start;
+    *olen = p - buf;
     return( 0 );
 }
 

From 4e388286af740564055f004e99ae133f65b9aece Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Mon, 6 Sep 2021 21:28:08 +0800
Subject: [PATCH 460/966] fix usage of iteration

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_tls13_client.c | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index fe2e6f850b..b10e33bfbf 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -132,9 +132,9 @@ static int ssl_tls13_write_client_hello_cipher_suites(
             unsigned char *end,
             size_t *olen )
 {
+    unsigned char *p = buf;  /* Iteration over the cipher_suites list */
     const int *ciphersuite_list;
     unsigned char *cipher_suites_ptr; /* Start of the cipher_suites list */
-    unsigned char *p;  /* Iteration over the cipher_suites list */
     size_t cipher_suites_len;
 
     *olen = 0 ;
@@ -150,12 +150,11 @@ static int ssl_tls13_write_client_hello_cipher_suites(
     ciphersuite_list = ssl->conf->ciphersuite_list;
 
     /* Check there is space for the cipher suite list length (2 bytes). */
-    MBEDTLS_SSL_CHK_BUF_PTR( buf, end, 2 );
+    MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
+    p += 2;
 
     /* Write cipher_suites */
-    cipher_suites_ptr = buf + 2;
-    p  = cipher_suites_ptr;
-
+    cipher_suites_ptr = p;
     for ( size_t i = 0; ciphersuite_list[i] != 0; i++ )
     {
         int cipher_suite = ciphersuite_list[i];

From fec982eacc184b08d00eaeb118c06918147bcfe7 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Tue, 7 Sep 2021 17:26:06 +0800
Subject: [PATCH 461/966] fix coding style issues

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_tls13_client.c | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index b10e33bfbf..41c7a4d144 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -31,7 +31,6 @@
 #include <mbedtls/debug.h>
 
 #define CLIENT_HELLO_RANDOM_LEN 32
-#define CLIENT_HELLO_LEGACY_VERSION_LEN 2
 
 /* Write extensions */
 
@@ -132,7 +131,7 @@ static int ssl_tls13_write_client_hello_cipher_suites(
             unsigned char *end,
             size_t *olen )
 {
-    unsigned char *p = buf;  /* Iteration over the cipher_suites list */
+    unsigned char *p = buf;
     const int *ciphersuite_list;
     unsigned char *cipher_suites_ptr; /* Start of the cipher_suites list */
     size_t cipher_suites_len;
@@ -229,9 +228,9 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl,
      *  For TLS 1.3 we use the legacy version number {0x03, 0x03}
      *  instead of the true version number.
      */
-    MBEDTLS_SSL_CHK_BUF_PTR( p, end, CLIENT_HELLO_LEGACY_VERSION_LEN );
+    MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
     MBEDTLS_PUT_UINT16_BE( 0x0303, p, 0 );
-    p += CLIENT_HELLO_LEGACY_VERSION_LEN;
+    p += 2;
 
     /* Write the random bytes ( random ).*/
     MBEDTLS_SSL_CHK_BUF_PTR( p, end, CLIENT_HELLO_RANDOM_LEN );

From 7533635e5acbc3d28d1da334ebc006a57386feff Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Wed, 1 Sep 2021 15:59:36 +0800
Subject: [PATCH 462/966] Change dummy extension return

With error return, server can not receive
Client Hello message.

If received , we can test current status.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_tls13_client.c  | 10 ++++++----
 library/ssl_tls13_generic.c |  7 +++++--
 2 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 41c7a4d144..426568cce8 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -101,8 +101,9 @@ static int ssl_tls13_write_supported_groups_ext( mbedtls_ssl_context *ssl,
     ((void) ssl);
     ((void) buf);
     ((void) end);
-    ((void) olen);
-    return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+    *olen = 0;
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "supported groups extension is not available" ) );
+    return( 0 );
 }
 
 static int ssl_tls13_write_key_shares_ext( mbedtls_ssl_context *ssl,
@@ -113,8 +114,9 @@ static int ssl_tls13_write_key_shares_ext( mbedtls_ssl_context *ssl,
     ((void) ssl);
     ((void) buf);
     ((void) end);
-    ((void) olen);
-    return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+    *olen = 0;
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "key share extension is not available" ) );
+    return( 0 );
 }
 
 #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index ca4c167132..1ff23bc012 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -24,9 +24,11 @@
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
 
 #include "mbedtls/error.h"
+#include "mbedtls/debug.h"
 
 #include "ssl_misc.h"
 
+
 int mbedtls_ssl_tls13_start_handshake_msg( mbedtls_ssl_context *ssl,
                                            unsigned hs_type,
                                            unsigned char **buf,
@@ -108,8 +110,9 @@ int mbedtls_ssl_tls13_write_sig_alg_ext( mbedtls_ssl_context *ssl,
     ((void) ssl);
     ((void) buf);
     ((void) end);
-    ((void) olen);
-    return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+    *olen = 0;
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "signature_algorithm extension is not available" ) );
+    return( 0 );
 }
 
 #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */

From 26f4d15d13ea4587da32229dec3551ec1cd76a4c Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Mon, 23 Aug 2021 17:42:37 +0800
Subject: [PATCH 463/966] Add key exchange modes helper functions

Add helper functions for `tls13_kex_modes`

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_misc.h | 43 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 43 insertions(+)

diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 7035c278cf..9cd1b35728 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -1348,6 +1348,49 @@ void mbedtls_ssl_buffering_free( mbedtls_ssl_context *ssl );
 void mbedtls_ssl_flight_free( mbedtls_ssl_flight_item *flight );
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+
+/*
+ * Helper functions around key exchange modes.
+ */
+static inline unsigned mbedtls_ssl_conf_tls13_kex_modes_check( mbedtls_ssl_context *ssl,
+                                                               int kex_mode_mask )
+{
+    return( ( ssl->conf->tls13_kex_modes & kex_mode_mask ) != 0 );
+}
+
+static inline int mbedtls_ssl_conf_tls13_pure_psk_enabled( mbedtls_ssl_context *ssl )
+{
+    return( mbedtls_ssl_conf_tls13_kex_modes_check( ssl,
+                   MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK ) );
+}
+
+static inline int mbedtls_ssl_conf_tls13_psk_ephemeral_enabled( mbedtls_ssl_context *ssl )
+{
+    return( mbedtls_ssl_conf_tls13_kex_modes_check( ssl,
+                   MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_EPHEMERAL ) );
+}
+
+static inline int mbedtls_ssl_conf_tls13_pure_ephemeral_enabled( mbedtls_ssl_context *ssl )
+{
+    return( mbedtls_ssl_conf_tls13_kex_modes_check( ssl,
+                   MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL ) );
+}
+
+static inline int mbedtls_ssl_conf_tls13_some_ephemeral_enabled( mbedtls_ssl_context *ssl )
+{
+    return( mbedtls_ssl_conf_tls13_kex_modes_check( ssl,
+                   MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL_ALL ) );
+}
+
+static inline int mbedtls_ssl_conf_tls13_some_psk_enabled( mbedtls_ssl_context *ssl )
+{
+    return( mbedtls_ssl_conf_tls13_kex_modes_check( ssl,
+                   MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_ALL ) );
+}
+
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
+
 /**
  * ssl utils functions for checking configuration.
  */

From e226cef124aa7bd79880bc0e5bda9c1fb14a13c6 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Fri, 27 Aug 2021 22:06:20 +0800
Subject: [PATCH 464/966] Add NamedGroup IANA values and helper functions

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 include/mbedtls/ssl.h | 31 +++++++++++++++++++++++++++++++
 library/ssl_misc.h    | 18 ++++++++++++++++++
 2 files changed, 49 insertions(+)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index f533859959..725b156d5d 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -169,6 +169,37 @@
 /** Invalid value in SSL config */
 #define MBEDTLS_ERR_SSL_BAD_CONFIG                        -0x5E80
 
+/*
+ * TLS 1.3 NamedGroup values
+ *
+ * From RF 8446
+ *    enum {
+ *         // Elliptic Curve Groups (ECDHE)
+ *         secp256r1(0x0017), secp384r1(0x0018), secp521r1(0x0019),
+ *         x25519(0x001D), x448(0x001E),
+ *         // Finite Field Groups (DHE)
+ *         ffdhe2048(0x0100), ffdhe3072(0x0101), ffdhe4096(0x0102),
+ *         ffdhe6144(0x0103), ffdhe8192(0x0104),
+ *         // Reserved Code Points
+ *         ffdhe_private_use(0x01FC..0x01FF),
+ *         ecdhe_private_use(0xFE00..0xFEFF),
+ *         (0xFFFF)
+ *     } NamedGroup;
+ *
+ */
+/* Elliptic Curve Groups (ECDHE) */
+#define MBEDTLS_SSL_TLS13_NAMED_GROUP_SECP256R1     0x0017
+#define MBEDTLS_SSL_TLS13_NAMED_GROUP_SECP384R1     0x0018
+#define MBEDTLS_SSL_TLS13_NAMED_GROUP_SECP521R1     0x0019
+#define MBEDTLS_SSL_TLS13_NAMED_GROUP_X25519        0x001D
+#define MBEDTLS_SSL_TLS13_NAMED_GROUP_X448          0x001E
+/* Finite Field Groups (DHE) */
+#define MBEDTLS_SSL_TLS13_NAMED_GROUP_FFDHE2048     0x0100
+#define MBEDTLS_SSL_TLS13_NAMED_GROUP_FFDHE3072     0x0101
+#define MBEDTLS_SSL_TLS13_NAMED_GROUP_FFDHE4096     0x0102
+#define MBEDTLS_SSL_TLS13_NAMED_GROUP_FFDHE6144     0x0103
+#define MBEDTLS_SSL_TLS13_NAMED_GROUP_FFDHE8192     0x0104
+
 /*
  * TLS 1.3 Key Exchange Modes
  *
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 9cd1b35728..d9c82960f4 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -1439,6 +1439,24 @@ static inline int mbedtls_ssl_conf_is_hybrid_tls12_tls13( const mbedtls_ssl_conf
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
 
+/*
+ * Helper functions for NamedGroup.
+ */
+static inline int mbedtls_ssl_named_group_is_ecdhe( uint16_t named_group )
+{
+    return( named_group == MBEDTLS_SSL_TLS13_NAMED_GROUP_SECP256R1 ||
+            named_group == MBEDTLS_SSL_TLS13_NAMED_GROUP_SECP384R1 ||
+            named_group == MBEDTLS_SSL_TLS13_NAMED_GROUP_SECP521R1 ||
+            named_group == MBEDTLS_SSL_TLS13_NAMED_GROUP_X25519    ||
+            named_group == MBEDTLS_SSL_TLS13_NAMED_GROUP_X448 );
+}
+
+static inline int mbedtls_ssl_named_group_is_dhe( uint16_t named_group )
+{
+    return( named_group >= MBEDTLS_SSL_TLS13_NAMED_GROUP_FFDHE2048 &&
+            named_group <= MBEDTLS_SSL_TLS13_NAMED_GROUP_FFDHE8192 );
+}
+
 static inline void mbedtls_ssl_handshake_set_state( mbedtls_ssl_context *ssl,
                                                     mbedtls_ssl_states state )
 {

From 6b64fe31ce63b2a49effc2f7342905d14d316c0c Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Wed, 1 Sep 2021 17:05:13 +0800
Subject: [PATCH 465/966] add supported groups extension

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_tls13_client.c | 163 +++++++++++++++++++++++++++++++++++--
 1 file changed, 157 insertions(+), 6 deletions(-)

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 426568cce8..df2f9eb7dc 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -93,17 +93,168 @@ static int ssl_tls13_write_supported_versions_ext( mbedtls_ssl_context *ssl,
 
 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
 
-static int ssl_tls13_write_supported_groups_ext( mbedtls_ssl_context *ssl,
-                                                 unsigned char *buf,
-                                                 unsigned char *end,
-                                                 size_t *olen )
+/*
+ * Functions for writing supported_groups extension.
+ *
+ * Stucture of supported_groups:
+ *      enum {
+ *          secp256r1(0x0017), secp384r1(0x0018), secp521r1(0x0019),
+ *          x25519(0x001D), x448(0x001E),
+ *          ffdhe2048(0x0100), ffdhe3072(0x0101), ffdhe4096(0x0102),
+ *          ffdhe6144(0x0103), ffdhe8192(0x0104),
+ *          ffdhe_private_use(0x01FC..0x01FF),
+ *          ecdhe_private_use(0xFE00..0xFEFF),
+ *          (0xFFFF)
+ *      } NamedGroup;
+ *      struct {
+ *          NamedGroup named_group_list<2..2^16-1>;
+ *      } NamedGroupList;
+ */
+/* Find out available ecdhe named groups in current configuration */
+#if defined(MBEDTLS_ECDH_C)
+/*
+ * In versions of TLS prior to TLS 1.3, this extension was named
+ * 'elliptic_curves' and only contained elliptic curve groups.
+ */
+static int ssl_tls13_write_named_group_ecdhe( mbedtls_ssl_context *ssl,
+                                              unsigned char *buf,
+                                              unsigned char *end,
+                                              size_t *olen )
+{
+    unsigned char *p = buf;
+#if !defined(MBEDTLS_ECP_C)
+    ((void) ssl);
+#endif
+
+    *olen = 0;
+
+#if defined(MBEDTLS_ECP_C)
+    for ( const mbedtls_ecp_group_id *grp_id = ssl->conf->curve_list;
+          *grp_id != MBEDTLS_ECP_DP_NONE;
+          grp_id++ )
+    {
+        const mbedtls_ecp_curve_info *info;
+        info = mbedtls_ecp_curve_info_from_grp_id( *grp_id );
+        if( info == NULL )
+            continue;
+#else
+    for ( const mbedtls_ecp_curve_info *info = mbedtls_ecp_curve_list();
+          info->grp_id != MBEDTLS_ECP_DP_NONE;
+          info++ )
+    {
+#endif
+        if( !mbedtls_ssl_named_group_is_ecdhe( info->tls_id ) )
+            continue;
+
+        MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2);
+        MBEDTLS_PUT_UINT16_BE( info->tls_id, p, 0 );
+        p += 2;
+
+        MBEDTLS_SSL_DEBUG_MSG( 3, ( "NamedGroup: %s ( %x )",
+                  mbedtls_ecp_curve_info_from_tls_id( info->tls_id )->name,
+                  info->tls_id ) );
+    }
+
+    *olen = p - buf;
+
+    return( 0 );
+}
+#else
+static int ssl_tls13_write_named_group_ecdhe( mbedtls_ssl_context *ssl,
+                                              unsigned char *buf,
+                                              unsigned char *end,
+                                              size_t *olen )
 {
     ((void) ssl);
     ((void) buf);
     ((void) end);
     *olen = 0;
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "supported groups extension is not available" ) );
-    return( 0 );
+    return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+}
+#endif /* MBEDTLS_ECDH_C */
+
+/* Find out available dhe named groups in current configuration */
+static int ssl_tls13_write_named_group_dhe( mbedtls_ssl_context *ssl,
+                                              unsigned char *buf,
+                                              unsigned char *end,
+                                              size_t *olen )
+{
+    ((void) ssl);
+    ((void) buf);
+    ((void) end);
+    *olen = 0;
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "write_named_group_dhe is not implemented" ) );
+    return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+}
+
+/*
+ * Supported Groups Extension (supported_groups)
+ */
+static int ssl_tls13_write_supported_groups_ext( mbedtls_ssl_context *ssl,
+                                                 unsigned char *buf,
+                                                 unsigned char *end,
+                                                 size_t *olen )
+{
+    unsigned char *p = buf ;
+    unsigned char *named_group_ptr; /* Start of named_group_list */
+    size_t named_group_len = 0;
+    int ret = 0, ret_ecdhe, ret_dhe;
+
+    *olen = 0;
+
+    if( !mbedtls_ssl_conf_tls13_some_ephemeral_enabled( ssl ) )
+        return( 0 );
+
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported_groups extension" ) );
+
+    /* Check there is space for extension header */
+    MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 );
+    p += 6;
+
+    named_group_ptr = p;
+    ret_ecdhe = ssl_tls13_write_named_group_ecdhe( ssl, p, end, &named_group_len );
+    if( ret_ecdhe != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "ssl_tls13_write_named_group_ecdhe", ret );
+    }
+    p += named_group_len;
+
+    ret_dhe = ssl_tls13_write_named_group_dhe( ssl, p, end, &named_group_len );
+    if( ret_dhe != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "ssl_tls13_write_named_group_dhe", ret );
+    }
+    p += named_group_len;
+
+    /* Both ECDHE and DHE Fail. */
+    if( ret_ecdhe != 0 && ret_dhe != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "Both ECDHE and DHE groups are fail. " ) );
+        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    }
+
+    /* Length of named_group_list*/
+    named_group_len = p - named_group_ptr;
+    if( named_group_len == 0 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "No Named Group Available." ) );
+        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    }
+
+    /* Write extension_type */
+    MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SUPPORTED_GROUPS, buf, 0 );
+    /* Write extension_data_length */
+    MBEDTLS_PUT_UINT16_BE( named_group_len + 2, buf, 2 );
+    /* Write length of named_group_list */
+    MBEDTLS_PUT_UINT16_BE( named_group_len, buf, 4 );
+
+    MBEDTLS_SSL_DEBUG_BUF( 3, "Supported groups extension", buf + 4, named_group_len + 2 );
+
+    *olen = p - buf;
+
+    ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_SUPPORTED_GROUPS;
+
+    return( ret );
 }
 
 static int ssl_tls13_write_key_shares_ext( mbedtls_ssl_context *ssl,

From 7236994aa9b57c7675fee71512581a19293c5dcb Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Tue, 31 Aug 2021 15:41:21 +0800
Subject: [PATCH 466/966] add signature algorithms extension

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_tls13_generic.c | 57 ++++++++++++++++++++++++++++++++++---
 1 file changed, 53 insertions(+), 4 deletions(-)

diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 1ff23bc012..79ecfff3ea 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -107,11 +107,60 @@ int mbedtls_ssl_tls13_write_sig_alg_ext( mbedtls_ssl_context *ssl,
                                          unsigned char *end,
                                          size_t *olen )
 {
-    ((void) ssl);
-    ((void) buf);
-    ((void) end);
+    unsigned char *p = buf;
+    unsigned char *sig_alg_ptr; /* Start of supported_signature_algorithms */
+    size_t sig_alg_len = 0;     /* Length of supported_signature_algorithms */
+
     *olen = 0;
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "signature_algorithm extension is not available" ) );
+
+    /* Skip the extension on the client if all allowed key exchanges
+     * are PSK-based. */
+#if defined(MBEDTLS_SSL_CLI_C)
+    if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT &&
+        !mbedtls_ssl_conf_tls13_some_ephemeral_enabled( ssl ) )
+    {
+        return( 0 );
+    }
+#endif /* MBEDTLS_SSL_CLI_C */
+
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding signature_algorithms extension" ) );
+
+    /* Check there is space for extension header */
+    MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 );
+    p += 6;
+
+    /*
+     * Write supported_signature_algorithms
+     */
+    sig_alg_ptr = p;
+    for( const uint16_t *sig_alg = ssl->conf->tls13_sig_algs;
+         *sig_alg != MBEDTLS_TLS13_SIG_NONE; sig_alg++ )
+    {
+        MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
+        MBEDTLS_PUT_UINT16_BE( *sig_alg, p, 0 );
+        p += 2;
+        MBEDTLS_SSL_DEBUG_MSG( 3, ( "signature scheme [%x]", *sig_alg ) );
+    }
+
+    /* Length of supported_signature_algorithms*/
+    sig_alg_len = p - sig_alg_ptr;
+    if( sig_alg_len == 0 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "No signature algorithms defined." ) );
+        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    }
+
+    /* Write extension_type */
+    MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SIG_ALG, buf, 0 );
+    /* Write extension_data_length */
+    MBEDTLS_PUT_UINT16_BE( sig_alg_len + 2, buf, 2 );
+    /* Write length of supported_signature_algorithms */
+    MBEDTLS_PUT_UINT16_BE( sig_alg_len, buf, 4 );
+
+    /* Output the total length of signature algorithms extension. */
+    *olen = p - buf;
+
+    ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_SIG_ALG;
     return( 0 );
 }
 

From 56fc07f7aee15d27e3465481838cf6b060f75dd7 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Wed, 1 Sep 2021 17:48:49 +0800
Subject: [PATCH 467/966] add key_share extension

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ecdh.c             |  85 +++++++++++++++
 library/ssl_misc.h         |  20 ++++
 library/ssl_tls13_client.c | 217 ++++++++++++++++++++++++++++++++++---
 3 files changed, 308 insertions(+), 14 deletions(-)

diff --git a/library/ecdh.c b/library/ecdh.c
index 9dfa868063..ac60165443 100644
--- a/library/ecdh.c
+++ b/library/ecdh.c
@@ -31,6 +31,7 @@
 #include "mbedtls/ecdh.h"
 #include "mbedtls/platform_util.h"
 #include "mbedtls/error.h"
+#include "ssl_misc.h"
 
 #include <string.h>
 
@@ -726,4 +727,88 @@ int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen,
 #endif
 }
 
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+
+static int ecdh_tls13_make_params_internal( mbedtls_ecdh_context_mbed *ctx,
+                                            size_t *olen, int point_format,
+                                            unsigned char *buf, size_t blen,
+                                            int ( *f_rng )( void *,
+                                                            unsigned char *,
+                                                            size_t),
+                                            void *p_rng, int restart_enabled )
+{
+    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+    mbedtls_ecp_restart_ctx *rs_ctx = NULL;
+#endif
+
+    if( ctx->grp.pbits == 0 )
+        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+    if( restart_enabled )
+        rs_ctx = &ctx->rs;
+#else
+    (void) restart_enabled;
+#endif
+
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+    if( ( ret = ecdh_gen_public_restartable( &ctx->grp, &ctx->d, &ctx->Q,
+                                             f_rng, p_rng, rs_ctx ) ) != 0 )
+        return( ret );
+#else
+    if( ( ret = mbedtls_ecdh_gen_public( &ctx->grp, &ctx->d, &ctx->Q,
+                                         f_rng, p_rng ) ) != 0 )
+        return( ret );
+#endif /* MBEDTLS_ECP_RESTARTABLE */
+
+    ret = mbedtls_ecp_point_write_binary( &ctx->grp, &ctx->Q, point_format,
+                                          olen, buf, blen );
+    if( ret != 0 )
+        return( ret );
+
+    return( 0 );
+}
+
+int mbedtls_ecdh_tls13_make_params( mbedtls_ecdh_context *ctx, size_t *olen,
+                                    unsigned char *buf, size_t blen,
+                                    int ( *f_rng )( void *, unsigned char *, size_t ),
+                                    void *p_rng )
+{
+    int restart_enabled = 0;
+    ECDH_VALIDATE_RET( ctx != NULL );
+    ECDH_VALIDATE_RET( olen != NULL );
+    ECDH_VALIDATE_RET( buf != NULL );
+    ECDH_VALIDATE_RET( f_rng != NULL );
+
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+    restart_enabled = ctx->restart_enabled;
+#else
+    (void) restart_enabled;
+#endif
+
+#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
+    return( ecdh_tls13_make_params_internal( ctx, olen, ctx->point_format, buf, blen,
+                                       f_rng, p_rng, restart_enabled ) );
+#else
+    switch( ctx->var )
+    {
+#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
+        case MBEDTLS_ECDH_VARIANT_EVEREST:
+            return( mbedtls_everest_make_params( &ctx->ctx.everest_ecdh, olen,
+                                                 buf, blen, f_rng, p_rng ) );
+#endif
+        case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
+            return( ecdh_tls13_make_params_internal( &ctx->ctx.mbed_ecdh, olen,
+                                               ctx->point_format, buf, blen,
+                                               f_rng, p_rng,
+                                               restart_enabled ) );
+        default:
+            return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+    }
+#endif
+}
+
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
+
 #endif /* MBEDTLS_ECDH_C */
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index d9c82960f4..f8f5fe6c93 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -649,6 +649,16 @@ struct mbedtls_ssl_handshake_params
     void (*calc_finished)(mbedtls_ssl_context *, unsigned char *, int);
     mbedtls_ssl_tls_prf_cb *tls_prf;
 
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+    uint16_t offered_group_id; /* The NamedGroup value for the group
+                                * that is being used for ephemeral
+                                * key exchange.
+                                *
+                                * On the client: Defaults to the first
+                                * entry in the client's group list,
+                                * but can be overwritten by the HRR. */
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
+
     mbedtls_ssl_ciphersuite_t const *ciphersuite_info;
 
     size_t pmslen;                      /*!<  premaster length        */
@@ -1491,6 +1501,16 @@ int mbedtls_ssl_tls13_write_sig_alg_ext( mbedtls_ssl_context *ssl,
                                          unsigned char *buf,
                                          unsigned char *end,
                                          size_t *olen);
+#if defined(MBEDTLS_ECDH_C)
+/*
+ * TLS 1.3 version of mbedtls_ecdh_make_params in ecdh.h
+ */
+int mbedtls_ecdh_tls13_make_params( mbedtls_ecdh_context *ctx, size_t *olen,
+                                    unsigned char *buf, size_t blen,
+                                    int ( *f_rng )( void *, unsigned char *, size_t ),
+                                    void *p_rng );
+#endif /* MBEDTLS_ECDH_C */
+
 #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
 
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index df2f9eb7dc..8323b67782 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -28,7 +28,8 @@
 #include <string.h>
 
 #include "ssl_misc.h"
-#include <mbedtls/debug.h>
+#include "mbedtls/debug.h"
+#include "mbedtls/error.h"
 
 #define CLIENT_HELLO_RANDOM_LEN 32
 
@@ -257,24 +258,212 @@ static int ssl_tls13_write_supported_groups_ext( mbedtls_ssl_context *ssl,
     return( ret );
 }
 
-static int ssl_tls13_write_key_shares_ext( mbedtls_ssl_context *ssl,
-                                           unsigned char *buf,
-                                           unsigned char *end,
-                                           size_t *olen )
+/*
+ * Functions for writing key_share extension.
+ */
+#if defined(MBEDTLS_ECDH_C)
+static int ssl_key_share_gen_and_write_ecdhe( mbedtls_ssl_context *ssl,
+                                              uint16_t named_group,
+                                              unsigned char *buf,
+                                              unsigned char *end,
+                                              size_t *olen )
 {
-    ((void) ssl);
-    ((void) buf);
-    ((void) end);
-    *olen = 0;
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "key share extension is not available" ) );
+    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+
+    const mbedtls_ecp_curve_info *curve_info =
+        mbedtls_ecp_curve_info_from_tls_id( named_group );
+
+    if( curve_info == NULL )
+        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "offer curve %s", curve_info->name ) );
+
+    if( ( ret = mbedtls_ecdh_setup( &ssl->handshake->ecdh_ctx,
+                                    curve_info->grp_id ) ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecp_group_load", ret );
+        return( ret );
+    }
+
+    ret = mbedtls_ecdh_tls13_make_params( &ssl->handshake->ecdh_ctx, olen,
+                                           buf, end - buf,
+                                           ssl->conf->f_rng, ssl->conf->p_rng );
+    if( ret != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_tls13_make_params", ret );
+        return( ret );
+    }
+
+    MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
+                            MBEDTLS_DEBUG_ECDH_Q );
     return( 0 );
 }
+#endif /* MBEDTLS_ECDH_C */
+
+static int ssl_named_group_get_default_id( mbedtls_ssl_context *ssl,
+                                           uint16_t *named_group_id )
+{
+    int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
+
+    /* Pick first entry of curve list.
+     *
+     * TODO: When we introduce PQC KEMs, we'll have a NamedGroup
+     *       list instead, and can just return its first element.
+     */
+
+    /* Check if ecdhe named groups are available and pick first entry */
+#if defined(MBEDTLS_ECDH_C)
+#if !defined(MBEDTLS_ECP_C)
+    ((void) ssl);
+#endif
+#if defined(MBEDTLS_ECP_C)
+    for ( const mbedtls_ecp_group_id * grp_id = ssl->conf->curve_list;
+          *grp_id != MBEDTLS_ECP_DP_NONE;
+          grp_id++ )
+    {
+        const mbedtls_ecp_curve_info *info;
+        info = mbedtls_ecp_curve_info_from_grp_id( *grp_id );
+#else
+    for ( const mbedtls_ecp_curve_info *info = mbedtls_ecp_curve_list();
+          info->grp_id != MBEDTLS_ECP_DP_NONE;
+          info++ )
+    {
+#endif
+        if( info != NULL && mbedtls_ssl_named_group_is_ecdhe( info->tls_id ) )
+        {
+            *named_group_id = info->tls_id;
+            return( 0 );
+        }
+    }
+#else
+    ((void) ssl);
+    ((void) named_group_id);
+#endif /* MBEDTLS_ECDH_C */
+
+    /*
+     * Add DHE named groups here.
+     * Check if ecdhe named groups are available and pick first entry
+     */
+
+    return( ret );
+}
+
+/*
+ * ssl_tls13_write_key_share_ext
+ *
+ * Structure of key_share extension in ClientHelo:
+ *
+ *  struct {
+ *          NamedGroup group;
+ *          opaque key_exchange<1..2^16-1>;
+ *      } KeyShareEntry;
+ *  struct {
+ *          KeyShareEntry client_shares<0..2^16-1>;
+ *      } KeyShareClientHello;
+ */
+static int ssl_tls13_write_key_share_ext( mbedtls_ssl_context *ssl,
+                                          unsigned char *buf,
+                                          unsigned char *end,
+                                          size_t *olen )
+{
+    unsigned char *p = buf;
+    unsigned char *client_shares_ptr; /* Start of client_shares */
+    uint16_t group_id;
+
+    int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
+
+    *olen = 0;
+
+    if( !mbedtls_ssl_conf_tls13_some_ephemeral_enabled( ssl ) )
+        return( 0 );
+
+    /* Check if we have space for headers and length fields:
+     * - extension_type         (2 bytes)
+     * - extension_data_length  (2 bytes)
+     * - client_shares_length   (2 bytes)
+     */
+    MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 );
+    p += 6;
+
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello: adding key share extension" ) );
+
+    /* HRR could already have requested something else. */
+    group_id = ssl->handshake->offered_group_id;
+    if( !mbedtls_ssl_named_group_is_ecdhe( group_id ) &&
+        !mbedtls_ssl_named_group_is_dhe( group_id ) )
+    {
+        MBEDTLS_SSL_PROC_CHK( ssl_named_group_get_default_id( ssl,
+                                                              &group_id ) );
+    }
+
+    /*
+     * Dispatch to type-specific key generation function.
+     *
+     * So far, we're only supporting ECDHE. With the introduction
+     * of PQC KEMs, we'll want to have multiple branches, one per
+     * type of KEM, and dispatch to the corresponding crypto. And
+     * only one key share entry is allowed.
+     */
+    client_shares_ptr = p;
+#if defined(MBEDTLS_ECDH_C)
+    if( mbedtls_ssl_named_group_is_ecdhe( group_id ) )
+    {
+        /* Pointer of group */
+        unsigned char *group_id_ptr = p;
+        /* Length of key_exchange */
+        size_t key_exchange_len;
+
+        /* Check there is space for header of KeyShareEntry
+         * - group                  (2 bytes)
+         * - key_exchange_length    (2 bytes)
+         */
+        MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 );
+        p += 4;
+        ret = ssl_key_share_gen_and_write_ecdhe( ssl, group_id,
+                                                 p, end,
+                                                 &key_exchange_len );
+        p += key_exchange_len;
+        if( ret != 0 )
+            return( ret );
+
+        /* Write group */
+        MBEDTLS_PUT_UINT16_BE( group_id, group_id_ptr, 0 );
+        /* Write key_exchange_length */
+        MBEDTLS_PUT_UINT16_BE( key_exchange_len, group_id_ptr, 2 );
+    }
+    else
+#endif /* MBEDTLS_ECDH_C */
+    if( 0 /* other KEMs? */ )
+    {
+        /* Do something */
+    }
+    else
+        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+
+    /* Write extension_type */
+    MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_KEY_SHARE, buf, 0 );
+    /* Write extension_data_length */
+    MBEDTLS_PUT_UINT16_BE( p - client_shares_ptr + 2, buf, 2 );
+    /* Write client_shares_length */
+    MBEDTLS_PUT_UINT16_BE( p - client_shares_ptr, buf, 4 );
+
+    /* Update offered_group_id field */
+    ssl->handshake->offered_group_id = group_id;
+
+    /* Output the total length of key_share extension. */
+    *olen = p - buf;
+
+    MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, key_share extension", buf, *olen );
+
+    ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_KEY_SHARE;
+
+cleanup:
+
+    return( ret );
+}
 
 #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
 
-/*
- * Functions for writing ClientHello message.
- */
 /* Write cipher_suites
  * CipherSuite cipher_suites<2..2^16-2>;
  */
@@ -464,7 +653,7 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl,
      * 3) Or, in case all ciphers are supported ( which includes #1 and #2
      *    from above )
      */
-    ret = ssl_tls13_write_key_shares_ext( ssl, p, end, &output_len );
+    ret = ssl_tls13_write_key_share_ext( ssl, p, end, &output_len );
     if( ret != 0 )
         return( ret );
     p += output_len;

From ed2ef2d9e084a024eb999834540f2d8749216f18 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Thu, 19 Aug 2021 18:11:43 +0800
Subject: [PATCH 468/966] add client hello msg test

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 tests/ssl-opt.sh | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 3e199e2881..9170136038 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -1322,6 +1322,11 @@ if [ -n "${OPENSSL_LEGACY:-}" ]; then
     O_LEGACY_CLI="$O_LEGACY_CLI -connect localhost:+SRV_PORT"
 fi
 
+if [ -n "${OPENSSL_NEXT:-}" ]; then
+    O_NEXT_SRV="$O_NEXT_SRV -accept $SRV_PORT"
+    O_NEXT_CLI="$O_NEXT_CLI -connect localhost:+SRV_PORT"
+fi
+
 if [ -n "${GNUTLS_NEXT_SERV:-}" ]; then
     G_NEXT_SRV="$G_NEXT_SRV -p $SRV_PORT"
 fi
@@ -8661,6 +8666,15 @@ run_test    "TLS1.3: handshake dispatch test: tls1_3 only" \
             -s "SSL - The requested feature is not available" \
             -c "SSL - The requested feature is not available"
 
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
+run_test    "TLS1.3: Test client hello msg work" \
+            "$O_NEXT_SRV -tls1_3 -msg" \
+            "$P_CLI min_version=tls1_3 max_version=tls1_3" \
+            1 \
+            -c "SSL - The requested feature is not available" \
+            -s "ServerHello"
+
 # Test heap memory usage after handshake
 requires_config_enabled MBEDTLS_MEMORY_DEBUG
 requires_config_enabled MBEDTLS_MEMORY_BUFFER_ALLOC_C

From b60e3cf4242825740d485ad46a0cac53c6c7ab18 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Wed, 8 Sep 2021 16:41:02 +0800
Subject: [PATCH 469/966] fix various issues

- format problems
- name conversion issues

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_misc.h          |  20 +++---
 library/ssl_tls13_client.c  | 132 +++++++++++++++++++-----------------
 library/ssl_tls13_generic.c |  24 ++++---
 3 files changed, 91 insertions(+), 85 deletions(-)

diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index f8f5fe6c93..fb843848bf 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -1363,39 +1363,39 @@ void mbedtls_ssl_flight_free( mbedtls_ssl_flight_item *flight );
 /*
  * Helper functions around key exchange modes.
  */
-static inline unsigned mbedtls_ssl_conf_tls13_kex_modes_check( mbedtls_ssl_context *ssl,
+static inline unsigned mbedtls_ssl_conf_tls13_check_kex_modes( mbedtls_ssl_context *ssl,
                                                                int kex_mode_mask )
 {
     return( ( ssl->conf->tls13_kex_modes & kex_mode_mask ) != 0 );
 }
 
-static inline int mbedtls_ssl_conf_tls13_pure_psk_enabled( mbedtls_ssl_context *ssl )
+static inline int mbedtls_ssl_conf_tls13_psk_enabled( mbedtls_ssl_context *ssl )
 {
-    return( mbedtls_ssl_conf_tls13_kex_modes_check( ssl,
+    return( mbedtls_ssl_conf_tls13_check_kex_modes( ssl,
                    MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK ) );
 }
 
 static inline int mbedtls_ssl_conf_tls13_psk_ephemeral_enabled( mbedtls_ssl_context *ssl )
 {
-    return( mbedtls_ssl_conf_tls13_kex_modes_check( ssl,
+    return( mbedtls_ssl_conf_tls13_check_kex_modes( ssl,
                    MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_EPHEMERAL ) );
 }
 
-static inline int mbedtls_ssl_conf_tls13_pure_ephemeral_enabled( mbedtls_ssl_context *ssl )
+static inline int mbedtls_ssl_conf_tls13_ephemeral_enabled( mbedtls_ssl_context *ssl )
 {
-    return( mbedtls_ssl_conf_tls13_kex_modes_check( ssl,
+    return( mbedtls_ssl_conf_tls13_check_kex_modes( ssl,
                    MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL ) );
 }
 
 static inline int mbedtls_ssl_conf_tls13_some_ephemeral_enabled( mbedtls_ssl_context *ssl )
 {
-    return( mbedtls_ssl_conf_tls13_kex_modes_check( ssl,
+    return( mbedtls_ssl_conf_tls13_check_kex_modes( ssl,
                    MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL_ALL ) );
 }
 
 static inline int mbedtls_ssl_conf_tls13_some_psk_enabled( mbedtls_ssl_context *ssl )
 {
-    return( mbedtls_ssl_conf_tls13_kex_modes_check( ssl,
+    return( mbedtls_ssl_conf_tls13_check_kex_modes( ssl,
                    MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_ALL ) );
 }
 
@@ -1452,7 +1452,7 @@ static inline int mbedtls_ssl_conf_is_hybrid_tls12_tls13( const mbedtls_ssl_conf
 /*
  * Helper functions for NamedGroup.
  */
-static inline int mbedtls_ssl_named_group_is_ecdhe( uint16_t named_group )
+static inline int mbedtls_ssl_tls13_named_group_is_ecdhe( uint16_t named_group )
 {
     return( named_group == MBEDTLS_SSL_TLS13_NAMED_GROUP_SECP256R1 ||
             named_group == MBEDTLS_SSL_TLS13_NAMED_GROUP_SECP384R1 ||
@@ -1461,7 +1461,7 @@ static inline int mbedtls_ssl_named_group_is_ecdhe( uint16_t named_group )
             named_group == MBEDTLS_SSL_TLS13_NAMED_GROUP_X448 );
 }
 
-static inline int mbedtls_ssl_named_group_is_dhe( uint16_t named_group )
+static inline int mbedtls_ssl_tls13_named_group_is_dhe( uint16_t named_group )
 {
     return( named_group >= MBEDTLS_SSL_TLS13_NAMED_GROUP_FFDHE2048 &&
             named_group <= MBEDTLS_SSL_TLS13_NAMED_GROUP_FFDHE8192 );
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 8323b67782..d3eab84490 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -53,13 +53,11 @@ static int ssl_tls13_write_supported_versions_ext( mbedtls_ssl_context *ssl,
 
     MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported versions extension" ) );
 
-    /*
-     * Check space for extension header.
-     *
-     * extension_type           2
-     * extension_data_length    2
-     * version_length           1
-     * versions                 2
+    /* Check if we have space for header and length fields:
+     * - extension_type         (2 bytes)
+     * - extension_data_length  (2 bytes)
+     * - versions_length        (1 byte )
+     * - versions               (2 bytes)
      */
     MBEDTLS_SSL_CHK_BUF_PTR( p, end, 7 );
 
@@ -111,16 +109,15 @@ static int ssl_tls13_write_supported_versions_ext( mbedtls_ssl_context *ssl,
  *          NamedGroup named_group_list<2..2^16-1>;
  *      } NamedGroupList;
  */
-/* Find out available ecdhe named groups in current configuration */
 #if defined(MBEDTLS_ECDH_C)
 /*
  * In versions of TLS prior to TLS 1.3, this extension was named
  * 'elliptic_curves' and only contained elliptic curve groups.
  */
-static int ssl_tls13_write_named_group_ecdhe( mbedtls_ssl_context *ssl,
-                                              unsigned char *buf,
-                                              unsigned char *end,
-                                              size_t *olen )
+static int ssl_tls13_write_named_group_list_ecdhe( mbedtls_ssl_context *ssl,
+                                            unsigned char *buf,
+                                            unsigned char *end,
+                                            size_t *olen )
 {
     unsigned char *p = buf;
 #if !defined(MBEDTLS_ECP_C)
@@ -144,7 +141,7 @@ static int ssl_tls13_write_named_group_ecdhe( mbedtls_ssl_context *ssl,
           info++ )
     {
 #endif
-        if( !mbedtls_ssl_named_group_is_ecdhe( info->tls_id ) )
+        if( !mbedtls_ssl_tls13_named_group_is_ecdhe( info->tls_id ) )
             continue;
 
         MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2);
@@ -161,10 +158,10 @@ static int ssl_tls13_write_named_group_ecdhe( mbedtls_ssl_context *ssl,
     return( 0 );
 }
 #else
-static int ssl_tls13_write_named_group_ecdhe( mbedtls_ssl_context *ssl,
-                                              unsigned char *buf,
-                                              unsigned char *end,
-                                              size_t *olen )
+static int ssl_tls13_write_named_group_list_ecdhe( mbedtls_ssl_context *ssl,
+                                            unsigned char *buf,
+                                            unsigned char *end,
+                                            size_t *olen )
 {
     ((void) ssl);
     ((void) buf);
@@ -174,11 +171,10 @@ static int ssl_tls13_write_named_group_ecdhe( mbedtls_ssl_context *ssl,
 }
 #endif /* MBEDTLS_ECDH_C */
 
-/* Find out available dhe named groups in current configuration */
-static int ssl_tls13_write_named_group_dhe( mbedtls_ssl_context *ssl,
-                                              unsigned char *buf,
-                                              unsigned char *end,
-                                              size_t *olen )
+static int ssl_tls13_write_named_group_list_dhe( mbedtls_ssl_context *ssl,
+                                        unsigned char *buf,
+                                        unsigned char *end,
+                                        size_t *olen )
 {
     ((void) ssl);
     ((void) buf);
@@ -188,18 +184,15 @@ static int ssl_tls13_write_named_group_dhe( mbedtls_ssl_context *ssl,
     return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
 }
 
-/*
- * Supported Groups Extension (supported_groups)
- */
 static int ssl_tls13_write_supported_groups_ext( mbedtls_ssl_context *ssl,
                                                  unsigned char *buf,
                                                  unsigned char *end,
                                                  size_t *olen )
 {
     unsigned char *p = buf ;
-    unsigned char *named_group_ptr; /* Start of named_group_list */
-    size_t named_group_len = 0;
-    int ret = 0, ret_ecdhe, ret_dhe;
+    unsigned char *name_group_list_ptr; /* Start of named_group_list */
+    size_t output_len = 0;
+    int ret_ecdhe, ret_dhe;
 
     *olen = 0;
 
@@ -208,24 +201,28 @@ static int ssl_tls13_write_supported_groups_ext( mbedtls_ssl_context *ssl,
 
     MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported_groups extension" ) );
 
-    /* Check there is space for extension header */
+    /* Check if we have space for header and length fields:
+     * - extension_type         (2 bytes)
+     * - extension_data_length  (2 bytes)
+     * - named_group_list_length   (2 bytes)
+     */
     MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 );
     p += 6;
 
-    named_group_ptr = p;
-    ret_ecdhe = ssl_tls13_write_named_group_ecdhe( ssl, p, end, &named_group_len );
+    name_group_list_ptr = p;
+    ret_ecdhe = ssl_tls13_write_named_group_list_ecdhe( ssl, p, end, &output_len );
     if( ret_ecdhe != 0 )
     {
-        MBEDTLS_SSL_DEBUG_RET( 1, "ssl_tls13_write_named_group_ecdhe", ret );
+        MBEDTLS_SSL_DEBUG_RET( 1, "ssl_tls13_write_named_group_list_ecdhe", ret_ecdhe );
     }
-    p += named_group_len;
+    p += output_len;
 
-    ret_dhe = ssl_tls13_write_named_group_dhe( ssl, p, end, &named_group_len );
+    ret_dhe = ssl_tls13_write_named_group_list_dhe( ssl, p, end, &output_len );
     if( ret_dhe != 0 )
     {
-        MBEDTLS_SSL_DEBUG_RET( 1, "ssl_tls13_write_named_group_dhe", ret );
+        MBEDTLS_SSL_DEBUG_RET( 1, "ssl_tls13_write_named_group_list_dhe", ret_dhe );
     }
-    p += named_group_len;
+    p += output_len;
 
     /* Both ECDHE and DHE Fail. */
     if( ret_ecdhe != 0 && ret_dhe != 0 )
@@ -235,8 +232,8 @@ static int ssl_tls13_write_supported_groups_ext( mbedtls_ssl_context *ssl,
     }
 
     /* Length of named_group_list*/
-    named_group_len = p - named_group_ptr;
-    if( named_group_len == 0 )
+    size_t named_group_list_len = p - name_group_list_ptr;
+    if( named_group_list_len == 0 )
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "No Named Group Available." ) );
         return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
@@ -245,31 +242,31 @@ static int ssl_tls13_write_supported_groups_ext( mbedtls_ssl_context *ssl,
     /* Write extension_type */
     MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SUPPORTED_GROUPS, buf, 0 );
     /* Write extension_data_length */
-    MBEDTLS_PUT_UINT16_BE( named_group_len + 2, buf, 2 );
+    MBEDTLS_PUT_UINT16_BE( named_group_list_len + 2, buf, 2 );
     /* Write length of named_group_list */
-    MBEDTLS_PUT_UINT16_BE( named_group_len, buf, 4 );
+    MBEDTLS_PUT_UINT16_BE( named_group_list_len, buf, 4 );
 
-    MBEDTLS_SSL_DEBUG_BUF( 3, "Supported groups extension", buf + 4, named_group_len + 2 );
+    MBEDTLS_SSL_DEBUG_BUF( 3, "Supported groups extension", buf + 4, named_group_list_len + 2 );
 
     *olen = p - buf;
 
     ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_SUPPORTED_GROUPS;
 
-    return( ret );
+    return( 0 );
 }
 
 /*
  * Functions for writing key_share extension.
  */
 #if defined(MBEDTLS_ECDH_C)
-static int ssl_key_share_gen_and_write_ecdhe( mbedtls_ssl_context *ssl,
-                                              uint16_t named_group,
-                                              unsigned char *buf,
-                                              unsigned char *end,
-                                              size_t *olen )
+static int ssl_tls13_generate_and_write_ecdh_key_exchange( 
+                mbedtls_ssl_context *ssl,
+                uint16_t named_group,
+                unsigned char *buf,
+                unsigned char *end,
+                size_t *olen )
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
     const mbedtls_ecp_curve_info *curve_info =
         mbedtls_ecp_curve_info_from_tls_id( named_group );
 
@@ -300,8 +297,8 @@ static int ssl_key_share_gen_and_write_ecdhe( mbedtls_ssl_context *ssl,
 }
 #endif /* MBEDTLS_ECDH_C */
 
-static int ssl_named_group_get_default_id( mbedtls_ssl_context *ssl,
-                                           uint16_t *named_group_id )
+static int ssl_tls13_get_default_group_id( mbedtls_ssl_context *ssl,
+                                           uint16_t *group_id )
 {
     int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
 
@@ -329,15 +326,15 @@ static int ssl_named_group_get_default_id( mbedtls_ssl_context *ssl,
           info++ )
     {
 #endif
-        if( info != NULL && mbedtls_ssl_named_group_is_ecdhe( info->tls_id ) )
+        if( info != NULL && mbedtls_ssl_tls13_named_group_is_ecdhe( info->tls_id ) )
         {
-            *named_group_id = info->tls_id;
+            *group_id = info->tls_id;
             return( 0 );
         }
     }
 #else
     ((void) ssl);
-    ((void) named_group_id);
+    ((void) group_id);
 #endif /* MBEDTLS_ECDH_C */
 
     /*
@@ -368,8 +365,8 @@ static int ssl_tls13_write_key_share_ext( mbedtls_ssl_context *ssl,
 {
     unsigned char *p = buf;
     unsigned char *client_shares_ptr; /* Start of client_shares */
+    size_t client_shares_len;         /* Length of client_shares */
     uint16_t group_id;
-
     int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
 
     *olen = 0;
@@ -377,7 +374,7 @@ static int ssl_tls13_write_key_share_ext( mbedtls_ssl_context *ssl,
     if( !mbedtls_ssl_conf_tls13_some_ephemeral_enabled( ssl ) )
         return( 0 );
 
-    /* Check if we have space for headers and length fields:
+    /* Check if we have space for header and length fields:
      * - extension_type         (2 bytes)
      * - extension_data_length  (2 bytes)
      * - client_shares_length   (2 bytes)
@@ -389,10 +386,10 @@ static int ssl_tls13_write_key_share_ext( mbedtls_ssl_context *ssl,
 
     /* HRR could already have requested something else. */
     group_id = ssl->handshake->offered_group_id;
-    if( !mbedtls_ssl_named_group_is_ecdhe( group_id ) &&
-        !mbedtls_ssl_named_group_is_dhe( group_id ) )
+    if( !mbedtls_ssl_tls13_named_group_is_ecdhe( group_id ) &&
+        !mbedtls_ssl_tls13_named_group_is_dhe( group_id ) )
     {
-        MBEDTLS_SSL_PROC_CHK( ssl_named_group_get_default_id( ssl,
+        MBEDTLS_SSL_PROC_CHK( ssl_tls13_get_default_group_id( ssl,
                                                               &group_id ) );
     }
 
@@ -406,7 +403,7 @@ static int ssl_tls13_write_key_share_ext( mbedtls_ssl_context *ssl,
      */
     client_shares_ptr = p;
 #if defined(MBEDTLS_ECDH_C)
-    if( mbedtls_ssl_named_group_is_ecdhe( group_id ) )
+    if( mbedtls_ssl_tls13_named_group_is_ecdhe( group_id ) )
     {
         /* Pointer of group */
         unsigned char *group_id_ptr = p;
@@ -419,9 +416,9 @@ static int ssl_tls13_write_key_share_ext( mbedtls_ssl_context *ssl,
          */
         MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 );
         p += 4;
-        ret = ssl_key_share_gen_and_write_ecdhe( ssl, group_id,
-                                                 p, end,
-                                                 &key_exchange_len );
+        ret = ssl_tls13_generate_and_write_ecdh_key_exchange( ssl, group_id,
+                                                              p, end,
+                                                              &key_exchange_len );
         p += key_exchange_len;
         if( ret != 0 )
             return( ret );
@@ -440,12 +437,19 @@ static int ssl_tls13_write_key_share_ext( mbedtls_ssl_context *ssl,
     else
         return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
 
+    /* Length of client_shares */
+    client_shares_len = p - client_shares_ptr;
+    if( client_shares_len == 0)
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "No key share defined." ) );
+        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    } 
     /* Write extension_type */
     MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_KEY_SHARE, buf, 0 );
     /* Write extension_data_length */
-    MBEDTLS_PUT_UINT16_BE( p - client_shares_ptr + 2, buf, 2 );
+    MBEDTLS_PUT_UINT16_BE( client_shares_len + 2, buf, 2 );
     /* Write client_shares_length */
-    MBEDTLS_PUT_UINT16_BE( p - client_shares_ptr, buf, 4 );
+    MBEDTLS_PUT_UINT16_BE( client_shares_len, buf, 4 );
 
     /* Update offered_group_id field */
     ssl->handshake->offered_group_id = group_id;
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 79ecfff3ea..5c20f29283 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -28,7 +28,6 @@
 
 #include "ssl_misc.h"
 
-
 int mbedtls_ssl_tls13_start_handshake_msg( mbedtls_ssl_context *ssl,
                                            unsigned hs_type,
                                            unsigned char **buf,
@@ -101,15 +100,14 @@ void mbedtls_ssl_tls13_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl,
  *
  * Only if we handle at least one key exchange that needs signatures.
  */
-
 int mbedtls_ssl_tls13_write_sig_alg_ext( mbedtls_ssl_context *ssl,
                                          unsigned char *buf,
                                          unsigned char *end,
                                          size_t *olen )
 {
     unsigned char *p = buf;
-    unsigned char *sig_alg_ptr; /* Start of supported_signature_algorithms */
-    size_t sig_alg_len = 0;     /* Length of supported_signature_algorithms */
+    unsigned char *supported_sig_alg_ptr; /* Start of supported_signature_algorithms */
+    size_t supported_sig_alg_len = 0;     /* Length of supported_signature_algorithms */
 
     *olen = 0;
 
@@ -125,14 +123,18 @@ int mbedtls_ssl_tls13_write_sig_alg_ext( mbedtls_ssl_context *ssl,
 
     MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding signature_algorithms extension" ) );
 
-    /* Check there is space for extension header */
+    /* Check if we have space for header and length field:
+     * - extension_type         (2 bytes)
+     * - extension_data_length  (2 bytes)
+     * - supported_signature_algorithms_length   (2 bytes)
+     */
     MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 );
     p += 6;
 
     /*
      * Write supported_signature_algorithms
      */
-    sig_alg_ptr = p;
+    supported_sig_alg_ptr = p;
     for( const uint16_t *sig_alg = ssl->conf->tls13_sig_algs;
          *sig_alg != MBEDTLS_TLS13_SIG_NONE; sig_alg++ )
     {
@@ -142,9 +144,9 @@ int mbedtls_ssl_tls13_write_sig_alg_ext( mbedtls_ssl_context *ssl,
         MBEDTLS_SSL_DEBUG_MSG( 3, ( "signature scheme [%x]", *sig_alg ) );
     }
 
-    /* Length of supported_signature_algorithms*/
-    sig_alg_len = p - sig_alg_ptr;
-    if( sig_alg_len == 0 )
+    /* Length of supported_signature_algorithms */
+    supported_sig_alg_len = p - supported_sig_alg_ptr;
+    if( supported_sig_alg_len == 0 )
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "No signature algorithms defined." ) );
         return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
@@ -153,9 +155,9 @@ int mbedtls_ssl_tls13_write_sig_alg_ext( mbedtls_ssl_context *ssl,
     /* Write extension_type */
     MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SIG_ALG, buf, 0 );
     /* Write extension_data_length */
-    MBEDTLS_PUT_UINT16_BE( sig_alg_len + 2, buf, 2 );
+    MBEDTLS_PUT_UINT16_BE( supported_sig_alg_len + 2, buf, 2 );
     /* Write length of supported_signature_algorithms */
-    MBEDTLS_PUT_UINT16_BE( sig_alg_len, buf, 4 );
+    MBEDTLS_PUT_UINT16_BE( supported_sig_alg_len, buf, 4 );
 
     /* Output the total length of signature algorithms extension. */
     *olen = p - buf;

From 7c522d4941b198e44a3d311f9e3766fcfb716ca1 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Wed, 8 Sep 2021 17:55:09 +0800
Subject: [PATCH 470/966] Remove ecp_c undefine routines

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_tls13_client.c | 18 ++++++------------
 1 file changed, 6 insertions(+), 12 deletions(-)

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index d3eab84490..1b55abab6d 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -120,13 +120,12 @@ static int ssl_tls13_write_named_group_list_ecdhe( mbedtls_ssl_context *ssl,
                                             size_t *olen )
 {
     unsigned char *p = buf;
-#if !defined(MBEDTLS_ECP_C)
-    ((void) ssl);
-#endif
 
     *olen = 0;
 
-#if defined(MBEDTLS_ECP_C)
+    if( ssl->conf->curve_list == NULL )
+        return( MBEDTLS_ERR_SSL_BAD_CONFIG );
+
     for ( const mbedtls_ecp_group_id *grp_id = ssl->conf->curve_list;
           *grp_id != MBEDTLS_ECP_DP_NONE;
           grp_id++ )
@@ -135,12 +134,7 @@ static int ssl_tls13_write_named_group_list_ecdhe( mbedtls_ssl_context *ssl,
         info = mbedtls_ecp_curve_info_from_grp_id( *grp_id );
         if( info == NULL )
             continue;
-#else
-    for ( const mbedtls_ecp_curve_info *info = mbedtls_ecp_curve_list();
-          info->grp_id != MBEDTLS_ECP_DP_NONE;
-          info++ )
-    {
-#endif
+
         if( !mbedtls_ssl_tls13_named_group_is_ecdhe( info->tls_id ) )
             continue;
 
@@ -259,7 +253,7 @@ static int ssl_tls13_write_supported_groups_ext( mbedtls_ssl_context *ssl,
  * Functions for writing key_share extension.
  */
 #if defined(MBEDTLS_ECDH_C)
-static int ssl_tls13_generate_and_write_ecdh_key_exchange( 
+static int ssl_tls13_generate_and_write_ecdh_key_exchange(
                 mbedtls_ssl_context *ssl,
                 uint16_t named_group,
                 unsigned char *buf,
@@ -443,7 +437,7 @@ static int ssl_tls13_write_key_share_ext( mbedtls_ssl_context *ssl,
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "No key share defined." ) );
         return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-    } 
+    }
     /* Write extension_type */
     MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_KEY_SHARE, buf, 0 );
     /* Write extension_data_length */

From ddae0f5642c1a63e3d648f1176e66aa06a854749 Mon Sep 17 00:00:00 2001
From: Ronald Cron <ronald.cron@arm.com>
Date: Tue, 24 Aug 2021 15:39:44 +0200
Subject: [PATCH 471/966] Clarify
 psa_get_and_lock_transparent_key_slot_with_policy() purpose

Clarify the purpose of
psa_get_and_lock_transparent_key_slot_with_policy() and
define it even when MBEDTLS_PSA_CRYPTO_SE_C is disabled
for the purpose of static drivers.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
---
 library/psa_crypto.c | 17 ++++++-----------
 1 file changed, 6 insertions(+), 11 deletions(-)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 4670a06e2d..d88836b0a0 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -944,16 +944,16 @@ error:
 /** Get a key slot containing a transparent key and lock it.
  *
  * A transparent key is a key for which the key material is directly
- * available, as opposed to a key in a secure element.
+ * available, as opposed to a key in a secure element and/or to be used
+ * by a secure element.
  *
- * This is a temporary function to use instead of
- * psa_get_and_lock_key_slot_with_policy() until secure element support is
- * fully implemented.
+ * This is a temporary function that may be used instead of
+ * psa_get_and_lock_key_slot_with_policy() when there is no opaque key support
+ * for a cryptographic operation.
  *
  * On success, the returned key slot is locked. It is the responsibility of the
  * caller to unlock the key slot when it does not access it anymore.
  */
-#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
 static psa_status_t psa_get_and_lock_transparent_key_slot_with_policy(
     mbedtls_svc_key_id_t key,
     psa_key_slot_t **p_slot,
@@ -965,7 +965,7 @@ static psa_status_t psa_get_and_lock_transparent_key_slot_with_policy(
     if( status != PSA_SUCCESS )
         return( status );
 
-    if( psa_key_slot_is_external( *p_slot ) )
+    if( psa_key_lifetime_is_external( (*p_slot)->attr.lifetime ) )
     {
         psa_unlock_key_slot( *p_slot );
         *p_slot = NULL;
@@ -974,11 +974,6 @@ static psa_status_t psa_get_and_lock_transparent_key_slot_with_policy(
 
     return( PSA_SUCCESS );
 }
-#else /* MBEDTLS_PSA_CRYPTO_SE_C */
-/* With no secure element support, all keys are transparent. */
-#define psa_get_and_lock_transparent_key_slot_with_policy( key, p_slot, usage, alg )   \
-    psa_get_and_lock_key_slot_with_policy( key, p_slot, usage, alg )
-#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
 
 psa_status_t psa_remove_key_data_from_memory( psa_key_slot_t *slot )
 {

From 512ad813182862a9b6e64db2da4cd55b561dc0bd Mon Sep 17 00:00:00 2001
From: Ronald Cron <ronald.cron@arm.com>
Date: Tue, 24 Aug 2021 15:50:05 +0200
Subject: [PATCH 472/966] psa: Fix slot number key attribute

Slot number key attribute is specific of dynamically
registered drivers and should thus not be computed/
returned in case of keys associated to drivers
implementing the new unified driver interface.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
---
 library/psa_crypto.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index d88836b0a0..7a6bb37834 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -1201,7 +1201,7 @@ psa_status_t psa_get_key_attributes( mbedtls_svc_key_id_t key,
                                 MBEDTLS_PSA_KA_MASK_DUAL_USE );
 
 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
-    if( psa_key_slot_is_external( slot ) )
+    if( psa_get_se_driver_entry( slot->attr.lifetime ) != NULL )
         psa_set_key_slot_number( attributes,
                                  psa_key_slot_get_slot_number( slot ) );
 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */

From 9b8b69c30a8d1d842388f7840e79d770fdf5cac0 Mon Sep 17 00:00:00 2001
From: Ronald Cron <ronald.cron@arm.com>
Date: Tue, 24 Aug 2021 16:00:51 +0200
Subject: [PATCH 473/966] psa: Remove buggy report of RSA public exponent for
 opaque keys

The report of RSA public exponent for opaque keys is not
supported. Do not attempt to compute the RSA public
exponent of an RSA opaque key associated to a driver
implementing the new driver interface when
MBEDTLS_PSA_CRYPTO_SE_C is disabled.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
---
 library/psa_crypto.c | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 7a6bb37834..e57184919b 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -1212,14 +1212,11 @@ psa_status_t psa_get_key_attributes( mbedtls_svc_key_id_t key,
     defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
         case PSA_KEY_TYPE_RSA_KEY_PAIR:
         case PSA_KEY_TYPE_RSA_PUBLIC_KEY:
-#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
             /* TODO: reporting the public exponent for opaque keys
              * is not yet implemented.
              * https://github.com/ARMmbed/mbed-crypto/issues/216
              */
-            if( psa_key_slot_is_external( slot ) )
-                break;
-#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
+            if( ! psa_key_lifetime_is_external( slot->attr.lifetime ) )
             {
                 mbedtls_rsa_context *rsa = NULL;
 

From 3b097eb68f41e6b037dcd12981348d246be2c8d7 Mon Sep 17 00:00:00 2001
From: Ronald Cron <ronald.cron@arm.com>
Date: Tue, 24 Aug 2021 18:05:41 +0200
Subject: [PATCH 474/966] psa: Remove psa_key_slot_is_external()

Remove psa_key_slot_is_external() that is not used anymore.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
---
 library/psa_crypto.c | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index e57184919b..e962e29cb4 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -322,13 +322,6 @@ psa_status_t mbedtls_to_psa_error( int ret )
 /* Key management */
 /****************************************************************/
 
-#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
-static inline int psa_key_slot_is_external( const psa_key_slot_t *slot )
-{
-    return( psa_key_lifetime_is_external( slot->attr.lifetime ) );
-}
-#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
-
 /* For now the MBEDTLS_PSA_ACCEL_ guards are also used here since the
  * current test driver in key_management.c is using this function
  * when accelerators are used for ECC key pair and public key.

From d8a83dc17235b13a3ed1bd7db8afde1d3111fc73 Mon Sep 17 00:00:00 2001
From: Archana <archana.madhavan@silabs.com>
Date: Mon, 14 Jun 2021 10:04:16 +0530
Subject: [PATCH 475/966] Sizing of key buffer for opaque keys

Create a new sizing function for determining the size required for key
storage based on the input key data.
This is required for key imports where the key length might need to be
derived from the data.

Signed-off-by: Archana <archana.madhavan@silabs.com>
---
 library/psa_crypto.c                 | 30 ++++++++++++-----
 library/psa_crypto_driver_wrappers.c | 49 +++++++++++++++++++++++++---
 library/psa_crypto_driver_wrappers.h |  6 ++++
 3 files changed, 73 insertions(+), 12 deletions(-)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index e962e29cb4..d70dccbf7d 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -1891,6 +1891,7 @@ psa_status_t psa_import_key( const psa_key_attributes_t *attributes,
     psa_key_slot_t *slot = NULL;
     psa_se_drv_table_entry_t *driver = NULL;
     size_t bits;
+    size_t storage_size = data_length;
 
     *key = MBEDTLS_SVC_KEY_ID_INIT;
 
@@ -1906,12 +1907,18 @@ psa_status_t psa_import_key( const psa_key_attributes_t *attributes,
         goto exit;
 
     /* In the case of a transparent key or an opaque key stored in local
-     * storage (thus not in the case of generating a key in a secure element
-     * or cryptoprocessor with storage), we have to allocate a buffer to
-     * hold the generated key material. */
+     * storage, we have to allocate a buffer to hold the generated key
+     * material. */
     if( slot->key.data == NULL )
     {
-        status = psa_allocate_buffer_to_slot( slot, data_length );
+        if( psa_key_lifetime_is_external( attributes->core.lifetime ) )
+        {
+            status = psa_driver_wrapper_get_key_buffer_size_from_key_data( attributes, data,
+                                           data_length , &storage_size );
+            if( status != PSA_SUCCESS )
+                goto exit;
+        }
+        status = psa_allocate_buffer_to_slot( slot, storage_size );
         if( status != PSA_SUCCESS )
             goto exit;
     }
@@ -4142,6 +4149,7 @@ static psa_status_t psa_generate_derived_key_internal(
 {
     uint8_t *data = NULL;
     size_t bytes = PSA_BITS_TO_BYTES( bits );
+    size_t storage_size = bytes;
     psa_status_t status;
 
     if( ! key_type_is_raw_bytes( slot->attr.type ) )
@@ -4160,15 +4168,21 @@ static psa_status_t psa_generate_derived_key_internal(
         psa_des_set_key_parity( data, bytes );
 #endif /* MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES */
 
-    status = psa_allocate_buffer_to_slot( slot, bytes );
-    if( status != PSA_SUCCESS )
-        goto exit;
-
     slot->attr.bits = (psa_key_bits_t) bits;
     psa_key_attributes_t attributes = {
       .core = slot->attr
     };
 
+    if( psa_key_lifetime_is_external( attributes.core.lifetime ) )
+    {
+        status = psa_driver_wrapper_get_key_buffer_size( &attributes, &storage_size );
+        if( status != PSA_SUCCESS )
+            goto exit;
+    }
+    status = psa_allocate_buffer_to_slot( slot, storage_size );
+    if( status != PSA_SUCCESS )
+        goto exit;
+
     status = psa_driver_wrapper_import_key( &attributes,
                                             data, bytes,
                                             slot->key.data,
diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c
index 38d0e300e2..2974d6f93d 100644
--- a/library/psa_crypto_driver_wrappers.c
+++ b/library/psa_crypto_driver_wrappers.c
@@ -380,8 +380,49 @@ psa_status_t psa_driver_wrapper_verify_hash(
     }
 }
 
+/** calculate the key buffer size required to store the key material of a key
+ *  associated with an opaque driver from input key data.
+ *
+ *
+ * \param[in] attributes        The key attributes
+ * \param[in] data              The input key data.
+ * \param[in] data_length       The input data length.
+ * \param[out] key_buffer_size  Minimum buffer size to contain the key material.
+ *
+ * \retval #PSA_SUCCESS
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ */
+psa_status_t psa_driver_wrapper_get_key_buffer_size_from_key_data(
+    const psa_key_attributes_t *attributes,
+    const uint8_t *data,
+    size_t data_length,
+    size_t *key_buffer_size )
+{
+    psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
+    psa_key_type_t key_type = attributes->core.type;
+
+    *key_buffer_size = 0;
+    switch( location )
+    {
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+        case PSA_CRYPTO_TEST_DRIVER_LOCATION:
+            *key_buffer_size = mbedtls_test_opaque_size_function( key_type,
+                                     PSA_BYTES_TO_BITS( data_length ) );
+            return( ( *key_buffer_size != 0 ) ?
+                    PSA_SUCCESS : PSA_ERROR_NOT_SUPPORTED );
+#endif /* PSA_CRYPTO_DRIVER_TEST */
+
+        default:
+            (void)key_type;
+            (void)data;
+            (void)data_length;
+            return( PSA_ERROR_INVALID_ARGUMENT );
+    }
+}
+
 /** Get the key buffer size required to store the key material of a key
- *  associated with an opaque driver without storage.
+ *  associated with an opaque driver.
  *
  * \param[in] attributes  The key attributes.
  * \param[out] key_buffer_size  Minimum buffer size to contain the key material
@@ -389,11 +430,11 @@ psa_status_t psa_driver_wrapper_verify_hash(
  * \retval #PSA_SUCCESS
  *         The minimum size for a buffer to contain the key material has been
  *         returned successfully.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         The size in bits of the key is not valid.
  * \retval #PSA_ERROR_NOT_SUPPORTED
  *         The type and/or the size in bits of the key or the combination of
  *         the two is not supported.
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ *         The key is declared with a lifetime not known to us.
  */
 psa_status_t psa_driver_wrapper_get_key_buffer_size(
     const psa_key_attributes_t *attributes,
@@ -426,7 +467,7 @@ psa_status_t psa_driver_wrapper_get_key_buffer_size(
         default:
             (void)key_type;
             (void)key_bits;
-            return( PSA_ERROR_NOT_SUPPORTED );
+            return( PSA_ERROR_INVALID_ARGUMENT );
     }
 }
 
diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h
index 38a6ee82a7..99455a8a6c 100644
--- a/library/psa_crypto_driver_wrappers.h
+++ b/library/psa_crypto_driver_wrappers.h
@@ -85,6 +85,12 @@ psa_status_t psa_driver_wrapper_get_key_buffer_size(
     const psa_key_attributes_t *attributes,
     size_t *key_buffer_size );
 
+psa_status_t psa_driver_wrapper_get_key_buffer_size_from_key_data(
+    const psa_key_attributes_t *attributes,
+    const uint8_t *data,
+    size_t data_length,
+    size_t *key_buffer_size );
+
 psa_status_t psa_driver_wrapper_generate_key(
     const psa_key_attributes_t *attributes,
     uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length );

From 4d7ae1d8cfb1046f681d51eb9dd3c5ae05c3274f Mon Sep 17 00:00:00 2001
From: Archana <archana.madhavan@silabs.com>
Date: Wed, 7 Jul 2021 02:50:22 +0530
Subject: [PATCH 476/966] Add test driver support for opaque key import

-Add test driver support to import/export while wrapping keys
 meant to be stored in the PSA core as opaque( emulating an
 SE without storage ).
-Export validate_unstructured_key_bit_size as
 psa_validate_unstructured_key_bit_size, thereby changing its scope.
-Improve the import/export test cases in test_suite_psa_crypto to also
 cover opaque keys, thereby avoiding duplication.

Signed-off-by: Archana <archana.madhavan@silabs.com>
---
 library/psa_crypto.c                          |  23 +-
 library/psa_crypto_core.h                     |  19 +
 library/psa_crypto_driver_wrappers.c          |  16 +-
 library/psa_crypto_ecp.c                      |   4 +-
 library/psa_crypto_ecp.h                      |   4 +-
 library/psa_crypto_rsa.c                      |   4 +-
 library/psa_crypto_rsa.h                      |   4 +-
 tests/include/test/drivers/key_management.h   |  24 ++
 tests/include/test/drivers/size.h             |  33 --
 tests/include/test/drivers/test_driver.h      |   1 -
 .../src/drivers/test_driver_key_management.c  | 350 +++++++++++++++---
 tests/src/drivers/test_driver_size.c          |  97 -----
 tests/suites/test_suite_psa_crypto.data       | 316 +++++++++++++---
 tests/suites/test_suite_psa_crypto.function   |  35 +-
 14 files changed, 650 insertions(+), 280 deletions(-)
 delete mode 100644 tests/include/test/drivers/size.h
 delete mode 100644 tests/src/drivers/test_driver_size.c

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index d70dccbf7d..cea165cbbc 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -430,8 +430,8 @@ mbedtls_ecp_group_id mbedtls_ecc_group_of_psa( psa_ecc_family_t curve,
         * defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) ||
         * defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) */
 
-static psa_status_t validate_unstructured_key_bit_size( psa_key_type_t type,
-                                                        size_t bits )
+psa_status_t psa_validate_unstructured_key_bit_size( psa_key_type_t type,
+                                                   size_t bits )
 {
     /* Check that the bit size is acceptable for the key type */
     switch( type )
@@ -560,14 +560,14 @@ psa_status_t psa_import_key_into_slot(
 
         /* Ensure that the bytes-to-bits conversion hasn't overflown. */
         if( data_length > SIZE_MAX / 8 )
-            return( PSA_ERROR_NOT_SUPPORTED );
+            return( status );
 
         /* Enforce a size limit, and in particular ensure that the bit
          * size fits in its representation type. */
         if( ( *bits ) > PSA_MAX_KEY_BITS )
-            return( PSA_ERROR_NOT_SUPPORTED );
+            return( status );
 
-        status = validate_unstructured_key_bit_size( type, *bits );
+        status = psa_validate_unstructured_key_bit_size( attributes->core.type, *bits );
         if( status != PSA_SUCCESS )
             return( status );
 
@@ -1907,8 +1907,9 @@ psa_status_t psa_import_key( const psa_key_attributes_t *attributes,
         goto exit;
 
     /* In the case of a transparent key or an opaque key stored in local
-     * storage, we have to allocate a buffer to hold the generated key
-     * material. */
+     * storage( thus not in the case of the old-style secure element interface
+     * (MBEDTLS_PSA_CRYPTO_SE_C)),we have to allocate a buffer to hold the
+     * imported key material. */
     if( slot->key.data == NULL )
     {
         if( psa_key_lifetime_is_external( attributes->core.lifetime ) )
@@ -5061,7 +5062,7 @@ static psa_status_t psa_validate_key_type_and_size_for_key_generation(
 
     if( key_type_is_raw_bytes( type ) )
     {
-        status = validate_unstructured_key_bit_size( type, bits );
+        status = psa_validate_unstructured_key_bit_size( type, bits );
         if( status != PSA_SUCCESS )
             return( status );
     }
@@ -5171,9 +5172,9 @@ psa_status_t psa_generate_key( const psa_key_attributes_t *attributes,
         goto exit;
 
     /* In the case of a transparent key or an opaque key stored in local
-     * storage (thus not in the case of generating a key in a secure element
-     * or cryptoprocessor with storage), we have to allocate a buffer to
-     * hold the generated key material. */
+     * storage( thus not in the case of the old-style secure element interface
+     * (MBEDTLS_PSA_CRYPTO_SE_C)),we have to allocate a buffer to hold the
+     * imported key material. */
     if( slot->key.data == NULL )
     {
         if ( PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ) ==
diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h
index 91757b5fdb..4a3fa5079b 100644
--- a/library/psa_crypto_core.h
+++ b/library/psa_crypto_core.h
@@ -528,4 +528,23 @@ psa_status_t psa_verify_hash_builtin(
     psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
     const uint8_t *signature, size_t signature_length );
 
+/**
+ * \brief Validate the key bit size for unstructured keys.
+ *
+ * \note  Check that the bit size is acceptable for a given key type for
+ *        unstructured keys.
+ *
+ * \param[in]  type  The key type
+ * \param[in]  bits  The number of bits of the key
+ *
+ * \retval #PSA_SUCCESS
+ *         The key type and size are valid.
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ *         The size in bits of the key is not valid.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ *         The type and/or the size in bits of the key or the combination of
+ *         the two is not supported.
+ */
+psa_status_t psa_validate_unstructured_key_bit_size( psa_key_type_t type,
+                                                   size_t bits );
 #endif /* PSA_CRYPTO_CORE_H */
diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c
index 2974d6f93d..e145dd4d62 100644
--- a/library/psa_crypto_driver_wrappers.c
+++ b/library/psa_crypto_driver_wrappers.c
@@ -459,7 +459,7 @@ psa_status_t psa_driver_wrapper_get_key_buffer_size(
                 return( PSA_SUCCESS );
             }
 #endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
-            *key_buffer_size = mbedtls_test_size_function( key_type, key_bits );
+            *key_buffer_size = mbedtls_test_opaque_size_function( key_type, key_bits );
             return( ( *key_buffer_size != 0 ) ?
                     PSA_SUCCESS : PSA_ERROR_NOT_SUPPORTED );
 #endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -607,10 +607,18 @@ psa_status_t psa_driver_wrapper_import_key(
                                               data, data_length,
                                               key_buffer, key_buffer_size,
                                               key_buffer_length, bits ) );
-
+        /* Add cases for opaque driver here */
+#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+        case PSA_CRYPTO_TEST_DRIVER_LOCATION:
+            return( mbedtls_test_opaque_import_key(
+                         attributes,
+                         data, data_length,
+                         key_buffer, key_buffer_size,
+                         key_buffer_length, bits ) );
+#endif /* PSA_CRYPTO_DRIVER_TEST */
+#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
         default:
-            /* Importing a key with external storage in not yet supported.
-             * Return in error indicating that the lifetime is not valid. */
             (void)status;
             return( PSA_ERROR_INVALID_ARGUMENT );
     }
diff --git a/library/psa_crypto_ecp.c b/library/psa_crypto_ecp.c
index 3ce232c6b2..144ba1c1b3 100644
--- a/library/psa_crypto_ecp.c
+++ b/library/psa_crypto_ecp.c
@@ -572,7 +572,7 @@ psa_status_t mbedtls_psa_ecdsa_verify_hash(
 #if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \
     defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY)
 
-psa_status_t mbedtls_transparent_test_driver_ecp_import_key(
+psa_status_t mbedtls_test_driver_ecp_import_key(
     const psa_key_attributes_t *attributes,
     const uint8_t *data, size_t data_length,
     uint8_t *key_buffer, size_t key_buffer_size,
@@ -583,7 +583,7 @@ psa_status_t mbedtls_transparent_test_driver_ecp_import_key(
                             key_buffer_length, bits ) );
 }
 
-psa_status_t mbedtls_transparent_test_driver_ecp_export_public_key(
+psa_status_t mbedtls_test_driver_ecp_export_public_key(
     const psa_key_attributes_t *attributes,
     const uint8_t *key_buffer, size_t key_buffer_size,
     uint8_t *data, size_t data_size, size_t *data_length )
diff --git a/library/psa_crypto_ecp.h b/library/psa_crypto_ecp.h
index 0c2b92895f..dc9e887eff 100644
--- a/library/psa_crypto_ecp.h
+++ b/library/psa_crypto_ecp.h
@@ -224,13 +224,13 @@ psa_status_t mbedtls_psa_ecdsa_verify_hash(
 
 #if defined(PSA_CRYPTO_DRIVER_TEST)
 
-psa_status_t mbedtls_transparent_test_driver_ecp_import_key(
+psa_status_t mbedtls_test_driver_ecp_import_key(
     const psa_key_attributes_t *attributes,
     const uint8_t *data, size_t data_length,
     uint8_t *key_buffer, size_t key_buffer_size,
     size_t *key_buffer_length, size_t *bits );
 
-psa_status_t mbedtls_transparent_test_driver_ecp_export_public_key(
+psa_status_t mbedtls_test_driver_ecp_export_public_key(
     const psa_key_attributes_t *attributes,
     const uint8_t *key_buffer, size_t key_buffer_size,
     uint8_t *data, size_t data_size, size_t *data_length );
diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c
index d85b86c45d..2c357c91ce 100644
--- a/library/psa_crypto_rsa.c
+++ b/library/psa_crypto_rsa.c
@@ -611,7 +611,7 @@ psa_status_t mbedtls_psa_rsa_verify_hash(
 #if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \
     defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY)
 
-psa_status_t mbedtls_transparent_test_driver_rsa_import_key(
+psa_status_t mbedtls_test_driver_rsa_import_key(
     const psa_key_attributes_t *attributes,
     const uint8_t *data, size_t data_length,
     uint8_t *key_buffer, size_t key_buffer_size,
@@ -622,7 +622,7 @@ psa_status_t mbedtls_transparent_test_driver_rsa_import_key(
                             key_buffer_length, bits ) );
 }
 
-psa_status_t mbedtls_transparent_test_driver_rsa_export_public_key(
+psa_status_t mbedtls_test_driver_rsa_export_public_key(
     const psa_key_attributes_t *attributes,
     const uint8_t *key_buffer, size_t key_buffer_size,
     uint8_t *data, size_t data_size, size_t *data_length )
diff --git a/library/psa_crypto_rsa.h b/library/psa_crypto_rsa.h
index 41a90f78ec..55406843d3 100644
--- a/library/psa_crypto_rsa.h
+++ b/library/psa_crypto_rsa.h
@@ -218,13 +218,13 @@ psa_status_t mbedtls_psa_rsa_verify_hash(
 
 #if defined(PSA_CRYPTO_DRIVER_TEST)
 
-psa_status_t mbedtls_transparent_test_driver_rsa_import_key(
+psa_status_t mbedtls_test_driver_rsa_import_key(
     const psa_key_attributes_t *attributes,
     const uint8_t *data, size_t data_length,
     uint8_t *key_buffer, size_t key_buffer_size,
     size_t *key_buffer_length, size_t *bits );
 
-psa_status_t mbedtls_transparent_test_driver_rsa_export_public_key(
+psa_status_t mbedtls_test_driver_rsa_export_public_key(
     const psa_key_attributes_t *attributes,
     const uint8_t *key_buffer, size_t key_buffer_size,
     uint8_t *data, size_t data_size, size_t *data_length );
diff --git a/tests/include/test/drivers/key_management.h b/tests/include/test/drivers/key_management.h
index 16e1f755ca..3cde1aaff9 100644
--- a/tests/include/test/drivers/key_management.h
+++ b/tests/include/test/drivers/key_management.h
@@ -49,6 +49,21 @@ static inline mbedtls_test_driver_key_management_hooks_t
     return( v );
 }
 
+/*
+ * In order to convert the plain text keys to Opaque, the size of the key is
+ * padded up by PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX_SIZE in addition to xor mangling
+ * the key. The pad prefix needs to be accounted for while sizing for the key.
+ */
+#define PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX           0xBEEFED00U
+#define PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX_SIZE      sizeof( PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX )
+
+size_t mbedtls_test_opaque_get_base_size();
+
+size_t mbedtls_test_opaque_size_function(
+    const psa_key_type_t key_type,
+    const size_t key_bits );
+
+
 extern mbedtls_test_driver_key_management_hooks_t
     mbedtls_test_driver_key_management_hooks;
 
@@ -84,6 +99,15 @@ psa_status_t mbedtls_test_transparent_import_key(
     size_t *key_buffer_length,
     size_t *bits);
 
+psa_status_t mbedtls_test_opaque_import_key(
+    const psa_key_attributes_t *attributes,
+    const uint8_t *data,
+    size_t data_length,
+    uint8_t *key_buffer,
+    size_t key_buffer_size,
+    size_t *key_buffer_length,
+    size_t *bits);
+
 psa_status_t mbedtls_test_opaque_get_builtin_key(
     psa_drv_slot_number_t slot_number,
     psa_key_attributes_t *attributes,
diff --git a/tests/include/test/drivers/size.h b/tests/include/test/drivers/size.h
deleted file mode 100644
index 4e3301c4ae..0000000000
--- a/tests/include/test/drivers/size.h
+++ /dev/null
@@ -1,33 +0,0 @@
-/*
- * Test driver for context size functions
- */
-/*  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#ifndef PSA_CRYPTO_TEST_DRIVERS_SIZE_H
-#define PSA_CRYPTO_TEST_DRIVERS_SIZE_H
-
-#include "mbedtls/build_info.h"
-
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-#include <psa/crypto_driver_common.h>
-
-size_t mbedtls_test_size_function(
-    const psa_key_type_t key_type,
-    const size_t key_bits );
-
-#endif /* PSA_CRYPTO_DRIVER_TEST */
-#endif /* PSA_CRYPTO_TEST_DRIVERS_SIZE_H */
diff --git a/tests/include/test/drivers/test_driver.h b/tests/include/test/drivers/test_driver.h
index 5b60932d3a..47e92b7071 100644
--- a/tests/include/test/drivers/test_driver.h
+++ b/tests/include/test/drivers/test_driver.h
@@ -28,6 +28,5 @@
 #include "test/drivers/mac.h"
 #include "test/drivers/key_management.h"
 #include "test/drivers/signature.h"
-#include "test/drivers/size.h"
 
 #endif /* PSA_CRYPTO_TEST_DRIVER_H */
diff --git a/tests/src/drivers/test_driver_key_management.c b/tests/src/drivers/test_driver_key_management.c
index afa1fc261e..7ad7f73bdb 100644
--- a/tests/src/drivers/test_driver_key_management.c
+++ b/tests/src/drivers/test_driver_key_management.c
@@ -56,6 +56,88 @@ const uint8_t mbedtls_test_driver_ecdsa_pubkey[65] =
       0xbc, 0x25, 0x16, 0xc3, 0xd2, 0x70, 0x2d, 0x79,
       0x2f, 0x13, 0x1a, 0x92, 0x20, 0x95, 0xfd, 0x6c };
 
+
+/*
+ * This macro returns the base size for the key context when SE does not support storage.
+ * It is the size of the metadata that gets added to the wrapped key.
+ * In its test functionality the metadata is just some padded prefixing to the key.
+ */
+#define TEST_DRIVER_KEY_CONTEXT_BASE_SIZE  PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX_SIZE
+
+
+size_t mbedtls_test_opaque_size_function(
+    const psa_key_type_t key_type,
+    const size_t key_bits )
+{
+    size_t key_buffer_size = 0;
+
+    key_buffer_size = PSA_EXPORT_KEY_OUTPUT_SIZE( key_type, key_bits );
+    if( key_buffer_size == 0 )
+        return( key_buffer_size );
+    /* Include spacing for base size overhead over the key size
+     * */
+    key_buffer_size += TEST_DRIVER_KEY_CONTEXT_BASE_SIZE;
+    return( key_buffer_size );
+}
+
+size_t mbedtls_test_opaque_get_base_size()
+{
+    return TEST_DRIVER_KEY_CONTEXT_BASE_SIZE;
+}
+
+/*
+ * The wrap function mbedtls_test_opaque_wrap_key pads and wraps the clear key.
+ * It expects the clear and wrap buffers to be passed in.
+ * key_buffer_size is the size of the clear key to be wrapped.
+ * wrap_buffer_size is the size of the output buffer wrap_key.
+ * The argument key_buffer_length is filled with the wrapped key_size on success.
+ * */
+static psa_status_t mbedtls_test_opaque_wrap_key(
+    const uint8_t *key_buffer,
+    size_t key_buffer_size,
+    uint8_t *wrap_key,
+    size_t wrap_buffer_size,
+    size_t *key_buffer_length )
+{
+   size_t opaque_key_base_size = mbedtls_test_opaque_get_base_size();
+   uint64_t prefix = PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX;
+   if( key_buffer_size + opaque_key_base_size > wrap_buffer_size )
+      return( PSA_ERROR_BUFFER_TOO_SMALL );
+   /* Write in the opaque pad prefix */
+   memcpy( wrap_key, &prefix, opaque_key_base_size);
+   wrap_key += opaque_key_base_size;
+   *key_buffer_length = key_buffer_size + opaque_key_base_size;
+   while( key_buffer_size-- )
+      wrap_key[key_buffer_size] = key_buffer[key_buffer_size] ^ 0xFF;
+   return( PSA_SUCCESS );
+}
+
+/*
+ * The unwrap function mbedtls_test_opaque_unwrap_key removes a pad prefix and unwraps
+ * the wrapped key. It expects the clear and wrap buffers to be passed in.
+ * wrapped_key_buffer_size is the size of the wrapped key,
+ * key_buffer_size is the size of the output buffer clear_key.
+ * The argument key_buffer_length is filled with the unwrapped(clear) key_size on success.
+ * */
+static psa_status_t mbedtls_test_opaque_unwrap_key(
+    const uint8_t *wrapped_key,
+    size_t wrapped_key_buffer_size,
+    uint8_t *key_buffer,
+    size_t key_buffer_size,
+    size_t *key_buffer_length)
+{
+   /* Remove the pad prefis from the wrapped key */
+   size_t opaque_key_base_size = mbedtls_test_opaque_get_base_size();
+   size_t clear_key_size = wrapped_key_buffer_size - opaque_key_base_size;
+   wrapped_key += opaque_key_base_size;
+   if( clear_key_size > key_buffer_size )
+      return( PSA_ERROR_BUFFER_TOO_SMALL );
+   *key_buffer_length = clear_key_size;
+   while( clear_key_size-- )
+      key_buffer[clear_key_size] = wrapped_key[clear_key_size] ^ 0xFF;
+   return( PSA_SUCCESS );
+}
+
 psa_status_t mbedtls_test_transparent_generate_key(
     const psa_key_attributes_t *attributes,
     uint8_t *key, size_t key_size, size_t *key_length )
@@ -131,7 +213,7 @@ psa_status_t mbedtls_test_transparent_import_key(
     defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY)
     if( PSA_KEY_TYPE_IS_ECC( type ) )
     {
-        status = mbedtls_transparent_test_driver_ecp_import_key(
+        status = mbedtls_test_driver_ecp_import_key(
                      attributes,
                      data, data_length,
                      key_buffer, key_buffer_size,
@@ -143,7 +225,7 @@ psa_status_t mbedtls_test_transparent_import_key(
     defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY)
     if( PSA_KEY_TYPE_IS_RSA( type ) )
     {
-        status = mbedtls_transparent_test_driver_rsa_import_key(
+        status = mbedtls_test_driver_rsa_import_key(
                      attributes,
                      data, data_length,
                      key_buffer, key_buffer_size,
@@ -165,69 +247,178 @@ psa_status_t mbedtls_test_transparent_import_key(
     return( status );
 }
 
+
+psa_status_t mbedtls_test_opaque_import_key(
+    const psa_key_attributes_t *attributes,
+    const uint8_t *data,
+    size_t data_length,
+    uint8_t *key_buffer,
+    size_t key_buffer_size,
+    size_t *key_buffer_length,
+    size_t *bits)
+{
+
+    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+    psa_key_type_t type = psa_get_key_type( attributes );
+    /* This buffer will be used as an intermediate placeholder for the clear
+     * key till we wrap it */
+    uint8_t *key_buffer_temp;
+    key_buffer_temp = mbedtls_calloc( 1, key_buffer_size );
+
+    if( !key_buffer_temp )
+        return( PSA_ERROR_INSUFFICIENT_MEMORY );
+    if( PSA_KEY_TYPE_IS_UNSTRUCTURED( type ) )
+    {
+        *bits = PSA_BYTES_TO_BITS( data_length );
+
+        /* Ensure that the bytes-to-bits conversion hasn't overflown. */
+        if( data_length > SIZE_MAX / 8 )
+            goto exit;
+
+        /* Enforce a size limit, and in particular ensure that the bit
+         * size fits in its representation type. */
+        if( ( *bits ) > PSA_MAX_KEY_BITS )
+            goto exit;
+
+        status = psa_validate_unstructured_key_bit_size( attributes->core.type, *bits );
+        if( status != PSA_SUCCESS )
+            goto exit;
+
+        /* Copy the key material accounting for opaque key padding. */
+        memcpy( key_buffer_temp, data, data_length );
+        *key_buffer_length = data_length;
+    }
+#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \
+    defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY)
+    else if( PSA_KEY_TYPE_IS_ECC( type ) )
+    {
+        status = mbedtls_test_driver_ecp_import_key(
+                     attributes,
+                     data, data_length,
+                     key_buffer_temp,
+                     key_buffer_size,
+                     key_buffer_length, bits );
+        if( status != PSA_SUCCESS )
+           goto exit;
+    }
+    else
+#endif
+#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \
+    defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY)
+    if( PSA_KEY_TYPE_IS_RSA( type ) )
+    {
+        status = mbedtls_test_driver_rsa_import_key(
+                     attributes,
+                     data, data_length,
+                     key_buffer_temp,
+                     key_buffer_size,
+                     key_buffer_length, bits );
+        if( status != PSA_SUCCESS )
+           goto exit;
+    }
+    else
+#endif
+    {
+        status = PSA_ERROR_INVALID_ARGUMENT;
+        (void)data;
+        (void)data_length;
+        (void)key_buffer;
+        (void)key_buffer_size;
+        (void)key_buffer_length;
+        (void)bits;
+        (void)type;
+        goto exit;
+    }
+    status = mbedtls_test_opaque_wrap_key( key_buffer_temp, *key_buffer_length,
+                 key_buffer, key_buffer_size, key_buffer_length );
+exit:
+    free( key_buffer_temp );
+    return( status );
+}
+
 psa_status_t mbedtls_test_opaque_export_key(
     const psa_key_attributes_t *attributes,
     const uint8_t *key, size_t key_length,
     uint8_t *data, size_t data_size, size_t *data_length )
 {
-    if( key_length != sizeof( psa_drv_slot_number_t ) )
+    if( key_length == sizeof( psa_drv_slot_number_t ) )
     {
-        /* Test driver does not support generic opaque key handling yet. */
-        return( PSA_ERROR_NOT_SUPPORTED );
+        /* Assume this is a builtin key based on the key material length. */
+        psa_drv_slot_number_t slot_number = *( ( psa_drv_slot_number_t* ) key );
+
+        switch( slot_number )
+        {
+            case PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT:
+                /* This is the ECDSA slot. Verify the key's attributes before
+                 * returning the private key. */
+                if( psa_get_key_type( attributes ) !=
+                    PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ) )
+                    return( PSA_ERROR_CORRUPTION_DETECTED );
+                if( psa_get_key_bits( attributes ) != 256 )
+                    return( PSA_ERROR_CORRUPTION_DETECTED );
+                if( psa_get_key_algorithm( attributes ) !=
+                    PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ) )
+                    return( PSA_ERROR_CORRUPTION_DETECTED );
+                if( ( psa_get_key_usage_flags( attributes ) &
+                      PSA_KEY_USAGE_EXPORT ) == 0 )
+                    return( PSA_ERROR_CORRUPTION_DETECTED );
+
+                if( data_size < sizeof( mbedtls_test_driver_ecdsa_key ) )
+                    return( PSA_ERROR_BUFFER_TOO_SMALL );
+
+                memcpy( data, mbedtls_test_driver_ecdsa_key,
+                        sizeof( mbedtls_test_driver_ecdsa_key ) );
+                *data_length = sizeof( mbedtls_test_driver_ecdsa_key );
+                return( PSA_SUCCESS );
+
+            case PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT:
+                /* This is the AES slot. Verify the key's attributes before
+                 * returning the key. */
+                if( psa_get_key_type( attributes ) != PSA_KEY_TYPE_AES )
+                    return( PSA_ERROR_CORRUPTION_DETECTED );
+                if( psa_get_key_bits( attributes ) != 128 )
+                    return( PSA_ERROR_CORRUPTION_DETECTED );
+                if( psa_get_key_algorithm( attributes ) != PSA_ALG_CTR )
+                    return( PSA_ERROR_CORRUPTION_DETECTED );
+                if( ( psa_get_key_usage_flags( attributes ) &
+                      PSA_KEY_USAGE_EXPORT ) == 0 )
+                    return( PSA_ERROR_CORRUPTION_DETECTED );
+
+                if( data_size < sizeof( mbedtls_test_driver_aes_key ) )
+                    return( PSA_ERROR_BUFFER_TOO_SMALL );
+
+                memcpy( data, mbedtls_test_driver_aes_key,
+                        sizeof( mbedtls_test_driver_aes_key ) );
+                *data_length = sizeof( mbedtls_test_driver_aes_key );
+                return( PSA_SUCCESS );
+
+            default:
+                return( PSA_ERROR_DOES_NOT_EXIST );
+        }
     }
-
-    /* Assume this is a builtin key based on the key material length. */
-    psa_drv_slot_number_t slot_number = *( ( psa_drv_slot_number_t* ) key );
-
-    switch( slot_number )
+    else
     {
-        case PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT:
-            /* This is the ECDSA slot. Verify the key's attributes before
-             * returning the private key. */
-            if( psa_get_key_type( attributes ) !=
-                PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ) )
-                return( PSA_ERROR_CORRUPTION_DETECTED );
-            if( psa_get_key_bits( attributes ) != 256 )
-                return( PSA_ERROR_CORRUPTION_DETECTED );
-            if( psa_get_key_algorithm( attributes ) !=
-                PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ) )
-                return( PSA_ERROR_CORRUPTION_DETECTED );
-            if( ( psa_get_key_usage_flags( attributes ) &
-                  PSA_KEY_USAGE_EXPORT ) == 0 )
-                return( PSA_ERROR_CORRUPTION_DETECTED );
+        /* This buffer will be used as an intermediate placeholder for the opaque key
+         * till we unwrap the key into key_buffer */
+        uint8_t *key_buffer_temp;
+        size_t status = PSA_ERROR_BUFFER_TOO_SMALL;
+        psa_key_type_t type = psa_get_key_type( attributes );
 
-            if( data_size < sizeof( mbedtls_test_driver_ecdsa_key ) )
-                return( PSA_ERROR_BUFFER_TOO_SMALL );
-
-            memcpy( data, mbedtls_test_driver_ecdsa_key,
-                    sizeof( mbedtls_test_driver_ecdsa_key ) );
-            *data_length = sizeof( mbedtls_test_driver_ecdsa_key );
-            return( PSA_SUCCESS );
-
-        case PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT:
-            /* This is the AES slot. Verify the key's attributes before
-             * returning the key. */
-            if( psa_get_key_type( attributes ) != PSA_KEY_TYPE_AES )
-                return( PSA_ERROR_CORRUPTION_DETECTED );
-            if( psa_get_key_bits( attributes ) != 128 )
-                return( PSA_ERROR_CORRUPTION_DETECTED );
-            if( psa_get_key_algorithm( attributes ) != PSA_ALG_CTR )
-                return( PSA_ERROR_CORRUPTION_DETECTED );
-            if( ( psa_get_key_usage_flags( attributes ) &
-                  PSA_KEY_USAGE_EXPORT ) == 0 )
-                return( PSA_ERROR_CORRUPTION_DETECTED );
-
-            if( data_size < sizeof( mbedtls_test_driver_aes_key ) )
-                return( PSA_ERROR_BUFFER_TOO_SMALL );
-
-            memcpy( data, mbedtls_test_driver_aes_key,
-                    sizeof( mbedtls_test_driver_aes_key ) );
-            *data_length = sizeof( mbedtls_test_driver_aes_key );
-            return( PSA_SUCCESS );
-
-        default:
-            return( PSA_ERROR_DOES_NOT_EXIST );
+        if( PSA_KEY_TYPE_IS_UNSTRUCTURED( type ) ||
+            PSA_KEY_TYPE_IS_RSA( type )   ||
+            PSA_KEY_TYPE_IS_ECC( type ) )
+        {
+            key_buffer_temp = mbedtls_calloc( 1, key_length );
+            if( !key_buffer_temp )
+                return( PSA_ERROR_INSUFFICIENT_MEMORY );
+            memcpy( key_buffer_temp, key, key_length );
+            status = mbedtls_test_opaque_unwrap_key( key_buffer_temp, key_length,
+                                         data, data_size, data_length );
+            mbedtls_free( key_buffer_temp );
+            return( status );
+        }
     }
+    return( PSA_ERROR_NOT_SUPPORTED );
 }
 
 psa_status_t mbedtls_test_transparent_export_public_key(
@@ -258,7 +449,7 @@ psa_status_t mbedtls_test_transparent_export_public_key(
     defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY)
     if( PSA_KEY_TYPE_IS_ECC( key_type ) )
     {
-        status = mbedtls_transparent_test_driver_ecp_export_public_key(
+        status = mbedtls_test_driver_ecp_export_public_key(
                       attributes,
                       key_buffer, key_buffer_size,
                       data, data_size, data_length );
@@ -269,7 +460,7 @@ psa_status_t mbedtls_test_transparent_export_public_key(
     defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY)
     if( PSA_KEY_TYPE_IS_RSA( key_type ) )
     {
-        status = mbedtls_transparent_test_driver_rsa_export_public_key(
+        status = mbedtls_test_driver_rsa_export_public_key(
                       attributes,
                       key_buffer, key_buffer_size,
                       data, data_size, data_length );
@@ -293,8 +484,48 @@ psa_status_t mbedtls_test_opaque_export_public_key(
 {
     if( key_length != sizeof( psa_drv_slot_number_t ) )
     {
-        /* Test driver does not support generic opaque key handling yet. */
-        return( PSA_ERROR_NOT_SUPPORTED );
+        psa_status_t status = PSA_ERROR_NOT_SUPPORTED;
+        psa_key_type_t key_type = psa_get_key_type( attributes );
+        uint8_t *key_buffer_temp;
+        key_buffer_temp = mbedtls_calloc( 1, key_length );
+        if( !key_buffer_temp )
+            return( PSA_ERROR_INSUFFICIENT_MEMORY );
+    #if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \
+    defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY)
+        if( PSA_KEY_TYPE_IS_ECC( key_type ) )
+        {
+            status = mbedtls_test_opaque_unwrap_key( key, key_length,
+                                         key_buffer_temp, key_length, data_length );
+            if( status == PSA_SUCCESS )
+                status = mbedtls_test_driver_ecp_export_public_key(
+                              attributes,
+                              key_buffer_temp, *data_length,
+                              data, data_size, data_length );
+        }
+        else
+    #endif
+    #if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \
+    defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY)
+        if( PSA_KEY_TYPE_IS_RSA( key_type ) )
+        {
+            status = mbedtls_test_opaque_unwrap_key( key, key_length,
+                                         key_buffer_temp, key_length, data_length );
+            if( status == PSA_SUCCESS )
+                status = mbedtls_test_driver_rsa_export_public_key(
+                              attributes,
+                              key_buffer_temp, *data_length,
+                              data, data_size, data_length );
+        }
+        else
+    #endif
+        {
+            status = PSA_ERROR_NOT_SUPPORTED;
+            (void)key;
+            (void)key_length;
+            (void)key_type;
+        }
+        mbedtls_free( key_buffer_temp );
+        return( status );
     }
 
     /* Assume this is a builtin key based on the key material length. */
@@ -384,5 +615,4 @@ psa_status_t mbedtls_test_opaque_get_builtin_key(
             return( PSA_ERROR_DOES_NOT_EXIST );
     }
 }
-
 #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */
diff --git a/tests/src/drivers/test_driver_size.c b/tests/src/drivers/test_driver_size.c
deleted file mode 100644
index 033cf32de0..0000000000
--- a/tests/src/drivers/test_driver_size.c
+++ /dev/null
@@ -1,97 +0,0 @@
-/*
- * Test driver for retrieving key context size.
- * Only used by opaque drivers.
- */
-/*  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#include <test/helpers.h>
-
-#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST)
-
-#include "test/drivers/size.h"
-#include "psa/crypto.h"
-
-typedef struct {
-    unsigned int context;
-} test_driver_key_context_t;
-
-/*
- * This macro returns the base size for the key context. It is the size of the
- * driver specific information stored in each key context.
- */
-#define TEST_DRIVER_KEY_CONTEXT_BASE_SIZE sizeof( test_driver_key_context_t )
-
-/*
- * Number of bytes included in every key context for a key pair.
- *
- * This pair size is for an ECC 256-bit private/public key pair.
- * Based on this value, the size of the private key can be derived by
- * subtracting the public key size below from this one.
- */
-#define TEST_DRIVER_KEY_CONTEXT_KEY_PAIR_SIZE      65
-
-/*
- * Number of bytes included in every key context for a public key.
- *
- * For ECC public keys, it needs 257 bits so 33 bytes.
- */
-#define TEST_DRIVER_KEY_CONTEXT_PUBLIC_KEY_SIZE    33
-
-/*
- * Every key context for a symmetric key includes this many times the key size.
- */
-#define TEST_DRIVER_KEY_CONTEXT_SYMMETRIC_FACTOR   0
-
-/*
- * If this is true for a key pair, the key context includes space for the public key.
- * If this is false, no additional space is added for the public key.
- *
- * For this instance, store the public key with the private one.
- */
-#define TEST_DRIVER_KEY_CONTEXT_STORE_PUBLIC_KEY   1
-
-size_t mbedtls_test_size_function(
-    const psa_key_type_t key_type,
-    const size_t key_bits )
-{
-    size_t key_buffer_size = 0;
-
-    if( PSA_KEY_TYPE_IS_KEY_PAIR( key_type ) )
-    {
-        int public_key_overhead =
-            ( ( TEST_DRIVER_KEY_CONTEXT_STORE_PUBLIC_KEY == 1 )
-              ? PSA_EXPORT_KEY_OUTPUT_SIZE( key_type, key_bits ) : 0 );
-        key_buffer_size = TEST_DRIVER_KEY_CONTEXT_BASE_SIZE +
-                          TEST_DRIVER_KEY_CONTEXT_PUBLIC_KEY_SIZE +
-                          public_key_overhead;
-    }
-    else if( PSA_KEY_TYPE_IS_PUBLIC_KEY( key_type ) )
-    {
-        key_buffer_size = TEST_DRIVER_KEY_CONTEXT_BASE_SIZE +
-                          TEST_DRIVER_KEY_CONTEXT_PUBLIC_KEY_SIZE;
-    }
-    else if ( !PSA_KEY_TYPE_IS_KEY_PAIR( key_type ) &&
-              !PSA_KEY_TYPE_IS_PUBLIC_KEY ( key_type ) )
-    {
-        key_buffer_size = TEST_DRIVER_KEY_CONTEXT_BASE_SIZE +
-                          ( TEST_DRIVER_KEY_CONTEXT_SYMMETRIC_FACTOR *
-                            ( ( key_bits + 7 ) / 8 ) );
-    }
-
-    return( key_buffer_size );
-}
-#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */
diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index bc4edb2b7b..89254cd374 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -2,25 +2,49 @@ PSA compile-time sanity checks
 static_checks:
 
 PSA import/export raw: 1 bytes
-import_export:"2a":PSA_KEY_TYPE_RAW_DATA:PSA_KEY_USAGE_EXPORT:0:8:0:PSA_SUCCESS:1
+import_export:"2a":PSA_KEY_TYPE_RAW_DATA:PSA_KEY_USAGE_EXPORT:0:0:8:0:PSA_SUCCESS:1
 
 PSA import/export raw: 1 bytes, larger buffer
-import_export:"2a":PSA_KEY_TYPE_RAW_DATA:PSA_KEY_USAGE_EXPORT:0:8:1:PSA_SUCCESS:1
+import_export:"2a":PSA_KEY_TYPE_RAW_DATA:PSA_KEY_USAGE_EXPORT:0:0:8:1:PSA_SUCCESS:1
 
 PSA import/export raw: 2 bytes, buffer too small
-import_export:"2a2b":PSA_KEY_TYPE_RAW_DATA:PSA_KEY_USAGE_EXPORT:0:16:-1:PSA_ERROR_BUFFER_TOO_SMALL:1
+import_export:"2a2b":PSA_KEY_TYPE_RAW_DATA:PSA_KEY_USAGE_EXPORT:0:0:16:-1:PSA_ERROR_BUFFER_TOO_SMALL:1
 
 PSA import/export AES-128
 depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
-import_export:"0123456789abcdef0123456789abcdef":PSA_KEY_TYPE_AES:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:128:0:PSA_SUCCESS:1
+import_export:"0123456789abcdef0123456789abcdef":PSA_KEY_TYPE_AES:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:128:0:PSA_SUCCESS:1
 
 PSA import/export AES-192
 depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
-import_export:"0123456789abcdef0123456789abcdef0123456789abcdef":PSA_KEY_TYPE_AES:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:192:0:PSA_SUCCESS:1
+import_export:"0123456789abcdef0123456789abcdef0123456789abcdef":PSA_KEY_TYPE_AES:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:192:0:PSA_SUCCESS:1
 
 PSA import/export AES-256
 depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
-import_export:"0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef":PSA_KEY_TYPE_AES:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:256:0:PSA_SUCCESS:1
+import_export:"0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef":PSA_KEY_TYPE_AES:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:256:0:PSA_SUCCESS:1
+
+PSA import/export raw: 1 bytes, opaque
+depends_on:MBEDTLS_PSA_CRYPTO_DRIVERS:MBEDTLS_PSA_CRYPTO_DRIVERS
+import_export:"2a":PSA_KEY_TYPE_RAW_DATA:PSA_KEY_USAGE_EXPORT:0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):8:0:PSA_SUCCESS:1
+
+PSA import/export raw: 1 bytes, larger buffer, opaque
+depends_on:MBEDTLS_PSA_CRYPTO_DRIVERS:MBEDTLS_PSA_CRYPTO_DRIVERS
+import_export:"2a":PSA_KEY_TYPE_RAW_DATA:PSA_KEY_USAGE_EXPORT:0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):8:1:PSA_SUCCESS:1
+
+PSA import/export raw: 2 bytes, buffer too small, opaque
+depends_on:MBEDTLS_PSA_CRYPTO_DRIVERS
+import_export:"2a2b":PSA_KEY_TYPE_RAW_DATA:PSA_KEY_USAGE_EXPORT:0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):16:-1:PSA_ERROR_BUFFER_TOO_SMALL:1
+
+PSA import/export AES-128, opaque
+depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_CRYPTO_DRIVERS
+import_export:"0123456789abcdef0123456789abcdef":PSA_KEY_TYPE_AES:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):128:0:PSA_SUCCESS:1
+
+PSA import/export AES-192, opaque
+depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_CRYPTO_DRIVERS
+import_export:"0123456789abcdef0123456789abcdef0123456789abcdef":PSA_KEY_TYPE_AES:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):192:0:PSA_SUCCESS:1
+
+PSA import/export AES-256, opaque
+depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_CRYPTO_DRIVERS
+import_export:"0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef":PSA_KEY_TYPE_AES:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):256:0:PSA_SUCCESS:1
 
 PSA import: bad usage flag
 import_with_policy:PSA_KEY_TYPE_RAW_DATA:0x40000000:0:PSA_ERROR_INVALID_ARGUMENT
@@ -31,55 +55,107 @@ import_with_data:"0123456789abcdef":PSA_KEY_TYPE_AES:0:PSA_ERROR_INVALID_ARGUMEN
 
 PSA import/export RSA public key: good, 1024-bit
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C
-import_export:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1024:0:PSA_SUCCESS:1
+import_export:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1024:0:PSA_SUCCESS:1
 
 PSA import/export RSA public key: good, larger buffer (+1 byte)
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C
-import_export:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1024:1:PSA_SUCCESS:1
+import_export:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1024:1:PSA_SUCCESS:1
 
 PSA import/export RSA public key: good, larger buffer (*2-1)
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C
-import_export:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1024:161:PSA_SUCCESS:1
+import_export:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1024:161:PSA_SUCCESS:1
 
 PSA import/export RSA public key: good, larger buffer (*2)
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C
-import_export:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1024:162:PSA_SUCCESS:1
+import_export:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1024:162:PSA_SUCCESS:1
 
 PSA import/export RSA public key: good, larger buffer (*2+1)
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C
-import_export:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1024:163:PSA_SUCCESS:1
+import_export:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1024:163:PSA_SUCCESS:1
 
 PSA import/export RSA public key: export buffer too small
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C
-import_export:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1024:-1:PSA_ERROR_BUFFER_TOO_SMALL:1
+import_export:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1024:-1:PSA_ERROR_BUFFER_TOO_SMALL:1
 
 PSA import/export RSA keypair: good, 1024-bit
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C
-import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1024:0:PSA_SUCCESS:1
+import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1024:0:PSA_SUCCESS:1
 
 PSA import/export RSA keypair: good, larger buffer (+1 byte)
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C
-import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1024:1:PSA_SUCCESS:1
+import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1024:1:PSA_SUCCESS:1
 
 PSA import/export RSA keypair: good, larger buffer (*2-1)
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C
-import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1024:609:PSA_SUCCESS:1
+import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1024:609:PSA_SUCCESS:1
 
 PSA import/export RSA keypair: good, larger buffer (*2)
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C
-import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1024:610:PSA_SUCCESS:1
+import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1024:610:PSA_SUCCESS:1
 
 PSA import/export RSA keypair: good, larger buffer (*2+1)
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C
-import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1024:611:PSA_SUCCESS:1
+import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1024:611:PSA_SUCCESS:1
 
 PSA import/export RSA keypair: export buffer too small
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C
-import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1024:-1:PSA_ERROR_BUFFER_TOO_SMALL:1
+import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1024:-1:PSA_ERROR_BUFFER_TOO_SMALL:1
 
 PSA import/export RSA keypair: trailing garbage ignored
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C
-import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b2400":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1024:-1:PSA_SUCCESS:0
+import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b2400":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1024:-1:PSA_SUCCESS:0
+
+PSA import/export RSA public key: good, 1024-bit, opaque
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_PSA_CRYPTO_DRIVERS
+import_export:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):1024:0:PSA_SUCCESS:1
+
+PSA import/export RSA public key: good, larger buffer (+1 byte), opaque
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_PSA_CRYPTO_DRIVERS
+import_export:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):1024:1:PSA_SUCCESS:1
+
+PSA import/export RSA public key: good, larger buffer (*2-1), opaque
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_PSA_CRYPTO_DRIVERS
+import_export:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):1024:161:PSA_SUCCESS:1
+
+PSA import/export RSA public key: good, larger buffer (*2), opaque
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C
+import_export:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):1024:162:PSA_SUCCESS:1
+
+PSA import/export RSA public key: good, larger buffer (*2+1), opaque
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_PSA_CRYPTO_DRIVERS
+import_export:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):1024:163:PSA_SUCCESS:1
+
+PSA import/export RSA public key: export buffer too small, opaque
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_PSA_CRYPTO_DRIVERS
+import_export:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):1024:-1:PSA_ERROR_BUFFER_TOO_SMALL:1
+
+PSA import/export RSA keypair: good, 1024-bit, opaque
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_PSA_CRYPTO_DRIVERS
+import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):1024:0:PSA_SUCCESS:1
+
+PSA import/export RSA keypair: good, larger buffer (+1 byte), opaque
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_PSA_CRYPTO_DRIVERS
+import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):1024:1:PSA_SUCCESS:1
+
+PSA import/export RSA keypair: good, larger buffer (*2-1), opaque
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_PSA_CRYPTO_DRIVERS
+import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):1024:609:PSA_SUCCESS:1
+
+PSA import/export RSA keypair: good, larger buffer (*2), opaque
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_PSA_CRYPTO_DRIVERS
+import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):1024:610:PSA_SUCCESS:1
+
+PSA import/export RSA keypair: good, larger buffer (*2+1), opaque
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_PSA_CRYPTO_DRIVERS
+import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):1024:611:PSA_SUCCESS:1
+
+PSA import/export RSA keypair: export buffer too small, opaque
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_PSA_CRYPTO_DRIVERS
+import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):1024:-1:PSA_ERROR_BUFFER_TOO_SMALL:1
+
+PSA import/export RSA keypair: trailing garbage ignored, opaque
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_PSA_CRYPTO_DRIVERS
+import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b2400":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):1024:-1:PSA_SUCCESS:0
 
 PSA import RSA keypair: truncated
 depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C
@@ -99,27 +175,51 @@ import_with_data:"3077020101042049c9a8c18c4b885638c431cf1df1c994131609b580d4fd43
 
 PSA import/export-public RSA public key: good, 1024-bit
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C
-import_export_public_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:PSA_SUCCESS:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001"
+import_export_public_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:0:PSA_SUCCESS:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001"
 
 PSA import/export-public RSA keypair: good, 1024-bit
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C
-import_export_public_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:PSA_SUCCESS:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001"
+import_export_public_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:0:PSA_SUCCESS:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001"
 
 PSA import/export-public RSA public key: buffer too small
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C
-import_export_public_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:-1:PSA_ERROR_BUFFER_TOO_SMALL:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001"
+import_export_public_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:-1:PSA_ERROR_BUFFER_TOO_SMALL:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001"
 
 PSA import/export-public RSA keypair: buffer too small
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C
-import_export_public_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:-1:PSA_ERROR_BUFFER_TOO_SMALL:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001"
+import_export_public_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:-1:PSA_ERROR_BUFFER_TOO_SMALL:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001"
+
+PSA import/export-public RSA public key: good, 1024-bit, opaque
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_PSA_CRYPTO_DRIVERS
+import_export_public_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):0:PSA_SUCCESS:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001"
+
+PSA import/export-public RSA keypair: good, 1024-bit, opaque
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_PSA_CRYPTO_DRIVERS
+import_export_public_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):0:PSA_SUCCESS:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001"
+
+PSA import/export-public RSA public key: buffer too small, opaque
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_PSA_CRYPTO_DRIVERS
+import_export_public_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):-1:PSA_ERROR_BUFFER_TOO_SMALL:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001"
+
+PSA import/export-public RSA keypair: buffer too small, opaque
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_PSA_CRYPTO_DRIVERS
+import_export_public_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):-1:PSA_ERROR_BUFFER_TOO_SMALL:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001"
 
 PSA import/export RSA public key: 1016-bit (good)
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C
-import_export:"30818802818000cde684f1aee96917b89c8a0a72523cfce4686ed5a5fbd32abab12038fc75148e45314b7e31fe60d8258e7e78234a23df0f00cc20fd008b64cb5b0f4ced8c47aa048f767f859961adc22b3df14e63bd9e08c9707bbf4e0eba32b1cc35a020e7e815ca47e0d39601a80d683ab4a07f4d3a7acebaba6c87d25bce2d091ee115c50203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1016:0:PSA_SUCCESS:1
+import_export:"30818802818000cde684f1aee96917b89c8a0a72523cfce4686ed5a5fbd32abab12038fc75148e45314b7e31fe60d8258e7e78234a23df0f00cc20fd008b64cb5b0f4ced8c47aa048f767f859961adc22b3df14e63bd9e08c9707bbf4e0eba32b1cc35a020e7e815ca47e0d39601a80d683ab4a07f4d3a7acebaba6c87d25bce2d091ee115c50203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1016:0:PSA_SUCCESS:1
 
 PSA import/export RSA keypair: 1016-bit (good)
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C
-import_export:"3082025802010002818000cde684f1aee96917b89c8a0a72523cfce4686ed5a5fbd32abab12038fc75148e45314b7e31fe60d8258e7e78234a23df0f00cc20fd008b64cb5b0f4ced8c47aa048f767f859961adc22b3df14e63bd9e08c9707bbf4e0eba32b1cc35a020e7e815ca47e0d39601a80d683ab4a07f4d3a7acebaba6c87d25bce2d091ee115c50203010001028180009dd9c34411e769a540e7e9c03682abb4e95ad2d5c2297c6b7eb2fa5415dfa081adb42bff344ea36a31e8bb36593fa69e843f053fa916f8c6ae4c423fa4c1edbcfa7e8079bc19a738f4f861c198cf277d2c89fe3deab06db5a3a09f8d1622033a618fbfbab92b50a13f77cdb53b56d38bec4cdd8cbe65e8b30ab4e77565842102400eec9285833f973372458f354bff7d35bcb04f3b26f5b58a025887a966ca951b6667651a46034bbc99f9d688dfbcb4297a4d86824dd73abdfa7deeb232b1642902400dcbe74d51f3b93afe2a22e2be0c3c56911ef771fd8eb01f64d95d018315baf4144aeb957be95a77f17f2b8a12c2d3b87a1281f9c66d839fa603fbbe7381783d0240035398154a7c1227d580cbbb05859d532d0bdf9d3fc1e5052e20ad9c84dd02ff6884037527c5f44bc5c67a9b67c39824e6ae011d6a5c5f2b997a188a7fe22a810240076bf41ec5023e57bcd87ff1c7d89f30d65a793469f933478021ea056135f45f4ef74aaa1c8158b883422cf2d6cad5c83c6aee5ea65ecd5ab99d14f4cc000ee5024006d13905db5556627066596da3383458aea6ba5e2f94ccc5b922117a1ed3ae7a26c59e68c3885a41b366f1a5c8bff7ec8853ef8d32addb818141352b2da553dc":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1016:0:PSA_SUCCESS:1
+import_export:"3082025802010002818000cde684f1aee96917b89c8a0a72523cfce4686ed5a5fbd32abab12038fc75148e45314b7e31fe60d8258e7e78234a23df0f00cc20fd008b64cb5b0f4ced8c47aa048f767f859961adc22b3df14e63bd9e08c9707bbf4e0eba32b1cc35a020e7e815ca47e0d39601a80d683ab4a07f4d3a7acebaba6c87d25bce2d091ee115c50203010001028180009dd9c34411e769a540e7e9c03682abb4e95ad2d5c2297c6b7eb2fa5415dfa081adb42bff344ea36a31e8bb36593fa69e843f053fa916f8c6ae4c423fa4c1edbcfa7e8079bc19a738f4f861c198cf277d2c89fe3deab06db5a3a09f8d1622033a618fbfbab92b50a13f77cdb53b56d38bec4cdd8cbe65e8b30ab4e77565842102400eec9285833f973372458f354bff7d35bcb04f3b26f5b58a025887a966ca951b6667651a46034bbc99f9d688dfbcb4297a4d86824dd73abdfa7deeb232b1642902400dcbe74d51f3b93afe2a22e2be0c3c56911ef771fd8eb01f64d95d018315baf4144aeb957be95a77f17f2b8a12c2d3b87a1281f9c66d839fa603fbbe7381783d0240035398154a7c1227d580cbbb05859d532d0bdf9d3fc1e5052e20ad9c84dd02ff6884037527c5f44bc5c67a9b67c39824e6ae011d6a5c5f2b997a188a7fe22a810240076bf41ec5023e57bcd87ff1c7d89f30d65a793469f933478021ea056135f45f4ef74aaa1c8158b883422cf2d6cad5c83c6aee5ea65ecd5ab99d14f4cc000ee5024006d13905db5556627066596da3383458aea6ba5e2f94ccc5b922117a1ed3ae7a26c59e68c3885a41b366f1a5c8bff7ec8853ef8d32addb818141352b2da553dc":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1016:0:PSA_SUCCESS:1
+
+PSA import/export RSA public key: 1016-bit (good), opaque
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_PSA_CRYPTO_DRIVERS
+import_export:"30818802818000cde684f1aee96917b89c8a0a72523cfce4686ed5a5fbd32abab12038fc75148e45314b7e31fe60d8258e7e78234a23df0f00cc20fd008b64cb5b0f4ced8c47aa048f767f859961adc22b3df14e63bd9e08c9707bbf4e0eba32b1cc35a020e7e815ca47e0d39601a80d683ab4a07f4d3a7acebaba6c87d25bce2d091ee115c50203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):1016:0:PSA_SUCCESS:1
+
+PSA import/export RSA keypair: 1016-bit (good), opaque
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_PSA_CRYPTO_DRIVERS
+import_export:"3082025802010002818000cde684f1aee96917b89c8a0a72523cfce4686ed5a5fbd32abab12038fc75148e45314b7e31fe60d8258e7e78234a23df0f00cc20fd008b64cb5b0f4ced8c47aa048f767f859961adc22b3df14e63bd9e08c9707bbf4e0eba32b1cc35a020e7e815ca47e0d39601a80d683ab4a07f4d3a7acebaba6c87d25bce2d091ee115c50203010001028180009dd9c34411e769a540e7e9c03682abb4e95ad2d5c2297c6b7eb2fa5415dfa081adb42bff344ea36a31e8bb36593fa69e843f053fa916f8c6ae4c423fa4c1edbcfa7e8079bc19a738f4f861c198cf277d2c89fe3deab06db5a3a09f8d1622033a618fbfbab92b50a13f77cdb53b56d38bec4cdd8cbe65e8b30ab4e77565842102400eec9285833f973372458f354bff7d35bcb04f3b26f5b58a025887a966ca951b6667651a46034bbc99f9d688dfbcb4297a4d86824dd73abdfa7deeb232b1642902400dcbe74d51f3b93afe2a22e2be0c3c56911ef771fd8eb01f64d95d018315baf4144aeb957be95a77f17f2b8a12c2d3b87a1281f9c66d839fa603fbbe7381783d0240035398154a7c1227d580cbbb05859d532d0bdf9d3fc1e5052e20ad9c84dd02ff6884037527c5f44bc5c67a9b67c39824e6ae011d6a5c5f2b997a188a7fe22a810240076bf41ec5023e57bcd87ff1c7d89f30d65a793469f933478021ea056135f45f4ef74aaa1c8158b883422cf2d6cad5c83c6aee5ea65ecd5ab99d14f4cc000ee5024006d13905db5556627066596da3383458aea6ba5e2f94ccc5b922117a1ed3ae7a26c59e68c3885a41b366f1a5c8bff7ec8853ef8d32addb818141352b2da553dc":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):1016:0:PSA_SUCCESS:1
 
 PSA import RSA public key: 1022-bit (not supported)
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C
@@ -139,75 +239,75 @@ import_with_data:"3082025a0201000281806c49704e91f3df44fc99e9b3c0fee5025cc04d0952
 
 PSA import/export EC secp224r1 key pair: good
 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_224
-import_export:"6849f97d1066f6997759637c7e3899464cee3ec7ac970653a0be0742":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:224:0:PSA_SUCCESS:1
+import_export:"6849f97d1066f6997759637c7e3899464cee3ec7ac970653a0be0742":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:0:224:0:PSA_SUCCESS:1
 
 PSA import/export-public EC secp224r1: good
 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_224
-import_export_public_key:"6849f97d1066f6997759637c7e3899464cee3ec7ac970653a0be0742":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_ECDSA_ANY:0:PSA_SUCCESS:"041693a290f7f0b571fe2b41d5d84b01327631f4a860f995fa332c097f54192bb10f00113f2affb13c1a24ce44914571a95440ae014a00cbf7"
+import_export_public_key:"6849f97d1066f6997759637c7e3899464cee3ec7ac970653a0be0742":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_ECDSA_ANY:0:0:PSA_SUCCESS:"041693a290f7f0b571fe2b41d5d84b01327631f4a860f995fa332c097f54192bb10f00113f2affb13c1a24ce44914571a95440ae014a00cbf7"
 
 PSA import/export EC secp256r1 key pair: good
 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256
-import_export:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:256:0:PSA_SUCCESS:1
+import_export:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:0:256:0:PSA_SUCCESS:1
 
 PSA import/export-public EC secp256r1: good
 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256
-import_export_public_key:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_ECDSA_ANY:0:PSA_SUCCESS:"047772656f814b399279d5e1f1781fac6f099a3c5ca1b0e35351834b08b65e0b572590cdaf8f769361bcf34acfc11e5e074e8426bdde04be6e653945449617de45"
+import_export_public_key:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_ECDSA_ANY:0:0:PSA_SUCCESS:"047772656f814b399279d5e1f1781fac6f099a3c5ca1b0e35351834b08b65e0b572590cdaf8f769361bcf34acfc11e5e074e8426bdde04be6e653945449617de45"
 
 PSA import/export EC secp384r1 key pair: good
 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_384
-import_export:"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:384:0:PSA_SUCCESS:1
+import_export:"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:0:384:0:PSA_SUCCESS:1
 
 PSA import/export-public EC secp384r1: good
 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_384
-import_export_public_key:"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_ECDSA_ANY:0:PSA_SUCCESS:"04d9c662b50ba29ca47990450e043aeaf4f0c69b15676d112f622a71c93059af999691c5680d2b44d111579db12f4a413a2ed5c45fcfb67b5b63e00b91ebe59d09a6b1ac2c0c4282aa12317ed5914f999bc488bb132e8342cc36f2ca5e3379c747"
+import_export_public_key:"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_ECDSA_ANY:0:0:PSA_SUCCESS:"04d9c662b50ba29ca47990450e043aeaf4f0c69b15676d112f622a71c93059af999691c5680d2b44d111579db12f4a413a2ed5c45fcfb67b5b63e00b91ebe59d09a6b1ac2c0c4282aa12317ed5914f999bc488bb132e8342cc36f2ca5e3379c747"
 
 PSA import/export EC secp521r1 key pair: good
 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_521
-import_export:"01b1b6ad07bb79e7320da59860ea28e055284f6058f279de666e06d435d2af7bda28d99fa47b7dd0963e16b0073078ee8b8a38d966a582f46d19ff95df3ad9685aae":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:521:0:PSA_SUCCESS:1
+import_export:"01b1b6ad07bb79e7320da59860ea28e055284f6058f279de666e06d435d2af7bda28d99fa47b7dd0963e16b0073078ee8b8a38d966a582f46d19ff95df3ad9685aae":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:0:521:0:PSA_SUCCESS:1
 
 PSA import/export-public EC secp521r1: good
 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_521
-import_export_public_key:"01b1b6ad07bb79e7320da59860ea28e055284f6058f279de666e06d435d2af7bda28d99fa47b7dd0963e16b0073078ee8b8a38d966a582f46d19ff95df3ad9685aae":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_ECDSA_ANY:0:PSA_SUCCESS:"04001de142d54f69eb038ee4b7af9d3ca07736fd9cf719eb354d69879ee7f3c136fb0fbf9f08f86be5fa128ec1a051d3e6c643e85ada8ffacf3663c260bd2c844b6f5600cee8e48a9e65d09cadd89f235dee05f3b8a646be715f1f67d5b434e0ff23a1fc07ef7740193e40eeff6f3bcdfd765aa9155033524fe4f205f5444e292c4c2f6ac1"
+import_export_public_key:"01b1b6ad07bb79e7320da59860ea28e055284f6058f279de666e06d435d2af7bda28d99fa47b7dd0963e16b0073078ee8b8a38d966a582f46d19ff95df3ad9685aae":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_ECDSA_ANY:0:0:PSA_SUCCESS:"04001de142d54f69eb038ee4b7af9d3ca07736fd9cf719eb354d69879ee7f3c136fb0fbf9f08f86be5fa128ec1a051d3e6c643e85ada8ffacf3663c260bd2c844b6f5600cee8e48a9e65d09cadd89f235dee05f3b8a646be715f1f67d5b434e0ff23a1fc07ef7740193e40eeff6f3bcdfd765aa9155033524fe4f205f5444e292c4c2f6ac1"
 
 PSA import/export EC brainpool256r1 key pair: good
 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_BRAINPOOL_P_R1_256
-import_export:"2161d6f2db76526fa62c16f356a80f01f32f776784b36aa99799a8b7662080ff":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:256:0:PSA_SUCCESS:1
+import_export:"2161d6f2db76526fa62c16f356a80f01f32f776784b36aa99799a8b7662080ff":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:0:256:0:PSA_SUCCESS:1
 
 PSA import/export-public EC brainpool256r1: good
 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_BRAINPOOL_P_R1_256
-import_export_public_key:"2161d6f2db76526fa62c16f356a80f01f32f776784b36aa99799a8b7662080ff":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):PSA_ALG_ECDSA_ANY:0:PSA_SUCCESS:"04768c8cae4abca6306db0ed81b0c4a6215c378066ec6d616c146e13f1c7df809b96ab6911c27d8a02339f0926840e55236d3d1efbe2669d090e4c4c660fada91d"
+import_export_public_key:"2161d6f2db76526fa62c16f356a80f01f32f776784b36aa99799a8b7662080ff":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):PSA_ALG_ECDSA_ANY:0:0:PSA_SUCCESS:"04768c8cae4abca6306db0ed81b0c4a6215c378066ec6d616c146e13f1c7df809b96ab6911c27d8a02339f0926840e55236d3d1efbe2669d090e4c4c660fada91d"
 
 PSA import/export EC brainpool384r1 key pair: good
 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_BRAINPOOL_P_R1_384
-import_export:"3dd92e750d90d7d39fc1885cd8ad12ea9441f22b9334b4d965202adb1448ce24c5808a85dd9afc229af0a3124f755bcb":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:384:0:PSA_SUCCESS:1
+import_export:"3dd92e750d90d7d39fc1885cd8ad12ea9441f22b9334b4d965202adb1448ce24c5808a85dd9afc229af0a3124f755bcb":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:0:384:0:PSA_SUCCESS:1
 
 PSA import/export-public EC brainpool384r1: good
 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_BRAINPOOL_P_R1_384
-import_export_public_key:"3dd92e750d90d7d39fc1885cd8ad12ea9441f22b9334b4d965202adb1448ce24c5808a85dd9afc229af0a3124f755bcb":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):PSA_ALG_ECDSA_ANY:0:PSA_SUCCESS:"04719f9d093a627e0d350385c661cebf00c61923566fe9006a3107af1d871bc6bb68985fd722ea32be316f8e783b7cd1957785f66cfc0cb195dd5c99a8e7abaa848553a584dfd2b48e76d445fe00dd8be59096d877d4696d23b4bc8db14724e66a"
+import_export_public_key:"3dd92e750d90d7d39fc1885cd8ad12ea9441f22b9334b4d965202adb1448ce24c5808a85dd9afc229af0a3124f755bcb":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):PSA_ALG_ECDSA_ANY:0:0:PSA_SUCCESS:"04719f9d093a627e0d350385c661cebf00c61923566fe9006a3107af1d871bc6bb68985fd722ea32be316f8e783b7cd1957785f66cfc0cb195dd5c99a8e7abaa848553a584dfd2b48e76d445fe00dd8be59096d877d4696d23b4bc8db14724e66a"
 
 PSA import/export EC brainpool512r1 key pair: good
 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_BRAINPOOL_P_R1_512
-import_export:"372c9778f69f726cbca3f4a268f16b4d617d10280d79a6a029cd51879fe1012934dfe5395455337df6906dc7d6d2eea4dbb2065c0228f73b3ed716480e7d71d2":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:512:0:PSA_SUCCESS:1
+import_export:"372c9778f69f726cbca3f4a268f16b4d617d10280d79a6a029cd51879fe1012934dfe5395455337df6906dc7d6d2eea4dbb2065c0228f73b3ed716480e7d71d2":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:0:512:0:PSA_SUCCESS:1
 
 PSA import/export-public EC brainpool512r1: good
 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_BRAINPOOL_P_R1_512
-import_export_public_key:"372c9778f69f726cbca3f4a268f16b4d617d10280d79a6a029cd51879fe1012934dfe5395455337df6906dc7d6d2eea4dbb2065c0228f73b3ed716480e7d71d2":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):PSA_ALG_ECDSA_ANY:0:PSA_SUCCESS:"0438b7ec92b61c5c6c7fbc28a4ec759d48fcd4e2e374defd5c4968a54dbef7510e517886fbfc38ea39aa529359d70a7156c35d3cbac7ce776bdb251dd64bce71234424ee7049eed072f0dbc4d79996e175d557e263763ae97095c081e73e7db2e38adc3d4c9a0487b1ede876dc1fca61c902e9a1d8722b8612928f18a24845591a"
+import_export_public_key:"372c9778f69f726cbca3f4a268f16b4d617d10280d79a6a029cd51879fe1012934dfe5395455337df6906dc7d6d2eea4dbb2065c0228f73b3ed716480e7d71d2":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):PSA_ALG_ECDSA_ANY:0:0:PSA_SUCCESS:"0438b7ec92b61c5c6c7fbc28a4ec759d48fcd4e2e374defd5c4968a54dbef7510e517886fbfc38ea39aa529359d70a7156c35d3cbac7ce776bdb251dd64bce71234424ee7049eed072f0dbc4d79996e175d557e263763ae97095c081e73e7db2e38adc3d4c9a0487b1ede876dc1fca61c902e9a1d8722b8612928f18a24845591a"
 
 PSA import/export EC curve25519 key pair: good (already properly masked)
 depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_255
-import_export:"70076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c6a":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:255:0:PSA_SUCCESS:1
+import_export:"70076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c6a":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:0:255:0:PSA_SUCCESS:1
 
 PSA import/export EC curve25519 key pair: unmasked input (check export-import-export yields properly masked output)
 depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_255
-import_export:"77076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c2a":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:255:0:PSA_SUCCESS:0
+import_export:"77076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c2a":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:0:255:0:PSA_SUCCESS:0
 
 PSA import/export-public EC curve25519: accept unmasked input
 depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_255
-import_export_public_key:"77076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c2a":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):PSA_ALG_ECDH:0:PSA_SUCCESS:"8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a"
+import_export_public_key:"77076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c2a":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):PSA_ALG_ECDH:0:0:PSA_SUCCESS:"8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a"
 
 PSA import/export-public EC curve25519: accept masked input
 depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_255
-import_export_public_key:"70076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c6a":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):PSA_ALG_ECDH:0:PSA_SUCCESS:"8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a"
+import_export_public_key:"70076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c6a":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):PSA_ALG_ECDH:0:0:PSA_SUCCESS:"8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a"
 
 PSA import/export EC curve448 key pair: good (already properly masked, key from RFC 7748 6.2 Alice))
 depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_448
@@ -227,23 +327,23 @@ import_export_public_key:"9a8f4925d1519f5775cf46b04b5800d4ee9ee8bae8bc5565d498c2
 
 PSA import/export-public: cannot export-public a symmetric key
 depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C
-import_export_public_key:"2b7e151628aed2a6abf7158809cf4f3c":PSA_KEY_TYPE_AES:PSA_ALG_CBC_NO_PADDING:0:PSA_ERROR_INVALID_ARGUMENT:"2b7e151628aed2a6abf7158809cf4f3c"
+import_export_public_key:"2b7e151628aed2a6abf7158809cf4f3c":PSA_KEY_TYPE_AES:PSA_ALG_CBC_NO_PADDING:0:0:PSA_ERROR_INVALID_ARGUMENT:"2b7e151628aed2a6abf7158809cf4f3c"
 
 PSA import/export EC secp256r1 public key: good
 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256
-import_export:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:256:0:PSA_SUCCESS:1
+import_export:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:0:256:0:PSA_SUCCESS:1
 
 PSA import/export EC secp521r1 public key: good
 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_521
-import_export:"04001de142d54f69eb038ee4b7af9d3ca07736fd9cf719eb354d69879ee7f3c136fb0fbf9f08f86be5fa128ec1a051d3e6c643e85ada8ffacf3663c260bd2c844b6f5600cee8e48a9e65d09cadd89f235dee05f3b8a646be715f1f67d5b434e0ff23a1fc07ef7740193e40eeff6f3bcdfd765aa9155033524fe4f205f5444e292c4c2f6ac1":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:521:0:PSA_SUCCESS:1
+import_export:"04001de142d54f69eb038ee4b7af9d3ca07736fd9cf719eb354d69879ee7f3c136fb0fbf9f08f86be5fa128ec1a051d3e6c643e85ada8ffacf3663c260bd2c844b6f5600cee8e48a9e65d09cadd89f235dee05f3b8a646be715f1f67d5b434e0ff23a1fc07ef7740193e40eeff6f3bcdfd765aa9155033524fe4f205f5444e292c4c2f6ac1":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:0:521:0:PSA_SUCCESS:1
 
 PSA import/export EC brainpoolP256r1 public key: good
 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_BRAINPOOL_P_R1_256
-import_export:"04768c8cae4abca6306db0ed81b0c4a6215c378066ec6d616c146e13f1c7df809b96ab6911c27d8a02339f0926840e55236d3d1efbe2669d090e4c4c660fada91d":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:256:0:PSA_SUCCESS:1
+import_export:"04768c8cae4abca6306db0ed81b0c4a6215c378066ec6d616c146e13f1c7df809b96ab6911c27d8a02339f0926840e55236d3d1efbe2669d090e4c4c660fada91d":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:0:256:0:PSA_SUCCESS:1
 
 PSA import/export curve25519 public key: good
 depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_255
-import_export:"8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_MONTGOMERY):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:255:0:PSA_SUCCESS:1
+import_export:"8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_MONTGOMERY):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:0:255:0:PSA_SUCCESS:1
 
 PSA import/export curve448 Public Key: good (key from RFC 7748 6.2 Alice)
 depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_448
@@ -251,29 +351,137 @@ import_export:"9b08f7cc31b7e3e67d22d5aea121074a273bd2b83de09c63faa73d2c22c5d9bbc
 
 PSA import/export AES key: policy forbids export
 depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
-import_export:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_KEY_TYPE_AES:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:128:0:PSA_ERROR_NOT_PERMITTED:1
+import_export:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_KEY_TYPE_AES:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:0:128:0:PSA_ERROR_NOT_PERMITTED:1
 
 PSA import/export HMAC key: policy forbids export
 depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
-import_export:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_KEY_TYPE_HMAC:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_HMAC(PSA_ALG_SHA_256):256:0:PSA_ERROR_NOT_PERMITTED:1
+import_export:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_KEY_TYPE_HMAC:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_HMAC(PSA_ALG_SHA_256):0:256:0:PSA_ERROR_NOT_PERMITTED:1
 
 PSA import/export RSA keypair: policy forbids export (crypt)
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C
-import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:1024:0:PSA_ERROR_NOT_PERMITTED:1
+import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:0:1024:0:PSA_ERROR_NOT_PERMITTED:1
 
 PSA import/export RSA keypair: policy forbids export (sign)
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
-import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1024:0:PSA_ERROR_NOT_PERMITTED:1
+import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1024:0:PSA_ERROR_NOT_PERMITTED:1
+
+PSA import/export EC secp224r1 key pair: good, opaque
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_224:MBEDTLS_PSA_CRYPTO_DRIVERS
+import_export:"6849f97d1066f6997759637c7e3899464cee3ec7ac970653a0be0742":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):224:0:PSA_SUCCESS:1
+
+PSA import/export-public EC secp224r1: good, opaque
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_224:MBEDTLS_PSA_CRYPTO_DRIVERS
+import_export_public_key:"6849f97d1066f6997759637c7e3899464cee3ec7ac970653a0be0742":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):0:PSA_SUCCESS:"041693a290f7f0b571fe2b41d5d84b01327631f4a860f995fa332c097f54192bb10f00113f2affb13c1a24ce44914571a95440ae014a00cbf7"
+
+PSA import/export EC secp256r1 key pair: good, opaque
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_CRYPTO_DRIVERS
+import_export:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):256:0:PSA_SUCCESS:1
+
+PSA import/export-public EC secp256r1: good, opaque
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_CRYPTO_DRIVERS
+import_export_public_key:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):0:PSA_SUCCESS:"047772656f814b399279d5e1f1781fac6f099a3c5ca1b0e35351834b08b65e0b572590cdaf8f769361bcf34acfc11e5e074e8426bdde04be6e653945449617de45"
+
+PSA import/export EC secp384r1 key pair: good, opaque
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_PSA_CRYPTO_DRIVERS
+import_export:"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):384:0:PSA_SUCCESS:1
+
+PSA import/export-public EC secp384r1: good, opaque
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_PSA_CRYPTO_DRIVERS
+import_export_public_key:"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):0:PSA_SUCCESS:"04d9c662b50ba29ca47990450e043aeaf4f0c69b15676d112f622a71c93059af999691c5680d2b44d111579db12f4a413a2ed5c45fcfb67b5b63e00b91ebe59d09a6b1ac2c0c4282aa12317ed5914f999bc488bb132e8342cc36f2ca5e3379c747"
+
+PSA import/export EC secp521r1 key pair: good, opaque
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_521:MBEDTLS_PSA_CRYPTO_DRIVERS
+import_export:"01b1b6ad07bb79e7320da59860ea28e055284f6058f279de666e06d435d2af7bda28d99fa47b7dd0963e16b0073078ee8b8a38d966a582f46d19ff95df3ad9685aae":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):521:0:PSA_SUCCESS:1
+
+PSA import/export-public EC secp521r1: good, opaque
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_521:MBEDTLS_PSA_CRYPTO_DRIVERS
+import_export_public_key:"01b1b6ad07bb79e7320da59860ea28e055284f6058f279de666e06d435d2af7bda28d99fa47b7dd0963e16b0073078ee8b8a38d966a582f46d19ff95df3ad9685aae":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):0:PSA_SUCCESS:"04001de142d54f69eb038ee4b7af9d3ca07736fd9cf719eb354d69879ee7f3c136fb0fbf9f08f86be5fa128ec1a051d3e6c643e85ada8ffacf3663c260bd2c844b6f5600cee8e48a9e65d09cadd89f235dee05f3b8a646be715f1f67d5b434e0ff23a1fc07ef7740193e40eeff6f3bcdfd765aa9155033524fe4f205f5444e292c4c2f6ac1"
+
+PSA import/export EC brainpool256r1 key pair: good, opaque
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_BRAINPOOL_P_R1_256:MBEDTLS_PSA_CRYPTO_DRIVERS
+import_export:"2161d6f2db76526fa62c16f356a80f01f32f776784b36aa99799a8b7662080ff":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY::PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):256:0:PSA_SUCCESS:1
+
+PSA import/export-public EC brainpool256r1: good, opaque
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_BRAINPOOL_P_R1_256:MBEDTLS_PSA_CRYPTO_DRIVERS
+import_export_public_key:"2161d6f2db76526fa62c16f356a80f01f32f776784b36aa99799a8b7662080ff":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):0:PSA_SUCCESS:"04768c8cae4abca6306db0ed81b0c4a6215c378066ec6d616c146e13f1c7df809b96ab6911c27d8a02339f0926840e55236d3d1efbe2669d090e4c4c660fada91d"
+
+PSA import/export EC brainpool384r1 key pair: good, opaque
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_BRAINPOOL_P_R1_384:MBEDTLS_PSA_CRYPTO_DRIVERS
+import_export:"3dd92e750d90d7d39fc1885cd8ad12ea9441f22b9334b4d965202adb1448ce24c5808a85dd9afc229af0a3124f755bcb":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):384:0:PSA_SUCCESS:1
+
+PSA import/export-public EC brainpool384r1: good, opaque
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_BRAINPOOL_P_R1_384:MBEDTLS_PSA_CRYPTO_DRIVERS
+import_export_public_key:"3dd92e750d90d7d39fc1885cd8ad12ea9441f22b9334b4d965202adb1448ce24c5808a85dd9afc229af0a3124f755bcb":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):0:PSA_SUCCESS:"04719f9d093a627e0d350385c661cebf00c61923566fe9006a3107af1d871bc6bb68985fd722ea32be316f8e783b7cd1957785f66cfc0cb195dd5c99a8e7abaa848553a584dfd2b48e76d445fe00dd8be59096d877d4696d23b4bc8db14724e66a"
+
+PSA import/export EC brainpool512r1 key pair: good, opaque
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_BRAINPOOL_P_R1_512:MBEDTLS_PSA_CRYPTO_DRIVERS
+import_export:"372c9778f69f726cbca3f4a268f16b4d617d10280d79a6a029cd51879fe1012934dfe5395455337df6906dc7d6d2eea4dbb2065c0228f73b3ed716480e7d71d2":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):512:0:PSA_SUCCESS:1
+
+PSA import/export-public EC brainpool512r1: good, opaque
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_BRAINPOOL_P_R1_512:MBEDTLS_PSA_CRYPTO_DRIVERS
+import_export_public_key:"372c9778f69f726cbca3f4a268f16b4d617d10280d79a6a029cd51879fe1012934dfe5395455337df6906dc7d6d2eea4dbb2065c0228f73b3ed716480e7d71d2":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):PSA_ALG_ECDSA_ANY:0:0:PSA_SUCCESS:"0438b7ec92b61c5c6c7fbc28a4ec759d48fcd4e2e374defd5c4968a54dbef7510e517886fbfc38ea39aa529359d70a7156c35d3cbac7ce776bdb251dd64bce71234424ee7049eed072f0dbc4d79996e175d557e263763ae97095c081e73e7db2e38adc3d4c9a0487b1ede876dc1fca61c902e9a1d8722b8612928f18a24845591a"
+
+PSA import/export EC curve25519 key pair: good (already properly masked), opaque
+depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_255:MBEDTLS_PSA_CRYPTO_DRIVERS
+import_export:"70076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c6a":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):255:0:PSA_SUCCESS:1
+
+PSA import/export EC curve25519 key pair: unmasked input (check export-import-export yields properly masked output), opaque
+depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_255:MBEDTLS_PSA_CRYPTO_DRIVERS
+import_export:"77076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c2a":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):255:0:PSA_SUCCESS:0
+
+PSA import/export-public EC curve25519: accept unmasked input, opaque
+depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_255:MBEDTLS_PSA_CRYPTO_DRIVERS
+import_export_public_key:"77076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c2a":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):0:PSA_SUCCESS:"8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a"
+
+PSA import/export-public EC curve25519: accept masked input, opaque
+depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_255:MBEDTLS_PSA_CRYPTO_DRIVERS
+import_export_public_key:"70076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c6a":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):0:PSA_SUCCESS:"8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a"
+
+PSA import/export-public: cannot export-public a symmetric key, opaque
+depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_PSA_CRYPTO_DRIVERS
+import_export_public_key:"2b7e151628aed2a6abf7158809cf4f3c":PSA_KEY_TYPE_AES:PSA_ALG_CBC_NO_PADDING:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):0:PSA_ERROR_INVALID_ARGUMENT:"2b7e151628aed2a6abf7158809cf4f3c"
+
+PSA import/export EC secp256r1 public key: good, opaque
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_CRYPTO_DRIVERS
+import_export:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):256:0:PSA_SUCCESS:1
+
+PSA import/export EC secp521r1 public key: good, opaque
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_521:MBEDTLS_PSA_CRYPTO_DRIVERS
+import_export:"04001de142d54f69eb038ee4b7af9d3ca07736fd9cf719eb354d69879ee7f3c136fb0fbf9f08f86be5fa128ec1a051d3e6c643e85ada8ffacf3663c260bd2c844b6f5600cee8e48a9e65d09cadd89f235dee05f3b8a646be715f1f67d5b434e0ff23a1fc07ef7740193e40eeff6f3bcdfd765aa9155033524fe4f205f5444e292c4c2f6ac1":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):521:0:PSA_SUCCESS:1
+
+PSA import/export EC brainpoolP256r1 public key: good, opaque
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_BRAINPOOL_P_R1_256:MBEDTLS_PSA_CRYPTO_DRIVERS
+import_export:"04768c8cae4abca6306db0ed81b0c4a6215c378066ec6d616c146e13f1c7df809b96ab6911c27d8a02339f0926840e55236d3d1efbe2669d090e4c4c660fada91d":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):256:0:PSA_SUCCESS:1
+
+PSA import/export curve25519 public key: good, opaque
+depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_255:MBEDTLS_PSA_CRYPTO_DRIVERS
+import_export:"8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_MONTGOMERY):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):255:0:PSA_SUCCESS:1
+
+PSA import/export AES key: policy forbids export, opaque
+depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_CRYPTO_DRIVERS
+import_export:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_KEY_TYPE_AES:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):128:0:PSA_ERROR_NOT_PERMITTED:1
+
+PSA import/export HMAC key: policy forbids export, opaque
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC:MBEDTLS_PSA_CRYPTO_DRIVERS
+import_export:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_KEY_TYPE_HMAC:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):256:0:PSA_ERROR_NOT_PERMITTED:1
+
+PSA import/export RSA keypair: policy forbids export (crypt), opaque
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PSA_CRYPTO_DRIVERS
+import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):1024:0:PSA_ERROR_NOT_PERMITTED:1
+
+PSA import/export RSA keypair: policy forbids export (sign), opaque
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C:MBEDTLS_PSA_CRYPTO_DRIVERS
+import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):1024:0:PSA_ERROR_NOT_PERMITTED:1
 
 # Test PEM import. Note that this is not a PSA feature, it's an Mbed TLS
 # extension which we may drop in the future.
 PSA import/export RSA public key: import PEM
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C
-import_export:"2d2d2d2d2d424547494e205055424c4943204b45592d2d2d2d2d0a4d4947664d413047435371475349623344514542415155414134474e4144434269514b4267514376425830356275685074312f6274634b7850482f6c706c53710a69714a4843315165346636777353306c7835635255784a4a34524b574b41517475376242494e46454e5354765441357548596c57377249486576456a536433750a355553447641624378686c497a514b7941756557727232553036664c2b466e43775947634d6b79344b357a545474346d4f69712f2f6b637a384865476e6f5a670a3939614454615539615137336d46397277774944415141420a2d2d2d2d2d454e44205055424c4943204b45592d2d2d2d2d0a00":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1024:0:PSA_SUCCESS:0
+import_export:"2d2d2d2d2d424547494e205055424c4943204b45592d2d2d2d2d0a4d4947664d413047435371475349623344514542415155414134474e4144434269514b4267514376425830356275685074312f6274634b7850482f6c706c53710a69714a4843315165346636777353306c7835635255784a4a34524b574b41517475376242494e46454e5354765441357548596c57377249486576456a536433750a355553447641624378686c497a514b7941756557727232553036664c2b466e43775947634d6b79344b357a545474346d4f69712f2f6b637a384865476e6f5a670a3939614454615539615137336d46397277774944415141420a2d2d2d2d2d454e44205055424c4943204b45592d2d2d2d2d0a00":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1024:0:PSA_SUCCESS:0
 
 PSA import/export RSA keypair: import PEM
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C
-import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b2400":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1024:0:PSA_SUCCESS:0
+import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b2400":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1024:0:PSA_SUCCESS:0
 
 PSA import: reject raw data key of length 0
 # The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 8df2ceafef..7e9a743e7e 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -15,6 +15,9 @@
 #include "test/asn1_helpers.h"
 #include "test/psa_crypto_helpers.h"
 #include "test/psa_exercise_key.h"
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+#include "test/drivers/test_driver.h"
+#endif
 
 /* If this comes up, it's a bug in the test code or in the test data. */
 #define UNUSED 0xdeadbeef
@@ -484,6 +487,7 @@ exit:
 void import_export( data_t *data,
                     int type_arg,
                     int usage_arg, int alg_arg,
+                    int lifetime_arg,
                     int expected_bits,
                     int export_size_delta,
                     int expected_export_status_arg,
@@ -494,6 +498,7 @@ void import_export( data_t *data,
     psa_algorithm_t alg = alg_arg;
     psa_status_t expected_export_status = expected_export_status_arg;
     psa_status_t status;
+    psa_key_lifetime_t lifetime = lifetime_arg;
     unsigned char *exported = NULL;
     unsigned char *reexported = NULL;
     size_t export_size;
@@ -508,6 +513,7 @@ void import_export( data_t *data,
         ASSERT_ALLOC( reexported, export_size );
     PSA_ASSERT( psa_crypto_init( ) );
 
+    psa_set_key_lifetime( &attributes, lifetime );
     psa_set_key_usage_flags( &attributes, usage_arg );
     psa_set_key_algorithm( &attributes, alg );
     psa_set_key_type( &attributes, type );
@@ -543,8 +549,11 @@ void import_export( data_t *data,
      * this validates the canonical representations. For canonical inputs,
      * this doesn't directly validate the implementation, but it still helps
      * by cross-validating the test data with the sanity check code. */
-    if( ! mbedtls_test_psa_exercise_key( key, usage_arg, 0 ) )
-        goto exit;
+    if( !psa_key_lifetime_is_external( lifetime ) )
+    {
+        if( ! mbedtls_test_psa_exercise_key( key, usage_arg, 0 ) )
+            goto exit;
+    }
 
     if( canonical_input )
         ASSERT_COMPARE( data->x, data->len, exported, exported_length );
@@ -552,17 +561,17 @@ void import_export( data_t *data,
     {
         mbedtls_svc_key_id_t key2 = MBEDTLS_SVC_KEY_ID_INIT;
         PSA_ASSERT( psa_import_key( &attributes, exported, exported_length,
-                                    &key2 ) );
+                                     &key2 ) );
         PSA_ASSERT( psa_export_key( key2,
-                                    reexported,
-                                    export_size,
-                                    &reexported_length ) );
+                                     reexported,
+                                     export_size,
+                                     &reexported_length ) );
         ASSERT_COMPARE( exported, exported_length,
-                        reexported, reexported_length );
+                         reexported, reexported_length );
         PSA_ASSERT( psa_destroy_key( key2 ) );
     }
     TEST_ASSERT( exported_length <=
-                 PSA_EXPORT_KEY_OUTPUT_SIZE( type,
+             PSA_EXPORT_KEY_OUTPUT_SIZE( type,
                                              psa_get_key_bits( &got_attributes ) ) );
     TEST_ASSERT( exported_length <= PSA_EXPORT_KEY_PAIR_MAX_SIZE );
 
@@ -577,7 +586,7 @@ exit:
      * thus reset them as required.
      */
     psa_reset_key_attributes( &got_attributes );
-
+    psa_destroy_key( key ) ;
     mbedtls_free( exported );
     mbedtls_free( reexported );
     PSA_DONE( );
@@ -588,6 +597,7 @@ exit:
 void import_export_public_key( data_t *data,
                                int type_arg,
                                int alg_arg,
+                               int lifetime_arg,
                                int export_size_delta,
                                int expected_export_status_arg,
                                data_t *expected_public_key )
@@ -597,6 +607,7 @@ void import_export_public_key( data_t *data,
     psa_algorithm_t alg = alg_arg;
     psa_status_t expected_export_status = expected_export_status_arg;
     psa_status_t status;
+    psa_key_lifetime_t lifetime = lifetime_arg;
     unsigned char *exported = NULL;
     size_t export_size = expected_public_key->len + export_size_delta;
     size_t exported_length = INVALID_EXPORT_LENGTH;
@@ -604,6 +615,7 @@ void import_export_public_key( data_t *data,
 
     PSA_ASSERT( psa_crypto_init( ) );
 
+    psa_set_key_lifetime( &attributes, lifetime );
     psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT );
     psa_set_key_algorithm( &attributes, alg );
     psa_set_key_type( &attributes, type );
@@ -614,8 +626,8 @@ void import_export_public_key( data_t *data,
     /* Export the public key */
     ASSERT_ALLOC( exported, export_size );
     status = psa_export_public_key( key,
-                                    exported, export_size,
-                                    &exported_length );
+                                exported, export_size,
+                                &exported_length );
     TEST_EQUAL( status, expected_export_status );
     if( status == PSA_SUCCESS )
     {
@@ -632,7 +644,6 @@ void import_export_public_key( data_t *data,
         ASSERT_COMPARE( expected_public_key->x, expected_public_key->len,
                         exported, exported_length );
     }
-
 exit:
     /*
      * Key attributes may have been returned by psa_get_key_attributes()

From 6ed4bda2c69cc81cec1a92364a8c116718dc05e7 Mon Sep 17 00:00:00 2001
From: Archana <archana.madhavan@silabs.com>
Date: Wed, 4 Aug 2021 10:47:15 +0530
Subject: [PATCH 477/966] pre-existing validation extended

The validation against key width and max key bits is extended to
all key types from the existing validation for only symmetric keys.

Signed-off-by: Archana <archana.madhavan@silabs.com>
---
 library/psa_crypto.c                          | 20 ++++++++++---------
 .../src/drivers/test_driver_key_management.c  |  9 ---------
 2 files changed, 11 insertions(+), 18 deletions(-)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index cea165cbbc..aea9f9c72b 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -558,15 +558,6 @@ psa_status_t psa_import_key_into_slot(
     {
         *bits = PSA_BYTES_TO_BITS( data_length );
 
-        /* Ensure that the bytes-to-bits conversion hasn't overflown. */
-        if( data_length > SIZE_MAX / 8 )
-            return( status );
-
-        /* Enforce a size limit, and in particular ensure that the bit
-         * size fits in its representation type. */
-        if( ( *bits ) > PSA_MAX_KEY_BITS )
-            return( status );
-
         status = psa_validate_unstructured_key_bit_size( attributes->core.type, *bits );
         if( status != PSA_SUCCESS )
             return( status );
@@ -1901,6 +1892,10 @@ psa_status_t psa_import_key( const psa_key_attributes_t *attributes,
     if( data_length == 0 )
         return( PSA_ERROR_INVALID_ARGUMENT );
 
+    /* Ensure that the bytes-to-bits conversion hasn't overflown. */
+    if( data_length > SIZE_MAX / 8 )
+        return( PSA_ERROR_NOT_SUPPORTED );
+
     status = psa_start_key_creation( PSA_KEY_CREATION_IMPORT, attributes,
                                      &slot, &driver );
     if( status != PSA_SUCCESS )
@@ -1941,6 +1936,13 @@ psa_status_t psa_import_key( const psa_key_attributes_t *attributes,
         goto exit;
     }
 
+    /* Enforce a size limit, and in particular ensure that the bit
+     * size fits in its representation type.*/
+    if( bits > PSA_MAX_KEY_BITS )
+    {
+        status = PSA_ERROR_NOT_SUPPORTED;
+        goto exit;
+    }
     status = psa_validate_optional_attributes( slot, attributes );
     if( status != PSA_SUCCESS )
         goto exit;
diff --git a/tests/src/drivers/test_driver_key_management.c b/tests/src/drivers/test_driver_key_management.c
index 7ad7f73bdb..0f6a2bd583 100644
--- a/tests/src/drivers/test_driver_key_management.c
+++ b/tests/src/drivers/test_driver_key_management.c
@@ -271,15 +271,6 @@ psa_status_t mbedtls_test_opaque_import_key(
     {
         *bits = PSA_BYTES_TO_BITS( data_length );
 
-        /* Ensure that the bytes-to-bits conversion hasn't overflown. */
-        if( data_length > SIZE_MAX / 8 )
-            goto exit;
-
-        /* Enforce a size limit, and in particular ensure that the bit
-         * size fits in its representation type. */
-        if( ( *bits ) > PSA_MAX_KEY_BITS )
-            goto exit;
-
         status = psa_validate_unstructured_key_bit_size( attributes->core.type, *bits );
         if( status != PSA_SUCCESS )
             goto exit;

From 8a180368fb16b922b9508ed52951c65a58cb6640 Mon Sep 17 00:00:00 2001
From: Archana <archana.madhavan@silabs.com>
Date: Mon, 5 Jul 2021 02:18:48 +0530
Subject: [PATCH 478/966] Add opaque test driver support for copy key

A minimal test driver extension is added to support
copy of opaque keys within the same location.
Test vector support is extended to cover opaque keys.

Signed-off-by: Archana <archana.madhavan@silabs.com>
---
 library/psa_crypto.c                          |  57 ++-
 library/psa_crypto_driver_wrappers.c          |  41 ++
 library/psa_crypto_driver_wrappers.h          |   4 +
 tests/include/test/drivers/key_management.h   |   9 +
 .../src/drivers/test_driver_key_management.c  |  20 +
 tests/suites/test_suite_psa_crypto.data       | 358 ++++++++++++------
 tests/suites/test_suite_psa_crypto.function   |  25 +-
 7 files changed, 378 insertions(+), 136 deletions(-)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index aea9f9c72b..ee16983416 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -2015,10 +2015,11 @@ psa_status_t psa_copy_key( mbedtls_svc_key_id_t source_key,
     psa_key_slot_t *target_slot = NULL;
     psa_key_attributes_t actual_attributes = *specified_attributes;
     psa_se_drv_table_entry_t *driver = NULL;
+    size_t storage_size = 0;
 
     *target_key = MBEDTLS_SVC_KEY_ID_INIT;
 
-    status = psa_get_and_lock_transparent_key_slot_with_policy(
+    status = psa_get_and_lock_key_slot_with_policy(
                  source_key, &source_slot, PSA_KEY_USAGE_COPY, 0 );
     if( status != PSA_SUCCESS )
         goto exit;
@@ -2038,31 +2039,49 @@ psa_status_t psa_copy_key( mbedtls_svc_key_id_t source_key,
                                      &target_slot, &driver );
     if( status != PSA_SUCCESS )
         goto exit;
-
-#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
-    if( driver != NULL )
+    if( PSA_KEY_LIFETIME_GET_LOCATION( target_slot->attr.lifetime ) !=
+        PSA_KEY_LIFETIME_GET_LOCATION( source_slot->attr.lifetime ) )
     {
-        /* Copying to a secure element is not implemented yet. */
+        /*
+         * If the source and target keys are stored across different locations,
+         * the source key would need to be exported as plaintext and re-imported
+         * in the other location. This has security implications which have not
+         * been fully mapped.For now, this can be acheived through
+         * appropriate API invocations from the application, if needed.
+         * */
         status = PSA_ERROR_NOT_SUPPORTED;
         goto exit;
     }
-#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
-
+    /*
+     * When the source and target keys are within the same location,
+     * - For transparent keys it is a blind copy sans any driver invocation,
+     * - For opaque keys this translates to an invocation of the drivers'
+     *   copy_key entry point through the dispatch layer.
+     * */
     if( psa_key_lifetime_is_external( actual_attributes.core.lifetime ) )
     {
-        /*
-         * Copying through an opaque driver is not implemented yet, consider
-         * a lifetime with an external location as an invalid parameter for
-         * now.
-         */
-        status = PSA_ERROR_INVALID_ARGUMENT;
-        goto exit;
+        status = psa_driver_wrapper_get_key_buffer_size( &actual_attributes,
+                         &storage_size );
+        if( status != PSA_SUCCESS )
+            goto exit;
+        status = psa_allocate_buffer_to_slot( target_slot, storage_size );
+        if( status != PSA_SUCCESS )
+            goto exit;
+        status = psa_driver_wrapper_copy_key( &actual_attributes,
+                                              source_slot->key.data,
+                                              source_slot->key.bytes,
+                                              target_slot->key.data,
+                                              target_slot->key.bytes,
+                                              &target_slot->key.bytes );
+        if( status != PSA_SUCCESS )
+            goto exit;
+    }
+    else
+    {
+        status = psa_copy_key_material( source_slot, target_slot );
+        if( status != PSA_SUCCESS )
+            goto exit;
     }
-
-    status = psa_copy_key_material( source_slot, target_slot );
-    if( status != PSA_SUCCESS )
-        goto exit;
-
     status = psa_finish_key_creation( target_slot, driver, target_key );
 exit:
     if( status != PSA_SUCCESS )
diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c
index e145dd4d62..1597b00d0f 100644
--- a/library/psa_crypto_driver_wrappers.c
+++ b/library/psa_crypto_driver_wrappers.c
@@ -782,6 +782,47 @@ psa_status_t psa_driver_wrapper_get_builtin_key(
     }
 }
 
+psa_status_t psa_driver_wrapper_copy_key(
+    psa_key_attributes_t *attributes,
+    const uint8_t *source_key, size_t source_key_size,
+    uint8_t *target_key_buffer, size_t target_buffer_size, size_t *key_length )
+{
+    psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
+    psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
+#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
+    const psa_drv_se_t *drv;
+    psa_drv_se_context_t *drv_context;
+
+    if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
+    {
+        /* Copying to a secure element is not implemented yet. */
+        return( PSA_ERROR_NOT_SUPPORTED );
+    }
+#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
+
+    switch( location )
+    {
+#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+        case PSA_CRYPTO_TEST_DRIVER_LOCATION:
+            return( mbedtls_test_opaque_copy_key( attributes, source_key,
+                                                  source_key_size,
+                                                  target_key_buffer,
+                                                  target_buffer_size,
+                                                  key_length ) );
+#endif /* PSA_CRYPTO_DRIVER_TEST */
+#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+        default:
+            (void)source_key;
+            (void)source_key_size;
+            (void)target_key_buffer;
+            (void)target_buffer_size;
+            (void)key_length;
+            status = PSA_ERROR_INVALID_ARGUMENT;
+    }
+    return( status );
+}
+
 /*
  * Cipher functions
  */
diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h
index 99455a8a6c..7c45fbfce2 100644
--- a/library/psa_crypto_driver_wrappers.h
+++ b/library/psa_crypto_driver_wrappers.h
@@ -100,6 +100,10 @@ psa_status_t psa_driver_wrapper_get_builtin_key(
     psa_key_attributes_t *attributes,
     uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length );
 
+psa_status_t psa_driver_wrapper_copy_key(
+    psa_key_attributes_t *attributes,
+    const uint8_t *source_key, size_t source_key_size,
+    uint8_t *target_key_buffer, size_t target_buffer_size, size_t *key_length );
 /*
  * Cipher functions
  */
diff --git a/tests/include/test/drivers/key_management.h b/tests/include/test/drivers/key_management.h
index 3cde1aaff9..ed0b5ebbca 100644
--- a/tests/include/test/drivers/key_management.h
+++ b/tests/include/test/drivers/key_management.h
@@ -113,5 +113,14 @@ psa_status_t mbedtls_test_opaque_get_builtin_key(
     psa_key_attributes_t *attributes,
     uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length );
 
+psa_status_t mbedtls_test_opaque_copy_key(
+    psa_key_attributes_t *attributes,
+    const uint8_t *source_key,
+    size_t source_key_size,
+    uint8_t *target_key_buffer,
+    size_t target_buffer_size,
+    size_t *key_length );
+
+
 #endif /* PSA_CRYPTO_DRIVER_TEST */
 #endif /* PSA_CRYPTO_TEST_DRIVERS_KEY_MANAGEMENT_H */
diff --git a/tests/src/drivers/test_driver_key_management.c b/tests/src/drivers/test_driver_key_management.c
index 0f6a2bd583..fec0a3e484 100644
--- a/tests/src/drivers/test_driver_key_management.c
+++ b/tests/src/drivers/test_driver_key_management.c
@@ -606,4 +606,24 @@ psa_status_t mbedtls_test_opaque_get_builtin_key(
             return( PSA_ERROR_DOES_NOT_EXIST );
     }
 }
+
+psa_status_t mbedtls_test_opaque_copy_key(
+    psa_key_attributes_t *attributes,
+    const uint8_t *source_key_buffer, size_t source_key_buffer_size,
+    uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length)
+{
+    /* This is a case where the opaque test driver emulates an SE without storage.
+     * With that all key context is stored in the wrapped buffer.
+     * So no additional house keeping is necessary to reference count the
+     * copied keys. This could change when the opaque test driver is extended
+     * to support SE with storage, or to emulate an SE without storage but
+     * still holding some slot references */
+    if( source_key_buffer_size > key_buffer_size )
+        return( PSA_ERROR_BUFFER_TOO_SMALL );
+    memcpy( key_buffer, source_key_buffer, source_key_buffer_size );
+    *key_buffer_length = source_key_buffer_size;
+    (void)attributes;
+    return( PSA_SUCCESS );
+}
+
 #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */
diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index 89254cd374..94a4c71f56 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -23,28 +23,28 @@ depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
 import_export:"0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef":PSA_KEY_TYPE_AES:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:256:0:PSA_SUCCESS:1
 
 PSA import/export raw: 1 bytes, opaque
-depends_on:MBEDTLS_PSA_CRYPTO_DRIVERS:MBEDTLS_PSA_CRYPTO_DRIVERS
-import_export:"2a":PSA_KEY_TYPE_RAW_DATA:PSA_KEY_USAGE_EXPORT:0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):8:0:PSA_SUCCESS:1
+depends_on:MBEDTLS_PSA_CRYPTO_DRIVERS
+import_export:"2a":PSA_KEY_TYPE_RAW_DATA:PSA_KEY_USAGE_EXPORT:0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):8:0:PSA_SUCCESS:1
 
 PSA import/export raw: 1 bytes, larger buffer, opaque
-depends_on:MBEDTLS_PSA_CRYPTO_DRIVERS:MBEDTLS_PSA_CRYPTO_DRIVERS
-import_export:"2a":PSA_KEY_TYPE_RAW_DATA:PSA_KEY_USAGE_EXPORT:0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):8:1:PSA_SUCCESS:1
+depends_on:MBEDTLS_PSA_CRYPTO_DRIVERS
+import_export:"2a":PSA_KEY_TYPE_RAW_DATA:PSA_KEY_USAGE_EXPORT:0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):8:1:PSA_SUCCESS:1
 
 PSA import/export raw: 2 bytes, buffer too small, opaque
 depends_on:MBEDTLS_PSA_CRYPTO_DRIVERS
-import_export:"2a2b":PSA_KEY_TYPE_RAW_DATA:PSA_KEY_USAGE_EXPORT:0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):16:-1:PSA_ERROR_BUFFER_TOO_SMALL:1
+import_export:"2a2b":PSA_KEY_TYPE_RAW_DATA:PSA_KEY_USAGE_EXPORT:0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):16:-1:PSA_ERROR_BUFFER_TOO_SMALL:1
 
 PSA import/export AES-128, opaque
 depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_CRYPTO_DRIVERS
-import_export:"0123456789abcdef0123456789abcdef":PSA_KEY_TYPE_AES:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):128:0:PSA_SUCCESS:1
+import_export:"0123456789abcdef0123456789abcdef":PSA_KEY_TYPE_AES:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):128:0:PSA_SUCCESS:1
 
 PSA import/export AES-192, opaque
 depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_CRYPTO_DRIVERS
-import_export:"0123456789abcdef0123456789abcdef0123456789abcdef":PSA_KEY_TYPE_AES:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):192:0:PSA_SUCCESS:1
+import_export:"0123456789abcdef0123456789abcdef0123456789abcdef":PSA_KEY_TYPE_AES:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):192:0:PSA_SUCCESS:1
 
 PSA import/export AES-256, opaque
 depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_CRYPTO_DRIVERS
-import_export:"0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef":PSA_KEY_TYPE_AES:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):256:0:PSA_SUCCESS:1
+import_export:"0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef":PSA_KEY_TYPE_AES:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):256:0:PSA_SUCCESS:1
 
 PSA import: bad usage flag
 import_with_policy:PSA_KEY_TYPE_RAW_DATA:0x40000000:0:PSA_ERROR_INVALID_ARGUMENT
@@ -107,55 +107,55 @@ import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa24
 
 PSA import/export RSA public key: good, 1024-bit, opaque
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_PSA_CRYPTO_DRIVERS
-import_export:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):1024:0:PSA_SUCCESS:1
+import_export:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1024:0:PSA_SUCCESS:1
 
 PSA import/export RSA public key: good, larger buffer (+1 byte), opaque
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_PSA_CRYPTO_DRIVERS
-import_export:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):1024:1:PSA_SUCCESS:1
+import_export:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1024:1:PSA_SUCCESS:1
 
 PSA import/export RSA public key: good, larger buffer (*2-1), opaque
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_PSA_CRYPTO_DRIVERS
-import_export:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):1024:161:PSA_SUCCESS:1
+import_export:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1024:161:PSA_SUCCESS:1
 
 PSA import/export RSA public key: good, larger buffer (*2), opaque
-depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C
-import_export:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):1024:162:PSA_SUCCESS:1
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_PSA_CRYPTO_DRIVERS
+import_export:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1024:162:PSA_SUCCESS:1
 
 PSA import/export RSA public key: good, larger buffer (*2+1), opaque
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_PSA_CRYPTO_DRIVERS
-import_export:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):1024:163:PSA_SUCCESS:1
+import_export:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1024:163:PSA_SUCCESS:1
 
 PSA import/export RSA public key: export buffer too small, opaque
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_PSA_CRYPTO_DRIVERS
-import_export:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):1024:-1:PSA_ERROR_BUFFER_TOO_SMALL:1
+import_export:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1024:-1:PSA_ERROR_BUFFER_TOO_SMALL:1
 
 PSA import/export RSA keypair: good, 1024-bit, opaque
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_PSA_CRYPTO_DRIVERS
-import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):1024:0:PSA_SUCCESS:1
+import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1024:0:PSA_SUCCESS:1
 
 PSA import/export RSA keypair: good, larger buffer (+1 byte), opaque
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_PSA_CRYPTO_DRIVERS
-import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):1024:1:PSA_SUCCESS:1
+import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1024:1:PSA_SUCCESS:1
 
 PSA import/export RSA keypair: good, larger buffer (*2-1), opaque
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_PSA_CRYPTO_DRIVERS
-import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):1024:609:PSA_SUCCESS:1
+import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1024:609:PSA_SUCCESS:1
 
 PSA import/export RSA keypair: good, larger buffer (*2), opaque
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_PSA_CRYPTO_DRIVERS
-import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):1024:610:PSA_SUCCESS:1
+import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1024:610:PSA_SUCCESS:1
 
 PSA import/export RSA keypair: good, larger buffer (*2+1), opaque
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_PSA_CRYPTO_DRIVERS
-import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):1024:611:PSA_SUCCESS:1
+import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1024:611:PSA_SUCCESS:1
 
 PSA import/export RSA keypair: export buffer too small, opaque
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_PSA_CRYPTO_DRIVERS
-import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):1024:-1:PSA_ERROR_BUFFER_TOO_SMALL:1
+import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1024:-1:PSA_ERROR_BUFFER_TOO_SMALL:1
 
 PSA import/export RSA keypair: trailing garbage ignored, opaque
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_PSA_CRYPTO_DRIVERS
-import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b2400":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):1024:-1:PSA_SUCCESS:0
+import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b2400":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1024:-1:PSA_SUCCESS:0
 
 PSA import RSA keypair: truncated
 depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C
@@ -191,19 +191,19 @@ import_export_public_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5
 
 PSA import/export-public RSA public key: good, 1024-bit, opaque
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_PSA_CRYPTO_DRIVERS
-import_export_public_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):0:PSA_SUCCESS:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001"
+import_export_public_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):0:PSA_SUCCESS:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001"
 
 PSA import/export-public RSA keypair: good, 1024-bit, opaque
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_PSA_CRYPTO_DRIVERS
-import_export_public_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):0:PSA_SUCCESS:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001"
+import_export_public_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):0:PSA_SUCCESS:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001"
 
 PSA import/export-public RSA public key: buffer too small, opaque
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_PSA_CRYPTO_DRIVERS
-import_export_public_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):-1:PSA_ERROR_BUFFER_TOO_SMALL:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001"
+import_export_public_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):-1:PSA_ERROR_BUFFER_TOO_SMALL:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001"
 
 PSA import/export-public RSA keypair: buffer too small, opaque
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_PSA_CRYPTO_DRIVERS
-import_export_public_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):-1:PSA_ERROR_BUFFER_TOO_SMALL:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001"
+import_export_public_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):-1:PSA_ERROR_BUFFER_TOO_SMALL:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001"
 
 PSA import/export RSA public key: 1016-bit (good)
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C
@@ -215,11 +215,11 @@ import_export:"3082025802010002818000cde684f1aee96917b89c8a0a72523cfce4686ed5a5f
 
 PSA import/export RSA public key: 1016-bit (good), opaque
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_PSA_CRYPTO_DRIVERS
-import_export:"30818802818000cde684f1aee96917b89c8a0a72523cfce4686ed5a5fbd32abab12038fc75148e45314b7e31fe60d8258e7e78234a23df0f00cc20fd008b64cb5b0f4ced8c47aa048f767f859961adc22b3df14e63bd9e08c9707bbf4e0eba32b1cc35a020e7e815ca47e0d39601a80d683ab4a07f4d3a7acebaba6c87d25bce2d091ee115c50203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):1016:0:PSA_SUCCESS:1
+import_export:"30818802818000cde684f1aee96917b89c8a0a72523cfce4686ed5a5fbd32abab12038fc75148e45314b7e31fe60d8258e7e78234a23df0f00cc20fd008b64cb5b0f4ced8c47aa048f767f859961adc22b3df14e63bd9e08c9707bbf4e0eba32b1cc35a020e7e815ca47e0d39601a80d683ab4a07f4d3a7acebaba6c87d25bce2d091ee115c50203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1016:0:PSA_SUCCESS:1
 
 PSA import/export RSA keypair: 1016-bit (good), opaque
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_PSA_CRYPTO_DRIVERS
-import_export:"3082025802010002818000cde684f1aee96917b89c8a0a72523cfce4686ed5a5fbd32abab12038fc75148e45314b7e31fe60d8258e7e78234a23df0f00cc20fd008b64cb5b0f4ced8c47aa048f767f859961adc22b3df14e63bd9e08c9707bbf4e0eba32b1cc35a020e7e815ca47e0d39601a80d683ab4a07f4d3a7acebaba6c87d25bce2d091ee115c50203010001028180009dd9c34411e769a540e7e9c03682abb4e95ad2d5c2297c6b7eb2fa5415dfa081adb42bff344ea36a31e8bb36593fa69e843f053fa916f8c6ae4c423fa4c1edbcfa7e8079bc19a738f4f861c198cf277d2c89fe3deab06db5a3a09f8d1622033a618fbfbab92b50a13f77cdb53b56d38bec4cdd8cbe65e8b30ab4e77565842102400eec9285833f973372458f354bff7d35bcb04f3b26f5b58a025887a966ca951b6667651a46034bbc99f9d688dfbcb4297a4d86824dd73abdfa7deeb232b1642902400dcbe74d51f3b93afe2a22e2be0c3c56911ef771fd8eb01f64d95d018315baf4144aeb957be95a77f17f2b8a12c2d3b87a1281f9c66d839fa603fbbe7381783d0240035398154a7c1227d580cbbb05859d532d0bdf9d3fc1e5052e20ad9c84dd02ff6884037527c5f44bc5c67a9b67c39824e6ae011d6a5c5f2b997a188a7fe22a810240076bf41ec5023e57bcd87ff1c7d89f30d65a793469f933478021ea056135f45f4ef74aaa1c8158b883422cf2d6cad5c83c6aee5ea65ecd5ab99d14f4cc000ee5024006d13905db5556627066596da3383458aea6ba5e2f94ccc5b922117a1ed3ae7a26c59e68c3885a41b366f1a5c8bff7ec8853ef8d32addb818141352b2da553dc":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):1016:0:PSA_SUCCESS:1
+import_export:"3082025802010002818000cde684f1aee96917b89c8a0a72523cfce4686ed5a5fbd32abab12038fc75148e45314b7e31fe60d8258e7e78234a23df0f00cc20fd008b64cb5b0f4ced8c47aa048f767f859961adc22b3df14e63bd9e08c9707bbf4e0eba32b1cc35a020e7e815ca47e0d39601a80d683ab4a07f4d3a7acebaba6c87d25bce2d091ee115c50203010001028180009dd9c34411e769a540e7e9c03682abb4e95ad2d5c2297c6b7eb2fa5415dfa081adb42bff344ea36a31e8bb36593fa69e843f053fa916f8c6ae4c423fa4c1edbcfa7e8079bc19a738f4f861c198cf277d2c89fe3deab06db5a3a09f8d1622033a618fbfbab92b50a13f77cdb53b56d38bec4cdd8cbe65e8b30ab4e77565842102400eec9285833f973372458f354bff7d35bcb04f3b26f5b58a025887a966ca951b6667651a46034bbc99f9d688dfbcb4297a4d86824dd73abdfa7deeb232b1642902400dcbe74d51f3b93afe2a22e2be0c3c56911ef771fd8eb01f64d95d018315baf4144aeb957be95a77f17f2b8a12c2d3b87a1281f9c66d839fa603fbbe7381783d0240035398154a7c1227d580cbbb05859d532d0bdf9d3fc1e5052e20ad9c84dd02ff6884037527c5f44bc5c67a9b67c39824e6ae011d6a5c5f2b997a188a7fe22a810240076bf41ec5023e57bcd87ff1c7d89f30d65a793469f933478021ea056135f45f4ef74aaa1c8158b883422cf2d6cad5c83c6aee5ea65ecd5ab99d14f4cc000ee5024006d13905db5556627066596da3383458aea6ba5e2f94ccc5b922117a1ed3ae7a26c59e68c3885a41b366f1a5c8bff7ec8853ef8d32addb818141352b2da553dc":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1016:0:PSA_SUCCESS:1
 
 PSA import RSA public key: 1022-bit (not supported)
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C
@@ -367,55 +367,55 @@ import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa24
 
 PSA import/export EC secp224r1 key pair: good, opaque
 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_224:MBEDTLS_PSA_CRYPTO_DRIVERS
-import_export:"6849f97d1066f6997759637c7e3899464cee3ec7ac970653a0be0742":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):224:0:PSA_SUCCESS:1
+import_export:"6849f97d1066f6997759637c7e3899464cee3ec7ac970653a0be0742":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):224:0:PSA_SUCCESS:1
 
 PSA import/export-public EC secp224r1: good, opaque
 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_224:MBEDTLS_PSA_CRYPTO_DRIVERS
-import_export_public_key:"6849f97d1066f6997759637c7e3899464cee3ec7ac970653a0be0742":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):0:PSA_SUCCESS:"041693a290f7f0b571fe2b41d5d84b01327631f4a860f995fa332c097f54192bb10f00113f2affb13c1a24ce44914571a95440ae014a00cbf7"
+import_export_public_key:"6849f97d1066f6997759637c7e3899464cee3ec7ac970653a0be0742":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):0:PSA_SUCCESS:"041693a290f7f0b571fe2b41d5d84b01327631f4a860f995fa332c097f54192bb10f00113f2affb13c1a24ce44914571a95440ae014a00cbf7"
 
 PSA import/export EC secp256r1 key pair: good, opaque
 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_CRYPTO_DRIVERS
-import_export:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):256:0:PSA_SUCCESS:1
+import_export:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):256:0:PSA_SUCCESS:1
 
 PSA import/export-public EC secp256r1: good, opaque
 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_CRYPTO_DRIVERS
-import_export_public_key:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):0:PSA_SUCCESS:"047772656f814b399279d5e1f1781fac6f099a3c5ca1b0e35351834b08b65e0b572590cdaf8f769361bcf34acfc11e5e074e8426bdde04be6e653945449617de45"
+import_export_public_key:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):0:PSA_SUCCESS:"047772656f814b399279d5e1f1781fac6f099a3c5ca1b0e35351834b08b65e0b572590cdaf8f769361bcf34acfc11e5e074e8426bdde04be6e653945449617de45"
 
 PSA import/export EC secp384r1 key pair: good, opaque
 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_PSA_CRYPTO_DRIVERS
-import_export:"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):384:0:PSA_SUCCESS:1
+import_export:"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):384:0:PSA_SUCCESS:1
 
 PSA import/export-public EC secp384r1: good, opaque
 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_PSA_CRYPTO_DRIVERS
-import_export_public_key:"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):0:PSA_SUCCESS:"04d9c662b50ba29ca47990450e043aeaf4f0c69b15676d112f622a71c93059af999691c5680d2b44d111579db12f4a413a2ed5c45fcfb67b5b63e00b91ebe59d09a6b1ac2c0c4282aa12317ed5914f999bc488bb132e8342cc36f2ca5e3379c747"
+import_export_public_key:"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):0:PSA_SUCCESS:"04d9c662b50ba29ca47990450e043aeaf4f0c69b15676d112f622a71c93059af999691c5680d2b44d111579db12f4a413a2ed5c45fcfb67b5b63e00b91ebe59d09a6b1ac2c0c4282aa12317ed5914f999bc488bb132e8342cc36f2ca5e3379c747"
 
 PSA import/export EC secp521r1 key pair: good, opaque
 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_521:MBEDTLS_PSA_CRYPTO_DRIVERS
-import_export:"01b1b6ad07bb79e7320da59860ea28e055284f6058f279de666e06d435d2af7bda28d99fa47b7dd0963e16b0073078ee8b8a38d966a582f46d19ff95df3ad9685aae":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):521:0:PSA_SUCCESS:1
+import_export:"01b1b6ad07bb79e7320da59860ea28e055284f6058f279de666e06d435d2af7bda28d99fa47b7dd0963e16b0073078ee8b8a38d966a582f46d19ff95df3ad9685aae":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):521:0:PSA_SUCCESS:1
 
 PSA import/export-public EC secp521r1: good, opaque
 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_521:MBEDTLS_PSA_CRYPTO_DRIVERS
-import_export_public_key:"01b1b6ad07bb79e7320da59860ea28e055284f6058f279de666e06d435d2af7bda28d99fa47b7dd0963e16b0073078ee8b8a38d966a582f46d19ff95df3ad9685aae":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):0:PSA_SUCCESS:"04001de142d54f69eb038ee4b7af9d3ca07736fd9cf719eb354d69879ee7f3c136fb0fbf9f08f86be5fa128ec1a051d3e6c643e85ada8ffacf3663c260bd2c844b6f5600cee8e48a9e65d09cadd89f235dee05f3b8a646be715f1f67d5b434e0ff23a1fc07ef7740193e40eeff6f3bcdfd765aa9155033524fe4f205f5444e292c4c2f6ac1"
+import_export_public_key:"01b1b6ad07bb79e7320da59860ea28e055284f6058f279de666e06d435d2af7bda28d99fa47b7dd0963e16b0073078ee8b8a38d966a582f46d19ff95df3ad9685aae":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):0:PSA_SUCCESS:"04001de142d54f69eb038ee4b7af9d3ca07736fd9cf719eb354d69879ee7f3c136fb0fbf9f08f86be5fa128ec1a051d3e6c643e85ada8ffacf3663c260bd2c844b6f5600cee8e48a9e65d09cadd89f235dee05f3b8a646be715f1f67d5b434e0ff23a1fc07ef7740193e40eeff6f3bcdfd765aa9155033524fe4f205f5444e292c4c2f6ac1"
 
 PSA import/export EC brainpool256r1 key pair: good, opaque
 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_BRAINPOOL_P_R1_256:MBEDTLS_PSA_CRYPTO_DRIVERS
-import_export:"2161d6f2db76526fa62c16f356a80f01f32f776784b36aa99799a8b7662080ff":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY::PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):256:0:PSA_SUCCESS:1
+import_export:"2161d6f2db76526fa62c16f356a80f01f32f776784b36aa99799a8b7662080ff":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY::PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):256:0:PSA_SUCCESS:1
 
 PSA import/export-public EC brainpool256r1: good, opaque
 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_BRAINPOOL_P_R1_256:MBEDTLS_PSA_CRYPTO_DRIVERS
-import_export_public_key:"2161d6f2db76526fa62c16f356a80f01f32f776784b36aa99799a8b7662080ff":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):0:PSA_SUCCESS:"04768c8cae4abca6306db0ed81b0c4a6215c378066ec6d616c146e13f1c7df809b96ab6911c27d8a02339f0926840e55236d3d1efbe2669d090e4c4c660fada91d"
+import_export_public_key:"2161d6f2db76526fa62c16f356a80f01f32f776784b36aa99799a8b7662080ff":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):0:PSA_SUCCESS:"04768c8cae4abca6306db0ed81b0c4a6215c378066ec6d616c146e13f1c7df809b96ab6911c27d8a02339f0926840e55236d3d1efbe2669d090e4c4c660fada91d"
 
 PSA import/export EC brainpool384r1 key pair: good, opaque
 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_BRAINPOOL_P_R1_384:MBEDTLS_PSA_CRYPTO_DRIVERS
-import_export:"3dd92e750d90d7d39fc1885cd8ad12ea9441f22b9334b4d965202adb1448ce24c5808a85dd9afc229af0a3124f755bcb":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):384:0:PSA_SUCCESS:1
+import_export:"3dd92e750d90d7d39fc1885cd8ad12ea9441f22b9334b4d965202adb1448ce24c5808a85dd9afc229af0a3124f755bcb":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):384:0:PSA_SUCCESS:1
 
 PSA import/export-public EC brainpool384r1: good, opaque
 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_BRAINPOOL_P_R1_384:MBEDTLS_PSA_CRYPTO_DRIVERS
-import_export_public_key:"3dd92e750d90d7d39fc1885cd8ad12ea9441f22b9334b4d965202adb1448ce24c5808a85dd9afc229af0a3124f755bcb":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):0:PSA_SUCCESS:"04719f9d093a627e0d350385c661cebf00c61923566fe9006a3107af1d871bc6bb68985fd722ea32be316f8e783b7cd1957785f66cfc0cb195dd5c99a8e7abaa848553a584dfd2b48e76d445fe00dd8be59096d877d4696d23b4bc8db14724e66a"
+import_export_public_key:"3dd92e750d90d7d39fc1885cd8ad12ea9441f22b9334b4d965202adb1448ce24c5808a85dd9afc229af0a3124f755bcb":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):0:PSA_SUCCESS:"04719f9d093a627e0d350385c661cebf00c61923566fe9006a3107af1d871bc6bb68985fd722ea32be316f8e783b7cd1957785f66cfc0cb195dd5c99a8e7abaa848553a584dfd2b48e76d445fe00dd8be59096d877d4696d23b4bc8db14724e66a"
 
 PSA import/export EC brainpool512r1 key pair: good, opaque
 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_BRAINPOOL_P_R1_512:MBEDTLS_PSA_CRYPTO_DRIVERS
-import_export:"372c9778f69f726cbca3f4a268f16b4d617d10280d79a6a029cd51879fe1012934dfe5395455337df6906dc7d6d2eea4dbb2065c0228f73b3ed716480e7d71d2":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):512:0:PSA_SUCCESS:1
+import_export:"372c9778f69f726cbca3f4a268f16b4d617d10280d79a6a029cd51879fe1012934dfe5395455337df6906dc7d6d2eea4dbb2065c0228f73b3ed716480e7d71d2":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):512:0:PSA_SUCCESS:1
 
 PSA import/export-public EC brainpool512r1: good, opaque
 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_BRAINPOOL_P_R1_512:MBEDTLS_PSA_CRYPTO_DRIVERS
@@ -423,55 +423,55 @@ import_export_public_key:"372c9778f69f726cbca3f4a268f16b4d617d10280d79a6a029cd51
 
 PSA import/export EC curve25519 key pair: good (already properly masked), opaque
 depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_255:MBEDTLS_PSA_CRYPTO_DRIVERS
-import_export:"70076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c6a":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):255:0:PSA_SUCCESS:1
+import_export:"70076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c6a":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):255:0:PSA_SUCCESS:1
 
 PSA import/export EC curve25519 key pair: unmasked input (check export-import-export yields properly masked output), opaque
 depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_255:MBEDTLS_PSA_CRYPTO_DRIVERS
-import_export:"77076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c2a":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):255:0:PSA_SUCCESS:0
+import_export:"77076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c2a":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):255:0:PSA_SUCCESS:0
 
 PSA import/export-public EC curve25519: accept unmasked input, opaque
 depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_255:MBEDTLS_PSA_CRYPTO_DRIVERS
-import_export_public_key:"77076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c2a":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):0:PSA_SUCCESS:"8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a"
+import_export_public_key:"77076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c2a":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):0:PSA_SUCCESS:"8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a"
 
 PSA import/export-public EC curve25519: accept masked input, opaque
 depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_255:MBEDTLS_PSA_CRYPTO_DRIVERS
-import_export_public_key:"70076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c6a":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):0:PSA_SUCCESS:"8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a"
+import_export_public_key:"70076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c6a":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):0:PSA_SUCCESS:"8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a"
 
 PSA import/export-public: cannot export-public a symmetric key, opaque
 depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_PSA_CRYPTO_DRIVERS
-import_export_public_key:"2b7e151628aed2a6abf7158809cf4f3c":PSA_KEY_TYPE_AES:PSA_ALG_CBC_NO_PADDING:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):0:PSA_ERROR_INVALID_ARGUMENT:"2b7e151628aed2a6abf7158809cf4f3c"
+import_export_public_key:"2b7e151628aed2a6abf7158809cf4f3c":PSA_KEY_TYPE_AES:PSA_ALG_CBC_NO_PADDING:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):0:PSA_ERROR_INVALID_ARGUMENT:"2b7e151628aed2a6abf7158809cf4f3c"
 
 PSA import/export EC secp256r1 public key: good, opaque
 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_CRYPTO_DRIVERS
-import_export:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):256:0:PSA_SUCCESS:1
+import_export:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):256:0:PSA_SUCCESS:1
 
 PSA import/export EC secp521r1 public key: good, opaque
 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_521:MBEDTLS_PSA_CRYPTO_DRIVERS
-import_export:"04001de142d54f69eb038ee4b7af9d3ca07736fd9cf719eb354d69879ee7f3c136fb0fbf9f08f86be5fa128ec1a051d3e6c643e85ada8ffacf3663c260bd2c844b6f5600cee8e48a9e65d09cadd89f235dee05f3b8a646be715f1f67d5b434e0ff23a1fc07ef7740193e40eeff6f3bcdfd765aa9155033524fe4f205f5444e292c4c2f6ac1":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):521:0:PSA_SUCCESS:1
+import_export:"04001de142d54f69eb038ee4b7af9d3ca07736fd9cf719eb354d69879ee7f3c136fb0fbf9f08f86be5fa128ec1a051d3e6c643e85ada8ffacf3663c260bd2c844b6f5600cee8e48a9e65d09cadd89f235dee05f3b8a646be715f1f67d5b434e0ff23a1fc07ef7740193e40eeff6f3bcdfd765aa9155033524fe4f205f5444e292c4c2f6ac1":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):521:0:PSA_SUCCESS:1
 
 PSA import/export EC brainpoolP256r1 public key: good, opaque
 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_BRAINPOOL_P_R1_256:MBEDTLS_PSA_CRYPTO_DRIVERS
-import_export:"04768c8cae4abca6306db0ed81b0c4a6215c378066ec6d616c146e13f1c7df809b96ab6911c27d8a02339f0926840e55236d3d1efbe2669d090e4c4c660fada91d":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):256:0:PSA_SUCCESS:1
+import_export:"04768c8cae4abca6306db0ed81b0c4a6215c378066ec6d616c146e13f1c7df809b96ab6911c27d8a02339f0926840e55236d3d1efbe2669d090e4c4c660fada91d":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):256:0:PSA_SUCCESS:1
 
 PSA import/export curve25519 public key: good, opaque
 depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_255:MBEDTLS_PSA_CRYPTO_DRIVERS
-import_export:"8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_MONTGOMERY):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):255:0:PSA_SUCCESS:1
+import_export:"8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_MONTGOMERY):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):255:0:PSA_SUCCESS:1
 
 PSA import/export AES key: policy forbids export, opaque
 depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_CRYPTO_DRIVERS
-import_export:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_KEY_TYPE_AES:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):128:0:PSA_ERROR_NOT_PERMITTED:1
+import_export:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_KEY_TYPE_AES:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):128:0:PSA_ERROR_NOT_PERMITTED:1
 
 PSA import/export HMAC key: policy forbids export, opaque
 depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC:MBEDTLS_PSA_CRYPTO_DRIVERS
-import_export:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_KEY_TYPE_HMAC:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):256:0:PSA_ERROR_NOT_PERMITTED:1
+import_export:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_KEY_TYPE_HMAC:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):256:0:PSA_ERROR_NOT_PERMITTED:1
 
 PSA import/export RSA keypair: policy forbids export (crypt), opaque
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PSA_CRYPTO_DRIVERS
-import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):1024:0:PSA_ERROR_NOT_PERMITTED:1
+import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1024:0:PSA_ERROR_NOT_PERMITTED:1
 
 PSA import/export RSA keypair: policy forbids export (sign), opaque
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C:MBEDTLS_PSA_CRYPTO_DRIVERS
-import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, PSA_CRYPTO_TEST_DRIVER_LOCATION ):1024:0:PSA_ERROR_NOT_PERMITTED:1
+import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1024:0:PSA_ERROR_NOT_PERMITTED:1
 
 # Test PEM import. Note that this is not a PSA feature, it's an Mbed TLS
 # extension which we may drop in the future.
@@ -1049,225 +1049,361 @@ depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_ECDSA:PSA_WANT_KE
 key_policy_alg2:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_SHA_256)
 
 Copy key: raw, 1 byte
-copy_success:PSA_KEY_USAGE_COPY:0:0:PSA_KEY_TYPE_RAW_DATA:"2a":1:-1:-1:0:PSA_KEY_USAGE_COPY:0:0
+copy_success:PSA_KEY_USAGE_COPY:0:0:0:PSA_KEY_TYPE_RAW_DATA:"2a":1:-1:-1:0:0:PSA_KEY_USAGE_COPY:0:0
 
 Copy key: AES, copy attributes
 depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
-copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":1:-1:-1:0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":1:-1:-1:0:0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0
 
 Copy key: AES, same usage flags
 depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
-copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0
 
 Copy key: AES, fewer usage flags (-EXPORT)
 depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
-copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0:0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0
 
 Copy key: AES, fewer usage flags (-COPY)
 depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
-copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0
 
 Copy key: AES, 1 more usage flag
 depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
-copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:0:0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0
 
 Copy key: AES, 2 more usage flags
 depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
-copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0
 
 Copy key: AES, intersect usage flags #1
 depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
-copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:0:0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0
 
 Copy key: AES, intersect usage flags #2
 depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
-copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:0:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:0:0:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0
 
 Copy key: RSA key pair, same usage flags
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_MD_C
-copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0
 
 Copy key: RSA key pair, extended usage flags
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_MD_C
-copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0
 
 Copy key: RSA key pair, fewer usage flags
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_MD_C
-copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0
 
 Copy key: RSA key pair, more usage flags
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_MD_C
-copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0
 
 Copy key: RSA key pair, intersect usage flags #0
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_MD_C
-copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:0:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:0:0:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0
 
 Copy key: RSA key pair, intersect usage flags #1
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_MD_C
-copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0
 
 Copy key: RSA key pair, wildcard algorithm in source
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_MD_C
-copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0
 
 Copy key: RSA key pair, wildcard algorithm in target
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_MD_C
-copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0
 
 Copy key: RSA key pair, wildcard algorithm in source and target
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_MD_C
-copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0
 
 Copy key: source=ECDSA+ECDH, target=ECDSA+ECDH
 depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256
-copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:0:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH
 
 Copy key: source=ECDSA+ECDH, target=ECDSA+ECDH, extended usage flags
 depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256
-copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:0:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH
 
 Copy key: source=ECDSA+ECDH, target=ECDSA+0
 depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256
-copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):0
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:0:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_SHA_256):0:0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):0
 
 Copy key: source=ECDSA+ECDH, target=0+ECDH
 depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256
-copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:0:PSA_ALG_ECDH:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:0:PSA_ALG_ECDH
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:0:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:0:PSA_ALG_ECDH:0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:0:PSA_ALG_ECDH
 
 Copy key: source=ECDSA(any)+ECDH, target=ECDSA(SHA256)+ECDH
 depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256
-copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_ECDH:0:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH
 
 Copy key: source=ECDH+ECDSA(any), target=ECDH+ECDSA(SHA256)
 depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256
-copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_SHA_256)
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):0:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_SHA_256)
+
+Copy key: raw, 1 byte, opaque
+depends_on:MBEDTLS_PSA_CRYPTO_DRIVERS
+copy_success:PSA_KEY_USAGE_COPY:0:0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_RAW_DATA:"2a":1:-1:-1:0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_COPY:0:0
+
+Copy key: AES, copy attributes, opaque
+depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_CRYPTO_DRIVERS
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":1:-1:-1:0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0
+
+Copy key: AES, same usage flags, opaque
+depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_CRYPTO_DRIVERS
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0
+
+Copy key: AES, fewer usage flags (-EXPORT), opaque
+depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_CRYPTO_DRIVERS
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0
+
+Copy key: AES, fewer usage flags (-COPY), opaque
+depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_CRYPTO_DRIVERS
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0
+
+Copy key: AES, 1 more usage flag, opaque
+depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_CRYPTO_DRIVERS
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0
+
+Copy key: AES, 2 more usage flags, opaque
+depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_CRYPTO_DRIVERS
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0
+
+Copy key: AES, intersect usage flags #1, opaque
+depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_CRYPTO_DRIVERS
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0
+
+Copy key: AES, intersect usage flags #2, opaque
+depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_CRYPTO_DRIVERS
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0
+
+Copy key: RSA key pair, same usage flags, opaque
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_MD_C:MBEDTLS_PSA_CRYPTO_DRIVERS
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0
+
+Copy key: RSA key pair, extended usage flags, opaque
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_MD_C:MBEDTLS_PSA_CRYPTO_DRIVERS
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0
+
+Copy key: RSA key pair, fewer usage flags, opaque
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_MD_C:MBEDTLS_PSA_CRYPTO_DRIVERS
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0
+
+Copy key: RSA key pair, more usage flags, opaque
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_MD_C:MBEDTLS_PSA_CRYPTO_DRIVERS
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0
+
+Copy key: RSA key pair, intersect usage flags #0, opaque
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_MD_C:MBEDTLS_PSA_CRYPTO_DRIVERS
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):0:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0
+
+Copy key: RSA key pair, intersect usage flags #1, opaque
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_MD_C:MBEDTLS_PSA_CRYPTO_DRIVERS
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0
+
+Copy key: RSA key pair, wildcard algorithm in source, opaque
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_MD_C:MBEDTLS_PSA_CRYPTO_DRIVERS
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0
+
+Copy key: RSA key pair, wildcard algorithm in target, opaque
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_MD_C:MBEDTLS_PSA_CRYPTO_DRIVERS
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0
+
+Copy key: RSA key pair, wildcard algorithm in source and target, opaque
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_MD_C:MBEDTLS_PSA_CRYPTO_DRIVERS
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0
+
+Copy key: source=ECDSA+ECDH, target=ECDSA+ECDH, opaque
+depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_CRYPTO_DRIVERS
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH
+
+Copy key: source=ECDSA+ECDH, target=ECDSA+ECDH, extended usage flags, opaque
+depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_CRYPTO_DRIVERS
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH
+
+Copy key: source=ECDSA+ECDH, target=ECDSA+0, opaque
+depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_CRYPTO_DRIVERS
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_SHA_256):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):0
+
+Copy key: source=ECDSA+ECDH, target=0+ECDH, opaque
+depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_CRYPTO_DRIVERS
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:0:PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:0:PSA_ALG_ECDH
+
+Copy key: source=ECDSA(any)+ECDH, target=ECDSA(SHA256)+ECDH, opaque
+depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_CRYPTO_DRIVERS
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH
+
+Copy key: source=ECDH+ECDSA(any), target=ECDH+ECDSA(SHA256), opaque
+depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_CRYPTO_DRIVERS
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_SHA_256)
 
 Copy fail: raw data, no COPY flag
-copy_fail:PSA_KEY_USAGE_EXPORT:0:0:PSA_KEY_TYPE_RAW_DATA:"404142434445464748494a4b4c4d4e4f":0:0:PSA_KEY_USAGE_EXPORT:0:0:0:PSA_KEY_LIFETIME_VOLATILE:PSA_ERROR_NOT_PERMITTED
+copy_fail:PSA_KEY_USAGE_EXPORT:0:0:0:PSA_KEY_TYPE_RAW_DATA:"404142434445464748494a4b4c4d4e4f":0:0:PSA_KEY_USAGE_EXPORT:0:0:0:PSA_KEY_LIFETIME_VOLATILE:PSA_ERROR_NOT_PERMITTED
 
 Copy key: AES, no COPY flag
 depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
-copy_fail:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:0:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0:0:PSA_KEY_LIFETIME_VOLATILE:PSA_ERROR_NOT_PERMITTED
+copy_fail:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:0:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0:0:PSA_KEY_LIFETIME_VOLATILE:PSA_ERROR_NOT_PERMITTED
 
 Copy fail: AES, incompatible target policy
 depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
-copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_CBC_NO_PADDING:0:0:PSA_KEY_LIFETIME_VOLATILE:PSA_ERROR_INVALID_ARGUMENT
+copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_CBC_NO_PADDING:0:0:PSA_KEY_LIFETIME_VOLATILE:PSA_ERROR_INVALID_ARGUMENT
 
 Copy key: source=MAC, target=MAC extended usage flags
 depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
-copy_success:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_HMAC(PSA_ALG_SHA_256):0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_HMAC(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_HMAC(PSA_ALG_SHA_256):0
+copy_success:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_HMAC(PSA_ALG_SHA_256):0:0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_HMAC(PSA_ALG_SHA_256):0:0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_HMAC(PSA_ALG_SHA_256):0
 
 Copy key: source=MAC min-length, target=MAC length > min-length
 depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
-copy_success:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 24):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 24):0
+copy_success:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 24):0:0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 24):0
 
 Copy key: source=MAC min-length, target=MAC length = min-length
 depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
-copy_success:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0
+copy_success:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0
 
 Copy fail: source=MAC min-length, target=MAC length < min-length
 depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
-copy_fail:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_KEY_TYPE_HMAC:256:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 16):0:0:PSA_KEY_LIFETIME_VOLATILE:PSA_ERROR_INVALID_ARGUMENT
+copy_fail:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_KEY_TYPE_HMAC:256:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 16):0:0:PSA_KEY_LIFETIME_VOLATILE:PSA_ERROR_INVALID_ARGUMENT
 
 Copy key: source=MAC min-length, target=MAC min-length, src > tgt
 depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
-copy_success:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 24):0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 24):0
+copy_success:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 24):0:0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 24):0
 
 Copy key: source=MAC min-length, target=MAC min-length, src = tgt
 depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
-copy_success:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0
+copy_success:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0
 
 Copy key: source=MAC min-length, target=MAC min-length, src < tgt
 depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
-copy_success:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 24):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 24):0
+copy_success:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 24):0:0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 24):0
 
 Copy fail: source=MAC, target=MAC min-length > length
 depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
-copy_fail:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_KEY_TYPE_HMAC:256:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 24):0:0:PSA_KEY_LIFETIME_VOLATILE:PSA_ERROR_INVALID_ARGUMENT
+copy_fail:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_KEY_TYPE_HMAC:256:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 24):0:0:PSA_KEY_LIFETIME_VOLATILE:PSA_ERROR_INVALID_ARGUMENT
 
 Copy key: source=MAC, target=MAC min-length = length
 depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
-copy_success:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0
+copy_success:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0
 
 Copy key: source=MAC, target=MAC min-length < length
 depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
-copy_success:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 16):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0
+copy_success:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 16):0:0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0
 
 Copy key: source=AEAD min-length, target=AEAD length > min-length
 depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
-copy_success:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 4):0:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 8):0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 8):0
+copy_success:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 4):0:0:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 8):0:0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 8):0
 
 Copy key: source=AEAD min-length, target=AEAD length = min-length
 depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
-copy_success:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 4):0:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 4):0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 4):0
+copy_success:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 4):0:0:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 4):0:0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 4):0
 
 Copy fail: source=AEAD min-length, target=AEAD length < min-length
 depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
-copy_fail:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 4):0:0:PSA_KEY_LIFETIME_VOLATILE:PSA_ERROR_INVALID_ARGUMENT
+copy_fail:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0:0:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 4):0:0:PSA_KEY_LIFETIME_VOLATILE:PSA_ERROR_INVALID_ARGUMENT
 
 Copy key: source=AEAD min-length, target=AEAD min-length, src > tgt
 depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
-copy_success:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 4):0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0
+copy_success:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0:0:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 4):0:0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0
 
 Copy key: source=AEAD min-length, target=AEAD min-length, src = tgt
 depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
-copy_success:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0
+copy_success:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0:0:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0:0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0
 
 Copy key: source=AEAD min-length, target=AEAD min-length, src < tgt
 depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
-copy_success:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 4):0:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0
+copy_success:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 4):0:0:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0:0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0
+
+Copy key: source=MAC, target=MAC min-length = length, opaque
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC:MBEDTLS_PSA_CRYPTO_DRIVERS
+copy_success:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0
+
+Copy key: source=MAC, target=MAC min-length < length, opaque
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC:MBEDTLS_PSA_CRYPTO_DRIVERS
+copy_success:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 16):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0
+
+Copy key: source=AEAD min-length, target=AEAD length > min-length, opaque
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_CRYPTO_DRIVERS
+copy_success:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 4):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 8):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 8):0
+
+Copy key: source=AEAD min-length, target=AEAD length = min-length, opaque
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_CRYPTO_DRIVERS
+copy_success:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 4):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 4):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 4):0
+
+Copy key: source=AEAD min-length, target=AEAD min-length, src > tgt, opaque
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_CRYPTO_DRIVERS
+copy_success:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 4):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0
+
+Copy key: source=AEAD min-length, target=AEAD min-length, src = tgt, opaque
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_CRYPTO_DRIVERS
+copy_success:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION )::PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0
+
+Copy key: source=AEAD min-length, target=AEAD min-length, src < tgt, opaque
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_CRYPTO_DRIVERS
+copy_success:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 4):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0
 
 Copy fail: source=AEAD, target=AEAD min-length > length
 depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
-copy_fail:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 4):0:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0:0:PSA_KEY_LIFETIME_VOLATILE:PSA_ERROR_INVALID_ARGUMENT
+copy_fail:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 4):0:0:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0:0:PSA_KEY_LIFETIME_VOLATILE:PSA_ERROR_INVALID_ARGUMENT
 
 Copy key: source=AEAD, target=AEAD min-length = length
 depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
-copy_success:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 8):0:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 8):0
+copy_success:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 8):0:0:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0:0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 8):0
 
 Copy key: source=AEAD, target=AEAD min-length < length
 depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
-copy_success:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 12):0:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 12):0
+copy_success:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 12):0:0:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0:0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 12):0
+
+Copy key: source=AEAD, target=AEAD min-length = length, opaque
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_CRYPTO_DRIVERS
+copy_success:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 8):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 8):0
+
+Copy key: source=AEAD, target=AEAD min-length < length, opaque
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_CRYPTO_DRIVERS
+copy_success:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 12):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 12):0
 
 Copy fail: RSA, incompatible target policy (source wildcard)
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C
-copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):0:0:PSA_KEY_LIFETIME_VOLATILE:PSA_ERROR_INVALID_ARGUMENT
+copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):0:0:PSA_KEY_LIFETIME_VOLATILE:PSA_ERROR_INVALID_ARGUMENT
 
 Copy fail: RSA, incompatible target policy (target wildcard)
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C
-copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):0:0:PSA_KEY_LIFETIME_VOLATILE:PSA_ERROR_INVALID_ARGUMENT
+copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):0:0:PSA_KEY_LIFETIME_VOLATILE:PSA_ERROR_INVALID_ARGUMENT
 
 Copy fail: RSA, incompatible target policy (source and target wildcard)
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C
-copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):0:0:PSA_KEY_LIFETIME_VOLATILE:PSA_ERROR_INVALID_ARGUMENT
+copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):0:0:PSA_KEY_LIFETIME_VOLATILE:PSA_ERROR_INVALID_ARGUMENT
 
 Copy fail: RSA, ANY_HASH is not meaningful with OAEP
 depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C
-copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_OAEP(PSA_ALG_ANY_HASH):0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):0:0:PSA_KEY_LIFETIME_VOLATILE:PSA_ERROR_INVALID_ARGUMENT
+copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_OAEP(PSA_ALG_ANY_HASH):0:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):0:0:PSA_KEY_LIFETIME_VOLATILE:PSA_ERROR_INVALID_ARGUMENT
 
 Copy fail: incorrect type in attributes
 depends_on:PSA_WANT_KEY_TYPE_AES
-copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:0:0:PSA_KEY_TYPE_RAW_DATA:"404142434445464748494a4b4c4d4e4f":PSA_KEY_TYPE_AES:0:PSA_KEY_USAGE_EXPORT:0:0:0:PSA_KEY_LIFETIME_VOLATILE:PSA_ERROR_INVALID_ARGUMENT
+copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:0:0:0:PSA_KEY_TYPE_RAW_DATA:"404142434445464748494a4b4c4d4e4f":PSA_KEY_TYPE_AES:0:PSA_KEY_USAGE_EXPORT:0:0:0:PSA_KEY_LIFETIME_VOLATILE:PSA_ERROR_INVALID_ARGUMENT
 
 Copy fail: incorrect size in attributes
-copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:0:0:PSA_KEY_TYPE_RAW_DATA:"404142434445464748494a4b4c4d4e4f":0:42:PSA_KEY_USAGE_EXPORT:0:0:0:PSA_KEY_LIFETIME_VOLATILE:PSA_ERROR_INVALID_ARGUMENT
+copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:0:0:0:PSA_KEY_TYPE_RAW_DATA:"404142434445464748494a4b4c4d4e4f":0:42:PSA_KEY_USAGE_EXPORT:0:0:0:PSA_KEY_LIFETIME_VOLATILE:PSA_ERROR_INVALID_ARGUMENT
 
 Copy fail: source=ECDSA(SHA224)+ECDH, target=ECDSA(SHA256)+ECDH
 depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256
-copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_224):PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:0:PSA_KEY_LIFETIME_VOLATILE:PSA_ERROR_INVALID_ARGUMENT
+copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_224):PSA_ALG_ECDH:0:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:0:PSA_KEY_LIFETIME_VOLATILE:PSA_ERROR_INVALID_ARGUMENT
 
 Copy fail: source=ECDH+ECDSA(SHA224), target=ECDH+ECDSA(SHA256)
 depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256
-copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_SHA_224):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_SHA_256):0:PSA_KEY_LIFETIME_VOLATILE:PSA_ERROR_INVALID_ARGUMENT
+copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_SHA_224):0:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_SHA_256):0:PSA_KEY_LIFETIME_VOLATILE:PSA_ERROR_INVALID_ARGUMENT
 
 Copy fail: AES, invalid persistent key identifier in attributes
 depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_CRYPTO_STORAGE_C
-copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_TYPE_AES:0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:0:PSA_KEY_LIFETIME_PERSISTENT:PSA_ERROR_INVALID_ARGUMENT
+copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_TYPE_AES:0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:0:PSA_KEY_LIFETIME_PERSISTENT:PSA_ERROR_INVALID_ARGUMENT
 
 Copy fail: AES, invalid lifetime (unknown location) in attributes
-depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_CRYPTO_STORAGE_C
-copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_TYPE_AES:0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:1:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(PSA_KEY_LIFETIME_PERSISTENT, 11):PSA_ERROR_INVALID_ARGUMENT
+depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_CRYPTO_STORAGE_C:!MBEDTLS_PSA_CRYPTO_DRIVERS
+copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_TYPE_AES:0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:1:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(PSA_KEY_PERSISTENCE_DEFAULT, 11):PSA_ERROR_INVALID_ARGUMENT
+
+Copy fail: AES, across locations (unsupported) in attributes
+depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_CRYPTO_DRIVERS
+copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION):PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_TYPE_AES:0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:1:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(PSA_KEY_PERSISTENCE_VOLATILE, 0):PSA_ERROR_NOT_SUPPORTED
 
 Hash operation object initializers zero properly
 hash_operation_init:
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 7e9a743e7e..2b5727345d 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -17,6 +17,9 @@
 #include "test/psa_exercise_key.h"
 #if defined(PSA_CRYPTO_DRIVER_TEST)
 #include "test/drivers/test_driver.h"
+#define TEST_DRIVER_LOCATION PSA_CRYPTO_TEST_DRIVER_LOCATION
+#else
+#define TEST_DRIVER_LOCATION 0x7fffff
 #endif
 
 /* If this comes up, it's a bug in the test code or in the test data. */
@@ -1305,10 +1308,12 @@ exit:
 /* BEGIN_CASE */
 void copy_success( int source_usage_arg,
                    int source_alg_arg, int source_alg2_arg,
+                   unsigned int source_lifetime_arg,
                    int type_arg, data_t *material,
                    int copy_attributes,
                    int target_usage_arg,
                    int target_alg_arg, int target_alg2_arg,
+                   unsigned int target_lifetime_arg,
                    int expected_usage_arg,
                    int expected_alg_arg, int expected_alg2_arg )
 {
@@ -1317,6 +1322,8 @@ void copy_success( int source_usage_arg,
     psa_key_usage_t expected_usage = expected_usage_arg;
     psa_algorithm_t expected_alg = expected_alg_arg;
     psa_algorithm_t expected_alg2 = expected_alg2_arg;
+    psa_key_lifetime_t source_lifetime = source_lifetime_arg;
+    psa_key_lifetime_t target_lifetime = target_lifetime_arg;
     mbedtls_svc_key_id_t source_key = MBEDTLS_SVC_KEY_ID_INIT;
     mbedtls_svc_key_id_t target_key = MBEDTLS_SVC_KEY_ID_INIT;
     uint8_t *export_buffer = NULL;
@@ -1328,6 +1335,7 @@ void copy_success( int source_usage_arg,
     psa_set_key_algorithm( &source_attributes, source_alg_arg );
     psa_set_key_enrollment_algorithm( &source_attributes, source_alg2_arg );
     psa_set_key_type( &source_attributes, type_arg );
+    psa_set_key_lifetime( &source_attributes, source_lifetime);
     PSA_ASSERT( psa_import_key( &source_attributes,
                                 material->x, material->len,
                                 &source_key ) );
@@ -1337,9 +1345,8 @@ void copy_success( int source_usage_arg,
     if( copy_attributes )
     {
         target_attributes = source_attributes;
-        /* Set volatile lifetime to reset the key identifier to 0. */
-        psa_set_key_lifetime( &target_attributes, PSA_KEY_LIFETIME_VOLATILE );
     }
+    psa_set_key_lifetime( &target_attributes, target_lifetime);
 
     if( target_usage_arg != -1 )
         psa_set_key_usage_flags( &target_attributes, target_usage_arg );
@@ -1348,6 +1355,7 @@ void copy_success( int source_usage_arg,
     if( target_alg2_arg != -1 )
         psa_set_key_enrollment_algorithm( &target_attributes, target_alg2_arg );
 
+
     /* Copy the key. */
     PSA_ASSERT( psa_copy_key( source_key,
                               &target_attributes, &target_key ) );
@@ -1375,10 +1383,13 @@ void copy_success( int source_usage_arg,
                         export_buffer, length );
     }
 
-    if( ! mbedtls_test_psa_exercise_key( target_key, expected_usage, expected_alg ) )
-        goto exit;
-    if( ! mbedtls_test_psa_exercise_key( target_key, expected_usage, expected_alg2 ) )
-        goto exit;
+    if( !psa_key_lifetime_is_external( target_lifetime ) )
+    {
+        if( ! mbedtls_test_psa_exercise_key( target_key, expected_usage, expected_alg ) )
+            goto exit;
+        if( ! mbedtls_test_psa_exercise_key( target_key, expected_usage, expected_alg2 ) )
+            goto exit;
+    }
 
     PSA_ASSERT( psa_destroy_key( target_key ) );
 
@@ -1398,6 +1409,7 @@ exit:
 /* BEGIN_CASE */
 void copy_fail( int source_usage_arg,
                 int source_alg_arg, int source_alg2_arg,
+                int source_lifetime_arg,
                 int type_arg, data_t *material,
                 int target_type_arg, int target_bits_arg,
                 int target_usage_arg,
@@ -1418,6 +1430,7 @@ void copy_fail( int source_usage_arg,
     psa_set_key_algorithm( &source_attributes, source_alg_arg );
     psa_set_key_enrollment_algorithm( &source_attributes, source_alg2_arg );
     psa_set_key_type( &source_attributes, type_arg );
+    psa_set_key_lifetime( &source_attributes, source_lifetime_arg );
     PSA_ASSERT( psa_import_key( &source_attributes,
                                 material->x, material->len,
                                 &source_key ) );

From 449608bc610aa4c126f064b8cd6ac1339c6356dc Mon Sep 17 00:00:00 2001
From: Archana <archana.madhavan@silabs.com>
Date: Wed, 8 Sep 2021 15:36:05 +0530
Subject: [PATCH 479/966] Code style improvements

Signed-off-by: Archana <archana.madhavan@silabs.com>
---
 library/psa_crypto.c                          |  32 ++---
 library/psa_crypto_core.h                     |   2 +-
 library/psa_crypto_driver_wrappers.c          |  35 ++---
 library/psa_crypto_driver_wrappers.h          |   3 +-
 tests/include/test/drivers/key_management.h   |  15 +--
 .../src/drivers/test_driver_key_management.c  | 127 +++++++++---------
 6 files changed, 107 insertions(+), 107 deletions(-)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index ee16983416..b105890fb3 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -431,7 +431,7 @@ mbedtls_ecp_group_id mbedtls_ecc_group_of_psa( psa_ecc_family_t curve,
         * defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) */
 
 psa_status_t psa_validate_unstructured_key_bit_size( psa_key_type_t type,
-                                                   size_t bits )
+                                                     size_t bits )
 {
     /* Check that the bit size is acceptable for the key type */
     switch( type )
@@ -558,7 +558,8 @@ psa_status_t psa_import_key_into_slot(
     {
         *bits = PSA_BYTES_TO_BITS( data_length );
 
-        status = psa_validate_unstructured_key_bit_size( attributes->core.type, *bits );
+        status = psa_validate_unstructured_key_bit_size( attributes->core.type,
+                                                         *bits );
         if( status != PSA_SUCCESS )
             return( status );
 
@@ -1892,7 +1893,7 @@ psa_status_t psa_import_key( const psa_key_attributes_t *attributes,
     if( data_length == 0 )
         return( PSA_ERROR_INVALID_ARGUMENT );
 
-    /* Ensure that the bytes-to-bits conversion hasn't overflown. */
+    /* Ensure that the bytes-to-bits conversion cannot overflow. */
     if( data_length > SIZE_MAX / 8 )
         return( PSA_ERROR_NOT_SUPPORTED );
 
@@ -1902,15 +1903,15 @@ psa_status_t psa_import_key( const psa_key_attributes_t *attributes,
         goto exit;
 
     /* In the case of a transparent key or an opaque key stored in local
-     * storage( thus not in the case of the old-style secure element interface
-     * (MBEDTLS_PSA_CRYPTO_SE_C)),we have to allocate a buffer to hold the
-     * imported key material. */
+     * storage ( thus not in the case of importing a key in a secure element
+     * with storage ( MBEDTLS_PSA_CRYPTO_SE_C ) ),we have to allocate a
+     * buffer to hold the imported key material. */
     if( slot->key.data == NULL )
     {
         if( psa_key_lifetime_is_external( attributes->core.lifetime ) )
         {
-            status = psa_driver_wrapper_get_key_buffer_size_from_key_data( attributes, data,
-                                           data_length , &storage_size );
+            status = psa_driver_wrapper_get_key_buffer_size_from_key_data(
+                         attributes, data, data_length, &storage_size );
             if( status != PSA_SUCCESS )
                 goto exit;
         }
@@ -2046,7 +2047,7 @@ psa_status_t psa_copy_key( mbedtls_svc_key_id_t source_key,
          * If the source and target keys are stored across different locations,
          * the source key would need to be exported as plaintext and re-imported
          * in the other location. This has security implications which have not
-         * been fully mapped.For now, this can be acheived through
+         * been fully mapped. For now, this can be achieved through
          * appropriate API invocations from the application, if needed.
          * */
         status = PSA_ERROR_NOT_SUPPORTED;
@@ -2054,14 +2055,14 @@ psa_status_t psa_copy_key( mbedtls_svc_key_id_t source_key,
     }
     /*
      * When the source and target keys are within the same location,
-     * - For transparent keys it is a blind copy sans any driver invocation,
+     * - For transparent keys it is a blind copy without any driver invocation,
      * - For opaque keys this translates to an invocation of the drivers'
      *   copy_key entry point through the dispatch layer.
      * */
     if( psa_key_lifetime_is_external( actual_attributes.core.lifetime ) )
     {
         status = psa_driver_wrapper_get_key_buffer_size( &actual_attributes,
-                         &storage_size );
+                                                         &storage_size );
         if( status != PSA_SUCCESS )
             goto exit;
         status = psa_allocate_buffer_to_slot( target_slot, storage_size );
@@ -4197,7 +4198,8 @@ static psa_status_t psa_generate_derived_key_internal(
 
     if( psa_key_lifetime_is_external( attributes.core.lifetime ) )
     {
-        status = psa_driver_wrapper_get_key_buffer_size( &attributes, &storage_size );
+        status = psa_driver_wrapper_get_key_buffer_size( &attributes,
+                                                         &storage_size );
         if( status != PSA_SUCCESS )
             goto exit;
     }
@@ -5193,9 +5195,9 @@ psa_status_t psa_generate_key( const psa_key_attributes_t *attributes,
         goto exit;
 
     /* In the case of a transparent key or an opaque key stored in local
-     * storage( thus not in the case of the old-style secure element interface
-     * (MBEDTLS_PSA_CRYPTO_SE_C)),we have to allocate a buffer to hold the
-     * imported key material. */
+     * storage ( thus not in the case of generating a key in a secure element
+     * with storage ( MBEDTLS_PSA_CRYPTO_SE_C ) ),we have to allocate a
+     * buffer to hold the generated key material. */
     if( slot->key.data == NULL )
     {
         if ( PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ) ==
diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h
index 4a3fa5079b..8c91b04d03 100644
--- a/library/psa_crypto_core.h
+++ b/library/psa_crypto_core.h
@@ -546,5 +546,5 @@ psa_status_t psa_verify_hash_builtin(
  *         the two is not supported.
  */
 psa_status_t psa_validate_unstructured_key_bit_size( psa_key_type_t type,
-                                                   size_t bits );
+                                                     size_t bits );
 #endif /* PSA_CRYPTO_CORE_H */
diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c
index 1597b00d0f..00c17063af 100644
--- a/library/psa_crypto_driver_wrappers.c
+++ b/library/psa_crypto_driver_wrappers.c
@@ -380,10 +380,9 @@ psa_status_t psa_driver_wrapper_verify_hash(
     }
 }
 
-/** calculate the key buffer size required to store the key material of a key
+/** Calculate the key buffer size required to store the key material of a key
  *  associated with an opaque driver from input key data.
  *
- *
  * \param[in] attributes        The key attributes
  * \param[in] data              The input key data.
  * \param[in] data_length       The input data length.
@@ -399,7 +398,8 @@ psa_status_t psa_driver_wrapper_get_key_buffer_size_from_key_data(
     size_t data_length,
     size_t *key_buffer_size )
 {
-    psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
+    psa_key_location_t location =
+        PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
     psa_key_type_t key_type = attributes->core.type;
 
     *key_buffer_size = 0;
@@ -459,7 +459,8 @@ psa_status_t psa_driver_wrapper_get_key_buffer_size(
                 return( PSA_SUCCESS );
             }
 #endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
-            *key_buffer_size = mbedtls_test_opaque_size_function( key_type, key_bits );
+            *key_buffer_size = mbedtls_test_opaque_size_function( key_type,
+                                                                  key_bits );
             return( ( *key_buffer_size != 0 ) ?
                     PSA_SUCCESS : PSA_ERROR_NOT_SUPPORTED );
 #endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -785,20 +786,12 @@ psa_status_t psa_driver_wrapper_get_builtin_key(
 psa_status_t psa_driver_wrapper_copy_key(
     psa_key_attributes_t *attributes,
     const uint8_t *source_key, size_t source_key_size,
-    uint8_t *target_key_buffer, size_t target_buffer_size, size_t *key_length )
+    uint8_t *target_key_buffer, size_t target_key_buffer_size,
+    size_t *target_key_buffer_length )
 {
-    psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
-    psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
-#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
-    const psa_drv_se_t *drv;
-    psa_drv_se_context_t *drv_context;
-
-    if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
-    {
-        /* Copying to a secure element is not implemented yet. */
-        return( PSA_ERROR_NOT_SUPPORTED );
-    }
-#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
+    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+    psa_key_location_t location =
+        PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
 
     switch( location )
     {
@@ -808,16 +801,16 @@ psa_status_t psa_driver_wrapper_copy_key(
             return( mbedtls_test_opaque_copy_key( attributes, source_key,
                                                   source_key_size,
                                                   target_key_buffer,
-                                                  target_buffer_size,
-                                                  key_length ) );
+                                                  target_key_buffer_size,
+                                                  target_key_buffer_length) );
 #endif /* PSA_CRYPTO_DRIVER_TEST */
 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
         default:
             (void)source_key;
             (void)source_key_size;
             (void)target_key_buffer;
-            (void)target_buffer_size;
-            (void)key_length;
+            (void)target_key_buffer_size;
+            (void)target_key_buffer_length;
             status = PSA_ERROR_INVALID_ARGUMENT;
     }
     return( status );
diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h
index 7c45fbfce2..c186228fa0 100644
--- a/library/psa_crypto_driver_wrappers.h
+++ b/library/psa_crypto_driver_wrappers.h
@@ -103,7 +103,8 @@ psa_status_t psa_driver_wrapper_get_builtin_key(
 psa_status_t psa_driver_wrapper_copy_key(
     psa_key_attributes_t *attributes,
     const uint8_t *source_key, size_t source_key_size,
-    uint8_t *target_key_buffer, size_t target_buffer_size, size_t *key_length );
+    uint8_t *target_key_buffer, size_t target_key_buffer_size,
+    size_t *target_key_buffer_length );
 /*
  * Cipher functions
  */
diff --git a/tests/include/test/drivers/key_management.h b/tests/include/test/drivers/key_management.h
index ed0b5ebbca..16ee0b2160 100644
--- a/tests/include/test/drivers/key_management.h
+++ b/tests/include/test/drivers/key_management.h
@@ -51,19 +51,18 @@ static inline mbedtls_test_driver_key_management_hooks_t
 
 /*
  * In order to convert the plain text keys to Opaque, the size of the key is
- * padded up by PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX_SIZE in addition to xor mangling
- * the key. The pad prefix needs to be accounted for while sizing for the key.
+ * padded up by PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX_SIZE in addition to
+ * xor mangling the key. The pad prefix needs to be accounted for while
+ * sizing for the key.
  */
 #define PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX           0xBEEFED00U
-#define PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX_SIZE      sizeof( PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX )
-
-size_t mbedtls_test_opaque_get_base_size();
+#define PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX_SIZE      sizeof( \
+                                  PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX )
 
 size_t mbedtls_test_opaque_size_function(
     const psa_key_type_t key_type,
     const size_t key_bits );
 
-
 extern mbedtls_test_driver_key_management_hooks_t
     mbedtls_test_driver_key_management_hooks;
 
@@ -118,8 +117,8 @@ psa_status_t mbedtls_test_opaque_copy_key(
     const uint8_t *source_key,
     size_t source_key_size,
     uint8_t *target_key_buffer,
-    size_t target_buffer_size,
-    size_t *key_length );
+    size_t target_key_buffer_size,
+    size_t *target_key_buffer_length);
 
 
 #endif /* PSA_CRYPTO_DRIVER_TEST */
diff --git a/tests/src/drivers/test_driver_key_management.c b/tests/src/drivers/test_driver_key_management.c
index fec0a3e484..2683edcd8c 100644
--- a/tests/src/drivers/test_driver_key_management.c
+++ b/tests/src/drivers/test_driver_key_management.c
@@ -58,11 +58,13 @@ const uint8_t mbedtls_test_driver_ecdsa_pubkey[65] =
 
 
 /*
- * This macro returns the base size for the key context when SE does not support storage.
- * It is the size of the metadata that gets added to the wrapped key.
- * In its test functionality the metadata is just some padded prefixing to the key.
+ * This macro returns the base size for the key context when SE does not
+ * support storage. It is the size of the metadata that gets added to the
+ * wrapped key. In its test functionality the metadata is just some padded
+ * prefixing to the key.
  */
-#define TEST_DRIVER_KEY_CONTEXT_BASE_SIZE  PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX_SIZE
+#define TEST_DRIVER_KEY_CONTEXT_BASE_SIZE  \
+                             PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX_SIZE
 
 
 size_t mbedtls_test_opaque_size_function(
@@ -80,62 +82,70 @@ size_t mbedtls_test_opaque_size_function(
     return( key_buffer_size );
 }
 
-size_t mbedtls_test_opaque_get_base_size()
+static size_t mbedtls_test_opaque_get_base_size()
 {
     return TEST_DRIVER_KEY_CONTEXT_BASE_SIZE;
 }
 
 /*
- * The wrap function mbedtls_test_opaque_wrap_key pads and wraps the clear key.
- * It expects the clear and wrap buffers to be passed in.
- * key_buffer_size is the size of the clear key to be wrapped.
- * wrap_buffer_size is the size of the output buffer wrap_key.
- * The argument key_buffer_length is filled with the wrapped key_size on success.
+ * The wrap function mbedtls_test_opaque_wrap_key pads and wraps the
+ * clear key. It expects the clear and wrap buffers to be passed in.
+ * key_length is the size of the clear key to be wrapped.
+ * wrapped_key_buffer_size is the size of the output buffer wrap_key.
+ * The argument wrapped_key_buffer_length is filled with the wrapped
+ * key_size on success.
  * */
 static psa_status_t mbedtls_test_opaque_wrap_key(
-    const uint8_t *key_buffer,
-    size_t key_buffer_size,
-    uint8_t *wrap_key,
-    size_t wrap_buffer_size,
-    size_t *key_buffer_length )
+    const uint8_t *key,
+    size_t key_length,
+    uint8_t *wrapped_key_buffer,
+    size_t wrapped_key_buffer_size,
+    size_t *wrapped_key_buffer_length )
 {
-   size_t opaque_key_base_size = mbedtls_test_opaque_get_base_size();
-   uint64_t prefix = PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX;
-   if( key_buffer_size + opaque_key_base_size > wrap_buffer_size )
-      return( PSA_ERROR_BUFFER_TOO_SMALL );
-   /* Write in the opaque pad prefix */
-   memcpy( wrap_key, &prefix, opaque_key_base_size);
-   wrap_key += opaque_key_base_size;
-   *key_buffer_length = key_buffer_size + opaque_key_base_size;
-   while( key_buffer_size-- )
-      wrap_key[key_buffer_size] = key_buffer[key_buffer_size] ^ 0xFF;
-   return( PSA_SUCCESS );
+    size_t opaque_key_base_size = mbedtls_test_opaque_get_base_size();
+    uint64_t prefix = PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX;
+
+    if( key_length + opaque_key_base_size > wrapped_key_buffer_size )
+        return( PSA_ERROR_BUFFER_TOO_SMALL );
+
+    /* Write in the opaque pad prefix */
+    memcpy( wrapped_key_buffer, &prefix, opaque_key_base_size);
+    wrapped_key_buffer += opaque_key_base_size;
+    *wrapped_key_buffer_length = key_length + opaque_key_base_size;
+
+    while( key_length-- )
+        wrapped_key_buffer[key_length] = key[key_length] ^ 0xFF;
+    return( PSA_SUCCESS );
 }
 
 /*
- * The unwrap function mbedtls_test_opaque_unwrap_key removes a pad prefix and unwraps
- * the wrapped key. It expects the clear and wrap buffers to be passed in.
- * wrapped_key_buffer_size is the size of the wrapped key,
+ * The unwrap function mbedtls_test_opaque_unwrap_key removes a pad prefix
+ * and unwraps the wrapped key. It expects the clear and wrap buffers to be
+ * passed in.
+ * wrapped_key_length is the size of the wrapped key,
  * key_buffer_size is the size of the output buffer clear_key.
- * The argument key_buffer_length is filled with the unwrapped(clear) key_size on success.
+ * The argument key_buffer_length is filled with the unwrapped(clear)
+ * key_size on success.
  * */
 static psa_status_t mbedtls_test_opaque_unwrap_key(
     const uint8_t *wrapped_key,
-    size_t wrapped_key_buffer_size,
+    size_t wrapped_key_length,
     uint8_t *key_buffer,
     size_t key_buffer_size,
     size_t *key_buffer_length)
 {
-   /* Remove the pad prefis from the wrapped key */
-   size_t opaque_key_base_size = mbedtls_test_opaque_get_base_size();
-   size_t clear_key_size = wrapped_key_buffer_size - opaque_key_base_size;
-   wrapped_key += opaque_key_base_size;
-   if( clear_key_size > key_buffer_size )
-      return( PSA_ERROR_BUFFER_TOO_SMALL );
-   *key_buffer_length = clear_key_size;
-   while( clear_key_size-- )
-      key_buffer[clear_key_size] = wrapped_key[clear_key_size] ^ 0xFF;
-   return( PSA_SUCCESS );
+    /* Remove the pad prefix from the wrapped key */
+    size_t opaque_key_base_size = mbedtls_test_opaque_get_base_size();
+    size_t clear_key_size = wrapped_key_length - opaque_key_base_size;
+
+    wrapped_key += opaque_key_base_size;
+    if( clear_key_size > key_buffer_size )
+        return( PSA_ERROR_BUFFER_TOO_SMALL );
+
+    *key_buffer_length = clear_key_size;
+    while( clear_key_size-- )
+        key_buffer[clear_key_size] = wrapped_key[clear_key_size] ^ 0xFF;
+    return( PSA_SUCCESS );
 }
 
 psa_status_t mbedtls_test_transparent_generate_key(
@@ -257,21 +267,22 @@ psa_status_t mbedtls_test_opaque_import_key(
     size_t *key_buffer_length,
     size_t *bits)
 {
-
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     psa_key_type_t type = psa_get_key_type( attributes );
-    /* This buffer will be used as an intermediate placeholder for the clear
-     * key till we wrap it */
+    /* This buffer will be used as an intermediate placeholder for
+     * the clear key till we wrap it */
     uint8_t *key_buffer_temp;
-    key_buffer_temp = mbedtls_calloc( 1, key_buffer_size );
 
-    if( !key_buffer_temp )
+    key_buffer_temp = mbedtls_calloc( 1, key_buffer_size );
+    if( key_buffer_temp == NULL )
         return( PSA_ERROR_INSUFFICIENT_MEMORY );
+
     if( PSA_KEY_TYPE_IS_UNSTRUCTURED( type ) )
     {
         *bits = PSA_BYTES_TO_BITS( data_length );
 
-        status = psa_validate_unstructured_key_bit_size( attributes->core.type, *bits );
+        status = psa_validate_unstructured_key_bit_size( attributes->core.type,
+                                                         *bits );
         if( status != PSA_SUCCESS )
             goto exit;
 
@@ -311,13 +322,6 @@ psa_status_t mbedtls_test_opaque_import_key(
 #endif
     {
         status = PSA_ERROR_INVALID_ARGUMENT;
-        (void)data;
-        (void)data_length;
-        (void)key_buffer;
-        (void)key_buffer_size;
-        (void)key_buffer_length;
-        (void)bits;
-        (void)type;
         goto exit;
     }
     status = mbedtls_test_opaque_wrap_key( key_buffer_temp, *key_buffer_length,
@@ -389,10 +393,10 @@ psa_status_t mbedtls_test_opaque_export_key(
     }
     else
     {
-        /* This buffer will be used as an intermediate placeholder for the opaque key
-         * till we unwrap the key into key_buffer */
+        /* This buffer will be used as an intermediate placeholder for
+         * the opaque key till we unwrap the key into key_buffer */
         uint8_t *key_buffer_temp;
-        size_t status = PSA_ERROR_BUFFER_TOO_SMALL;
+        size_t status = PSA_ERROR_CORRUPTION_DETECTED;
         psa_key_type_t type = psa_get_key_type( attributes );
 
         if( PSA_KEY_TYPE_IS_UNSTRUCTURED( type ) ||
@@ -400,7 +404,7 @@ psa_status_t mbedtls_test_opaque_export_key(
             PSA_KEY_TYPE_IS_ECC( type ) )
         {
             key_buffer_temp = mbedtls_calloc( 1, key_length );
-            if( !key_buffer_temp )
+            if( key_buffer_temp == NULL )
                 return( PSA_ERROR_INSUFFICIENT_MEMORY );
             memcpy( key_buffer_temp, key, key_length );
             status = mbedtls_test_opaque_unwrap_key( key_buffer_temp, key_length,
@@ -475,12 +479,14 @@ psa_status_t mbedtls_test_opaque_export_public_key(
 {
     if( key_length != sizeof( psa_drv_slot_number_t ) )
     {
-        psa_status_t status = PSA_ERROR_NOT_SUPPORTED;
+        psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
         psa_key_type_t key_type = psa_get_key_type( attributes );
         uint8_t *key_buffer_temp;
+
         key_buffer_temp = mbedtls_calloc( 1, key_length );
-        if( !key_buffer_temp )
+        if( key_buffer_temp == NULL )
             return( PSA_ERROR_INSUFFICIENT_MEMORY );
+
     #if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \
     defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY)
         if( PSA_KEY_TYPE_IS_ECC( key_type ) )
@@ -512,7 +518,6 @@ psa_status_t mbedtls_test_opaque_export_public_key(
         {
             status = PSA_ERROR_NOT_SUPPORTED;
             (void)key;
-            (void)key_length;
             (void)key_type;
         }
         mbedtls_free( key_buffer_temp );

From 374fe5b8d2da303166dffaa27ddcc47f8367471e Mon Sep 17 00:00:00 2001
From: Archana <archana.madhavan@silabs.com>
Date: Wed, 8 Sep 2021 15:50:28 +0530
Subject: [PATCH 480/966] Handle zeroed attributes key bits and type in copy

The target attributes for key copy could have key bits and
type zeroed. If so, they need to be overwritten/ inherited
from the source key.
This is now forcefully overwritten after validating the
optional attributes. As a result assigning attributes type
and bits after copy are no longer necessary.

Signed-off-by: Archana <archana.madhavan@silabs.com>
---
 library/psa_crypto.c | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index b105890fb3..906e9b4579 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -2000,9 +2000,6 @@ static psa_status_t psa_copy_key_material( const psa_key_slot_t *source,
     if( status != PSA_SUCCESS )
         return( status );
 
-    target->attr.type = source->attr.type;
-    target->attr.bits = source->attr.bits;
-
     return( PSA_SUCCESS );
 }
 
@@ -2030,6 +2027,15 @@ psa_status_t psa_copy_key( mbedtls_svc_key_id_t source_key,
     if( status != PSA_SUCCESS )
         goto exit;
 
+    /* The actual attributes that we received from the user could have
+     * zero values for key bits and type.These optional attributes
+     * have been validated and so it is safe to inherit these
+     * from the source key.
+     * */
+     actual_attributes.core.bits = source_slot->attr.bits;
+     actual_attributes.core.type = source_slot->attr.type;
+
+
     status = psa_restrict_key_policy( source_slot->attr.type,
                                       &actual_attributes.core.policy,
                                       &source_slot->attr.policy );
@@ -2065,9 +2071,11 @@ psa_status_t psa_copy_key( mbedtls_svc_key_id_t source_key,
                                                          &storage_size );
         if( status != PSA_SUCCESS )
             goto exit;
+
         status = psa_allocate_buffer_to_slot( target_slot, storage_size );
         if( status != PSA_SUCCESS )
             goto exit;
+
         status = psa_driver_wrapper_copy_key( &actual_attributes,
                                               source_slot->key.data,
                                               source_slot->key.bytes,

From 74d99c6bfcf911945185317802177d380a9b4623 Mon Sep 17 00:00:00 2001
From: Archana <archana.madhavan@silabs.com>
Date: Wed, 8 Sep 2021 18:50:20 +0530
Subject: [PATCH 481/966] Add a test to validate copy to read only lifetime

Signed-off-by: Archana <archana.madhavan@silabs.com>
---
 tests/suites/test_suite_psa_crypto.data | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index 94a4c71f56..25234fb6a8 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -1401,6 +1401,10 @@ Copy fail: AES, invalid lifetime (unknown location) in attributes
 depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_CRYPTO_STORAGE_C:!MBEDTLS_PSA_CRYPTO_DRIVERS
 copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_TYPE_AES:0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:1:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(PSA_KEY_PERSISTENCE_DEFAULT, 11):PSA_ERROR_INVALID_ARGUMENT
 
+Copy fail: AES, copy to a readonly lifetime in attributes
+depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_CRYPTO_STORAGE_C
+copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_TYPE_AES:0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:1:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_READ_ONLY, 0 ):PSA_ERROR_INVALID_ARGUMENT
+
 Copy fail: AES, across locations (unsupported) in attributes
 depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_CRYPTO_DRIVERS
 copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION):PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_TYPE_AES:0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:1:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(PSA_KEY_PERSISTENCE_VOLATILE, 0):PSA_ERROR_NOT_SUPPORTED

From a316b7e42b231f8bb7dd34f567ae9242292c0728 Mon Sep 17 00:00:00 2001
From: Archana <archana.madhavan@silabs.com>
Date: Thu, 9 Sep 2021 08:45:19 +0530
Subject: [PATCH 482/966] Rebase and update signature for curve448 tests

Also include the opaque test cases for curve448 vectors.

Signed-off-by: Archana <archana.madhavan@silabs.com>
---
 tests/suites/test_suite_psa_crypto.data | 30 ++++++++++++++++++++-----
 1 file changed, 25 insertions(+), 5 deletions(-)

diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index 25234fb6a8..a0efba3bd6 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -311,19 +311,19 @@ import_export_public_key:"70076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fb
 
 PSA import/export EC curve448 key pair: good (already properly masked, key from RFC 7748 6.2 Alice))
 depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_448
-import_export:"988f4925d1519f5775cf46b04b5800d4ee9ee8bae8bc5565d498c28dd9c9baf574a9419744897391006382a6f127ab1d9ac2d8c0a59872eb":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:448:0:PSA_SUCCESS:1
+import_export:"988f4925d1519f5775cf46b04b5800d4ee9ee8bae8bc5565d498c28dd9c9baf574a9419744897391006382a6f127ab1d9ac2d8c0a59872eb":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:0:448:0:PSA_SUCCESS:1
 
 PSA import/export EC curve448 key pair: unmasked input (check export-import-export yields properly masked output, key from RFC 7748 6.2 Alice))
 depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_448
-import_export:"9a8f4925d1519f5775cf46b04b5800d4ee9ee8bae8bc5565d498c28dd9c9baf574a9419744897391006382a6f127ab1d9ac2d8c0a598726b":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:448:0:PSA_SUCCESS:0
+import_export:"9a8f4925d1519f5775cf46b04b5800d4ee9ee8bae8bc5565d498c28dd9c9baf574a9419744897391006382a6f127ab1d9ac2d8c0a598726b":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:0:448:0:PSA_SUCCESS:0
 
 PSA import/export-public EC curve448: accept masked input (key from RFC 7748 6.2 Alice)
 depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_448
-import_export_public_key:"988f4925d1519f5775cf46b04b5800d4ee9ee8bae8bc5565d498c28dd9c9baf574a9419744897391006382a6f127ab1d9ac2d8c0a59872eb":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):PSA_ALG_ECDH:0:PSA_SUCCESS:"9b08f7cc31b7e3e67d22d5aea121074a273bd2b83de09c63faa73d2c22c5d9bbc836647241d953d40c5b12da88120d53177f80e532c41fa0"
+import_export_public_key:"988f4925d1519f5775cf46b04b5800d4ee9ee8bae8bc5565d498c28dd9c9baf574a9419744897391006382a6f127ab1d9ac2d8c0a59872eb":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):PSA_ALG_ECDH:0:0:PSA_SUCCESS:"9b08f7cc31b7e3e67d22d5aea121074a273bd2b83de09c63faa73d2c22c5d9bbc836647241d953d40c5b12da88120d53177f80e532c41fa0"
 
 PSA import/export-public EC curve448: accept unmasked input (key from RFC 7748 6.2 Alice)
 depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_448
-import_export_public_key:"9a8f4925d1519f5775cf46b04b5800d4ee9ee8bae8bc5565d498c28dd9c9baf574a9419744897391006382a6f127ab1d9ac2d8c0a598726b":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):PSA_ALG_ECDH:0:PSA_SUCCESS:"9b08f7cc31b7e3e67d22d5aea121074a273bd2b83de09c63faa73d2c22c5d9bbc836647241d953d40c5b12da88120d53177f80e532c41fa0"
+import_export_public_key:"9a8f4925d1519f5775cf46b04b5800d4ee9ee8bae8bc5565d498c28dd9c9baf574a9419744897391006382a6f127ab1d9ac2d8c0a598726b":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):PSA_ALG_ECDH:0:0:PSA_SUCCESS:"9b08f7cc31b7e3e67d22d5aea121074a273bd2b83de09c63faa73d2c22c5d9bbc836647241d953d40c5b12da88120d53177f80e532c41fa0"
 
 PSA import/export-public: cannot export-public a symmetric key
 depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C
@@ -347,7 +347,7 @@ import_export:"8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a"
 
 PSA import/export curve448 Public Key: good (key from RFC 7748 6.2 Alice)
 depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_448
-import_export:"9b08f7cc31b7e3e67d22d5aea121074a273bd2b83de09c63faa73d2c22c5d9bbc836647241d953d40c5b12da88120d53177f80e532c41fa0":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_MONTGOMERY):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:448:0:PSA_SUCCESS:0
+import_export:"9b08f7cc31b7e3e67d22d5aea121074a273bd2b83de09c63faa73d2c22c5d9bbc836647241d953d40c5b12da88120d53177f80e532c41fa0":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_MONTGOMERY):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:0:448:0:PSA_SUCCESS:0
 
 PSA import/export AES key: policy forbids export
 depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
@@ -437,6 +437,22 @@ PSA import/export-public EC curve25519: accept masked input, opaque
 depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_255:MBEDTLS_PSA_CRYPTO_DRIVERS
 import_export_public_key:"70076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c6a":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):0:PSA_SUCCESS:"8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a"
 
+PSA import/export EC curve448 key pair: good (already properly masked, key from RFC 7748 6.2 Alice)), opaque
+depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_448:MBEDTLS_PSA_CRYPTO_DRIVERS
+import_export:"988f4925d1519f5775cf46b04b5800d4ee9ee8bae8bc5565d498c28dd9c9baf574a9419744897391006382a6f127ab1d9ac2d8c0a59872eb":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):448:0:PSA_SUCCESS:1
+
+PSA import/export EC curve448 key pair: unmasked input (check export-import-export yields properly masked output, key from RFC 7748 6.2 Alice)), opaque
+depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_448:MBEDTLS_PSA_CRYPTO_DRIVERS
+import_export:"9a8f4925d1519f5775cf46b04b5800d4ee9ee8bae8bc5565d498c28dd9c9baf574a9419744897391006382a6f127ab1d9ac2d8c0a598726b":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):448:0:PSA_SUCCESS:0
+
+PSA import/export-public EC curve448: accept masked input (key from RFC 7748 6.2 Alice), opaque
+depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_448:MBEDTLS_PSA_CRYPTO_DRIVERS
+import_export_public_key:"988f4925d1519f5775cf46b04b5800d4ee9ee8bae8bc5565d498c28dd9c9baf574a9419744897391006382a6f127ab1d9ac2d8c0a59872eb":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):0:PSA_SUCCESS:"9b08f7cc31b7e3e67d22d5aea121074a273bd2b83de09c63faa73d2c22c5d9bbc836647241d953d40c5b12da88120d53177f80e532c41fa0"
+
+PSA import/export-public EC curve448: accept unmasked input (key from RFC 7748 6.2 Alice), opaque
+depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_448:MBEDTLS_PSA_CRYPTO_DRIVERS
+import_export_public_key:"9a8f4925d1519f5775cf46b04b5800d4ee9ee8bae8bc5565d498c28dd9c9baf574a9419744897391006382a6f127ab1d9ac2d8c0a598726b":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):0:PSA_SUCCESS:"9b08f7cc31b7e3e67d22d5aea121074a273bd2b83de09c63faa73d2c22c5d9bbc836647241d953d40c5b12da88120d53177f80e532c41fa0"
+
 PSA import/export-public: cannot export-public a symmetric key, opaque
 depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_PSA_CRYPTO_DRIVERS
 import_export_public_key:"2b7e151628aed2a6abf7158809cf4f3c":PSA_KEY_TYPE_AES:PSA_ALG_CBC_NO_PADDING:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):0:PSA_ERROR_INVALID_ARGUMENT:"2b7e151628aed2a6abf7158809cf4f3c"
@@ -457,6 +473,10 @@ PSA import/export curve25519 public key: good, opaque
 depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_255:MBEDTLS_PSA_CRYPTO_DRIVERS
 import_export:"8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_MONTGOMERY):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):255:0:PSA_SUCCESS:1
 
+PSA import/export curve448 Public Key: good (key from RFC 7748 6.2 Alice), opaque
+depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_448:MBEDTLS_PSA_CRYPTO_DRIVERS
+import_export:"9b08f7cc31b7e3e67d22d5aea121074a273bd2b83de09c63faa73d2c22c5d9bbc836647241d953d40c5b12da88120d53177f80e532c41fa0":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_MONTGOMERY):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):448:0:PSA_SUCCESS:0
+
 PSA import/export AES key: policy forbids export, opaque
 depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_CRYPTO_DRIVERS
 import_export:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_KEY_TYPE_AES:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):128:0:PSA_ERROR_NOT_PERMITTED:1

From 9a2b6ff8f24a81cf837476d55b8c0d2aee3f99af Mon Sep 17 00:00:00 2001
From: Archana <archana.madhavan@silabs.com>
Date: Thu, 9 Sep 2021 12:28:24 +0530
Subject: [PATCH 483/966] Fix test vector dependency

Fix opaque key test vector dependency to PSA_CRYPTO_DRIVER_TEST
instead of MBEDTLS_PSA_CRYPTO_DRIVERS while validating with
test drivers.

Signed-off-by: Archana <archana.madhavan@silabs.com>
---
 tests/suites/test_suite_psa_crypto.data | 182 ++++++++++++------------
 1 file changed, 91 insertions(+), 91 deletions(-)

diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index a0efba3bd6..d9eafc0277 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -23,27 +23,27 @@ depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
 import_export:"0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef":PSA_KEY_TYPE_AES:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:256:0:PSA_SUCCESS:1
 
 PSA import/export raw: 1 bytes, opaque
-depends_on:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_CRYPTO_DRIVER_TEST
 import_export:"2a":PSA_KEY_TYPE_RAW_DATA:PSA_KEY_USAGE_EXPORT:0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):8:0:PSA_SUCCESS:1
 
 PSA import/export raw: 1 bytes, larger buffer, opaque
-depends_on:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_CRYPTO_DRIVER_TEST
 import_export:"2a":PSA_KEY_TYPE_RAW_DATA:PSA_KEY_USAGE_EXPORT:0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):8:1:PSA_SUCCESS:1
 
 PSA import/export raw: 2 bytes, buffer too small, opaque
-depends_on:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_CRYPTO_DRIVER_TEST
 import_export:"2a2b":PSA_KEY_TYPE_RAW_DATA:PSA_KEY_USAGE_EXPORT:0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):16:-1:PSA_ERROR_BUFFER_TOO_SMALL:1
 
 PSA import/export AES-128, opaque
-depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:PSA_CRYPTO_DRIVER_TEST
 import_export:"0123456789abcdef0123456789abcdef":PSA_KEY_TYPE_AES:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):128:0:PSA_SUCCESS:1
 
 PSA import/export AES-192, opaque
-depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:PSA_CRYPTO_DRIVER_TEST
 import_export:"0123456789abcdef0123456789abcdef0123456789abcdef":PSA_KEY_TYPE_AES:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):192:0:PSA_SUCCESS:1
 
 PSA import/export AES-256, opaque
-depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:PSA_CRYPTO_DRIVER_TEST
 import_export:"0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef":PSA_KEY_TYPE_AES:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):256:0:PSA_SUCCESS:1
 
 PSA import: bad usage flag
@@ -106,55 +106,55 @@ depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS
 import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b2400":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1024:-1:PSA_SUCCESS:0
 
 PSA import/export RSA public key: good, 1024-bit, opaque
-depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_CRYPTO_DRIVER_TEST
 import_export:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1024:0:PSA_SUCCESS:1
 
 PSA import/export RSA public key: good, larger buffer (+1 byte), opaque
-depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_CRYPTO_DRIVER_TEST
 import_export:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1024:1:PSA_SUCCESS:1
 
 PSA import/export RSA public key: good, larger buffer (*2-1), opaque
-depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_CRYPTO_DRIVER_TEST
 import_export:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1024:161:PSA_SUCCESS:1
 
 PSA import/export RSA public key: good, larger buffer (*2), opaque
-depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_CRYPTO_DRIVER_TEST
 import_export:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1024:162:PSA_SUCCESS:1
 
 PSA import/export RSA public key: good, larger buffer (*2+1), opaque
-depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_CRYPTO_DRIVER_TEST
 import_export:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1024:163:PSA_SUCCESS:1
 
 PSA import/export RSA public key: export buffer too small, opaque
-depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_CRYPTO_DRIVER_TEST
 import_export:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1024:-1:PSA_ERROR_BUFFER_TOO_SMALL:1
 
 PSA import/export RSA keypair: good, 1024-bit, opaque
-depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_CRYPTO_DRIVER_TEST
 import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1024:0:PSA_SUCCESS:1
 
 PSA import/export RSA keypair: good, larger buffer (+1 byte), opaque
-depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_CRYPTO_DRIVER_TEST
 import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1024:1:PSA_SUCCESS:1
 
 PSA import/export RSA keypair: good, larger buffer (*2-1), opaque
-depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_CRYPTO_DRIVER_TEST
 import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1024:609:PSA_SUCCESS:1
 
 PSA import/export RSA keypair: good, larger buffer (*2), opaque
-depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_CRYPTO_DRIVER_TEST
 import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1024:610:PSA_SUCCESS:1
 
 PSA import/export RSA keypair: good, larger buffer (*2+1), opaque
-depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_CRYPTO_DRIVER_TEST
 import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1024:611:PSA_SUCCESS:1
 
 PSA import/export RSA keypair: export buffer too small, opaque
-depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_CRYPTO_DRIVER_TEST
 import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1024:-1:PSA_ERROR_BUFFER_TOO_SMALL:1
 
 PSA import/export RSA keypair: trailing garbage ignored, opaque
-depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_CRYPTO_DRIVER_TEST
 import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b2400":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1024:-1:PSA_SUCCESS:0
 
 PSA import RSA keypair: truncated
@@ -190,19 +190,19 @@ depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS
 import_export_public_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:-1:PSA_ERROR_BUFFER_TOO_SMALL:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001"
 
 PSA import/export-public RSA public key: good, 1024-bit, opaque
-depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_CRYPTO_DRIVER_TEST
 import_export_public_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):0:PSA_SUCCESS:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001"
 
 PSA import/export-public RSA keypair: good, 1024-bit, opaque
-depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_CRYPTO_DRIVER_TEST
 import_export_public_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):0:PSA_SUCCESS:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001"
 
 PSA import/export-public RSA public key: buffer too small, opaque
-depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_CRYPTO_DRIVER_TEST
 import_export_public_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):-1:PSA_ERROR_BUFFER_TOO_SMALL:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001"
 
 PSA import/export-public RSA keypair: buffer too small, opaque
-depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_CRYPTO_DRIVER_TEST
 import_export_public_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):-1:PSA_ERROR_BUFFER_TOO_SMALL:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001"
 
 PSA import/export RSA public key: 1016-bit (good)
@@ -214,11 +214,11 @@ depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS
 import_export:"3082025802010002818000cde684f1aee96917b89c8a0a72523cfce4686ed5a5fbd32abab12038fc75148e45314b7e31fe60d8258e7e78234a23df0f00cc20fd008b64cb5b0f4ced8c47aa048f767f859961adc22b3df14e63bd9e08c9707bbf4e0eba32b1cc35a020e7e815ca47e0d39601a80d683ab4a07f4d3a7acebaba6c87d25bce2d091ee115c50203010001028180009dd9c34411e769a540e7e9c03682abb4e95ad2d5c2297c6b7eb2fa5415dfa081adb42bff344ea36a31e8bb36593fa69e843f053fa916f8c6ae4c423fa4c1edbcfa7e8079bc19a738f4f861c198cf277d2c89fe3deab06db5a3a09f8d1622033a618fbfbab92b50a13f77cdb53b56d38bec4cdd8cbe65e8b30ab4e77565842102400eec9285833f973372458f354bff7d35bcb04f3b26f5b58a025887a966ca951b6667651a46034bbc99f9d688dfbcb4297a4d86824dd73abdfa7deeb232b1642902400dcbe74d51f3b93afe2a22e2be0c3c56911ef771fd8eb01f64d95d018315baf4144aeb957be95a77f17f2b8a12c2d3b87a1281f9c66d839fa603fbbe7381783d0240035398154a7c1227d580cbbb05859d532d0bdf9d3fc1e5052e20ad9c84dd02ff6884037527c5f44bc5c67a9b67c39824e6ae011d6a5c5f2b997a188a7fe22a810240076bf41ec5023e57bcd87ff1c7d89f30d65a793469f933478021ea056135f45f4ef74aaa1c8158b883422cf2d6cad5c83c6aee5ea65ecd5ab99d14f4cc000ee5024006d13905db5556627066596da3383458aea6ba5e2f94ccc5b922117a1ed3ae7a26c59e68c3885a41b366f1a5c8bff7ec8853ef8d32addb818141352b2da553dc":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1016:0:PSA_SUCCESS:1
 
 PSA import/export RSA public key: 1016-bit (good), opaque
-depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_CRYPTO_DRIVER_TEST
 import_export:"30818802818000cde684f1aee96917b89c8a0a72523cfce4686ed5a5fbd32abab12038fc75148e45314b7e31fe60d8258e7e78234a23df0f00cc20fd008b64cb5b0f4ced8c47aa048f767f859961adc22b3df14e63bd9e08c9707bbf4e0eba32b1cc35a020e7e815ca47e0d39601a80d683ab4a07f4d3a7acebaba6c87d25bce2d091ee115c50203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1016:0:PSA_SUCCESS:1
 
 PSA import/export RSA keypair: 1016-bit (good), opaque
-depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_CRYPTO_DRIVER_TEST
 import_export:"3082025802010002818000cde684f1aee96917b89c8a0a72523cfce4686ed5a5fbd32abab12038fc75148e45314b7e31fe60d8258e7e78234a23df0f00cc20fd008b64cb5b0f4ced8c47aa048f767f859961adc22b3df14e63bd9e08c9707bbf4e0eba32b1cc35a020e7e815ca47e0d39601a80d683ab4a07f4d3a7acebaba6c87d25bce2d091ee115c50203010001028180009dd9c34411e769a540e7e9c03682abb4e95ad2d5c2297c6b7eb2fa5415dfa081adb42bff344ea36a31e8bb36593fa69e843f053fa916f8c6ae4c423fa4c1edbcfa7e8079bc19a738f4f861c198cf277d2c89fe3deab06db5a3a09f8d1622033a618fbfbab92b50a13f77cdb53b56d38bec4cdd8cbe65e8b30ab4e77565842102400eec9285833f973372458f354bff7d35bcb04f3b26f5b58a025887a966ca951b6667651a46034bbc99f9d688dfbcb4297a4d86824dd73abdfa7deeb232b1642902400dcbe74d51f3b93afe2a22e2be0c3c56911ef771fd8eb01f64d95d018315baf4144aeb957be95a77f17f2b8a12c2d3b87a1281f9c66d839fa603fbbe7381783d0240035398154a7c1227d580cbbb05859d532d0bdf9d3fc1e5052e20ad9c84dd02ff6884037527c5f44bc5c67a9b67c39824e6ae011d6a5c5f2b997a188a7fe22a810240076bf41ec5023e57bcd87ff1c7d89f30d65a793469f933478021ea056135f45f4ef74aaa1c8158b883422cf2d6cad5c83c6aee5ea65ecd5ab99d14f4cc000ee5024006d13905db5556627066596da3383458aea6ba5e2f94ccc5b922117a1ed3ae7a26c59e68c3885a41b366f1a5c8bff7ec8853ef8d32addb818141352b2da553dc":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1016:0:PSA_SUCCESS:1
 
 PSA import RSA public key: 1022-bit (not supported)
@@ -366,131 +366,131 @@ depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS
 import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1024:0:PSA_ERROR_NOT_PERMITTED:1
 
 PSA import/export EC secp224r1 key pair: good, opaque
-depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_224:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_224:PSA_CRYPTO_DRIVER_TEST
 import_export:"6849f97d1066f6997759637c7e3899464cee3ec7ac970653a0be0742":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):224:0:PSA_SUCCESS:1
 
 PSA import/export-public EC secp224r1: good, opaque
-depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_224:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_224:PSA_CRYPTO_DRIVER_TEST
 import_export_public_key:"6849f97d1066f6997759637c7e3899464cee3ec7ac970653a0be0742":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):0:PSA_SUCCESS:"041693a290f7f0b571fe2b41d5d84b01327631f4a860f995fa332c097f54192bb10f00113f2affb13c1a24ce44914571a95440ae014a00cbf7"
 
 PSA import/export EC secp256r1 key pair: good, opaque
-depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256:PSA_CRYPTO_DRIVER_TEST
 import_export:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):256:0:PSA_SUCCESS:1
 
 PSA import/export-public EC secp256r1: good, opaque
-depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256:PSA_CRYPTO_DRIVER_TEST
 import_export_public_key:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):0:PSA_SUCCESS:"047772656f814b399279d5e1f1781fac6f099a3c5ca1b0e35351834b08b65e0b572590cdaf8f769361bcf34acfc11e5e074e8426bdde04be6e653945449617de45"
 
 PSA import/export EC secp384r1 key pair: good, opaque
-depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_384:PSA_CRYPTO_DRIVER_TEST
 import_export:"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):384:0:PSA_SUCCESS:1
 
 PSA import/export-public EC secp384r1: good, opaque
-depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_384:PSA_CRYPTO_DRIVER_TEST
 import_export_public_key:"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):0:PSA_SUCCESS:"04d9c662b50ba29ca47990450e043aeaf4f0c69b15676d112f622a71c93059af999691c5680d2b44d111579db12f4a413a2ed5c45fcfb67b5b63e00b91ebe59d09a6b1ac2c0c4282aa12317ed5914f999bc488bb132e8342cc36f2ca5e3379c747"
 
 PSA import/export EC secp521r1 key pair: good, opaque
-depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_521:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_521:PSA_CRYPTO_DRIVER_TEST
 import_export:"01b1b6ad07bb79e7320da59860ea28e055284f6058f279de666e06d435d2af7bda28d99fa47b7dd0963e16b0073078ee8b8a38d966a582f46d19ff95df3ad9685aae":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):521:0:PSA_SUCCESS:1
 
 PSA import/export-public EC secp521r1: good, opaque
-depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_521:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_521:PSA_CRYPTO_DRIVER_TEST
 import_export_public_key:"01b1b6ad07bb79e7320da59860ea28e055284f6058f279de666e06d435d2af7bda28d99fa47b7dd0963e16b0073078ee8b8a38d966a582f46d19ff95df3ad9685aae":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):0:PSA_SUCCESS:"04001de142d54f69eb038ee4b7af9d3ca07736fd9cf719eb354d69879ee7f3c136fb0fbf9f08f86be5fa128ec1a051d3e6c643e85ada8ffacf3663c260bd2c844b6f5600cee8e48a9e65d09cadd89f235dee05f3b8a646be715f1f67d5b434e0ff23a1fc07ef7740193e40eeff6f3bcdfd765aa9155033524fe4f205f5444e292c4c2f6ac1"
 
 PSA import/export EC brainpool256r1 key pair: good, opaque
-depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_BRAINPOOL_P_R1_256:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_BRAINPOOL_P_R1_256:PSA_CRYPTO_DRIVER_TEST
 import_export:"2161d6f2db76526fa62c16f356a80f01f32f776784b36aa99799a8b7662080ff":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY::PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):256:0:PSA_SUCCESS:1
 
 PSA import/export-public EC brainpool256r1: good, opaque
-depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_BRAINPOOL_P_R1_256:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_BRAINPOOL_P_R1_256:PSA_CRYPTO_DRIVER_TEST
 import_export_public_key:"2161d6f2db76526fa62c16f356a80f01f32f776784b36aa99799a8b7662080ff":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):0:PSA_SUCCESS:"04768c8cae4abca6306db0ed81b0c4a6215c378066ec6d616c146e13f1c7df809b96ab6911c27d8a02339f0926840e55236d3d1efbe2669d090e4c4c660fada91d"
 
 PSA import/export EC brainpool384r1 key pair: good, opaque
-depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_BRAINPOOL_P_R1_384:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_BRAINPOOL_P_R1_384:PSA_CRYPTO_DRIVER_TEST
 import_export:"3dd92e750d90d7d39fc1885cd8ad12ea9441f22b9334b4d965202adb1448ce24c5808a85dd9afc229af0a3124f755bcb":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):384:0:PSA_SUCCESS:1
 
 PSA import/export-public EC brainpool384r1: good, opaque
-depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_BRAINPOOL_P_R1_384:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_BRAINPOOL_P_R1_384:PSA_CRYPTO_DRIVER_TEST
 import_export_public_key:"3dd92e750d90d7d39fc1885cd8ad12ea9441f22b9334b4d965202adb1448ce24c5808a85dd9afc229af0a3124f755bcb":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):0:PSA_SUCCESS:"04719f9d093a627e0d350385c661cebf00c61923566fe9006a3107af1d871bc6bb68985fd722ea32be316f8e783b7cd1957785f66cfc0cb195dd5c99a8e7abaa848553a584dfd2b48e76d445fe00dd8be59096d877d4696d23b4bc8db14724e66a"
 
 PSA import/export EC brainpool512r1 key pair: good, opaque
-depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_BRAINPOOL_P_R1_512:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_BRAINPOOL_P_R1_512:PSA_CRYPTO_DRIVER_TEST
 import_export:"372c9778f69f726cbca3f4a268f16b4d617d10280d79a6a029cd51879fe1012934dfe5395455337df6906dc7d6d2eea4dbb2065c0228f73b3ed716480e7d71d2":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):512:0:PSA_SUCCESS:1
 
 PSA import/export-public EC brainpool512r1: good, opaque
-depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_BRAINPOOL_P_R1_512:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_BRAINPOOL_P_R1_512:PSA_CRYPTO_DRIVER_TEST
 import_export_public_key:"372c9778f69f726cbca3f4a268f16b4d617d10280d79a6a029cd51879fe1012934dfe5395455337df6906dc7d6d2eea4dbb2065c0228f73b3ed716480e7d71d2":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):PSA_ALG_ECDSA_ANY:0:0:PSA_SUCCESS:"0438b7ec92b61c5c6c7fbc28a4ec759d48fcd4e2e374defd5c4968a54dbef7510e517886fbfc38ea39aa529359d70a7156c35d3cbac7ce776bdb251dd64bce71234424ee7049eed072f0dbc4d79996e175d557e263763ae97095c081e73e7db2e38adc3d4c9a0487b1ede876dc1fca61c902e9a1d8722b8612928f18a24845591a"
 
 PSA import/export EC curve25519 key pair: good (already properly masked), opaque
-depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_255:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_255:PSA_CRYPTO_DRIVER_TEST
 import_export:"70076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c6a":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):255:0:PSA_SUCCESS:1
 
 PSA import/export EC curve25519 key pair: unmasked input (check export-import-export yields properly masked output), opaque
-depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_255:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_255:PSA_CRYPTO_DRIVER_TEST
 import_export:"77076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c2a":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):255:0:PSA_SUCCESS:0
 
 PSA import/export-public EC curve25519: accept unmasked input, opaque
-depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_255:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_255:PSA_CRYPTO_DRIVER_TEST
 import_export_public_key:"77076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c2a":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):0:PSA_SUCCESS:"8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a"
 
 PSA import/export-public EC curve25519: accept masked input, opaque
-depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_255:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_255:PSA_CRYPTO_DRIVER_TEST
 import_export_public_key:"70076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c6a":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):0:PSA_SUCCESS:"8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a"
 
 PSA import/export EC curve448 key pair: good (already properly masked, key from RFC 7748 6.2 Alice)), opaque
-depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_448:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_448:PSA_CRYPTO_DRIVER_TEST
 import_export:"988f4925d1519f5775cf46b04b5800d4ee9ee8bae8bc5565d498c28dd9c9baf574a9419744897391006382a6f127ab1d9ac2d8c0a59872eb":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):448:0:PSA_SUCCESS:1
 
 PSA import/export EC curve448 key pair: unmasked input (check export-import-export yields properly masked output, key from RFC 7748 6.2 Alice)), opaque
-depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_448:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_448:PSA_CRYPTO_DRIVER_TEST
 import_export:"9a8f4925d1519f5775cf46b04b5800d4ee9ee8bae8bc5565d498c28dd9c9baf574a9419744897391006382a6f127ab1d9ac2d8c0a598726b":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):448:0:PSA_SUCCESS:0
 
 PSA import/export-public EC curve448: accept masked input (key from RFC 7748 6.2 Alice), opaque
-depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_448:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_448:PSA_CRYPTO_DRIVER_TEST
 import_export_public_key:"988f4925d1519f5775cf46b04b5800d4ee9ee8bae8bc5565d498c28dd9c9baf574a9419744897391006382a6f127ab1d9ac2d8c0a59872eb":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):0:PSA_SUCCESS:"9b08f7cc31b7e3e67d22d5aea121074a273bd2b83de09c63faa73d2c22c5d9bbc836647241d953d40c5b12da88120d53177f80e532c41fa0"
 
 PSA import/export-public EC curve448: accept unmasked input (key from RFC 7748 6.2 Alice), opaque
-depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_448:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_448:PSA_CRYPTO_DRIVER_TEST
 import_export_public_key:"9a8f4925d1519f5775cf46b04b5800d4ee9ee8bae8bc5565d498c28dd9c9baf574a9419744897391006382a6f127ab1d9ac2d8c0a598726b":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):0:PSA_SUCCESS:"9b08f7cc31b7e3e67d22d5aea121074a273bd2b83de09c63faa73d2c22c5d9bbc836647241d953d40c5b12da88120d53177f80e532c41fa0"
 
 PSA import/export-public: cannot export-public a symmetric key, opaque
-depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_CRYPTO_DRIVER_TEST
 import_export_public_key:"2b7e151628aed2a6abf7158809cf4f3c":PSA_KEY_TYPE_AES:PSA_ALG_CBC_NO_PADDING:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):0:PSA_ERROR_INVALID_ARGUMENT:"2b7e151628aed2a6abf7158809cf4f3c"
 
 PSA import/export EC secp256r1 public key: good, opaque
-depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256:PSA_CRYPTO_DRIVER_TEST
 import_export:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):256:0:PSA_SUCCESS:1
 
 PSA import/export EC secp521r1 public key: good, opaque
-depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_521:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_521:PSA_CRYPTO_DRIVER_TEST
 import_export:"04001de142d54f69eb038ee4b7af9d3ca07736fd9cf719eb354d69879ee7f3c136fb0fbf9f08f86be5fa128ec1a051d3e6c643e85ada8ffacf3663c260bd2c844b6f5600cee8e48a9e65d09cadd89f235dee05f3b8a646be715f1f67d5b434e0ff23a1fc07ef7740193e40eeff6f3bcdfd765aa9155033524fe4f205f5444e292c4c2f6ac1":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):521:0:PSA_SUCCESS:1
 
 PSA import/export EC brainpoolP256r1 public key: good, opaque
-depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_BRAINPOOL_P_R1_256:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_BRAINPOOL_P_R1_256:PSA_CRYPTO_DRIVER_TEST
 import_export:"04768c8cae4abca6306db0ed81b0c4a6215c378066ec6d616c146e13f1c7df809b96ab6911c27d8a02339f0926840e55236d3d1efbe2669d090e4c4c660fada91d":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):256:0:PSA_SUCCESS:1
 
 PSA import/export curve25519 public key: good, opaque
-depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_255:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_255:PSA_CRYPTO_DRIVER_TEST
 import_export:"8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_MONTGOMERY):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):255:0:PSA_SUCCESS:1
 
 PSA import/export curve448 Public Key: good (key from RFC 7748 6.2 Alice), opaque
-depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_448:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_448:PSA_CRYPTO_DRIVER_TEST
 import_export:"9b08f7cc31b7e3e67d22d5aea121074a273bd2b83de09c63faa73d2c22c5d9bbc836647241d953d40c5b12da88120d53177f80e532c41fa0":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_MONTGOMERY):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):448:0:PSA_SUCCESS:0
 
 PSA import/export AES key: policy forbids export, opaque
-depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:PSA_CRYPTO_DRIVER_TEST
 import_export:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_KEY_TYPE_AES:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):128:0:PSA_ERROR_NOT_PERMITTED:1
 
 PSA import/export HMAC key: policy forbids export, opaque
-depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC:PSA_CRYPTO_DRIVER_TEST
 import_export:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_KEY_TYPE_HMAC:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):256:0:PSA_ERROR_NOT_PERMITTED:1
 
 PSA import/export RSA keypair: policy forbids export (crypt), opaque
-depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_CRYPTO_DRIVER_TEST
 import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1024:0:PSA_ERROR_NOT_PERMITTED:1
 
 PSA import/export RSA keypair: policy forbids export (sign), opaque
-depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C:PSA_CRYPTO_DRIVER_TEST
 import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1024:0:PSA_ERROR_NOT_PERMITTED:1
 
 # Test PEM import. Note that this is not a PSA feature, it's an Mbed TLS
@@ -1164,99 +1164,99 @@ depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KE
 copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):0:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_SHA_256)
 
 Copy key: raw, 1 byte, opaque
-depends_on:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_CRYPTO_DRIVER_TEST
 copy_success:PSA_KEY_USAGE_COPY:0:0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_RAW_DATA:"2a":1:-1:-1:0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_COPY:0:0
 
 Copy key: AES, copy attributes, opaque
-depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:PSA_CRYPTO_DRIVER_TEST
 copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":1:-1:-1:0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0
 
 Copy key: AES, same usage flags, opaque
-depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:PSA_CRYPTO_DRIVER_TEST
 copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0
 
 Copy key: AES, fewer usage flags (-EXPORT), opaque
-depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:PSA_CRYPTO_DRIVER_TEST
 copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0
 
 Copy key: AES, fewer usage flags (-COPY), opaque
-depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:PSA_CRYPTO_DRIVER_TEST
 copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0
 
 Copy key: AES, 1 more usage flag, opaque
-depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:PSA_CRYPTO_DRIVER_TEST
 copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0
 
 Copy key: AES, 2 more usage flags, opaque
-depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:PSA_CRYPTO_DRIVER_TEST
 copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0
 
 Copy key: AES, intersect usage flags #1, opaque
-depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:PSA_CRYPTO_DRIVER_TEST
 copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0
 
 Copy key: AES, intersect usage flags #2, opaque
-depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:PSA_CRYPTO_DRIVER_TEST
 copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0
 
 Copy key: RSA key pair, same usage flags, opaque
-depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_MD_C:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_MD_C:PSA_CRYPTO_DRIVER_TEST
 copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0
 
 Copy key: RSA key pair, extended usage flags, opaque
-depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_MD_C:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_MD_C:PSA_CRYPTO_DRIVER_TEST
 copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0
 
 Copy key: RSA key pair, fewer usage flags, opaque
-depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_MD_C:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_MD_C:PSA_CRYPTO_DRIVER_TEST
 copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0
 
 Copy key: RSA key pair, more usage flags, opaque
-depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_MD_C:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_MD_C:PSA_CRYPTO_DRIVER_TEST
 copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0
 
 Copy key: RSA key pair, intersect usage flags #0, opaque
-depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_MD_C:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_MD_C:PSA_CRYPTO_DRIVER_TEST
 copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):0:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0
 
 Copy key: RSA key pair, intersect usage flags #1, opaque
-depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_MD_C:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_MD_C:PSA_CRYPTO_DRIVER_TEST
 copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0
 
 Copy key: RSA key pair, wildcard algorithm in source, opaque
-depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_MD_C:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_MD_C:PSA_CRYPTO_DRIVER_TEST
 copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0
 
 Copy key: RSA key pair, wildcard algorithm in target, opaque
-depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_MD_C:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_MD_C:PSA_CRYPTO_DRIVER_TEST
 copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0
 
 Copy key: RSA key pair, wildcard algorithm in source and target, opaque
-depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_MD_C:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_MD_C:PSA_CRYPTO_DRIVER_TEST
 copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0
 
 Copy key: source=ECDSA+ECDH, target=ECDSA+ECDH, opaque
-depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256:PSA_CRYPTO_DRIVER_TEST
 copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH
 
 Copy key: source=ECDSA+ECDH, target=ECDSA+ECDH, extended usage flags, opaque
-depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256:PSA_CRYPTO_DRIVER_TEST
 copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH
 
 Copy key: source=ECDSA+ECDH, target=ECDSA+0, opaque
-depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256:PSA_CRYPTO_DRIVER_TEST
 copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_SHA_256):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):0
 
 Copy key: source=ECDSA+ECDH, target=0+ECDH, opaque
-depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256:PSA_CRYPTO_DRIVER_TEST
 copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:0:PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:0:PSA_ALG_ECDH
 
 Copy key: source=ECDSA(any)+ECDH, target=ECDSA(SHA256)+ECDH, opaque
-depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256:PSA_CRYPTO_DRIVER_TEST
 copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH
 
 Copy key: source=ECDH+ECDSA(any), target=ECDH+ECDSA(SHA256), opaque
-depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256:PSA_CRYPTO_DRIVER_TEST
 copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_SHA_256)
 
 Copy fail: raw data, no COPY flag
@@ -1335,31 +1335,31 @@ depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
 copy_success:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 4):0:0:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0:0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0
 
 Copy key: source=MAC, target=MAC min-length = length, opaque
-depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC:PSA_CRYPTO_DRIVER_TEST
 copy_success:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0
 
 Copy key: source=MAC, target=MAC min-length < length, opaque
-depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC:PSA_CRYPTO_DRIVER_TEST
 copy_success:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 16):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0
 
 Copy key: source=AEAD min-length, target=AEAD length > min-length, opaque
-depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:PSA_CRYPTO_DRIVER_TEST
 copy_success:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 4):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 8):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 8):0
 
 Copy key: source=AEAD min-length, target=AEAD length = min-length, opaque
-depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:PSA_CRYPTO_DRIVER_TEST
 copy_success:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 4):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 4):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 4):0
 
 Copy key: source=AEAD min-length, target=AEAD min-length, src > tgt, opaque
-depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:PSA_CRYPTO_DRIVER_TEST
 copy_success:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 4):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0
 
 Copy key: source=AEAD min-length, target=AEAD min-length, src = tgt, opaque
-depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:PSA_CRYPTO_DRIVER_TEST
 copy_success:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION )::PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0
 
 Copy key: source=AEAD min-length, target=AEAD min-length, src < tgt, opaque
-depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:PSA_CRYPTO_DRIVER_TEST
 copy_success:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 4):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0
 
 Copy fail: source=AEAD, target=AEAD min-length > length
@@ -1375,11 +1375,11 @@ depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
 copy_success:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 12):0:0:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0:0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 12):0
 
 Copy key: source=AEAD, target=AEAD min-length = length, opaque
-depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:PSA_CRYPTO_DRIVER_TEST
 copy_success:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 8):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 8):0
 
 Copy key: source=AEAD, target=AEAD min-length < length, opaque
-depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:PSA_CRYPTO_DRIVER_TEST
 copy_success:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 12):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 12):0
 
 Copy fail: RSA, incompatible target policy (source wildcard)
@@ -1426,7 +1426,7 @@ depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_CRYPTO_STORAGE_C
 copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_TYPE_AES:0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:1:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_READ_ONLY, 0 ):PSA_ERROR_INVALID_ARGUMENT
 
 Copy fail: AES, across locations (unsupported) in attributes
-depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_CRYPTO_DRIVERS
+depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:PSA_CRYPTO_DRIVER_TEST
 copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION):PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_TYPE_AES:0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:1:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(PSA_KEY_PERSISTENCE_VOLATILE, 0):PSA_ERROR_NOT_SUPPORTED
 
 Hash operation object initializers zero properly

From 9d17bf42152a6ae2731d6cbcb6e4a8dc39c69f49 Mon Sep 17 00:00:00 2001
From: Archana <archana.madhavan@silabs.com>
Date: Fri, 10 Sep 2021 06:22:44 +0530
Subject: [PATCH 484/966] Styling and refactoring

Signed-off-by: Archana <archana.madhavan@silabs.com>
---
 library/psa_crypto.c                          | 30 +++++----------
 library/psa_crypto_driver_wrappers.c          | 17 +++++++--
 library/psa_crypto_driver_wrappers.h          |  2 +-
 tests/include/test/drivers/key_management.h   |  2 +-
 .../src/drivers/test_driver_key_management.c  | 37 ++++++++++---------
 tests/suites/test_suite_psa_crypto.function   | 14 +++----
 6 files changed, 53 insertions(+), 49 deletions(-)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 906e9b4579..bcbaa3d68a 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -1991,18 +1991,6 @@ exit:
 }
 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
 
-static psa_status_t psa_copy_key_material( const psa_key_slot_t *source,
-                                           psa_key_slot_t *target )
-{
-    psa_status_t status = psa_copy_key_material_into_slot( target,
-                                                           source->key.data,
-                                                           source->key.bytes );
-    if( status != PSA_SUCCESS )
-        return( status );
-
-    return( PSA_SUCCESS );
-}
-
 psa_status_t psa_copy_key( mbedtls_svc_key_id_t source_key,
                            const psa_key_attributes_t *specified_attributes,
                            mbedtls_svc_key_id_t *target_key )
@@ -2027,13 +2015,13 @@ psa_status_t psa_copy_key( mbedtls_svc_key_id_t source_key,
     if( status != PSA_SUCCESS )
         goto exit;
 
-    /* The actual attributes that we received from the user could have
-     * zero values for key bits and type.These optional attributes
-     * have been validated and so it is safe to inherit these
-     * from the source key.
+    /* The target key type and number of bits have been validated by
+     * psa_validate_optional_attributes() to be either equal to zero or
+     * equal to the ones of the source key. So it is safe to inherit
+     * them from the source key now."
      * */
-     actual_attributes.core.bits = source_slot->attr.bits;
-     actual_attributes.core.type = source_slot->attr.type;
+    actual_attributes.core.bits = source_slot->attr.bits;
+    actual_attributes.core.type = source_slot->attr.type;
 
 
     status = psa_restrict_key_policy( source_slot->attr.type,
@@ -2050,7 +2038,7 @@ psa_status_t psa_copy_key( mbedtls_svc_key_id_t source_key,
         PSA_KEY_LIFETIME_GET_LOCATION( source_slot->attr.lifetime ) )
     {
         /*
-         * If the source and target keys are stored across different locations,
+         * If the source and target keys are stored in different locations,
          * the source key would need to be exported as plaintext and re-imported
          * in the other location. This has security implications which have not
          * been fully mapped. For now, this can be achieved through
@@ -2087,7 +2075,9 @@ psa_status_t psa_copy_key( mbedtls_svc_key_id_t source_key,
     }
     else
     {
-        status = psa_copy_key_material( source_slot, target_slot );
+       status = psa_copy_key_material_into_slot( target_slot,
+                                                 source_slot->key.data,
+                                                 source_slot->key.bytes );
         if( status != PSA_SUCCESS )
             goto exit;
     }
diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c
index 00c17063af..4123d8a560 100644
--- a/library/psa_crypto_driver_wrappers.c
+++ b/library/psa_crypto_driver_wrappers.c
@@ -785,7 +785,7 @@ psa_status_t psa_driver_wrapper_get_builtin_key(
 
 psa_status_t psa_driver_wrapper_copy_key(
     psa_key_attributes_t *attributes,
-    const uint8_t *source_key, size_t source_key_size,
+    const uint8_t *source_key, size_t source_key_length,
     uint8_t *target_key_buffer, size_t target_key_buffer_size,
     size_t *target_key_buffer_length )
 {
@@ -793,13 +793,24 @@ psa_status_t psa_driver_wrapper_copy_key(
     psa_key_location_t location =
         PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
 
+#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
+    const psa_drv_se_t *drv;
+    psa_drv_se_context_t *drv_context;
+
+    if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
+    {
+        /* Copying to a secure element is not implemented yet. */
+        return( PSA_ERROR_NOT_SUPPORTED );
+    }
+#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
+
     switch( location )
     {
 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
 #if defined(PSA_CRYPTO_DRIVER_TEST)
         case PSA_CRYPTO_TEST_DRIVER_LOCATION:
             return( mbedtls_test_opaque_copy_key( attributes, source_key,
-                                                  source_key_size,
+                                                  source_key_length,
                                                   target_key_buffer,
                                                   target_key_buffer_size,
                                                   target_key_buffer_length) );
@@ -807,7 +818,7 @@ psa_status_t psa_driver_wrapper_copy_key(
 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
         default:
             (void)source_key;
-            (void)source_key_size;
+            (void)source_key_length;
             (void)target_key_buffer;
             (void)target_key_buffer_size;
             (void)target_key_buffer_length;
diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h
index c186228fa0..c6e3d51a39 100644
--- a/library/psa_crypto_driver_wrappers.h
+++ b/library/psa_crypto_driver_wrappers.h
@@ -102,7 +102,7 @@ psa_status_t psa_driver_wrapper_get_builtin_key(
 
 psa_status_t psa_driver_wrapper_copy_key(
     psa_key_attributes_t *attributes,
-    const uint8_t *source_key, size_t source_key_size,
+    const uint8_t *source_key, size_t source_key_length,
     uint8_t *target_key_buffer, size_t target_key_buffer_size,
     size_t *target_key_buffer_length );
 /*
diff --git a/tests/include/test/drivers/key_management.h b/tests/include/test/drivers/key_management.h
index 16ee0b2160..d147568cdc 100644
--- a/tests/include/test/drivers/key_management.h
+++ b/tests/include/test/drivers/key_management.h
@@ -115,7 +115,7 @@ psa_status_t mbedtls_test_opaque_get_builtin_key(
 psa_status_t mbedtls_test_opaque_copy_key(
     psa_key_attributes_t *attributes,
     const uint8_t *source_key,
-    size_t source_key_size,
+    size_t source_key_length,
     uint8_t *target_key_buffer,
     size_t target_key_buffer_size,
     size_t *target_key_buffer_length);
diff --git a/tests/src/drivers/test_driver_key_management.c b/tests/src/drivers/test_driver_key_management.c
index 2683edcd8c..61ebc8aa1a 100644
--- a/tests/src/drivers/test_driver_key_management.c
+++ b/tests/src/drivers/test_driver_key_management.c
@@ -75,7 +75,7 @@ size_t mbedtls_test_opaque_size_function(
 
     key_buffer_size = PSA_EXPORT_KEY_OUTPUT_SIZE( key_type, key_bits );
     if( key_buffer_size == 0 )
-        return( key_buffer_size );
+        return( 0 );
     /* Include spacing for base size overhead over the key size
      * */
     key_buffer_size += TEST_DRIVER_KEY_CONTEXT_BASE_SIZE;
@@ -109,7 +109,7 @@ static psa_status_t mbedtls_test_opaque_wrap_key(
         return( PSA_ERROR_BUFFER_TOO_SMALL );
 
     /* Write in the opaque pad prefix */
-    memcpy( wrapped_key_buffer, &prefix, opaque_key_base_size);
+    memcpy( wrapped_key_buffer, &prefix, opaque_key_base_size );
     wrapped_key_buffer += opaque_key_base_size;
     *wrapped_key_buffer_length = key_length + opaque_key_base_size;
 
@@ -136,7 +136,12 @@ static psa_status_t mbedtls_test_opaque_unwrap_key(
 {
     /* Remove the pad prefix from the wrapped key */
     size_t opaque_key_base_size = mbedtls_test_opaque_get_base_size();
-    size_t clear_key_size = wrapped_key_length - opaque_key_base_size;
+    size_t clear_key_size;
+
+    /* Check for underflow */
+    if( wrapped_key_length < opaque_key_base_size )
+        return( PSA_ERROR_DATA_CORRUPT );
+    clear_key_size = wrapped_key_length - opaque_key_base_size;
 
     wrapped_key += opaque_key_base_size;
     if( clear_key_size > key_buffer_size )
@@ -281,11 +286,14 @@ psa_status_t mbedtls_test_opaque_import_key(
     {
         *bits = PSA_BYTES_TO_BITS( data_length );
 
-        status = psa_validate_unstructured_key_bit_size( attributes->core.type,
+        status = psa_validate_unstructured_key_bit_size( type,
                                                          *bits );
         if( status != PSA_SUCCESS )
             goto exit;
 
+        if( data_length > key_buffer_size )
+            return( PSA_ERROR_BUFFER_TOO_SMALL );
+
         /* Copy the key material accounting for opaque key padding. */
         memcpy( key_buffer_temp, data, data_length );
         *key_buffer_length = data_length;
@@ -327,7 +335,7 @@ psa_status_t mbedtls_test_opaque_import_key(
     status = mbedtls_test_opaque_wrap_key( key_buffer_temp, *key_buffer_length,
                  key_buffer, key_buffer_size, key_buffer_length );
 exit:
-    free( key_buffer_temp );
+    mbedtls_free( key_buffer_temp );
     return( status );
 }
 
@@ -395,21 +403,15 @@ psa_status_t mbedtls_test_opaque_export_key(
     {
         /* This buffer will be used as an intermediate placeholder for
          * the opaque key till we unwrap the key into key_buffer */
-        uint8_t *key_buffer_temp;
-        size_t status = PSA_ERROR_CORRUPTION_DETECTED;
+        psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
         psa_key_type_t type = psa_get_key_type( attributes );
 
         if( PSA_KEY_TYPE_IS_UNSTRUCTURED( type ) ||
             PSA_KEY_TYPE_IS_RSA( type )   ||
             PSA_KEY_TYPE_IS_ECC( type ) )
         {
-            key_buffer_temp = mbedtls_calloc( 1, key_length );
-            if( key_buffer_temp == NULL )
-                return( PSA_ERROR_INSUFFICIENT_MEMORY );
-            memcpy( key_buffer_temp, key, key_length );
-            status = mbedtls_test_opaque_unwrap_key( key_buffer_temp, key_length,
+            status = mbedtls_test_opaque_unwrap_key( key, key_length,
                                          data, data_size, data_length );
-            mbedtls_free( key_buffer_temp );
             return( status );
         }
     }
@@ -614,7 +616,7 @@ psa_status_t mbedtls_test_opaque_get_builtin_key(
 
 psa_status_t mbedtls_test_opaque_copy_key(
     psa_key_attributes_t *attributes,
-    const uint8_t *source_key_buffer, size_t source_key_buffer_size,
+    const uint8_t *source_key, size_t source_key_length,
     uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length)
 {
     /* This is a case where the opaque test driver emulates an SE without storage.
@@ -623,10 +625,11 @@ psa_status_t mbedtls_test_opaque_copy_key(
      * copied keys. This could change when the opaque test driver is extended
      * to support SE with storage, or to emulate an SE without storage but
      * still holding some slot references */
-    if( source_key_buffer_size > key_buffer_size )
+    if( source_key_length > key_buffer_size )
         return( PSA_ERROR_BUFFER_TOO_SMALL );
-    memcpy( key_buffer, source_key_buffer, source_key_buffer_size );
-    *key_buffer_length = source_key_buffer_size;
+
+    memcpy( key_buffer, source_key, source_key_length );
+    *key_buffer_length = source_key_length;
     (void)attributes;
     return( PSA_SUCCESS );
 }
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 2b5727345d..01e5d5939b 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -564,18 +564,18 @@ void import_export( data_t *data,
     {
         mbedtls_svc_key_id_t key2 = MBEDTLS_SVC_KEY_ID_INIT;
         PSA_ASSERT( psa_import_key( &attributes, exported, exported_length,
-                                     &key2 ) );
+                                    &key2 ) );
         PSA_ASSERT( psa_export_key( key2,
-                                     reexported,
-                                     export_size,
-                                     &reexported_length ) );
+                                    reexported,
+                                    export_size,
+                                    &reexported_length ) );
         ASSERT_COMPARE( exported, exported_length,
                          reexported, reexported_length );
         PSA_ASSERT( psa_destroy_key( key2 ) );
     }
     TEST_ASSERT( exported_length <=
              PSA_EXPORT_KEY_OUTPUT_SIZE( type,
-                                             psa_get_key_bits( &got_attributes ) ) );
+                                         psa_get_key_bits( &got_attributes ) ) );
     TEST_ASSERT( exported_length <= PSA_EXPORT_KEY_PAIR_MAX_SIZE );
 
 destroy:
@@ -629,8 +629,8 @@ void import_export_public_key( data_t *data,
     /* Export the public key */
     ASSERT_ALLOC( exported, export_size );
     status = psa_export_public_key( key,
-                                exported, export_size,
-                                &exported_length );
+                                    exported, export_size,
+                                    &exported_length );
     TEST_EQUAL( status, expected_export_status );
     if( status == PSA_SUCCESS )
     {

From 72fc69bd40be61ba4d591abd9857417180caab78 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Fri, 10 Sep 2021 10:23:24 +0800
Subject: [PATCH 485/966] fix typo error

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_tls13_client.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 1b55abab6d..5d9e50b0d2 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -184,7 +184,8 @@ static int ssl_tls13_write_supported_groups_ext( mbedtls_ssl_context *ssl,
                                                  size_t *olen )
 {
     unsigned char *p = buf ;
-    unsigned char *name_group_list_ptr; /* Start of named_group_list */
+    unsigned char *named_group_list_ptr; /* Start of named_group_list */
+    size_t named_group_list_len;         /* Length of named_group_list */
     size_t output_len = 0;
     int ret_ecdhe, ret_dhe;
 
@@ -203,7 +204,7 @@ static int ssl_tls13_write_supported_groups_ext( mbedtls_ssl_context *ssl,
     MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 );
     p += 6;
 
-    name_group_list_ptr = p;
+    named_group_list_ptr = p;
     ret_ecdhe = ssl_tls13_write_named_group_list_ecdhe( ssl, p, end, &output_len );
     if( ret_ecdhe != 0 )
     {
@@ -226,10 +227,10 @@ static int ssl_tls13_write_supported_groups_ext( mbedtls_ssl_context *ssl,
     }
 
     /* Length of named_group_list*/
-    size_t named_group_list_len = p - name_group_list_ptr;
+    named_group_list_len = p - named_group_list_ptr;
     if( named_group_list_len == 0 )
     {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "No Named Group Available." ) );
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "No group Available." ) );
         return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
     }
 

From 335aca9c52d50bf8bb1bd84a25d63ef0659da017 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Sun, 12 Sep 2021 20:18:56 +0800
Subject: [PATCH 486/966] fix format issue

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_tls13_client.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 5d9e50b0d2..8ae8a56330 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -681,7 +681,7 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl,
     return( 0 );
 }
 
-static int ssl_tls13_finalize_client_hello( mbedtls_ssl_context* ssl )
+static int ssl_tls13_finalize_client_hello( mbedtls_ssl_context *ssl )
 {
     mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_HELLO );
     return( 0 );

From 55dffe58a010298d81aa23832e2a3e4abb6d00f4 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Mon, 13 Sep 2021 09:33:28 +0200
Subject: [PATCH 487/966] Document the internal function psa_cipher_update_ecb

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 library/psa_crypto_cipher.c | 28 ++++++++++++++++++++++++----
 1 file changed, 24 insertions(+), 4 deletions(-)

diff --git a/library/psa_crypto_cipher.c b/library/psa_crypto_cipher.c
index d8c722bb1b..f67b1ffed2 100644
--- a/library/psa_crypto_cipher.c
+++ b/library/psa_crypto_cipher.c
@@ -255,10 +255,30 @@ static psa_status_t cipher_set_iv( mbedtls_psa_cipher_operation_t *operation,
                                        iv, iv_length ) ) );
 }
 
-/* Process input for which the algorithm is set to ECB mode. This requires
- * manual processing, since the PSA API is defined as being able to process
- * arbitrary-length calls to psa_cipher_update() with ECB mode, but the
- * underlying mbedtls_cipher_update only takes full blocks. */
+/** Process input for which the algorithm is set to ECB mode.
+ *
+ * This requires manual processing, since the PSA API is defined as being
+ * able to process arbitrary-length calls to psa_cipher_update() with ECB mode,
+ * but the underlying mbedtls_cipher_update only takes full blocks.
+ *
+ * \param ctx           The mbedtls cipher context to use. It must have been
+ *                      set up for ECB.
+ * \param[in] input     The input plaintext or ciphertext to process.
+ * \param input_length  The number of bytes to process from \p input.
+ *                      This does not need to be aligned to a block boundary.
+ *                      If there is a partial block at the end of the input,
+ *                      it is stored in \p ctx for future processing.
+ * \param output        The buffer where the output is written.
+ * \param output_size   The size of \p output in bytes.
+ *                      It must be at least `floor((p + input_length) / BS)`
+ *                      where `p` is the number of bytes in the unprocessed
+ *                      partial block in \p ctx (`0 <= p <= BS - 1`) and
+ *                      `BS` is the block size.
+ * \param output_length On success, the number of bytes written to \p output.
+ *                      \c 0 on error.
+ *
+ * \return #PSA_SUCCESS or an error from a hardware accelerator
+ */
 static psa_status_t psa_cipher_update_ecb(
     mbedtls_cipher_context_t *ctx,
     const uint8_t *input,

From 1716f3286419bc68071d69db15daa5480c68df70 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Mon, 13 Sep 2021 09:36:28 +0200
Subject: [PATCH 488/966] psa_cipher_update_ecb: remove parameter output_size

This parameter was set but not used, which was pointless. Clang 14 detects
this and legitimately complains.

Remove the parameter. This is an internal function, only called once. The
caller already has a sufficient check on the output buffer size which
applies in more cases, so there is no real gain in robustness in adding the
same check inside the internal function.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 ChangeLog.d/psa_cipher_update_ecp.txt | 2 ++
 library/psa_crypto_cipher.c           | 9 ++-------
 2 files changed, 4 insertions(+), 7 deletions(-)
 create mode 100644 ChangeLog.d/psa_cipher_update_ecp.txt

diff --git a/ChangeLog.d/psa_cipher_update_ecp.txt b/ChangeLog.d/psa_cipher_update_ecp.txt
new file mode 100644
index 0000000000..1c3fbc6b18
--- /dev/null
+++ b/ChangeLog.d/psa_cipher_update_ecp.txt
@@ -0,0 +1,2 @@
+Bugfix
+   * Fix a parameter set but unused in psa_crypto_cipher.c. Fixes #4935.
diff --git a/library/psa_crypto_cipher.c b/library/psa_crypto_cipher.c
index f67b1ffed2..5c78c23114 100644
--- a/library/psa_crypto_cipher.c
+++ b/library/psa_crypto_cipher.c
@@ -268,9 +268,8 @@ static psa_status_t cipher_set_iv( mbedtls_psa_cipher_operation_t *operation,
  *                      This does not need to be aligned to a block boundary.
  *                      If there is a partial block at the end of the input,
  *                      it is stored in \p ctx for future processing.
- * \param output        The buffer where the output is written.
- * \param output_size   The size of \p output in bytes.
- *                      It must be at least `floor((p + input_length) / BS)`
+ * \param output        The buffer where the output is written. Its size
+ *                      must be at least `floor((p + input_length) / BS)`
  *                      where `p` is the number of bytes in the unprocessed
  *                      partial block in \p ctx (`0 <= p <= BS - 1`) and
  *                      `BS` is the block size.
@@ -284,7 +283,6 @@ static psa_status_t psa_cipher_update_ecb(
     const uint8_t *input,
     size_t input_length,
     uint8_t *output,
-    size_t output_size,
     size_t *output_length )
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
@@ -324,7 +322,6 @@ static psa_status_t psa_cipher_update_ecb(
                 goto exit;
 
             output += internal_output_length;
-            output_size -= internal_output_length;
             *output_length += internal_output_length;
             ctx->unprocessed_len = 0;
         }
@@ -345,7 +342,6 @@ static psa_status_t psa_cipher_update_ecb(
         input += block_size;
 
         output += internal_output_length;
-        output_size -= internal_output_length;
         *output_length += internal_output_length;
     }
 
@@ -400,7 +396,6 @@ static psa_status_t cipher_update( mbedtls_psa_cipher_operation_t *operation,
                                         input,
                                         input_length,
                                         output,
-                                        output_size,
                                         output_length );
     }
     else

From d87d87371f4e3d51be50313a4c2ec26a38ba6d21 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Mon, 13 Sep 2021 12:20:51 +0200
Subject: [PATCH 489/966] Fix the size in bytes

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 library/psa_crypto_cipher.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/library/psa_crypto_cipher.c b/library/psa_crypto_cipher.c
index 5c78c23114..2268fc5850 100644
--- a/library/psa_crypto_cipher.c
+++ b/library/psa_crypto_cipher.c
@@ -268,11 +268,11 @@ static psa_status_t cipher_set_iv( mbedtls_psa_cipher_operation_t *operation,
  *                      This does not need to be aligned to a block boundary.
  *                      If there is a partial block at the end of the input,
  *                      it is stored in \p ctx for future processing.
- * \param output        The buffer where the output is written. Its size
- *                      must be at least `floor((p + input_length) / BS)`
- *                      where `p` is the number of bytes in the unprocessed
- *                      partial block in \p ctx (`0 <= p <= BS - 1`) and
- *                      `BS` is the block size.
+ * \param output        The buffer where the output is written. It must be
+ *                      at least `BS * floor((p + input_length) / BS)` bytes
+ *                      long, where `p` is the number of bytes in the
+ *                      unprocessed partial block in \p ctx (with
+ *                      `0 <= p <= BS - 1`) and `BS` is the block size.
  * \param output_length On success, the number of bytes written to \p output.
  *                      \c 0 on error.
  *

From bdc71888fcedae2d85b367452bc618c63c138a88 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Tue, 14 Sep 2021 19:30:36 +0800
Subject: [PATCH 490/966] Remove restartable and everest from tls1.3

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ecdh.c             | 50 +++++++++++---------------------------
 library/ecdh_misc.h        | 41 +++++++++++++++++++++++++++++++
 library/ssl_misc.h         |  9 -------
 library/ssl_tls13_client.c |  4 ++-
 4 files changed, 58 insertions(+), 46 deletions(-)
 create mode 100644 library/ecdh_misc.h

diff --git a/library/ecdh.c b/library/ecdh.c
index ac60165443..b9319470e5 100644
--- a/library/ecdh.c
+++ b/library/ecdh.c
@@ -31,7 +31,8 @@
 #include "mbedtls/ecdh.h"
 #include "mbedtls/platform_util.h"
 #include "mbedtls/error.h"
-#include "ssl_misc.h"
+
+#include "ecdh_misc.h"
 
 #include <string.h>
 
@@ -730,37 +731,17 @@ int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen,
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
 
 static int ecdh_tls13_make_params_internal( mbedtls_ecdh_context_mbed *ctx,
-                                            size_t *olen, int point_format,
-                                            unsigned char *buf, size_t blen,
-                                            int ( *f_rng )( void *,
-                                                            unsigned char *,
-                                                            size_t),
-                                            void *p_rng, int restart_enabled )
+                size_t *olen, int point_format, unsigned char *buf, size_t blen,
+                int ( *f_rng )( void *, unsigned char *, size_t), void *p_rng )
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-    mbedtls_ecp_restart_ctx *rs_ctx = NULL;
-#endif
 
     if( ctx->grp.pbits == 0 )
         return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
 
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-    if( restart_enabled )
-        rs_ctx = &ctx->rs;
-#else
-    (void) restart_enabled;
-#endif
-
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-    if( ( ret = ecdh_gen_public_restartable( &ctx->grp, &ctx->d, &ctx->Q,
-                                             f_rng, p_rng, rs_ctx ) ) != 0 )
-        return( ret );
-#else
     if( ( ret = mbedtls_ecdh_gen_public( &ctx->grp, &ctx->d, &ctx->Q,
                                          f_rng, p_rng ) ) != 0 )
         return( ret );
-#endif /* MBEDTLS_ECP_RESTARTABLE */
 
     ret = mbedtls_ecp_point_write_binary( &ctx->grp, &ctx->Q, point_format,
                                           olen, buf, blen );
@@ -771,38 +752,35 @@ static int ecdh_tls13_make_params_internal( mbedtls_ecdh_context_mbed *ctx,
 }
 
 int mbedtls_ecdh_tls13_make_params( mbedtls_ecdh_context *ctx, size_t *olen,
-                                    unsigned char *buf, size_t blen,
-                                    int ( *f_rng )( void *, unsigned char *, size_t ),
-                                    void *p_rng )
+                            unsigned char *buf, size_t blen,
+                            int ( *f_rng )( void *, unsigned char *, size_t ),
+                            void *p_rng )
 {
-    int restart_enabled = 0;
     ECDH_VALIDATE_RET( ctx != NULL );
     ECDH_VALIDATE_RET( olen != NULL );
     ECDH_VALIDATE_RET( buf != NULL );
     ECDH_VALIDATE_RET( f_rng != NULL );
 
+
 #if defined(MBEDTLS_ECP_RESTARTABLE)
-    restart_enabled = ctx->restart_enabled;
-#else
-    (void) restart_enabled;
+    if( ctx-> restart_enabled )
+        return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
 #endif
 
 #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
-    return( ecdh_tls13_make_params_internal( ctx, olen, ctx->point_format, buf, blen,
-                                       f_rng, p_rng, restart_enabled ) );
+    return( ecdh_tls13_make_params_internal( ctx, olen, ctx->point_format,
+                                             buf, blen, f_rng, p_rng ) );
 #else
     switch( ctx->var )
     {
 #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
         case MBEDTLS_ECDH_VARIANT_EVEREST:
-            return( mbedtls_everest_make_params( &ctx->ctx.everest_ecdh, olen,
-                                                 buf, blen, f_rng, p_rng ) );
+            return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
 #endif
         case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
             return( ecdh_tls13_make_params_internal( &ctx->ctx.mbed_ecdh, olen,
                                                ctx->point_format, buf, blen,
-                                               f_rng, p_rng,
-                                               restart_enabled ) );
+                                               f_rng, p_rng ) );
         default:
             return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
     }
diff --git a/library/ecdh_misc.h b/library/ecdh_misc.h
new file mode 100644
index 0000000000..3d75b0fce0
--- /dev/null
+++ b/library/ecdh_misc.h
@@ -0,0 +1,41 @@
+/**
+ * \file ecdh_misc.h
+ *
+ * \brief Internal functions shared by the ECDH module
+ */
+/*
+ *  Copyright The Mbed TLS Contributors
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 ( the "License" ); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+#if !defined(MBEDTLS_ECDH_MISC_H)
+#define MBEDTLS_ECDH_MISC_H
+
+#if defined(MBEDTLS_ECDH_C)
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+
+/*
+ * TLS 1.3 version of mbedtls_ecdh_make_params in ecdh.h
+ */
+int mbedtls_ecdh_tls13_make_params( mbedtls_ecdh_context *ctx, size_t *olen,
+                                    unsigned char *buf, size_t blen,
+                                    int ( *f_rng )( void *, unsigned char *, size_t ),
+                                    void *p_rng );
+
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
+
+#endif /* MBEDTLS_ECDH_C */
+
+#endif /* !MBEDTLS_ECDH_MISC_H */
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index fb843848bf..c338d79eec 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -1501,15 +1501,6 @@ int mbedtls_ssl_tls13_write_sig_alg_ext( mbedtls_ssl_context *ssl,
                                          unsigned char *buf,
                                          unsigned char *end,
                                          size_t *olen);
-#if defined(MBEDTLS_ECDH_C)
-/*
- * TLS 1.3 version of mbedtls_ecdh_make_params in ecdh.h
- */
-int mbedtls_ecdh_tls13_make_params( mbedtls_ecdh_context *ctx, size_t *olen,
-                                    unsigned char *buf, size_t blen,
-                                    int ( *f_rng )( void *, unsigned char *, size_t ),
-                                    void *p_rng );
-#endif /* MBEDTLS_ECDH_C */
 
 #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
 
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 8ae8a56330..0190ee5f39 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -27,10 +27,12 @@
 
 #include <string.h>
 
-#include "ssl_misc.h"
 #include "mbedtls/debug.h"
 #include "mbedtls/error.h"
 
+#include "ssl_misc.h"
+#include "ecdh_misc.h"
+
 #define CLIENT_HELLO_RANDOM_LEN 32
 
 /* Write extensions */

From dd1fb9e37eae2c53d42dd78bfed9f5f2766ba4eb Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Wed, 15 Sep 2021 11:10:15 +0800
Subject: [PATCH 491/966] add mbedtls_ecdh_setup_no_everest

Setup ecdh without everest for TLS1.3

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ecdh.c             | 19 +++++++++++++++++++
 library/ecdh_misc.h        | 10 ++++++++++
 library/ssl_tls13_client.c |  4 ++--
 3 files changed, 31 insertions(+), 2 deletions(-)

diff --git a/library/ecdh.c b/library/ecdh.c
index b9319470e5..4d73da0748 100644
--- a/library/ecdh.c
+++ b/library/ecdh.c
@@ -787,6 +787,25 @@ int mbedtls_ecdh_tls13_make_params( mbedtls_ecdh_context *ctx, size_t *olen,
 #endif
 }
 
+/*
+ * Setup context without everst
+ */
+int mbedtls_ecdh_setup_no_everest( mbedtls_ecdh_context *ctx,
+                                   mbedtls_ecp_group_id grp_id )
+{
+    ECDH_VALIDATE_RET( ctx != NULL );
+
+#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
+    return( ecdh_setup_internal( ctx, grp_id ) );
+#else
+    ctx->point_format = MBEDTLS_ECP_PF_UNCOMPRESSED;
+    ctx->var = MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0;
+    ctx->grp_id = grp_id;
+    ecdh_init_internal( &ctx->ctx.mbed_ecdh );
+    return( ecdh_setup_internal( &ctx->ctx.mbed_ecdh, grp_id ) );
+#endif
+}
+
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
 
 #endif /* MBEDTLS_ECDH_C */
diff --git a/library/ecdh_misc.h b/library/ecdh_misc.h
index 3d75b0fce0..c377e704c1 100644
--- a/library/ecdh_misc.h
+++ b/library/ecdh_misc.h
@@ -22,10 +22,19 @@
 #if !defined(MBEDTLS_ECDH_MISC_H)
 #define MBEDTLS_ECDH_MISC_H
 
+#include "mbedtls/ecdh.h"
+#include "mbedtls/ecp.h"
+
 #if defined(MBEDTLS_ECDH_C)
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
 
+/*
+ * Setup context without everst
+ */
+int mbedtls_ecdh_setup_no_everest( mbedtls_ecdh_context *ctx,
+                                   mbedtls_ecp_group_id grp_id );
+
 /*
  * TLS 1.3 version of mbedtls_ecdh_make_params in ecdh.h
  */
@@ -34,6 +43,7 @@ int mbedtls_ecdh_tls13_make_params( mbedtls_ecdh_context *ctx, size_t *olen,
                                     int ( *f_rng )( void *, unsigned char *, size_t ),
                                     void *p_rng );
 
+
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
 
 #endif /* MBEDTLS_ECDH_C */
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 0190ee5f39..91f1b0c867 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -272,8 +272,8 @@ static int ssl_tls13_generate_and_write_ecdh_key_exchange(
 
     MBEDTLS_SSL_DEBUG_MSG( 3, ( "offer curve %s", curve_info->name ) );
 
-    if( ( ret = mbedtls_ecdh_setup( &ssl->handshake->ecdh_ctx,
-                                    curve_info->grp_id ) ) != 0 )
+    if( ( ret = mbedtls_ecdh_setup_no_everest( &ssl->handshake->ecdh_ctx,
+                                               curve_info->grp_id ) ) != 0 )
     {
         MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecp_group_load", ret );
         return( ret );

From d337fbc4cb1ded1d58a1c4fe92aa9988d68ec1f3 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Tue, 14 Sep 2021 00:13:05 +0200
Subject: [PATCH 492/966] x86_64 MULADDC assembly: add missing constraints
 about memory

MULADDC_CORE reads from (%%rsi) and writes to (%%rdi). This fragment is
repeated up to 16 times, and %%rsi and %%rdi are s and d on entry
respectively. Hence the complete asm statement reads 16 64-bit words
from memory starting at s, and writes 16 64-bit words starting at d.

Without any declaration of modified memory, Clang 12 and Clang 13 generated
non-working code for mbedtls_mpi_mod_exp. The constraints make the unit
tests pass with Clang 12.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 ChangeLog.d/muladdc-amd64-memory.txt | 3 +++
 library/bn_mul.h                     | 6 +++---
 2 files changed, 6 insertions(+), 3 deletions(-)
 create mode 100644 ChangeLog.d/muladdc-amd64-memory.txt

diff --git a/ChangeLog.d/muladdc-amd64-memory.txt b/ChangeLog.d/muladdc-amd64-memory.txt
new file mode 100644
index 0000000000..1803e423d8
--- /dev/null
+++ b/ChangeLog.d/muladdc-amd64-memory.txt
@@ -0,0 +1,3 @@
+Bugfix
+   * Fix missing constraints on x86_64 assembly code for bignum multiplication
+     that broke some bignum operations with (at least) Clang 12. Fixes #4786.
diff --git a/library/bn_mul.h b/library/bn_mul.h
index 6ddffc4765..328e765008 100644
--- a/library/bn_mul.h
+++ b/library/bn_mul.h
@@ -225,9 +225,9 @@
         "addq   $8, %%rdi\n"
 
 #define MULADDC_STOP                        \
-        : "+c" (c), "+D" (d), "+S" (s)      \
-        : "b" (b)                           \
-        : "rax", "rdx", "r8"                \
+        : "+c" (c), "+D" (d), "+S" (s), "+m" (*(uint64_t (*)[16]) d) \
+        : "b" (b), "m" (*(const uint64_t (*)[16]) s)                 \
+        : "rax", "rdx", "r8"                                         \
     );
 
 #endif /* AMD64 */

From 388bd0d53c1789669f4f85e1178f7792918270ed Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Wed, 15 Sep 2021 18:41:02 +0800
Subject: [PATCH 493/966] fix various issues

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ecdh.c             |  2 +-
 library/ecdh_misc.h        |  2 +-
 library/ssl_tls13_client.c | 45 ++++++++++++++------------------------
 3 files changed, 19 insertions(+), 30 deletions(-)

diff --git a/library/ecdh.c b/library/ecdh.c
index 4d73da0748..b72bd1fe08 100644
--- a/library/ecdh.c
+++ b/library/ecdh.c
@@ -788,7 +788,7 @@ int mbedtls_ecdh_tls13_make_params( mbedtls_ecdh_context *ctx, size_t *olen,
 }
 
 /*
- * Setup context without everst
+ * Setup context without Everest
  */
 int mbedtls_ecdh_setup_no_everest( mbedtls_ecdh_context *ctx,
                                    mbedtls_ecp_group_id grp_id )
diff --git a/library/ecdh_misc.h b/library/ecdh_misc.h
index c377e704c1..d1342f8b91 100644
--- a/library/ecdh_misc.h
+++ b/library/ecdh_misc.h
@@ -30,7 +30,7 @@
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
 
 /*
- * Setup context without everst
+ * Setup context without Everest
  */
 int mbedtls_ecdh_setup_no_everest( mbedtls_ecdh_context *ctx,
                                    mbedtls_ecp_group_id grp_id );
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 91f1b0c867..13e932c453 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -55,7 +55,7 @@ static int ssl_tls13_write_supported_versions_ext( mbedtls_ssl_context *ssl,
 
     MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported versions extension" ) );
 
-    /* Check if we have space for header and length fields:
+    /* Check if we have space to write the extension:
      * - extension_type         (2 bytes)
      * - extension_data_length  (2 bytes)
      * - versions_length        (1 byte )
@@ -221,7 +221,7 @@ static int ssl_tls13_write_supported_groups_ext( mbedtls_ssl_context *ssl,
     }
     p += output_len;
 
-    /* Both ECDHE and DHE Fail. */
+    /* Both ECDHE and DHE failed. */
     if( ret_ecdhe != 0 && ret_dhe != 0 )
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "Both ECDHE and DHE groups are fail. " ) );
@@ -232,7 +232,7 @@ static int ssl_tls13_write_supported_groups_ext( mbedtls_ssl_context *ssl,
     named_group_list_len = p - named_group_list_ptr;
     if( named_group_list_len == 0 )
     {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "No group Available." ) );
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "No group available." ) );
         return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
     }
 
@@ -275,7 +275,7 @@ static int ssl_tls13_generate_and_write_ecdh_key_exchange(
     if( ( ret = mbedtls_ecdh_setup_no_everest( &ssl->handshake->ecdh_ctx,
                                                curve_info->grp_id ) ) != 0 )
     {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecp_group_load", ret );
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_setup_no_everest", ret );
         return( ret );
     }
 
@@ -299,31 +299,20 @@ static int ssl_tls13_get_default_group_id( mbedtls_ssl_context *ssl,
 {
     int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
 
-    /* Pick first entry of curve list.
-     *
-     * TODO: When we introduce PQC KEMs, we'll have a NamedGroup
-     *       list instead, and can just return its first element.
-     */
 
-    /* Check if ecdhe named groups are available and pick first entry */
 #if defined(MBEDTLS_ECDH_C)
-#if !defined(MBEDTLS_ECP_C)
-    ((void) ssl);
-#endif
-#if defined(MBEDTLS_ECP_C)
-    for ( const mbedtls_ecp_group_id * grp_id = ssl->conf->curve_list;
+    /* Pick first available ECDHE group compatible with TLS 1.3 */
+    if( ssl->conf->curve_list == NULL )
+        return( MBEDTLS_ERR_SSL_BAD_CONFIG );
+
+    for ( const mbedtls_ecp_group_id *grp_id = ssl->conf->curve_list;
           *grp_id != MBEDTLS_ECP_DP_NONE;
           grp_id++ )
     {
         const mbedtls_ecp_curve_info *info;
         info = mbedtls_ecp_curve_info_from_grp_id( *grp_id );
-#else
-    for ( const mbedtls_ecp_curve_info *info = mbedtls_ecp_curve_list();
-          info->grp_id != MBEDTLS_ECP_DP_NONE;
-          info++ )
-    {
-#endif
-        if( info != NULL && mbedtls_ssl_tls13_named_group_is_ecdhe( info->tls_id ) )
+        if( info != NULL &&
+            mbedtls_ssl_tls13_named_group_is_ecdhe( info->tls_id ) )
         {
             *group_id = info->tls_id;
             return( 0 );
@@ -336,7 +325,7 @@ static int ssl_tls13_get_default_group_id( mbedtls_ssl_context *ssl,
 
     /*
      * Add DHE named groups here.
-     * Check if ecdhe named groups are available and pick first entry
+     * Pick first available DHE group compatible with TLS 1.3
      */
 
     return( ret );
@@ -345,7 +334,7 @@ static int ssl_tls13_get_default_group_id( mbedtls_ssl_context *ssl,
 /*
  * ssl_tls13_write_key_share_ext
  *
- * Structure of key_share extension in ClientHelo:
+ * Structure of key_share extension in ClientHello:
  *
  *  struct {
  *          NamedGroup group;
@@ -402,8 +391,8 @@ static int ssl_tls13_write_key_share_ext( mbedtls_ssl_context *ssl,
 #if defined(MBEDTLS_ECDH_C)
     if( mbedtls_ssl_tls13_named_group_is_ecdhe( group_id ) )
     {
-        /* Pointer of group */
-        unsigned char *group_id_ptr = p;
+        /* Pointer to group */
+        unsigned char *group_ptr = p;
         /* Length of key_exchange */
         size_t key_exchange_len;
 
@@ -421,9 +410,9 @@ static int ssl_tls13_write_key_share_ext( mbedtls_ssl_context *ssl,
             return( ret );
 
         /* Write group */
-        MBEDTLS_PUT_UINT16_BE( group_id, group_id_ptr, 0 );
+        MBEDTLS_PUT_UINT16_BE( group_id, group_ptr, 0 );
         /* Write key_exchange_length */
-        MBEDTLS_PUT_UINT16_BE( key_exchange_len, group_id_ptr, 2 );
+        MBEDTLS_PUT_UINT16_BE( key_exchange_len, group_ptr, 2 );
     }
     else
 #endif /* MBEDTLS_ECDH_C */

From 7a5ab044cae7ab148d643426a36694ad785aa4ff Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Wed, 15 Sep 2021 19:22:29 +0800
Subject: [PATCH 494/966] Add tls13 test with everst and ecp restartable

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 tests/scripts/all.sh | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 9944a853f5..8c88b63532 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -2565,6 +2565,8 @@ component_test_tls13_experimental () {
     make
     msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled, without padding"
     make test
+    msg "ssl-opt.sh (TLS 1.3 experimental)"
+    if_build_succeeded tests/ssl-opt.sh
 }
 
 component_test_tls13_experimental_with_padding () {
@@ -2579,6 +2581,31 @@ component_test_tls13_experimental_with_padding () {
     if_build_succeeded tests/ssl-opt.sh
 }
 
+component_test_tls13_experimental_with_ecp_restartable () {
+    msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled, with ecp_restartable"
+    scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
+    scripts/config.py set MBEDTLS_ECP_RESTARTABLE
+    CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
+    make
+    msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled, with ecp_restartable"
+    make test
+    msg "ssl-opt.sh (TLS 1.3 experimental)"
+    if_build_succeeded tests/ssl-opt.sh
+}
+
+component_test_tls13_experimental_with_everest () {
+    msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled, with Everest"
+    scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
+    scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
+    scripts/config.py unset MBEDTLS_ECP_RESTARTABLE
+    CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
+    make
+    msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled, with Everest"
+    make test
+    msg "ssl-opt.sh (TLS 1.3 experimental)"
+    if_build_succeeded tests/ssl-opt.sh
+}
+
 component_build_mingw () {
     msg "build: Windows cross build - mingw64, make (Link Library)" # ~ 30s
     make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 lib programs

From 5b1df10470f901a8cc2855f74137959176e0f2e2 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Wed, 15 Sep 2021 17:04:31 +0200
Subject: [PATCH 495/966] Update the list of issues fixed

This had actually been reported multiple times.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 ChangeLog.d/muladdc-amd64-memory.txt | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/ChangeLog.d/muladdc-amd64-memory.txt b/ChangeLog.d/muladdc-amd64-memory.txt
index 1803e423d8..b834331671 100644
--- a/ChangeLog.d/muladdc-amd64-memory.txt
+++ b/ChangeLog.d/muladdc-amd64-memory.txt
@@ -1,3 +1,4 @@
 Bugfix
    * Fix missing constraints on x86_64 assembly code for bignum multiplication
-     that broke some bignum operations with (at least) Clang 12. Fixes #4786.
+     that broke some bignum operations with (at least) Clang 12.
+     Fixes #4116, #4786, #4917.

From 133740b74e0cbdb078c1194bf7271e413d645bf7 Mon Sep 17 00:00:00 2001
From: Ronald Cron <ronald.cron@arm.com>
Date: Fri, 17 Sep 2021 09:38:07 +0200
Subject: [PATCH 496/966] tests: Improve incomplete then overflow tests

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
---
 tests/suites/test_suite_ccm.function | 34 ++++++++--------------------
 1 file changed, 10 insertions(+), 24 deletions(-)

diff --git a/tests/suites/test_suite_ccm.function b/tests/suites/test_suite_ccm.function
index 472be64540..e48b1f990a 100644
--- a/tests/suites/test_suite_ccm.function
+++ b/tests/suites/test_suite_ccm.function
@@ -646,16 +646,10 @@ void mbedtls_ccm_incomplete_ad_and_overflow( int cipher_id, int mode,
                                              data_t * add )
 {
     mbedtls_ccm_context ctx;
+    uint8_t add_second_buffer[2];
 
-    /* New auth buffer containing same data as original one,
-     * with added extra byte at the end */
-    uint8_t* add_extended = NULL;
-    ASSERT_ALLOC( add_extended, add->len + 1 );
-    if( add_extended )
-    {
-        memcpy( add_extended, add->x, add->len );
-        add_extended[add->len] = 0xAB; // some magic value
-    }
+    add_second_buffer[0] = add->x[ add->len - 1 ];
+    add_second_buffer[1] = 0xAB; // some magic value
 
     mbedtls_ccm_init( &ctx );
     TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 );
@@ -664,11 +658,10 @@ void mbedtls_ccm_incomplete_ad_and_overflow( int cipher_id, int mode,
     TEST_EQUAL( 0, mbedtls_ccm_set_lengths( &ctx, add->len, 16, 16 ) );
 
     // pass incomplete auth data
-    TEST_EQUAL( 0, mbedtls_ccm_update_ad( &ctx, add_extended, add->len - 1) );
+    TEST_EQUAL( 0, mbedtls_ccm_update_ad( &ctx, add->x, add->len - 1) );
     // pass 2 extra bytes (1 missing byte from previous incomplete pass, and 1 unexpected byte)
-    TEST_EQUAL( MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_update_ad( &ctx, add_extended + add->len - 1, 2) );
+    TEST_EQUAL( MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_update_ad( &ctx, add_second_buffer, 2) );
 exit:
-    mbedtls_free( add_extended );
     mbedtls_ccm_free( &ctx );
 }
 /* END_CASE */
@@ -775,16 +768,10 @@ void mbedtls_ccm_incomplete_update_overflow( int cipher_id, int mode,
     mbedtls_ccm_context ctx;
     uint8_t *output = NULL;
     size_t olen;
+    uint8_t msg_second_buffer[2];
 
-    /* New plaintext/ciphertext buffer containing same data as original one,
-     * with added extra byte at the end */
-    uint8_t* msg_extended = NULL;
-    ASSERT_ALLOC( msg_extended, msg->len + 1 );
-    if( msg_extended )
-    {
-        memcpy( msg_extended, msg->x, msg->len );
-        msg_extended[msg->len] = 0xAB; // some magic value
-    }
+    msg_second_buffer[0] = msg->x[ msg->len - 1 ];
+    msg_second_buffer[1] = 0xAB; // some magic value
 
     mbedtls_ccm_init( &ctx );
     TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 );
@@ -796,12 +783,11 @@ void mbedtls_ccm_incomplete_update_overflow( int cipher_id, int mode,
 
     ASSERT_ALLOC( output, msg->len + 1 );
     // pass incomplete text
-    TEST_EQUAL( 0, mbedtls_ccm_update( &ctx, msg_extended, msg->len - 1, output, msg->len + 1, &olen ) );
+    TEST_EQUAL( 0, mbedtls_ccm_update( &ctx, msg->x, msg->len - 1, output, msg->len + 1, &olen ) );
     // pass 2 extra bytes (1 missing byte from previous incomplete pass, and 1 unexpected byte)
     TEST_EQUAL( MBEDTLS_ERR_CCM_BAD_INPUT, \
-                mbedtls_ccm_update( &ctx, msg_extended + msg->len - 1, 2, output +  msg->len - 1, 2, &olen ) );
+                mbedtls_ccm_update( &ctx, msg_second_buffer, 2, output +  msg->len - 1, 2, &olen ) );
 exit:
-    mbedtls_free( msg_extended );
     mbedtls_free( output );
     mbedtls_ccm_free( &ctx );
 }

From 2beb5f302a9ebe313fe1b93d43ec4add7bb9f9d0 Mon Sep 17 00:00:00 2001
From: openluopworld <luopengxq@gmail.com>
Date: Fri, 17 Sep 2021 16:40:22 +0800
Subject: [PATCH 497/966] bugfix: if the len of iv is not 96-bit, ghash is used
 to compute y0. An initialization vector IV can have any number of bits
 between 1 and 2^64. So it should be filled to the lower 64-bit in the last
 step when computing ghash.

Signed-off-by: openluopworld <luopengxq@gmail.com>
---
 library/gcm.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/library/gcm.c b/library/gcm.c
index 910646b281..b575c8f316 100644
--- a/library/gcm.c
+++ b/library/gcm.c
@@ -254,6 +254,7 @@ int mbedtls_gcm_starts( mbedtls_gcm_context *ctx,
     size_t i;
     const unsigned char *p;
     size_t use_len, olen = 0;
+    size_t iv_bits;
 
     GCM_VALIDATE_RET( ctx != NULL );
     GCM_VALIDATE_RET( iv != NULL );
@@ -278,7 +279,9 @@ int mbedtls_gcm_starts( mbedtls_gcm_context *ctx,
     else
     {
         memset( work_buf, 0x00, 16 );
-        MBEDTLS_PUT_UINT32_BE( iv_len * 8, work_buf, 12 );
+        iv_bits = iv_len << 3;
+        MBEDTLS_PUT_UINT32_BE( (iv_bits >> 32), work_buf, 8  );
+        MBEDTLS_PUT_UINT32_BE( iv_bits, work_buf, 12 );
 
         p = iv;
         while( iv_len > 0 )

From 6c8183f0c92c953d421289d22b75de76c2ab5347 Mon Sep 17 00:00:00 2001
From: openluopworld <luopengxq@gmail.com>
Date: Fri, 17 Sep 2021 22:15:49 +0800
Subject: [PATCH 498/966] bugfix: if the len of iv is not 96-bit, ghash is used
 to compute y0. An initialization vector IV can have any number of bits
 between 1 and 2^64. So it should be filled to the lower 64-bit in the last
 step when computing ghash.

Signed-off-by: openluopworld <luopengxq@gmail.com>
---
 library/gcm.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/library/gcm.c b/library/gcm.c
index b575c8f316..0810fd2205 100644
--- a/library/gcm.c
+++ b/library/gcm.c
@@ -254,7 +254,6 @@ int mbedtls_gcm_starts( mbedtls_gcm_context *ctx,
     size_t i;
     const unsigned char *p;
     size_t use_len, olen = 0;
-    size_t iv_bits;
 
     GCM_VALIDATE_RET( ctx != NULL );
     GCM_VALIDATE_RET( iv != NULL );
@@ -279,9 +278,8 @@ int mbedtls_gcm_starts( mbedtls_gcm_context *ctx,
     else
     {
         memset( work_buf, 0x00, 16 );
-        iv_bits = iv_len << 3;
-        MBEDTLS_PUT_UINT32_BE( (iv_bits >> 32), work_buf, 8  );
-        MBEDTLS_PUT_UINT32_BE( iv_bits, work_buf, 12 );
+        MBEDTLS_PUT_UINT32_BE( iv_len >> 29, work_buf, 8  );
+        MBEDTLS_PUT_UINT32_BE( iv_len << 3,  work_buf, 12 );
 
         p = iv;
         while( iv_len > 0 )

From 08fd463ee45a0332f469a6de5acc977a50672999 Mon Sep 17 00:00:00 2001
From: openluopworld <luopengxq@gmail.com>
Date: Sun, 19 Sep 2021 11:18:04 +0800
Subject: [PATCH 499/966] bugfix: if the len of iv is not 96-bit, y0 can be
 calculated incorrectly An initialization vector IV can have any number of
 bits between 1 and 2^64. So it should be filled to the lower 64-bit in the
 last step when computing ghash.

Signed-off-by: openluopworld <luopengxq@gmail.com>
---
 library/gcm.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/library/gcm.c b/library/gcm.c
index 0810fd2205..e1c1c7d518 100644
--- a/library/gcm.c
+++ b/library/gcm.c
@@ -278,8 +278,7 @@ int mbedtls_gcm_starts( mbedtls_gcm_context *ctx,
     else
     {
         memset( work_buf, 0x00, 16 );
-        MBEDTLS_PUT_UINT32_BE( iv_len >> 29, work_buf, 8  );
-        MBEDTLS_PUT_UINT32_BE( iv_len << 3,  work_buf, 12 );
+        MBEDTLS_PUT_UINT64_BE( iv_len * 8,  work_buf, 8 );
 
         p = iv;
         while( iv_len > 0 )

From e64deda873027d7e0a841fda47e741aa55cf2498 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Thu, 9 Sep 2021 14:07:23 +0100
Subject: [PATCH 500/966] Add missing check to multipart decrypt

Ensure that the test actually does something, rather than skipping both
parts, also add comment to this effect.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 tests/suites/test_suite_psa_crypto.function | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index a881087151..19b687e176 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -3494,6 +3494,8 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data,
     size_t ad_part_len = 0;
     size_t data_part_len = 0;
 
+    /* Ensure that either one part of the test or the other is done, i.e this
+     * test does something. */
     TEST_ASSERT( do_test_ad_chunked || do_test_data_chunked );
 
     /* Temporary whilst we have algorithms that cannot support chunking */
@@ -3588,6 +3590,10 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data,
     size_t ad_part_len = 0;
     size_t data_part_len = 0;
 
+    /* Ensure that either one part of the test or the other is done, i.e this
+     * test does something. */
+    TEST_ASSERT( do_test_ad_chunked || do_test_data_chunked );
+
     /* Temporary whilst we have algorithms that cannot support chunking */
     if( do_test_ad_chunked == 1 )
     {

From 4023ffd275d27e5c4ae2c6dffff5c042c6b2566a Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Fri, 10 Sep 2021 16:21:22 +0100
Subject: [PATCH 501/966] Re-add option of NULL buffer for nonce tests

NULL/zero length or valid buffer/zero length both now tested

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 tests/suites/test_suite_psa_crypto.data     | 12 ++++++++++--
 tests/suites/test_suite_psa_crypto.function | 20 ++++++++++++++------
 2 files changed, 24 insertions(+), 8 deletions(-)

diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index 371fee0247..ff3718bd8d 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -2598,10 +2598,14 @@ PSA Multipart Nonce Generation: ChaCha20 - Poly1305, IV = 16
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
 aead_multipart_generate_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:16:12:"":"":PSA_SUCCESS
 
-PSA Multipart Set Nonce, AES - GCM, IV = 0
+PSA Multipart Set Nonce, AES - GCM, IV = 0 (NULL)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):0:"":"":PSA_ERROR_INVALID_ARGUMENT
 
+PSA Multipart Set Nonce, AES - GCM, IV = 0 (Non-NULL)
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):-1:"":"":PSA_ERROR_INVALID_ARGUMENT
+
 PSA Multipart Set Nonce, AES - GCM, IV = 16
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):16:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS
@@ -2618,10 +2622,14 @@ PSA Multipart Set Nonce: ChaCha20 - Poly1305, IV = 8
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
 aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:8:"":"":PSA_ERROR_INVALID_ARGUMENT
 
-PSA Multipart Set Nonce: ChaCha20 - Poly1305, IV = 0
+PSA Multipart Set Nonce: ChaCha20 - Poly1305, IV = 0 (NULL)
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
 aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:0:"":"":PSA_ERROR_INVALID_ARGUMENT
 
+PSA Multipart Set Nonce: ChaCha20 - Poly1305, IV = 0 (Non-NULL)
+depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
+aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:-1:"":"":PSA_ERROR_INVALID_ARGUMENT
+
 PSA Multipart Set Nonce: ChaCha20 - Poly1305, IV = 16
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
 aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:16:"":"":PSA_ERROR_INVALID_ARGUMENT
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 19b687e176..4dfaccb974 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -3777,7 +3777,7 @@ exit:
 /* BEGIN_CASE */
 void aead_multipart_set_nonce( int key_type_arg, data_t *key_data,
                                int alg_arg,
-                               int nonce_length,
+                               int nonce_length_arg,
                                data_t *additional_data,
                                data_t *input_data,
                                int expected_status_arg )
@@ -3793,12 +3793,13 @@ void aead_multipart_set_nonce( int key_type_arg, data_t *key_data,
     psa_status_t expected_status = expected_status_arg;
     unsigned char *output = NULL;
     unsigned char *ciphertext = NULL;
+    size_t nonce_length;
     size_t output_size = 0;
     size_t ciphertext_size = 0;
     size_t ciphertext_length = 0;
     size_t tag_length = 0;
     uint8_t tag_buffer[PSA_AEAD_TAG_MAX_SIZE];
-    int index = 0;
+    size_t index = 0;
 
     PSA_ASSERT( psa_crypto_init( ) );
 
@@ -3831,23 +3832,30 @@ void aead_multipart_set_nonce( int key_type_arg, data_t *key_data,
     if( status == PSA_ERROR_NOT_SUPPORTED )
     {
         MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 );
-        MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce_length );
+        MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce_length_arg );
     }
 
     PSA_ASSERT( status );
 
-    if( nonce_length == 0 )
+    /* -1 == zero length and valid buffer, 0 = zero length and NULL buffer. */
+    if( nonce_length_arg == -1 )
     {
          /* Arbitrary size buffer, to test zero length valid buffer. */
          ASSERT_ALLOC( nonce_buffer, 4 );
+         nonce_length = 0;
     }
     else
     {
+        /* If length is zero, then this will return NULL. */
+        nonce_length = ( size_t ) nonce_length_arg;
         ASSERT_ALLOC( nonce_buffer, nonce_length );
 
-        for( index = 0; index < nonce_length - 1; ++index)
+        if( nonce_buffer )
         {
-            nonce_buffer[index] = 'a' + index;
+            for( index = 0; index < nonce_length - 1; ++index )
+            {
+                nonce_buffer[index] = 'a' + index;
+            }
         }
     }
 

From e58cb1e0cf2f517fb407e4808aee6bffd0a0b263 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Fri, 10 Sep 2021 18:36:00 +0100
Subject: [PATCH 502/966] Aligh finish_buffer_test vars with PSA standard

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 tests/suites/test_suite_psa_crypto.function | 30 +++++++++++----------
 1 file changed, 16 insertions(+), 14 deletions(-)

diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 4dfaccb974..5c27a59579 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -3976,7 +3976,7 @@ exit:
 /* BEGIN_CASE */
 void aead_multipart_finish_buffer_test( int key_type_arg, data_t *key_data,
                                         int alg_arg,
-                                        int buffer_size,
+                                        int finish_ciphertext_size_arg,
                                         data_t *nonce,
                                         data_t *additional_data,
                                         data_t *input_data,
@@ -3990,10 +3990,11 @@ void aead_multipart_finish_buffer_test( int key_type_arg, data_t *key_data,
     psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     psa_status_t status = PSA_ERROR_GENERIC_ERROR;
     psa_status_t expected_status = expected_status_arg;
-    unsigned char *output_data = NULL;
-    unsigned char *final_data = NULL;
-    size_t output_size = 0;
-    size_t output_length = 0;
+    unsigned char *ciphertext = NULL;
+    unsigned char *finish_ciphertext = NULL;
+    size_t ciphertext_size = 0;
+    size_t ciphertext_length = 0;
+    size_t finish_ciphertext_size = ( size_t ) finish_ciphertext_size_arg;
     size_t tag_length = 0;
     uint8_t tag_buffer[PSA_AEAD_TAG_MAX_SIZE];
 
@@ -4008,13 +4009,13 @@ void aead_multipart_finish_buffer_test( int key_type_arg, data_t *key_data,
 
     PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
 
-    output_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, input_data->len );
+    ciphertext_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, input_data->len );
 
-    ASSERT_ALLOC( output_data, output_size );
+    ASSERT_ALLOC( ciphertext, ciphertext_size );
 
-    TEST_ASSERT( buffer_size <= PSA_AEAD_FINISH_OUTPUT_MAX_SIZE );
+    TEST_ASSERT( finish_ciphertext_size <= PSA_AEAD_FINISH_OUTPUT_MAX_SIZE );
 
-    ASSERT_ALLOC( final_data, buffer_size );
+    ASSERT_ALLOC( finish_ciphertext, finish_ciphertext_size );
 
     operation = psa_aead_operation_init( );
 
@@ -4037,19 +4038,20 @@ void aead_multipart_finish_buffer_test( int key_type_arg, data_t *key_data,
                                     additional_data->len ) );
 
     PSA_ASSERT( psa_aead_update( &operation, input_data->x, input_data->len,
-                              output_data, output_size, &output_length ) );
+                              ciphertext, ciphertext_size, &ciphertext_length ) );
 
     /* Ensure we can still complete operation. */
-    status = psa_aead_finish( &operation, final_data, buffer_size,
-                              &output_length, tag_buffer,
+    status = psa_aead_finish( &operation, finish_ciphertext,
+                              finish_ciphertext_size,
+                              &ciphertext_length, tag_buffer,
                               PSA_AEAD_TAG_MAX_SIZE, &tag_length );
 
     TEST_EQUAL( status, expected_status );
 
 exit:
     psa_destroy_key( key );
-    mbedtls_free( output_data );
-    mbedtls_free( final_data );
+    mbedtls_free( ciphertext );
+    mbedtls_free( finish_ciphertext );
     psa_aead_abort( &operation );
     PSA_DONE( );
 }

From 719c1324a124dcb7f6744f206e2c930020032629 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Mon, 13 Sep 2021 18:27:22 +0100
Subject: [PATCH 503/966] Add tag buffer size tests to finish buffer tests

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 tests/suites/test_suite_psa_crypto.data     | 29 ++++++++++++++++-----
 tests/suites/test_suite_psa_crypto.function |  8 ++++--
 2 files changed, 29 insertions(+), 8 deletions(-)

diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index ff3718bd8d..8bf7303879 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -2650,17 +2650,34 @@ PSA AEAD output buffer test: ChaCha20 - Poly1305 IN = 130, BUF = 130
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
 aead_multipart_update_buffer_test:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:130:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":PSA_SUCCESS
 
-PSA AEAD finish buffer test: AES - GCM, BUF = 8
+PSA AEAD finish buffer test: AES - GCM, BUF = 8, TAG = 16
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_finish_buffer_test:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):8:"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":PSA_ERROR_BUFFER_TOO_SMALL
+aead_multipart_finish_buffer_test:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):8:16:"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":PSA_ERROR_BUFFER_TOO_SMALL
 
-PSA AEAD finish buffer test: AES - GCM, BUF = 15
+PSA AEAD finish buffer test: AES - GCM, BUF = 15, TAG = 20
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_finish_buffer_test:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):15:"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":PSA_SUCCESS
+aead_multipart_finish_buffer_test:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):15:20:"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":PSA_SUCCESS
 
-PSA AEAD finish buffer test: ChaCha20 - Poly1305, BUF = 0
+PSA AEAD finish buffer test: AES - GCM, BUF = 15, TAG = 15
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_finish_buffer_test:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):15:15:"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":PSA_ERROR_BUFFER_TOO_SMALL
+
+PSA AEAD finish buffer test: AES - GCM, BUF = 15, TAG = 0
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_finish_buffer_test:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):15:0:"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":PSA_ERROR_BUFFER_TOO_SMALL
+
+PSA AEAD finish buffer test: ChaCha20 - Poly1305, BUF = 0, TAG = 20
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
-aead_multipart_finish_buffer_test:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:0:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":PSA_SUCCESS
+aead_multipart_finish_buffer_test:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:0:20:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":PSA_SUCCESS
+
+PSA AEAD finish buffer test: ChaCha20 - Poly1305, BUF = 0, TAG = 15
+depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
+aead_multipart_finish_buffer_test:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:0:15:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":PSA_ERROR_BUFFER_TOO_SMALL
+
+PSA AEAD finish buffer test: ChaCha20 - Poly1305, BUF = 0, TAG = 0
+depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
+aead_multipart_finish_buffer_test:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:0:0:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":PSA_ERROR_BUFFER_TOO_SMALL
+
 
 PSA Multipart State Checks, AES - GCM
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 5c27a59579..eea0b68e03 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -3977,6 +3977,7 @@ exit:
 void aead_multipart_finish_buffer_test( int key_type_arg, data_t *key_data,
                                         int alg_arg,
                                         int finish_ciphertext_size_arg,
+                                        int tag_size_arg,
                                         data_t *nonce,
                                         data_t *additional_data,
                                         data_t *input_data,
@@ -3992,11 +3993,12 @@ void aead_multipart_finish_buffer_test( int key_type_arg, data_t *key_data,
     psa_status_t expected_status = expected_status_arg;
     unsigned char *ciphertext = NULL;
     unsigned char *finish_ciphertext = NULL;
+    unsigned char *tag_buffer = NULL;
     size_t ciphertext_size = 0;
     size_t ciphertext_length = 0;
     size_t finish_ciphertext_size = ( size_t ) finish_ciphertext_size_arg;
+    size_t tag_size = ( size_t ) tag_size_arg;
     size_t tag_length = 0;
-    uint8_t tag_buffer[PSA_AEAD_TAG_MAX_SIZE];
 
     PSA_ASSERT( psa_crypto_init( ) );
 
@@ -4017,6 +4019,8 @@ void aead_multipart_finish_buffer_test( int key_type_arg, data_t *key_data,
 
     ASSERT_ALLOC( finish_ciphertext, finish_ciphertext_size );
 
+    ASSERT_ALLOC( tag_buffer, tag_size );
+
     operation = psa_aead_operation_init( );
 
     status = psa_aead_encrypt_setup( &operation, key, alg );
@@ -4044,7 +4048,7 @@ void aead_multipart_finish_buffer_test( int key_type_arg, data_t *key_data,
     status = psa_aead_finish( &operation, finish_ciphertext,
                               finish_ciphertext_size,
                               &ciphertext_length, tag_buffer,
-                              PSA_AEAD_TAG_MAX_SIZE, &tag_length );
+                              tag_size, &tag_length );
 
     TEST_EQUAL( status, expected_status );
 

From 06b6b8c8d6752d4da7d58f80cb52c41e2f2a30a5 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Mon, 13 Sep 2021 19:02:04 +0100
Subject: [PATCH 504/966] Add missing zeroize for sensitive tag data.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto_driver_wrappers.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c
index 1dd3b2db92..5e7eb11ccf 100644
--- a/library/psa_crypto_driver_wrappers.c
+++ b/library/psa_crypto_driver_wrappers.c
@@ -1760,6 +1760,8 @@ psa_status_t psa_driver_wrapper_aead_verify(
                         status = PSA_ERROR_INVALID_SIGNATURE;
                 }
 
+                mbedtls_platform_zeroize( check_tag, sizeof( check_tag ) );
+
                 return( status );
             }
 

From b183d56b5f0a836af85c9bedaf9790ef0d0b284d Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Mon, 13 Sep 2021 19:02:57 +0100
Subject: [PATCH 505/966] Use safer size for tag checking

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto_driver_wrappers.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c
index 5e7eb11ccf..4c56162f3b 100644
--- a/library/psa_crypto_driver_wrappers.c
+++ b/library/psa_crypto_driver_wrappers.c
@@ -1749,7 +1749,7 @@ psa_status_t psa_driver_wrapper_aead_verify(
                                                   plaintext_size,
                                                   plaintext_length,
                                                   check_tag,
-                                                  tag_length,
+                                                  sizeof( check_tag ),
                                                   &check_tag_length );
 
                 if( status == PSA_SUCCESS )

From 5a9642ff287c96b19c5933b85f10c9c9f7e894fb Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Mon, 13 Sep 2021 19:13:22 +0100
Subject: [PATCH 506/966] Correct switched blocks for output sizes

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 tests/suites/test_suite_psa_crypto.function | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index eea0b68e03..b99be90ff8 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -372,13 +372,13 @@ static int aead_multipart_internal_func( int key_type_arg, data_t *key_data,
 
     if( is_encrypt )
     {
-        final_output_size = PSA_AEAD_VERIFY_OUTPUT_SIZE( key_type, alg );
-        TEST_ASSERT( final_output_size <= PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE );
+        final_output_size = PSA_AEAD_FINISH_OUTPUT_SIZE( key_type, alg );
+        TEST_ASSERT( final_output_size <= PSA_AEAD_FINISH_OUTPUT_MAX_SIZE );
     }
     else
     {
-        final_output_size = PSA_AEAD_FINISH_OUTPUT_SIZE( key_type, alg );
-        TEST_ASSERT( final_output_size <= PSA_AEAD_FINISH_OUTPUT_MAX_SIZE );
+        final_output_size = PSA_AEAD_VERIFY_OUTPUT_SIZE( key_type, alg );
+        TEST_ASSERT( final_output_size <= PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE );
     }
 
     ASSERT_ALLOC( final_data, final_output_size );

From 6bfd0fbbc6b24e1b8a5d76c226ff6c806fef49c1 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Wed, 15 Sep 2021 14:15:55 +0100
Subject: [PATCH 507/966] Convert all uint32_t lengths over to size_t

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 tests/suites/test_suite_psa_crypto.function | 21 ++++++++++++---------
 1 file changed, 12 insertions(+), 9 deletions(-)

diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index b99be90ff8..da39502146 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -297,9 +297,9 @@ static int aead_multipart_internal_func( int key_type_arg, data_t *key_data,
                                          int alg_arg,
                                          data_t *nonce,
                                          data_t *additional_data,
-                                         int ad_part_len,
+                                         int ad_part_len_arg,
                                          data_t *input_data,
-                                         int data_part_len,
+                                         int data_part_len_arg,
                                          int do_set_lengths,
                                          data_t *expected_output,
                                          int expect_valid_signature,
@@ -321,16 +321,18 @@ static int aead_multipart_internal_func( int key_type_arg, data_t *key_data,
     size_t output_length = 0;
     size_t key_bits = 0;
     size_t tag_length = 0;
-    uint32_t part_offset = 0;
+    size_t part_offset = 0;
     size_t part_length = 0;
     size_t output_part_length = 0;
     size_t tag_size = 0;
+    size_t ad_part_len = 0;
+    size_t data_part_len = 0;
     uint8_t tag_buffer[PSA_AEAD_TAG_MAX_SIZE];
     psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     psa_status_t status = PSA_ERROR_GENERIC_ERROR;
 
     int test_ok = 0;
-    uint32_t part_count = 0;
+    size_t part_count = 0;
 
     PSA_ASSERT( psa_crypto_init( ) );
 
@@ -423,9 +425,10 @@ static int aead_multipart_internal_func( int key_type_arg, data_t *key_data,
         }
     }
 
-    if( ad_part_len != -1 )
+    if( ad_part_len_arg != -1 )
     {
         /* Pass additional data in parts */
+        ad_part_len = (size_t) ad_part_len_arg;
         part_offset = 0;
 
         while( part_offset < additional_data->len )
@@ -436,8 +439,7 @@ static int aead_multipart_internal_func( int key_type_arg, data_t *key_data,
             }
             else
             {
-                if( additional_data->len - part_offset <
-                    ( uint32_t ) ad_part_len )
+                if( additional_data->len - part_offset < ad_part_len )
                 {
                     part_length = additional_data->len - part_offset;
                 }
@@ -461,9 +463,10 @@ static int aead_multipart_internal_func( int key_type_arg, data_t *key_data,
                                         additional_data->len ) );
     }
 
-    if( data_part_len != -1 )
+    if( data_part_len_arg != -1 )
     {
         /* Pass data in parts */
+        data_part_len = ( size_t ) data_part_len_arg;
         part_data_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg,
                                                       ( size_t ) data_part_len );
 
@@ -479,7 +482,7 @@ static int aead_multipart_internal_func( int key_type_arg, data_t *key_data,
             }
             else
             {
-                if( ( data_true_size - part_offset ) < ( uint32_t ) data_part_len )
+                if( ( data_true_size - part_offset ) < data_part_len )
                 {
                     part_length = ( data_true_size - part_offset );
                 }

From 9454cfa911ceb40d9caf83085ca739f03607af1f Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Wed, 15 Sep 2021 14:21:55 +0100
Subject: [PATCH 508/966] Remove unneccesary safety check in test

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 tests/suites/test_suite_psa_crypto.function | 2 --
 1 file changed, 2 deletions(-)

diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index da39502146..543b2f6b24 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -4018,8 +4018,6 @@ void aead_multipart_finish_buffer_test( int key_type_arg, data_t *key_data,
 
     ASSERT_ALLOC( ciphertext, ciphertext_size );
 
-    TEST_ASSERT( finish_ciphertext_size <= PSA_AEAD_FINISH_OUTPUT_MAX_SIZE );
-
     ASSERT_ALLOC( finish_ciphertext, finish_ciphertext_size );
 
     ASSERT_ALLOC( tag_buffer, tag_size );

From 33746aac321225b0d546d1394b6ad3d65e6d8567 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Wed, 15 Sep 2021 16:40:40 +0100
Subject: [PATCH 509/966] Convert set lengths options over to enum

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 tests/suites/test_suite_psa_crypto.function | 107 ++++++++++++--------
 1 file changed, 67 insertions(+), 40 deletions(-)

diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 543b2f6b24..99183991d0 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -264,6 +264,13 @@ typedef enum {
     DERIVE_KEY = 2
 } generate_method;
 
+typedef enum
+{
+    DO_NOT_SET_LENGTHS = 0,
+    SET_LENGTHS_BEFORE_NONCE = 1,
+    SET_LENGTHS_AFTER_NONCE = 2
+} setlengths_method;
+
 /*!
  * \brief                           Internal Function for AEAD multipart tests.
  *
@@ -300,12 +307,11 @@ static int aead_multipart_internal_func( int key_type_arg, data_t *key_data,
                                          int ad_part_len_arg,
                                          data_t *input_data,
                                          int data_part_len_arg,
-                                         int do_set_lengths,
+                                         setlengths_method set_lengths_method,
                                          data_t *expected_output,
                                          int expect_valid_signature,
                                          int is_encrypt,
-                                         int do_zero_parts,
-                                         int swap_set_functions )
+                                         int do_zero_parts )
 {
     mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
     psa_key_type_t key_type = key_type_arg;
@@ -404,25 +410,20 @@ static int aead_multipart_internal_func( int key_type_arg, data_t *key_data,
 
     PSA_ASSERT( status );
 
-    if( swap_set_functions )
+    if( set_lengths_method ==  DO_NOT_SET_LENGTHS )
+        PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) );
+    else if( set_lengths_method == SET_LENGTHS_BEFORE_NONCE )
     {
-        if( do_set_lengths )
-        {
-            PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len,
-                                              data_true_size ) );
-        }
-
+        PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len,
+                                          data_true_size ) );
         PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) );
     }
-    else
+    else if( set_lengths_method ==  SET_LENGTHS_AFTER_NONCE )
     {
         PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) );
 
-        if( do_set_lengths )
-        {
-            PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len,
-                                              data_true_size ) );
-        }
+        PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len,
+                                          data_true_size ) );
     }
 
     if( ad_part_len_arg != -1 )
@@ -3496,6 +3497,7 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data,
 {
     size_t ad_part_len = 0;
     size_t data_part_len = 0;
+    setlengths_method set_lengths_method = DO_NOT_SET_LENGTHS;
 
     /* Ensure that either one part of the test or the other is done, i.e this
      * test does something. */
@@ -3509,16 +3511,23 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data,
         {
             mbedtls_test_set_step( ad_part_len );
 
+            if( do_set_lengths )
+            {
+                if( ad_part_len & 0x01 )
+                    set_lengths_method = SET_LENGTHS_AFTER_NONCE;
+                else
+                    set_lengths_method = SET_LENGTHS_BEFORE_NONCE;
+            }
+
             /* Split ad into length(ad_part_len) parts. */
             if( !aead_multipart_internal_func( key_type_arg, key_data,
                                                alg_arg, nonce,
                                                additional_data,
                                                ad_part_len,
                                                input_data, -1,
-                                               do_set_lengths,
+                                               set_lengths_method,
                                                expected_output,
-                                               1, 1, 0,
-                                               ( ad_part_len & 0x01 ) ) )
+                                               1, 1, 0 ) )
                 break;
 
             /* length(0) part, length(ad_part_len) part, length(0) part... */
@@ -3529,10 +3538,9 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data,
                                                additional_data,
                                                ad_part_len,
                                                input_data, -1,
-                                               do_set_lengths,
+                                               set_lengths_method,
                                                expected_output,
-                                               1, 1, 1,
-                                               ( ad_part_len & 0x01 ) ) )
+                                               1, 1, 1 ) )
                 break;
         }
     }
@@ -3546,14 +3554,21 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data,
             /* Split data into length(data_part_len) parts. */
             mbedtls_test_set_step( 2000 + data_part_len );
 
+            if( do_set_lengths )
+            {
+                if( data_part_len & 0x01 )
+                    set_lengths_method = SET_LENGTHS_AFTER_NONCE;
+                else
+                    set_lengths_method = SET_LENGTHS_BEFORE_NONCE;
+            }
+
             if( !aead_multipart_internal_func( key_type_arg, key_data,
                                                alg_arg, nonce,
                                                additional_data, -1,
                                                input_data, data_part_len,
-                                               do_set_lengths,
+                                               set_lengths_method,
                                                expected_output,
-                                               1, 1, 0,
-                                               ( data_part_len & 0x01 ) ) )
+                                               1, 1, 0 ) )
                 break;
 
             /* length(0) part, length(data_part_len) part, length(0) part... */
@@ -3563,10 +3578,9 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data,
                                                alg_arg, nonce,
                                                additional_data, -1,
                                                input_data, data_part_len,
-                                               do_set_lengths,
+                                               set_lengths_method,
                                                expected_output,
-                                               1, 1, 1,
-                                               ( data_part_len & 0x01 ) ) )
+                                               1, 1, 1 ) )
                 break;
         }
     }
@@ -3592,6 +3606,7 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data,
 {
     size_t ad_part_len = 0;
     size_t data_part_len = 0;
+    setlengths_method set_lengths_method = DO_NOT_SET_LENGTHS;
 
     /* Ensure that either one part of the test or the other is done, i.e this
      * test does something. */
@@ -3606,16 +3621,23 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data,
             /* Split ad into length(ad_part_len) parts. */
             mbedtls_test_set_step( ad_part_len );
 
+            if( do_set_lengths )
+            {
+                if( ad_part_len & 0x01 )
+                    set_lengths_method = SET_LENGTHS_AFTER_NONCE;
+                else
+                    set_lengths_method = SET_LENGTHS_BEFORE_NONCE;
+            }
+
             if( !aead_multipart_internal_func( key_type_arg, key_data,
                                                alg_arg, nonce,
                                                additional_data,
                                                ad_part_len,
                                                input_data, -1,
-                                               do_set_lengths,
+                                               set_lengths_method,
                                                expected_output,
                                                expect_valid_signature,
-                                               0, 0,
-                                               ( ad_part_len & 0x01 ) ) )
+                                               0, 0 ) )
                 break;
 
             /* length(0) part, length(ad_part_len) part, length(0) part... */
@@ -3626,11 +3648,10 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data,
                                                additional_data,
                                                ad_part_len,
                                                input_data, -1,
-                                               do_set_lengths,
+                                               set_lengths_method,
                                                expected_output,
                                                expect_valid_signature,
-                                               0, 1,
-                                               ( ad_part_len & 0x01 ) ) )
+                                               0, 1 ) )
                 break;
         }
     }
@@ -3644,15 +3665,22 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data,
             /* Split data into length(data_part_len) parts. */
             mbedtls_test_set_step( 2000 + data_part_len );
 
+            if( do_set_lengths )
+            {
+                if( data_part_len & 0x01 )
+                    set_lengths_method = SET_LENGTHS_AFTER_NONCE;
+                else
+                    set_lengths_method = SET_LENGTHS_BEFORE_NONCE;
+            }
+
             if( !aead_multipart_internal_func( key_type_arg, key_data,
                                                alg_arg, nonce,
                                                additional_data, -1,
                                                input_data, data_part_len,
-                                               do_set_lengths,
+                                               set_lengths_method,
                                                expected_output,
                                                expect_valid_signature,
-                                               0, 0,
-                                               ( data_part_len & 0x01 ) ) )
+                                               0, 0 ) )
                 break;
 
             /* length(0) part, length(data_part_len) part, length(0) part... */
@@ -3662,11 +3690,10 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data,
                                                alg_arg, nonce,
                                                additional_data, -1,
                                                input_data, data_part_len,
-                                               do_set_lengths,
+                                               set_lengths_method,
                                                expected_output,
                                                expect_valid_signature,
-                                               0, 1,
-                                               ( data_part_len & 0x01 ) ) )
+                                               0, 1 ) )
                 break;
         }
     }

From 4e4d71a8388b3aec1779af1daa045652d450e506 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Wed, 15 Sep 2021 16:50:01 +0100
Subject: [PATCH 510/966] Move hidden logic into loop 'for' statement

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 tests/suites/test_suite_psa_crypto.function | 17 ++++++++---------
 1 file changed, 8 insertions(+), 9 deletions(-)

diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 99183991d0..f5865bb741 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -430,11 +430,12 @@ static int aead_multipart_internal_func( int key_type_arg, data_t *key_data,
     {
         /* Pass additional data in parts */
         ad_part_len = (size_t) ad_part_len_arg;
-        part_offset = 0;
 
-        while( part_offset < additional_data->len )
+        for( part_offset = 0, part_count = 0;
+             part_offset < additional_data->len;
+             part_offset += part_length, part_count++ )
         {
-            if( do_zero_parts && part_count++ & 0x01 )
+            if( do_zero_parts && ( part_count & 0x01 ) )
             {
                 part_length = 0;
             }
@@ -454,7 +455,6 @@ static int aead_multipart_internal_func( int key_type_arg, data_t *key_data,
                                             additional_data->x + part_offset,
                                             part_length ) );
 
-            part_offset += part_length;
         }
     }
     else
@@ -473,11 +473,11 @@ static int aead_multipart_internal_func( int key_type_arg, data_t *key_data,
 
         ASSERT_ALLOC( part_data, part_data_size );
 
-        part_offset = 0;
-
-        while( part_offset < data_true_size )
+        for( part_offset = 0, part_count = 0;
+             part_offset < data_true_size;
+             part_offset += part_length, part_count++ )
         {
-            if( do_zero_parts && part_count++ & 0x01 )
+            if( do_zero_parts && ( part_count & 0x01 ) )
             {
                 part_length = 0;
             }
@@ -505,7 +505,6 @@ static int aead_multipart_internal_func( int key_type_arg, data_t *key_data,
                         output_part_length );
             }
 
-            part_offset += part_length;
             output_length += output_part_length;
         }
     }

From e49fe454785bfe1654ffe28f8be17e8113248877 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Wed, 15 Sep 2021 16:52:11 +0100
Subject: [PATCH 511/966] Remove unneccesary nesting

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 tests/suites/test_suite_psa_crypto.function | 26 ++++++++-------------
 1 file changed, 10 insertions(+), 16 deletions(-)

diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index f5865bb741..7c3e9904d8 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -439,16 +439,13 @@ static int aead_multipart_internal_func( int key_type_arg, data_t *key_data,
             {
                 part_length = 0;
             }
+            else if( additional_data->len - part_offset < ad_part_len )
+            {
+                part_length = additional_data->len - part_offset;
+            }
             else
             {
-                if( additional_data->len - part_offset < ad_part_len )
-                {
-                    part_length = additional_data->len - part_offset;
-                }
-                else
-                {
-                    part_length = ad_part_len;
-                }
+                part_length = ad_part_len;
             }
 
             PSA_ASSERT( psa_aead_update_ad( &operation,
@@ -481,16 +478,13 @@ static int aead_multipart_internal_func( int key_type_arg, data_t *key_data,
             {
                 part_length = 0;
             }
+            else if( ( data_true_size - part_offset ) < data_part_len )
+            {
+                part_length = ( data_true_size - part_offset );
+            }
             else
             {
-                if( ( data_true_size - part_offset ) < data_part_len )
-                {
-                    part_length = ( data_true_size - part_offset );
-                }
-                else
-                {
-                    part_length = data_part_len;
-                }
+                part_length = data_part_len;
             }
 
             PSA_ASSERT( psa_aead_update( &operation,

From f38adbe5588b90764de0e3882fc7eb6359a5cd1a Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Wed, 15 Sep 2021 17:04:19 +0100
Subject: [PATCH 512/966] Ensure tests expected to fail actually fail

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 tests/suites/test_suite_psa_crypto.function | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 7c3e9904d8..f9f013a227 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -524,16 +524,18 @@ static int aead_multipart_internal_func( int key_type_arg, data_t *key_data,
                                      ( input_data->x + data_true_size ),
                                      tag_length );
 
-        if( status != PSA_SUCCESS )
+        if( expect_valid_signature )
+            PSA_ASSERT( status );
+        else
         {
-            if( !expect_valid_signature )
+            TEST_ASSERT( status != PSA_SUCCESS );
+
+            if( status != PSA_SUCCESS )
             {
                 /* Expected failure. */
                 test_ok = 1;
                 goto exit;
             }
-            else
-                PSA_ASSERT( status );
         }
     }
 

From a3d153f928373abdac80e736b99138fec718d6cd Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Wed, 15 Sep 2021 17:37:41 +0100
Subject: [PATCH 513/966] Make nonce based test descriptions more clear

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 tests/suites/test_suite_psa_crypto.data | 32 ++++++++++++-------------
 1 file changed, 16 insertions(+), 16 deletions(-)

diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index 8bf7303879..9e0b574dba 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -2570,67 +2570,67 @@ PSA Multipart AEAD decrypt: invalid algorithm (ChaCha20)
 depends_on:MBEDTLS_CHACHA20_C
 aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_STREAM_CIPHER:"":"":1:"":1:0:"":0
 
-PSA Multipart Nonce Generation, AES - GCM, IV = 12
+PSA Multipart Nonce Generation, AES - GCM, NONCE = (Req 12 / Expect 12)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_generate_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):12:12:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS
 
-PSA Multipart Nonce Generation, AES - GCM, IV = 0
+PSA Multipart Nonce Generation, AES - GCM, NONCE = (Req 0 / Expect 0)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_generate_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):0:0:"":"":PSA_ERROR_BUFFER_TOO_SMALL
 
-PSA Multipart Nonce Generation, AES - GCM, IV = 16
+PSA Multipart Nonce Generation, AES - GCM, NONCE = (Req 16 / Expect 12)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_generate_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):16:12:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS
 
-PSA Multipart Nonce Generation: ChaCha20 - Poly1305, IV = 12
+PSA Multipart Nonce Generation: ChaCha20 - Poly1305, NONCE = (Req 12 / Expect 12)
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
 aead_multipart_generate_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:12:12:"50515253c0c1c2c3c4c5c6c7":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_SUCCESS
 
-PSA Multipart Nonce Generation: ChaCha20 - Poly1305, IV = 8
+PSA Multipart Nonce Generation: ChaCha20 - Poly1305, NONCE = (Req 8 / Expect 0)
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
 aead_multipart_generate_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:8:0:"":"":PSA_ERROR_BUFFER_TOO_SMALL
 
-PSA Multipart Nonce Generation: ChaCha20 - Poly1305, IV = 0
+PSA Multipart Nonce Generation: ChaCha20 - Poly1305, NONCE = (Req 0 / Expect 0)
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
 aead_multipart_generate_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:0:0:"":"":PSA_ERROR_BUFFER_TOO_SMALL
 
-PSA Multipart Nonce Generation: ChaCha20 - Poly1305, IV = 16
+PSA Multipart Nonce Generation: ChaCha20 - Poly1305, NONCE = (Req 16 / Expect 12)
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
 aead_multipart_generate_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:16:12:"":"":PSA_SUCCESS
 
-PSA Multipart Set Nonce, AES - GCM, IV = 0 (NULL)
+PSA Multipart Set Nonce, AES - GCM, NONCE = 0 (NULL)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):0:"":"":PSA_ERROR_INVALID_ARGUMENT
 
-PSA Multipart Set Nonce, AES - GCM, IV = 0 (Non-NULL)
+PSA Multipart Set Nonce, AES - GCM, NONCE = 0 (Non-NULL)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):-1:"":"":PSA_ERROR_INVALID_ARGUMENT
 
-PSA Multipart Set Nonce, AES - GCM, IV = 16
+PSA Multipart Set Nonce, AES - GCM, NONCE = 16
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):16:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS
 
-PSA Multipart Set Nonce, AES - GCM, IV = 20
+PSA Multipart Set Nonce, AES - GCM, NONCE = 20
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):20:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS
 
-PSA Multipart Set Nonce: ChaCha20 - Poly1305, IV = 12
+PSA Multipart Set Nonce: ChaCha20 - Poly1305, NONCE = 12
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
 aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:12:"50515253c0c1c2c3c4c5c6c7":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_SUCCESS
 
-PSA Multipart Set Nonce: ChaCha20 - Poly1305, IV = 8
+PSA Multipart Set Nonce: ChaCha20 - Poly1305, NONCE = 8
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
 aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:8:"":"":PSA_ERROR_INVALID_ARGUMENT
 
-PSA Multipart Set Nonce: ChaCha20 - Poly1305, IV = 0 (NULL)
+PSA Multipart Set Nonce: ChaCha20 - Poly1305, NONCE = 0 (NULL)
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
 aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:0:"":"":PSA_ERROR_INVALID_ARGUMENT
 
-PSA Multipart Set Nonce: ChaCha20 - Poly1305, IV = 0 (Non-NULL)
+PSA Multipart Set Nonce: ChaCha20 - Poly1305, NONCE = 0 (Non-NULL)
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
 aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:-1:"":"":PSA_ERROR_INVALID_ARGUMENT
 
-PSA Multipart Set Nonce: ChaCha20 - Poly1305, IV = 16
+PSA Multipart Set Nonce: ChaCha20 - Poly1305, NONCE = 16
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
 aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:16:"":"":PSA_ERROR_INVALID_ARGUMENT
 

From 12acb6bb4c4136ee53876ee6e80948646d7abcd0 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Wed, 15 Sep 2021 17:45:22 +0100
Subject: [PATCH 514/966] Remove missed references to aead_verify from docs

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto_aead.h | 18 +++++-------------
 1 file changed, 5 insertions(+), 13 deletions(-)

diff --git a/library/psa_crypto_aead.h b/library/psa_crypto_aead.h
index 5ed26d002e..9b6b798b66 100644
--- a/library/psa_crypto_aead.h
+++ b/library/psa_crypto_aead.h
@@ -325,14 +325,6 @@ psa_status_t mbedtls_psa_aead_set_lengths(
  * If this function returns an error status, the PSA core will call
  * mbedtls_psa_aead_abort().
  *
- * \warning When decrypting, until mbedtls_psa_aead_verify() has returned
- *          #PSA_SUCCESS, there is no guarantee that the input is valid.
- *          Therefore, until you have called mbedtls_psa_aead_verify() and it
- *          has returned #PSA_SUCCESS, treat the input as untrusted and prepare
- *          to undo any action that depends on the input if
- *          mbedtls_psa_aead_verify() returns an error status.
- *
- *
  * \param[in,out] operation     Active AEAD operation.
  * \param[in] input             Buffer containing the fragment of
  *                              additional data.
@@ -370,9 +362,9 @@ psa_status_t mbedtls_psa_aead_update_ad(
  * particular block boundary. If the implementation can only process
  * a whole block at a time, it must consume all the input provided, but
  * it may delay the end of the corresponding output until a subsequent
- * call to mbedtls_psa_aead_update(), mbedtls_psa_aead_finish() or
- * mbedtls_psa_aead_verify() provides sufficient input. The amount of data that
- * can be delayed in this way is bounded by #PSA_AEAD_UPDATE_OUTPUT_SIZE.
+ * call to mbedtls_psa_aead_update(), mbedtls_psa_aead_finish() provides
+ * sufficient input. The amount of data that can be delayed in this way is
+ * bounded by #PSA_AEAD_UPDATE_OUTPUT_SIZE.
  *
  * \param[in,out] operation     Active AEAD operation.
  * \param[in] input             Buffer containing the message fragment to
@@ -501,8 +493,8 @@ psa_status_t mbedtls_psa_aead_finish(
  * been initialized as described in #mbedtls_psa_aead_operation_t.
  *
  * In particular, calling mbedtls_psa_aead_abort() after the operation has been
- * terminated by a call to mbedtls_psa_aead_abort(), mbedtls_psa_aead_finish()
- * or mbedtls_psa_aead_verify() is safe and has no effect.
+ * terminated by a call to mbedtls_psa_aead_abort() or
+ * mbedtls_psa_aead_finish() is safe and has no effect.
  *
  * \param[in,out] operation     Initialized AEAD operation.
  *

From eac6c757a27db9457b0f9301f4c0f654638b75d7 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Wed, 15 Sep 2021 19:08:27 +0100
Subject: [PATCH 515/966] Make nonce length check return error where it can

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto_aead.c | 16 ++++++----------
 1 file changed, 6 insertions(+), 10 deletions(-)

diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c
index 033dc82079..46eb1c9332 100644
--- a/library/psa_crypto_aead.c
+++ b/library/psa_crypto_aead.c
@@ -195,12 +195,10 @@ psa_status_t mbedtls_psa_aead_encrypt(
     }
     tag = ciphertext + plaintext_length;
 
-    if( mbedtls_aead_check_nonce_length( &operation, nonce_length )
-        != PSA_SUCCESS )
-    {
-        status = PSA_ERROR_NOT_SUPPORTED;
+    status = mbedtls_aead_check_nonce_length( &operation, nonce_length );
+
+    if( status != PSA_SUCCESS )
         goto exit;
-    }
 
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
     if( operation.alg == PSA_ALG_CCM )
@@ -310,12 +308,10 @@ psa_status_t mbedtls_psa_aead_decrypt(
     if( status != PSA_SUCCESS )
         goto exit;
 
-    if( mbedtls_aead_check_nonce_length( &operation, nonce_length )
-        != PSA_SUCCESS )
-    {
-        status = PSA_ERROR_NOT_SUPPORTED;
+    status = mbedtls_aead_check_nonce_length( &operation, nonce_length );
+
+    if( status != PSA_SUCCESS )
         goto exit;
-    }
 
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
     if( operation.alg == PSA_ALG_CCM )

From 6a60b12ef98a9ee3aa8b3863354da58118103745 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Thu, 16 Sep 2021 17:12:12 +0100
Subject: [PATCH 516/966] Make buffer size checks +-1 from correct size

i.e Check correct buffer size +1 and correct buffer size -1 (where
applicable) to check too big and too small cases, and hopefully catch
edge cases.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 tests/suites/test_suite_psa_crypto.data | 29 ++++++++++++++-----------
 1 file changed, 16 insertions(+), 13 deletions(-)

diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index 9e0b574dba..bdf1a52d15 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -2574,6 +2574,10 @@ PSA Multipart Nonce Generation, AES - GCM, NONCE = (Req 12 / Expect 12)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_generate_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):12:12:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS
 
+PSA Multipart Nonce Generation, AES - GCM, NONCE = (Req 11 / Expect 0)
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_generate_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):11:0:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_ERROR_BUFFER_TOO_SMALL
+
 PSA Multipart Nonce Generation, AES - GCM, NONCE = (Req 0 / Expect 0)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_generate_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):0:0:"":"":PSA_ERROR_BUFFER_TOO_SMALL
@@ -2586,9 +2590,9 @@ PSA Multipart Nonce Generation: ChaCha20 - Poly1305, NONCE = (Req 12 / Expect 12
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
 aead_multipart_generate_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:12:12:"50515253c0c1c2c3c4c5c6c7":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_SUCCESS
 
-PSA Multipart Nonce Generation: ChaCha20 - Poly1305, NONCE = (Req 8 / Expect 0)
+PSA Multipart Nonce Generation: ChaCha20 - Poly1305, NONCE = (Req 11 / Expect 0)
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
-aead_multipart_generate_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:8:0:"":"":PSA_ERROR_BUFFER_TOO_SMALL
+aead_multipart_generate_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:11:0:"":"":PSA_ERROR_BUFFER_TOO_SMALL
 
 PSA Multipart Nonce Generation: ChaCha20 - Poly1305, NONCE = (Req 0 / Expect 0)
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
@@ -2614,13 +2618,17 @@ PSA Multipart Set Nonce, AES - GCM, NONCE = 20
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):20:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS
 
+PSA Multipart Set Nonce: ChaCha20 - Poly1305, NONCE = 11
+depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
+aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:11:"50515253c0c1c2c3c4c5c6c7":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_ERROR_INVALID_ARGUMENT
+
 PSA Multipart Set Nonce: ChaCha20 - Poly1305, NONCE = 12
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
 aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:12:"50515253c0c1c2c3c4c5c6c7":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_SUCCESS
 
-PSA Multipart Set Nonce: ChaCha20 - Poly1305, NONCE = 8
+PSA Multipart Set Nonce: ChaCha20 - Poly1305, NONCE = 13
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
-aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:8:"":"":PSA_ERROR_INVALID_ARGUMENT
+aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:13:"50515253c0c1c2c3c4c5c6c7":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_ERROR_INVALID_ARGUMENT
 
 PSA Multipart Set Nonce: ChaCha20 - Poly1305, NONCE = 0 (NULL)
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
@@ -2630,21 +2638,17 @@ PSA Multipart Set Nonce: ChaCha20 - Poly1305, NONCE = 0 (Non-NULL)
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
 aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:-1:"":"":PSA_ERROR_INVALID_ARGUMENT
 
-PSA Multipart Set Nonce: ChaCha20 - Poly1305, NONCE = 16
-depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
-aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:16:"":"":PSA_ERROR_INVALID_ARGUMENT
-
-PSA AEAD output buffer test: AES - GCM, IN = 16, BUF = 10
+PSA AEAD output buffer test: AES - GCM, IN = 16, BUF = 15
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_update_buffer_test:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):10:"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":PSA_ERROR_BUFFER_TOO_SMALL
+aead_multipart_update_buffer_test:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):15:"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":PSA_ERROR_BUFFER_TOO_SMALL
 
 PSA AEAD output buffer test: AES - GCM, IN = 16, BUF = 16
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_update_buffer_test:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):16:"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":PSA_SUCCESS
 
-PSA AEAD output buffer test: ChaCha20 - Poly1305 IN = 130, BUF = 10
+PSA AEAD output buffer test: ChaCha20 - Poly1305 IN = 130, BUF = 129
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
-aead_multipart_update_buffer_test:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:10:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":PSA_ERROR_BUFFER_TOO_SMALL
+aead_multipart_update_buffer_test:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:129:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":PSA_ERROR_BUFFER_TOO_SMALL
 
 PSA AEAD output buffer test: ChaCha20 - Poly1305 IN = 130, BUF = 130
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
@@ -2678,7 +2682,6 @@ PSA AEAD finish buffer test: ChaCha20 - Poly1305, BUF = 0, TAG = 0
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
 aead_multipart_finish_buffer_test:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:0:0:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":PSA_ERROR_BUFFER_TOO_SMALL
 
-
 PSA Multipart State Checks, AES - GCM
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_state_test:PSA_KEY_TYPE_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":PSA_ALG_GCM:"000102030405060708090A0B0C0D0E0F":"000102030405060708090A0B":"0C0D0E0F101112131415161718191A1B1C1D1E"

From ce2c1faf1a8ffd5c3f2a03e58c683e7fdbfdd4d7 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Thu, 16 Sep 2021 17:56:23 +0100
Subject: [PATCH 517/966] Remove uneccesary postive buffer size tests

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 tests/suites/test_suite_psa_crypto.data | 8 --------
 1 file changed, 8 deletions(-)

diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index bdf1a52d15..cac6c68562 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -2642,18 +2642,10 @@ PSA AEAD output buffer test: AES - GCM, IN = 16, BUF = 15
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_update_buffer_test:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):15:"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":PSA_ERROR_BUFFER_TOO_SMALL
 
-PSA AEAD output buffer test: AES - GCM, IN = 16, BUF = 16
-depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_update_buffer_test:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):16:"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":PSA_SUCCESS
-
 PSA AEAD output buffer test: ChaCha20 - Poly1305 IN = 130, BUF = 129
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
 aead_multipart_update_buffer_test:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:129:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":PSA_ERROR_BUFFER_TOO_SMALL
 
-PSA AEAD output buffer test: ChaCha20 - Poly1305 IN = 130, BUF = 130
-depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
-aead_multipart_update_buffer_test:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:130:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":PSA_SUCCESS
-
 PSA AEAD finish buffer test: AES - GCM, BUF = 8, TAG = 16
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_finish_buffer_test:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):8:16:"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":PSA_ERROR_BUFFER_TOO_SMALL

From fd0c154ce367f39f64d634e77945dc5437a3729f Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Fri, 17 Sep 2021 18:03:52 +0100
Subject: [PATCH 518/966] Add tests to oversend  data/ad when lengths set

Previous tests only tested when the expected lengths were set to zero.
New test sends all data/ad then goes over by one byte.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 tests/suites/test_suite_psa_crypto.function | 41 +++++++++++++++++++++
 1 file changed, 41 insertions(+)

diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index f9f013a227..b6d52f7d66 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -4467,6 +4467,24 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data,
 
     psa_aead_abort( &operation );
 
+    operation = psa_aead_operation_init( );
+
+    PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) );
+
+    PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) );
+
+    PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len,
+                                      input_data->len ) );
+
+    PSA_ASSERT( psa_aead_update_ad( &operation, additional_data->x,
+                                    additional_data->len ) );
+
+    TEST_EQUAL( psa_aead_update_ad( &operation, additional_data->x,
+                                    1 ),
+                PSA_ERROR_INVALID_ARGUMENT );
+
+    psa_aead_abort( &operation );
+
     /* Test for sending too much data after setting lengths. */
 
     operation = psa_aead_operation_init( );
@@ -4484,6 +4502,29 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data,
 
     psa_aead_abort( &operation );
 
+    operation = psa_aead_operation_init( );
+
+    PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) );
+
+    PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) );
+
+    PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len,
+                                      input_data->len ) );
+
+    PSA_ASSERT( psa_aead_update_ad( &operation, additional_data->x,
+                                    additional_data->len ) );
+
+    PSA_ASSERT( psa_aead_update( &operation, input_data->x,
+                                 input_data->len, output_data,
+                                 output_size, &output_length ) );
+
+    TEST_EQUAL( psa_aead_update( &operation, input_data->x,
+                                 1, output_data,
+                                 output_size, &output_length ),
+                PSA_ERROR_INVALID_ARGUMENT );
+
+    psa_aead_abort( &operation );
+
     /* Test sending additional data after data. */
 
     operation = psa_aead_operation_init( );

From 9961a668bd5885d0261985b558d6f813eec16547 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Fri, 17 Sep 2021 19:19:02 +0100
Subject: [PATCH 519/966] Remove negative tests from multipart_decrypt

Multipart decrypt now always expects positive result (i.e. the plaintext
that is passed in). Added new test that expects fail, and does no
multipart versions and concentrates on aead_verify.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 tests/suites/test_suite_psa_crypto.data     | 176 ++++++++++----------
 tests/suites/test_suite_psa_crypto.function | 118 ++++++++++---
 2 files changed, 175 insertions(+), 119 deletions(-)

diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index cac6c68562..645fe2af3c 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -2310,221 +2310,205 @@ PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=16, AAD=48, TA
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_encrypt:PSA_KEY_TYPE_AES:"2e6942d537f1a98444c2f9dbdb5d8db42a503a00a17b57d516399569e044a703":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"7eb67721581ed52cfcfc2c4d":"a96cc73451502c7278b467ac85d5fc14fc1a2f51bc685645b173f0cd9af02d383095de063e6eaa50374ce9bc951e9e61":0:"e5f410fe939e79b7ad33fbd3aaf5856f":1:1:"727f5e19a5582e5782bbbe73517f0c04c492319abf12b03b380724ff1483a3"
 
-PSA Multipart AEAD decrypt, AES-GCM, 144 bytes #1
+PSA Multipart AEAD decrypt, AES - GCM, 144 bytes #1
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826"
 
-PSA Multipart AEAD decrypt, AES-GCM, 144 bytes #1 (lengths set)
+PSA Multipart AEAD decrypt, AES - GCM, 144 bytes #1 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826"
 
-PSA Multipart AEAD decrypt, AES-GCM, 144 bytes #2
+PSA Multipart AEAD decrypt, AES - GCM, 144 bytes #2
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":0:"12495120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56":1:0:"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":1
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":0:"12495120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56":1:0:"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013"
 
-PSA Multipart AEAD decrypt, AES-GCM, 144 bytes #2 (lengths set)
+PSA Multipart AEAD decrypt, AES - GCM, 144 bytes #2 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":0:"12495120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56":1:1:"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":1
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":0:"12495120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56":1:1:"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013"
 
-PSA Multipart AEAD decrypt, AES-GCM, 144 bytes, T=4
+PSA Multipart AEAD decrypt, AES - GCM, 144 bytes, T = 4
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847f":1:0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,4):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847f":1:0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826"
 
-PSA Multipart AEAD decrypt, AES-GCM, 144 bytes, T=4 (lengths set)
+PSA Multipart AEAD decrypt, AES - GCM, 144 bytes, T = 4 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847f":1:1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,4):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847f":1:1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826"
 
-PSA Multipart AEAD decrypt, AES-GCM, 144 bytes, T=15
+PSA Multipart AEAD decrypt, AES - GCM, 144 bytes, T = 15
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a":1:0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,15):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a":1:0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826"
 
-PSA Multipart AEAD decrypt, AES-GCM, 144 bytes, T=15 (lengths set)
+PSA Multipart AEAD decrypt, AES - GCM, 144 bytes, T = 15 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a":1:1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,15):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a":1:1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826"
 
 PSA Multipart AEAD decrypt, AES-GCM, 144 bytes, T=16
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826"
 
 PSA Multipart AEAD decrypt, AES-GCM, 144 bytes, T=16 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1
-
-PSA Multipart AEAD decrypt, AES-GCM, invalid signature
-depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":0:"12195120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56":1:0:"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":0
-
-PSA Multipart AEAD decrypt, AES-GCM, T=15 but passing 16 bytes
-depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":0
-
-PSA Multipart AEAD decrypt: AES-GCM, invalid tag length 0
-depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 0 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":0:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":1:0:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":0
-
-PSA Multipart AEAD decrypt: AES-GCM, invalid tag length 2
-depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 2 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":0:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":1:0:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":0
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826"
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=0, AAD=0, TAG=16
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"0e5d6e68f82f32bea3f0b69498c1a31ef6d955cd3d27a2a8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"caf72ee1e62e1001e8cfbc63":"":0:"db1a74ffb5f7de26f5742e0942b1b9cb":1:0:"":1
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"0e5d6e68f82f32bea3f0b69498c1a31ef6d955cd3d27a2a8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"caf72ee1e62e1001e8cfbc63":"":0:"db1a74ffb5f7de26f5742e0942b1b9cb":1:0:""
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=0, AAD=0, TAG=16 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"0e5d6e68f82f32bea3f0b69498c1a31ef6d955cd3d27a2a8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"caf72ee1e62e1001e8cfbc63":"":0:"db1a74ffb5f7de26f5742e0942b1b9cb":1:1:"":1
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"0e5d6e68f82f32bea3f0b69498c1a31ef6d955cd3d27a2a8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"caf72ee1e62e1001e8cfbc63":"":0:"db1a74ffb5f7de26f5742e0942b1b9cb":1:1:""
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=0, AAD=48, TAG=14
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e79fb7defce4f650402e6b521170686d3eb2a0b9514f3a64":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"40e0d2d836c0519e7042419b":"41c5b5d971c0723bc1b63a259fe7e06c2961de1241bc34c13965f43636e4da3da8c75ed5956abe3a42f3039af005925a":0:"434ff68f2436f48418fd69f52158":1:0:"":1
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e79fb7defce4f650402e6b521170686d3eb2a0b9514f3a64":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"40e0d2d836c0519e7042419b":"41c5b5d971c0723bc1b63a259fe7e06c2961de1241bc34c13965f43636e4da3da8c75ed5956abe3a42f3039af005925a":0:"434ff68f2436f48418fd69f52158":1:0:""
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=0, AAD=48, TAG=14 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e79fb7defce4f650402e6b521170686d3eb2a0b9514f3a64":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"40e0d2d836c0519e7042419b":"41c5b5d971c0723bc1b63a259fe7e06c2961de1241bc34c13965f43636e4da3da8c75ed5956abe3a42f3039af005925a":0:"434ff68f2436f48418fd69f52158":1:1:"":1
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e79fb7defce4f650402e6b521170686d3eb2a0b9514f3a64":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"40e0d2d836c0519e7042419b":"41c5b5d971c0723bc1b63a259fe7e06c2961de1241bc34c13965f43636e4da3da8c75ed5956abe3a42f3039af005925a":0:"434ff68f2436f48418fd69f52158":1:1:""
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=0, TAG=15
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e41d1f533d5b342ffe434b94b1372683bfd5d9d8cb79f9ee":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"5fe11a596dfcd3a305c1d711":"":0:"1847f64fff986476d1d2f758692f856da4a0ff98c0c1101694c84fd86680c9":1:0:"b03c2c20f758a93a8d1220232ad87098":1
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e41d1f533d5b342ffe434b94b1372683bfd5d9d8cb79f9ee":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"5fe11a596dfcd3a305c1d711":"":0:"1847f64fff986476d1d2f758692f856da4a0ff98c0c1101694c84fd86680c9":1:0:"b03c2c20f758a93a8d1220232ad87098"
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=0, TAG=15 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e41d1f533d5b342ffe434b94b1372683bfd5d9d8cb79f9ee":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"5fe11a596dfcd3a305c1d711":"":0:"1847f64fff986476d1d2f758692f856da4a0ff98c0c1101694c84fd86680c9":1:1:"b03c2c20f758a93a8d1220232ad87098":1
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e41d1f533d5b342ffe434b94b1372683bfd5d9d8cb79f9ee":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"5fe11a596dfcd3a305c1d711":"":0:"1847f64fff986476d1d2f758692f856da4a0ff98c0c1101694c84fd86680c9":1:1:"b03c2c20f758a93a8d1220232ad87098"
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=20, TAG=15
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"8e7da473c057a2a4669a0d22bf9b7c9913fba48930ca0c9b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"f9ff8ef80d76c50f9ca0e9ff":"f141bae18a1b54f065554fd34aa02c91c90f505c":0:"5deb093b6e7c766a64bb9d5170af1ff8bf130b64eebdce06a9bdb2cf1da15a":1:0:"b22b2dcdcc18adc30d16297b84b459d8":1
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"8e7da473c057a2a4669a0d22bf9b7c9913fba48930ca0c9b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"f9ff8ef80d76c50f9ca0e9ff":"f141bae18a1b54f065554fd34aa02c91c90f505c":0:"5deb093b6e7c766a64bb9d5170af1ff8bf130b64eebdce06a9bdb2cf1da15a":1:0:"b22b2dcdcc18adc30d16297b84b459d8"
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=20, TAG=15 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"8e7da473c057a2a4669a0d22bf9b7c9913fba48930ca0c9b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"f9ff8ef80d76c50f9ca0e9ff":"f141bae18a1b54f065554fd34aa02c91c90f505c":0:"5deb093b6e7c766a64bb9d5170af1ff8bf130b64eebdce06a9bdb2cf1da15a":1:1:"b22b2dcdcc18adc30d16297b84b459d8":1
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"8e7da473c057a2a4669a0d22bf9b7c9913fba48930ca0c9b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"f9ff8ef80d76c50f9ca0e9ff":"f141bae18a1b54f065554fd34aa02c91c90f505c":0:"5deb093b6e7c766a64bb9d5170af1ff8bf130b64eebdce06a9bdb2cf1da15a":1:1:"b22b2dcdcc18adc30d16297b84b459d8"
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=48, TAG=12
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"01bf150add51bb11623e3bfbebd62a7ea81c5b192b8eb6de":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"dfacbc6791b785d324c646b7":"e35412a625324257bef35399a7eacca34fec2d2d24166e6bb3e94d96f5c57599ded45e2a74503f07116caa1692398a07":0:"77579db3c6da769e17731faac4732d7cce65d960a49f94f6b583e54a":1:0:"7e5fd8b595ddc4753676107951d900e2":1
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"01bf150add51bb11623e3bfbebd62a7ea81c5b192b8eb6de":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"dfacbc6791b785d324c646b7":"e35412a625324257bef35399a7eacca34fec2d2d24166e6bb3e94d96f5c57599ded45e2a74503f07116caa1692398a07":0:"77579db3c6da769e17731faac4732d7cce65d960a49f94f6b583e54a":1:0:"7e5fd8b595ddc4753676107951d900e2"
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=48, TAG=12 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"01bf150add51bb11623e3bfbebd62a7ea81c5b192b8eb6de":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"dfacbc6791b785d324c646b7":"e35412a625324257bef35399a7eacca34fec2d2d24166e6bb3e94d96f5c57599ded45e2a74503f07116caa1692398a07":0:"77579db3c6da769e17731faac4732d7cce65d960a49f94f6b583e54a":1:1:"7e5fd8b595ddc4753676107951d900e2":1
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"01bf150add51bb11623e3bfbebd62a7ea81c5b192b8eb6de":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"dfacbc6791b785d324c646b7":"e35412a625324257bef35399a7eacca34fec2d2d24166e6bb3e94d96f5c57599ded45e2a74503f07116caa1692398a07":0:"77579db3c6da769e17731faac4732d7cce65d960a49f94f6b583e54a":1:1:"7e5fd8b595ddc4753676107951d900e2"
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=48, TAG=8
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"551266c4ed166fe1c43761927801ed50cb9c0b3864fc97df":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"e711afbeccd567f866340abb":"562d1697237ebc563941076d459727dfa094eb9ac00d30ed5836825d163dd27517c7660a01056b2d868c7fc5d0343830":0:"2b54cc27f6ee71882e8b1ead207d2b042d262e87eac97b58":1:0:"37245449db8f72b1ecdb420f629d3d80":1
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"551266c4ed166fe1c43761927801ed50cb9c0b3864fc97df":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"e711afbeccd567f866340abb":"562d1697237ebc563941076d459727dfa094eb9ac00d30ed5836825d163dd27517c7660a01056b2d868c7fc5d0343830":0:"2b54cc27f6ee71882e8b1ead207d2b042d262e87eac97b58":1:0:"37245449db8f72b1ecdb420f629d3d80"
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=48, TAG=8 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"551266c4ed166fe1c43761927801ed50cb9c0b3864fc97df":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"e711afbeccd567f866340abb":"562d1697237ebc563941076d459727dfa094eb9ac00d30ed5836825d163dd27517c7660a01056b2d868c7fc5d0343830":0:"2b54cc27f6ee71882e8b1ead207d2b042d262e87eac97b58":1:1:"37245449db8f72b1ecdb420f629d3d80":1
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"551266c4ed166fe1c43761927801ed50cb9c0b3864fc97df":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"e711afbeccd567f866340abb":"562d1697237ebc563941076d459727dfa094eb9ac00d30ed5836825d163dd27517c7660a01056b2d868c7fc5d0343830":0:"2b54cc27f6ee71882e8b1ead207d2b042d262e87eac97b58":1:1:"37245449db8f72b1ecdb420f629d3d80"
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=0, TAG=15
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"78fa4a2a5b5b1b1d9580ea527f2e1653e9336e15cc5462f5":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"98b774f7110e0bea624b487f":"":0:"a642aabed8b99e15e297ee705a40c3e2e506cb889727b327b7e044a8":1:0:"496909523f574b205d757659c5":1
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"78fa4a2a5b5b1b1d9580ea527f2e1653e9336e15cc5462f5":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"98b774f7110e0bea624b487f":"":0:"a642aabed8b99e15e297ee705a40c3e2e506cb889727b327b7e044a8":1:0:"496909523f574b205d757659c5"
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=0, TAG=15 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"78fa4a2a5b5b1b1d9580ea527f2e1653e9336e15cc5462f5":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"98b774f7110e0bea624b487f":"":0:"a642aabed8b99e15e297ee705a40c3e2e506cb889727b327b7e044a8":1:1:"496909523f574b205d757659c5":1
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"78fa4a2a5b5b1b1d9580ea527f2e1653e9336e15cc5462f5":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"98b774f7110e0bea624b487f":"":0:"a642aabed8b99e15e297ee705a40c3e2e506cb889727b327b7e044a8":1:1:"496909523f574b205d757659c5"
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=16, TAG=15
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"61f4c2e55d729c4657e503dfe2b604e2853675dbdeb0982a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"0c4d5548aa2d8d54964e1e63":"5affdf8886dabb14790aff3dbfcbdd80":0:"0d4eacc3db304f46cb7a9eba6ec105bf86d9dc0639b7cebbd5260f47":1:0:"b6e056de521a27266dffbc0d96":1
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"61f4c2e55d729c4657e503dfe2b604e2853675dbdeb0982a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"0c4d5548aa2d8d54964e1e63":"5affdf8886dabb14790aff3dbfcbdd80":0:"0d4eacc3db304f46cb7a9eba6ec105bf86d9dc0639b7cebbd5260f47":1:0:"b6e056de521a27266dffbc0d96"
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=16, TAG=15 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"61f4c2e55d729c4657e503dfe2b604e2853675dbdeb0982a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"0c4d5548aa2d8d54964e1e63":"5affdf8886dabb14790aff3dbfcbdd80":0:"0d4eacc3db304f46cb7a9eba6ec105bf86d9dc0639b7cebbd5260f47":1:1:"b6e056de521a27266dffbc0d96":1
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"61f4c2e55d729c4657e503dfe2b604e2853675dbdeb0982a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"0c4d5548aa2d8d54964e1e63":"5affdf8886dabb14790aff3dbfcbdd80":0:"0d4eacc3db304f46cb7a9eba6ec105bf86d9dc0639b7cebbd5260f47":1:1:"b6e056de521a27266dffbc0d96"
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=20, TAG=13
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"73245c4f115a74fe71d6fefb9094c57c75f28033a3c7372b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"536a82485999b93b0bb7ef24":"64dcad870a42eeec0730fd7a7e4154638a85d739":0:"29333e87bfe65d0e37da2936f695824d4e3f37fab3b8e2b868f6":1:0:"f6d56f8c86f27d957fa63aea22":1
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"73245c4f115a74fe71d6fefb9094c57c75f28033a3c7372b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"536a82485999b93b0bb7ef24":"64dcad870a42eeec0730fd7a7e4154638a85d739":0:"29333e87bfe65d0e37da2936f695824d4e3f37fab3b8e2b868f6":1:0:"f6d56f8c86f27d957fa63aea22"
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=20, TAG=13 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"73245c4f115a74fe71d6fefb9094c57c75f28033a3c7372b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"536a82485999b93b0bb7ef24":"64dcad870a42eeec0730fd7a7e4154638a85d739":0:"29333e87bfe65d0e37da2936f695824d4e3f37fab3b8e2b868f6":1:1:"f6d56f8c86f27d957fa63aea22":1
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"73245c4f115a74fe71d6fefb9094c57c75f28033a3c7372b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"536a82485999b93b0bb7ef24":"64dcad870a42eeec0730fd7a7e4154638a85d739":0:"29333e87bfe65d0e37da2936f695824d4e3f37fab3b8e2b868f6":1:1:"f6d56f8c86f27d957fa63aea22"
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=48, TAG=4
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"9002e74638e09dd1f091439518e1460cdd5905bd9e1a37ae":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"76c81a95d24be5c8bac63b50":"aa3ae4531aaac8f3eb07f748712c55a680bc8df5cf845edc66d09049500b41688b8023f5746879b45bdd586af29c4ede":0:"31bf37acbc53ca3fdbc9e5eaaebbb85a7f":1:0:"bd94b34511bc65ae47684805cb":1
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"9002e74638e09dd1f091439518e1460cdd5905bd9e1a37ae":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"76c81a95d24be5c8bac63b50":"aa3ae4531aaac8f3eb07f748712c55a680bc8df5cf845edc66d09049500b41688b8023f5746879b45bdd586af29c4ede":0:"31bf37acbc53ca3fdbc9e5eaaebbb85a7f":1:0:"bd94b34511bc65ae47684805cb"
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=48, TAG=4 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"9002e74638e09dd1f091439518e1460cdd5905bd9e1a37ae":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"76c81a95d24be5c8bac63b50":"aa3ae4531aaac8f3eb07f748712c55a680bc8df5cf845edc66d09049500b41688b8023f5746879b45bdd586af29c4ede":0:"31bf37acbc53ca3fdbc9e5eaaebbb85a7f":1:1:"bd94b34511bc65ae47684805cb":1
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"9002e74638e09dd1f091439518e1460cdd5905bd9e1a37ae":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"76c81a95d24be5c8bac63b50":"aa3ae4531aaac8f3eb07f748712c55a680bc8df5cf845edc66d09049500b41688b8023f5746879b45bdd586af29c4ede":0:"31bf37acbc53ca3fdbc9e5eaaebbb85a7f":1:1:"bd94b34511bc65ae47684805cb"
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=0, TAG=16
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f5a2b27c74355872eb3ef6c5feafaa740e6ae990d9d48c3bd9bb8235e589f010":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"58d2240f580a31c1d24948e9":"":0:"15e051a5e4a5f5da6cea92e2ebee5bac":1:0:"":1
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f5a2b27c74355872eb3ef6c5feafaa740e6ae990d9d48c3bd9bb8235e589f010":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"58d2240f580a31c1d24948e9":"":0:"15e051a5e4a5f5da6cea92e2ebee5bac":1:0:""
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=0, TAG=16 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f5a2b27c74355872eb3ef6c5feafaa740e6ae990d9d48c3bd9bb8235e589f010":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"58d2240f580a31c1d24948e9":"":0:"15e051a5e4a5f5da6cea92e2ebee5bac":1:1:"":1
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f5a2b27c74355872eb3ef6c5feafaa740e6ae990d9d48c3bd9bb8235e589f010":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"58d2240f580a31c1d24948e9":"":0:"15e051a5e4a5f5da6cea92e2ebee5bac":1:1:""
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=16, TAG=15
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"3395a1485315c5b5e6353acb05ae9499c440a2e9f5c57494662f827235ea314c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"3b7e632571602456b49880f0":"f283f80226dacb69c8af089ec6b59e81":0:"84c8beff4b0d160ee68ac613097f51":1:0:"":1
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"3395a1485315c5b5e6353acb05ae9499c440a2e9f5c57494662f827235ea314c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"3b7e632571602456b49880f0":"f283f80226dacb69c8af089ec6b59e81":0:"84c8beff4b0d160ee68ac613097f51":1:0:""
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=16, TAG=15 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"3395a1485315c5b5e6353acb05ae9499c440a2e9f5c57494662f827235ea314c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"3b7e632571602456b49880f0":"f283f80226dacb69c8af089ec6b59e81":0:"84c8beff4b0d160ee68ac613097f51":1:1:"":1
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"3395a1485315c5b5e6353acb05ae9499c440a2e9f5c57494662f827235ea314c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"3b7e632571602456b49880f0":"f283f80226dacb69c8af089ec6b59e81":0:"84c8beff4b0d160ee68ac613097f51":1:1:""
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=20, TAG=15
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4dc46ca55c1c1fcb4720c274c0e675c2ac5bf93d8dd5e951ca9f6b61f884edc9":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"6473ab77dc885127422f5594":"e2cf8172ab4cf77eba45cd2c8ff939b938080a90":0:"8d6351f18d873242204c20144e2b83":1:0:"":1
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4dc46ca55c1c1fcb4720c274c0e675c2ac5bf93d8dd5e951ca9f6b61f884edc9":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"6473ab77dc885127422f5594":"e2cf8172ab4cf77eba45cd2c8ff939b938080a90":0:"8d6351f18d873242204c20144e2b83":1:0:""
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=20, TAG=15 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4dc46ca55c1c1fcb4720c274c0e675c2ac5bf93d8dd5e951ca9f6b61f884edc9":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"6473ab77dc885127422f5594":"e2cf8172ab4cf77eba45cd2c8ff939b938080a90":0:"8d6351f18d873242204c20144e2b83":1:1:"":1
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4dc46ca55c1c1fcb4720c274c0e675c2ac5bf93d8dd5e951ca9f6b61f884edc9":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"6473ab77dc885127422f5594":"e2cf8172ab4cf77eba45cd2c8ff939b938080a90":0:"8d6351f18d873242204c20144e2b83":1:1:""
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=48, TAG=14
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a7f95798434f9a0fe6fd8acd30b8bad96dbdcfacee4594f01cbf26479be7d154":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"9ef5a77b02137b46e8461d09":"5595a16fa12d4dcdba6b128480dce2d39c1211c3fb6068cde6013f6a80dfcda5eb92af8879e40ee9c177fd0e446fc8ca":0:"3bfd3d99fe2063e8ef8255519fe0":1:0:"":1
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a7f95798434f9a0fe6fd8acd30b8bad96dbdcfacee4594f01cbf26479be7d154":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"9ef5a77b02137b46e8461d09":"5595a16fa12d4dcdba6b128480dce2d39c1211c3fb6068cde6013f6a80dfcda5eb92af8879e40ee9c177fd0e446fc8ca":0:"3bfd3d99fe2063e8ef8255519fe0":1:0:""
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=48, TAG=14 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a7f95798434f9a0fe6fd8acd30b8bad96dbdcfacee4594f01cbf26479be7d154":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"9ef5a77b02137b46e8461d09":"5595a16fa12d4dcdba6b128480dce2d39c1211c3fb6068cde6013f6a80dfcda5eb92af8879e40ee9c177fd0e446fc8ca":0:"3bfd3d99fe2063e8ef8255519fe0":1:1:"":1
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a7f95798434f9a0fe6fd8acd30b8bad96dbdcfacee4594f01cbf26479be7d154":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"9ef5a77b02137b46e8461d09":"5595a16fa12d4dcdba6b128480dce2d39c1211c3fb6068cde6013f6a80dfcda5eb92af8879e40ee9c177fd0e446fc8ca":0:"3bfd3d99fe2063e8ef8255519fe0":1:1:""
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=0, TAG=16
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4c8ebfe1444ec1b2d503c6986659af2c94fafe945f72c1e8486a5acfedb8a0f8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"473360e0ad24889959858995":"":0:"d2c78110ac7e8f107c0df0570bd7c90cc26a379b6d98ef2852ead8ce83a833a7":1:0:"7789b41cb3ee548814ca0b388c10b343":1
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4c8ebfe1444ec1b2d503c6986659af2c94fafe945f72c1e8486a5acfedb8a0f8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"473360e0ad24889959858995":"":0:"d2c78110ac7e8f107c0df0570bd7c90cc26a379b6d98ef2852ead8ce83a833a7":1:0:"7789b41cb3ee548814ca0b388c10b343"
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=0, TAG=16 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4c8ebfe1444ec1b2d503c6986659af2c94fafe945f72c1e8486a5acfedb8a0f8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"473360e0ad24889959858995":"":0:"d2c78110ac7e8f107c0df0570bd7c90cc26a379b6d98ef2852ead8ce83a833a7":1:1:"7789b41cb3ee548814ca0b388c10b343":1
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4c8ebfe1444ec1b2d503c6986659af2c94fafe945f72c1e8486a5acfedb8a0f8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"473360e0ad24889959858995":"":0:"d2c78110ac7e8f107c0df0570bd7c90cc26a379b6d98ef2852ead8ce83a833a7":1:1:"7789b41cb3ee548814ca0b388c10b343"
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=0, TAG=4
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"57805f98aae1b8b64bb49756529ab8181b3ada674a90c55422e9eb26c48bcd7b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"9735945d8ca161777206632a":"":0:"58375442ab1c0e6a8952c83d128d9fc5f45bb315":1:0:"4860116a6d2deb9bf794bfd6ac5bbbd6":1
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"57805f98aae1b8b64bb49756529ab8181b3ada674a90c55422e9eb26c48bcd7b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"9735945d8ca161777206632a":"":0:"58375442ab1c0e6a8952c83d128d9fc5f45bb315":1:0:"4860116a6d2deb9bf794bfd6ac5bbbd6"
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=0, TAG=4 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"57805f98aae1b8b64bb49756529ab8181b3ada674a90c55422e9eb26c48bcd7b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"9735945d8ca161777206632a":"":0:"58375442ab1c0e6a8952c83d128d9fc5f45bb315":1:1:"4860116a6d2deb9bf794bfd6ac5bbbd6":1
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"57805f98aae1b8b64bb49756529ab8181b3ada674a90c55422e9eb26c48bcd7b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"9735945d8ca161777206632a":"":0:"58375442ab1c0e6a8952c83d128d9fc5f45bb315":1:1:"4860116a6d2deb9bf794bfd6ac5bbbd6"
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=16, TAG=8
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f913bb823a1d0c10b0b72d56866907b893f2266f15de1abc17f93600824db55a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"d4fe686a14592b6ca1bd6b42":"e35d880c1c53688eb83869de9dd8a473":0:"35af9b502ea6b56269f896bf98affdd59c2aa418b38bc7fd":1:0:"ff426dd751190ff826e8b4a0792d746e":1
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f913bb823a1d0c10b0b72d56866907b893f2266f15de1abc17f93600824db55a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"d4fe686a14592b6ca1bd6b42":"e35d880c1c53688eb83869de9dd8a473":0:"35af9b502ea6b56269f896bf98affdd59c2aa418b38bc7fd":1:0:"ff426dd751190ff826e8b4a0792d746e"
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=16, TAG=8 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f913bb823a1d0c10b0b72d56866907b893f2266f15de1abc17f93600824db55a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"d4fe686a14592b6ca1bd6b42":"e35d880c1c53688eb83869de9dd8a473":0:"35af9b502ea6b56269f896bf98affdd59c2aa418b38bc7fd":1:1:"ff426dd751190ff826e8b4a0792d746e":1
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f913bb823a1d0c10b0b72d56866907b893f2266f15de1abc17f93600824db55a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"d4fe686a14592b6ca1bd6b42":"e35d880c1c53688eb83869de9dd8a473":0:"35af9b502ea6b56269f896bf98affdd59c2aa418b38bc7fd":1:1:"ff426dd751190ff826e8b4a0792d746e"
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=20, TAG=14
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"74e9d9d7cd0728cea94e169af485f21f9d2447e022f16008f803dcf5c4f7cc0c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"ecba39edc96667da726122c0":"ae9ab021f86f5b81bb2e0fcbd4b855e1501e9f82":0:"e5745ce0e02dbba05363b548c3ac7047eacca7e61db6f72fc9b9e5bdb2bb":1:0:"0a0b284515694188b6b6c15bc8a09036":1
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"74e9d9d7cd0728cea94e169af485f21f9d2447e022f16008f803dcf5c4f7cc0c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"ecba39edc96667da726122c0":"ae9ab021f86f5b81bb2e0fcbd4b855e1501e9f82":0:"e5745ce0e02dbba05363b548c3ac7047eacca7e61db6f72fc9b9e5bdb2bb":1:0:"0a0b284515694188b6b6c15bc8a09036"
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=20, TAG=14 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"74e9d9d7cd0728cea94e169af485f21f9d2447e022f16008f803dcf5c4f7cc0c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"ecba39edc96667da726122c0":"ae9ab021f86f5b81bb2e0fcbd4b855e1501e9f82":0:"e5745ce0e02dbba05363b548c3ac7047eacca7e61db6f72fc9b9e5bdb2bb":1:1:"0a0b284515694188b6b6c15bc8a09036":1
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"74e9d9d7cd0728cea94e169af485f21f9d2447e022f16008f803dcf5c4f7cc0c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"ecba39edc96667da726122c0":"ae9ab021f86f5b81bb2e0fcbd4b855e1501e9f82":0:"e5745ce0e02dbba05363b548c3ac7047eacca7e61db6f72fc9b9e5bdb2bb":1:1:"0a0b284515694188b6b6c15bc8a09036"
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=13, AAD=0, TAG=14
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"60667fce64b8c7169ddf45f335e46951248f69abc4e0f4f292d0ffe3dfd5219f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"1057322a39f08ef761c3c8fc":"":0:"501b033c841acb430c52d88fe9cb44c751f2f1641d1e801a534ac8":1:0:"f386b28e7eb4c2fb8eb5dc66a2":1
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"60667fce64b8c7169ddf45f335e46951248f69abc4e0f4f292d0ffe3dfd5219f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"1057322a39f08ef761c3c8fc":"":0:"501b033c841acb430c52d88fe9cb44c751f2f1641d1e801a534ac8":1:0:"f386b28e7eb4c2fb8eb5dc66a2"
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=13, AAD=0, TAG=14 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"60667fce64b8c7169ddf45f335e46951248f69abc4e0f4f292d0ffe3dfd5219f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"1057322a39f08ef761c3c8fc":"":0:"501b033c841acb430c52d88fe9cb44c751f2f1641d1e801a534ac8":1:1:"f386b28e7eb4c2fb8eb5dc66a2":1
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"60667fce64b8c7169ddf45f335e46951248f69abc4e0f4f292d0ffe3dfd5219f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"1057322a39f08ef761c3c8fc":"":0:"501b033c841acb430c52d88fe9cb44c751f2f1641d1e801a534ac8":1:1:"f386b28e7eb4c2fb8eb5dc66a2"
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=13, AAD=20, TAG=15
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e67590da399cbcdcddcc56110562ade8665b50287a8ab38e8b9ee7520531b560":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"2c36ab6b686a66fba1805196":"823493d42f4f60b2d1433ad75eccaafd7e7c7d12":0:"cff6b6f03c67152f3ce1030653d9bd9a6559f5b04b48d77c2a1fc364":1:0:"da1c61fbfcdb73445ad4c7d889":1
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e67590da399cbcdcddcc56110562ade8665b50287a8ab38e8b9ee7520531b560":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"2c36ab6b686a66fba1805196":"823493d42f4f60b2d1433ad75eccaafd7e7c7d12":0:"cff6b6f03c67152f3ce1030653d9bd9a6559f5b04b48d77c2a1fc364":1:0:"da1c61fbfcdb73445ad4c7d889"
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=13, AAD=20, TAG=15 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e67590da399cbcdcddcc56110562ade8665b50287a8ab38e8b9ee7520531b560":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"2c36ab6b686a66fba1805196":"823493d42f4f60b2d1433ad75eccaafd7e7c7d12":0:"cff6b6f03c67152f3ce1030653d9bd9a6559f5b04b48d77c2a1fc364":1:1:"da1c61fbfcdb73445ad4c7d889":1
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e67590da399cbcdcddcc56110562ade8665b50287a8ab38e8b9ee7520531b560":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"2c36ab6b686a66fba1805196":"823493d42f4f60b2d1433ad75eccaafd7e7c7d12":0:"cff6b6f03c67152f3ce1030653d9bd9a6559f5b04b48d77c2a1fc364":1:1:"da1c61fbfcdb73445ad4c7d889"
 
 PSA Multipart AEAD encrypt: ChaCha20-Poly1305 (RFC7539)
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
@@ -2542,33 +2526,41 @@ PSA Multipart AEAD encrypt: ChaCha20-Poly1305 (zero-length input) (lengths set)
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
 aead_multipart_encrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"":1:"":1:1:"a0784d7a4716f3feb4f64e7f4b39bf04"
 
-PSA Multipart AEAD decrypt: ChaCha20-Poly1305 (RFC7539, good tag)
+PSA Multipart AEAD decrypt: ChaCha20 - Poly1305 (RFC7539, good tag)
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
-aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":1:"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":1:0:"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":1
+aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":1:"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":1:0:"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e"
 
-PSA Multipart AEAD decrypt: ChaCha20-Poly1305 (RFC7539, good tag) (lengths set)
+PSA Multipart AEAD decrypt: ChaCha20 - Poly1305 (RFC7539, good tag) (lengths set)
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
-aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":1:"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":1:1:"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":1
+aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":1:"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":1:1:"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e"
 
-PSA Multipart AEAD decrypt: ChaCha20-Poly1305 (RFC7539, bad tag)
+PSA Multipart AEAD decrypt: ChaCha20 - Poly1305 (good tag, zero - length input)
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
-aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":1:"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600690":1:0:"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":0
+aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"":1:"a0784d7a4716f3feb4f64e7f4b39bf04":1:0:""
 
-PSA Multipart AEAD decrypt: ChaCha20-Poly1305 (good tag, zero-length input)
+PSA Multipart AEAD decrypt: ChaCha20 - Poly1305 (good tag, zero - length input) (lengths set)
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
-aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"":1:"a0784d7a4716f3feb4f64e7f4b39bf04":1:0:"":1
+aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"":1:"a0784d7a4716f3feb4f64e7f4b39bf04":1:1:""
 
-PSA Multipart AEAD decrypt: ChaCha20-Poly1305 (good tag, zero-length input) (lengths set)
+PSA Multipart AEAD verify, AES - GCM, invalid signature
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_verify:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":"12195120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f":"6bac793bdc2190a195122c98544ccf56":PSA_ERROR_INVALID_SIGNATURE
+
+PSA Multipart AEAD verify, AES - GCM, T = 15 but passing 16 bytes
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_verify:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,15):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c87281":"4365847fe0b7b7fbed325953df344a96":PSA_ERROR_INVALID_SIGNATURE
+
+PSA Multipart AEAD verify: AES - GCM, invalid tag length 0
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_verify:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,0):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"":PSA_ERROR_INVALID_ARGUMENT
+
+PSA Multipart AEAD verify: AES - GCM, invalid tag length 2
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_verify:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,2):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd":"10b6":PSA_ERROR_INVALID_ARGUMENT
+
+PSA Multipart AEAD verify: ChaCha20 - Poly1305 (RFC7539, bad tag)
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
-aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"":1:"a0784d7a4716f3feb4f64e7f4b39bf04":1:1:"":1
-
-PSA Multipart AEAD decrypt: invalid algorithm (CTR)
-depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CTR:"000102030405060708090A0B0C0D0E0F":"":0:"":1:0:"":0
-
-PSA Multipart AEAD decrypt: invalid algorithm (ChaCha20)
-depends_on:MBEDTLS_CHACHA20_C
-aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_STREAM_CIPHER:"":"":1:"":1:0:"":0
+aead_multipart_verify:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b6116":"1ae10b594f09e26a7e902ecbd0600690":PSA_ERROR_INVALID_SIGNATURE
 
 PSA Multipart Nonce Generation, AES - GCM, NONCE = (Req 12 / Expect 12)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index b6d52f7d66..f25872d168 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -309,7 +309,6 @@ static int aead_multipart_internal_func( int key_type_arg, data_t *key_data,
                                          int data_part_len_arg,
                                          setlengths_method set_lengths_method,
                                          data_t *expected_output,
-                                         int expect_valid_signature,
                                          int is_encrypt,
                                          int do_zero_parts )
 {
@@ -518,25 +517,11 @@ static int aead_multipart_internal_func( int key_type_arg, data_t *key_data,
                                      &tag_size ) );
     else
     {
-        status = psa_aead_verify( &operation, final_data,
+        PSA_ASSERT( psa_aead_verify( &operation, final_data,
                                      final_output_size,
                                      &output_part_length,
                                      ( input_data->x + data_true_size ),
-                                     tag_length );
-
-        if( expect_valid_signature )
-            PSA_ASSERT( status );
-        else
-        {
-            TEST_ASSERT( status != PSA_SUCCESS );
-
-            if( status != PSA_SUCCESS )
-            {
-                /* Expected failure. */
-                test_ok = 1;
-                goto exit;
-            }
-        }
+                                     tag_length ) );
     }
 
     if( output_data && output_part_length )
@@ -3522,7 +3507,7 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data,
                                                input_data, -1,
                                                set_lengths_method,
                                                expected_output,
-                                               1, 1, 0 ) )
+                                               1, 0 ) )
                 break;
 
             /* length(0) part, length(ad_part_len) part, length(0) part... */
@@ -3535,7 +3520,7 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data,
                                                input_data, -1,
                                                set_lengths_method,
                                                expected_output,
-                                               1, 1, 1 ) )
+                                               1, 1 ) )
                 break;
         }
     }
@@ -3563,7 +3548,7 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data,
                                                input_data, data_part_len,
                                                set_lengths_method,
                                                expected_output,
-                                               1, 1, 0 ) )
+                                               1, 0 ) )
                 break;
 
             /* length(0) part, length(data_part_len) part, length(0) part... */
@@ -3575,7 +3560,7 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data,
                                                input_data, data_part_len,
                                                set_lengths_method,
                                                expected_output,
-                                               1, 1, 1 ) )
+                                               1, 1 ) )
                 break;
         }
     }
@@ -3596,8 +3581,7 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data,
                              data_t *input_data,
                              int do_test_data_chunked,
                              int do_set_lengths,
-                             data_t *expected_output,
-                             int expect_valid_signature )
+                             data_t *expected_output )
 {
     size_t ad_part_len = 0;
     size_t data_part_len = 0;
@@ -3631,7 +3615,6 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data,
                                                input_data, -1,
                                                set_lengths_method,
                                                expected_output,
-                                               expect_valid_signature,
                                                0, 0 ) )
                 break;
 
@@ -3645,7 +3628,6 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data,
                                                input_data, -1,
                                                set_lengths_method,
                                                expected_output,
-                                               expect_valid_signature,
                                                0, 1 ) )
                 break;
         }
@@ -3674,7 +3656,6 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data,
                                                input_data, data_part_len,
                                                set_lengths_method,
                                                expected_output,
-                                               expect_valid_signature,
                                                0, 0 ) )
                 break;
 
@@ -3687,7 +3668,6 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data,
                                                input_data, data_part_len,
                                                set_lengths_method,
                                                expected_output,
-                                               expect_valid_signature,
                                                0, 1 ) )
                 break;
         }
@@ -4084,6 +4064,90 @@ exit:
 }
 /* END_CASE */
 
+/* BEGIN_CASE */
+void aead_multipart_verify( int key_type_arg, data_t *key_data,
+                            int alg_arg,
+                            data_t *nonce,
+                            data_t *additional_data,
+                            data_t *input_data,
+                            data_t *tag,
+                            int expected_status_arg )
+{
+    mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
+    psa_key_type_t key_type = key_type_arg;
+    psa_algorithm_t alg = alg_arg;
+    psa_aead_operation_t operation;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+    psa_status_t status = PSA_ERROR_GENERIC_ERROR;
+    psa_status_t expected_status = expected_status_arg;
+    unsigned char *plaintext = NULL;
+    unsigned char *finish_plaintext = NULL;
+    size_t plaintext_size = 0;
+    size_t plaintext_length = 0;
+    size_t verify_plaintext_size = 0;
+
+    PSA_ASSERT( psa_crypto_init( ) );
+
+    psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT  );
+    psa_set_key_algorithm( &attributes, alg );
+    psa_set_key_type( &attributes, key_type );
+
+    PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+                                &key ) );
+
+    PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
+
+    plaintext_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg,
+                                                  input_data->len );
+
+    ASSERT_ALLOC( plaintext, plaintext_size );
+
+    verify_plaintext_size = PSA_AEAD_VERIFY_OUTPUT_SIZE( key_type, alg );
+
+    ASSERT_ALLOC( finish_plaintext, verify_plaintext_size );
+
+    operation = psa_aead_operation_init( );
+
+    status = psa_aead_decrypt_setup( &operation, key, alg );
+
+    /* If the operation is not supported, just skip and not fail in case the
+     * encryption involves a common limitation of cryptography hardwares and
+     * an alternative implementation. */
+    if( status == PSA_ERROR_NOT_SUPPORTED )
+    {
+        MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 );
+        MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce->len );
+    }
+
+    PSA_ASSERT( status );
+
+    PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) );
+
+    PSA_ASSERT( psa_aead_update_ad( &operation, additional_data->x,
+                                    additional_data->len ) );
+
+    PSA_ASSERT( psa_aead_update( &operation, input_data->x,
+                                 input_data->len,
+                                 plaintext, plaintext_size,
+                                 &plaintext_length ) );
+
+    status = psa_aead_verify( &operation, finish_plaintext,
+                              verify_plaintext_size,
+                              &plaintext_length,
+                              tag->x, tag->len );
+
+    TEST_EQUAL( status, expected_status );
+
+exit:
+    psa_destroy_key( key );
+    mbedtls_free( plaintext );
+    mbedtls_free( finish_plaintext );
+    psa_aead_abort( &operation );
+    PSA_DONE( );
+}
+/* END_CASE */
+
+
 /* BEGIN_CASE */
 void aead_multipart_state_test( int key_type_arg, data_t *key_data,
                                 int alg_arg,

From 1c67e0b38ccbd3a2e0daf55d5cbaeaa304c498eb Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Sun, 19 Sep 2021 13:11:50 +0100
Subject: [PATCH 520/966] Add extra verify edge test cases

Add ability to pass NULL tag buffer (with length zero)

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 tests/suites/test_suite_psa_crypto.data     | 22 ++++++++++++++++-----
 tests/suites/test_suite_psa_crypto.function | 19 ++++++++++++++++--
 2 files changed, 34 insertions(+), 7 deletions(-)

diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index 645fe2af3c..12f7e7c8ad 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -2544,23 +2544,35 @@ aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f90
 
 PSA Multipart AEAD verify, AES - GCM, invalid signature
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_verify:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":"12195120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f":"6bac793bdc2190a195122c98544ccf56":PSA_ERROR_INVALID_SIGNATURE
+aead_multipart_verify:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":"12195120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f":"6bac793bdc2190a195122c98544ccf56":1:PSA_ERROR_INVALID_SIGNATURE
 
 PSA Multipart AEAD verify, AES - GCM, T = 15 but passing 16 bytes
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_verify:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,15):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c87281":"4365847fe0b7b7fbed325953df344a96":PSA_ERROR_INVALID_SIGNATURE
+aead_multipart_verify:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,15):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c87281":"4365847fe0b7b7fbed325953df344a96":1:PSA_ERROR_INVALID_SIGNATURE
+
+PSA Multipart AEAD verify, AES - GCM, T = 15 but passing 14 bytes
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_verify:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,15):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c87281":"4365847fe0b7b7fbed325953df34":1:PSA_ERROR_INVALID_SIGNATURE
+
+PSA Multipart AEAD verify, AES - GCM, T = 15 but passing 0 bytes (valid buffer)
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_verify:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,15):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c87281":"":1:PSA_ERROR_INVALID_SIGNATURE
+
+PSA Multipart AEAD verify, AES - GCM, T = 15 but passing 0 bytes (NULL buffer)
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_verify:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,15):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c87281":"":0:PSA_ERROR_INVALID_SIGNATURE
 
 PSA Multipart AEAD verify: AES - GCM, invalid tag length 0
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_verify:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,0):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"":PSA_ERROR_INVALID_ARGUMENT
+aead_multipart_verify:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,0):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"":1:PSA_ERROR_INVALID_ARGUMENT
 
 PSA Multipart AEAD verify: AES - GCM, invalid tag length 2
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_verify:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,2):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd":"10b6":PSA_ERROR_INVALID_ARGUMENT
+aead_multipart_verify:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,2):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd":"10b6":1:PSA_ERROR_INVALID_ARGUMENT
 
 PSA Multipart AEAD verify: ChaCha20 - Poly1305 (RFC7539, bad tag)
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
-aead_multipart_verify:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b6116":"1ae10b594f09e26a7e902ecbd0600690":PSA_ERROR_INVALID_SIGNATURE
+aead_multipart_verify:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b6116":"1ae10b594f09e26a7e902ecbd0600690":1:PSA_ERROR_INVALID_SIGNATURE
 
 PSA Multipart Nonce Generation, AES - GCM, NONCE = (Req 12 / Expect 12)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index f25872d168..29cda92ebf 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -271,6 +271,12 @@ typedef enum
     SET_LENGTHS_AFTER_NONCE = 2
 } setlengths_method;
 
+typedef enum
+{
+    USE_NULL_TAG = 0,
+    USE_GIVEN_TAG = 1,
+} tagusage_method;
+
 /*!
  * \brief                           Internal Function for AEAD multipart tests.
  *
@@ -4071,6 +4077,7 @@ void aead_multipart_verify( int key_type_arg, data_t *key_data,
                             data_t *additional_data,
                             data_t *input_data,
                             data_t *tag,
+                            int tag_usage_arg,
                             int expected_status_arg )
 {
     mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
@@ -4085,6 +4092,9 @@ void aead_multipart_verify( int key_type_arg, data_t *key_data,
     size_t plaintext_size = 0;
     size_t plaintext_length = 0;
     size_t verify_plaintext_size = 0;
+    tagusage_method tag_usage = tag_usage_arg;
+    unsigned char *tag_buffer = NULL;
+    size_t tag_size = 0;
 
     PSA_ASSERT( psa_crypto_init( ) );
 
@@ -4131,10 +4141,16 @@ void aead_multipart_verify( int key_type_arg, data_t *key_data,
                                  plaintext, plaintext_size,
                                  &plaintext_length ) );
 
+    if( tag_usage == USE_GIVEN_TAG )
+    {
+        tag_buffer = tag->x;
+        tag_size = tag->len;
+    }
+
     status = psa_aead_verify( &operation, finish_plaintext,
                               verify_plaintext_size,
                               &plaintext_length,
-                              tag->x, tag->len );
+                              tag_buffer, tag_size );
 
     TEST_EQUAL( status, expected_status );
 
@@ -4147,7 +4163,6 @@ exit:
 }
 /* END_CASE */
 
-
 /* BEGIN_CASE */
 void aead_multipart_state_test( int key_type_arg, data_t *key_data,
                                 int alg_arg,

From 5221ef638a1aca1873a2947526198282c15a24a8 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Sun, 19 Sep 2021 17:33:03 +0100
Subject: [PATCH 521/966] Add aead setup tests

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 tests/suites/test_suite_psa_crypto.data     |  8 ++++
 tests/suites/test_suite_psa_crypto.function | 45 +++++++++++++++++++++
 2 files changed, 53 insertions(+)

diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index 12f7e7c8ad..09ebcf08f3 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -2678,6 +2678,14 @@ PSA AEAD finish buffer test: ChaCha20 - Poly1305, BUF = 0, TAG = 0
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
 aead_multipart_finish_buffer_test:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:0:0:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":PSA_ERROR_BUFFER_TOO_SMALL
 
+PSA AEAD setup: invalid algorithm (CTR)
+depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
+aead_multipart_setup:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CTR:PSA_ERROR_INVALID_ARGUMENT
+
+PSA AEAD setup: invalid algorithm (ChaCha20)
+depends_on:MBEDTLS_CHACHA20_C
+aead_multipart_setup:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_STREAM_CIPHER:PSA_ERROR_INVALID_ARGUMENT
+
 PSA Multipart State Checks, AES - GCM
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_state_test:PSA_KEY_TYPE_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":PSA_ALG_GCM:"000102030405060708090A0B0C0D0E0F":"000102030405060708090A0B":"0C0D0E0F101112131415161718191A1B1C1D1E"
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 29cda92ebf..9fb8363a42 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -4163,6 +4163,51 @@ exit:
 }
 /* END_CASE */
 
+/* BEGIN_CASE */
+void aead_multipart_setup( int key_type_arg, data_t *key_data,
+                           int alg_arg, int expected_status_arg )
+{
+    mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
+    psa_key_type_t key_type = key_type_arg;
+    psa_algorithm_t alg = alg_arg;
+    psa_aead_operation_t operation;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+    psa_status_t status = PSA_ERROR_GENERIC_ERROR;
+    psa_status_t expected_status = expected_status_arg;
+
+    PSA_ASSERT( psa_crypto_init( ) );
+
+    psa_set_key_usage_flags( &attributes,
+                             PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
+    psa_set_key_algorithm( &attributes, alg );
+    psa_set_key_type( &attributes, key_type );
+
+    PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+                                &key ) );
+
+    mbedtls_test_set_step( 0 );
+
+    status = psa_aead_encrypt_setup( &operation, key, alg );
+
+    TEST_EQUAL( status, expected_status );
+
+    psa_aead_abort( &operation );
+
+    operation = psa_aead_operation_init( );
+
+    mbedtls_test_set_step( 1 );
+
+    status = psa_aead_decrypt_setup( &operation, key, alg );
+
+    TEST_EQUAL(status, expected_status );
+
+exit:
+    psa_destroy_key( key );
+    psa_aead_abort( &operation );
+    PSA_DONE( );
+}
+/* END_CASE */
+
 /* BEGIN_CASE */
 void aead_multipart_state_test( int key_type_arg, data_t *key_data,
                                 int alg_arg,

From f94bd993685eb0c15e843dbe336b52954c79a999 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Sun, 19 Sep 2021 18:15:59 +0100
Subject: [PATCH 522/966] Add missing aead state tests.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 tests/suites/test_suite_psa_crypto.function | 40 +++++++++++++++++++++
 1 file changed, 40 insertions(+)

diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 9fb8363a42..d23ef4d5a5 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -4503,6 +4503,23 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data,
 
     PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) );
 
+    PSA_ASSERT( psa_aead_update_ad( &operation, additional_data->x,
+                                    additional_data->len ) );
+
+    TEST_EQUAL( psa_aead_set_lengths( &operation, additional_data->len,
+                                      input_data->len ),
+                PSA_ERROR_BAD_STATE );
+
+    psa_aead_abort( &operation );
+
+    /* ------------------------------------------------------- */
+
+    operation = psa_aead_operation_init( );
+
+    PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) );
+
+    PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) );
+
     PSA_ASSERT( psa_aead_update( &operation, input_data->x,
                                  input_data->len, output_data,
                                  output_size, &output_length ) );
@@ -4574,6 +4591,29 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data,
 
     psa_aead_abort( &operation );
 
+    /* Test for not sending any data after setting a non-zero length for it.*/
+
+    operation = psa_aead_operation_init( );
+
+    PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) );
+
+    PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) );
+
+    PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len,
+                                      input_data->len ) );
+
+    PSA_ASSERT( psa_aead_update_ad( &operation, additional_data->x,
+                                    additional_data->len ) );
+
+    TEST_EQUAL( psa_aead_finish( &operation, final_data,
+                                 finish_output_size,
+                                 &output_part_length,
+                                 tag_buffer, tag_length,
+                                 &tag_size ),
+                PSA_ERROR_INVALID_ARGUMENT );
+
+    psa_aead_abort( &operation );
+
     /* Test for sending too much additional data after setting lengths. */
 
     operation = psa_aead_operation_init( );

From 70f447dfe59261e28f175280643244fe519f335a Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Sun, 19 Sep 2021 18:21:58 +0100
Subject: [PATCH 523/966] Replace individual zeroization with memset

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto.c | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index b335aa37c5..15495626ba 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3819,12 +3819,7 @@ psa_status_t psa_aead_abort( psa_aead_operation_t *operation )
 
     status = psa_driver_wrapper_aead_abort( operation );
 
-    operation->id = 0;
-    operation->nonce_set = 0;
-    operation->lengths_set = 0;
-    operation->ad_started = 0;
-    operation->body_started = 0;
-    operation->is_encrypt = 0;
+    memset( operation, 0, sizeof( psa_aead_operation_t ) );
 
     return( status );
 }

From 69bf5fc901d4d2838b8a2df03d7c733ade6d5602 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Sun, 19 Sep 2021 18:26:37 +0100
Subject: [PATCH 524/966] Const correctness

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 15495626ba..8af26d33b0 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3713,7 +3713,7 @@ exit:
     return( status );
 }
 
-static psa_status_t psa_aead_final_checks( psa_aead_operation_t *operation )
+static psa_status_t psa_aead_final_checks( const psa_aead_operation_t *operation )
 {
     if( operation->id == 0 || !operation->nonce_set )
         return( PSA_ERROR_BAD_STATE );

From 4c916e8d74916ccaf0fce9600c03151f0b9e862e Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Sun, 19 Sep 2021 18:34:50 +0100
Subject: [PATCH 525/966] Improve comment on buffer clearing

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 8af26d33b0..b5efc2de09 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3756,10 +3756,10 @@ psa_status_t psa_aead_finish( psa_aead_operation_t *operation,
 
 exit:
     /* In case the operation fails and the user fails to check for failure or
-     * the zero tag size, make sure the tag is set to something impossible.
-     * Even if the operation succeeds, make sure we set the rest of the
-     * buffer to something impossible to prevent potential leakage of
-     * anything previously placed in the same buffer.*/
+     * the zero tag size, make sure the tag is set to something implausible.
+     * Even if the operation succeeds, make sure we clear the rest of the
+     * buffer to prevent potential leakage of anything previously placed in
+     * the same buffer.*/
     if( status != PSA_SUCCESS )
         memset( tag, '!', tag_size );
     else if( *tag_length < tag_size )

From 8ff74217e46cd9c1ecea05dbfcf1a20926cc3d56 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Sun, 19 Sep 2021 18:39:23 +0100
Subject: [PATCH 526/966] Add comment explaining finish output size

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto_aead.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c
index 46eb1c9332..01d5d19d1c 100644
--- a/library/psa_crypto_aead.c
+++ b/library/psa_crypto_aead.c
@@ -677,6 +677,8 @@ psa_status_t mbedtls_psa_aead_finish(
 
     if( status == PSA_SUCCESS )
     {
+        /* This will be zero for all supported algorithms currently, but left
+         * here for future support. */
         *ciphertext_length = finish_output_size;
         *tag_length = operation->tag_length;
     }

From ec95cc94890d77cb320549e61b5d413a40e04195 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Sun, 19 Sep 2021 22:33:09 +0100
Subject: [PATCH 527/966] Add safety for NULL tag being passed to finish

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index b5efc2de09..664b8aecce 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3760,10 +3760,13 @@ exit:
      * Even if the operation succeeds, make sure we clear the rest of the
      * buffer to prevent potential leakage of anything previously placed in
      * the same buffer.*/
-    if( status != PSA_SUCCESS )
-        memset( tag, '!', tag_size );
-    else if( *tag_length < tag_size )
-        memset( tag + *tag_length, '!', ( tag_size - *tag_length ) );
+    if( tag )
+    {
+        if( status != PSA_SUCCESS )
+            memset( tag, '!', tag_size );
+        else if( *tag_length < tag_size )
+            memset( tag + *tag_length, '!', ( tag_size - *tag_length ) );
+    }
 
     psa_aead_abort( operation );
 

From 8eec8d443689334304131670e8a2e084fed2127b Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Sun, 19 Sep 2021 22:38:27 +0100
Subject: [PATCH 528/966] Fix missed documentation header

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 tests/suites/test_suite_psa_crypto.function | 21 +++++++++------------
 1 file changed, 9 insertions(+), 12 deletions(-)

diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index d23ef4d5a5..fa579e45ad 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -279,32 +279,29 @@ typedef enum
 
 /*!
  * \brief                           Internal Function for AEAD multipart tests.
- *
  * \param key_type_arg              Type of key passed in
  * \param key_data                  The encryption / decryption key data
  * \param alg_arg                   The type of algorithm used
  * \param nonce                     Nonce data
  * \param additional_data           Additional data
- * \param ad_part_len               If not -1, the length of chunks to
+ * \param ad_part_len_arg           If not -1, the length of chunks to
  *                                  feed additional data in to be encrypted /
  *                                  decrypted. If -1, no chunking.
  * \param input_data                Data to encrypt / decrypt
- * \param data_part_len             If not -1, the length of chunks to feed the
- *                                  data in to be encrypted / decrypted. If -1,
- *                                  no chunking
- * \param do_set_lengths            If non-zero, then set lengths prior to
- *                                  calling encryption / decryption.
+ * \param data_part_len_arg         If not -1, the length of chunks to feed
+ *                                  the data in to be encrypted / decrypted. If
+ *                                  -1, no chunking
+ * \param set_lengths_method        A member of the setlengths_method enum is
+ *                                  expected here, this controls whether or not
+ *                                  to set lengths, and in what order with
+ *                                  respect to set nonce.
  * \param expected_output           Expected output
  * \param expect_valid_signature    If non zero, we expect the signature to be
  *                                  valid
  * \param is_encrypt                If non-zero this is an encryption operation.
  * \param do_zero_parts             If non-zero, interleave zero length chunks
- *                                  with normal length chunks
- * \param swap_set_functions        If non-zero, swap the order of set lengths
- *                                  and set nonce.
- *
+ *                                  with normal length chunks.
  * \return int                      Zero on failure, non-zero on success.
- *
  */
 static int aead_multipart_internal_func( int key_type_arg, data_t *key_data,
                                          int alg_arg,

From 6043e49039ff221cdfc7d71b209e796cf1e4f5e7 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Mon, 20 Sep 2021 09:24:48 +0100
Subject: [PATCH 529/966] Fix missed documentation header pt 2

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 tests/suites/test_suite_psa_crypto.function | 2 --
 1 file changed, 2 deletions(-)

diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index fa579e45ad..a240df7bda 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -296,8 +296,6 @@ typedef enum
  *                                  to set lengths, and in what order with
  *                                  respect to set nonce.
  * \param expected_output           Expected output
- * \param expect_valid_signature    If non zero, we expect the signature to be
- *                                  valid
  * \param is_encrypt                If non-zero this is an encryption operation.
  * \param do_zero_parts             If non-zero, interleave zero length chunks
  *                                  with normal length chunks.

From 4a760882bb45a937a1dc97965e7b6a9fe92fbf7a Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Mon, 20 Sep 2021 09:42:21 +0100
Subject: [PATCH 530/966] Fix leaked test buffer

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 tests/suites/test_suite_psa_crypto.function | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index a240df7bda..2feadf800e 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -4060,6 +4060,7 @@ exit:
     psa_destroy_key( key );
     mbedtls_free( ciphertext );
     mbedtls_free( finish_ciphertext );
+    mbedtls_free( tag_buffer );
     psa_aead_abort( &operation );
     PSA_DONE( );
 }

From 396853ad03c21cac4d612e1bc2257f8b8dc09eaa Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Mon, 20 Sep 2021 18:57:55 +0200
Subject: [PATCH 531/966] 'make test': show failing test cases when cmake does

When building with make, `make test` runs `run-test-suites.pl` which has a
verbose mode that reports the failing test cases, but it didn't provide a
way to enable this verbose mode. With the present commit, you can run `make
test TEST_FLAGS=-v` to use verbose mode.

Base the default for verbose mode on the same environment variable that
`make test` uses when building with CMake: default off, but enabled if
`CTEST_OUTPUT_ON_FAILURE` is true. In particular, verbose mode will now be
on when building from `all.sh`.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 tests/Makefile       | 5 ++++-
 tests/scripts/all.sh | 2 +-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/tests/Makefile b/tests/Makefile
index 449fca2748..db642c7798 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -5,6 +5,9 @@ CFLAGS	?= -O2
 WARNING_CFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral
 LDFLAGS ?=
 
+# Set this to -v to see the details of failing test cases
+TEST_FLAGS ?= $(if $(filter-out 0 OFF Off off NO No no FALSE False false N n,$(CTEST_OUTPUT_ON_FAILURE)),-v,)
+
 default: all
 
 # Include public header files from ../include, test-specific header files
@@ -195,7 +198,7 @@ endif
 
 # Test suites caught by SKIP_TEST_SUITES are built but not executed.
 check: $(BINARIES)
-	perl scripts/run-test-suites.pl --skip=$(SKIP_TEST_SUITES)
+	perl scripts/run-test-suites.pl $(TEST_FLAGS) --skip=$(SKIP_TEST_SUITES)
 
 test: check
 
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 9944a853f5..583743c2eb 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -178,7 +178,7 @@ pre_initialize_variables () {
         export MAKEFLAGS="-j"
     fi
 
-    # Include more verbose output for failing tests run by CMake
+    # Include more verbose output for failing tests run by CMake or make
     export CTEST_OUTPUT_ON_FAILURE=1
 
     # CFLAGS and LDFLAGS for Asan builds that don't use CMake

From 3587dfdce8535ee1fb2f08142c0830a9289055cc Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Mon, 20 Sep 2021 19:20:04 +0200
Subject: [PATCH 532/966] Move long -D lists from all.sh to a header file

To facilitate maintenance and to make it easier to reproduce all.sh builds
manually, remove the long, repeated list of -D options from
component_test_psa_crypto_config_basic and component_test_psa_crypto_drivers
and put it in a header file instead.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 tests/configs/user-config-for-test.h | 57 ++++++++++++++++++++++++++++
 tests/scripts/all.sh                 | 54 ++------------------------
 2 files changed, 61 insertions(+), 50 deletions(-)
 create mode 100644 tests/configs/user-config-for-test.h

diff --git a/tests/configs/user-config-for-test.h b/tests/configs/user-config-for-test.h
new file mode 100644
index 0000000000..444a4bf00f
--- /dev/null
+++ b/tests/configs/user-config-for-test.h
@@ -0,0 +1,57 @@
+/* MBEDTLS_USER_CONFIG_FILE for testing.
+ * Only used for a few test configurations.
+ *
+ * Typical usage (note multiple levels of quoting):
+ *     make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/user-config-for-test.h\"'"
+ */
+
+/*
+ *  Copyright The Mbed TLS Contributors
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+#if defined(PSA_CRYPTO_DRIVER_TEST_ALL)
+
+/* Enable the use of the test driver in the library, and build the generic
+ * part of the test driver. */
+#define PSA_CRYPTO_DRIVER_TEST
+
+/* Use the accelerator driver for all cryptographic mechanisms for which
+ * the test driver implemented. */
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_AES
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR
+#define MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING
+#define MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7
+#define MBEDTLS_PSA_ACCEL_ALG_CTR
+#define MBEDTLS_PSA_ACCEL_ALG_CFB
+#define MBEDTLS_PSA_ACCEL_ALG_ECDSA
+#define MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA
+#define MBEDTLS_PSA_ACCEL_ALG_MD5
+#define MBEDTLS_PSA_ACCEL_ALG_OFB
+#define MBEDTLS_PSA_ACCEL_ALG_RIPEMD160
+#define MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN
+#define MBEDTLS_PSA_ACCEL_ALG_RSA_PSS
+#define MBEDTLS_PSA_ACCEL_ALG_SHA_1
+#define MBEDTLS_PSA_ACCEL_ALG_SHA_224
+#define MBEDTLS_PSA_ACCEL_ALG_SHA_256
+#define MBEDTLS_PSA_ACCEL_ALG_SHA_384
+#define MBEDTLS_PSA_ACCEL_ALG_SHA_512
+#define MBEDTLS_PSA_ACCEL_ALG_XTS
+#define MBEDTLS_PSA_ACCEL_ALG_CMAC
+#define MBEDTLS_PSA_ACCEL_ALG_HMAC
+
+#endif  /* PSA_CRYPTO_DRIVER_TEST_ALL */
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 583743c2eb..3294a6afe2 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -1560,31 +1560,8 @@ component_test_psa_crypto_config_basic() {
     scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_DES
     scripts/config.py unset MBEDTLS_DES_C
 
-    # Need to define the correct symbol and include the test driver header path in order to build with the test driver
-    loc_cflags="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST"
-    loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_KEY_TYPE_AES"
-    loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA"
-    loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR"
-    loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR"
-    loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING"
-    loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7"
-    loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_CTR"
-    loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_CFB"
-    loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_ECDSA"
-    loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA"
-    loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_MD5"
-    loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_OFB"
-    loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_RIPEMD160"
-    loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN"
-    loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_RSA_PSS"
-    loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_SHA_1"
-    loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_SHA_224"
-    loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_SHA_256"
-    loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_SHA_384"
-    loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_SHA_512"
-    loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_XTS"
-    loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_CMAC"
-    loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_HMAC"
+    loc_cflags="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST_ALL"
+    loc_cflags="${loc_cflags} '-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/user-config-for-test.h\"'"
     loc_cflags="${loc_cflags} -I../tests/include -O2"
 
     make CC=gcc CFLAGS="$loc_cflags" LDFLAGS="$ASAN_CFLAGS"
@@ -2237,31 +2214,8 @@ component_test_psa_crypto_drivers () {
     scripts/config.py full
     scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
     scripts/config.py set MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS
-    # Need to define the correct symbol and include the test driver header path in order to build with the test driver
-    loc_cflags="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST"
-    loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_KEY_TYPE_AES"
-    loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA"
-    loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR"
-    loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR"
-    loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING"
-    loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7"
-    loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_CTR"
-    loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_CFB"
-    loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_ECDSA"
-    loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA"
-    loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_MD5"
-    loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_OFB"
-    loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_RIPEMD160"
-    loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN"
-    loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_RSA_PSS"
-    loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_SHA_1"
-    loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_SHA_224"
-    loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_SHA_256"
-    loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_SHA_384"
-    loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_SHA_512"
-    loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_XTS"
-    loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_CMAC"
-    loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_HMAC"
+    loc_cflags="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST_ALL"
+    loc_cflags="${loc_cflags} '-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/user-config-for-test.h\"'"
     loc_cflags="${loc_cflags} -I../tests/include -O2"
 
     make CC=gcc CFLAGS="${loc_cflags}" LDFLAGS="$ASAN_CFLAGS"

From 64555bd98ca43be8667b83ad81e32232b016f957 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Mon, 20 Sep 2021 16:44:44 +0100
Subject: [PATCH 533/966] Add missing initialisation to setup test.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 tests/suites/test_suite_psa_crypto.function | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 2feadf800e..c91f744b89 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -4181,6 +4181,8 @@ void aead_multipart_setup( int key_type_arg, data_t *key_data,
     PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
                                 &key ) );
 
+    operation = psa_aead_operation_init( );
+
     mbedtls_test_set_step( 0 );
 
     status = psa_aead_encrypt_setup( &operation, key, alg );

From 0f32b7d345ada2a5539faf230da9dec3b46a5043 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Mon, 20 Sep 2021 18:46:03 +0100
Subject: [PATCH 534/966] Apply fixes to test driver from lib implementation

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 tests/src/drivers/test_driver_aead.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/tests/src/drivers/test_driver_aead.c b/tests/src/drivers/test_driver_aead.c
index ac116ffb06..84e69e0f69 100644
--- a/tests/src/drivers/test_driver_aead.c
+++ b/tests/src/drivers/test_driver_aead.c
@@ -282,7 +282,7 @@ psa_status_t mbedtls_test_transparent_aead_verify(
                                    plaintext_size,
                                    plaintext_length,
                                    check_tag,
-                                   tag_length,
+                                   sizeof( check_tag ),
                                    &check_tag_length );
 
        if( mbedtls_test_driver_aead_hooks.driver_status == PSA_SUCCESS )
@@ -293,6 +293,8 @@ psa_status_t mbedtls_test_transparent_aead_verify(
              mbedtls_test_driver_aead_hooks.driver_status =
                                                     PSA_ERROR_INVALID_SIGNATURE;
        }
+
+       mbedtls_platform_zeroize( check_tag, sizeof( check_tag ) );
     }
 
     return( mbedtls_test_driver_aead_hooks.driver_status );

From 6c12a1e9f2375930e016e4c2efb95712856ab95c Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Tue, 21 Sep 2021 11:59:39 +0200
Subject: [PATCH 535/966] Add ARIA to the PSA API

Use the encoding from an upcoming version of the specification.

Add as much (or as little) testing as is currently present for Camellia.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 include/psa/crypto.h                          |  1 +
 include/psa/crypto_values.h                   |  4 +++
 library/psa_crypto.c                          |  6 ++++
 library/psa_crypto_cipher.c                   |  3 ++
 .../test_suite_psa_crypto_metadata.data       | 28 +++++++++++++++++++
 .../test_suite_psa_crypto_se_driver_hal.data  | 15 ++++++++++
 6 files changed, 57 insertions(+)

diff --git a/include/psa/crypto.h b/include/psa/crypto.h
index b3ef3631d4..5d9854a7ba 100644
--- a/include/psa/crypto.h
+++ b/include/psa/crypto.h
@@ -3682,6 +3682,7 @@ psa_status_t psa_key_derivation_output_bytes(
  *   The following key types defined in this specification follow this scheme:
  *
  *     - #PSA_KEY_TYPE_AES;
+ *     - #PSA_KEY_TYPE_ARIA;
  *     - #PSA_KEY_TYPE_CAMELLIA;
  *     - #PSA_KEY_TYPE_DERIVE;
  *     - #PSA_KEY_TYPE_HMAC;
diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h
index daef9416cc..7442ec2c96 100644
--- a/include/psa/crypto_values.h
+++ b/include/psa/crypto_values.h
@@ -466,6 +466,10 @@
  */
 #define PSA_KEY_TYPE_AES                            ((psa_key_type_t)0x2400)
 
+/** Key for a cipher, AEAD or MAC algorithm based on the
+ * ARIA block cipher. */
+#define PSA_KEY_TYPE_ARIA                           ((psa_key_type_t)0x2406)
+
 /** Key for a cipher or MAC algorithm based on DES or 3DES (Triple-DES).
  *
  * The size of the key can be 64 bits (single DES), 128 bits (2-key 3DES) or
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index bcbaa3d68a..95a94278ef 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -446,6 +446,12 @@ psa_status_t psa_validate_unstructured_key_bit_size( psa_key_type_t type,
                 return( PSA_ERROR_INVALID_ARGUMENT );
             break;
 #endif
+#if defined(PSA_WANT_KEY_TYPE_ARIA)
+        case PSA_KEY_TYPE_ARIA:
+            if( bits != 128 && bits != 192 && bits != 256 )
+                return( PSA_ERROR_INVALID_ARGUMENT );
+            break;
+#endif
 #if defined(PSA_WANT_KEY_TYPE_CAMELLIA)
         case PSA_KEY_TYPE_CAMELLIA:
             if( bits != 128 && bits != 192 && bits != 256 )
diff --git a/library/psa_crypto_cipher.c b/library/psa_crypto_cipher.c
index 2268fc5850..ce8ab5cd0a 100644
--- a/library/psa_crypto_cipher.c
+++ b/library/psa_crypto_cipher.c
@@ -115,6 +115,9 @@ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa(
         case PSA_KEY_TYPE_AES:
             cipher_id_tmp = MBEDTLS_CIPHER_ID_AES;
             break;
+        case PSA_KEY_TYPE_ARIA:
+            cipher_id_tmp = MBEDTLS_CIPHER_ID_ARIA;
+            break;
         case PSA_KEY_TYPE_DES:
             /* key_bits is 64 for Single-DES, 128 for two-key Triple-DES,
              * and 192 for three-key Triple-DES. */
diff --git a/tests/suites/test_suite_psa_crypto_metadata.data b/tests/suites/test_suite_psa_crypto_metadata.data
index a3668fcc94..0706b26413 100644
--- a/tests/suites/test_suite_psa_crypto_metadata.data
+++ b/tests/suites/test_suite_psa_crypto_metadata.data
@@ -130,6 +130,18 @@ AEAD: CCM-AES-256
 depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
 aead_algorithm:PSA_ALG_CCM:ALG_IS_AEAD_ON_BLOCK_CIPHER:16:PSA_KEY_TYPE_AES:256
 
+AEAD: CCM-ARIA-128
+depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CCM
+aead_algorithm:PSA_ALG_CCM:ALG_IS_AEAD_ON_BLOCK_CIPHER:16:PSA_KEY_TYPE_ARIA:128
+
+AEAD: CCM-ARIA-192
+depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CCM
+aead_algorithm:PSA_ALG_CCM:ALG_IS_AEAD_ON_BLOCK_CIPHER:16:PSA_KEY_TYPE_ARIA:192
+
+AEAD: CCM-ARIA-256
+depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CCM
+aead_algorithm:PSA_ALG_CCM:ALG_IS_AEAD_ON_BLOCK_CIPHER:16:PSA_KEY_TYPE_ARIA:256
+
 AEAD: CCM-CAMELLIA-128
 depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CCM
 aead_algorithm:PSA_ALG_CCM:ALG_IS_AEAD_ON_BLOCK_CIPHER:16:PSA_KEY_TYPE_CAMELLIA:128
@@ -154,6 +166,18 @@ AEAD: GCM-AES-256
 depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM
 aead_algorithm:PSA_ALG_GCM:ALG_IS_AEAD_ON_BLOCK_CIPHER:16:PSA_KEY_TYPE_AES:256
 
+AEAD: GCM-ARIA-128
+depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_GCM
+aead_algorithm:PSA_ALG_GCM:ALG_IS_AEAD_ON_BLOCK_CIPHER:16:PSA_KEY_TYPE_ARIA:128
+
+AEAD: GCM-ARIA-192
+depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_GCM
+aead_algorithm:PSA_ALG_GCM:ALG_IS_AEAD_ON_BLOCK_CIPHER:16:PSA_KEY_TYPE_ARIA:192
+
+AEAD: GCM-ARIA-256
+depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_GCM
+aead_algorithm:PSA_ALG_GCM:ALG_IS_AEAD_ON_BLOCK_CIPHER:16:PSA_KEY_TYPE_ARIA:256
+
 AEAD: GCM-CAMELLIA-128
 depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_GCM
 aead_algorithm:PSA_ALG_GCM:ALG_IS_AEAD_ON_BLOCK_CIPHER:16:PSA_KEY_TYPE_CAMELLIA:128
@@ -295,6 +319,10 @@ Block cipher key type: AES
 depends_on:PSA_WANT_KEY_TYPE_AES
 block_cipher_key_type:PSA_KEY_TYPE_AES:16
 
+Block cipher key type: ARIA
+depends_on:PSA_WANT_KEY_TYPE_ARIA
+block_cipher_key_type:PSA_KEY_TYPE_ARIA:16
+
 Block cipher key type: DES
 depends_on:PSA_WANT_KEY_TYPE_DES
 block_cipher_key_type:PSA_KEY_TYPE_DES:8
diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.data b/tests/suites/test_suite_psa_crypto_se_driver_hal.data
index a57e9b360a..2bcf4e4b7b 100644
--- a/tests/suites/test_suite_psa_crypto_se_driver_hal.data
+++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.data
@@ -78,6 +78,21 @@ import_key_smoke:PSA_KEY_TYPE_AES:PSA_ALG_CCM:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
 Key import smoke test: AES-GCM
 import_key_smoke:PSA_KEY_TYPE_AES:PSA_ALG_GCM:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
 
+Key import smoke test: ARIA-CTR
+import_key_smoke:PSA_KEY_TYPE_ARIA:PSA_ALG_CTR:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+
+Key import smoke test: ARIA-CBC
+import_key_smoke:PSA_KEY_TYPE_ARIA:PSA_ALG_CBC_NO_PADDING:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+
+Key import smoke test: ARIA-CMAC
+import_key_smoke:PSA_KEY_TYPE_ARIA:PSA_ALG_CMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+
+Key import smoke test: ARIA-CCM
+import_key_smoke:PSA_KEY_TYPE_ARIA:PSA_ALG_CCM:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+
+Key import smoke test: ARIA-GCM
+import_key_smoke:PSA_KEY_TYPE_ARIA:PSA_ALG_GCM:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+
 Key import smoke test: CAMELLIA-CTR
 import_key_smoke:PSA_KEY_TYPE_CAMELLIA:PSA_ALG_CTR:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
 

From 13b0bebf7dc3689ef1c210ecf3b770213c444cc5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Mon, 20 Sep 2021 13:21:25 +0200
Subject: [PATCH 536/966] Add docs/use-psa-crypto.md
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
---
 docs/use-psa-crypto.md           | 19 +++++++++++++++++++
 include/mbedtls/mbedtls_config.h |  3 +++
 2 files changed, 22 insertions(+)
 create mode 100644 docs/use-psa-crypto.md

diff --git a/docs/use-psa-crypto.md b/docs/use-psa-crypto.md
new file mode 100644
index 0000000000..a4f43b7832
--- /dev/null
+++ b/docs/use-psa-crypto.md
@@ -0,0 +1,19 @@
+This document describes the compile-time configutation option
+`MBEDTLS_USE_PSA_CRYPTO`: its current effects as well as some design
+considerations and plans for the future.
+
+Current effects
+===============
+
+(To be written.)
+
+Parts that are not affected yet
+===============================
+
+(To be written.)
+
+Design considerations
+=====================
+
+(To be written.)
+
diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index d470c0054b..0680dd98f8 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@@ -1718,6 +1718,9 @@
  * will still continue to work as usual, so enabling this option should not
  * break backwards compatibility.
  *
+ * \note See docs/use-psa-crypto.md for a complete description of what this
+ * option currently does, and of parts that are not affected by it so far.
+ *
  * \warning The PSA Crypto API is in beta stage. While you're welcome to
  * experiment using it, incompatible API changes are still possible, and some
  * parts may not have reached the same quality as the rest of Mbed TLS yet.

From 1b08c5f042263b2919431eaa80797476a4876523 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Tue, 21 Sep 2021 11:21:23 +0200
Subject: [PATCH 537/966] Document current effects of USE_PSA_CRYPTO
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
---
 docs/use-psa-crypto.md | 144 ++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 141 insertions(+), 3 deletions(-)

diff --git a/docs/use-psa-crypto.md b/docs/use-psa-crypto.md
index a4f43b7832..d1298af2b3 100644
--- a/docs/use-psa-crypto.md
+++ b/docs/use-psa-crypto.md
@@ -5,10 +5,148 @@ considerations and plans for the future.
 Current effects
 ===============
 
-(To be written.)
+General limitations
+-------------------
 
-Parts that are not affected yet
-===============================
+Compile-time: enabling `MBEDTLS_USE_PSA_CRYPTO` requires
+`MBEDTLS_ECP_RESTARTABLE` and
+`MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER` to be disabled.
+
+Effect: `MBEDTLS_USE_PSA_CRYPTO` currently has no effect on TLS 1.3 (which is
+itself experimental and only partially supported so far): TLS 1.3 always uses
+the legacy APIs even when this option is set.
+
+Stability: any API that's only available when `MBEDTLS_USE_PSA_CRYPTO` is
+defined is considered experimental and may change in incompatible ways at any
+time. Said otherwise, these APIs are explicitly excluded from the usual API
+stability promises.
+
+New APIs / API extensions
+-------------------------
+
+Some of these APIs are meant for the application to use in place of
+pre-existing APIs, in order to get access to the benefits; in the sub-sections
+below these are indicated by "Use in (X.509 and) TLS: opt-in", meaning that
+this requires changes to the application code for the (X.509 and) TLS layers
+to pick up the improvements.
+
+Some of these APIs are mostly meant for internal use by the TLS (and X.509)
+layers; they are indicated below by "Use in (X.509 and) TLS: automatic",
+meaning that no changes to the application code are required for the TLS (and
+X.509) layers to pick up the improvements.
+
+### PSA-held (opaque) keys in the PK layer
+
+Add `mbedtls_pk_setup_opaque()` to wrap a PSA keypair into a PK context. The key
+can be used for private-key operations and its public part can be written out.
+
+Benefits: isolation of long-term secrets, use of PSA Crypto drivers.
+
+Limitations: only for private keys, only ECC. (That is, only ECDSA signature
+generation.) The following operations are not supported with a context set
+this way, while they would be available with a normal `ECKEY` context:
+`mbedtls_pk_verify()`, `mbedtls_pk_check_pair()`, `mbedtls_pk_debug()`.
+
+Use in X.509 and TLS: opt-in. The application needs to construct the PK context
+using the new API in order to get the benefits; it can then pass the
+resulting context to the following existing APIs:
+
+- `mbedtls_ssl_conf_own_cert()` or `mbedtls_ssl_set_hs_own_cert()` to use the
+  key together with a certificate for ECDSA-based key exchanges;
+- `mbedtls_x509write_csr_set_key()` to generate a CSR (certificate signature
+  request).
+
+In the TLS and X.509 API, there's two other function which accept a key or
+keypair as a PK context: `mbedtls_x509write_crt_set_subject_key()` and
+`mbedtls_x509write_crt_set_issuer_key()`. Use of opaque contexts here probably
+works but is so far untested.
+
+### PSA-held (opaque) keys for TLS 1.2 pre-shared keys (PSK)
+
+Add `mbedtls_ssl_conf_psk_opaque()` and `mbedtls_ssl_set_hs_psk_opaque()` to
+register a PSA key for use with a PSK key exchange.
+
+Benefits: isolation of long-term secrets.
+
+Limitations: the key can only be used with with TLS 1.2, and only with "pure"
+PSK key exchanges (ciphersuites starting with `TLS_PSK_WITH_`), to the
+exclusion of RSA-PSK, DHE-PSK and ECDHE-PSK key exchanges. It is the responsibility of
+the user to make sure that when provisioning an opaque pre-shared key, the
+only PSK ciphersuites that can be negotiated are "pure" PSK; other XXX-PSK key
+exchanges will result in a handshake failure with the handshake function
+returning `MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE`.
+
+Use in TLS: opt-in. The application needs to register the key using the new
+APIs to get the benefits.
+
+### PSA-based operations in the Cipher layer
+
+Add `mbedtls_cipher_setup_psa()` to set up a context that will call PSA to
+store the key and perform the operations.
+
+Benefits: use of PSA Crypto drivers; partial isolation of short-term secrets
+(still generated outside of PSA, but then held by PSA).
+
+Limitations: the key is still passed in the clear by the application. The
+multi-part APIs are not supported, only the one-shot APIs. The only modes
+supported are ECB, CBC without padding, GCM and CCM (this excludes stream
+ciphers and ChachaPoly); the only cipher supported is AES (this excludes Aria,
+Camellia, and ChachaPoly).
+
+Use in TLS: automatic. Used when the cipher and mode is supported (with
+gracious fallback to the legacy API otherwise) in all places where a cipher is
+used. There are two such places: in `ssl_tls.c` for record protection, and in
+`ssl_ticket.c` for protecting tickets we issue.
+
+Internal changes
+----------------
+
+All of these internal changes are active as soon as `MBEDTLS_USE_PSA_CRYPTO`
+is enabled, no change required on the application side.
+
+### TLS: cipher operations based on PSA
+
+See "PSA-based operations in the Cipher layer" above.
+
+### PK layer: ECDSA verification based on PSA
+
+Scope: `mbedtls_pk_verify()` will call to PSA for ECDSA signature
+verification.
+
+Benefits: use of PSA Crypto drivers.
+
+Use in TLS and X.509: in all places where an ECDSA signature is verified.
+
+### TLS: ECDHE computation based on PSA
+
+Scope: Client-side, for ECDHE-RSA and ECDHE-ECDSA key exchanges, the
+computation of the ECDHE key exchange is done by PSA.
+
+Limitations: client-side only, ECDHE-PSK not covered
+
+Benefits: use of PSA Crypto drivers.
+
+### TLS: handshake hashes and PRF computed with PSA
+
+Scope: with TLS 1.2, the following are computed with PSA:
+- the running handshake hashes;
+- the hash of the ServerKeyExchange part that is signed;
+- the `verify_data` part of the Finished message;
+- the TLS PRF.
+
+Benefits: use of PSA Crypto drivers.
+
+### X.509: some hashes computed with PSA
+
+Scope: the following hashes are computed with PSA:
+- when verifying a certificate chain, hash of the child for verifying the
+  parent's signature;
+- when writing a CSR, hash of the request for self-signing the request.
+
+Benefits: use of PSA Crypto drivers.
+
+Parts that are not covered yet
+==============================
 
 (To be written.)
 

From 200bcf77f820b45ebfffa4f193116792aecadb76 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Tue, 21 Sep 2021 11:30:52 +0200
Subject: [PATCH 538/966] Remove warning about PSA Crypto being beta
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The API reached 1.0.0 some time ago, and we've caught up with the
incompatible changes already.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
---
 include/mbedtls/mbedtls_config.h | 17 ++++-------------
 1 file changed, 4 insertions(+), 13 deletions(-)

diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index 0680dd98f8..683c9131c6 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@@ -1721,15 +1721,10 @@
  * \note See docs/use-psa-crypto.md for a complete description of what this
  * option currently does, and of parts that are not affected by it so far.
  *
- * \warning The PSA Crypto API is in beta stage. While you're welcome to
- * experiment using it, incompatible API changes are still possible, and some
- * parts may not have reached the same quality as the rest of Mbed TLS yet.
- *
- * \warning This option enables new Mbed TLS APIs that are dependent on the
- * PSA Crypto API, so can't come with the same stability guarantees as the
- * rest of the Mbed TLS APIs. You're welcome to experiment with them, but for
- * now, access to these APIs is opt-in (via enabling the present option), in
- * order to clearly differentiate them from the stable Mbed TLS APIs.
+ * \warning This option enables new Mbed TLS APIs which are currently
+ * considered experimental and may change in incompatible ways at any time.
+ * That is, the APIs enabled by this option are not covered by the usual
+ * promises of API stability.
  *
  * Requires: MBEDTLS_PSA_CRYPTO_C.
  *
@@ -2595,10 +2590,6 @@
  *
  * Enable the Platform Security Architecture cryptography API.
  *
- * \warning The PSA Crypto API is still beta status. While you're welcome to
- * experiment using it, incompatible API changes are still possible, and some
- * parts may not have reached the same quality as the rest of Mbed TLS yet.
- *
  * Module:  library/psa_crypto.c
  *
  * Requires: either MBEDTLS_CTR_DRBG_C and MBEDTLS_ENTROPY_C,

From 73a0e1da0d1acec38a54e0b3d84358dea0bfce09 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Tue, 21 Sep 2021 13:55:00 +0200
Subject: [PATCH 539/966] Document parts not covered by USE_PSA_CRYPTO
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Also, remove the section about design considerations for now. It's
probably more suitable for a developer-oriented document that would also
include considerations about possible paths for the future, which would
better be separated from user documentation (separating the certain that
is now, from the uncertain that might or might not be later).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
---
 docs/use-psa-crypto.md | 43 +++++++++++++++++++++++++++++++++++-------
 1 file changed, 36 insertions(+), 7 deletions(-)

diff --git a/docs/use-psa-crypto.md b/docs/use-psa-crypto.md
index d1298af2b3..c8f89d0c24 100644
--- a/docs/use-psa-crypto.md
+++ b/docs/use-psa-crypto.md
@@ -1,6 +1,6 @@
-This document describes the compile-time configutation option
-`MBEDTLS_USE_PSA_CRYPTO`: its current effects as well as some design
-considerations and plans for the future.
+This document describes the compile-time configuration option
+`MBEDTLS_USE_PSA_CRYPTO` from a user's perspective, more specifically its
+current effects as well as the parts that aren't covered yet.
 
 Current effects
 ===============
@@ -148,10 +148,39 @@ Benefits: use of PSA Crypto drivers.
 Parts that are not covered yet
 ==============================
 
-(To be written.)
+This is only a high-level overview, grouped by theme
 
-Design considerations
-=====================
+TLS: key exchanges / asymmetric crypto
+--------------------------------------
 
-(To be written.)
+- RSA: not covered
+- DHE-RSA: not covered
+- ECDHE-RSA: ECDHE computation client-side only
+- ECDHE-ECDSA:
+  - ECDHE computation client-side
+  - ECDSA verification both sides
+  - ECDSA signature (if using `mbedtls_pk_setup_opaque()`)
+- PSK: client-side PSA-held using `mbedtls_ssl_conf_psk_opaque()`
+- DHE-PSK: not covered
+- RSA-PSK: not covered
+- ECDHE-PSK: not covered
+- ECDH-RSA: not covered
+- ECDH-ECDSA: not covered
+- ECJPAKE: not covered
 
+TLS: symmetric crypto
+---------------------
+
+- some ciphers not supported via PSA yet: ARIA, Camellia, ChachaPoly (silent
+  fallback to the legacy APIs)
+- the HMAC part of the CBC and NULL ciphersuites is not covered
+- the HMAC computation in `ssl_cookie.c`
+
+X.509
+-----
+
+- most hash operations are still done via the legacy API, except the few that
+  are documented above as using PSA
+- RSA PKCS#1 v1.5 signature generation (from PSA-held keys): not covered
+- RSA PKCS#1 v1.5 signature verification: not covered
+- RSA-PSS signature verification: not covered

From a0b4b0c3cdfaa364cb12a020d1b7618d16e261f2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Tue, 21 Sep 2021 14:06:33 +0200
Subject: [PATCH 540/966] Clean up some remnants of TLS pre-1.2 support
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Now that support for earlier version have been removed, we no longer
need to care about them.

Since TLS 1.3 is being gradually introduced, we might still need a
version check in some places - but here the function is called
ssl_tls12_populate_tranform() and TLS 1.3 has its own function
mbedtls_ssl_tls13_populate_transform(), so when this function is called
we just know we're using TLS 1.2.

Reviewer hint: use the -b option of git diff / git show

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
---
 library/ssl_tls.c | 81 +++++++++++++++--------------------------------
 1 file changed, 26 insertions(+), 55 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 360419240f..a4387d5690 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -973,39 +973,24 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
 #endif
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-
-    /* Only use PSA-based ciphers for TLS-1.2.
-     * That's relevant at least for TLS-1.0, where
-     * we assume that mbedtls_cipher_crypt() updates
-     * the structure field for the IV, which the PSA-based
-     * implementation currently doesn't. */
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-    if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
+    ret = mbedtls_cipher_setup_psa( &transform->cipher_ctx_enc,
+                                    cipher_info, transform->taglen );
+    if( ret != 0 && ret != MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE )
     {
-        ret = mbedtls_cipher_setup_psa( &transform->cipher_ctx_enc,
-                                        cipher_info, transform->taglen );
-        if( ret != 0 && ret != MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup_psa", ret );
-            goto end;
-        }
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup_psa", ret );
+        goto end;
+    }
 
-        if( ret == 0 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 3, ( "Successfully setup PSA-based encryption cipher context" ) );
-            psa_fallthrough = 0;
-        }
-        else
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "Failed to setup PSA-based cipher context for record encryption - fall through to default setup." ) );
-            psa_fallthrough = 1;
-        }
+    if( ret == 0 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 3, ( "Successfully setup PSA-based encryption cipher context" ) );
+        psa_fallthrough = 0;
     }
     else
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "Failed to setup PSA-based cipher context for record encryption - fall through to default setup." ) );
         psa_fallthrough = 1;
-#else
-    psa_fallthrough = 1;
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+    }
 
     if( psa_fallthrough == 1 )
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
@@ -1017,38 +1002,24 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
     }
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    /* Only use PSA-based ciphers for TLS-1.2.
-     * That's relevant at least for TLS-1.0, where
-     * we assume that mbedtls_cipher_crypt() updates
-     * the structure field for the IV, which the PSA-based
-     * implementation currently doesn't. */
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-    if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
+    ret = mbedtls_cipher_setup_psa( &transform->cipher_ctx_dec,
+                                    cipher_info, transform->taglen );
+    if( ret != 0 && ret != MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE )
     {
-        ret = mbedtls_cipher_setup_psa( &transform->cipher_ctx_dec,
-                                        cipher_info, transform->taglen );
-        if( ret != 0 && ret != MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup_psa", ret );
-            goto end;
-        }
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup_psa", ret );
+        goto end;
+    }
 
-        if( ret == 0 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 3, ( "Successfully setup PSA-based decryption cipher context" ) );
-            psa_fallthrough = 0;
-        }
-        else
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "Failed to setup PSA-based cipher context for record decryption - fall through to default setup." ) );
-            psa_fallthrough = 1;
-        }
+    if( ret == 0 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 3, ( "Successfully setup PSA-based decryption cipher context" ) );
+        psa_fallthrough = 0;
     }
     else
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "Failed to setup PSA-based cipher context for record decryption - fall through to default setup." ) );
         psa_fallthrough = 1;
-#else
-    psa_fallthrough = 1;
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+    }
 
     if( psa_fallthrough == 1 )
 #endif /* MBEDTLS_USE_PSA_CRYPTO */

From 3785c907c71af0eaeb4772586688f40eaf1a2681 Mon Sep 17 00:00:00 2001
From: Ronald Cron <ronald.cron@arm.com>
Date: Mon, 20 Sep 2021 09:05:36 +0200
Subject: [PATCH 541/966] Define TLS 1.3 MVP and document coding rules

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
---
 docs/architecture/tls13-experimental.md | 242 ++++++++++++++++++++++++
 1 file changed, 242 insertions(+)

diff --git a/docs/architecture/tls13-experimental.md b/docs/architecture/tls13-experimental.md
index 0009c68180..e6f9065801 100644
--- a/docs/architecture/tls13-experimental.md
+++ b/docs/architecture/tls13-experimental.md
@@ -66,3 +66,245 @@ together with their level of testing:
   as part of `MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL`:
 
   - Reader ([`library/mps_reader.h`](../../library/mps_reader.h))
+
+
+MVP definition
+--------------
+
+The TLS 1.3 MVP implements only the client side of the protocol.
+The TLS 1.3 MVP does not support the handling of server HelloRetryRequest and
+CertificateRequest messages. If it receives one of those messages, it aborts
+the handshake with an handshake_failure closure alert.
+
+- Supported cipher suites: depends on the library configuration. Potentially
+  all of them:
+  TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256,
+  TLS_AES_128_CCM_SHA256 and TLS_AES_128_CCM_8_SHA256.
+
+- Supported ClientHello extensions:
+
+                                 MVP   Prototype
+                                       (for comparison)
+
+  server_name                    no    YES
+  max_fragment_length            no    YES
+  status_request                 no    no
+  supported_groups               YES   YES
+  signature_algorithms           YES   YES
+  use_srtp                       no    no
+  heartbeat                      no    no
+  apln                           no    YES
+  signed_certificate_timestamp   no    no
+  client_certificate_type        no    no
+  server_certificate_type        no    no
+  padding                        no    no
+  key_share                      YES   YES
+  pre_shared_key                 no    YES
+  psk_key_exchange_modes         no    YES
+  early_data                     no    YES
+  cookie                         no    YES
+  supported_versions             YES   YES
+  certificate_authorities        no    no
+  post_handshake_auth            no    no
+  signature_algorithms_cert      no    no
+
+- Supported groups: depends on the library configuration.
+  Potentially all ECDHE groups:
+  secp256r1, secp384r1, secp521r1(0x0019), x25519, x448.
+
+- Supported signature algorithms: depends on the library configuration.
+  Potentially:
+  ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512,
+  rsa_pss_rsae_sha256.
+
+- Supported versions: only TLS 1.3
+
+- Support of Mbed TLS SSL/TLS related (not DTLS) features:
+
+  The TLS 1.3 MVP is compatible with all TLS 1.2 configuration options in the
+  sense that when enabling the TLS 1.3 MVP in the library there is no need to
+  modify the configuration for TLS 1.2. Mbed TLS SSL/TLS related features are
+  not supported or not applicable to the TLS 1.3 MVP:
+
+                                         Supported  Comment
+  MBEDTLS_SSL_ALL_ALERT_MESSAGES           no
+  MBEDTLS_SSL_ASYNC_PRIVATE                no
+  MBEDTLS_SSL_CONTEXT_SERIALIZATION        no
+  MBEDTLS_SSL_DEBUG_ALL                    no
+  MBEDTLS_SSL_ENCRYPT_THEN_MAC             n/a
+  MBEDTLS_SSL_EXTENDED_MASTER_SECRET       n/a
+  MBEDTLS_SSL_KEEP_PEER_CERTIFICATE        no
+  MBEDTLS_SSL_RENEGOTIATION                n/a        Not TLS 1.2 dependent
+  MBEDTLS_SSL_MAX_FRAGMENT_LENGTH          no
+  MBEDTLS_SSL_ALPN                         no
+
+  MBEDTLS_SSL_SESSION_TICKETS              no
+  MBEDTLS_SSL_EXPORT_KEYS                  no         Incomplete support
+  MBEDTLS_SSL_SERVER_NAME_INDICATION       no
+  MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH       no
+
+  MBEDTLS_ECP_RESTARTABLE                  no
+  MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED     no
+
+  MBEDTLS_KEY_EXCHANGE_PSK_ENABLED         n/a        Make sense in TLS 1.3
+  MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED     n/a        context but their current
+  MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED   n/a        definition is TLS 1.2 only.
+  MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED     n/a
+  MBEDTLS_KEY_EXCHANGE_RSA_ENABLED         n/a
+  MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED     n/a
+  MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED   n/a
+  MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED n/a
+  MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED  n/a
+  MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED    n/a
+  MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED     n/a
+
+  MBEDTLS_USE_PSA_CRYPTO                   no
+
+Not in the plan yet but probably necessary for a viable client:
+- server_name extension
+- support for HelloRetryRequest
+- fallback to TLS 1.2
+
+Coding rules checklist for TLS 1.3
+----------------------------------
+
+The following coding rules are aimed to be a checklist for TLS 1.3 upstreaming
+work to reduce review rounds and the number of comments in each round. They
+come along (do NOT replace) the project coding rules
+(https://tls.mbed.org/kb/development/mbedtls-coding-standards). They have been
+established and discussed following the review of #4882 that was the
+PR upstreaming the first part of TLS 1.3 ClientHello writing code.
+
+TLS 1.3 specific coding rules:
+
+  - TLS 1.3 specific C modules, headers, static functions names are prefixed
+    with `ssl_tls1_3_`. The same applies to structures and types that are
+    internal to C modules.
+
+  - TLS 1.3 specific exported functions, macros, structures and types are
+    prefixed with `mbedtls_ssl_tls1_3_`.
+
+  - The names of macros and variables related to a field or structure in the
+    TLS 1.3 specification should contain as far as possible the field name as
+    it is in the specification. If the field name is `too long` and we prefer
+    to introduce some kind of abbreviation of it, use the same abbreviation
+    everywhere in the code.
+
+    Example 1: #define CLIENT_HELLO_RANDOM_LEN 32, macro for the length of the
+        `random` field of the ClientHello message.
+
+    Example 2 (consistent abbreviation): mbedtls_ssl_tls1_3_write_sig_alg_ext()
+        and MBEDTLS_TLS_EXT_SIG_ALG, `sig_alg` standing for
+        `signature_algorithms`.
+
+  - Regarding vectors that are represented by a length followed by their value
+    in the data exchanged between servers and clients:
+
+    - Use `<vector name>_len` for the name of a variable used to compute the
+      length in bytes of the vector, where <vector name> is the name of the
+      vector as defined in the TLS 1.3 specification.
+
+    - Use `<vector_name>_len_ptr` for the name of a variable intended to hold
+      the address of the first byte of the vector length.
+
+    - Use `<vector_name>_ptr` for the name of a variable intended to hold the
+      address of the first byte of the vector value.
+
+    - Use `<vector_name>_end_ptr` for the name of a variable intended to hold
+      the address of the first byte past the vector value.
+
+    Those two last idioms should lower the risk of mis-using one of the address
+    in place of the other one which could potentially lead to some nasty
+    issues.
+
+    Example: `cipher_suites` vector of ClientHello in
+             ssl_tls1_3_write_client_hello_cipher_suites()
+
+             size_t cipher_suites_len;
+             unsigned char *cipher_suites_len_ptr;
+             unsigned char *cipher_suites_ptr;
+
+  - Use of MBEDTLS_BYTE_xyz, MBEDTLS_PUT/GET_xyz, MBEDTLS_SSL_CHK_BUF_PTR
+    MBEDTLS_SSL_CHK_BUF_READ_PTR macros where applicable.
+
+    These macros were introduced after the prototype was written thus are
+    likely not to be used in prototype where we now would use them in
+    development.
+
+    The two first types, MBEDTLS_BYTE_xyz and MBEDTLS_PUT/GET_xyz, improve
+    the readability of the code and reduce the risk of writing or reading
+    bytes in the wrong order: we should probably have only MBEDTLS_GET/PUT_*_BE
+    (BE stands for Big-Endian) macros in the TLS 1.3 code.
+
+    The two last types, MBEDTLS_SSL_CHK_BUF_PTR and
+    MBEDTLS_SSL_CHK_BUF_READ_PTR, improve the readability of the code and
+    reduce the risk of error in the non-completely-trivial arithmetic to
+    check that we do not write or read past the end of a data buffer. The
+    usage of those macros combined with the following rule mitigate the risk
+    to read/write past the end of a data buffer.
+
+    Examples: hs_hdr[1] = MBEDTLS_BYTE_2( total_hs_len );
+              MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS, p, 0 );
+              MBEDTLS_SSL_CHK_BUF_PTR( p, end, 7 );
+
+  - To mitigate what happened here
+    (https://github.com/ARMmbed/mbedtls/pull/4882#discussion_r701704527) from
+    happening again, use always a local variable named `p` for the reading
+    pointer in functions parsing TLS 1.3 data, and for the writing pointer in
+    functions writing data into an output buffer. The name `p` has been
+    chosen as it was already widely used in TLS code.
+
+  - When an TLS 1.3 structure is written or read by a function or as part of
+    a function, provide as documentation the definition of the structure as
+    it is in the TLS 1.3 specification.
+
+General coding rules:
+
+  - We prefer grouping `related statement lines` by not adding blank lines
+    between them.
+
+    Example 1:
+
+    ret = ssl_tls13_write_client_hello_cipher_suites( ssl, buf, end, &output_len );
+    if( ret != 0 )
+        return( ret );
+    buf += output_len;
+
+    Example 2:
+
+    MBEDTLS_SSL_CHK_BUF_PTR( cipher_suites_iter, end, 2 );
+    MBEDTLS_PUT_UINT16_BE( cipher_suite, cipher_suites_iter, 0 );
+    cipher_suites_iter += 2;
+
+  - Use macros for constants that are used in different functions, different
+    places in the code. When a constant is used only locally in a function
+    (like the length in bytes of the vector lengths in functions reading and
+    writing TLS handshake message) there is no need to define a macro for it.
+
+    Example: #define CLIENT_HELLO_RANDOM_LEN 32
+
+  - When declaring a pointer the dereferencing operator should be prepended to
+    the pointer name not appended to the pointer type:
+
+    Example: mbedtls_ssl_context *ssl;
+
+  - Maximum line length is 80 characters.
+
+    Exceptions:
+
+    - string literals can extend beyond 80 characters as we do not want to
+      split them to ease their search in the code base.
+
+    - A line can be more than 80 characters by a few characters if just looking
+      at the 80 first characters is enough to fully understand the line. For
+      example it is generally fine if some closure characters like ";" or ")"
+      are beyond the 80 characters limit.
+
+  - When in successive lines, functions and macros parameters should be aligned
+    vertically.
+
+    Example:
+    int mbedtls_ssl_tls13_start_handshake_msg( mbedtls_ssl_context *ssl,
+                                               unsigned hs_type,
+                                               unsigned char **buf,
+                                               size_t *buf_len );

From 1e07869381a0a66d08094919090f6f5dbcf4ecfb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Wed, 22 Sep 2021 10:11:53 +0200
Subject: [PATCH 542/966] Fix inaccuracy in key exchange summary
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
---
 docs/use-psa-crypto.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/use-psa-crypto.md b/docs/use-psa-crypto.md
index c8f89d0c24..6300bf02e2 100644
--- a/docs/use-psa-crypto.md
+++ b/docs/use-psa-crypto.md
@@ -160,7 +160,7 @@ TLS: key exchanges / asymmetric crypto
   - ECDHE computation client-side
   - ECDSA verification both sides
   - ECDSA signature (if using `mbedtls_pk_setup_opaque()`)
-- PSK: client-side PSA-held using `mbedtls_ssl_conf_psk_opaque()`
+- PSK: PSA-held keys using `mbedtls_ssl_conf_psk_opaque()`
 - DHE-PSK: not covered
 - RSA-PSK: not covered
 - ECDHE-PSK: not covered

From 76e31ec169e09cc3afd93ad3ff63e5a043804e30 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Wed, 22 Sep 2021 21:16:27 +0800
Subject: [PATCH 543/966] Add gnutls version test for client hello

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 tests/ssl-opt.sh | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 9170136038..39499d441c 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -8668,13 +8668,22 @@ run_test    "TLS1.3: handshake dispatch test: tls1_3 only" \
 
 requires_openssl_tls1_3
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
-run_test    "TLS1.3: Test client hello msg work" \
+run_test    "TLS1.3: Test client hello msg work - openssl" \
             "$O_NEXT_SRV -tls1_3 -msg" \
             "$P_CLI min_version=tls1_3 max_version=tls1_3" \
             1 \
             -c "SSL - The requested feature is not available" \
             -s "ServerHello"
 
+requires_gnutls_tls1_3
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
+run_test    "TLS1.3: Test client hello msg work - gnutls" \
+            "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --debug=4" \
+            "$P_CLI min_version=tls1_3 max_version=tls1_3" \
+            1 \
+            -c "SSL - The requested feature is not available" \
+            -s "SERVER HELLO was queued"
+
 # Test heap memory usage after handshake
 requires_config_enabled MBEDTLS_MEMORY_DEBUG
 requires_config_enabled MBEDTLS_MEMORY_BUFFER_ALLOC_C

From 11c81df707da138461e5c44be801f25155f00851 Mon Sep 17 00:00:00 2001
From: David Horstmann <david.horstmann@arm.com>
Date: Wed, 22 Sep 2021 18:15:51 +0100
Subject: [PATCH 544/966] Fix aarch64 assembly for bignum multiplication

Add memory constraints to the aarch64 inline assembly in MULADDC_STOP.
This fixes an issue where Clang 12 and 13 were generating
non-functional code on aarch64 platforms. See #4962, #4943
for further details.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
---
 ChangeLog.d/muladdc-aarch64-memory.txt |  4 ++++
 library/bn_mul.h                       | 14 +++++++-------
 2 files changed, 11 insertions(+), 7 deletions(-)
 create mode 100644 ChangeLog.d/muladdc-aarch64-memory.txt

diff --git a/ChangeLog.d/muladdc-aarch64-memory.txt b/ChangeLog.d/muladdc-aarch64-memory.txt
new file mode 100644
index 0000000000..70addd253c
--- /dev/null
+++ b/ChangeLog.d/muladdc-aarch64-memory.txt
@@ -0,0 +1,4 @@
+Bugfix
+    * Add missing memory constraints in aarch64 inline assembly for
+      bignum multiplication.
+      Fixes #4962.
diff --git a/library/bn_mul.h b/library/bn_mul.h
index 328e765008..b71ddd881a 100644
--- a/library/bn_mul.h
+++ b/library/bn_mul.h
@@ -224,7 +224,7 @@
         "adcq   %%rdx, %%rcx\n"             \
         "addq   $8, %%rdi\n"
 
-#define MULADDC_STOP                        \
+#define MULADDC_STOP                                                 \
         : "+c" (c), "+D" (d), "+S" (s), "+m" (*(uint64_t (*)[16]) d) \
         : "b" (b), "m" (*(const uint64_t (*)[16]) s)                 \
         : "rax", "rdx", "r8"                                         \
@@ -240,18 +240,18 @@
 #define MULADDC_CORE                \
         "ldr x4, [%2], #8   \n\t"   \
         "ldr x5, [%1]       \n\t"   \
-        "mul x6, x4, %3     \n\t"   \
-        "umulh x7, x4, %3   \n\t"   \
+        "mul x6, x4, %4     \n\t"   \
+        "umulh x7, x4, %4   \n\t"   \
         "adds x5, x5, x6    \n\t"   \
         "adc x7, x7, xzr    \n\t"   \
         "adds x5, x5, %0    \n\t"   \
         "adc %0, x7, xzr    \n\t"   \
         "str x5, [%1], #8   \n\t"
 
-#define MULADDC_STOP                        \
-         : "+r" (c),  "+r" (d), "+r" (s)    \
-         : "r" (b)                          \
-         : "x4", "x5", "x6", "x7", "cc"     \
+#define MULADDC_STOP                                                    \
+         : "+r" (c),  "+r" (d), "+r" (s), "+m" (*(uint64_t (*)[16]) d)  \
+         : "r" (b), "m" (*(const uint64_t (*)[16]) s)                   \
+         : "x4", "x5", "x6", "x7", "cc"                                 \
     );
 
 #endif /* Aarch64 */

From 3ecdb3e308e8207a4c40798cf749a01a8d453256 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Tue, 21 Sep 2021 17:23:34 +0100
Subject: [PATCH 545/966] Change test dependencys to PSA_WANT

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 tests/suites/test_suite_psa_crypto.data | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index 09ebcf08f3..63a5979458 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -2679,11 +2679,11 @@ depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
 aead_multipart_finish_buffer_test:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:0:0:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":PSA_ERROR_BUFFER_TOO_SMALL
 
 PSA AEAD setup: invalid algorithm (CTR)
-depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
+depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
 aead_multipart_setup:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CTR:PSA_ERROR_INVALID_ARGUMENT
 
 PSA AEAD setup: invalid algorithm (ChaCha20)
-depends_on:MBEDTLS_CHACHA20_C
+depends_on:PSA_WANT_ALG_STREAM_CIPHER:PSA_WANT_KEY_TYPE_CHACHA20
 aead_multipart_setup:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_STREAM_CIPHER:PSA_ERROR_INVALID_ARGUMENT
 
 PSA Multipart State Checks, AES - GCM

From bdc2c68d97d25abfd4ffe93a48cb420c0bd41d6a Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Tue, 21 Sep 2021 18:37:10 +0100
Subject: [PATCH 546/966] Add missing not setting nonce tests

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 tests/suites/test_suite_psa_crypto.function | 30 +++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index c91f744b89..e9ca8d268a 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -4402,6 +4402,36 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data,
 
     psa_aead_abort( &operation );
 
+    /* ------------------------------------------------------- */
+
+    operation = psa_aead_operation_init( );
+
+    PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) );
+
+    TEST_EQUAL( psa_aead_finish( &operation, final_data,
+                                 finish_output_size,
+                                 &output_part_length,
+                                 tag_buffer, tag_length,
+                                 &tag_size ),
+                PSA_ERROR_BAD_STATE );
+
+    psa_aead_abort( &operation );
+
+    /* ------------------------------------------------------- */
+
+    operation = psa_aead_operation_init( );
+
+    PSA_ASSERT( psa_aead_decrypt_setup( &operation, key, alg ) );
+
+    TEST_EQUAL( psa_aead_verify( &operation, final_data,
+                                 finish_output_size,
+                                 &output_part_length,
+                                 tag_buffer,
+                                 tag_length ),
+                PSA_ERROR_BAD_STATE );
+
+    psa_aead_abort( &operation );
+
     /* Test for double setting nonce. */
 
     operation = psa_aead_operation_init( );

From bb979e774820b897fe3564a74d1e5d5c49db850d Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Wed, 22 Sep 2021 12:54:42 +0100
Subject: [PATCH 547/966] Rename enum types

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 tests/suites/test_suite_psa_crypto.function | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index e9ca8d268a..482063a1d4 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -269,13 +269,13 @@ typedef enum
     DO_NOT_SET_LENGTHS = 0,
     SET_LENGTHS_BEFORE_NONCE = 1,
     SET_LENGTHS_AFTER_NONCE = 2
-} setlengths_method;
+} set_lengths_method_t;
 
 typedef enum
 {
     USE_NULL_TAG = 0,
     USE_GIVEN_TAG = 1,
-} tagusage_method;
+} tag_usage_method_t;
 
 /*!
  * \brief                           Internal Function for AEAD multipart tests.
@@ -291,7 +291,7 @@ typedef enum
  * \param data_part_len_arg         If not -1, the length of chunks to feed
  *                                  the data in to be encrypted / decrypted. If
  *                                  -1, no chunking
- * \param set_lengths_method        A member of the setlengths_method enum is
+ * \param set_lengths_method        A member of the set_lengths_method_t enum is
  *                                  expected here, this controls whether or not
  *                                  to set lengths, and in what order with
  *                                  respect to set nonce.
@@ -308,7 +308,7 @@ static int aead_multipart_internal_func( int key_type_arg, data_t *key_data,
                                          int ad_part_len_arg,
                                          data_t *input_data,
                                          int data_part_len_arg,
-                                         setlengths_method set_lengths_method,
+                                         set_lengths_method_t set_lengths_method,
                                          data_t *expected_output,
                                          int is_encrypt,
                                          int do_zero_parts )
@@ -3478,7 +3478,7 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data,
 {
     size_t ad_part_len = 0;
     size_t data_part_len = 0;
-    setlengths_method set_lengths_method = DO_NOT_SET_LENGTHS;
+    set_lengths_method_t set_lengths_method = DO_NOT_SET_LENGTHS;
 
     /* Ensure that either one part of the test or the other is done, i.e this
      * test does something. */
@@ -3586,7 +3586,7 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data,
 {
     size_t ad_part_len = 0;
     size_t data_part_len = 0;
-    setlengths_method set_lengths_method = DO_NOT_SET_LENGTHS;
+    set_lengths_method_t set_lengths_method = DO_NOT_SET_LENGTHS;
 
     /* Ensure that either one part of the test or the other is done, i.e this
      * test does something. */
@@ -4088,7 +4088,7 @@ void aead_multipart_verify( int key_type_arg, data_t *key_data,
     size_t plaintext_size = 0;
     size_t plaintext_length = 0;
     size_t verify_plaintext_size = 0;
-    tagusage_method tag_usage = tag_usage_arg;
+    tag_usage_method_t tag_usage = tag_usage_arg;
     unsigned char *tag_buffer = NULL;
     size_t tag_size = 0;
 

From a2a09b096c413d40894ab9bdbd0c41b1dbb794b1 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Wed, 22 Sep 2021 14:56:40 +0100
Subject: [PATCH 548/966] Remove double initialisation of AEAD operation

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 tests/suites/test_suite_psa_crypto.function | 68 +--------------------
 1 file changed, 2 insertions(+), 66 deletions(-)

diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 482063a1d4..7c988067ad 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -4191,8 +4191,6 @@ void aead_multipart_setup( int key_type_arg, data_t *key_data,
 
     psa_aead_abort( &operation );
 
-    operation = psa_aead_operation_init( );
-
     mbedtls_test_set_step( 1 );
 
     status = psa_aead_decrypt_setup( &operation, key, alg );
@@ -4267,8 +4265,6 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data,
 
     psa_aead_abort( &operation );
 
-    operation = psa_aead_operation_init( );
-
     TEST_EQUAL( psa_aead_generate_nonce( &operation, nonce_buffer,
                                          PSA_AEAD_NONCE_MAX_SIZE,
                                          &nonce_length ),
@@ -4278,8 +4274,6 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data,
 
     /* ------------------------------------------------------- */
 
-    operation = psa_aead_operation_init( );
-
     TEST_EQUAL( psa_aead_set_lengths( &operation, additional_data->len,
                                       input_data->len ),
                 PSA_ERROR_BAD_STATE );
@@ -4288,8 +4282,6 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data,
 
     /* ------------------------------------------------------- */
 
-    operation = psa_aead_operation_init( );
-
     TEST_EQUAL( psa_aead_update_ad( &operation, additional_data->x,
                                     additional_data->len ),
                 PSA_ERROR_BAD_STATE );
@@ -4298,8 +4290,6 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data,
 
     /* ------------------------------------------------------- */
 
-    operation = psa_aead_operation_init( );
-
     TEST_EQUAL( psa_aead_update( &operation, input_data->x,
                                  input_data->len, output_data,
                                  output_size, &output_length ),
@@ -4309,8 +4299,6 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data,
 
     /* ------------------------------------------------------- */
 
-    operation = psa_aead_operation_init( );
-
     TEST_EQUAL( psa_aead_finish( &operation, final_data,
                                  finish_output_size,
                                  &output_part_length,
@@ -4322,8 +4310,6 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data,
 
     /* ------------------------------------------------------- */
 
-    operation = psa_aead_operation_init( );
-
     TEST_EQUAL( psa_aead_verify( &operation, final_data,
                                  finish_output_size,
                                  &output_part_length,
@@ -4335,8 +4321,6 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data,
 
     /* Test for double setups. */
 
-    operation = psa_aead_operation_init( );
-
     PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) );
 
     TEST_EQUAL( psa_aead_encrypt_setup( &operation, key, alg ),
@@ -4346,8 +4330,6 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data,
 
     /* ------------------------------------------------------- */
 
-    operation = psa_aead_operation_init( );
-
     PSA_ASSERT( psa_aead_decrypt_setup( &operation, key, alg ) );
 
     TEST_EQUAL( psa_aead_decrypt_setup( &operation, key, alg ),
@@ -4357,8 +4339,6 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data,
 
     /* ------------------------------------------------------- */
 
-    operation = psa_aead_operation_init( );
-
     PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) );
 
     TEST_EQUAL( psa_aead_decrypt_setup( &operation, key, alg ),
@@ -4368,8 +4348,6 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data,
 
     /* ------------------------------------------------------- */
 
-    operation = psa_aead_operation_init( );
-
     PSA_ASSERT( psa_aead_decrypt_setup( &operation, key, alg ) );
 
     TEST_EQUAL( psa_aead_encrypt_setup( &operation, key, alg ),
@@ -4379,8 +4357,6 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data,
 
     /* Test for not setting a nonce. */
 
-    operation = psa_aead_operation_init( );
-
     PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) );
 
     TEST_EQUAL( psa_aead_update_ad( &operation, additional_data->x,
@@ -4391,8 +4367,6 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data,
 
     /* ------------------------------------------------------- */
 
-    operation = psa_aead_operation_init( );
-
     PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) );
 
     TEST_EQUAL( psa_aead_update( &operation, input_data->x,
@@ -4404,8 +4378,6 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data,
 
     /* ------------------------------------------------------- */
 
-    operation = psa_aead_operation_init( );
-
     PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) );
 
     TEST_EQUAL( psa_aead_finish( &operation, final_data,
@@ -4419,8 +4391,6 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data,
 
     /* ------------------------------------------------------- */
 
-    operation = psa_aead_operation_init( );
-
     PSA_ASSERT( psa_aead_decrypt_setup( &operation, key, alg ) );
 
     TEST_EQUAL( psa_aead_verify( &operation, final_data,
@@ -4434,8 +4404,6 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data,
 
     /* Test for double setting nonce. */
 
-    operation = psa_aead_operation_init( );
-
     PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) );
 
     PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) );
@@ -4447,8 +4415,6 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data,
 
     /* Test for double generating nonce. */
 
-    operation = psa_aead_operation_init( );
-
     PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) );
 
     PSA_ASSERT( psa_aead_generate_nonce( &operation, nonce_buffer,
@@ -4465,8 +4431,6 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data,
 
     /* Test for generate nonce then set and vice versa */
 
-    operation = psa_aead_operation_init( );
-
     PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) );
 
     PSA_ASSERT( psa_aead_generate_nonce( &operation, nonce_buffer,
@@ -4480,8 +4444,6 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data,
 
     /* ------------------------------------------------------- */
 
-    operation = psa_aead_operation_init( );
-
     PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) );
 
     PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) );
@@ -4495,8 +4457,6 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data,
 
     /* Test for generating nonce in decrypt setup. */
 
-    operation = psa_aead_operation_init( );
-
     PSA_ASSERT( psa_aead_decrypt_setup( &operation, key, alg ) );
 
     TEST_EQUAL( psa_aead_generate_nonce( &operation, nonce_buffer,
@@ -4508,8 +4468,6 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data,
 
     /* Test for setting lengths twice. */
 
-    operation = psa_aead_operation_init( );
-
     PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) );
 
     PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) );
@@ -4525,8 +4483,6 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data,
 
     /* Test for setting lengths after already starting data. */
 
-    operation = psa_aead_operation_init( );
-
     PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) );
 
     PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) );
@@ -4542,8 +4498,6 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data,
 
     /* ------------------------------------------------------- */
 
-    operation = psa_aead_operation_init( );
-
     PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) );
 
     PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) );
@@ -4561,8 +4515,6 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data,
     /* Test for not sending any additional data or data after setting non zero
      * lengths for them. (encrypt) */
 
-    operation = psa_aead_operation_init( );
-
     PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) );
 
     PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) );
@@ -4582,8 +4534,6 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data,
     /* Test for not sending any additional data or data after setting non-zero
      * lengths for them. (decrypt) */
 
-    operation = psa_aead_operation_init( );
-
     PSA_ASSERT( psa_aead_decrypt_setup( &operation, key, alg ) );
 
     PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) );
@@ -4603,8 +4553,6 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data,
     /* Test for not sending any additional data after setting a non-zero length
      * for it. */
 
-    operation = psa_aead_operation_init( );
-
     PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) );
 
     PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) );
@@ -4621,8 +4569,6 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data,
 
     /* Test for not sending any data after setting a non-zero length for it.*/
 
-    operation = psa_aead_operation_init( );
-
     PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) );
 
     PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) );
@@ -4644,8 +4590,6 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data,
 
     /* Test for sending too much additional data after setting lengths. */
 
-    operation = psa_aead_operation_init( );
-
     PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) );
 
     PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) );
@@ -4659,7 +4603,7 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data,
 
     psa_aead_abort( &operation );
 
-    operation = psa_aead_operation_init( );
+    /* ------------------------------------------------------- */
 
     PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) );
 
@@ -4679,8 +4623,6 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data,
 
     /* Test for sending too much data after setting lengths. */
 
-    operation = psa_aead_operation_init( );
-
     PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) );
 
     PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) );
@@ -4694,7 +4636,7 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data,
 
     psa_aead_abort( &operation );
 
-    operation = psa_aead_operation_init( );
+    /* ------------------------------------------------------- */
 
     PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) );
 
@@ -4719,8 +4661,6 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data,
 
     /* Test sending additional data after data. */
 
-    operation = psa_aead_operation_init( );
-
     PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) );
 
     PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) );
@@ -4737,8 +4677,6 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data,
 
     /* Test calling finish on decryption. */
 
-    operation = psa_aead_operation_init( );
-
     PSA_ASSERT( psa_aead_decrypt_setup( &operation, key, alg ) );
 
     PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) );
@@ -4754,8 +4692,6 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data,
 
     /* Test calling verify on encryption. */
 
-    operation = psa_aead_operation_init( );
-
     PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) );
 
     PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) );

From fbb4c6d9a249ebce03e89509676d92f589502d8d Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Wed, 22 Sep 2021 16:44:21 +0100
Subject: [PATCH 549/966] Replace AEAD operation init func with macro

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 tests/suites/test_suite_psa_crypto.function | 33 +++++----------------
 1 file changed, 8 insertions(+), 25 deletions(-)

diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 7c988067ad..406509091a 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -316,7 +316,7 @@ static int aead_multipart_internal_func( int key_type_arg, data_t *key_data,
     mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
     psa_key_type_t key_type = key_type_arg;
     psa_algorithm_t alg = alg_arg;
-    psa_aead_operation_t operation;
+    psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT;
     unsigned char *output_data = NULL;
     unsigned char *part_data = NULL;
     unsigned char *final_data = NULL;
@@ -391,9 +391,6 @@ static int aead_multipart_internal_func( int key_type_arg, data_t *key_data,
 
     ASSERT_ALLOC( final_data, final_output_size );
 
-    operation = psa_aead_operation_init( );
-
-
     if( is_encrypt )
         status = psa_aead_encrypt_setup( &operation, key, alg );
     else
@@ -3693,7 +3690,7 @@ void aead_multipart_generate_nonce( int key_type_arg, data_t *key_data,
     mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
     psa_key_type_t key_type = key_type_arg;
     psa_algorithm_t alg = alg_arg;
-    psa_aead_operation_t operation;
+    psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT;
     uint8_t nonce_buffer[PSA_AEAD_NONCE_MAX_SIZE];
     psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     psa_status_t status = PSA_ERROR_GENERIC_ERROR;
@@ -3729,8 +3726,6 @@ void aead_multipart_generate_nonce( int key_type_arg, data_t *key_data,
 
     ASSERT_ALLOC( ciphertext, ciphertext_size );
 
-    operation = psa_aead_operation_init( );
-
     status = psa_aead_encrypt_setup( &operation, key, alg );
 
     /* If the operation is not supported, just skip and not fail in case the
@@ -3792,7 +3787,7 @@ void aead_multipart_set_nonce( int key_type_arg, data_t *key_data,
     mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
     psa_key_type_t key_type = key_type_arg;
     psa_algorithm_t alg = alg_arg;
-    psa_aead_operation_t operation;
+    psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT;
     uint8_t *nonce_buffer = NULL;
     psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     psa_status_t status = PSA_ERROR_GENERIC_ERROR;
@@ -3828,8 +3823,6 @@ void aead_multipart_set_nonce( int key_type_arg, data_t *key_data,
 
     ASSERT_ALLOC( ciphertext, ciphertext_size );
 
-    operation = psa_aead_operation_init( );
-
     status = psa_aead_encrypt_setup( &operation, key, alg );
 
     /* If the operation is not supported, just skip and not fail in case the
@@ -3908,7 +3901,7 @@ void aead_multipart_update_buffer_test( int key_type_arg, data_t *key_data,
     mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
     psa_key_type_t key_type = key_type_arg;
     psa_algorithm_t alg = alg_arg;
-    psa_aead_operation_t operation;
+    psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT;
     psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     psa_status_t status = PSA_ERROR_GENERIC_ERROR;
     psa_status_t expected_status = expected_status_arg;
@@ -3937,8 +3930,6 @@ void aead_multipart_update_buffer_test( int key_type_arg, data_t *key_data,
 
     ASSERT_ALLOC( ciphertext, ciphertext_size );
 
-    operation = psa_aead_operation_init( );
-
     status = psa_aead_encrypt_setup( &operation, key, alg );
 
     /* If the operation is not supported, just skip and not fail in case the
@@ -3993,7 +3984,7 @@ void aead_multipart_finish_buffer_test( int key_type_arg, data_t *key_data,
     mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
     psa_key_type_t key_type = key_type_arg;
     psa_algorithm_t alg = alg_arg;
-    psa_aead_operation_t operation;
+    psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT;
     psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     psa_status_t status = PSA_ERROR_GENERIC_ERROR;
     psa_status_t expected_status = expected_status_arg;
@@ -4025,8 +4016,6 @@ void aead_multipart_finish_buffer_test( int key_type_arg, data_t *key_data,
 
     ASSERT_ALLOC( tag_buffer, tag_size );
 
-    operation = psa_aead_operation_init( );
-
     status = psa_aead_encrypt_setup( &operation, key, alg );
 
     /* If the operation is not supported, just skip and not fail in case the
@@ -4079,7 +4068,7 @@ void aead_multipart_verify( int key_type_arg, data_t *key_data,
     mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
     psa_key_type_t key_type = key_type_arg;
     psa_algorithm_t alg = alg_arg;
-    psa_aead_operation_t operation;
+    psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT;
     psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     psa_status_t status = PSA_ERROR_GENERIC_ERROR;
     psa_status_t expected_status = expected_status_arg;
@@ -4112,8 +4101,6 @@ void aead_multipart_verify( int key_type_arg, data_t *key_data,
 
     ASSERT_ALLOC( finish_plaintext, verify_plaintext_size );
 
-    operation = psa_aead_operation_init( );
-
     status = psa_aead_decrypt_setup( &operation, key, alg );
 
     /* If the operation is not supported, just skip and not fail in case the
@@ -4166,7 +4153,7 @@ void aead_multipart_setup( int key_type_arg, data_t *key_data,
     mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
     psa_key_type_t key_type = key_type_arg;
     psa_algorithm_t alg = alg_arg;
-    psa_aead_operation_t operation;
+    psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT;
     psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     psa_status_t status = PSA_ERROR_GENERIC_ERROR;
     psa_status_t expected_status = expected_status_arg;
@@ -4181,8 +4168,6 @@ void aead_multipart_setup( int key_type_arg, data_t *key_data,
     PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
                                 &key ) );
 
-    operation = psa_aead_operation_init( );
-
     mbedtls_test_set_step( 0 );
 
     status = psa_aead_encrypt_setup( &operation, key, alg );
@@ -4214,7 +4199,7 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data,
     mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
     psa_key_type_t key_type = key_type_arg;
     psa_algorithm_t alg = alg_arg;
-    psa_aead_operation_t operation;
+    psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT;
     unsigned char *output_data = NULL;
     unsigned char *final_data = NULL;
     size_t output_size = 0;
@@ -4258,8 +4243,6 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data,
 
     /* Test all operations error without calling setup first. */
 
-    operation = psa_aead_operation_init( );
-
     TEST_EQUAL( psa_aead_set_nonce( &operation, nonce->x, nonce->len ),
                 PSA_ERROR_BAD_STATE );
 

From 2c363a802a35a3a07499a8e603b2d10e3f666d33 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Wed, 22 Sep 2021 17:07:54 +0100
Subject: [PATCH 550/966] Add NULL / 0 buffer tests for update test

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 tests/suites/test_suite_psa_crypto.data | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index 63a5979458..fd78335d1e 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -2646,10 +2646,18 @@ PSA AEAD output buffer test: AES - GCM, IN = 16, BUF = 15
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_update_buffer_test:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):15:"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":PSA_ERROR_BUFFER_TOO_SMALL
 
+PSA AEAD output buffer test: AES - GCM, IN = 16, BUF = 0
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_update_buffer_test:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):0:"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":PSA_ERROR_BUFFER_TOO_SMALL
+
 PSA AEAD output buffer test: ChaCha20 - Poly1305 IN = 130, BUF = 129
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
 aead_multipart_update_buffer_test:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:129:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":PSA_ERROR_BUFFER_TOO_SMALL
 
+PSA AEAD output buffer test: ChaCha20 - Poly1305 IN = 130, BUF = 0
+depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
+aead_multipart_update_buffer_test:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:0:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":PSA_ERROR_BUFFER_TOO_SMALL
+
 PSA AEAD finish buffer test: AES - GCM, BUF = 8, TAG = 16
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_finish_buffer_test:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):8:16:"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":PSA_ERROR_BUFFER_TOO_SMALL

From 70618b22a9b3819c6bb6db86975fd7a0436004f9 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Wed, 22 Sep 2021 17:12:16 +0100
Subject: [PATCH 551/966] Change sizeof to variable rather than struct

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 664b8aecce..415dab8b2b 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3822,7 +3822,7 @@ psa_status_t psa_aead_abort( psa_aead_operation_t *operation )
 
     status = psa_driver_wrapper_aead_abort( operation );
 
-    memset( operation, 0, sizeof( psa_aead_operation_t ) );
+    memset( operation, 0, sizeof( *operation ) );
 
     return( status );
 }

From 90fdc117dd583b9df6119c2a15aee123581a9c9e Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Wed, 22 Sep 2021 17:15:48 +0100
Subject: [PATCH 552/966] Make NULL tag check more explicit

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 415dab8b2b..a954d86c67 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3760,7 +3760,7 @@ exit:
      * Even if the operation succeeds, make sure we clear the rest of the
      * buffer to prevent potential leakage of anything previously placed in
      * the same buffer.*/
-    if( tag )
+    if( tag != NULL )
     {
         if( status != PSA_SUCCESS )
             memset( tag, '!', tag_size );

From 88ecbe176da8600c982e008b90b7135a9b0f4722 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Wed, 22 Sep 2021 17:23:03 +0100
Subject: [PATCH 553/966] Test generated nonce test generates expected sizes

(But only in the positive test cases)

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 tests/suites/test_suite_psa_crypto.function | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 406509091a..cd97c50630 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -3747,6 +3747,10 @@ void aead_multipart_generate_nonce( int key_type_arg, data_t *key_data,
 
     TEST_EQUAL( actual_nonce_length, expected_nonce_length );
 
+    if( expected_status == PSA_SUCCESS )
+        TEST_EQUAL( actual_nonce_length, PSA_AEAD_NONCE_LENGTH( key_type,
+                                                                alg ) );
+
     TEST_ASSERT( actual_nonce_length < PSA_AEAD_NONCE_MAX_SIZE );
 
     if( expected_status == PSA_SUCCESS )

From 3db0b70263f142425c7f2a9bdcc8e99449fa2741 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Wed, 22 Sep 2021 17:27:58 +0100
Subject: [PATCH 554/966] Remove unnecessary test steps

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 tests/suites/test_suite_psa_crypto.function | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index cd97c50630..5455fc656e 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -4172,16 +4172,12 @@ void aead_multipart_setup( int key_type_arg, data_t *key_data,
     PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
                                 &key ) );
 
-    mbedtls_test_set_step( 0 );
-
     status = psa_aead_encrypt_setup( &operation, key, alg );
 
     TEST_EQUAL( status, expected_status );
 
     psa_aead_abort( &operation );
 
-    mbedtls_test_set_step( 1 );
-
     status = psa_aead_decrypt_setup( &operation, key, alg );
 
     TEST_EQUAL(status, expected_status );

From 6113af68c536fd34b379de06fa11a4b3e29627d4 Mon Sep 17 00:00:00 2001
From: joseph <joseph@jc-lab.net>
Date: Thu, 23 Sep 2021 20:58:45 +0900
Subject: [PATCH 555/966] Fix test code to can be built on alpine

Signed-off-by: joseph <joseph@jc-lab.net>
---
 ChangeLog.d/do-not-use-obsolete-header.txt | 5 +++++
 tests/suites/test_suite_net.function       | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)
 create mode 100644 ChangeLog.d/do-not-use-obsolete-header.txt

diff --git a/ChangeLog.d/do-not-use-obsolete-header.txt b/ChangeLog.d/do-not-use-obsolete-header.txt
new file mode 100644
index 0000000000..9a57ef16b2
--- /dev/null
+++ b/ChangeLog.d/do-not-use-obsolete-header.txt
@@ -0,0 +1,5 @@
+Bugfix
+   * Don't use the obsolete header path sys/fcntl.h in unit tests.
+     These header files cause compilation errors in musl.
+     Fixes #4969.
+
diff --git a/tests/suites/test_suite_net.function b/tests/suites/test_suite_net.function
index f429fc9221..513b72364b 100644
--- a/tests/suites/test_suite_net.function
+++ b/tests/suites/test_suite_net.function
@@ -9,11 +9,11 @@
 #endif
 
 #if defined(MBEDTLS_PLATFORM_IS_UNIXLIKE)
-#include <sys/fcntl.h>
 #include <sys/resource.h>
 #include <sys/stat.h>
 #include <sys/time.h>
 #include <sys/types.h>
+#include <fcntl.h>
 #include <unistd.h>
 #endif
 

From d3ac4a9a8abeba0232c43a7cf38b2905c0fe5862 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Fri, 24 Sep 2021 10:06:04 +0200
Subject: [PATCH 556/966] Clarify wording of "not covered" section
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The section is about things that are not covered, but some lists are
about things that are covered, which was very confusing.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
---
 docs/use-psa-crypto.md | 42 ++++++++++++++++++++++++------------------
 1 file changed, 24 insertions(+), 18 deletions(-)

diff --git a/docs/use-psa-crypto.md b/docs/use-psa-crypto.md
index 6300bf02e2..4292aa6b94 100644
--- a/docs/use-psa-crypto.md
+++ b/docs/use-psa-crypto.md
@@ -153,27 +153,33 @@ This is only a high-level overview, grouped by theme
 TLS: key exchanges / asymmetric crypto
 --------------------------------------
 
-- RSA: not covered
-- DHE-RSA: not covered
-- ECDHE-RSA: ECDHE computation client-side only
-- ECDHE-ECDSA:
-  - ECDHE computation client-side
-  - ECDSA verification both sides
-  - ECDSA signature (if using `mbedtls_pk_setup_opaque()`)
-- PSK: PSA-held keys using `mbedtls_ssl_conf_psk_opaque()`
-- DHE-PSK: not covered
-- RSA-PSK: not covered
-- ECDHE-PSK: not covered
-- ECDH-RSA: not covered
-- ECDH-ECDSA: not covered
-- ECJPAKE: not covered
+The following key exchanges are not covered at all:
+
+- RSA
+- DHE-RSA
+- DHE-PSK
+- RSA-PSK
+- ECDHE-PSK
+- ECDH-RSA
+- ECDH-ECDSA
+- ECJPAKE
+
+The following key exchanges are only partially covered:
+
+- ECDHE-RSA: RSA operations are not covered and, server-side, the ECDHE
+  operation isn't either
+- ECDHE-ECDSA: server-side, the ECDHE operation isn't covered. (ECDSA
+  signature generation is only covered if using `mbedtls_pk_setup_opaque()`.)
+
+PSK if covered when the application uses `mbedtls_ssl_conf_psk_opaque()` or
+`mbedtls_ssl_set_hs_psk_opaque()`.
 
 TLS: symmetric crypto
 ---------------------
 
 - some ciphers not supported via PSA yet: ARIA, Camellia, ChachaPoly (silent
   fallback to the legacy APIs)
-- the HMAC part of the CBC and NULL ciphersuites is not covered
+- the HMAC part of the CBC and NULL ciphersuites
 - the HMAC computation in `ssl_cookie.c`
 
 X.509
@@ -181,6 +187,6 @@ X.509
 
 - most hash operations are still done via the legacy API, except the few that
   are documented above as using PSA
-- RSA PKCS#1 v1.5 signature generation (from PSA-held keys): not covered
-- RSA PKCS#1 v1.5 signature verification: not covered
-- RSA-PSS signature verification: not covered
+- RSA PKCS#1 v1.5 signature generation (from PSA-held keys)
+- RSA PKCS#1 v1.5 signature verification
+- RSA-PSS signature verification

From ca9101739aca97117d1889489515c2262f8846bb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Fri, 24 Sep 2021 10:14:32 +0200
Subject: [PATCH 557/966] Improve wording and fix some typos.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
---
 docs/use-psa-crypto.md | 22 +++++++++++++---------
 1 file changed, 13 insertions(+), 9 deletions(-)

diff --git a/docs/use-psa-crypto.md b/docs/use-psa-crypto.md
index 4292aa6b94..cdae3a8273 100644
--- a/docs/use-psa-crypto.md
+++ b/docs/use-psa-crypto.md
@@ -37,15 +37,18 @@ X.509) layers to pick up the improvements.
 
 ### PSA-held (opaque) keys in the PK layer
 
-Add `mbedtls_pk_setup_opaque()` to wrap a PSA keypair into a PK context. The key
-can be used for private-key operations and its public part can be written out.
+There is a new API function `mbedtls_pk_setup_opaque()` that can be used to
+wrap a PSA keypair into a PK context. The key can be used for private-key
+operations and its public part can be exported.
 
 Benefits: isolation of long-term secrets, use of PSA Crypto drivers.
 
 Limitations: only for private keys, only ECC. (That is, only ECDSA signature
-generation.) The following operations are not supported with a context set
-this way, while they would be available with a normal `ECKEY` context:
-`mbedtls_pk_verify()`, `mbedtls_pk_check_pair()`, `mbedtls_pk_debug()`.
+generation. Note: currently this will use randomized ECDSA while Mbed TLS uses
+deterministic ECDSA by default.) The following operations are not supported
+with a context set this way, while they would be available with a normal
+`ECKEY` context: `mbedtls_pk_verify()`, `mbedtls_pk_check_pair()`,
+`mbedtls_pk_debug()`.
 
 Use in X.509 and TLS: opt-in. The application needs to construct the PK context
 using the new API in order to get the benefits; it can then pass the
@@ -56,14 +59,15 @@ resulting context to the following existing APIs:
 - `mbedtls_x509write_csr_set_key()` to generate a CSR (certificate signature
   request).
 
-In the TLS and X.509 API, there's two other function which accept a key or
+In the TLS and X.509 API, there are two other functions which accept a key or
 keypair as a PK context: `mbedtls_x509write_crt_set_subject_key()` and
 `mbedtls_x509write_crt_set_issuer_key()`. Use of opaque contexts here probably
 works but is so far untested.
 
 ### PSA-held (opaque) keys for TLS 1.2 pre-shared keys (PSK)
 
-Add `mbedtls_ssl_conf_psk_opaque()` and `mbedtls_ssl_set_hs_psk_opaque()` to
+There are two new API functions `mbedtls_ssl_conf_psk_opaque()` and
+`mbedtls_ssl_set_hs_psk_opaque()`. Call one of these from an application to
 register a PSA key for use with a PSK key exchange.
 
 Benefits: isolation of long-term secrets.
@@ -81,8 +85,8 @@ APIs to get the benefits.
 
 ### PSA-based operations in the Cipher layer
 
-Add `mbedtls_cipher_setup_psa()` to set up a context that will call PSA to
-store the key and perform the operations.
+There is a new API function `mbedtls_cipher_setup_psa()` to set up a context
+that will call PSA to store the key and perform the operations.
 
 Benefits: use of PSA Crypto drivers; partial isolation of short-term secrets
 (still generated outside of PSA, but then held by PSA).

From 9155b0e396b0cc90642d452916b4a4264025d42c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Fri, 24 Sep 2021 10:17:07 +0200
Subject: [PATCH 558/966] Clarify that 1.3 is excluded
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Don't mention "TLS 1.2 only" for PSK, as that could give the impression
that the other things about TLS are supported beyond 1.2, which isn't
the case currently.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
---
 docs/use-psa-crypto.md | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/docs/use-psa-crypto.md b/docs/use-psa-crypto.md
index cdae3a8273..af485ce8e7 100644
--- a/docs/use-psa-crypto.md
+++ b/docs/use-psa-crypto.md
@@ -64,7 +64,7 @@ keypair as a PK context: `mbedtls_x509write_crt_set_subject_key()` and
 `mbedtls_x509write_crt_set_issuer_key()`. Use of opaque contexts here probably
 works but is so far untested.
 
-### PSA-held (opaque) keys for TLS 1.2 pre-shared keys (PSK)
+### PSA-held (opaque) keys for TLS pre-shared keys (PSK)
 
 There are two new API functions `mbedtls_ssl_conf_psk_opaque()` and
 `mbedtls_ssl_set_hs_psk_opaque()`. Call one of these from an application to
@@ -72,7 +72,7 @@ register a PSA key for use with a PSK key exchange.
 
 Benefits: isolation of long-term secrets.
 
-Limitations: the key can only be used with with TLS 1.2, and only with "pure"
+Limitations: the key can only be used with "pure"
 PSK key exchanges (ciphersuites starting with `TLS_PSK_WITH_`), to the
 exclusion of RSA-PSK, DHE-PSK and ECDHE-PSK key exchanges. It is the responsibility of
 the user to make sure that when provisioning an opaque pre-shared key, the
@@ -154,6 +154,11 @@ Parts that are not covered yet
 
 This is only a high-level overview, grouped by theme
 
+TLS: 1.3 experimental support
+-----------------------------
+
+No part of the experimental support for TLS 1.3 is covered at the moment.
+
 TLS: key exchanges / asymmetric crypto
 --------------------------------------
 

From 13841cb719d4d2af13de8c5ac0fbd4e4afd79664 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Fri, 24 Sep 2021 11:43:14 +0200
Subject: [PATCH 559/966] Mention areas that are not (well) tested.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
---
 docs/use-psa-crypto.md | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/docs/use-psa-crypto.md b/docs/use-psa-crypto.md
index af485ce8e7..6ec2dcaa1b 100644
--- a/docs/use-psa-crypto.md
+++ b/docs/use-psa-crypto.md
@@ -55,7 +55,8 @@ using the new API in order to get the benefits; it can then pass the
 resulting context to the following existing APIs:
 
 - `mbedtls_ssl_conf_own_cert()` or `mbedtls_ssl_set_hs_own_cert()` to use the
-  key together with a certificate for ECDSA-based key exchanges;
+  key together with a certificate for ECDSA-based key exchanges (note: while
+this is supported on both sides, it's currently only tested client-side);
 - `mbedtls_x509write_csr_set_key()` to generate a CSR (certificate signature
   request).
 
@@ -95,7 +96,9 @@ Limitations: the key is still passed in the clear by the application. The
 multi-part APIs are not supported, only the one-shot APIs. The only modes
 supported are ECB, CBC without padding, GCM and CCM (this excludes stream
 ciphers and ChachaPoly); the only cipher supported is AES (this excludes Aria,
-Camellia, and ChachaPoly).
+Camellia, and ChachaPoly). (Note: ECB is currently not tested.) (Note: it is
+possible to perform multiple one-shot operations with the same context;
+however this is not unit-tested, only tested via usage in TLS.)
 
 Use in TLS: automatic. Used when the cipher and mode is supported (with
 gracious fallback to the legacy API otherwise) in all places where a cipher is

From 5977bc9e395daa1556688f2004ff596f811a7906 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Thu, 23 Sep 2021 17:35:08 +0100
Subject: [PATCH 560/966] Add MBEDTLS_PRIVATE to new structs

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 include/psa/crypto_builtin_composites.h | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/include/psa/crypto_builtin_composites.h b/include/psa/crypto_builtin_composites.h
index cdecb2844c..8075caf660 100644
--- a/include/psa/crypto_builtin_composites.h
+++ b/include/psa/crypto_builtin_composites.h
@@ -86,24 +86,24 @@ typedef struct
 /* Context structure for the Mbed TLS AEAD implementation. */
 typedef struct
 {
-    psa_algorithm_t alg;
-    psa_key_type_t key_type;
+    psa_algorithm_t MBEDTLS_PRIVATE(alg);
+    psa_key_type_t MBEDTLS_PRIVATE(key_type);
 
-    unsigned int is_encrypt : 1;
+    unsigned int MBEDTLS_PRIVATE(is_encrypt) : 1;
 
-    uint8_t tag_length;
+    uint8_t MBEDTLS_PRIVATE(tag_length);
 
     union
     {
         unsigned dummy; /* Enable easier initializing of the union. */
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
-        mbedtls_ccm_context ccm;
+        mbedtls_ccm_context MBEDTLS_PRIVATE(ccm);
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
-        mbedtls_gcm_context gcm;
+        mbedtls_gcm_context MBEDTLS_PRIVATE(gcm);
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
-        mbedtls_chachapoly_context chachapoly;
+        mbedtls_chachapoly_context MBEDTLS_PRIVATE(chachapoly);
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
 
     } ctx;

From 32f46ba16a6adea6a74828906909642c32204265 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Thu, 23 Sep 2021 18:24:36 +0100
Subject: [PATCH 561/966] Remove ability to turn off chunked ad/data tests

This is no longer required, as both PolyChaCha and GCM now support
both chunked body data and additional data.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 tests/suites/test_suite_psa_crypto.data     | 216 +++++++--------
 tests/suites/test_suite_psa_crypto.function | 281 +++++++++-----------
 2 files changed, 232 insertions(+), 265 deletions(-)

diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index c17d527475..e48bd976f5 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -2748,435 +2748,435 @@ aead_encrypt_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f9091
 
 PSA Multipart AEAD encrypt, AES-GCM, 128 bytes #1
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1:0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96"
 
 PSA Multipart AEAD encrypt, AES-GCM, 128 bytes #1 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1:1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96"
 
 PSA Multipart AEAD encrypt, AES-GCM, 128 bytes #2
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":0:"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":1:0:"12495120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":0:"12495120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56"
 
 PSA Multipart AEAD encrypt, AES-GCM, 128 bytes #2 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":0:"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":1:1:"12495120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":1:"12495120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56"
 
 PSA Multipart AEAD encrypt, AES-GCM, 128 bytes #1, T=4
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1:0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847f"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847f"
 
 PSA Multipart AEAD encrypt, AES-GCM, 128 bytes #1, T=4 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1:1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847f"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847f"
 
 PSA Multipart AEAD encrypt, AES-GCM, 128 bytes #1, T=15
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1:0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a"
 
 PSA Multipart AEAD encrypt, AES-GCM, 128 bytes #1, T=15 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1:1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a"
 
 PSA Multipart AEAD encrypt, AES-GCM, 128 bytes #1, T=16
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1:0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96"
 
 PSA Multipart AEAD encrypt, AES-GCM, 128 bytes #1, T=16 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1:1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96"
 
 PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=0, AAD=0, TAG=16,
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"ab2265b4c168955561f04315":"":0:"":1:0:"f149e2b5f0adaa9842ca5f45b768a8fc"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"ab2265b4c168955561f04315":"":"":0:"f149e2b5f0adaa9842ca5f45b768a8fc"
 
 PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=0, AAD=0, TAG=16, (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"ab2265b4c168955561f04315":"":0:"":1:1:"f149e2b5f0adaa9842ca5f45b768a8fc"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"ab2265b4c168955561f04315":"":"":1:"f149e2b5f0adaa9842ca5f45b768a8fc"
 
 PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=0, AAD=16, TAG=16,
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"41c5da8667ef725220ffe39ae0ac590ac9fca729ab60ada0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"05ad13a5e2c2ab667e1a6fbc":"8b5c124bef6e2f0fe4d8c95cd5fa4cf1":0:"":1:0:"204bdb1bd62154bf08922aaa54eed705"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"41c5da8667ef725220ffe39ae0ac590ac9fca729ab60ada0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"05ad13a5e2c2ab667e1a6fbc":"8b5c124bef6e2f0fe4d8c95cd5fa4cf1":"":0:"204bdb1bd62154bf08922aaa54eed705"
 
 PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=0, AAD=16, TAG=16, (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"41c5da8667ef725220ffe39ae0ac590ac9fca729ab60ada0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"05ad13a5e2c2ab667e1a6fbc":"8b5c124bef6e2f0fe4d8c95cd5fa4cf1":0:"":1:1:"204bdb1bd62154bf08922aaa54eed705"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"41c5da8667ef725220ffe39ae0ac590ac9fca729ab60ada0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"05ad13a5e2c2ab667e1a6fbc":"8b5c124bef6e2f0fe4d8c95cd5fa4cf1":"":1:"204bdb1bd62154bf08922aaa54eed705"
 
 PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=0, AAD=20, TAG=16,
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"093ef7551ebbff8eb0c0a8a4a62b198f0c2e838de10eeeee":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"e656e93930ed5210ba3f0322":"3da22dacfd11b21b0a713157f60aec0cd22f1add":0:"":1:0:"1b2d2764573e20ae640bf29d48e5fe05"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"093ef7551ebbff8eb0c0a8a4a62b198f0c2e838de10eeeee":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"e656e93930ed5210ba3f0322":"3da22dacfd11b21b0a713157f60aec0cd22f1add":"":0:"1b2d2764573e20ae640bf29d48e5fe05"
 
 PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=0, AAD=20, TAG=16, (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"093ef7551ebbff8eb0c0a8a4a62b198f0c2e838de10eeeee":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"e656e93930ed5210ba3f0322":"3da22dacfd11b21b0a713157f60aec0cd22f1add":0:"":1:1:"1b2d2764573e20ae640bf29d48e5fe05"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"093ef7551ebbff8eb0c0a8a4a62b198f0c2e838de10eeeee":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"e656e93930ed5210ba3f0322":"3da22dacfd11b21b0a713157f60aec0cd22f1add":"":1:"1b2d2764573e20ae640bf29d48e5fe05"
 
 PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=0, AAD=48, TAG=15,
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"31389612d244c9792a510eca3f9c94f9f48c97ed67ae965a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"df6b54ec8b58114df5b09279":"0863bec42ee93385efbec665adfc46dafcd793f29e859e3b531c15b168f1888dd13e905cd7d5bc03f9f1f6495717df62":0:"":1:0:"77e5682a49243d5b9016eb1adafa2d"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"31389612d244c9792a510eca3f9c94f9f48c97ed67ae965a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"df6b54ec8b58114df5b09279":"0863bec42ee93385efbec665adfc46dafcd793f29e859e3b531c15b168f1888dd13e905cd7d5bc03f9f1f6495717df62":"":0:"77e5682a49243d5b9016eb1adafa2d"
 
 PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=0, AAD=48, TAG=15, (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"31389612d244c9792a510eca3f9c94f9f48c97ed67ae965a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"df6b54ec8b58114df5b09279":"0863bec42ee93385efbec665adfc46dafcd793f29e859e3b531c15b168f1888dd13e905cd7d5bc03f9f1f6495717df62":0:"":1:1:"77e5682a49243d5b9016eb1adafa2d"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"31389612d244c9792a510eca3f9c94f9f48c97ed67ae965a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"df6b54ec8b58114df5b09279":"0863bec42ee93385efbec665adfc46dafcd793f29e859e3b531c15b168f1888dd13e905cd7d5bc03f9f1f6495717df62":"":1:"77e5682a49243d5b9016eb1adafa2d"
 
 PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=0, TAG=16,
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"5f4b43e811da9c470d6a9b01":"":0:"d2ae38c4375954835d75b8e4c2f9bbb4":1:0:"69482957e6be5c54882d00314e0259cf191e9f29bef63a26860c1e020a21137e"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":0:"69482957e6be5c54882d00314e0259cf191e9f29bef63a26860c1e020a21137e"
 
 PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=0, TAG=16, (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"5f4b43e811da9c470d6a9b01":"":0:"d2ae38c4375954835d75b8e4c2f9bbb4":1:1:"69482957e6be5c54882d00314e0259cf191e9f29bef63a26860c1e020a21137e"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":1:"69482957e6be5c54882d00314e0259cf191e9f29bef63a26860c1e020a21137e"
 
 PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=0, TAG=8,
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"c50ac59e50556e47b834380018c0dc0380af9df3bf6714e6":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"f303bf4b6cfbba7104cd9436":"":0:"d3f3f57033df30c22860231334b099cb":1:0:"2269c72d77f2b6f9d57da1820ec5a5d3d62d4491e3e4e9e7"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"c50ac59e50556e47b834380018c0dc0380af9df3bf6714e6":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"f303bf4b6cfbba7104cd9436":"":"d3f3f57033df30c22860231334b099cb":0:"2269c72d77f2b6f9d57da1820ec5a5d3d62d4491e3e4e9e7"
 
 PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=0, TAG=8, (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"c50ac59e50556e47b834380018c0dc0380af9df3bf6714e6":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"f303bf4b6cfbba7104cd9436":"":0:"d3f3f57033df30c22860231334b099cb":1:1:"2269c72d77f2b6f9d57da1820ec5a5d3d62d4491e3e4e9e7"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"c50ac59e50556e47b834380018c0dc0380af9df3bf6714e6":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"f303bf4b6cfbba7104cd9436":"":"d3f3f57033df30c22860231334b099cb":1:"2269c72d77f2b6f9d57da1820ec5a5d3d62d4491e3e4e9e7"
 
 PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=16, TAG=14,
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"8ef391e4b7a2fe05b959be27823357080f963ed2f64b9e59":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"0080052a2a5bb0e95222a419":"290322092d57479e20f6281e331d95a9":0:"e7fb0631eebf9bdba87045b33650c4ce":1:0:"88d674044031414af7ba9da8b89dd68e69897d99d8e1706f38c613896c18"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"8ef391e4b7a2fe05b959be27823357080f963ed2f64b9e59":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"0080052a2a5bb0e95222a419":"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":0:"88d674044031414af7ba9da8b89dd68e69897d99d8e1706f38c613896c18"
 
 PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=16, TAG=14, (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"8ef391e4b7a2fe05b959be27823357080f963ed2f64b9e59":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"0080052a2a5bb0e95222a419":"290322092d57479e20f6281e331d95a9":0:"e7fb0631eebf9bdba87045b33650c4ce":1:1:"88d674044031414af7ba9da8b89dd68e69897d99d8e1706f38c613896c18"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"8ef391e4b7a2fe05b959be27823357080f963ed2f64b9e59":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"0080052a2a5bb0e95222a419":"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":1:"88d674044031414af7ba9da8b89dd68e69897d99d8e1706f38c613896c18"
 
 PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=16, TAG=4,
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"1cb5a0db778d3eb430b2816ceef9e455f519a8977b074183":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"c1df5e9e2e3165c54242a306":"7134e5ddc396c2a8a7da23906c8f7b40":0:"636871d4c0aae3da7b55abd8b5f21297":1:0:"14eb02562aa1d963d0033626cdc8a5c8972f4bdf"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"1cb5a0db778d3eb430b2816ceef9e455f519a8977b074183":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"c1df5e9e2e3165c54242a306":"7134e5ddc396c2a8a7da23906c8f7b40":"636871d4c0aae3da7b55abd8b5f21297":0:"14eb02562aa1d963d0033626cdc8a5c8972f4bdf"
 
 PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=16, TAG=4, (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"1cb5a0db778d3eb430b2816ceef9e455f519a8977b074183":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"c1df5e9e2e3165c54242a306":"7134e5ddc396c2a8a7da23906c8f7b40":0:"636871d4c0aae3da7b55abd8b5f21297":1:1:"14eb02562aa1d963d0033626cdc8a5c8972f4bdf"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"1cb5a0db778d3eb430b2816ceef9e455f519a8977b074183":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"c1df5e9e2e3165c54242a306":"7134e5ddc396c2a8a7da23906c8f7b40":"636871d4c0aae3da7b55abd8b5f21297":1:"14eb02562aa1d963d0033626cdc8a5c8972f4bdf"
 
 PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=20, TAG=13,
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"45148f42669f8ab8fad689d9b9180e39d7ea8fc95696297e":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"5afcb134acc78b4eb9d11e79":"aec409e5fd82e50b824ebc1f45e75188d80615c6":0:"3d952be11deb421b56e0ce9d7ce99553":1:0:"077c0d53869869e191df116fd7baa8a293d2b577a29b0953c91b5d3b9d"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"45148f42669f8ab8fad689d9b9180e39d7ea8fc95696297e":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"5afcb134acc78b4eb9d11e79":"aec409e5fd82e50b824ebc1f45e75188d80615c6":"3d952be11deb421b56e0ce9d7ce99553":0:"077c0d53869869e191df116fd7baa8a293d2b577a29b0953c91b5d3b9d"
 
 PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=20, TAG=13, (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"45148f42669f8ab8fad689d9b9180e39d7ea8fc95696297e":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"5afcb134acc78b4eb9d11e79":"aec409e5fd82e50b824ebc1f45e75188d80615c6":0:"3d952be11deb421b56e0ce9d7ce99553":1:1:"077c0d53869869e191df116fd7baa8a293d2b577a29b0953c91b5d3b9d"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"45148f42669f8ab8fad689d9b9180e39d7ea8fc95696297e":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"5afcb134acc78b4eb9d11e79":"aec409e5fd82e50b824ebc1f45e75188d80615c6":"3d952be11deb421b56e0ce9d7ce99553":1:"077c0d53869869e191df116fd7baa8a293d2b577a29b0953c91b5d3b9d"
 
 PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=48, TAG=15,
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"5255428457fe75e64447971ec5af0d13c5b60a07ee2d07b0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"40cb6ebafc202f82223db097":"b2da2bd05ab1f3e39613efc8d80c5d0f240ee08f6abad5791649e9c1d0f48fa3dc59c1e535d1db1a4d3fa2263f5a1117":0:"fdd8a462c86d4365c8bfee0e25fc8a62":1:0:"9ca4a6d08267038f6f7999c84105bb5eaf8f7b3b9310ec688e033088a03482"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"5255428457fe75e64447971ec5af0d13c5b60a07ee2d07b0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"40cb6ebafc202f82223db097":"b2da2bd05ab1f3e39613efc8d80c5d0f240ee08f6abad5791649e9c1d0f48fa3dc59c1e535d1db1a4d3fa2263f5a1117":"fdd8a462c86d4365c8bfee0e25fc8a62":0:"9ca4a6d08267038f6f7999c84105bb5eaf8f7b3b9310ec688e033088a03482"
 
 PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=48, TAG=15, (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"5255428457fe75e64447971ec5af0d13c5b60a07ee2d07b0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"40cb6ebafc202f82223db097":"b2da2bd05ab1f3e39613efc8d80c5d0f240ee08f6abad5791649e9c1d0f48fa3dc59c1e535d1db1a4d3fa2263f5a1117":0:"fdd8a462c86d4365c8bfee0e25fc8a62":1:1:"9ca4a6d08267038f6f7999c84105bb5eaf8f7b3b9310ec688e033088a03482"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"5255428457fe75e64447971ec5af0d13c5b60a07ee2d07b0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"40cb6ebafc202f82223db097":"b2da2bd05ab1f3e39613efc8d80c5d0f240ee08f6abad5791649e9c1d0f48fa3dc59c1e535d1db1a4d3fa2263f5a1117":"fdd8a462c86d4365c8bfee0e25fc8a62":1:"9ca4a6d08267038f6f7999c84105bb5eaf8f7b3b9310ec688e033088a03482"
 
 PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=0, TAG=16,
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"b52c505a37d78eda5dd34f20c22540ea1b58963cf8e5bf8ffa85f9f2492505b4":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"516c33929df5a3284ff463d7":"":0:"":1:0:"bdc1ac884d332457a1d2664f168c76f0"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"b52c505a37d78eda5dd34f20c22540ea1b58963cf8e5bf8ffa85f9f2492505b4":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"516c33929df5a3284ff463d7":"":"":0:"bdc1ac884d332457a1d2664f168c76f0"
 
 PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=0, TAG=16, (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"b52c505a37d78eda5dd34f20c22540ea1b58963cf8e5bf8ffa85f9f2492505b4":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"516c33929df5a3284ff463d7":"":0:"":1:1:"bdc1ac884d332457a1d2664f168c76f0"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"b52c505a37d78eda5dd34f20c22540ea1b58963cf8e5bf8ffa85f9f2492505b4":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"516c33929df5a3284ff463d7":"":"":1:"bdc1ac884d332457a1d2664f168c76f0"
 
 PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=0, TAG=12,
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"98ebf7a58db8b8371d9069171190063cc1fdc1927e49a3385f890d41a838619c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"3e6db953bd4e641de644e50a":"":0:"":1:0:"2fb9c3e41fff24ef07437c47"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"98ebf7a58db8b8371d9069171190063cc1fdc1927e49a3385f890d41a838619c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"3e6db953bd4e641de644e50a":"":"":0:"2fb9c3e41fff24ef07437c47"
 
 PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=0, TAG=12, (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"98ebf7a58db8b8371d9069171190063cc1fdc1927e49a3385f890d41a838619c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"3e6db953bd4e641de644e50a":"":0:"":1:1:"2fb9c3e41fff24ef07437c47"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"98ebf7a58db8b8371d9069171190063cc1fdc1927e49a3385f890d41a838619c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"3e6db953bd4e641de644e50a":"":"":1:"2fb9c3e41fff24ef07437c47"
 
 PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=20, TAG=16,
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"886cff5f3e6b8d0e1ad0a38fcdb26de97e8acbe79f6bed66959a598fa5047d65":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"3a8efa1cd74bbab5448f9945":"519fee519d25c7a304d6c6aa1897ee1eb8c59655":0:"":1:0:"f6d47505ec96c98a42dc3ae719877b87"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"886cff5f3e6b8d0e1ad0a38fcdb26de97e8acbe79f6bed66959a598fa5047d65":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"3a8efa1cd74bbab5448f9945":"519fee519d25c7a304d6c6aa1897ee1eb8c59655":"":0:"f6d47505ec96c98a42dc3ae719877b87"
 
 PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=20, TAG=16, (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"886cff5f3e6b8d0e1ad0a38fcdb26de97e8acbe79f6bed66959a598fa5047d65":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"3a8efa1cd74bbab5448f9945":"519fee519d25c7a304d6c6aa1897ee1eb8c59655":0:"":1:1:"f6d47505ec96c98a42dc3ae719877b87"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"886cff5f3e6b8d0e1ad0a38fcdb26de97e8acbe79f6bed66959a598fa5047d65":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"3a8efa1cd74bbab5448f9945":"519fee519d25c7a304d6c6aa1897ee1eb8c59655":"":1:"f6d47505ec96c98a42dc3ae719877b87"
 
 PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=20, TAG=13,
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a7c928738b89c3258b910ac31bc465338b2e133b143fd52d9c9859eb1d01f2a0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"a483a7e94fbb2d694d3c4a8d":"bdb613cd3c2f0edd37b3ed43041bacb949ee51fa":0:"":1:0:"5233f95bdcf5d666fb957acdcb"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a7c928738b89c3258b910ac31bc465338b2e133b143fd52d9c9859eb1d01f2a0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"a483a7e94fbb2d694d3c4a8d":"bdb613cd3c2f0edd37b3ed43041bacb949ee51fa":"":0:"5233f95bdcf5d666fb957acdcb"
 
 PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=20, TAG=13, (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a7c928738b89c3258b910ac31bc465338b2e133b143fd52d9c9859eb1d01f2a0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"a483a7e94fbb2d694d3c4a8d":"bdb613cd3c2f0edd37b3ed43041bacb949ee51fa":0:"":1:1:"5233f95bdcf5d666fb957acdcb"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a7c928738b89c3258b910ac31bc465338b2e133b143fd52d9c9859eb1d01f2a0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"a483a7e94fbb2d694d3c4a8d":"bdb613cd3c2f0edd37b3ed43041bacb949ee51fa":"":1:"5233f95bdcf5d666fb957acdcb"
 
 PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=48, TAG=15,
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"16a5b58a1dbb273a8fc6a4af722d46dbb898dd86ab128cb93d8388a8647a80a3":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"59e0c40d6675923cf5e004d5":"5b4b4ffc9c66bd394abeed3f03b695b949b3b69a42198cc3bfad971174915df913b967ccf36ee1f001f54efbcd117b68":0:"":1:0:"d57e27914ecb4a764359d3c0f8d4d6"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"16a5b58a1dbb273a8fc6a4af722d46dbb898dd86ab128cb93d8388a8647a80a3":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"59e0c40d6675923cf5e004d5":"5b4b4ffc9c66bd394abeed3f03b695b949b3b69a42198cc3bfad971174915df913b967ccf36ee1f001f54efbcd117b68":"":0:"d57e27914ecb4a764359d3c0f8d4d6"
 
 PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=48, TAG=15, (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"16a5b58a1dbb273a8fc6a4af722d46dbb898dd86ab128cb93d8388a8647a80a3":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"59e0c40d6675923cf5e004d5":"5b4b4ffc9c66bd394abeed3f03b695b949b3b69a42198cc3bfad971174915df913b967ccf36ee1f001f54efbcd117b68":0:"":1:1:"d57e27914ecb4a764359d3c0f8d4d6"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"16a5b58a1dbb273a8fc6a4af722d46dbb898dd86ab128cb93d8388a8647a80a3":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"59e0c40d6675923cf5e004d5":"5b4b4ffc9c66bd394abeed3f03b695b949b3b69a42198cc3bfad971174915df913b967ccf36ee1f001f54efbcd117b68":"":1:"d57e27914ecb4a764359d3c0f8d4d6"
 
 PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=48, TAG=4,
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"5dd13092dd695b90ab835ed6343031c4cdb710d32f4d3804d72b46d921fcfa18":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"1de4bd816c8ec6bffc1e6453":"1b63d6278702abacf8b6c2faf542a808659fd5da03cdc1061a8593ea8ce9fc8ff54ffef6ebf3e15f7a832b4ae750a6ce":0:"":1:0:"72901467"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"5dd13092dd695b90ab835ed6343031c4cdb710d32f4d3804d72b46d921fcfa18":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"1de4bd816c8ec6bffc1e6453":"1b63d6278702abacf8b6c2faf542a808659fd5da03cdc1061a8593ea8ce9fc8ff54ffef6ebf3e15f7a832b4ae750a6ce":"":0:"72901467"
 
 PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=48, TAG=4, (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"5dd13092dd695b90ab835ed6343031c4cdb710d32f4d3804d72b46d921fcfa18":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"1de4bd816c8ec6bffc1e6453":"1b63d6278702abacf8b6c2faf542a808659fd5da03cdc1061a8593ea8ce9fc8ff54ffef6ebf3e15f7a832b4ae750a6ce":0:"":1:1:"72901467"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"5dd13092dd695b90ab835ed6343031c4cdb710d32f4d3804d72b46d921fcfa18":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"1de4bd816c8ec6bffc1e6453":"1b63d6278702abacf8b6c2faf542a808659fd5da03cdc1061a8593ea8ce9fc8ff54ffef6ebf3e15f7a832b4ae750a6ce":"":1:"72901467"
 
 PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=16, AAD=0, TAG=15,
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"ef9f9284cf599eac3b119905a7d18851e7e374cf63aea04358586b0f757670f8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"b6ac8e4963f49207ffd6374c":"":0:"722ee47da4b77424733546c2d400c4e5":1:0:"1224dfefb72a20d49e09256908874979882eafea22adf8dbed06a2265f907b"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"ef9f9284cf599eac3b119905a7d18851e7e374cf63aea04358586b0f757670f8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"b6ac8e4963f49207ffd6374c":"":"722ee47da4b77424733546c2d400c4e5":0:"1224dfefb72a20d49e09256908874979882eafea22adf8dbed06a2265f907b"
 
 PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=16, AAD=0, TAG=15, (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"ef9f9284cf599eac3b119905a7d18851e7e374cf63aea04358586b0f757670f8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"b6ac8e4963f49207ffd6374c":"":0:"722ee47da4b77424733546c2d400c4e5":1:1:"1224dfefb72a20d49e09256908874979882eafea22adf8dbed06a2265f907b"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"ef9f9284cf599eac3b119905a7d18851e7e374cf63aea04358586b0f757670f8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"b6ac8e4963f49207ffd6374c":"":"722ee47da4b77424733546c2d400c4e5":1:"1224dfefb72a20d49e09256908874979882eafea22adf8dbed06a2265f907b"
 
 PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=16, AAD=0, TAG=12,
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"b33b0e4c5b9f7ef77cec1a29ed5844bda3853238bdf7766e7645029931f169f0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"f226d65e8654fdf5193ed721":"":0:"bcf48ddcfe9d011a1003973d68d2d78a":1:0:"d2eb20898a301b5d8e69e9926272021393af01abb6a970047a7fc010"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"b33b0e4c5b9f7ef77cec1a29ed5844bda3853238bdf7766e7645029931f169f0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"f226d65e8654fdf5193ed721":"":"bcf48ddcfe9d011a1003973d68d2d78a":0:"d2eb20898a301b5d8e69e9926272021393af01abb6a970047a7fc010"
 
 PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=16, AAD=0, TAG=12, (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"b33b0e4c5b9f7ef77cec1a29ed5844bda3853238bdf7766e7645029931f169f0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"f226d65e8654fdf5193ed721":"":0:"bcf48ddcfe9d011a1003973d68d2d78a":1:1:"d2eb20898a301b5d8e69e9926272021393af01abb6a970047a7fc010"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"b33b0e4c5b9f7ef77cec1a29ed5844bda3853238bdf7766e7645029931f169f0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"f226d65e8654fdf5193ed721":"":"bcf48ddcfe9d011a1003973d68d2d78a":1:"d2eb20898a301b5d8e69e9926272021393af01abb6a970047a7fc010"
 
 PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=16, AAD=16, TAG=14,
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"c6e126a65faec77ab62318e30d8a50c39a664670039a66ae5a6874201bc68f9f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"0ba5193b2d3a8378d67163ce":"5844b289dc74327f9fd93f7aae1c3d39":0:"c37aada3d4408e880d47e41df77da9b9":1:0:"b5cd7563989b460a2fe187e90c41fc3179c73d0d1e3a4484909969de93b0"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"c6e126a65faec77ab62318e30d8a50c39a664670039a66ae5a6874201bc68f9f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"0ba5193b2d3a8378d67163ce":"5844b289dc74327f9fd93f7aae1c3d39":"c37aada3d4408e880d47e41df77da9b9":0:"b5cd7563989b460a2fe187e90c41fc3179c73d0d1e3a4484909969de93b0"
 
 PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=16, AAD=16, TAG=14, (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"c6e126a65faec77ab62318e30d8a50c39a664670039a66ae5a6874201bc68f9f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"0ba5193b2d3a8378d67163ce":"5844b289dc74327f9fd93f7aae1c3d39":0:"c37aada3d4408e880d47e41df77da9b9":1:1:"b5cd7563989b460a2fe187e90c41fc3179c73d0d1e3a4484909969de93b0"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"c6e126a65faec77ab62318e30d8a50c39a664670039a66ae5a6874201bc68f9f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"0ba5193b2d3a8378d67163ce":"5844b289dc74327f9fd93f7aae1c3d39":"c37aada3d4408e880d47e41df77da9b9":1:"b5cd7563989b460a2fe187e90c41fc3179c73d0d1e3a4484909969de93b0"
 
 PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=16, AAD=48, TAG=15,
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"2e6942d537f1a98444c2f9dbdb5d8db42a503a00a17b57d516399569e044a703":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"7eb67721581ed52cfcfc2c4d":"a96cc73451502c7278b467ac85d5fc14fc1a2f51bc685645b173f0cd9af02d383095de063e6eaa50374ce9bc951e9e61":0:"e5f410fe939e79b7ad33fbd3aaf5856f":1:0:"727f5e19a5582e5782bbbe73517f0c04c492319abf12b03b380724ff1483a3"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"2e6942d537f1a98444c2f9dbdb5d8db42a503a00a17b57d516399569e044a703":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"7eb67721581ed52cfcfc2c4d":"a96cc73451502c7278b467ac85d5fc14fc1a2f51bc685645b173f0cd9af02d383095de063e6eaa50374ce9bc951e9e61":"e5f410fe939e79b7ad33fbd3aaf5856f":0:"727f5e19a5582e5782bbbe73517f0c04c492319abf12b03b380724ff1483a3"
 
 PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=16, AAD=48, TAG=15, (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_encrypt:PSA_KEY_TYPE_AES:"2e6942d537f1a98444c2f9dbdb5d8db42a503a00a17b57d516399569e044a703":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"7eb67721581ed52cfcfc2c4d":"a96cc73451502c7278b467ac85d5fc14fc1a2f51bc685645b173f0cd9af02d383095de063e6eaa50374ce9bc951e9e61":0:"e5f410fe939e79b7ad33fbd3aaf5856f":1:1:"727f5e19a5582e5782bbbe73517f0c04c492319abf12b03b380724ff1483a3"
+aead_multipart_encrypt:PSA_KEY_TYPE_AES:"2e6942d537f1a98444c2f9dbdb5d8db42a503a00a17b57d516399569e044a703":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"7eb67721581ed52cfcfc2c4d":"a96cc73451502c7278b467ac85d5fc14fc1a2f51bc685645b173f0cd9af02d383095de063e6eaa50374ce9bc951e9e61":"e5f410fe939e79b7ad33fbd3aaf5856f":1:"727f5e19a5582e5782bbbe73517f0c04c492319abf12b03b380724ff1483a3"
 
 PSA Multipart AEAD decrypt, AES - GCM, 144 bytes #1
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826"
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826"
 
 PSA Multipart AEAD decrypt, AES - GCM, 144 bytes #1 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826"
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826"
 
 PSA Multipart AEAD decrypt, AES - GCM, 144 bytes #2
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":0:"12495120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56":1:0:"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013"
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":"12495120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56":0:"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013"
 
 PSA Multipart AEAD decrypt, AES - GCM, 144 bytes #2 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":0:"12495120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56":1:1:"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013"
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":"12495120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56":1:"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013"
 
 PSA Multipart AEAD decrypt, AES - GCM, 144 bytes, T = 4
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,4):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847f":1:0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826"
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,4):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847f":0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826"
 
 PSA Multipart AEAD decrypt, AES - GCM, 144 bytes, T = 4 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,4):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847f":1:1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826"
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,4):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847f":1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826"
 
 PSA Multipart AEAD decrypt, AES - GCM, 144 bytes, T = 15
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,15):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a":1:0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826"
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,15):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a":0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826"
 
 PSA Multipart AEAD decrypt, AES - GCM, 144 bytes, T = 15 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,15):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a":1:1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826"
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,15):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a":1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826"
 
 PSA Multipart AEAD decrypt, AES-GCM, 144 bytes, T=16
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826"
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826"
 
 PSA Multipart AEAD decrypt, AES-GCM, 144 bytes, T=16 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826"
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826"
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=0, AAD=0, TAG=16
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"0e5d6e68f82f32bea3f0b69498c1a31ef6d955cd3d27a2a8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"caf72ee1e62e1001e8cfbc63":"":0:"db1a74ffb5f7de26f5742e0942b1b9cb":1:0:""
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"0e5d6e68f82f32bea3f0b69498c1a31ef6d955cd3d27a2a8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"caf72ee1e62e1001e8cfbc63":"":"db1a74ffb5f7de26f5742e0942b1b9cb":0:""
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=0, AAD=0, TAG=16 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"0e5d6e68f82f32bea3f0b69498c1a31ef6d955cd3d27a2a8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"caf72ee1e62e1001e8cfbc63":"":0:"db1a74ffb5f7de26f5742e0942b1b9cb":1:1:""
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"0e5d6e68f82f32bea3f0b69498c1a31ef6d955cd3d27a2a8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"caf72ee1e62e1001e8cfbc63":"":"db1a74ffb5f7de26f5742e0942b1b9cb":1:""
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=0, AAD=48, TAG=14
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e79fb7defce4f650402e6b521170686d3eb2a0b9514f3a64":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"40e0d2d836c0519e7042419b":"41c5b5d971c0723bc1b63a259fe7e06c2961de1241bc34c13965f43636e4da3da8c75ed5956abe3a42f3039af005925a":0:"434ff68f2436f48418fd69f52158":1:0:""
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e79fb7defce4f650402e6b521170686d3eb2a0b9514f3a64":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"40e0d2d836c0519e7042419b":"41c5b5d971c0723bc1b63a259fe7e06c2961de1241bc34c13965f43636e4da3da8c75ed5956abe3a42f3039af005925a":"434ff68f2436f48418fd69f52158":0:""
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=0, AAD=48, TAG=14 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e79fb7defce4f650402e6b521170686d3eb2a0b9514f3a64":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"40e0d2d836c0519e7042419b":"41c5b5d971c0723bc1b63a259fe7e06c2961de1241bc34c13965f43636e4da3da8c75ed5956abe3a42f3039af005925a":0:"434ff68f2436f48418fd69f52158":1:1:""
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e79fb7defce4f650402e6b521170686d3eb2a0b9514f3a64":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"40e0d2d836c0519e7042419b":"41c5b5d971c0723bc1b63a259fe7e06c2961de1241bc34c13965f43636e4da3da8c75ed5956abe3a42f3039af005925a":"434ff68f2436f48418fd69f52158":1:""
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=0, TAG=15
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e41d1f533d5b342ffe434b94b1372683bfd5d9d8cb79f9ee":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"5fe11a596dfcd3a305c1d711":"":0:"1847f64fff986476d1d2f758692f856da4a0ff98c0c1101694c84fd86680c9":1:0:"b03c2c20f758a93a8d1220232ad87098"
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e41d1f533d5b342ffe434b94b1372683bfd5d9d8cb79f9ee":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"5fe11a596dfcd3a305c1d711":"":"1847f64fff986476d1d2f758692f856da4a0ff98c0c1101694c84fd86680c9":0:"b03c2c20f758a93a8d1220232ad87098"
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=0, TAG=15 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e41d1f533d5b342ffe434b94b1372683bfd5d9d8cb79f9ee":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"5fe11a596dfcd3a305c1d711":"":0:"1847f64fff986476d1d2f758692f856da4a0ff98c0c1101694c84fd86680c9":1:1:"b03c2c20f758a93a8d1220232ad87098"
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e41d1f533d5b342ffe434b94b1372683bfd5d9d8cb79f9ee":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"5fe11a596dfcd3a305c1d711":"":"1847f64fff986476d1d2f758692f856da4a0ff98c0c1101694c84fd86680c9":1:"b03c2c20f758a93a8d1220232ad87098"
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=20, TAG=15
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"8e7da473c057a2a4669a0d22bf9b7c9913fba48930ca0c9b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"f9ff8ef80d76c50f9ca0e9ff":"f141bae18a1b54f065554fd34aa02c91c90f505c":0:"5deb093b6e7c766a64bb9d5170af1ff8bf130b64eebdce06a9bdb2cf1da15a":1:0:"b22b2dcdcc18adc30d16297b84b459d8"
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"8e7da473c057a2a4669a0d22bf9b7c9913fba48930ca0c9b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"f9ff8ef80d76c50f9ca0e9ff":"f141bae18a1b54f065554fd34aa02c91c90f505c":"5deb093b6e7c766a64bb9d5170af1ff8bf130b64eebdce06a9bdb2cf1da15a":0:"b22b2dcdcc18adc30d16297b84b459d8"
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=20, TAG=15 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"8e7da473c057a2a4669a0d22bf9b7c9913fba48930ca0c9b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"f9ff8ef80d76c50f9ca0e9ff":"f141bae18a1b54f065554fd34aa02c91c90f505c":0:"5deb093b6e7c766a64bb9d5170af1ff8bf130b64eebdce06a9bdb2cf1da15a":1:1:"b22b2dcdcc18adc30d16297b84b459d8"
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"8e7da473c057a2a4669a0d22bf9b7c9913fba48930ca0c9b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"f9ff8ef80d76c50f9ca0e9ff":"f141bae18a1b54f065554fd34aa02c91c90f505c":"5deb093b6e7c766a64bb9d5170af1ff8bf130b64eebdce06a9bdb2cf1da15a":1:"b22b2dcdcc18adc30d16297b84b459d8"
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=48, TAG=12
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"01bf150add51bb11623e3bfbebd62a7ea81c5b192b8eb6de":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"dfacbc6791b785d324c646b7":"e35412a625324257bef35399a7eacca34fec2d2d24166e6bb3e94d96f5c57599ded45e2a74503f07116caa1692398a07":0:"77579db3c6da769e17731faac4732d7cce65d960a49f94f6b583e54a":1:0:"7e5fd8b595ddc4753676107951d900e2"
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"01bf150add51bb11623e3bfbebd62a7ea81c5b192b8eb6de":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"dfacbc6791b785d324c646b7":"e35412a625324257bef35399a7eacca34fec2d2d24166e6bb3e94d96f5c57599ded45e2a74503f07116caa1692398a07":"77579db3c6da769e17731faac4732d7cce65d960a49f94f6b583e54a":0:"7e5fd8b595ddc4753676107951d900e2"
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=48, TAG=12 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"01bf150add51bb11623e3bfbebd62a7ea81c5b192b8eb6de":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"dfacbc6791b785d324c646b7":"e35412a625324257bef35399a7eacca34fec2d2d24166e6bb3e94d96f5c57599ded45e2a74503f07116caa1692398a07":0:"77579db3c6da769e17731faac4732d7cce65d960a49f94f6b583e54a":1:1:"7e5fd8b595ddc4753676107951d900e2"
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"01bf150add51bb11623e3bfbebd62a7ea81c5b192b8eb6de":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"dfacbc6791b785d324c646b7":"e35412a625324257bef35399a7eacca34fec2d2d24166e6bb3e94d96f5c57599ded45e2a74503f07116caa1692398a07":"77579db3c6da769e17731faac4732d7cce65d960a49f94f6b583e54a":1:"7e5fd8b595ddc4753676107951d900e2"
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=48, TAG=8
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"551266c4ed166fe1c43761927801ed50cb9c0b3864fc97df":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"e711afbeccd567f866340abb":"562d1697237ebc563941076d459727dfa094eb9ac00d30ed5836825d163dd27517c7660a01056b2d868c7fc5d0343830":0:"2b54cc27f6ee71882e8b1ead207d2b042d262e87eac97b58":1:0:"37245449db8f72b1ecdb420f629d3d80"
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"551266c4ed166fe1c43761927801ed50cb9c0b3864fc97df":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"e711afbeccd567f866340abb":"562d1697237ebc563941076d459727dfa094eb9ac00d30ed5836825d163dd27517c7660a01056b2d868c7fc5d0343830":"2b54cc27f6ee71882e8b1ead207d2b042d262e87eac97b58":0:"37245449db8f72b1ecdb420f629d3d80"
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=48, TAG=8 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"551266c4ed166fe1c43761927801ed50cb9c0b3864fc97df":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"e711afbeccd567f866340abb":"562d1697237ebc563941076d459727dfa094eb9ac00d30ed5836825d163dd27517c7660a01056b2d868c7fc5d0343830":0:"2b54cc27f6ee71882e8b1ead207d2b042d262e87eac97b58":1:1:"37245449db8f72b1ecdb420f629d3d80"
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"551266c4ed166fe1c43761927801ed50cb9c0b3864fc97df":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"e711afbeccd567f866340abb":"562d1697237ebc563941076d459727dfa094eb9ac00d30ed5836825d163dd27517c7660a01056b2d868c7fc5d0343830":"2b54cc27f6ee71882e8b1ead207d2b042d262e87eac97b58":1:"37245449db8f72b1ecdb420f629d3d80"
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=0, TAG=15
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"78fa4a2a5b5b1b1d9580ea527f2e1653e9336e15cc5462f5":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"98b774f7110e0bea624b487f":"":0:"a642aabed8b99e15e297ee705a40c3e2e506cb889727b327b7e044a8":1:0:"496909523f574b205d757659c5"
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"78fa4a2a5b5b1b1d9580ea527f2e1653e9336e15cc5462f5":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"98b774f7110e0bea624b487f":"":"a642aabed8b99e15e297ee705a40c3e2e506cb889727b327b7e044a8":0:"496909523f574b205d757659c5"
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=0, TAG=15 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"78fa4a2a5b5b1b1d9580ea527f2e1653e9336e15cc5462f5":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"98b774f7110e0bea624b487f":"":0:"a642aabed8b99e15e297ee705a40c3e2e506cb889727b327b7e044a8":1:1:"496909523f574b205d757659c5"
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"78fa4a2a5b5b1b1d9580ea527f2e1653e9336e15cc5462f5":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"98b774f7110e0bea624b487f":"":"a642aabed8b99e15e297ee705a40c3e2e506cb889727b327b7e044a8":1:"496909523f574b205d757659c5"
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=16, TAG=15
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"61f4c2e55d729c4657e503dfe2b604e2853675dbdeb0982a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"0c4d5548aa2d8d54964e1e63":"5affdf8886dabb14790aff3dbfcbdd80":0:"0d4eacc3db304f46cb7a9eba6ec105bf86d9dc0639b7cebbd5260f47":1:0:"b6e056de521a27266dffbc0d96"
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"61f4c2e55d729c4657e503dfe2b604e2853675dbdeb0982a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"0c4d5548aa2d8d54964e1e63":"5affdf8886dabb14790aff3dbfcbdd80":"0d4eacc3db304f46cb7a9eba6ec105bf86d9dc0639b7cebbd5260f47":0:"b6e056de521a27266dffbc0d96"
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=16, TAG=15 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"61f4c2e55d729c4657e503dfe2b604e2853675dbdeb0982a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"0c4d5548aa2d8d54964e1e63":"5affdf8886dabb14790aff3dbfcbdd80":0:"0d4eacc3db304f46cb7a9eba6ec105bf86d9dc0639b7cebbd5260f47":1:1:"b6e056de521a27266dffbc0d96"
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"61f4c2e55d729c4657e503dfe2b604e2853675dbdeb0982a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"0c4d5548aa2d8d54964e1e63":"5affdf8886dabb14790aff3dbfcbdd80":"0d4eacc3db304f46cb7a9eba6ec105bf86d9dc0639b7cebbd5260f47":1:"b6e056de521a27266dffbc0d96"
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=20, TAG=13
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"73245c4f115a74fe71d6fefb9094c57c75f28033a3c7372b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"536a82485999b93b0bb7ef24":"64dcad870a42eeec0730fd7a7e4154638a85d739":0:"29333e87bfe65d0e37da2936f695824d4e3f37fab3b8e2b868f6":1:0:"f6d56f8c86f27d957fa63aea22"
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"73245c4f115a74fe71d6fefb9094c57c75f28033a3c7372b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"536a82485999b93b0bb7ef24":"64dcad870a42eeec0730fd7a7e4154638a85d739":"29333e87bfe65d0e37da2936f695824d4e3f37fab3b8e2b868f6":0:"f6d56f8c86f27d957fa63aea22"
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=20, TAG=13 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"73245c4f115a74fe71d6fefb9094c57c75f28033a3c7372b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"536a82485999b93b0bb7ef24":"64dcad870a42eeec0730fd7a7e4154638a85d739":0:"29333e87bfe65d0e37da2936f695824d4e3f37fab3b8e2b868f6":1:1:"f6d56f8c86f27d957fa63aea22"
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"73245c4f115a74fe71d6fefb9094c57c75f28033a3c7372b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"536a82485999b93b0bb7ef24":"64dcad870a42eeec0730fd7a7e4154638a85d739":"29333e87bfe65d0e37da2936f695824d4e3f37fab3b8e2b868f6":1:"f6d56f8c86f27d957fa63aea22"
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=48, TAG=4
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"9002e74638e09dd1f091439518e1460cdd5905bd9e1a37ae":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"76c81a95d24be5c8bac63b50":"aa3ae4531aaac8f3eb07f748712c55a680bc8df5cf845edc66d09049500b41688b8023f5746879b45bdd586af29c4ede":0:"31bf37acbc53ca3fdbc9e5eaaebbb85a7f":1:0:"bd94b34511bc65ae47684805cb"
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"9002e74638e09dd1f091439518e1460cdd5905bd9e1a37ae":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"76c81a95d24be5c8bac63b50":"aa3ae4531aaac8f3eb07f748712c55a680bc8df5cf845edc66d09049500b41688b8023f5746879b45bdd586af29c4ede":"31bf37acbc53ca3fdbc9e5eaaebbb85a7f":0:"bd94b34511bc65ae47684805cb"
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=48, TAG=4 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"9002e74638e09dd1f091439518e1460cdd5905bd9e1a37ae":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"76c81a95d24be5c8bac63b50":"aa3ae4531aaac8f3eb07f748712c55a680bc8df5cf845edc66d09049500b41688b8023f5746879b45bdd586af29c4ede":0:"31bf37acbc53ca3fdbc9e5eaaebbb85a7f":1:1:"bd94b34511bc65ae47684805cb"
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"9002e74638e09dd1f091439518e1460cdd5905bd9e1a37ae":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"76c81a95d24be5c8bac63b50":"aa3ae4531aaac8f3eb07f748712c55a680bc8df5cf845edc66d09049500b41688b8023f5746879b45bdd586af29c4ede":"31bf37acbc53ca3fdbc9e5eaaebbb85a7f":1:"bd94b34511bc65ae47684805cb"
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=0, TAG=16
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f5a2b27c74355872eb3ef6c5feafaa740e6ae990d9d48c3bd9bb8235e589f010":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"58d2240f580a31c1d24948e9":"":0:"15e051a5e4a5f5da6cea92e2ebee5bac":1:0:""
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f5a2b27c74355872eb3ef6c5feafaa740e6ae990d9d48c3bd9bb8235e589f010":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"58d2240f580a31c1d24948e9":"":"15e051a5e4a5f5da6cea92e2ebee5bac":0:""
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=0, TAG=16 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f5a2b27c74355872eb3ef6c5feafaa740e6ae990d9d48c3bd9bb8235e589f010":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"58d2240f580a31c1d24948e9":"":0:"15e051a5e4a5f5da6cea92e2ebee5bac":1:1:""
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f5a2b27c74355872eb3ef6c5feafaa740e6ae990d9d48c3bd9bb8235e589f010":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"58d2240f580a31c1d24948e9":"":"15e051a5e4a5f5da6cea92e2ebee5bac":1:""
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=16, TAG=15
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"3395a1485315c5b5e6353acb05ae9499c440a2e9f5c57494662f827235ea314c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"3b7e632571602456b49880f0":"f283f80226dacb69c8af089ec6b59e81":0:"84c8beff4b0d160ee68ac613097f51":1:0:""
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"3395a1485315c5b5e6353acb05ae9499c440a2e9f5c57494662f827235ea314c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"3b7e632571602456b49880f0":"f283f80226dacb69c8af089ec6b59e81":"84c8beff4b0d160ee68ac613097f51":0:""
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=16, TAG=15 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"3395a1485315c5b5e6353acb05ae9499c440a2e9f5c57494662f827235ea314c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"3b7e632571602456b49880f0":"f283f80226dacb69c8af089ec6b59e81":0:"84c8beff4b0d160ee68ac613097f51":1:1:""
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"3395a1485315c5b5e6353acb05ae9499c440a2e9f5c57494662f827235ea314c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"3b7e632571602456b49880f0":"f283f80226dacb69c8af089ec6b59e81":"84c8beff4b0d160ee68ac613097f51":1:""
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=20, TAG=15
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4dc46ca55c1c1fcb4720c274c0e675c2ac5bf93d8dd5e951ca9f6b61f884edc9":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"6473ab77dc885127422f5594":"e2cf8172ab4cf77eba45cd2c8ff939b938080a90":0:"8d6351f18d873242204c20144e2b83":1:0:""
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4dc46ca55c1c1fcb4720c274c0e675c2ac5bf93d8dd5e951ca9f6b61f884edc9":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"6473ab77dc885127422f5594":"e2cf8172ab4cf77eba45cd2c8ff939b938080a90":"8d6351f18d873242204c20144e2b83":0:""
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=20, TAG=15 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4dc46ca55c1c1fcb4720c274c0e675c2ac5bf93d8dd5e951ca9f6b61f884edc9":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"6473ab77dc885127422f5594":"e2cf8172ab4cf77eba45cd2c8ff939b938080a90":0:"8d6351f18d873242204c20144e2b83":1:1:""
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4dc46ca55c1c1fcb4720c274c0e675c2ac5bf93d8dd5e951ca9f6b61f884edc9":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"6473ab77dc885127422f5594":"e2cf8172ab4cf77eba45cd2c8ff939b938080a90":"8d6351f18d873242204c20144e2b83":1:""
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=48, TAG=14
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a7f95798434f9a0fe6fd8acd30b8bad96dbdcfacee4594f01cbf26479be7d154":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"9ef5a77b02137b46e8461d09":"5595a16fa12d4dcdba6b128480dce2d39c1211c3fb6068cde6013f6a80dfcda5eb92af8879e40ee9c177fd0e446fc8ca":0:"3bfd3d99fe2063e8ef8255519fe0":1:0:""
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a7f95798434f9a0fe6fd8acd30b8bad96dbdcfacee4594f01cbf26479be7d154":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"9ef5a77b02137b46e8461d09":"5595a16fa12d4dcdba6b128480dce2d39c1211c3fb6068cde6013f6a80dfcda5eb92af8879e40ee9c177fd0e446fc8ca":"3bfd3d99fe2063e8ef8255519fe0":0:""
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=48, TAG=14 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a7f95798434f9a0fe6fd8acd30b8bad96dbdcfacee4594f01cbf26479be7d154":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"9ef5a77b02137b46e8461d09":"5595a16fa12d4dcdba6b128480dce2d39c1211c3fb6068cde6013f6a80dfcda5eb92af8879e40ee9c177fd0e446fc8ca":0:"3bfd3d99fe2063e8ef8255519fe0":1:1:""
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a7f95798434f9a0fe6fd8acd30b8bad96dbdcfacee4594f01cbf26479be7d154":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"9ef5a77b02137b46e8461d09":"5595a16fa12d4dcdba6b128480dce2d39c1211c3fb6068cde6013f6a80dfcda5eb92af8879e40ee9c177fd0e446fc8ca":"3bfd3d99fe2063e8ef8255519fe0":1:""
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=0, TAG=16
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4c8ebfe1444ec1b2d503c6986659af2c94fafe945f72c1e8486a5acfedb8a0f8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"473360e0ad24889959858995":"":0:"d2c78110ac7e8f107c0df0570bd7c90cc26a379b6d98ef2852ead8ce83a833a7":1:0:"7789b41cb3ee548814ca0b388c10b343"
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4c8ebfe1444ec1b2d503c6986659af2c94fafe945f72c1e8486a5acfedb8a0f8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"473360e0ad24889959858995":"":"d2c78110ac7e8f107c0df0570bd7c90cc26a379b6d98ef2852ead8ce83a833a7":0:"7789b41cb3ee548814ca0b388c10b343"
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=0, TAG=16 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4c8ebfe1444ec1b2d503c6986659af2c94fafe945f72c1e8486a5acfedb8a0f8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"473360e0ad24889959858995":"":0:"d2c78110ac7e8f107c0df0570bd7c90cc26a379b6d98ef2852ead8ce83a833a7":1:1:"7789b41cb3ee548814ca0b388c10b343"
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4c8ebfe1444ec1b2d503c6986659af2c94fafe945f72c1e8486a5acfedb8a0f8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"473360e0ad24889959858995":"":"d2c78110ac7e8f107c0df0570bd7c90cc26a379b6d98ef2852ead8ce83a833a7":1:"7789b41cb3ee548814ca0b388c10b343"
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=0, TAG=4
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"57805f98aae1b8b64bb49756529ab8181b3ada674a90c55422e9eb26c48bcd7b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"9735945d8ca161777206632a":"":0:"58375442ab1c0e6a8952c83d128d9fc5f45bb315":1:0:"4860116a6d2deb9bf794bfd6ac5bbbd6"
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"57805f98aae1b8b64bb49756529ab8181b3ada674a90c55422e9eb26c48bcd7b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"9735945d8ca161777206632a":"":"58375442ab1c0e6a8952c83d128d9fc5f45bb315":0:"4860116a6d2deb9bf794bfd6ac5bbbd6"
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=0, TAG=4 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"57805f98aae1b8b64bb49756529ab8181b3ada674a90c55422e9eb26c48bcd7b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"9735945d8ca161777206632a":"":0:"58375442ab1c0e6a8952c83d128d9fc5f45bb315":1:1:"4860116a6d2deb9bf794bfd6ac5bbbd6"
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"57805f98aae1b8b64bb49756529ab8181b3ada674a90c55422e9eb26c48bcd7b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"9735945d8ca161777206632a":"":"58375442ab1c0e6a8952c83d128d9fc5f45bb315":1:"4860116a6d2deb9bf794bfd6ac5bbbd6"
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=16, TAG=8
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f913bb823a1d0c10b0b72d56866907b893f2266f15de1abc17f93600824db55a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"d4fe686a14592b6ca1bd6b42":"e35d880c1c53688eb83869de9dd8a473":0:"35af9b502ea6b56269f896bf98affdd59c2aa418b38bc7fd":1:0:"ff426dd751190ff826e8b4a0792d746e"
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f913bb823a1d0c10b0b72d56866907b893f2266f15de1abc17f93600824db55a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"d4fe686a14592b6ca1bd6b42":"e35d880c1c53688eb83869de9dd8a473":"35af9b502ea6b56269f896bf98affdd59c2aa418b38bc7fd":0:"ff426dd751190ff826e8b4a0792d746e"
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=16, TAG=8 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f913bb823a1d0c10b0b72d56866907b893f2266f15de1abc17f93600824db55a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"d4fe686a14592b6ca1bd6b42":"e35d880c1c53688eb83869de9dd8a473":0:"35af9b502ea6b56269f896bf98affdd59c2aa418b38bc7fd":1:1:"ff426dd751190ff826e8b4a0792d746e"
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f913bb823a1d0c10b0b72d56866907b893f2266f15de1abc17f93600824db55a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"d4fe686a14592b6ca1bd6b42":"e35d880c1c53688eb83869de9dd8a473":"35af9b502ea6b56269f896bf98affdd59c2aa418b38bc7fd":1:"ff426dd751190ff826e8b4a0792d746e"
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=20, TAG=14
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"74e9d9d7cd0728cea94e169af485f21f9d2447e022f16008f803dcf5c4f7cc0c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"ecba39edc96667da726122c0":"ae9ab021f86f5b81bb2e0fcbd4b855e1501e9f82":0:"e5745ce0e02dbba05363b548c3ac7047eacca7e61db6f72fc9b9e5bdb2bb":1:0:"0a0b284515694188b6b6c15bc8a09036"
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"74e9d9d7cd0728cea94e169af485f21f9d2447e022f16008f803dcf5c4f7cc0c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"ecba39edc96667da726122c0":"ae9ab021f86f5b81bb2e0fcbd4b855e1501e9f82":"e5745ce0e02dbba05363b548c3ac7047eacca7e61db6f72fc9b9e5bdb2bb":0:"0a0b284515694188b6b6c15bc8a09036"
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=20, TAG=14 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"74e9d9d7cd0728cea94e169af485f21f9d2447e022f16008f803dcf5c4f7cc0c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"ecba39edc96667da726122c0":"ae9ab021f86f5b81bb2e0fcbd4b855e1501e9f82":0:"e5745ce0e02dbba05363b548c3ac7047eacca7e61db6f72fc9b9e5bdb2bb":1:1:"0a0b284515694188b6b6c15bc8a09036"
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"74e9d9d7cd0728cea94e169af485f21f9d2447e022f16008f803dcf5c4f7cc0c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"ecba39edc96667da726122c0":"ae9ab021f86f5b81bb2e0fcbd4b855e1501e9f82":"e5745ce0e02dbba05363b548c3ac7047eacca7e61db6f72fc9b9e5bdb2bb":1:"0a0b284515694188b6b6c15bc8a09036"
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=13, AAD=0, TAG=14
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"60667fce64b8c7169ddf45f335e46951248f69abc4e0f4f292d0ffe3dfd5219f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"1057322a39f08ef761c3c8fc":"":0:"501b033c841acb430c52d88fe9cb44c751f2f1641d1e801a534ac8":1:0:"f386b28e7eb4c2fb8eb5dc66a2"
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"60667fce64b8c7169ddf45f335e46951248f69abc4e0f4f292d0ffe3dfd5219f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"1057322a39f08ef761c3c8fc":"":"501b033c841acb430c52d88fe9cb44c751f2f1641d1e801a534ac8":0:"f386b28e7eb4c2fb8eb5dc66a2"
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=13, AAD=0, TAG=14 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"60667fce64b8c7169ddf45f335e46951248f69abc4e0f4f292d0ffe3dfd5219f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"1057322a39f08ef761c3c8fc":"":0:"501b033c841acb430c52d88fe9cb44c751f2f1641d1e801a534ac8":1:1:"f386b28e7eb4c2fb8eb5dc66a2"
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"60667fce64b8c7169ddf45f335e46951248f69abc4e0f4f292d0ffe3dfd5219f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"1057322a39f08ef761c3c8fc":"":"501b033c841acb430c52d88fe9cb44c751f2f1641d1e801a534ac8":1:"f386b28e7eb4c2fb8eb5dc66a2"
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=13, AAD=20, TAG=15
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e67590da399cbcdcddcc56110562ade8665b50287a8ab38e8b9ee7520531b560":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"2c36ab6b686a66fba1805196":"823493d42f4f60b2d1433ad75eccaafd7e7c7d12":0:"cff6b6f03c67152f3ce1030653d9bd9a6559f5b04b48d77c2a1fc364":1:0:"da1c61fbfcdb73445ad4c7d889"
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e67590da399cbcdcddcc56110562ade8665b50287a8ab38e8b9ee7520531b560":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"2c36ab6b686a66fba1805196":"823493d42f4f60b2d1433ad75eccaafd7e7c7d12":"cff6b6f03c67152f3ce1030653d9bd9a6559f5b04b48d77c2a1fc364":0:"da1c61fbfcdb73445ad4c7d889"
 
 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=13, AAD=20, TAG=15 (lengths set)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e67590da399cbcdcddcc56110562ade8665b50287a8ab38e8b9ee7520531b560":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"2c36ab6b686a66fba1805196":"823493d42f4f60b2d1433ad75eccaafd7e7c7d12":0:"cff6b6f03c67152f3ce1030653d9bd9a6559f5b04b48d77c2a1fc364":1:1:"da1c61fbfcdb73445ad4c7d889"
+aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e67590da399cbcdcddcc56110562ade8665b50287a8ab38e8b9ee7520531b560":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"2c36ab6b686a66fba1805196":"823493d42f4f60b2d1433ad75eccaafd7e7c7d12":"cff6b6f03c67152f3ce1030653d9bd9a6559f5b04b48d77c2a1fc364":1:"da1c61fbfcdb73445ad4c7d889"
 
 PSA Multipart AEAD encrypt: ChaCha20-Poly1305 (RFC7539)
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
-aead_multipart_encrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":1:"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":1:0:"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691"
+aead_multipart_encrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":0:"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691"
 
 PSA Multipart AEAD encrypt: ChaCha20-Poly1305 (RFC7539) (lengths set)
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
-aead_multipart_encrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":1:"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":1:1:"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691"
+aead_multipart_encrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":1:"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691"
 
 PSA Multipart AEAD encrypt: ChaCha20-Poly1305 (zero-length input)
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
-aead_multipart_encrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"":1:"":1:0:"a0784d7a4716f3feb4f64e7f4b39bf04"
+aead_multipart_encrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"":"":0:"a0784d7a4716f3feb4f64e7f4b39bf04"
 
 PSA Multipart AEAD encrypt: ChaCha20-Poly1305 (zero-length input) (lengths set)
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
-aead_multipart_encrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"":1:"":1:1:"a0784d7a4716f3feb4f64e7f4b39bf04"
+aead_multipart_encrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"":"":1:"a0784d7a4716f3feb4f64e7f4b39bf04"
 
 PSA Multipart AEAD decrypt: ChaCha20 - Poly1305 (RFC7539, good tag)
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
-aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":1:"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":1:0:"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e"
+aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":0:"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e"
 
 PSA Multipart AEAD decrypt: ChaCha20 - Poly1305 (RFC7539, good tag) (lengths set)
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
-aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":1:"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":1:1:"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e"
+aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":1:"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e"
 
 PSA Multipart AEAD decrypt: ChaCha20 - Poly1305 (good tag, zero - length input)
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
-aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"":1:"a0784d7a4716f3feb4f64e7f4b39bf04":1:0:""
+aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"":"a0784d7a4716f3feb4f64e7f4b39bf04":0:""
 
 PSA Multipart AEAD decrypt: ChaCha20 - Poly1305 (good tag, zero - length input) (lengths set)
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
-aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"":1:"a0784d7a4716f3feb4f64e7f4b39bf04":1:1:""
+aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"":"a0784d7a4716f3feb4f64e7f4b39bf04":1:""
 
 PSA Multipart AEAD verify, AES - GCM, invalid signature
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 81bd246718..591c2960de 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -3788,9 +3788,7 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data,
                              int alg_arg,
                              data_t *nonce,
                              data_t *additional_data,
-                             int do_test_ad_chunked,
                              data_t *input_data,
-                             int do_test_data_chunked,
                              int do_set_lengths,
                              data_t *expected_output )
 {
@@ -3798,92 +3796,77 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data,
     size_t data_part_len = 0;
     set_lengths_method_t set_lengths_method = DO_NOT_SET_LENGTHS;
 
-    /* Ensure that either one part of the test or the other is done, i.e this
-     * test does something. */
-    TEST_ASSERT( do_test_ad_chunked || do_test_data_chunked );
-
-    /* Temporary whilst we have algorithms that cannot support chunking */
-    if( do_test_ad_chunked == 1 )
+    for( ad_part_len = 1; ad_part_len <= additional_data->len; ad_part_len++ )
     {
-        for( ad_part_len = 1; ad_part_len <= additional_data->len;
-             ad_part_len++ )
+        mbedtls_test_set_step( ad_part_len );
+
+        if( do_set_lengths )
         {
-            mbedtls_test_set_step( ad_part_len );
-
-            if( do_set_lengths )
-            {
-                if( ad_part_len & 0x01 )
-                    set_lengths_method = SET_LENGTHS_AFTER_NONCE;
-                else
-                    set_lengths_method = SET_LENGTHS_BEFORE_NONCE;
-            }
-
-            /* Split ad into length(ad_part_len) parts. */
-            if( !aead_multipart_internal_func( key_type_arg, key_data,
-                                               alg_arg, nonce,
-                                               additional_data,
-                                               ad_part_len,
-                                               input_data, -1,
-                                               set_lengths_method,
-                                               expected_output,
-                                               1, 0 ) )
-                break;
-
-            /* length(0) part, length(ad_part_len) part, length(0) part... */
-            mbedtls_test_set_step( 1000 + ad_part_len );
-
-            if( !aead_multipart_internal_func( key_type_arg, key_data,
-                                               alg_arg, nonce,
-                                               additional_data,
-                                               ad_part_len,
-                                               input_data, -1,
-                                               set_lengths_method,
-                                               expected_output,
-                                               1, 1 ) )
-                break;
+            if( ad_part_len & 0x01 )
+                set_lengths_method = SET_LENGTHS_AFTER_NONCE;
+            else
+                set_lengths_method = SET_LENGTHS_BEFORE_NONCE;
         }
+
+        /* Split ad into length(ad_part_len) parts. */
+        if( !aead_multipart_internal_func( key_type_arg, key_data,
+                                           alg_arg, nonce,
+                                           additional_data,
+                                           ad_part_len,
+                                           input_data, -1,
+                                           set_lengths_method,
+                                           expected_output,
+                                           1, 0 ) )
+            break;
+
+        /* length(0) part, length(ad_part_len) part, length(0) part... */
+        mbedtls_test_set_step( 1000 + ad_part_len );
+
+        if( !aead_multipart_internal_func( key_type_arg, key_data,
+                                           alg_arg, nonce,
+                                           additional_data,
+                                           ad_part_len,
+                                           input_data, -1,
+                                           set_lengths_method,
+                                           expected_output,
+                                           1, 1 ) )
+            break;
     }
 
-    /* Temporary whilst we have algorithms that cannot support chunking */
-    if( do_test_data_chunked == 1 )
+    for( data_part_len = 1; data_part_len <= input_data->len; data_part_len++ )
     {
-        for( data_part_len = 1; data_part_len <= input_data->len;
-             data_part_len++ )
+        /* Split data into length(data_part_len) parts. */
+        mbedtls_test_set_step( 2000 + data_part_len );
+
+        if( do_set_lengths )
         {
-            /* Split data into length(data_part_len) parts. */
-            mbedtls_test_set_step( 2000 + data_part_len );
-
-            if( do_set_lengths )
-            {
-                if( data_part_len & 0x01 )
-                    set_lengths_method = SET_LENGTHS_AFTER_NONCE;
-                else
-                    set_lengths_method = SET_LENGTHS_BEFORE_NONCE;
-            }
-
-            if( !aead_multipart_internal_func( key_type_arg, key_data,
-                                               alg_arg, nonce,
-                                               additional_data, -1,
-                                               input_data, data_part_len,
-                                               set_lengths_method,
-                                               expected_output,
-                                               1, 0 ) )
-                break;
-
-            /* length(0) part, length(data_part_len) part, length(0) part... */
-            mbedtls_test_set_step( 3000 + data_part_len );
-
-            if( !aead_multipart_internal_func( key_type_arg, key_data,
-                                               alg_arg, nonce,
-                                               additional_data, -1,
-                                               input_data, data_part_len,
-                                               set_lengths_method,
-                                               expected_output,
-                                               1, 1 ) )
-                break;
+            if( data_part_len & 0x01 )
+                set_lengths_method = SET_LENGTHS_AFTER_NONCE;
+            else
+                set_lengths_method = SET_LENGTHS_BEFORE_NONCE;
         }
-    }
 
+        if( !aead_multipart_internal_func( key_type_arg, key_data,
+                                           alg_arg, nonce,
+                                           additional_data, -1,
+                                           input_data, data_part_len,
+                                           set_lengths_method,
+                                           expected_output,
+                                           1, 0 ) )
+            break;
+
+        /* length(0) part, length(data_part_len) part, length(0) part... */
+        mbedtls_test_set_step( 3000 + data_part_len );
+
+        if( !aead_multipart_internal_func( key_type_arg, key_data,
+                                           alg_arg, nonce,
+                                           additional_data, -1,
+                                           input_data, data_part_len,
+                                           set_lengths_method,
+                                           expected_output,
+                                           1, 1 ) )
+            break;
+    }
 
     /* Goto is required to silence warnings about unused labels, as we
      * don't actually do any test assertions in this function. */
@@ -3896,9 +3879,7 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data,
                              int alg_arg,
                              data_t *nonce,
                              data_t *additional_data,
-                             int do_test_ad_chunked,
                              data_t *input_data,
-                             int do_test_data_chunked,
                              int do_set_lengths,
                              data_t *expected_output )
 {
@@ -3906,90 +3887,76 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data,
     size_t data_part_len = 0;
     set_lengths_method_t set_lengths_method = DO_NOT_SET_LENGTHS;
 
-    /* Ensure that either one part of the test or the other is done, i.e this
-     * test does something. */
-    TEST_ASSERT( do_test_ad_chunked || do_test_data_chunked );
-
-    /* Temporary whilst we have algorithms that cannot support chunking */
-    if( do_test_ad_chunked == 1 )
+    for( ad_part_len = 1; ad_part_len <= additional_data->len; ad_part_len++ )
     {
-        for( ad_part_len = 1; ad_part_len <= additional_data->len;
-             ad_part_len++ )
+        /* Split ad into length(ad_part_len) parts. */
+        mbedtls_test_set_step( ad_part_len );
+
+        if( do_set_lengths )
         {
-            /* Split ad into length(ad_part_len) parts. */
-            mbedtls_test_set_step( ad_part_len );
-
-            if( do_set_lengths )
-            {
-                if( ad_part_len & 0x01 )
-                    set_lengths_method = SET_LENGTHS_AFTER_NONCE;
-                else
-                    set_lengths_method = SET_LENGTHS_BEFORE_NONCE;
-            }
-
-            if( !aead_multipart_internal_func( key_type_arg, key_data,
-                                               alg_arg, nonce,
-                                               additional_data,
-                                               ad_part_len,
-                                               input_data, -1,
-                                               set_lengths_method,
-                                               expected_output,
-                                               0, 0 ) )
-                break;
-
-            /* length(0) part, length(ad_part_len) part, length(0) part... */
-            mbedtls_test_set_step( 1000 + ad_part_len );
-
-            if( !aead_multipart_internal_func( key_type_arg, key_data,
-                                               alg_arg, nonce,
-                                               additional_data,
-                                               ad_part_len,
-                                               input_data, -1,
-                                               set_lengths_method,
-                                               expected_output,
-                                               0, 1 ) )
-                break;
+            if( ad_part_len & 0x01 )
+                set_lengths_method = SET_LENGTHS_AFTER_NONCE;
+            else
+                set_lengths_method = SET_LENGTHS_BEFORE_NONCE;
         }
+
+        if( !aead_multipart_internal_func( key_type_arg, key_data,
+                                           alg_arg, nonce,
+                                           additional_data,
+                                           ad_part_len,
+                                           input_data, -1,
+                                           set_lengths_method,
+                                           expected_output,
+                                           0, 0 ) )
+            break;
+
+        /* length(0) part, length(ad_part_len) part, length(0) part... */
+        mbedtls_test_set_step( 1000 + ad_part_len );
+
+        if( !aead_multipart_internal_func( key_type_arg, key_data,
+                                           alg_arg, nonce,
+                                           additional_data,
+                                           ad_part_len,
+                                           input_data, -1,
+                                           set_lengths_method,
+                                           expected_output,
+                                           0, 1 ) )
+            break;
     }
 
-    /* Temporary whilst we have algorithms that cannot support chunking */
-    if( do_test_data_chunked == 1 )
+    for( data_part_len = 1; data_part_len <= input_data->len; data_part_len++ )
     {
-        for( data_part_len = 1; data_part_len <= input_data->len;
-             data_part_len++ )
+        /* Split data into length(data_part_len) parts. */
+        mbedtls_test_set_step( 2000 + data_part_len );
+
+        if( do_set_lengths )
         {
-            /* Split data into length(data_part_len) parts. */
-            mbedtls_test_set_step( 2000 + data_part_len );
-
-            if( do_set_lengths )
-            {
-                if( data_part_len & 0x01 )
-                    set_lengths_method = SET_LENGTHS_AFTER_NONCE;
-                else
-                    set_lengths_method = SET_LENGTHS_BEFORE_NONCE;
-            }
-
-            if( !aead_multipart_internal_func( key_type_arg, key_data,
-                                               alg_arg, nonce,
-                                               additional_data, -1,
-                                               input_data, data_part_len,
-                                               set_lengths_method,
-                                               expected_output,
-                                               0, 0 ) )
-                break;
-
-            /* length(0) part, length(data_part_len) part, length(0) part... */
-            mbedtls_test_set_step( 3000 + data_part_len );
-
-            if( !aead_multipart_internal_func( key_type_arg, key_data,
-                                               alg_arg, nonce,
-                                               additional_data, -1,
-                                               input_data, data_part_len,
-                                               set_lengths_method,
-                                               expected_output,
-                                               0, 1 ) )
-                break;
+            if( data_part_len & 0x01 )
+                set_lengths_method = SET_LENGTHS_AFTER_NONCE;
+            else
+                set_lengths_method = SET_LENGTHS_BEFORE_NONCE;
         }
+
+        if( !aead_multipart_internal_func( key_type_arg, key_data,
+                                           alg_arg, nonce,
+                                           additional_data, -1,
+                                           input_data, data_part_len,
+                                           set_lengths_method,
+                                           expected_output,
+                                           0, 0 ) )
+            break;
+
+        /* length(0) part, length(data_part_len) part, length(0) part... */
+        mbedtls_test_set_step( 3000 + data_part_len );
+
+        if( !aead_multipart_internal_func( key_type_arg, key_data,
+                                           alg_arg, nonce,
+                                           additional_data, -1,
+                                           input_data, data_part_len,
+                                           set_lengths_method,
+                                           expected_output,
+                                           0, 1 ) )
+            break;
     }
 
     /* Goto is required to silence warnings about unused labels, as we

From 7500a0e1eaf68e6c70a95304732a75b737f710bf Mon Sep 17 00:00:00 2001
From: David Horstmann <david.horstmann@arm.com>
Date: Fri, 24 Sep 2021 15:18:44 +0100
Subject: [PATCH 562/966] Combine changelog entries for muladdc assembly fix

Combine the changelog entries for the memory constraints fix on
aarch64 and amd64, since these are essentially fixing the same
issue.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
---
 ChangeLog.d/muladdc-aarch64-memory.txt | 4 ----
 ChangeLog.d/muladdc-amd64-memory.txt   | 4 ----
 ChangeLog.d/muladdc-memory.txt         | 5 +++++
 3 files changed, 5 insertions(+), 8 deletions(-)
 delete mode 100644 ChangeLog.d/muladdc-aarch64-memory.txt
 delete mode 100644 ChangeLog.d/muladdc-amd64-memory.txt
 create mode 100644 ChangeLog.d/muladdc-memory.txt

diff --git a/ChangeLog.d/muladdc-aarch64-memory.txt b/ChangeLog.d/muladdc-aarch64-memory.txt
deleted file mode 100644
index 70addd253c..0000000000
--- a/ChangeLog.d/muladdc-aarch64-memory.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Bugfix
-    * Add missing memory constraints in aarch64 inline assembly for
-      bignum multiplication.
-      Fixes #4962.
diff --git a/ChangeLog.d/muladdc-amd64-memory.txt b/ChangeLog.d/muladdc-amd64-memory.txt
deleted file mode 100644
index b834331671..0000000000
--- a/ChangeLog.d/muladdc-amd64-memory.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Bugfix
-   * Fix missing constraints on x86_64 assembly code for bignum multiplication
-     that broke some bignum operations with (at least) Clang 12.
-     Fixes #4116, #4786, #4917.
diff --git a/ChangeLog.d/muladdc-memory.txt b/ChangeLog.d/muladdc-memory.txt
new file mode 100644
index 0000000000..218be5a605
--- /dev/null
+++ b/ChangeLog.d/muladdc-memory.txt
@@ -0,0 +1,5 @@
+Bugfix
+   * Fix missing constraints on x86_64 and aarch64 assembly code
+     for bignum multiplication that broke some bignum operations with
+     (at least) Clang 12.
+     Fixes #4116, #4786, #4917, #4962.

From c7e7fe5c05880ebe2293671d42e7198bdfeadb47 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Mon, 27 Sep 2021 09:23:40 +0100
Subject: [PATCH 563/966] Add missing MBEDTLS_PRIVATE

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 include/psa/crypto_struct.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h
index 4b1195d8bb..26894156c5 100644
--- a/include/psa/crypto_struct.h
+++ b/include/psa/crypto_struct.h
@@ -157,7 +157,7 @@ struct psa_aead_operation_s
      * ID values are auto-generated in psa_crypto_driver_wrappers.h
      * ID value zero means the context is not valid or not assigned to
      * any driver (i.e. none of the driver contexts are active). */
-    unsigned int id;
+    unsigned int MBEDTLS_PRIVATE(id);
 
     psa_algorithm_t MBEDTLS_PRIVATE(alg);
     psa_key_type_t MBEDTLS_PRIVATE(key_type);

From 687101b2e60536a006a925542239ab692e3855ae Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Tue, 14 Sep 2021 16:03:56 +0800
Subject: [PATCH 564/966] tls13: add dummy state machine handler

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 include/mbedtls/debug.h    |   7 ++
 include/mbedtls/ssl.h      |   1 +
 library/ssl_tls13_client.c | 155 ++++++++++++++++++++++++++++++++++++-
 library/ssl_tls13_server.c |   2 +
 4 files changed, 162 insertions(+), 3 deletions(-)

diff --git a/include/mbedtls/debug.h b/include/mbedtls/debug.h
index 0aed59619c..1f82ce6640 100644
--- a/include/mbedtls/debug.h
+++ b/include/mbedtls/debug.h
@@ -108,6 +108,13 @@
 #define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check)
 #endif
 
+/* MSVC support __func__ from visual studio 2015( 1900 )
+   Use MSVC predefine macro to avoid name check fail.
+ */
+#if (defined(_MSC_VER) && ( _MSC_VER <= 1900 ))
+#define  __func__ __FUNCTION__
+#endif
+
 /**
  * \def MBEDTLS_PRINTF_SIZET
  *
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 725b156d5d..0abcb75fc5 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -623,6 +623,7 @@ typedef enum
     MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT,
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
     MBEDTLS_SSL_ENCRYPTED_EXTENSIONS,
+    MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY,
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
 }
 mbedtls_ssl_states;
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 13e932c453..4ccb5b33b0 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -701,6 +701,7 @@ static int ssl_tls13_prepare_client_hello( mbedtls_ssl_context *ssl )
 
 /*
  * Write ClientHello handshake message.
+ * Handler for MBEDTLS_SSL_CLIENT_HELLO
  */
 static int ssl_tls13_write_client_hello( mbedtls_ssl_context *ssl )
 {
@@ -736,6 +737,116 @@ cleanup:
     return ret;
 }
 
+/*
+ * Handler for MBEDTLS_SSL_SERVER_HELLO
+ */
+static int ssl_tls1_3_read_server_hello( mbedtls_ssl_context *ssl )
+{
+    MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) );
+    mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS );
+    return( 0 );
+}
+
+/*
+ * Handler for MBEDTLS_SSL_ENCRYPTED_EXTENSIONS
+ */
+static int ssl_tls1_3_read_encrypted_extensions( mbedtls_ssl_context *ssl )
+{
+    MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) );
+    mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CERTIFICATE_REQUEST );
+    return( 0 );
+}
+
+/*
+ * Handler for  MBEDTLS_SSL_CERTIFICATE_REQUEST
+ */
+static int ssl_tls1_3_read_certificate_request( mbedtls_ssl_context *ssl )
+{
+    MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) );
+    mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_CERTIFICATE );
+    return( 0 );
+}
+
+/*
+ * Handler for MBEDTLS_SSL_SERVER_CERTIFICATE
+ */
+static int ssl_tls1_3_read_server_certificate( mbedtls_ssl_context *ssl )
+{
+    MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) );
+    mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CERTIFICATE_VERIFY );
+    return( 0 );
+}
+
+/*
+ * Handler for MBEDTLS_SSL_CERTIFICATE_VERIFY
+ */
+static int ssl_tls1_3_read_certificate_verify( mbedtls_ssl_context *ssl )
+{
+    MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) );
+    mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_FINISHED );
+    return( 0 );
+}
+
+/*
+ * Handler for MBEDTLS_SSL_SERVER_FINISHED
+ */
+static int ssl_tls1_3_read_server_finished( mbedtls_ssl_context *ssl )
+{
+    mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE );
+    MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) );
+    return( 0 );
+}
+
+/*
+ * Handler for MBEDTLS_SSL_CLIENT_CERTIFICATE
+ */
+static int ssl_tls1_3_write_client_certificate( mbedtls_ssl_context *ssl )
+{
+    mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY );
+    MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) );
+    return( 0 );
+}
+
+/*
+ * Handler for MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY
+ */
+static int ssl_tls1_3_write_client_certificate_verify( mbedtls_ssl_context *ssl )
+{
+    mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_FINISHED );
+    MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) );
+    return( 0 );
+}
+
+/*
+ * Handler for MBEDTLS_SSL_CLIENT_FINISHED
+ */
+static int ssl_tls1_3_write_client_finished( mbedtls_ssl_context *ssl )
+{
+    mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_FLUSH_BUFFERS );
+    MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) );
+    return( 0 );
+}
+
+/*
+ * Handler for MBEDTLS_SSL_FLUSH_BUFFERS
+ */
+static int ssl_tls1_3_flush_buffers( mbedtls_ssl_context *ssl )
+{
+    mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_HANDSHAKE_WRAPUP );
+    MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) );
+    return( 0 );
+}
+
+/*
+ * Handler for MBEDTLS_SSL_HANDSHAKE_WRAPUP
+ */
+static int ssl_tls1_3_handshake_wrapup( mbedtls_ssl_context *ssl )
+{
+    ((void) ssl);
+    MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) );
+    return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+}
+
 int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl )
 {
     int ret = 0;
@@ -754,9 +865,47 @@ int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl )
             break;
 
         case MBEDTLS_SSL_SERVER_HELLO:
-            // Stop here : we haven't finished whole flow
-            ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
-            mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS );
+            ret = ssl_tls1_3_read_server_hello( ssl );
+            break;
+
+        case MBEDTLS_SSL_ENCRYPTED_EXTENSIONS:
+            ret = ssl_tls1_3_read_encrypted_extensions( ssl );
+            break;
+
+        case MBEDTLS_SSL_CERTIFICATE_REQUEST:
+            ret = ssl_tls1_3_read_certificate_request( ssl );
+            break;
+
+        case MBEDTLS_SSL_SERVER_CERTIFICATE:
+            ret = ssl_tls1_3_read_server_certificate( ssl );
+            break;
+
+        case MBEDTLS_SSL_CERTIFICATE_VERIFY:
+            ret = ssl_tls1_3_read_certificate_verify( ssl );
+            break;
+
+        case MBEDTLS_SSL_SERVER_FINISHED:
+            ret = ssl_tls1_3_read_server_finished( ssl );
+            break;
+
+        case MBEDTLS_SSL_CLIENT_CERTIFICATE:
+            ret = ssl_tls1_3_write_client_certificate( ssl );
+            break;
+
+        case MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY:
+            ret = ssl_tls1_3_write_client_certificate_verify( ssl );
+            break;
+
+        case MBEDTLS_SSL_CLIENT_FINISHED:
+            ret = ssl_tls1_3_write_client_finished( ssl );
+            break;
+
+        case MBEDTLS_SSL_FLUSH_BUFFERS:
+            ret = ssl_tls1_3_flush_buffers( ssl );
+            break;
+
+        case MBEDTLS_SSL_HANDSHAKE_WRAPUP:
+            ret = ssl_tls1_3_handshake_wrapup( ssl );
             break;
 
         default:
diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index 0dcd7ed602..437e836e84 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -23,6 +23,8 @@
 
 #if defined(MBEDTLS_SSL_SRV_C)
 
+#include "mbedtls/debug.h"
+
 #include "ssl_misc.h"
 
 int mbedtls_ssl_tls13_handshake_server_step( mbedtls_ssl_context *ssl )

From 3523a3bee77061dcb1a75081b2b42d9978162881 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Tue, 14 Sep 2021 16:29:49 +0800
Subject: [PATCH 565/966] Improve dispatch tests

Test base on return value is not good enough.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 tests/ssl-opt.sh | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 39499d441c..41e714ec22 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -8660,11 +8660,11 @@ run_test    "TLS1.3: Not supported version check: tls1_2 and tls1_3" \
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
 run_test    "TLS1.3: handshake dispatch test: tls1_3 only" \
-            "$P_SRV min_version=tls1_3 max_version=tls1_3" \
-            "$P_CLI min_version=tls1_3 max_version=tls1_3" \
+            "$P_SRV debug_level=2 min_version=tls1_3 max_version=tls1_3" \
+            "$P_CLI debug_level=2 min_version=tls1_3 max_version=tls1_3" \
             1 \
-            -s "SSL - The requested feature is not available" \
-            -c "SSL - The requested feature is not available"
+            -s "tls13 server state: MBEDTLS_SSL_HELLO_REQUEST" \
+            -c "tls13 client state: MBEDTLS_SSL_HELLO_REQUEST"
 
 requires_openssl_tls1_3
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL

From 6c983524a8e367289d554a093dbd8bcfb2fe54cc Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Fri, 24 Sep 2021 12:45:36 +0800
Subject: [PATCH 566/966] Move msvc compatible fix to `common.h`

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 include/mbedtls/debug.h | 7 -------
 library/common.h        | 8 ++++++++
 2 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/include/mbedtls/debug.h b/include/mbedtls/debug.h
index 1f82ce6640..0aed59619c 100644
--- a/include/mbedtls/debug.h
+++ b/include/mbedtls/debug.h
@@ -108,13 +108,6 @@
 #define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check)
 #endif
 
-/* MSVC support __func__ from visual studio 2015( 1900 )
-   Use MSVC predefine macro to avoid name check fail.
- */
-#if (defined(_MSC_VER) && ( _MSC_VER <= 1900 ))
-#define  __func__ __FUNCTION__
-#endif
-
 /**
  * \def MBEDTLS_PRINTF_SIZET
  *
diff --git a/library/common.h b/library/common.h
index 780ce378de..ba8237acf6 100644
--- a/library/common.h
+++ b/library/common.h
@@ -318,4 +318,12 @@ extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const c
 }
 #endif
 
+/* Fix MSVC C99 compatible issue
+ *      MSVC support __func__ from visual studio 2015( 1900 )
+ *      Use MSVC predefine macro to avoid name check fail.
+ */
+#if (defined(_MSC_VER) && ( _MSC_VER <= 1900 ))
+#define  __func__ __FUNCTION__
+#endif
+
 #endif /* MBEDTLS_LIBRARY_COMMON_H */

From 435756ffc0eb5a7dd747a16e8bff913a5094c957 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Fri, 24 Sep 2021 13:44:29 +0800
Subject: [PATCH 567/966] Keep consistent order in dummy functions

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_tls13_client.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 4ccb5b33b0..2eb9a73905 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -792,8 +792,8 @@ static int ssl_tls1_3_read_certificate_verify( mbedtls_ssl_context *ssl )
  */
 static int ssl_tls1_3_read_server_finished( mbedtls_ssl_context *ssl )
 {
-    mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE );
     MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) );
+    mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE );
     return( 0 );
 }
 

From 6e81b27003e24cb15d45b010f1b0713c9beb3de9 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Mon, 27 Sep 2021 11:16:17 +0800
Subject: [PATCH 568/966] Add client state number check

It is temporary check. If any change on `mbedtls_ssl_states`, please
double check those tests

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_tls13_client.c |  2 +-
 library/ssl_tls13_server.c |  3 ++-
 tests/ssl-opt.sh           | 36 ++++++++++++++++++++++++++++++------
 3 files changed, 33 insertions(+), 8 deletions(-)

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 2eb9a73905..aa6c0854e0 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -851,7 +851,7 @@ int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl )
 {
     int ret = 0;
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "client state: %d", ssl->state ) );
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "tls1_3 client state: %d", ssl->state ) );
 
     switch( ssl->state )
     {
diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index 437e836e84..5238f044eb 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -29,7 +29,8 @@
 
 int mbedtls_ssl_tls13_handshake_server_step( mbedtls_ssl_context *ssl )
 {
-    ((void) ssl);
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "tls1_3 server state: %d", ssl->state ) );
+
     return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
 }
 
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 41e714ec22..66c648573b 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -8663,26 +8663,50 @@ run_test    "TLS1.3: handshake dispatch test: tls1_3 only" \
             "$P_SRV debug_level=2 min_version=tls1_3 max_version=tls1_3" \
             "$P_CLI debug_level=2 min_version=tls1_3 max_version=tls1_3" \
             1 \
-            -s "tls13 server state: MBEDTLS_SSL_HELLO_REQUEST" \
-            -c "tls13 client state: MBEDTLS_SSL_HELLO_REQUEST"
+            -s "tls1_3 server state: 0"     \
+            -c "tls1_3 client state: 0"
 
 requires_openssl_tls1_3
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
 run_test    "TLS1.3: Test client hello msg work - openssl" \
             "$O_NEXT_SRV -tls1_3 -msg" \
-            "$P_CLI min_version=tls1_3 max_version=tls1_3" \
+            "$P_CLI debug_level=2 min_version=tls1_3 max_version=tls1_3" \
             1 \
             -c "SSL - The requested feature is not available" \
-            -s "ServerHello"
+            -s "ServerHello"                \
+            -c "tls1_3 client state: 0"     \
+            -c "tls1_3 client state: 2"     \
+            -c "tls1_3 client state: 19"    \
+            -c "tls1_3 client state: 5"     \
+            -c "tls1_3 client state: 3"     \
+            -c "tls1_3 client state: 9"     \
+            -c "tls1_3 client state: 13"    \
+            -c "tls1_3 client state: 7"     \
+            -c "tls1_3 client state: 20"    \
+            -c "tls1_3 client state: 11"    \
+            -c "tls1_3 client state: 14"    \
+            -c "tls1_3 client state: 15"
 
 requires_gnutls_tls1_3
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
 run_test    "TLS1.3: Test client hello msg work - gnutls" \
             "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --debug=4" \
-            "$P_CLI min_version=tls1_3 max_version=tls1_3" \
+            "$P_CLI debug_level=2 min_version=tls1_3 max_version=tls1_3" \
             1 \
             -c "SSL - The requested feature is not available" \
-            -s "SERVER HELLO was queued"
+            -s "SERVER HELLO was queued"    \
+            -c "tls1_3 client state: 0"     \
+            -c "tls1_3 client state: 2"     \
+            -c "tls1_3 client state: 19"    \
+            -c "tls1_3 client state: 5"     \
+            -c "tls1_3 client state: 3"     \
+            -c "tls1_3 client state: 9"     \
+            -c "tls1_3 client state: 13"    \
+            -c "tls1_3 client state: 7"     \
+            -c "tls1_3 client state: 20"    \
+            -c "tls1_3 client state: 11"    \
+            -c "tls1_3 client state: 14"    \
+            -c "tls1_3 client state: 15"
 
 # Test heap memory usage after handshake
 requires_config_enabled MBEDTLS_MEMORY_DEBUG

From 860b4ee42ec080deabe4b1e8f699af2a17183601 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Mon, 27 Sep 2021 13:16:13 +0800
Subject: [PATCH 569/966] Rename `*_read_*` to `*_process_*`

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_tls13_client.c | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index aa6c0854e0..ab48ec03b3 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -740,7 +740,7 @@ cleanup:
 /*
  * Handler for MBEDTLS_SSL_SERVER_HELLO
  */
-static int ssl_tls1_3_read_server_hello( mbedtls_ssl_context *ssl )
+static int ssl_tls1_3_process_server_hello( mbedtls_ssl_context *ssl )
 {
     MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) );
     mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS );
@@ -750,7 +750,7 @@ static int ssl_tls1_3_read_server_hello( mbedtls_ssl_context *ssl )
 /*
  * Handler for MBEDTLS_SSL_ENCRYPTED_EXTENSIONS
  */
-static int ssl_tls1_3_read_encrypted_extensions( mbedtls_ssl_context *ssl )
+static int ssl_tls1_3_process_encrypted_extensions( mbedtls_ssl_context *ssl )
 {
     MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) );
     mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CERTIFICATE_REQUEST );
@@ -760,7 +760,7 @@ static int ssl_tls1_3_read_encrypted_extensions( mbedtls_ssl_context *ssl )
 /*
  * Handler for  MBEDTLS_SSL_CERTIFICATE_REQUEST
  */
-static int ssl_tls1_3_read_certificate_request( mbedtls_ssl_context *ssl )
+static int ssl_tls1_3_process_certificate_request( mbedtls_ssl_context *ssl )
 {
     MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) );
     mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_CERTIFICATE );
@@ -770,7 +770,7 @@ static int ssl_tls1_3_read_certificate_request( mbedtls_ssl_context *ssl )
 /*
  * Handler for MBEDTLS_SSL_SERVER_CERTIFICATE
  */
-static int ssl_tls1_3_read_server_certificate( mbedtls_ssl_context *ssl )
+static int ssl_tls1_3_process_server_certificate( mbedtls_ssl_context *ssl )
 {
     MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) );
     mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CERTIFICATE_VERIFY );
@@ -780,7 +780,7 @@ static int ssl_tls1_3_read_server_certificate( mbedtls_ssl_context *ssl )
 /*
  * Handler for MBEDTLS_SSL_CERTIFICATE_VERIFY
  */
-static int ssl_tls1_3_read_certificate_verify( mbedtls_ssl_context *ssl )
+static int ssl_tls1_3_process_certificate_verify( mbedtls_ssl_context *ssl )
 {
     MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) );
     mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_FINISHED );
@@ -790,7 +790,7 @@ static int ssl_tls1_3_read_certificate_verify( mbedtls_ssl_context *ssl )
 /*
  * Handler for MBEDTLS_SSL_SERVER_FINISHED
  */
-static int ssl_tls1_3_read_server_finished( mbedtls_ssl_context *ssl )
+static int ssl_tls1_3_process_server_finished( mbedtls_ssl_context *ssl )
 {
     MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) );
     mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE );
@@ -865,27 +865,27 @@ int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl )
             break;
 
         case MBEDTLS_SSL_SERVER_HELLO:
-            ret = ssl_tls1_3_read_server_hello( ssl );
+            ret = ssl_tls1_3_process_server_hello( ssl );
             break;
 
         case MBEDTLS_SSL_ENCRYPTED_EXTENSIONS:
-            ret = ssl_tls1_3_read_encrypted_extensions( ssl );
+            ret = ssl_tls1_3_process_encrypted_extensions( ssl );
             break;
 
         case MBEDTLS_SSL_CERTIFICATE_REQUEST:
-            ret = ssl_tls1_3_read_certificate_request( ssl );
+            ret = ssl_tls1_3_process_certificate_request( ssl );
             break;
 
         case MBEDTLS_SSL_SERVER_CERTIFICATE:
-            ret = ssl_tls1_3_read_server_certificate( ssl );
+            ret = ssl_tls1_3_process_server_certificate( ssl );
             break;
 
         case MBEDTLS_SSL_CERTIFICATE_VERIFY:
-            ret = ssl_tls1_3_read_certificate_verify( ssl );
+            ret = ssl_tls1_3_process_certificate_verify( ssl );
             break;
 
         case MBEDTLS_SSL_SERVER_FINISHED:
-            ret = ssl_tls1_3_read_server_finished( ssl );
+            ret = ssl_tls1_3_process_server_finished( ssl );
             break;
 
         case MBEDTLS_SSL_CLIENT_CERTIFICATE:

From e86cd6575472dedd67c45938c41dcc50404e78ef Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Mon, 27 Sep 2021 14:38:20 +0800
Subject: [PATCH 570/966] fix unused-variable fail without MBEDTLS_DEBUG_C

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_tls13_server.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index 5238f044eb..86f44cb65f 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -29,6 +29,7 @@
 
 int mbedtls_ssl_tls13_handshake_server_step( mbedtls_ssl_context *ssl )
 {
+    ((void) ssl);
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "tls1_3 server state: %d", ssl->state ) );
 
     return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );

From e7047819eef8d27285acfdbbd66d2855ab4e18f5 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Mon, 13 Sep 2021 19:26:39 +0800
Subject: [PATCH 571/966] add pend fatal alert

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 include/mbedtls/ssl.h | 25 +++++++++++++++++++++++++
 library/ssl_misc.h    |  5 +++++
 library/ssl_msg.c     | 22 ++++++++++++++++++++++
 library/ssl_tls.c     | 16 ++++++++++++++++
 4 files changed, 68 insertions(+)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 725b156d5d..58cc113b7f 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1526,6 +1526,23 @@ struct mbedtls_ssl_context
     int MBEDTLS_PRIVATE(keep_current_message);   /*!< drop or reuse current message
                                      on next call to record layer? */
 
+    /* The following three variables indicate if and, if yes,
+     * what kind of alert or warning is pending to be sent.
+     * They should not be set manually but through the macro
+     * MBEDTLS_SSL_PEND_FATAL_ALERT( type, user_return_value )
+     * defined below.
+     */
+    unsigned char MBEDTLS_PRIVATE(send_alert);   /*!< Determines if either a fatal error
+                                  or a warning should be sent. Values:
+                                  - \c 0 if no alert is to be sent.
+                                  - #MBEDTLS_SSL_ALERT_LEVEL_FATAL
+                                  if a fatal alert is to be sent
+                                  - #MBEDTLS_SSL_ALERT_LEVEL_WARNING
+                                  if a non-fatal alert is to be sent. */
+    unsigned char MBEDTLS_PRIVATE(alert_type);   /*!< Type of alert if send_alert != 0 */
+    int MBEDTLS_PRIVATE(alert_reason);           /*!< The error code to be returned to the
+                                 *   user once the fatal alert has been sent. */
+
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
     uint8_t MBEDTLS_PRIVATE(disable_datagram_packing);  /*!< Disable packing multiple records
                                         *   within a single datagram.  */
@@ -1624,6 +1641,14 @@ struct mbedtls_ssl_context
 #endif
 };
 
+#define MBEDTLS_SSL_PEND_FATAL_ALERT( type, user_return_value )         \
+    do                                                                  \
+    {                                                                   \
+        ssl->send_alert = 1;                                            \
+        ssl->alert_reason = (user_return_value);                        \
+        ssl->alert_type = (type);                                       \
+    } while( 0 )
+
 /**
  * \brief               Return the name of the ciphersuite associated with the
  *                      given ID
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index c338d79eec..8b26983556 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -1342,6 +1342,11 @@ void mbedtls_ssl_update_in_pointers( mbedtls_ssl_context *ssl );
 
 int mbedtls_ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial );
 
+/*
+ * Send pending fatal alerts or warnings.
+ */
+int mbedtls_ssl_handle_pending_alert( mbedtls_ssl_context *ssl );
+
 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
 void mbedtls_ssl_dtls_replay_reset( mbedtls_ssl_context *ssl );
 #endif
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 2fe801a283..3144d9818c 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -5639,4 +5639,26 @@ void mbedtls_ssl_read_version( int *major, int *minor, int transport,
     }
 }
 
+/*
+ * Send pending fatal alerts or warnings.
+ */
+int mbedtls_ssl_handle_pending_alert( mbedtls_ssl_context *ssl )
+{
+    int ret;
+
+    /* Send alert if requested */
+    if( ssl->send_alert != 0 )
+    {
+        ret = mbedtls_ssl_send_alert_message( ssl,
+                                 MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                 ssl->alert_type );
+        if( ret != 0 )
+            return( ret );
+    }
+
+    ssl->send_alert = 0;
+    ssl->alert_type = 0;
+    return( 0 );
+}
+
 #endif /* MBEDTLS_SSL_TLS_C */
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 360419240f..7bb5f9fd7e 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -5170,6 +5170,10 @@ int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl )
     if( ret != 0 )
         return( ret );
 
+    ret = mbedtls_ssl_handle_pending_alert( ssl );
+    if( ret != 0 )
+        goto cleanup;
+
 #if defined(MBEDTLS_SSL_CLI_C)
     if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
     {
@@ -5199,6 +5203,18 @@ int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl )
     }
 #endif
 
+    if( ret != 0 )
+    {
+        int alert_ret;
+        alert_ret = mbedtls_ssl_handle_pending_alert( ssl );
+        if( alert_ret != 0 )
+        {
+            ret = alert_ret;
+            goto cleanup;
+        }
+    }
+
+cleanup:
     return( ret );
 }
 

From 33cedca8aa9d6fb8dc0c0107de38911f3cfd21c8 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Tue, 14 Sep 2021 19:55:49 +0800
Subject: [PATCH 572/966] fix comments issue

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 include/mbedtls/ssl.h | 19 +++++++++----------
 1 file changed, 9 insertions(+), 10 deletions(-)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 58cc113b7f..18142a8617 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1532,16 +1532,15 @@ struct mbedtls_ssl_context
      * MBEDTLS_SSL_PEND_FATAL_ALERT( type, user_return_value )
      * defined below.
      */
-    unsigned char MBEDTLS_PRIVATE(send_alert);   /*!< Determines if either a fatal error
-                                  or a warning should be sent. Values:
-                                  - \c 0 if no alert is to be sent.
-                                  - #MBEDTLS_SSL_ALERT_LEVEL_FATAL
-                                  if a fatal alert is to be sent
-                                  - #MBEDTLS_SSL_ALERT_LEVEL_WARNING
-                                  if a non-fatal alert is to be sent. */
-    unsigned char MBEDTLS_PRIVATE(alert_type);   /*!< Type of alert if send_alert != 0 */
-    int MBEDTLS_PRIVATE(alert_reason);           /*!< The error code to be returned to the
-                                 *   user once the fatal alert has been sent. */
+    unsigned char MBEDTLS_PRIVATE(send_alert);   /*!< Determines if a fatal alert
+                                                should be sent. Values:
+                                                - \c 0 , no alert is to be sent.
+                                                - \c 1 , alert is to be sent. */
+    unsigned char MBEDTLS_PRIVATE(alert_type);   /*!< Type of alert if send_alert
+                                                 != 0 */
+    int MBEDTLS_PRIVATE(alert_reason);           /*!< The error code to be returned
+                                                 to the user once the fatal alert
+                                                 has been sent. */
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
     uint8_t MBEDTLS_PRIVATE(disable_datagram_packing);  /*!< Disable packing multiple records

From 394ece6cdd71d06e2186024769170588bb342ac8 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Tue, 14 Sep 2021 22:17:21 +0800
Subject: [PATCH 573/966] Add function for set pending alert flag

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 include/mbedtls/ssl.h | 13 +------------
 library/ssl_misc.h    | 14 +++++++++++++-
 library/ssl_msg.c     | 18 +++++++++++++++---
 3 files changed, 29 insertions(+), 16 deletions(-)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 18142a8617..822205ee48 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1527,10 +1527,7 @@ struct mbedtls_ssl_context
                                      on next call to record layer? */
 
     /* The following three variables indicate if and, if yes,
-     * what kind of alert or warning is pending to be sent.
-     * They should not be set manually but through the macro
-     * MBEDTLS_SSL_PEND_FATAL_ALERT( type, user_return_value )
-     * defined below.
+     * what kind of alert is pending to be sent.
      */
     unsigned char MBEDTLS_PRIVATE(send_alert);   /*!< Determines if a fatal alert
                                                 should be sent. Values:
@@ -1640,14 +1637,6 @@ struct mbedtls_ssl_context
 #endif
 };
 
-#define MBEDTLS_SSL_PEND_FATAL_ALERT( type, user_return_value )         \
-    do                                                                  \
-    {                                                                   \
-        ssl->send_alert = 1;                                            \
-        ssl->alert_reason = (user_return_value);                        \
-        ssl->alert_type = (type);                                       \
-    } while( 0 )
-
 /**
  * \brief               Return the name of the ciphersuite associated with the
  *                      given ID
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 8b26983556..5be5b03ac2 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -1343,10 +1343,22 @@ void mbedtls_ssl_update_in_pointers( mbedtls_ssl_context *ssl );
 int mbedtls_ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial );
 
 /*
- * Send pending fatal alerts or warnings.
+ * Send pending alert
  */
 int mbedtls_ssl_handle_pending_alert( mbedtls_ssl_context *ssl );
 
+/*
+ * Set pending fatal alert flag.
+ */
+void mbedtls_ssl_pend_fatal_alert( mbedtls_ssl_context *ssl,
+                                   unsigned char alert_type,
+                                   int alert_reason );
+
+/* Alias of mbedtls_ssl_pend_fatal_alert */
+#define MBEDTLS_SSL_PEND_FATAL_ALERT( type, user_return_value )         \
+            mbedtls_ssl_pend_fatal_alert( ssl, type, user_return_value )
+
+
 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
 void mbedtls_ssl_dtls_replay_reset( mbedtls_ssl_context *ssl );
 #endif
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 3144d9818c..9230bcd82a 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -5649,16 +5649,28 @@ int mbedtls_ssl_handle_pending_alert( mbedtls_ssl_context *ssl )
     /* Send alert if requested */
     if( ssl->send_alert != 0 )
     {
+        /* Clear send_alert to avoid infinite loop */
+        ssl->send_alert = 0;
+
         ret = mbedtls_ssl_send_alert_message( ssl,
                                  MBEDTLS_SSL_ALERT_LEVEL_FATAL,
                                  ssl->alert_type );
         if( ret != 0 )
             return( ret );
     }
-
-    ssl->send_alert = 0;
-    ssl->alert_type = 0;
     return( 0 );
 }
 
+/*
+ * Set pending fatal alert flag.
+ */
+void mbedtls_ssl_pend_fatal_alert( mbedtls_ssl_context *ssl,
+                                   unsigned char alert_type,
+                                   int alert_reason )
+{
+    ssl->send_alert = 1;
+    ssl->alert_type = alert_type;
+    ssl->alert_reason = alert_reason;
+}
+
 #endif /* MBEDTLS_SSL_TLS_C */

From bbd5a3fded73092349306d084b75de0b6a9b2c1f Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Sat, 18 Sep 2021 20:50:22 +0800
Subject: [PATCH 574/966] fix pending_alert issues

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_misc.h |  1 -
 library/ssl_msg.c  | 35 ++++++++++++++++++++++++-----------
 library/ssl_tls.c  |  5 +++++
 3 files changed, 29 insertions(+), 12 deletions(-)

diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 5be5b03ac2..a1128eda00 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -1358,7 +1358,6 @@ void mbedtls_ssl_pend_fatal_alert( mbedtls_ssl_context *ssl,
 #define MBEDTLS_SSL_PEND_FATAL_ALERT( type, user_return_value )         \
             mbedtls_ssl_pend_fatal_alert( ssl, type, user_return_value )
 
-
 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
 void mbedtls_ssl_dtls_replay_reset( mbedtls_ssl_context *ssl );
 #endif
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 9230bcd82a..1ea5e89909 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -5641,24 +5641,37 @@ void mbedtls_ssl_read_version( int *major, int *minor, int transport,
 
 /*
  * Send pending fatal alerts or warnings.
+ * 0, No alert message.
+ * !0, error from send_alert_message or handshake_step return
  */
 int mbedtls_ssl_handle_pending_alert( mbedtls_ssl_context *ssl )
 {
     int ret;
 
-    /* Send alert if requested */
-    if( ssl->send_alert != 0 )
-    {
-        /* Clear send_alert to avoid infinite loop */
-        ssl->send_alert = 0;
+    /* No pending alert, return success*/
+    if( ssl->send_alert == 0 )
+        return( 0 );
 
-        ret = mbedtls_ssl_send_alert_message( ssl,
-                                 MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                 ssl->alert_type );
-        if( ret != 0 )
-            return( ret );
+    ret = mbedtls_ssl_send_alert_message( ssl,
+                                MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                ssl->alert_type );
+
+    /* Success or send message fail, clear send_alert flag
+     * except WANT_WRITE. WANT_WRITE means need re-send message.
+     */
+    if( ret != MBEDTLS_ERR_SSL_WANT_WRITE )
+    {
+        ssl->send_alert = 0;
     }
-    return( 0 );
+
+    if( ret != 0 )
+    {
+        /* some errors on send alert message */
+        return( ret );
+    }
+
+    /* Assume alert_reason == handshake_step return */
+    return( ssl->alert_reason );
 }
 
 /*
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 7bb5f9fd7e..c11810df84 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -5205,10 +5205,15 @@ int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl )
 
     if( ret != 0 )
     {
+        /* handshake_step return error. And it is same
+         * with alert_reason.
+         */
         int alert_ret;
         alert_ret = mbedtls_ssl_handle_pending_alert( ssl );
         if( alert_ret != 0 )
         {
+            /* If success send, ret == alert_ret.
+             */
             ret = alert_ret;
             goto cleanup;
         }

From 3bf1f97a0e471dd7ab427aaeca11b2a924b4c7f3 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Wed, 22 Sep 2021 21:37:18 +0800
Subject: [PATCH 575/966] fix various issue on pending send alert

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_msg.c | 15 ++++++---------
 library/ssl_tls.c |  8 ++------
 2 files changed, 8 insertions(+), 15 deletions(-)

diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 1ea5e89909..3bf4a603db 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -5640,9 +5640,10 @@ void mbedtls_ssl_read_version( int *major, int *minor, int transport,
 }
 
 /*
- * Send pending fatal alerts or warnings.
- * 0, No alert message.
- * !0, error from send_alert_message or handshake_step return
+ * Send pending fatal alert.
+ * 0,   No alert message.
+ * !0,  if mbedtls_ssl_send_alert_message() returned in error, the error code it
+ *      returned, ssl->alert_reason otherwise.
  */
 int mbedtls_ssl_handle_pending_alert( mbedtls_ssl_context *ssl )
 {
@@ -5656,8 +5657,8 @@ int mbedtls_ssl_handle_pending_alert( mbedtls_ssl_context *ssl )
                                 MBEDTLS_SSL_ALERT_LEVEL_FATAL,
                                 ssl->alert_type );
 
-    /* Success or send message fail, clear send_alert flag
-     * except WANT_WRITE. WANT_WRITE means need re-send message.
+    /* If mbedtls_ssl_send_alert_message() returned with MBEDTLS_ERR_SSL_WANT_WRITE,
+     * do not clear the alert to be able to send it later.
      */
     if( ret != MBEDTLS_ERR_SSL_WANT_WRITE )
     {
@@ -5665,12 +5666,8 @@ int mbedtls_ssl_handle_pending_alert( mbedtls_ssl_context *ssl )
     }
 
     if( ret != 0 )
-    {
-        /* some errors on send alert message */
         return( ret );
-    }
 
-    /* Assume alert_reason == handshake_step return */
     return( ssl->alert_reason );
 }
 
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index c11810df84..21a058dd57 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -5208,13 +5208,9 @@ int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl )
         /* handshake_step return error. And it is same
          * with alert_reason.
          */
-        int alert_ret;
-        alert_ret = mbedtls_ssl_handle_pending_alert( ssl );
-        if( alert_ret != 0 )
+        if( ssl->send_alert )
         {
-            /* If success send, ret == alert_ret.
-             */
-            ret = alert_ret;
+            ret = mbedtls_ssl_handle_pending_alert( ssl );
             goto cleanup;
         }
     }

From 24c0ec31f99500c8ce557b693f0eb988e5aa5ee8 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Thu, 9 Sep 2021 14:21:07 +0800
Subject: [PATCH 576/966] tls13: add get_handshake_transcript

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_misc.h |   7 +++
 library/ssl_tls.c  | 143 +++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 150 insertions(+)

diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index c338d79eec..604976f5fc 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -1493,6 +1493,13 @@ void mbedtls_ssl_tls13_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl,
                                                unsigned hs_type,
                                                size_t total_hs_len );
 
+/* Get handshake transcript */
+int mbedtls_ssl_tls13_get_handshake_transcript( mbedtls_ssl_context *ssl,
+                                                const mbedtls_md_type_t md,
+                                                unsigned char *dst,
+                                                size_t dst_len,
+                                                size_t *olen );
+
 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
 /*
  * Write TLS 1.3 Signature Algorithm extension
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 360419240f..dc7b1e85c6 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -6978,4 +6978,147 @@ exit:
 
 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
 
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+
+#if defined(MBEDTLS_SHA384_C)
+static int ssl_tls13_get_handshake_transcript_sha384( mbedtls_ssl_context *ssl,
+                                                      unsigned char *dst,
+                                                      size_t dst_len,
+                                                      size_t *olen )
+{
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    psa_status_t status;
+    psa_hash_operation_t sha384_psa = psa_hash_operation_init();
+
+    if( dst_len < 48 )
+        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> PSA calc verify sha256" ) );
+    status = psa_hash_clone( &ssl->handshake->fin_sha384_psa, &sha384_psa );
+    if( status != PSA_SUCCESS )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash clone failed" ) );
+        return( MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED );
+    }
+
+    status = psa_hash_finish( &sha384_psa, dst, dst_len, olen );
+    if( status != PSA_SUCCESS )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash finish failed" ) );
+        return( MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED );
+    }
+
+    *olen = 48;
+    MBEDTLS_SSL_DEBUG_BUF( 3, "PSA calculated verify result", dst, *olen );
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= PSA calc verify" ) );
+    return( 0 );
+#else /* MBEDTLS_USE_PSA_CRYPTO */
+    int ret;
+    mbedtls_sha512_context sha512;
+
+    if( dst_len < 48 )
+        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+
+    mbedtls_sha512_init( &sha512 );
+    mbedtls_sha512_clone( &sha512, &ssl->handshake->fin_sha512 );
+
+    if( ( ret = mbedtls_sha512_finish( &sha512, dst ) ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha512_finish", ret );
+        goto exit;
+    }
+
+    *olen = 48;
+
+exit:
+
+    mbedtls_sha512_free( &sha512 );
+    return( ret );
+#endif /* !MBEDTLS_USE_PSA_CRYPTO */
+}
+#endif /* MBEDTLS_SHA384_C */
+
+#if defined(MBEDTLS_SHA256_C)
+static int ssl_tls13_get_handshake_transcript_sha256( mbedtls_ssl_context *ssl,
+                                                      unsigned char *dst,
+                                                      size_t dst_len,
+                                                      size_t *olen )
+{
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    psa_status_t status;
+    psa_hash_operation_t sha256_psa = psa_hash_operation_init();
+
+    if( dst_len < 32 )
+        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> PSA calc verify sha256" ) );
+    status = psa_hash_clone( &ssl->handshake->fin_sha256_psa, &sha256_psa );
+    if( status != PSA_SUCCESS )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash clone failed" ) );
+        return( MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED );
+    }
+
+    status = psa_hash_finish( &sha256_psa, dst, dst_len, olen );
+    if( status != PSA_SUCCESS )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash finish failed" ) );
+        return( MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED );
+    }
+
+    *olen = 32;
+    MBEDTLS_SSL_DEBUG_BUF( 3, "PSA calculated verify result", dst, *olen );
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= PSA calc verify" ) );
+    return( 0 );
+#else /* MBEDTLS_USE_PSA_CRYPTO */
+    int ret;
+    mbedtls_sha256_context sha256;
+
+    if( dst_len < 32 )
+        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+
+    mbedtls_sha256_init( &sha256 );
+    mbedtls_sha256_clone( &sha256, &ssl->handshake->fin_sha256 );
+
+    if( ( ret = mbedtls_sha256_finish( &sha256, dst ) ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha256_finish", ret );
+        goto exit;
+    }
+
+    *olen = 32;
+
+exit:
+
+    mbedtls_sha256_free( &sha256 );
+    return( ret );
+#endif /* !MBEDTLS_USE_PSA_CRYPTO */
+}
+#endif /* MBEDTLS_SHA256_C */
+
+int mbedtls_ssl_tls13_get_handshake_transcript( mbedtls_ssl_context *ssl,
+                                                const mbedtls_md_type_t md,
+                                                unsigned char *dst,
+                                                size_t dst_len,
+                                                size_t *olen )
+{
+#if defined(MBEDTLS_SHA384_C)
+    if( md == MBEDTLS_MD_SHA384 )
+    {
+        return( ssl_tls13_get_handshake_transcript_sha384( ssl, dst, dst_len, olen ) );
+    }
+    else
+#endif /* MBEDTLS_SHA512_C */
+#if defined(MBEDTLS_SHA256_C)
+    if( md == MBEDTLS_MD_SHA256 )
+    {
+        return( ssl_tls13_get_handshake_transcript_sha256( ssl, dst, dst_len, olen ) );
+    }
+    else
+#endif /* MBEDTLS_SHA256_C */
+    return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+}
+
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
+
 #endif /* MBEDTLS_SSL_TLS_C */

From 89ea321d96e8727b00bbf6ea632a40586b88a502 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Thu, 9 Sep 2021 14:31:24 +0800
Subject: [PATCH 577/966] tls13: add key_schedule_stage_early_data

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_misc.h       |  7 +++++++
 library/ssl_tls13_keys.c | 27 +++++++++++++++++++++++++++
 library/ssl_tls13_keys.h | 25 +++++++++++++++++++++++++
 3 files changed, 59 insertions(+)

diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 604976f5fc..5afdc4c5f8 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -675,6 +675,13 @@ struct mbedtls_ssl_handshake_params
     int extensions_present;             /*!< extension presence; Each bitfield
                                              represents an extension and defined
                                              as \c MBEDTLS_SSL_EXT_XXX */
+
+    union
+    {
+        unsigned char early    [MBEDTLS_MD_MAX_SIZE];
+        unsigned char handshake[MBEDTLS_MD_MAX_SIZE];
+        unsigned char app      [MBEDTLS_MD_MAX_SIZE];
+    } tls13_master_secrets;
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
 
 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index 7aec21dffe..b7beb125ca 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -820,4 +820,31 @@ int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform,
     return( 0 );
 }
 
+int mbedtls_ssl_tls13_key_schedule_stage_early_data( mbedtls_ssl_context *ssl )
+{
+    int ret = 0;
+
+    if( ssl->handshake->ciphersuite_info == NULL )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "cipher suite info not found" ) );
+        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    }
+    mbedtls_md_type_t const md_type = ssl->handshake->ciphersuite_info->mac;
+    const unsigned char *input = NULL;
+    size_t input_len = 0;
+#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+    input = ssl->handshake->psk;
+    input_len = ssl->handshake->psk_len;
+#endif
+    ret = mbedtls_ssl_tls1_3_evolve_secret( md_type, NULL, input, input_len,
+                                            ssl->handshake->tls13_master_secrets.early );
+    if( ret != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_evolve_secret", ret );
+        return( ret );
+    }
+
+    return( 0 );
+}
+
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h
index ca892b1665..592ba12a0f 100644
--- a/library/ssl_tls13_keys.h
+++ b/library/ssl_tls13_keys.h
@@ -531,4 +531,29 @@ int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform,
                                           mbedtls_ssl_key_set const *traffic_keys,
                                           mbedtls_ssl_context *ssl );
 
+/*
+ * TLS 1.3 key schedule evolutions
+ *
+ *   Early Data -> Handshake -> Application
+ *
+ * Small wrappers around mbedtls_ssl_tls1_3_evolve_secret().
+ */
+
+/**
+ * \brief Begin TLS 1.3 key schedule by calculating early secret
+ *        from chosen PSK.
+ *
+ *        The TLS 1.3 key schedule can be viewed as a simple state machine
+ *        with states Initial -> Early -> Handshake -> Application, and
+ *        this function represents the Initial -> Early transition.
+ *
+ *        In the early stage, mbedtls_ssl_tls1_3_generate_early_data_keys()
+ *        can be used to derive the 0-RTT traffic keys.
+ *
+ * \param ssl  The SSL context to operate on.
+ *
+ * \returns    \c 0 on success.
+ * \returns    A negative error code on failure.
+ */
+int mbedtls_ssl_tls13_key_schedule_stage_early_data( mbedtls_ssl_context *ssl );
 #endif /* MBEDTLS_SSL_TLS1_3_KEYS_H */

From 4925ef5da19db0f3482b59466bc15f80aab861f2 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Thu, 9 Sep 2021 14:42:55 +0800
Subject: [PATCH 578/966] tls13: add generate handshake keys

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_misc.h       |  23 ++++++++
 library/ssl_tls13_keys.c | 116 +++++++++++++++++++++++++++++++++++++++
 library/ssl_tls13_keys.h |  37 ++++++-------
 3 files changed, 155 insertions(+), 21 deletions(-)

diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 5afdc4c5f8..d9759af6c6 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -478,6 +478,27 @@ struct mbedtls_ssl_key_set
 };
 typedef struct mbedtls_ssl_key_set mbedtls_ssl_key_set;
 
+typedef struct
+{
+    unsigned char binder_key                  [ MBEDTLS_MD_MAX_SIZE ];
+    unsigned char client_early_traffic_secret [ MBEDTLS_MD_MAX_SIZE ];
+    unsigned char early_exporter_master_secret[ MBEDTLS_MD_MAX_SIZE ];
+} mbedtls_ssl_tls1_3_early_secrets;
+
+typedef struct
+{
+    unsigned char client_handshake_traffic_secret[ MBEDTLS_MD_MAX_SIZE ];
+    unsigned char server_handshake_traffic_secret[ MBEDTLS_MD_MAX_SIZE ];
+} mbedtls_ssl_tls1_3_handshake_secrets;
+
+typedef struct
+{
+    unsigned char client_application_traffic_secret_N[ MBEDTLS_MD_MAX_SIZE ];
+    unsigned char server_application_traffic_secret_N[ MBEDTLS_MD_MAX_SIZE ];
+    unsigned char exporter_master_secret             [ MBEDTLS_MD_MAX_SIZE ];
+    unsigned char resumption_master_secret           [ MBEDTLS_MD_MAX_SIZE ];
+} mbedtls_ssl_tls1_3_application_secrets;
+
 /*
  * This structure contains the parameters only needed during handshake.
  */
@@ -682,6 +703,8 @@ struct mbedtls_ssl_handshake_params
         unsigned char handshake[MBEDTLS_MD_MAX_SIZE];
         unsigned char app      [MBEDTLS_MD_MAX_SIZE];
     } tls13_master_secrets;
+
+    mbedtls_ssl_tls1_3_handshake_secrets tls13_hs_secrets;
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
 
 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index b7beb125ca..5435a25a4c 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -847,4 +847,120 @@ int mbedtls_ssl_tls13_key_schedule_stage_early_data( mbedtls_ssl_context *ssl )
     return( 0 );
 }
 
+/* mbedtls_ssl_tls13_generate_handshake_keys() generates keys necessary for
+ * protecting the handshake messages, as described in Section 7 of TLS 1.3. */
+int mbedtls_ssl_tls13_generate_handshake_keys( mbedtls_ssl_context *ssl,
+                                               mbedtls_ssl_key_set *traffic_keys )
+{
+    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+
+    mbedtls_md_type_t md_type;
+    mbedtls_md_info_t const *md_info;
+    size_t md_size;
+
+    unsigned char transcript[MBEDTLS_MD_MAX_SIZE];
+    size_t transcript_len;
+
+    mbedtls_cipher_info_t const *cipher_info;
+    size_t keylen, ivlen;
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> mbedtls_ssl_tls13_generate_handshake_keys" ) );
+
+    cipher_info = mbedtls_cipher_info_from_type(
+                    ssl->handshake->ciphersuite_info->cipher );
+    keylen = cipher_info->key_bitlen >> 3;
+    ivlen = cipher_info->iv_size;
+
+    md_type = ssl->handshake->ciphersuite_info->mac;
+    md_info = mbedtls_md_info_from_type( md_type );
+    md_size = mbedtls_md_get_size( md_info );
+
+    ret = mbedtls_ssl_tls13_get_handshake_transcript( ssl, md_type,
+                                                      transcript,
+                                                      sizeof( transcript ),
+                                                      &transcript_len );
+    if( ret != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1,
+                               "mbedtls_ssl_tls13_get_handshake_transcript",
+                               ret );
+        return( ret );
+    }
+
+    ret = mbedtls_ssl_tls1_3_derive_handshake_secrets( md_type,
+                ssl->handshake->tls13_master_secrets.handshake,
+                transcript, transcript_len,
+                &ssl->handshake->tls13_hs_secrets );
+    if( ret != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_derive_early_secrets", ret );
+        return( ret );
+    }
+
+    MBEDTLS_SSL_DEBUG_BUF( 4, "Client handshake traffic secret",
+                    ssl->handshake->tls13_hs_secrets.client_handshake_traffic_secret,
+                    md_size );
+
+    MBEDTLS_SSL_DEBUG_BUF( 4, "Server handshake traffic secret",
+                    ssl->handshake->tls13_hs_secrets.server_handshake_traffic_secret,
+                    md_size );
+
+    /*
+     * Export client handshake traffic secret
+     */
+#if defined(MBEDTLS_SSL_EXPORT_KEYS)
+    if( ssl->f_export_keys != NULL )
+    {
+        ssl->f_export_keys( ssl->p_export_keys,
+                MBEDTLS_SSL_KEY_EXPORT_TLS13_CLIENT_HANDSHAKE_TRAFFIC_SECRET,
+                ssl->handshake->tls13_hs_secrets.client_handshake_traffic_secret,
+                md_size,
+                ssl->handshake->randbytes + 32,
+                ssl->handshake->randbytes,
+                MBEDTLS_SSL_TLS_PRF_NONE /* TODO: FIX! */ );
+
+        ssl->f_export_keys( ssl->p_export_keys,
+                MBEDTLS_SSL_KEY_EXPORT_TLS13_SERVER_HANDSHAKE_TRAFFIC_SECRET,
+                ssl->handshake->tls13_hs_secrets.server_handshake_traffic_secret,
+                md_size,
+                ssl->handshake->randbytes + 32,
+                ssl->handshake->randbytes,
+                MBEDTLS_SSL_TLS_PRF_NONE /* TODO: FIX! */ );
+    }
+#endif /* MBEDTLS_SSL_EXPORT_KEYS */
+
+    ret = mbedtls_ssl_tls1_3_make_traffic_keys( md_type,
+                ssl->handshake->tls13_hs_secrets.client_handshake_traffic_secret,
+                ssl->handshake->tls13_hs_secrets.server_handshake_traffic_secret,
+                md_size,
+                keylen, ivlen, traffic_keys );
+    if( ret != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_make_traffic_keys", ret );
+        goto exit;
+    }
+
+    MBEDTLS_SSL_DEBUG_BUF( 4, "client_handshake write_key",
+                           traffic_keys->client_write_key,
+                           traffic_keys->key_len);
+
+    MBEDTLS_SSL_DEBUG_BUF( 4, "server_handshake write_key",
+                           traffic_keys->server_write_key,
+                           traffic_keys->key_len);
+
+    MBEDTLS_SSL_DEBUG_BUF( 4, "client_handshake write_iv",
+                           traffic_keys->client_write_iv,
+                           traffic_keys->iv_len);
+
+    MBEDTLS_SSL_DEBUG_BUF( 4, "server_handshake write_iv",
+                           traffic_keys->server_write_iv,
+                           traffic_keys->iv_len);
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= mbedtls_ssl_tls13_generate_handshake_keys" ) );
+
+exit:
+
+    return( ret );
+}
+
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h
index 592ba12a0f..7176dee0a2 100644
--- a/library/ssl_tls13_keys.h
+++ b/library/ssl_tls13_keys.h
@@ -70,27 +70,6 @@ extern const struct mbedtls_ssl_tls1_3_labels_struct mbedtls_ssl_tls1_3_labels;
 #define MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_CONTEXT_LEN  \
     MBEDTLS_MD_MAX_SIZE
 
-typedef struct
-{
-    unsigned char binder_key                  [ MBEDTLS_MD_MAX_SIZE ];
-    unsigned char client_early_traffic_secret [ MBEDTLS_MD_MAX_SIZE ];
-    unsigned char early_exporter_master_secret[ MBEDTLS_MD_MAX_SIZE ];
-} mbedtls_ssl_tls1_3_early_secrets;
-
-typedef struct
-{
-    unsigned char client_handshake_traffic_secret[ MBEDTLS_MD_MAX_SIZE ];
-    unsigned char server_handshake_traffic_secret[ MBEDTLS_MD_MAX_SIZE ];
-} mbedtls_ssl_tls1_3_handshake_secrets;
-
-typedef struct
-{
-    unsigned char client_application_traffic_secret_N[ MBEDTLS_MD_MAX_SIZE ];
-    unsigned char server_application_traffic_secret_N[ MBEDTLS_MD_MAX_SIZE ];
-    unsigned char exporter_master_secret             [ MBEDTLS_MD_MAX_SIZE ];
-    unsigned char resumption_master_secret           [ MBEDTLS_MD_MAX_SIZE ];
-} mbedtls_ssl_tls1_3_application_secrets;
-
 /* Maximum desired length for expanded key material generated
  * by HKDF-Expand-Label.
  *
@@ -556,4 +535,20 @@ int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform,
  * \returns    A negative error code on failure.
  */
 int mbedtls_ssl_tls13_key_schedule_stage_early_data( mbedtls_ssl_context *ssl );
+
+/**
+ * \brief Compute TLS 1.3 handshake traffic keys.
+ *
+ * \param ssl  The SSL context to operate on. This must be in
+ *             key schedule stage \c Handshake, see
+ *             mbedtls_ssl_tls13_key_schedule_stage_handshake().
+ * \param traffic_keys The address at which to store the handshake traffic key
+ *                     keys. This must be writable but may be uninitialized.
+ *
+ * \returns    \c 0 on success.
+ * \returns    A negative error code on failure.
+ */
+int mbedtls_ssl_tls13_generate_handshake_keys( mbedtls_ssl_context *ssl,
+                                               mbedtls_ssl_key_set *traffic_keys );
+
 #endif /* MBEDTLS_SSL_TLS1_3_KEYS_H */

From 7bea4bac96227cd288ab79d744c7d0a12e0a9d77 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Thu, 9 Sep 2021 15:06:18 +0800
Subject: [PATCH 579/966] tls13: add checksum of handshake message

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_misc.h          | 8 ++++++++
 library/ssl_tls13_generic.c | 9 +++++++++
 2 files changed, 17 insertions(+)

diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index d9759af6c6..4ccfbc52d5 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -1523,6 +1523,14 @@ void mbedtls_ssl_tls13_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl,
                                                unsigned hs_type,
                                                size_t total_hs_len );
 
+/*
+ * Update checksum of handshake message
+ */
+void mbedtls_ssl_tls13_add_hs_msg_to_checksum( mbedtls_ssl_context *ssl,
+                                               unsigned hs_type,
+                                               unsigned char const *msg,
+                                               size_t msg_len );
+
 /* Get handshake transcript */
 int mbedtls_ssl_tls13_get_handshake_transcript( mbedtls_ssl_context *ssl,
                                                 const mbedtls_md_type_t md,
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 5c20f29283..bac11787d8 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -66,6 +66,15 @@ cleanup:
     return( ret );
 }
 
+void mbedtls_ssl_tls13_add_hs_msg_to_checksum( mbedtls_ssl_context *ssl,
+                                               unsigned hs_type,
+                                               unsigned char const *msg,
+                                               size_t msg_len )
+{
+    mbedtls_ssl_tls13_add_hs_hdr_to_checksum( ssl, hs_type, msg_len );
+    ssl->handshake->update_checksum( ssl, msg, msg_len );
+}
+
 void mbedtls_ssl_tls13_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl,
                                                unsigned hs_type,
                                                size_t total_hs_len )

From d3f73349a7b54507bc4becf960bea9ffc2132a3b Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Thu, 9 Sep 2021 15:42:32 +0800
Subject: [PATCH 580/966] tls13: add ecdh_read_public

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ecdh.c     | 50 ++++++++++++++++++++++++++++++++++++++++++++++
 library/ecp.c      | 34 +++++++++++++++++++++++++++++++
 library/ssl_misc.h | 18 +++++++++++++++++
 3 files changed, 102 insertions(+)

diff --git a/library/ecdh.c b/library/ecdh.c
index b72bd1fe08..b1d7c2a3b3 100644
--- a/library/ecdh.c
+++ b/library/ecdh.c
@@ -31,6 +31,7 @@
 #include "mbedtls/ecdh.h"
 #include "mbedtls/platform_util.h"
 #include "mbedtls/error.h"
+#include "ssl_misc.h"
 
 #include "ecdh_misc.h"
 
@@ -690,6 +691,55 @@ static int ecdh_calc_secret_internal( mbedtls_ecdh_context_mbed *ctx,
     return mbedtls_mpi_write_binary( &ctx->z, buf, *olen );
 }
 
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+
+static int ecdh_read_tls13_public_internal( mbedtls_ecdh_context_mbed *ctx,
+                                            const unsigned char *buf,
+                                            size_t blen )
+{
+    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+    const unsigned char *p = buf;
+
+    if( ( ret = mbedtls_ecp_tls13_read_point( &ctx->grp, &ctx->Qp, &p,
+                                              blen ) ) != 0 )
+        return( ret );
+
+    if( (size_t)( p - buf ) != blen )
+        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+
+    return( 0 );
+}
+
+/*
+ * Parse and import the client's TLS 1.3 public value
+ */
+int mbedtls_ecdh_tls13_read_public( mbedtls_ecdh_context *ctx,
+                                    const unsigned char *buf, size_t blen )
+{
+    ECDH_VALIDATE_RET( ctx != NULL );
+    ECDH_VALIDATE_RET( buf != NULL );
+
+#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
+    return( ecdh_read_tls13_public_internal( ctx, buf, blen ) );
+#else
+    switch( ctx->var )
+    {
+#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
+        case MBEDTLS_ECDH_VARIANT_EVEREST:
+            return( mbedtls_everest_read_public( &ctx->ctx.everest_ecdh,
+                                                 buf, blen ) );
+#endif
+        case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
+            return( ecdh_read_tls13_public_internal( &ctx->ctx.mbed_ecdh,
+                                                     buf, blen ) );
+        default:
+            return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+    }
+#endif
+}
+
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
+
 /*
  * Derive and export the shared secret
  */
diff --git a/library/ecp.c b/library/ecp.c
index 0212069c83..a49cc457bc 100644
--- a/library/ecp.c
+++ b/library/ecp.c
@@ -79,6 +79,7 @@
 
 #include "bn_mul.h"
 #include "ecp_invasive.h"
+#include "ssl_misc.h"
 
 #include <string.h>
 
@@ -1051,6 +1052,39 @@ cleanup:
     return( ret );
 }
 
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+
+int mbedtls_ecp_tls13_read_point( const mbedtls_ecp_group *grp,
+                                  mbedtls_ecp_point *pt,
+                                  const unsigned char **buf, size_t buf_len )
+{
+    unsigned char data_len;
+    const unsigned char *buf_start;
+    ECP_VALIDATE_RET( grp != NULL );
+    ECP_VALIDATE_RET( pt  != NULL );
+    ECP_VALIDATE_RET( buf != NULL );
+    ECP_VALIDATE_RET( *buf != NULL );
+
+    if( buf_len < 3 )
+        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+
+    data_len = ( *( *buf ) << 8 ) | *( *buf+1 );
+    *buf += 2;
+
+    if( data_len < 1 || data_len > buf_len - 2 )
+        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+
+    /*
+     * Save buffer start for read_binary and update buf
+     */
+    buf_start = *buf;
+    *buf += data_len;
+
+    return( mbedtls_ecp_point_read_binary( grp, pt, buf_start, data_len ) );
+}
+
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
+
 /*
  * Fast mod-p functions expect their argument to be in the 0..p^2 range.
  *
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 4ccfbc52d5..6206c6f5b1 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -1538,6 +1538,24 @@ int mbedtls_ssl_tls13_get_handshake_transcript( mbedtls_ssl_context *ssl,
                                                 size_t dst_len,
                                                 size_t *olen );
 
+#if defined(MBEDTLS_ECDH_C)
+/*
+ * TLS 1.3 version of mbedtls_ecdh_read_public in ecdh.h
+ */
+int mbedtls_ecdh_tls13_read_public( mbedtls_ecdh_context *ctx,
+                                    const unsigned char *buf,
+                                    size_t blen );
+#endif /* MBEDTLS_ECDH_C */
+
+#if defined(MBEDTLS_ECP_C)
+/*
+ * TLS 1.3 version of mbedtls_ecp_tls_read_point in ecp.h
+ */
+int mbedtls_ecp_tls13_read_point( const mbedtls_ecp_group *grp,
+                                  mbedtls_ecp_point *pt,
+                                  const unsigned char **buf, size_t len );
+#endif /* MBEDTLS_ECP_C */
+
 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
 /*
  * Write TLS 1.3 Signature Algorithm extension

From c7875b5f11d400f00f4ee6f8ccc83ffd4756dd08 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Sun, 5 Sep 2021 21:05:50 +0800
Subject: [PATCH 581/966] add set in/out transform utils

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_misc.h |  8 ++++++++
 library/ssl_msg.c  | 17 +++++++++++++++++
 2 files changed, 25 insertions(+)

diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 6206c6f5b1..8b2d50d2f0 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -986,6 +986,14 @@ void mbedtls_ssl_transform_free( mbedtls_ssl_transform *transform );
  */
 void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl );
 
+/* set inbound transform of ssl context */
+void mbedtls_ssl_set_inbound_transform( mbedtls_ssl_context *ssl,
+                                        mbedtls_ssl_transform *transform );
+
+/* set outbound transform of ssl context */
+void mbedtls_ssl_set_outbound_transform( mbedtls_ssl_context *ssl,
+                                         mbedtls_ssl_transform *transform );
+
 int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl );
 int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl );
 void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl );
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 2fe801a283..fcdd0249bc 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -5551,6 +5551,23 @@ void mbedtls_ssl_transform_free( mbedtls_ssl_transform *transform )
     mbedtls_platform_zeroize( transform, sizeof( mbedtls_ssl_transform ) );
 }
 
+void mbedtls_ssl_set_inbound_transform( mbedtls_ssl_context *ssl,
+                                        mbedtls_ssl_transform *transform )
+{
+    if( ssl->transform_in == transform )
+        return;
+
+    ssl->transform_in = transform;
+    mbedtls_platform_zeroize( ssl->in_ctr, 8 );
+}
+
+void mbedtls_ssl_set_outbound_transform( mbedtls_ssl_context *ssl,
+                                         mbedtls_ssl_transform *transform )
+{
+    ssl->transform_out = transform;
+    mbedtls_platform_zeroize( ssl->cur_out_ctr, 8 );
+}
+
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
 
 void mbedtls_ssl_buffering_free( mbedtls_ssl_context *ssl )

From 000f9760707bfc866e47d7a078b0b776bd7211d4 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Tue, 14 Sep 2021 11:12:51 +0800
Subject: [PATCH 582/966] Rename get_handshake_transcript

- Remove tls13 prefix
- Remove TLS1_3 macro wrap

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_misc.h       | 14 +++++++-------
 library/ssl_tls.c        | 34 +++++++++++++++-------------------
 library/ssl_tls13_keys.c |  4 ++--
 3 files changed, 24 insertions(+), 28 deletions(-)

diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 8b2d50d2f0..44bfcb0062 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -1539,13 +1539,6 @@ void mbedtls_ssl_tls13_add_hs_msg_to_checksum( mbedtls_ssl_context *ssl,
                                                unsigned char const *msg,
                                                size_t msg_len );
 
-/* Get handshake transcript */
-int mbedtls_ssl_tls13_get_handshake_transcript( mbedtls_ssl_context *ssl,
-                                                const mbedtls_md_type_t md,
-                                                unsigned char *dst,
-                                                size_t dst_len,
-                                                size_t *olen );
-
 #if defined(MBEDTLS_ECDH_C)
 /*
  * TLS 1.3 version of mbedtls_ecdh_read_public in ecdh.h
@@ -1577,4 +1570,11 @@ int mbedtls_ssl_tls13_write_sig_alg_ext( mbedtls_ssl_context *ssl,
 
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
 
+/* Get handshake transcript */
+int mbedtls_ssl_get_handshake_transcript( mbedtls_ssl_context *ssl,
+                                          const mbedtls_md_type_t md,
+                                          unsigned char *dst,
+                                          size_t dst_len,
+                                          size_t *olen );
+
 #endif /* ssl_misc.h */
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index dc7b1e85c6..ae5a5b8026 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -6978,13 +6978,11 @@ exit:
 
 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
 
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
-
 #if defined(MBEDTLS_SHA384_C)
-static int ssl_tls13_get_handshake_transcript_sha384( mbedtls_ssl_context *ssl,
-                                                      unsigned char *dst,
-                                                      size_t dst_len,
-                                                      size_t *olen )
+static int ssl_get_handshake_transcript_sha384( mbedtls_ssl_context *ssl,
+                                                unsigned char *dst,
+                                                size_t dst_len,
+                                                size_t *olen )
 {
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
     psa_status_t status;
@@ -7039,10 +7037,10 @@ exit:
 #endif /* MBEDTLS_SHA384_C */
 
 #if defined(MBEDTLS_SHA256_C)
-static int ssl_tls13_get_handshake_transcript_sha256( mbedtls_ssl_context *ssl,
-                                                      unsigned char *dst,
-                                                      size_t dst_len,
-                                                      size_t *olen )
+static int ssl_get_handshake_transcript_sha256( mbedtls_ssl_context *ssl,
+                                                unsigned char *dst,
+                                                size_t dst_len,
+                                                size_t *olen )
 {
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
     psa_status_t status;
@@ -7096,29 +7094,27 @@ exit:
 }
 #endif /* MBEDTLS_SHA256_C */
 
-int mbedtls_ssl_tls13_get_handshake_transcript( mbedtls_ssl_context *ssl,
-                                                const mbedtls_md_type_t md,
-                                                unsigned char *dst,
-                                                size_t dst_len,
-                                                size_t *olen )
+int mbedtls_ssl_get_handshake_transcript( mbedtls_ssl_context *ssl,
+                                          const mbedtls_md_type_t md,
+                                          unsigned char *dst,
+                                          size_t dst_len,
+                                          size_t *olen )
 {
 #if defined(MBEDTLS_SHA384_C)
     if( md == MBEDTLS_MD_SHA384 )
     {
-        return( ssl_tls13_get_handshake_transcript_sha384( ssl, dst, dst_len, olen ) );
+        return( ssl_get_handshake_transcript_sha384( ssl, dst, dst_len, olen ) );
     }
     else
 #endif /* MBEDTLS_SHA512_C */
 #if defined(MBEDTLS_SHA256_C)
     if( md == MBEDTLS_MD_SHA256 )
     {
-        return( ssl_tls13_get_handshake_transcript_sha256( ssl, dst, dst_len, olen ) );
+        return( ssl_get_handshake_transcript_sha256( ssl, dst, dst_len, olen ) );
     }
     else
 #endif /* MBEDTLS_SHA256_C */
     return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
 }
 
-#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
-
 #endif /* MBEDTLS_SSL_TLS_C */
diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index 5435a25a4c..7e65268196 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -875,14 +875,14 @@ int mbedtls_ssl_tls13_generate_handshake_keys( mbedtls_ssl_context *ssl,
     md_info = mbedtls_md_info_from_type( md_type );
     md_size = mbedtls_md_get_size( md_info );
 
-    ret = mbedtls_ssl_tls13_get_handshake_transcript( ssl, md_type,
+    ret = mbedtls_ssl_get_handshake_transcript( ssl, md_type,
                                                       transcript,
                                                       sizeof( transcript ),
                                                       &transcript_len );
     if( ret != 0 )
     {
         MBEDTLS_SSL_DEBUG_RET( 1,
-                               "mbedtls_ssl_tls13_get_handshake_transcript",
+                               "mbedtls_ssl_get_handshake_transcript",
                                ret );
         return( ret );
     }

From a63de352dc1b847c45fb618fe0c56c7ba8ebd20c Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Thu, 9 Sep 2021 15:42:32 +0800
Subject: [PATCH 583/966] Revert "tls13: add ecdh_read_public"

This reverts commit 6a9d2ee4df88028e352e50d4f48687ce5b0f26ac.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ecdh.c     | 50 ----------------------------------------------
 library/ecp.c      | 34 -------------------------------
 library/ssl_misc.h | 18 -----------------
 3 files changed, 102 deletions(-)

diff --git a/library/ecdh.c b/library/ecdh.c
index b1d7c2a3b3..b72bd1fe08 100644
--- a/library/ecdh.c
+++ b/library/ecdh.c
@@ -31,7 +31,6 @@
 #include "mbedtls/ecdh.h"
 #include "mbedtls/platform_util.h"
 #include "mbedtls/error.h"
-#include "ssl_misc.h"
 
 #include "ecdh_misc.h"
 
@@ -691,55 +690,6 @@ static int ecdh_calc_secret_internal( mbedtls_ecdh_context_mbed *ctx,
     return mbedtls_mpi_write_binary( &ctx->z, buf, *olen );
 }
 
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
-
-static int ecdh_read_tls13_public_internal( mbedtls_ecdh_context_mbed *ctx,
-                                            const unsigned char *buf,
-                                            size_t blen )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    const unsigned char *p = buf;
-
-    if( ( ret = mbedtls_ecp_tls13_read_point( &ctx->grp, &ctx->Qp, &p,
-                                              blen ) ) != 0 )
-        return( ret );
-
-    if( (size_t)( p - buf ) != blen )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-
-    return( 0 );
-}
-
-/*
- * Parse and import the client's TLS 1.3 public value
- */
-int mbedtls_ecdh_tls13_read_public( mbedtls_ecdh_context *ctx,
-                                    const unsigned char *buf, size_t blen )
-{
-    ECDH_VALIDATE_RET( ctx != NULL );
-    ECDH_VALIDATE_RET( buf != NULL );
-
-#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
-    return( ecdh_read_tls13_public_internal( ctx, buf, blen ) );
-#else
-    switch( ctx->var )
-    {
-#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
-        case MBEDTLS_ECDH_VARIANT_EVEREST:
-            return( mbedtls_everest_read_public( &ctx->ctx.everest_ecdh,
-                                                 buf, blen ) );
-#endif
-        case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
-            return( ecdh_read_tls13_public_internal( &ctx->ctx.mbed_ecdh,
-                                                     buf, blen ) );
-        default:
-            return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
-    }
-#endif
-}
-
-#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
-
 /*
  * Derive and export the shared secret
  */
diff --git a/library/ecp.c b/library/ecp.c
index a49cc457bc..0212069c83 100644
--- a/library/ecp.c
+++ b/library/ecp.c
@@ -79,7 +79,6 @@
 
 #include "bn_mul.h"
 #include "ecp_invasive.h"
-#include "ssl_misc.h"
 
 #include <string.h>
 
@@ -1052,39 +1051,6 @@ cleanup:
     return( ret );
 }
 
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
-
-int mbedtls_ecp_tls13_read_point( const mbedtls_ecp_group *grp,
-                                  mbedtls_ecp_point *pt,
-                                  const unsigned char **buf, size_t buf_len )
-{
-    unsigned char data_len;
-    const unsigned char *buf_start;
-    ECP_VALIDATE_RET( grp != NULL );
-    ECP_VALIDATE_RET( pt  != NULL );
-    ECP_VALIDATE_RET( buf != NULL );
-    ECP_VALIDATE_RET( *buf != NULL );
-
-    if( buf_len < 3 )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-
-    data_len = ( *( *buf ) << 8 ) | *( *buf+1 );
-    *buf += 2;
-
-    if( data_len < 1 || data_len > buf_len - 2 )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-
-    /*
-     * Save buffer start for read_binary and update buf
-     */
-    buf_start = *buf;
-    *buf += data_len;
-
-    return( mbedtls_ecp_point_read_binary( grp, pt, buf_start, data_len ) );
-}
-
-#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
-
 /*
  * Fast mod-p functions expect their argument to be in the 0..p^2 range.
  *
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 44bfcb0062..8c5a32d67a 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -1539,24 +1539,6 @@ void mbedtls_ssl_tls13_add_hs_msg_to_checksum( mbedtls_ssl_context *ssl,
                                                unsigned char const *msg,
                                                size_t msg_len );
 
-#if defined(MBEDTLS_ECDH_C)
-/*
- * TLS 1.3 version of mbedtls_ecdh_read_public in ecdh.h
- */
-int mbedtls_ecdh_tls13_read_public( mbedtls_ecdh_context *ctx,
-                                    const unsigned char *buf,
-                                    size_t blen );
-#endif /* MBEDTLS_ECDH_C */
-
-#if defined(MBEDTLS_ECP_C)
-/*
- * TLS 1.3 version of mbedtls_ecp_tls_read_point in ecp.h
- */
-int mbedtls_ecp_tls13_read_point( const mbedtls_ecp_group *grp,
-                                  mbedtls_ecp_point *pt,
-                                  const unsigned char **buf, size_t len );
-#endif /* MBEDTLS_ECP_C */
-
 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
 /*
  * Write TLS 1.3 Signature Algorithm extension

From e3131ef7f34055748d11e1e252124cf6c561a899 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Thu, 16 Sep 2021 13:14:15 +0800
Subject: [PATCH 584/966] fix various issues

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_misc.h       |  2 +-
 library/ssl_msg.c        |  2 +-
 library/ssl_tls13_keys.c | 36 ++++++++++++++++++++----------------
 library/ssl_tls13_keys.h |  2 +-
 4 files changed, 23 insertions(+), 19 deletions(-)

diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 8c5a32d67a..1b5861c635 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -1532,7 +1532,7 @@ void mbedtls_ssl_tls13_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl,
                                                size_t total_hs_len );
 
 /*
- * Update checksum of handshake message
+ * Update checksum of handshake messages.
  */
 void mbedtls_ssl_tls13_add_hs_msg_to_checksum( mbedtls_ssl_context *ssl,
                                                unsigned hs_type,
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index fcdd0249bc..ea1d535a06 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -5565,7 +5565,7 @@ void mbedtls_ssl_set_outbound_transform( mbedtls_ssl_context *ssl,
                                          mbedtls_ssl_transform *transform )
 {
     ssl->transform_out = transform;
-    mbedtls_platform_zeroize( ssl->cur_out_ctr, 8 );
+    mbedtls_platform_zeroize( ssl->cur_out_ctr, sizeof( ssl->cur_out_ctr ) );
 }
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index 7e65268196..bfc3103fcb 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -21,14 +21,16 @@
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
 
-#include "mbedtls/hkdf.h"
-#include "ssl_misc.h"
-#include "ssl_tls13_keys.h"
-#include "mbedtls/debug.h"
-
 #include <stdint.h>
 #include <string.h>
 
+#include "mbedtls/hkdf.h"
+#include "mbedtls/debug.h"
+#include "mbedtls/error.h"
+
+#include "ssl_misc.h"
+#include "ssl_tls13_keys.h"
+
 #define MBEDTLS_SSL_TLS1_3_LABEL( name, string )       \
     .name = string,
 
@@ -820,24 +822,25 @@ int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform,
     return( 0 );
 }
 
-int mbedtls_ssl_tls13_key_schedule_stage_early_data( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_tls13_key_schedule_stage_early( mbedtls_ssl_context *ssl )
 {
-    int ret = 0;
-
+    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+    mbedtls_md_type_t md_type;
+    const unsigned char *input = NULL;
+    size_t input_len = 0;
     if( ssl->handshake->ciphersuite_info == NULL )
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "cipher suite info not found" ) );
         return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
     }
-    mbedtls_md_type_t const md_type = ssl->handshake->ciphersuite_info->mac;
-    const unsigned char *input = NULL;
-    size_t input_len = 0;
+
+    md_type = ssl->handshake->ciphersuite_info->mac;
 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
     input = ssl->handshake->psk;
     input_len = ssl->handshake->psk_len;
 #endif
     ret = mbedtls_ssl_tls1_3_evolve_secret( md_type, NULL, input, input_len,
-                                            ssl->handshake->tls13_master_secrets.early );
+                                ssl->handshake->tls13_master_secrets.early );
     if( ret != 0 )
     {
         MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_evolve_secret", ret );
@@ -876,9 +879,9 @@ int mbedtls_ssl_tls13_generate_handshake_keys( mbedtls_ssl_context *ssl,
     md_size = mbedtls_md_get_size( md_info );
 
     ret = mbedtls_ssl_get_handshake_transcript( ssl, md_type,
-                                                      transcript,
-                                                      sizeof( transcript ),
-                                                      &transcript_len );
+                                                transcript,
+                                                sizeof( transcript ),
+                                                &transcript_len );
     if( ret != 0 )
     {
         MBEDTLS_SSL_DEBUG_RET( 1,
@@ -893,7 +896,8 @@ int mbedtls_ssl_tls13_generate_handshake_keys( mbedtls_ssl_context *ssl,
                 &ssl->handshake->tls13_hs_secrets );
     if( ret != 0 )
     {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_derive_early_secrets", ret );
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_derive_handshake_secrets",
+                               ret );
         return( ret );
     }
 
diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h
index 7176dee0a2..407b5d613d 100644
--- a/library/ssl_tls13_keys.h
+++ b/library/ssl_tls13_keys.h
@@ -534,7 +534,7 @@ int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform,
  * \returns    \c 0 on success.
  * \returns    A negative error code on failure.
  */
-int mbedtls_ssl_tls13_key_schedule_stage_early_data( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_tls13_key_schedule_stage_early( mbedtls_ssl_context *ssl );
 
 /**
  * \brief Compute TLS 1.3 handshake traffic keys.

From 524314247686801c7fda1574ea2f00e6163e6e29 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Thu, 16 Sep 2021 13:25:04 +0800
Subject: [PATCH 585/966] Add macro for length of input counter

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_msg.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index ea1d535a06..36a3e202ff 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -54,6 +54,8 @@
 #include "mbedtls/oid.h"
 #endif
 
+#define MBEDTLS_SSL_IN_CTR_LEN 8
+
 static uint32_t ssl_get_hs_total_len( mbedtls_ssl_context const *ssl );
 
 /*
@@ -4791,7 +4793,7 @@ int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl )
     }
     else
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
-    memset( ssl->in_ctr, 0, 8 );
+    mbedtls_platform_zeroize( ssl->in_ctr, MBEDTLS_SSL_IN_CTR_LEN );
 
     mbedtls_ssl_update_in_pointers( ssl );
 
@@ -5558,7 +5560,7 @@ void mbedtls_ssl_set_inbound_transform( mbedtls_ssl_context *ssl,
         return;
 
     ssl->transform_in = transform;
-    mbedtls_platform_zeroize( ssl->in_ctr, 8 );
+    mbedtls_platform_zeroize( ssl->in_ctr, MBEDTLS_SSL_IN_CTR_LEN );
 }
 
 void mbedtls_ssl_set_outbound_transform( mbedtls_ssl_context *ssl,

From b65eb2f3cf6f170c838ac0f7d9acf9da0450f033 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Thu, 16 Sep 2021 13:43:28 +0800
Subject: [PATCH 586/966] Revert "tls13: add generate handshake keys"

This reverts commit f02ca4158674b974ae103849c43e0c92efc40e8c.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_misc.h       |  23 --------
 library/ssl_tls13_keys.c | 117 ---------------------------------------
 library/ssl_tls13_keys.h |  36 +++++++-----
 3 files changed, 21 insertions(+), 155 deletions(-)

diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 1b5861c635..fb261a0d6d 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -478,27 +478,6 @@ struct mbedtls_ssl_key_set
 };
 typedef struct mbedtls_ssl_key_set mbedtls_ssl_key_set;
 
-typedef struct
-{
-    unsigned char binder_key                  [ MBEDTLS_MD_MAX_SIZE ];
-    unsigned char client_early_traffic_secret [ MBEDTLS_MD_MAX_SIZE ];
-    unsigned char early_exporter_master_secret[ MBEDTLS_MD_MAX_SIZE ];
-} mbedtls_ssl_tls1_3_early_secrets;
-
-typedef struct
-{
-    unsigned char client_handshake_traffic_secret[ MBEDTLS_MD_MAX_SIZE ];
-    unsigned char server_handshake_traffic_secret[ MBEDTLS_MD_MAX_SIZE ];
-} mbedtls_ssl_tls1_3_handshake_secrets;
-
-typedef struct
-{
-    unsigned char client_application_traffic_secret_N[ MBEDTLS_MD_MAX_SIZE ];
-    unsigned char server_application_traffic_secret_N[ MBEDTLS_MD_MAX_SIZE ];
-    unsigned char exporter_master_secret             [ MBEDTLS_MD_MAX_SIZE ];
-    unsigned char resumption_master_secret           [ MBEDTLS_MD_MAX_SIZE ];
-} mbedtls_ssl_tls1_3_application_secrets;
-
 /*
  * This structure contains the parameters only needed during handshake.
  */
@@ -703,8 +682,6 @@ struct mbedtls_ssl_handshake_params
         unsigned char handshake[MBEDTLS_MD_MAX_SIZE];
         unsigned char app      [MBEDTLS_MD_MAX_SIZE];
     } tls13_master_secrets;
-
-    mbedtls_ssl_tls1_3_handshake_secrets tls13_hs_secrets;
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
 
 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index bfc3103fcb..32b68666be 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -850,121 +850,4 @@ int mbedtls_ssl_tls13_key_schedule_stage_early( mbedtls_ssl_context *ssl )
     return( 0 );
 }
 
-/* mbedtls_ssl_tls13_generate_handshake_keys() generates keys necessary for
- * protecting the handshake messages, as described in Section 7 of TLS 1.3. */
-int mbedtls_ssl_tls13_generate_handshake_keys( mbedtls_ssl_context *ssl,
-                                               mbedtls_ssl_key_set *traffic_keys )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
-    mbedtls_md_type_t md_type;
-    mbedtls_md_info_t const *md_info;
-    size_t md_size;
-
-    unsigned char transcript[MBEDTLS_MD_MAX_SIZE];
-    size_t transcript_len;
-
-    mbedtls_cipher_info_t const *cipher_info;
-    size_t keylen, ivlen;
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> mbedtls_ssl_tls13_generate_handshake_keys" ) );
-
-    cipher_info = mbedtls_cipher_info_from_type(
-                    ssl->handshake->ciphersuite_info->cipher );
-    keylen = cipher_info->key_bitlen >> 3;
-    ivlen = cipher_info->iv_size;
-
-    md_type = ssl->handshake->ciphersuite_info->mac;
-    md_info = mbedtls_md_info_from_type( md_type );
-    md_size = mbedtls_md_get_size( md_info );
-
-    ret = mbedtls_ssl_get_handshake_transcript( ssl, md_type,
-                                                transcript,
-                                                sizeof( transcript ),
-                                                &transcript_len );
-    if( ret != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1,
-                               "mbedtls_ssl_get_handshake_transcript",
-                               ret );
-        return( ret );
-    }
-
-    ret = mbedtls_ssl_tls1_3_derive_handshake_secrets( md_type,
-                ssl->handshake->tls13_master_secrets.handshake,
-                transcript, transcript_len,
-                &ssl->handshake->tls13_hs_secrets );
-    if( ret != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_derive_handshake_secrets",
-                               ret );
-        return( ret );
-    }
-
-    MBEDTLS_SSL_DEBUG_BUF( 4, "Client handshake traffic secret",
-                    ssl->handshake->tls13_hs_secrets.client_handshake_traffic_secret,
-                    md_size );
-
-    MBEDTLS_SSL_DEBUG_BUF( 4, "Server handshake traffic secret",
-                    ssl->handshake->tls13_hs_secrets.server_handshake_traffic_secret,
-                    md_size );
-
-    /*
-     * Export client handshake traffic secret
-     */
-#if defined(MBEDTLS_SSL_EXPORT_KEYS)
-    if( ssl->f_export_keys != NULL )
-    {
-        ssl->f_export_keys( ssl->p_export_keys,
-                MBEDTLS_SSL_KEY_EXPORT_TLS13_CLIENT_HANDSHAKE_TRAFFIC_SECRET,
-                ssl->handshake->tls13_hs_secrets.client_handshake_traffic_secret,
-                md_size,
-                ssl->handshake->randbytes + 32,
-                ssl->handshake->randbytes,
-                MBEDTLS_SSL_TLS_PRF_NONE /* TODO: FIX! */ );
-
-        ssl->f_export_keys( ssl->p_export_keys,
-                MBEDTLS_SSL_KEY_EXPORT_TLS13_SERVER_HANDSHAKE_TRAFFIC_SECRET,
-                ssl->handshake->tls13_hs_secrets.server_handshake_traffic_secret,
-                md_size,
-                ssl->handshake->randbytes + 32,
-                ssl->handshake->randbytes,
-                MBEDTLS_SSL_TLS_PRF_NONE /* TODO: FIX! */ );
-    }
-#endif /* MBEDTLS_SSL_EXPORT_KEYS */
-
-    ret = mbedtls_ssl_tls1_3_make_traffic_keys( md_type,
-                ssl->handshake->tls13_hs_secrets.client_handshake_traffic_secret,
-                ssl->handshake->tls13_hs_secrets.server_handshake_traffic_secret,
-                md_size,
-                keylen, ivlen, traffic_keys );
-    if( ret != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_make_traffic_keys", ret );
-        goto exit;
-    }
-
-    MBEDTLS_SSL_DEBUG_BUF( 4, "client_handshake write_key",
-                           traffic_keys->client_write_key,
-                           traffic_keys->key_len);
-
-    MBEDTLS_SSL_DEBUG_BUF( 4, "server_handshake write_key",
-                           traffic_keys->server_write_key,
-                           traffic_keys->key_len);
-
-    MBEDTLS_SSL_DEBUG_BUF( 4, "client_handshake write_iv",
-                           traffic_keys->client_write_iv,
-                           traffic_keys->iv_len);
-
-    MBEDTLS_SSL_DEBUG_BUF( 4, "server_handshake write_iv",
-                           traffic_keys->server_write_iv,
-                           traffic_keys->iv_len);
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= mbedtls_ssl_tls13_generate_handshake_keys" ) );
-
-exit:
-
-    return( ret );
-}
-
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h
index 407b5d613d..7a41db13dd 100644
--- a/library/ssl_tls13_keys.h
+++ b/library/ssl_tls13_keys.h
@@ -70,6 +70,27 @@ extern const struct mbedtls_ssl_tls1_3_labels_struct mbedtls_ssl_tls1_3_labels;
 #define MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_CONTEXT_LEN  \
     MBEDTLS_MD_MAX_SIZE
 
+typedef struct
+{
+    unsigned char binder_key                  [ MBEDTLS_MD_MAX_SIZE ];
+    unsigned char client_early_traffic_secret [ MBEDTLS_MD_MAX_SIZE ];
+    unsigned char early_exporter_master_secret[ MBEDTLS_MD_MAX_SIZE ];
+} mbedtls_ssl_tls1_3_early_secrets;
+
+typedef struct
+{
+    unsigned char client_handshake_traffic_secret[ MBEDTLS_MD_MAX_SIZE ];
+    unsigned char server_handshake_traffic_secret[ MBEDTLS_MD_MAX_SIZE ];
+} mbedtls_ssl_tls1_3_handshake_secrets;
+
+typedef struct
+{
+    unsigned char client_application_traffic_secret_N[ MBEDTLS_MD_MAX_SIZE ];
+    unsigned char server_application_traffic_secret_N[ MBEDTLS_MD_MAX_SIZE ];
+    unsigned char exporter_master_secret             [ MBEDTLS_MD_MAX_SIZE ];
+    unsigned char resumption_master_secret           [ MBEDTLS_MD_MAX_SIZE ];
+} mbedtls_ssl_tls1_3_application_secrets;
+
 /* Maximum desired length for expanded key material generated
  * by HKDF-Expand-Label.
  *
@@ -536,19 +557,4 @@ int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform,
  */
 int mbedtls_ssl_tls13_key_schedule_stage_early( mbedtls_ssl_context *ssl );
 
-/**
- * \brief Compute TLS 1.3 handshake traffic keys.
- *
- * \param ssl  The SSL context to operate on. This must be in
- *             key schedule stage \c Handshake, see
- *             mbedtls_ssl_tls13_key_schedule_stage_handshake().
- * \param traffic_keys The address at which to store the handshake traffic key
- *                     keys. This must be writable but may be uninitialized.
- *
- * \returns    \c 0 on success.
- * \returns    A negative error code on failure.
- */
-int mbedtls_ssl_tls13_generate_handshake_keys( mbedtls_ssl_context *ssl,
-                                               mbedtls_ssl_key_set *traffic_keys );
-
 #endif /* MBEDTLS_SSL_TLS1_3_KEYS_H */

From 92c1ca221f535dcfda4edd23f116836a3799743f Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Thu, 16 Sep 2021 18:56:10 +0800
Subject: [PATCH 587/966] fix likely typos error

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_msg.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 36a3e202ff..b749d93173 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -54,7 +54,7 @@
 #include "mbedtls/oid.h"
 #endif
 
-#define MBEDTLS_SSL_IN_CTR_LEN 8
+#define SSL_CONTEXT_INPUT_COUNTER_LEN 8
 
 static uint32_t ssl_get_hs_total_len( mbedtls_ssl_context const *ssl );
 
@@ -4793,7 +4793,7 @@ int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl )
     }
     else
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
-    mbedtls_platform_zeroize( ssl->in_ctr, MBEDTLS_SSL_IN_CTR_LEN );
+    mbedtls_platform_zeroize( ssl->in_ctr, SSL_CONTEXT_INPUT_COUNTER_LEN );
 
     mbedtls_ssl_update_in_pointers( ssl );
 
@@ -5560,7 +5560,7 @@ void mbedtls_ssl_set_inbound_transform( mbedtls_ssl_context *ssl,
         return;
 
     ssl->transform_in = transform;
-    mbedtls_platform_zeroize( ssl->in_ctr, MBEDTLS_SSL_IN_CTR_LEN );
+    mbedtls_platform_zeroize( ssl->in_ctr, SSL_CONTEXT_INPUT_COUNTER_LEN );
 }
 
 void mbedtls_ssl_set_outbound_transform( mbedtls_ssl_context *ssl,

From 4836952f9d3805c10d8bc01fd3c659aa858e152a Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Sat, 18 Sep 2021 16:09:01 +0800
Subject: [PATCH 588/966] fix tls1_3 prefix issues

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_misc.h          | 10 +++++-----
 library/ssl_tls13_generic.c |  8 ++++----
 library/ssl_tls13_keys.c    |  4 ++--
 library/ssl_tls13_keys.h    |  2 +-
 4 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index fb261a0d6d..ea891f44a5 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -681,7 +681,7 @@ struct mbedtls_ssl_handshake_params
         unsigned char early    [MBEDTLS_MD_MAX_SIZE];
         unsigned char handshake[MBEDTLS_MD_MAX_SIZE];
         unsigned char app      [MBEDTLS_MD_MAX_SIZE];
-    } tls13_master_secrets;
+    } tls1_3_master_secrets;
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
 
 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
@@ -1511,10 +1511,10 @@ void mbedtls_ssl_tls13_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl,
 /*
  * Update checksum of handshake messages.
  */
-void mbedtls_ssl_tls13_add_hs_msg_to_checksum( mbedtls_ssl_context *ssl,
-                                               unsigned hs_type,
-                                               unsigned char const *msg,
-                                               size_t msg_len );
+void mbedtls_ssl_tls1_3_add_hs_msg_to_checksum( mbedtls_ssl_context *ssl,
+                                                unsigned hs_type,
+                                                unsigned char const *msg,
+                                                size_t msg_len );
 
 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
 /*
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index bac11787d8..c8f6dc797c 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -66,10 +66,10 @@ cleanup:
     return( ret );
 }
 
-void mbedtls_ssl_tls13_add_hs_msg_to_checksum( mbedtls_ssl_context *ssl,
-                                               unsigned hs_type,
-                                               unsigned char const *msg,
-                                               size_t msg_len )
+void mbedtls_ssl_tls1_3_add_hs_msg_to_checksum( mbedtls_ssl_context *ssl,
+                                                unsigned hs_type,
+                                                unsigned char const *msg,
+                                                size_t msg_len )
 {
     mbedtls_ssl_tls13_add_hs_hdr_to_checksum( ssl, hs_type, msg_len );
     ssl->handshake->update_checksum( ssl, msg, msg_len );
diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index 32b68666be..2d504f0685 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -822,7 +822,7 @@ int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform,
     return( 0 );
 }
 
-int mbedtls_ssl_tls13_key_schedule_stage_early( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_tls1_3_key_schedule_stage_early( mbedtls_ssl_context *ssl )
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_md_type_t md_type;
@@ -840,7 +840,7 @@ int mbedtls_ssl_tls13_key_schedule_stage_early( mbedtls_ssl_context *ssl )
     input_len = ssl->handshake->psk_len;
 #endif
     ret = mbedtls_ssl_tls1_3_evolve_secret( md_type, NULL, input, input_len,
-                                ssl->handshake->tls13_master_secrets.early );
+                                ssl->handshake->tls1_3_master_secrets.early );
     if( ret != 0 )
     {
         MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_evolve_secret", ret );
diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h
index 7a41db13dd..45b0fdfa4c 100644
--- a/library/ssl_tls13_keys.h
+++ b/library/ssl_tls13_keys.h
@@ -555,6 +555,6 @@ int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform,
  * \returns    \c 0 on success.
  * \returns    A negative error code on failure.
  */
-int mbedtls_ssl_tls13_key_schedule_stage_early( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_tls1_3_key_schedule_stage_early( mbedtls_ssl_context *ssl );
 
 #endif /* MBEDTLS_SSL_TLS1_3_KEYS_H */

From e06f4532efffe9f0c7b717fdc23ff1752fce8ebd Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Thu, 23 Sep 2021 18:35:07 +0800
Subject: [PATCH 589/966] remove useless code

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_tls13_keys.c | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index 2d504f0685..cc94984063 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -835,10 +835,7 @@ int mbedtls_ssl_tls1_3_key_schedule_stage_early( mbedtls_ssl_context *ssl )
     }
 
     md_type = ssl->handshake->ciphersuite_info->mac;
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
-    input = ssl->handshake->psk;
-    input_len = ssl->handshake->psk_len;
-#endif
+
     ret = mbedtls_ssl_tls1_3_evolve_secret( md_type, NULL, input, input_len,
                                 ssl->handshake->tls1_3_master_secrets.early );
     if( ret != 0 )

From 957f0fa1f726b28ecd6715dede67bd586e1b1c3d Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Fri, 24 Sep 2021 10:27:07 +0800
Subject: [PATCH 590/966] Add length macro for in_ctr

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 include/mbedtls/ssl.h |  3 +++
 library/ssl_msg.c     | 14 ++++++--------
 library/ssl_srv.c     |  2 +-
 3 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 725b156d5d..3f627139c8 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -593,6 +593,9 @@ union mbedtls_ssl_premaster_secret
 
 #define MBEDTLS_PREMASTER_SIZE     sizeof( union mbedtls_ssl_premaster_secret )
 
+/* Length of in_ctr buffer in mbedtls_ssl_session */
+#define MBEDTLS_SSL_IN_CTR_LEN 8
+
 #ifdef __cplusplus
 extern "C" {
 #endif
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index b749d93173..518cfeeef4 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -54,8 +54,6 @@
 #include "mbedtls/oid.h"
 #endif
 
-#define SSL_CONTEXT_INPUT_COUNTER_LEN 8
-
 static uint32_t ssl_get_hs_total_len( mbedtls_ssl_context const *ssl );
 
 /*
@@ -3651,7 +3649,7 @@ static int ssl_prepare_record_content( mbedtls_ssl_context *ssl,
 #endif
         {
             unsigned i;
-            for( i = 8; i > mbedtls_ssl_ep_len( ssl ); i-- )
+            for( i = MBEDTLS_SSL_IN_CTR_LEN; i > mbedtls_ssl_ep_len( ssl ); i-- )
                 if( ++ssl->in_ctr[i - 1] != 0 )
                     break;
 
@@ -4793,7 +4791,7 @@ int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl )
     }
     else
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
-    mbedtls_platform_zeroize( ssl->in_ctr, SSL_CONTEXT_INPUT_COUNTER_LEN );
+    mbedtls_platform_zeroize( ssl->in_ctr, MBEDTLS_SSL_IN_CTR_LEN );
 
     mbedtls_ssl_update_in_pointers( ssl );
 
@@ -4883,17 +4881,17 @@ void mbedtls_ssl_update_in_pointers( mbedtls_ssl_context *ssl )
          * ssl_parse_record_header(). */
         ssl->in_ctr = ssl->in_hdr +  3;
 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
-        ssl->in_cid = ssl->in_ctr +  8;
+        ssl->in_cid = ssl->in_ctr +  MBEDTLS_SSL_IN_CTR_LEN;
         ssl->in_len = ssl->in_cid; /* Default: no CID */
 #else /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
-        ssl->in_len = ssl->in_ctr + 8;
+        ssl->in_len = ssl->in_ctr + MBEDTLS_SSL_IN_CTR_LEN;
 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
         ssl->in_iv  = ssl->in_len + 2;
     }
     else
 #endif
     {
-        ssl->in_ctr = ssl->in_hdr - 8;
+        ssl->in_ctr = ssl->in_hdr - MBEDTLS_SSL_IN_CTR_LEN;
         ssl->in_len = ssl->in_hdr + 3;
 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
         ssl->in_cid = ssl->in_len;
@@ -5560,7 +5558,7 @@ void mbedtls_ssl_set_inbound_transform( mbedtls_ssl_context *ssl,
         return;
 
     ssl->transform_in = transform;
-    mbedtls_platform_zeroize( ssl->in_ctr, SSL_CONTEXT_INPUT_COUNTER_LEN );
+    mbedtls_platform_zeroize( ssl->in_ctr, MBEDTLS_SSL_IN_CTR_LEN );
 }
 
 void mbedtls_ssl_set_outbound_transform( mbedtls_ssl_context *ssl,
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index b8c4314846..147bb785de 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -1220,7 +1220,7 @@ read_record_header:
             return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
         }
 
-        memcpy( ssl->cur_out_ctr + 2, ssl->in_ctr + 2, 6 );
+        memcpy( ssl->cur_out_ctr + 2, ssl->in_ctr + 2, MBEDTLS_SSL_IN_CTR_LEN - 2 );
 
 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
         if( mbedtls_ssl_dtls_replay_check( ssl ) != 0 )

From 148165cc6f78086d72983a5d925bc2945e834d94 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Fri, 24 Sep 2021 23:20:59 +0800
Subject: [PATCH 591/966] Remove psa version of get_handshake_transcript

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_tls.c | 73 +++++++++++------------------------------------
 1 file changed, 17 insertions(+), 56 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index ae5a5b8026..ab36f5d89f 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -6978,39 +6978,28 @@ exit:
 
 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
 
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+int mbedtls_ssl_get_handshake_transcript( mbedtls_ssl_context *ssl,
+                                          const mbedtls_md_type_t md,
+                                          unsigned char *dst,
+                                          size_t dst_len,
+                                          size_t *olen )
+{
+    ((void) ssl);
+    ((void) md);
+    ((void) dst);
+    ((void) dst_len);
+    *olen = 0;
+    return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE);
+}
+#else /* MBEDTLS_USE_PSA_CRYPTO */
+
 #if defined(MBEDTLS_SHA384_C)
 static int ssl_get_handshake_transcript_sha384( mbedtls_ssl_context *ssl,
                                                 unsigned char *dst,
                                                 size_t dst_len,
                                                 size_t *olen )
 {
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-    psa_status_t status;
-    psa_hash_operation_t sha384_psa = psa_hash_operation_init();
-
-    if( dst_len < 48 )
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> PSA calc verify sha256" ) );
-    status = psa_hash_clone( &ssl->handshake->fin_sha384_psa, &sha384_psa );
-    if( status != PSA_SUCCESS )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash clone failed" ) );
-        return( MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED );
-    }
-
-    status = psa_hash_finish( &sha384_psa, dst, dst_len, olen );
-    if( status != PSA_SUCCESS )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash finish failed" ) );
-        return( MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED );
-    }
-
-    *olen = 48;
-    MBEDTLS_SSL_DEBUG_BUF( 3, "PSA calculated verify result", dst, *olen );
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= PSA calc verify" ) );
-    return( 0 );
-#else /* MBEDTLS_USE_PSA_CRYPTO */
     int ret;
     mbedtls_sha512_context sha512;
 
@@ -7032,7 +7021,6 @@ exit:
 
     mbedtls_sha512_free( &sha512 );
     return( ret );
-#endif /* !MBEDTLS_USE_PSA_CRYPTO */
 }
 #endif /* MBEDTLS_SHA384_C */
 
@@ -7042,33 +7030,6 @@ static int ssl_get_handshake_transcript_sha256( mbedtls_ssl_context *ssl,
                                                 size_t dst_len,
                                                 size_t *olen )
 {
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-    psa_status_t status;
-    psa_hash_operation_t sha256_psa = psa_hash_operation_init();
-
-    if( dst_len < 32 )
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> PSA calc verify sha256" ) );
-    status = psa_hash_clone( &ssl->handshake->fin_sha256_psa, &sha256_psa );
-    if( status != PSA_SUCCESS )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash clone failed" ) );
-        return( MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED );
-    }
-
-    status = psa_hash_finish( &sha256_psa, dst, dst_len, olen );
-    if( status != PSA_SUCCESS )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash finish failed" ) );
-        return( MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED );
-    }
-
-    *olen = 32;
-    MBEDTLS_SSL_DEBUG_BUF( 3, "PSA calculated verify result", dst, *olen );
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= PSA calc verify" ) );
-    return( 0 );
-#else /* MBEDTLS_USE_PSA_CRYPTO */
     int ret;
     mbedtls_sha256_context sha256;
 
@@ -7090,7 +7051,6 @@ exit:
 
     mbedtls_sha256_free( &sha256 );
     return( ret );
-#endif /* !MBEDTLS_USE_PSA_CRYPTO */
 }
 #endif /* MBEDTLS_SHA256_C */
 
@@ -7116,5 +7076,6 @@ int mbedtls_ssl_get_handshake_transcript( mbedtls_ssl_context *ssl,
 #endif /* MBEDTLS_SHA256_C */
     return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
 }
+#endif /* !MBEDTLS_USE_PSA_CRYPTO */
 
 #endif /* MBEDTLS_SSL_TLS_C */

From def52c36e53ff2d0d3e235fc3f5ef6fc7eed5ff5 Mon Sep 17 00:00:00 2001
From: Ronald Cron <ronald.cron@arm.com>
Date: Mon, 27 Sep 2021 12:03:55 +0200
Subject: [PATCH 592/966] Remove obscure comment about TLS 1.3 renegotiation
 config option

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
---
 docs/architecture/tls13-experimental.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/architecture/tls13-experimental.md b/docs/architecture/tls13-experimental.md
index e6f9065801..96f844cdb1 100644
--- a/docs/architecture/tls13-experimental.md
+++ b/docs/architecture/tls13-experimental.md
@@ -134,7 +134,7 @@ the handshake with an handshake_failure closure alert.
   MBEDTLS_SSL_ENCRYPT_THEN_MAC             n/a
   MBEDTLS_SSL_EXTENDED_MASTER_SECRET       n/a
   MBEDTLS_SSL_KEEP_PEER_CERTIFICATE        no
-  MBEDTLS_SSL_RENEGOTIATION                n/a        Not TLS 1.2 dependent
+  MBEDTLS_SSL_RENEGOTIATION                n/a
   MBEDTLS_SSL_MAX_FRAGMENT_LENGTH          no
   MBEDTLS_SSL_ALPN                         no
 

From 023987feefa805c03ff71f5b9d99b162ba0fda79 Mon Sep 17 00:00:00 2001
From: Ronald Cron <ronald.cron@arm.com>
Date: Mon, 27 Sep 2021 11:59:25 +0200
Subject: [PATCH 593/966] Use GitHub table format

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
---
 docs/architecture/tls13-experimental.md | 115 ++++++++++++------------
 1 file changed, 60 insertions(+), 55 deletions(-)

diff --git a/docs/architecture/tls13-experimental.md b/docs/architecture/tls13-experimental.md
index 96f844cdb1..1eef961a80 100644
--- a/docs/architecture/tls13-experimental.md
+++ b/docs/architecture/tls13-experimental.md
@@ -83,30 +83,32 @@ the handshake with an handshake_failure closure alert.
 
 - Supported ClientHello extensions:
 
-                                 MVP   Prototype
-                                       (for comparison)
+  | Extension                    |   MVP   | Prototype (1) |
+  | ---------------------------- | ------- | ------------- |
+  | server_name                  | no      | YES           |
+  | max_fragment_length          | no      | YES           |
+  | status_request               | no      | no            |
+  | supported_groups             | YES     | YES           |
+  | signature_algorithms         | YES     | YES           |
+  | use_srtp                     | no      | no            |
+  | heartbeat                    | no      | no            |
+  | apln                         | no      | YES           |
+  | signed_certificate_timestamp | no      | no            |
+  | client_certificate_type      | no      | no            |
+  | server_certificate_type      | no      | no            |
+  | padding                      | no      | no            |
+  | key_share                    | YES     | YES           |
+  | pre_shared_key               | no      | YES           |
+  | psk_key_exchange_modes       | no      | YES           |
+  | early_data                   | no      | YES           |
+  | cookie                       | no      | YES           |
+  | supported_versions           | YES     | YES           |
+  | certificate_authorities      | no      | no            |
+  | post_handshake_auth          | no      | no            |
+  | signature_algorithms_cert    | no      | no            |
+
+  (1) This is just for comparison.
 
-  server_name                    no    YES
-  max_fragment_length            no    YES
-  status_request                 no    no
-  supported_groups               YES   YES
-  signature_algorithms           YES   YES
-  use_srtp                       no    no
-  heartbeat                      no    no
-  apln                           no    YES
-  signed_certificate_timestamp   no    no
-  client_certificate_type        no    no
-  server_certificate_type        no    no
-  padding                        no    no
-  key_share                      YES   YES
-  pre_shared_key                 no    YES
-  psk_key_exchange_modes         no    YES
-  early_data                     no    YES
-  cookie                         no    YES
-  supported_versions             YES   YES
-  certificate_authorities        no    no
-  post_handshake_auth            no    no
-  signature_algorithms_cert      no    no
 
 - Supported groups: depends on the library configuration.
   Potentially all ECDHE groups:
@@ -126,39 +128,42 @@ the handshake with an handshake_failure closure alert.
   modify the configuration for TLS 1.2. Mbed TLS SSL/TLS related features are
   not supported or not applicable to the TLS 1.3 MVP:
 
-                                         Supported  Comment
-  MBEDTLS_SSL_ALL_ALERT_MESSAGES           no
-  MBEDTLS_SSL_ASYNC_PRIVATE                no
-  MBEDTLS_SSL_CONTEXT_SERIALIZATION        no
-  MBEDTLS_SSL_DEBUG_ALL                    no
-  MBEDTLS_SSL_ENCRYPT_THEN_MAC             n/a
-  MBEDTLS_SSL_EXTENDED_MASTER_SECRET       n/a
-  MBEDTLS_SSL_KEEP_PEER_CERTIFICATE        no
-  MBEDTLS_SSL_RENEGOTIATION                n/a
-  MBEDTLS_SSL_MAX_FRAGMENT_LENGTH          no
-  MBEDTLS_SSL_ALPN                         no
+  | Mbed TLS configuration option            | Support |
+  | ---------------------------------------- | ------- |
+  | MBEDTLS_SSL_ALL_ALERT_MESSAGES           | no      |
+  | MBEDTLS_SSL_ASYNC_PRIVATE                | no      |
+  | MBEDTLS_SSL_CONTEXT_SERIALIZATION        | no      |
+  | MBEDTLS_SSL_DEBUG_ALL                    | no      |
+  | MBEDTLS_SSL_ENCRYPT_THEN_MAC             | n/a     |
+  | MBEDTLS_SSL_EXTENDED_MASTER_SECRET       | n/a     |
+  | MBEDTLS_SSL_KEEP_PEER_CERTIFICATE        | no      |
+  | MBEDTLS_SSL_RENEGOTIATION                | n/a     |
+  | MBEDTLS_SSL_MAX_FRAGMENT_LENGTH          | no      |
+  |                                          |         |
+  | MBEDTLS_SSL_SESSION_TICKETS              | no      |
+  | MBEDTLS_SSL_EXPORT_KEYS                  | no (1)  |
+  | MBEDTLS_SSL_SERVER_NAME_INDICATION       | no      |
+  | MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH       | no      |
+  |                                          |         |
+  | MBEDTLS_ECP_RESTARTABLE                  | no      |
+  | MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED     | no      |
+  |                                          |         |
+  | MBEDTLS_KEY_EXCHANGE_PSK_ENABLED         | n/a (2) |
+  | MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED     | n/a     |
+  | MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED   | n/a     |
+  | MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED     | n/a     |
+  | MBEDTLS_KEY_EXCHANGE_RSA_ENABLED         | n/a     |
+  | MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED     | n/a     |
+  | MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED   | n/a     |
+  | MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED | n/a     |
+  | MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED  | n/a     |
+  | MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED    | n/a     |
+  | MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED     | n/a     |
+  |                                          |         |
+  | MBEDTLS_USE_PSA_CRYPTO                   | no      |
 
-  MBEDTLS_SSL_SESSION_TICKETS              no
-  MBEDTLS_SSL_EXPORT_KEYS                  no         Incomplete support
-  MBEDTLS_SSL_SERVER_NAME_INDICATION       no
-  MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH       no
-
-  MBEDTLS_ECP_RESTARTABLE                  no
-  MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED     no
-
-  MBEDTLS_KEY_EXCHANGE_PSK_ENABLED         n/a        Make sense in TLS 1.3
-  MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED     n/a        context but their current
-  MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED   n/a        definition is TLS 1.2 only.
-  MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED     n/a
-  MBEDTLS_KEY_EXCHANGE_RSA_ENABLED         n/a
-  MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED     n/a
-  MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED   n/a
-  MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED n/a
-  MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED  n/a
-  MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED    n/a
-  MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED     n/a
-
-  MBEDTLS_USE_PSA_CRYPTO                   no
+  (1) Some support has already been upstreamed but it is incomplete.
+  (2) Make sense in TLS 1.3 context but their current definition is TLS 1.2 only.
 
 Not in the plan yet but probably necessary for a viable client:
 - server_name extension

From 1fa5088c0b6c82dca3438584a0bc33ecccf7a233 Mon Sep 17 00:00:00 2001
From: Ronald Cron <ronald.cron@arm.com>
Date: Mon, 27 Sep 2021 12:06:52 +0200
Subject: [PATCH 594/966] Improve comment about PSK TLS 1.3 configuration
 options

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
---
 docs/architecture/tls13-experimental.md | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/docs/architecture/tls13-experimental.md b/docs/architecture/tls13-experimental.md
index 1eef961a80..ee4e5fb592 100644
--- a/docs/architecture/tls13-experimental.md
+++ b/docs/architecture/tls13-experimental.md
@@ -163,7 +163,10 @@ the handshake with an handshake_failure closure alert.
   | MBEDTLS_USE_PSA_CRYPTO                   | no      |
 
   (1) Some support has already been upstreamed but it is incomplete.
-  (2) Make sense in TLS 1.3 context but their current definition is TLS 1.2 only.
+  (2) Key exchange configuration options for TLS 1.3 will likely to be
+      organized around the notion of key exchange mode along the line
+      of the MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_NONE/PSK/PSK_EPHEMERAL/EPHEMERAL
+      runtime configuration macros.
 
 Not in the plan yet but probably necessary for a viable client:
 - server_name extension

From 004df8ad5f8ffb724493d88be8e987efcdf8fb59 Mon Sep 17 00:00:00 2001
From: Ronald Cron <ronald.cron@arm.com>
Date: Mon, 27 Sep 2021 12:12:00 +0200
Subject: [PATCH 595/966] Improve comment about handshake failure with HRR and
 CertificateRequest

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
---
 docs/architecture/tls13-experimental.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/docs/architecture/tls13-experimental.md b/docs/architecture/tls13-experimental.md
index ee4e5fb592..9f6d0e48c5 100644
--- a/docs/architecture/tls13-experimental.md
+++ b/docs/architecture/tls13-experimental.md
@@ -74,7 +74,9 @@ MVP definition
 The TLS 1.3 MVP implements only the client side of the protocol.
 The TLS 1.3 MVP does not support the handling of server HelloRetryRequest and
 CertificateRequest messages. If it receives one of those messages, it aborts
-the handshake with an handshake_failure closure alert.
+the handshake with an handshake_failure closure alert and the
+`mbedtls_ssl_handshake()` returns in error with the
+`MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE` error code.
 
 - Supported cipher suites: depends on the library configuration. Potentially
   all of them:

From 85e51083d8b6b4a6968235d57713b9af98a150ea Mon Sep 17 00:00:00 2001
From: Ronald Cron <ronald.cron@arm.com>
Date: Mon, 27 Sep 2021 12:13:16 +0200
Subject: [PATCH 596/966] Add support for server_name extension

Section 9.2 of the specification defines server_name
extension as mandatory if not specified otherwise by
an application profile. Thus add its support to the
MVP scope.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
---
 docs/architecture/tls13-experimental.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/architecture/tls13-experimental.md b/docs/architecture/tls13-experimental.md
index 9f6d0e48c5..29cda88dc2 100644
--- a/docs/architecture/tls13-experimental.md
+++ b/docs/architecture/tls13-experimental.md
@@ -87,7 +87,7 @@ the handshake with an handshake_failure closure alert and the
 
   | Extension                    |   MVP   | Prototype (1) |
   | ---------------------------- | ------- | ------------- |
-  | server_name                  | no      | YES           |
+  | server_name                  | YES     | YES           |
   | max_fragment_length          | no      | YES           |
   | status_request               | no      | no            |
   | supported_groups             | YES     | YES           |

From 3160d700498bd88f29444ba621e103b7784547e0 Mon Sep 17 00:00:00 2001
From: Ronald Cron <ronald.cron@arm.com>
Date: Mon, 27 Sep 2021 13:27:21 +0200
Subject: [PATCH 597/966] Add comments about key_share and supported_versions
 support

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
---
 docs/architecture/tls13-experimental.md | 19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

diff --git a/docs/architecture/tls13-experimental.md b/docs/architecture/tls13-experimental.md
index 29cda88dc2..dce999fb45 100644
--- a/docs/architecture/tls13-experimental.md
+++ b/docs/architecture/tls13-experimental.md
@@ -99,18 +99,31 @@ the handshake with an handshake_failure closure alert and the
   | client_certificate_type      | no      | no            |
   | server_certificate_type      | no      | no            |
   | padding                      | no      | no            |
-  | key_share                    | YES     | YES           |
+  | key_share                    | YES (2) | YES           |
   | pre_shared_key               | no      | YES           |
   | psk_key_exchange_modes       | no      | YES           |
   | early_data                   | no      | YES           |
   | cookie                       | no      | YES           |
-  | supported_versions           | YES     | YES           |
+  | supported_versions           | YES (3) | YES           |
   | certificate_authorities      | no      | no            |
   | post_handshake_auth          | no      | no            |
   | signature_algorithms_cert    | no      | no            |
 
   (1) This is just for comparison.
 
+  (2) The MVP sends one shared secret corresponding to the configured preferred
+      group. The preferred group is the group of the first curve in the list of
+      allowed curves as defined by the configuration. By default, it is the
+      mandatory group as defined by section 9.1 of the specification,
+      `secp256r1`. The list of allowed curves can be set through the
+      `mbedtls_ssl_conf_curves()` API.
+
+  (3) The MVP proposes only TLS 1.3 and does not support version negociation.
+      Out-of-protocol fallback is supported though if the Mbed TLS library
+      has been built to support both TLS 1.3 and TLS 1.2: just set the
+      maximum of the minor version of the SSL configuration to
+      MBEDTLS_SSL_MINOR_VERSION_3 (`mbedtls_ssl_conf_min_version()` API) and
+      re-initiate a server handshake.
 
 - Supported groups: depends on the library configuration.
   Potentially all ECDHE groups:
@@ -121,8 +134,6 @@ the handshake with an handshake_failure closure alert and the
   ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512,
   rsa_pss_rsae_sha256.
 
-- Supported versions: only TLS 1.3
-
 - Support of Mbed TLS SSL/TLS related (not DTLS) features:
 
   The TLS 1.3 MVP is compatible with all TLS 1.2 configuration options in the

From c3b510f096a3d88137ffdb8ab38a1ad8bcd3ad49 Mon Sep 17 00:00:00 2001
From: Ronald Cron <ronald.cron@arm.com>
Date: Mon, 27 Sep 2021 13:36:33 +0200
Subject: [PATCH 598/966] Amend supported groups and signatures based on spec
 9.1 section

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
---
 docs/architecture/tls13-experimental.md | 21 +++++++++++++++------
 1 file changed, 15 insertions(+), 6 deletions(-)

diff --git a/docs/architecture/tls13-experimental.md b/docs/architecture/tls13-experimental.md
index dce999fb45..ed2b38f4fe 100644
--- a/docs/architecture/tls13-experimental.md
+++ b/docs/architecture/tls13-experimental.md
@@ -126,13 +126,22 @@ the handshake with an handshake_failure closure alert and the
       re-initiate a server handshake.
 
 - Supported groups: depends on the library configuration.
-  Potentially all ECDHE groups:
-  secp256r1, secp384r1, secp521r1(0x0019), x25519, x448.
+  Minimally (as defined in section 9.1 of the TLS 1.3 specification):
+  secp256r1 and x25519.
 
-- Supported signature algorithms: depends on the library configuration.
-  Potentially:
-  ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512,
-  rsa_pss_rsae_sha256.
+  Furthermore, depending on the library configuration, potentially:
+  secp384r1 and secp521r1.
+
+  Finite field groups (DHE) are not supported.
+
+- Supported signature algorithms(both for certificates and CertificateVerify):
+  Minimally (as defined in section 9.1 of the TLS 1.3 specification):
+  rsa_pkcs1_sha256, rsa_pss_rsae_sha256 and ecdsa_secp256r1_sha256
+
+  Furthermore, depending on the library configuration, potentially:
+  ecdsa_secp384r1_sha384 and ecdsa_secp521r1_sha512
+
+- Supported versions: only TLS 1.3, version negotiation is not supported.
 
 - Support of Mbed TLS SSL/TLS related (not DTLS) features:
 

From 7a7032a4bacb38f772e7b153c77d1f636d9ef8b3 Mon Sep 17 00:00:00 2001
From: Ronald Cron <ronald.cron@arm.com>
Date: Mon, 27 Sep 2021 13:38:46 +0200
Subject: [PATCH 599/966] Remove out of MVP scope items

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
---
 docs/architecture/tls13-experimental.md | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/docs/architecture/tls13-experimental.md b/docs/architecture/tls13-experimental.md
index ed2b38f4fe..c3c181e0a8 100644
--- a/docs/architecture/tls13-experimental.md
+++ b/docs/architecture/tls13-experimental.md
@@ -190,11 +190,6 @@ the handshake with an handshake_failure closure alert and the
       of the MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_NONE/PSK/PSK_EPHEMERAL/EPHEMERAL
       runtime configuration macros.
 
-Not in the plan yet but probably necessary for a viable client:
-- server_name extension
-- support for HelloRetryRequest
-- fallback to TLS 1.2
-
 Coding rules checklist for TLS 1.3
 ----------------------------------
 

From 660c723b098090b69a050795d6c60c87df35e860 Mon Sep 17 00:00:00 2001
From: Ronald Cron <ronald.cron@arm.com>
Date: Mon, 27 Sep 2021 13:40:53 +0200
Subject: [PATCH 600/966] Add paragraph about expected quality

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
---
 docs/architecture/tls13-experimental.md | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/docs/architecture/tls13-experimental.md b/docs/architecture/tls13-experimental.md
index c3c181e0a8..f7e3043f4f 100644
--- a/docs/architecture/tls13-experimental.md
+++ b/docs/architecture/tls13-experimental.md
@@ -190,6 +190,17 @@ the handshake with an handshake_failure closure alert and the
       of the MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_NONE/PSK/PSK_EPHEMERAL/EPHEMERAL
       runtime configuration macros.
 
+- Quality considerations
+  - Standard Mbed TLS review bar
+  - Interoperability testing with OpenSSL and GnuTLS. Test with all the
+    cipher suites supported by OpenSSL/GnuTLS server with and without
+    certificate base authentication.
+  - Negative testing against OpenSSL/GnuTLS servers with which the
+    handshake fails due to imcompatibility with the capabilities of the
+    MVP: TLS 1.2 or 1.1 server, server sending an HelloRetryRequest message in
+    response to the MVP ClientHello, server sending a CertificateRequest
+    message ...
+
 Coding rules checklist for TLS 1.3
 ----------------------------------
 

From 72064b30cf714ba9e1c3dcabea13554b4b49f221 Mon Sep 17 00:00:00 2001
From: Ronald Cron <ronald.cron@arm.com>
Date: Mon, 27 Sep 2021 13:54:28 +0200
Subject: [PATCH 601/966] Fix usage of backticks

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
---
 docs/architecture/tls13-experimental.md | 44 +++++++++++++++----------
 1 file changed, 26 insertions(+), 18 deletions(-)

diff --git a/docs/architecture/tls13-experimental.md b/docs/architecture/tls13-experimental.md
index f7e3043f4f..e63fbbc0ac 100644
--- a/docs/architecture/tls13-experimental.md
+++ b/docs/architecture/tls13-experimental.md
@@ -222,15 +222,15 @@ TLS 1.3 specific coding rules:
 
   - The names of macros and variables related to a field or structure in the
     TLS 1.3 specification should contain as far as possible the field name as
-    it is in the specification. If the field name is `too long` and we prefer
+    it is in the specification. If the field name is "too long" and we prefer
     to introduce some kind of abbreviation of it, use the same abbreviation
     everywhere in the code.
 
     Example 1: #define CLIENT_HELLO_RANDOM_LEN 32, macro for the length of the
         `random` field of the ClientHello message.
 
-    Example 2 (consistent abbreviation): mbedtls_ssl_tls1_3_write_sig_alg_ext()
-        and MBEDTLS_TLS_EXT_SIG_ALG, `sig_alg` standing for
+    Example 2 (consistent abbreviation): `mbedtls_ssl_tls1_3_write_sig_alg_ext()`
+        and `MBEDTLS_TLS_EXT_SIG_ALG`, `sig_alg` standing for
         `signature_algorithms`.
 
   - Regarding vectors that are represented by a length followed by their value
@@ -254,11 +254,12 @@ TLS 1.3 specific coding rules:
     issues.
 
     Example: `cipher_suites` vector of ClientHello in
-             ssl_tls1_3_write_client_hello_cipher_suites()
-
-             size_t cipher_suites_len;
-             unsigned char *cipher_suites_len_ptr;
-             unsigned char *cipher_suites_ptr;
+             `ssl_tls1_3_write_client_hello_cipher_suites()`
+    ```
+    size_t cipher_suites_len;
+    unsigned char *cipher_suites_len_ptr;
+    unsigned char *cipher_suites_ptr;
+    ```
 
   - Use of MBEDTLS_BYTE_xyz, MBEDTLS_PUT/GET_xyz, MBEDTLS_SSL_CHK_BUF_PTR
     MBEDTLS_SSL_CHK_BUF_READ_PTR macros where applicable.
@@ -272,16 +273,19 @@ TLS 1.3 specific coding rules:
     bytes in the wrong order: we should probably have only MBEDTLS_GET/PUT_*_BE
     (BE stands for Big-Endian) macros in the TLS 1.3 code.
 
-    The two last types, MBEDTLS_SSL_CHK_BUF_PTR and
-    MBEDTLS_SSL_CHK_BUF_READ_PTR, improve the readability of the code and
+    The two last types, `MBEDTLS_SSL_CHK_BUF_PTR` and
+    `MBEDTLS_SSL_CHK_BUF_READ_PTR`, improve the readability of the code and
     reduce the risk of error in the non-completely-trivial arithmetic to
     check that we do not write or read past the end of a data buffer. The
     usage of those macros combined with the following rule mitigate the risk
     to read/write past the end of a data buffer.
 
-    Examples: hs_hdr[1] = MBEDTLS_BYTE_2( total_hs_len );
-              MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS, p, 0 );
-              MBEDTLS_SSL_CHK_BUF_PTR( p, end, 7 );
+    Examples:
+    ```
+    hs_hdr[1] = MBEDTLS_BYTE_2( total_hs_len );
+    MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS, p, 0 );
+    MBEDTLS_SSL_CHK_BUF_PTR( p, end, 7 );
+    ```
 
   - To mitigate what happened here
     (https://github.com/ARMmbed/mbedtls/pull/4882#discussion_r701704527) from
@@ -296,33 +300,35 @@ TLS 1.3 specific coding rules:
 
 General coding rules:
 
-  - We prefer grouping `related statement lines` by not adding blank lines
+  - We prefer grouping "related statement lines" by not adding blank lines
     between them.
 
     Example 1:
-
+    ```
     ret = ssl_tls13_write_client_hello_cipher_suites( ssl, buf, end, &output_len );
     if( ret != 0 )
         return( ret );
     buf += output_len;
+    ```
 
     Example 2:
-
+    ```
     MBEDTLS_SSL_CHK_BUF_PTR( cipher_suites_iter, end, 2 );
     MBEDTLS_PUT_UINT16_BE( cipher_suite, cipher_suites_iter, 0 );
     cipher_suites_iter += 2;
+    ```
 
   - Use macros for constants that are used in different functions, different
     places in the code. When a constant is used only locally in a function
     (like the length in bytes of the vector lengths in functions reading and
     writing TLS handshake message) there is no need to define a macro for it.
 
-    Example: #define CLIENT_HELLO_RANDOM_LEN 32
+    Example: `#define CLIENT_HELLO_RANDOM_LEN 32`
 
   - When declaring a pointer the dereferencing operator should be prepended to
     the pointer name not appended to the pointer type:
 
-    Example: mbedtls_ssl_context *ssl;
+    Example: `mbedtls_ssl_context *ssl;`
 
   - Maximum line length is 80 characters.
 
@@ -340,7 +346,9 @@ General coding rules:
     vertically.
 
     Example:
+    ```
     int mbedtls_ssl_tls13_start_handshake_msg( mbedtls_ssl_context *ssl,
                                                unsigned hs_type,
                                                unsigned char **buf,
                                                size_t *buf_len );
+    ```

From b194466e99c9530359b8b64f28f999b4dcca03dd Mon Sep 17 00:00:00 2001
From: Ronald Cron <ronald.cron@arm.com>
Date: Mon, 27 Sep 2021 13:56:46 +0200
Subject: [PATCH 602/966] Amend TLS 1.3 prefix

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
---
 docs/architecture/tls13-experimental.md | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/docs/architecture/tls13-experimental.md b/docs/architecture/tls13-experimental.md
index e63fbbc0ac..defba776a7 100644
--- a/docs/architecture/tls13-experimental.md
+++ b/docs/architecture/tls13-experimental.md
@@ -214,11 +214,13 @@ PR upstreaming the first part of TLS 1.3 ClientHello writing code.
 TLS 1.3 specific coding rules:
 
   - TLS 1.3 specific C modules, headers, static functions names are prefixed
-    with `ssl_tls1_3_`. The same applies to structures and types that are
+    with `ssl_tls13_`. The same applies to structures and types that are
     internal to C modules.
 
-  - TLS 1.3 specific exported functions, macros, structures and types are
-    prefixed with `mbedtls_ssl_tls1_3_`.
+  - TLS 1.3 specific exported functions, structures and types are
+    prefixed with `mbedtls_ssl_tls13_`.
+
+  - Use TLS1_3 in TLS 1.3 specific macros.
 
   - The names of macros and variables related to a field or structure in the
     TLS 1.3 specification should contain as far as possible the field name as

From 99733f05111f1fd59655e5c0d0933353d37c3c4e Mon Sep 17 00:00:00 2001
From: Ronald Cron <ronald.cron@arm.com>
Date: Mon, 27 Sep 2021 13:58:21 +0200
Subject: [PATCH 603/966] Amend vector variables

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
---
 docs/architecture/tls13-experimental.md | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)

diff --git a/docs/architecture/tls13-experimental.md b/docs/architecture/tls13-experimental.md
index defba776a7..ca97a251cf 100644
--- a/docs/architecture/tls13-experimental.md
+++ b/docs/architecture/tls13-experimental.md
@@ -242,25 +242,24 @@ TLS 1.3 specific coding rules:
       length in bytes of the vector, where <vector name> is the name of the
       vector as defined in the TLS 1.3 specification.
 
-    - Use `<vector_name>_len_ptr` for the name of a variable intended to hold
+    - Use `p_<vector_name>_len` for the name of a variable intended to hold
       the address of the first byte of the vector length.
 
-    - Use `<vector_name>_ptr` for the name of a variable intended to hold the
+    - Use `<vector_name>` for the name of a variable intended to hold the
       address of the first byte of the vector value.
 
-    - Use `<vector_name>_end_ptr` for the name of a variable intended to hold
+    - Use `<vector_name>_end` for the name of a variable intended to hold
       the address of the first byte past the vector value.
 
-    Those two last idioms should lower the risk of mis-using one of the address
-    in place of the other one which could potentially lead to some nasty
-    issues.
+    Those idioms should lower the risk of mis-using one of the address in place
+    of another one which could potentially lead to some nasty issues.
 
     Example: `cipher_suites` vector of ClientHello in
              `ssl_tls1_3_write_client_hello_cipher_suites()`
     ```
     size_t cipher_suites_len;
-    unsigned char *cipher_suites_len_ptr;
-    unsigned char *cipher_suites_ptr;
+    unsigned char *p_cipher_suites_len;
+    unsigned char *cipher_suites;
     ```
 
   - Use of MBEDTLS_BYTE_xyz, MBEDTLS_PUT/GET_xyz, MBEDTLS_SSL_CHK_BUF_PTR

From fecda8ddb417f1479a88843ed934e6ad2f3ae696 Mon Sep 17 00:00:00 2001
From: Ronald Cron <ronald.cron@arm.com>
Date: Mon, 27 Sep 2021 13:59:38 +0200
Subject: [PATCH 604/966] Improve the description of common macros usage

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
---
 docs/architecture/tls13-experimental.md | 19 +++++++++++++------
 1 file changed, 13 insertions(+), 6 deletions(-)

diff --git a/docs/architecture/tls13-experimental.md b/docs/architecture/tls13-experimental.md
index ca97a251cf..1b6f5355b1 100644
--- a/docs/architecture/tls13-experimental.md
+++ b/docs/architecture/tls13-experimental.md
@@ -262,17 +262,24 @@ TLS 1.3 specific coding rules:
     unsigned char *cipher_suites;
     ```
 
-  - Use of MBEDTLS_BYTE_xyz, MBEDTLS_PUT/GET_xyz, MBEDTLS_SSL_CHK_BUF_PTR
-    MBEDTLS_SSL_CHK_BUF_READ_PTR macros where applicable.
+  - Where applicable, use:
+    - the macros to extract a byte from a multi-byte integer MBEDTLS_BYTE_{0-8}.
+    - the macros to write in memory in big-endian order a multi-byte integer
+      MBEDTLS_PUT_UINT{8|16|32|64}_BE.
+    - the macros to read from memory a multi-byte integer in big-endian order
+      MBEDTLS_GET_UINT{8|16|32|64}_BE.
+    - the macro to check for space when writing into an output buffer
+      `MBEDTLS_SSL_CHK_BUF_PTR`.
+    - the macro to check for data when reading from an input buffer
+      `MBEDTLS_SSL_CHK_BUF_READ_PTR`.
 
     These macros were introduced after the prototype was written thus are
     likely not to be used in prototype where we now would use them in
     development.
 
-    The two first types, MBEDTLS_BYTE_xyz and MBEDTLS_PUT/GET_xyz, improve
-    the readability of the code and reduce the risk of writing or reading
-    bytes in the wrong order: we should probably have only MBEDTLS_GET/PUT_*_BE
-    (BE stands for Big-Endian) macros in the TLS 1.3 code.
+    The three first types, MBEDTLS_BYTE_{0-8}, MBEDTLS_PUT_UINT{8|16|32|64}_BE
+    and MBEDTLS_GET_UINT{8|16|32|64}_BE improve the readability of the code and
+    reduce the risk of writing or reading bytes in the wrong order.
 
     The two last types, `MBEDTLS_SSL_CHK_BUF_PTR` and
     `MBEDTLS_SSL_CHK_BUF_READ_PTR`, improve the readability of the code and

From 3e7c4036b4dc9b51578a81d919885d0a866a038f Mon Sep 17 00:00:00 2001
From: Ronald Cron <ronald.cron@arm.com>
Date: Mon, 27 Sep 2021 14:22:38 +0200
Subject: [PATCH 605/966] Miscellaneous improvements

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
---
 docs/architecture/tls13-experimental.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/docs/architecture/tls13-experimental.md b/docs/architecture/tls13-experimental.md
index 1b6f5355b1..314928fe8d 100644
--- a/docs/architecture/tls13-experimental.md
+++ b/docs/architecture/tls13-experimental.md
@@ -143,7 +143,7 @@ the handshake with an handshake_failure closure alert and the
 
 - Supported versions: only TLS 1.3, version negotiation is not supported.
 
-- Support of Mbed TLS SSL/TLS related (not DTLS) features:
+- Compatibility with existing SSL/TLS build options:
 
   The TLS 1.3 MVP is compatible with all TLS 1.2 configuration options in the
   sense that when enabling the TLS 1.3 MVP in the library there is no need to
@@ -299,8 +299,8 @@ TLS 1.3 specific coding rules:
     (https://github.com/ARMmbed/mbedtls/pull/4882#discussion_r701704527) from
     happening again, use always a local variable named `p` for the reading
     pointer in functions parsing TLS 1.3 data, and for the writing pointer in
-    functions writing data into an output buffer. The name `p` has been
-    chosen as it was already widely used in TLS code.
+    functions writing data into an output buffer and only that variable. The
+    name `p` has been chosen as it was already widely used in TLS code.
 
   - When an TLS 1.3 structure is written or read by a function or as part of
     a function, provide as documentation the definition of the structure as

From 847c3580b8e2f25e724395e748914c8b024237b6 Mon Sep 17 00:00:00 2001
From: Ronald Cron <ronald.cron@arm.com>
Date: Mon, 27 Sep 2021 14:24:43 +0200
Subject: [PATCH 606/966] Expend coding rules

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
---
 docs/architecture/tls13-experimental.md | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/docs/architecture/tls13-experimental.md b/docs/architecture/tls13-experimental.md
index 314928fe8d..481caef93b 100644
--- a/docs/architecture/tls13-experimental.md
+++ b/docs/architecture/tls13-experimental.md
@@ -350,6 +350,11 @@ General coding rules:
       example it is generally fine if some closure characters like ";" or ")"
       are beyond the 80 characters limit.
 
+    If a line becomes too long due to a refactoring (for example renaming a
+    function to a longer name, or indenting a block more), avoid rewrapping
+    lines in the same commit: it makes the review harder. Make one commit with
+    the longer lines and another commit with just the rewrapping.
+
   - When in successive lines, functions and macros parameters should be aligned
     vertically.
 
@@ -360,3 +365,19 @@ General coding rules:
                                                unsigned char **buf,
                                                size_t *buf_len );
     ```
+
+  - When a function's parameters span several lines, group related parameters
+    together if possible.
+
+    For example, prefer:
+
+    ```
+    mbedtls_ssl_tls13_start_handshake_msg( ssl, hs_type,
+                                           buf, buf_len );
+    ```
+    over
+    ```
+    mbedtls_ssl_tls13_start_handshake_msg( ssl, hs_type, buf,
+                                           buf_len );
+    ```
+    even if it fits.

From f164b6a7ff940ff0501ce06045a97f96146d3d55 Mon Sep 17 00:00:00 2001
From: Ronald Cron <ronald.cron@arm.com>
Date: Mon, 27 Sep 2021 15:36:29 +0200
Subject: [PATCH 607/966] Add an overview section

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
---
 docs/architecture/tls13-experimental.md | 34 ++++++++++++++++++++-----
 1 file changed, 28 insertions(+), 6 deletions(-)

diff --git a/docs/architecture/tls13-experimental.md b/docs/architecture/tls13-experimental.md
index 481caef93b..5421492aee 100644
--- a/docs/architecture/tls13-experimental.md
+++ b/docs/architecture/tls13-experimental.md
@@ -71,12 +71,34 @@ together with their level of testing:
 MVP definition
 --------------
 
-The TLS 1.3 MVP implements only the client side of the protocol.
-The TLS 1.3 MVP does not support the handling of server HelloRetryRequest and
-CertificateRequest messages. If it receives one of those messages, it aborts
-the handshake with an handshake_failure closure alert and the
-`mbedtls_ssl_handshake()` returns in error with the
-`MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE` error code.
+- Overview
+
+  - The TLS 1.3 MVP implements only the client side of the protocol.
+
+  - The TLS 1.3 MVP supports ECDHE key establishment.
+
+  - The TLS 1.3 MVP does not support DHE key establishment.
+
+  - The TLS 1.3 MVP does not support pre-shared keys, including any form of
+    session resumption. This implies that it does not support sending early
+    data (0-RTT data).
+
+  - The TLS 1.3 MVP supports the authentication of the server by the client
+    but does not support authentication of the client by the server. In terms
+    of TLS 1.3 authentication messages, this means that the TLS 1.3 MVP
+    supports the processing of the Certificate and CertificateVerify messages
+    but not of the CertificateRequest message.
+
+  - The TLS 1.3 MVP does not support the handling of server HelloRetryRequest
+    message. In practice, this means that the handshake will fail if the MVP
+    does not provide in its ClientHello the shared secret associated to the
+    group selected by the server for key establishement. For more information,
+    see the comment associated to the `key_share` extension below.
+
+  - If the TLS 1.3 MVP receives a HelloRetryRequest or a CertificateRequest
+    message, it aborts the handshake with an handshake_failure closure alert
+    and the `mbedtls_ssl_handshake()` returns in error with the
+    `MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE` error code.
 
 - Supported cipher suites: depends on the library configuration. Potentially
   all of them:

From 4b627af36c67f1cecf740035b17abbf0d01f9990 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Wed, 7 Jul 2021 21:02:36 +0200
Subject: [PATCH 608/966] New macro MBEDTLS_CHECK_RETURN

Put this macro before a function declaration to indicate that its result
must be checked. This commit supports GCC-like compilers and MSVC >=2012.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 include/mbedtls/build_info.h | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h
index 23f85ba01e..46717608be 100644
--- a/include/mbedtls/build_info.h
+++ b/include/mbedtls/build_info.h
@@ -53,6 +53,24 @@
 #define _CRT_SECURE_NO_DEPRECATE 1
 #endif
 
+/** \def MBEDTLS_CHECK_RETURN
+ *
+ * This macro appearing at the beginning of the declaration of a function
+ * indicates that its return value should be checked.
+ *
+ * This should appear before most functions returning an error code
+ * (as \c int in the \c mbedtls_xxx API or
+ * as ::psa_status_t in the \c psa_xxx API).
+ */
+#if defined(__GNUC__)
+#define MBEDTLS_CHECK_RETURN __attribute__((warn_unused_result))
+#elif defined(_MSC_VER) && _MSC_VER >= 1700
+#include <sal.h>
+#define MBEDTLS_CHECK_RETURN _Check_return_
+#else
+#define MBEDTLS_CHECK_RETURN
+#endif
+
 #if !defined(MBEDTLS_CONFIG_FILE)
 #include "mbedtls/mbedtls_config.h"
 #else

From 7820a574f158deaa2110f8718704c99d295c0b12 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Wed, 7 Jul 2021 21:08:28 +0200
Subject: [PATCH 609/966] Catch failures of AES or DES operations

Declare all AES and DES functions that return int as needing to have
their result checked, and do check the result in our code.

A DES or AES block operation can fail in alternative implementations of
mbedtls_internal_aes_encrypt() (under MBEDTLS_AES_ENCRYPT_ALT),
mbedtls_internal_aes_decrypt() (under MBEDTLS_AES_DECRYPT_ALT),
mbedtls_des_crypt_ecb() (under MBEDTLS_DES_CRYPT_ECB_ALT),
mbedtls_des3_crypt_ecb() (under MBEDTLS_DES3_CRYPT_ECB_ALT).
A failure can happen if the accelerator peripheral is in a bad state.
Several block modes were not catching the error.

This commit does the following code changes, grouped together to avoid
having an intermediate commit where the build fails:

* Add MBEDTLS_CHECK_RETURN to all functions returning int in aes.h and des.h.
* Fix all places where this causes a GCC warning, indicating that our code
  was not properly checking the result of an AES operation:
    * In library code: on failure, goto exit and return ret.
    * In pkey programs: goto exit.
    * In the benchmark program: exit (not ideal since there's no error
      message, but it's what the code currently does for failures).
    * In test code: TEST_ASSERT.
* Changelog entry.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 check-return.txt                     | 12 +++++
 include/mbedtls/aes.h                | 14 ++++++
 include/mbedtls/des.h                | 13 +++++
 library/aes.c                        | 48 ++++++++++++++----
 library/des.c                        | 75 +++++++++++++++++++---------
 programs/pkey/dh_client.c            |  8 ++-
 programs/pkey/dh_server.c            |  8 ++-
 programs/test/benchmark.c            | 10 ++--
 tests/suites/test_suite_aes.function | 12 ++---
 tests/suites/test_suite_des.function | 24 ++++-----
 10 files changed, 164 insertions(+), 60 deletions(-)
 create mode 100644 check-return.txt

diff --git a/check-return.txt b/check-return.txt
new file mode 100644
index 0000000000..e6371ec69b
--- /dev/null
+++ b/check-return.txt
@@ -0,0 +1,12 @@
+Bugfix
+   * Failures of alternative implementations of AES or DES single-block
+     functions enabled with MBEDTLS_AES_ENCRYPT_ALT, MBEDTLS_AES_DECRYPT_ALT,
+     MBEDTLS_DES_CRYPT_ECB_ALT or MBEDTLS_DES3_CRYPT_ECB_ALT were ignored.
+     This does not concern the implementation provided with Mbed TLS,
+     where this function cannot fail, or full-module replacements with
+     MBEDTLS_AES_ALT or MBEDTLS_DES_ALT. Reported by Armelle Duboc in #1092.
+
+Changes
+   * Warn if errors from AES or DES functions are ignored. This is currently
+     supported on GCC-like compilers and on MSVC and can be configured by
+     setting MBEDTLS_CHECK_RETURN in mbedtls_config.h.
diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h
index 879c3f2a14..eb75935c1f 100644
--- a/include/mbedtls/aes.h
+++ b/include/mbedtls/aes.h
@@ -163,6 +163,7 @@ void mbedtls_aes_xts_free( mbedtls_aes_xts_context *ctx );
  * \return         \c 0 on success.
  * \return         #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
  */
+MBEDTLS_CHECK_RETURN
 int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
                     unsigned int keybits );
 
@@ -181,6 +182,7 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
  * \return         \c 0 on success.
  * \return         #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
  */
+MBEDTLS_CHECK_RETURN
 int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key,
                     unsigned int keybits );
 
@@ -201,6 +203,7 @@ int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key,
  * \return         \c 0 on success.
  * \return         #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
  */
+MBEDTLS_CHECK_RETURN
 int mbedtls_aes_xts_setkey_enc( mbedtls_aes_xts_context *ctx,
                                 const unsigned char *key,
                                 unsigned int keybits );
@@ -221,6 +224,7 @@ int mbedtls_aes_xts_setkey_enc( mbedtls_aes_xts_context *ctx,
  * \return         \c 0 on success.
  * \return         #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
  */
+MBEDTLS_CHECK_RETURN
 int mbedtls_aes_xts_setkey_dec( mbedtls_aes_xts_context *ctx,
                                 const unsigned char *key,
                                 unsigned int keybits );
@@ -249,6 +253,7 @@ int mbedtls_aes_xts_setkey_dec( mbedtls_aes_xts_context *ctx,
 
  * \return         \c 0 on success.
  */
+MBEDTLS_CHECK_RETURN
 int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx,
                     int mode,
                     const unsigned char input[16],
@@ -296,6 +301,7 @@ int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx,
  * \return         #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH
  *                 on failure.
  */
+MBEDTLS_CHECK_RETURN
 int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx,
                     int mode,
                     size_t length,
@@ -340,6 +346,7 @@ int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx,
  *                     smaller than an AES block in size (16 Bytes) or if \p
  *                     length is larger than 2^20 blocks (16 MiB).
  */
+MBEDTLS_CHECK_RETURN
 int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx,
                            int mode,
                            size_t length,
@@ -388,6 +395,7 @@ int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx,
  *
  * \return         \c 0 on success.
  */
+MBEDTLS_CHECK_RETURN
 int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx,
                        int mode,
                        size_t length,
@@ -432,6 +440,7 @@ int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx,
  *
  * \return         \c 0 on success.
  */
+MBEDTLS_CHECK_RETURN
 int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx,
                     int mode,
                     size_t length,
@@ -486,6 +495,7 @@ int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx,
  *
  * \return         \c 0 on success.
  */
+MBEDTLS_CHECK_RETURN
 int mbedtls_aes_crypt_ofb( mbedtls_aes_context *ctx,
                        size_t length,
                        size_t *iv_off,
@@ -572,6 +582,7 @@ int mbedtls_aes_crypt_ofb( mbedtls_aes_context *ctx,
  *
  * \return                 \c 0 on success.
  */
+MBEDTLS_CHECK_RETURN
 int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx,
                        size_t length,
                        size_t *nc_off,
@@ -592,6 +603,7 @@ int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx,
  *
  * \return          \c 0 on success.
  */
+MBEDTLS_CHECK_RETURN
 int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx,
                                   const unsigned char input[16],
                                   unsigned char output[16] );
@@ -607,6 +619,7 @@ int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx,
  *
  * \return          \c 0 on success.
  */
+MBEDTLS_CHECK_RETURN
 int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx,
                                   const unsigned char input[16],
                                   unsigned char output[16] );
@@ -618,6 +631,7 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx,
  * \return         \c 0 on success.
  * \return         \c 1 on failure.
  */
+MBEDTLS_CHECK_RETURN
 int mbedtls_aes_self_test( int verbose );
 
 #endif /* MBEDTLS_SELF_TEST */
diff --git a/include/mbedtls/des.h b/include/mbedtls/des.h
index 63a8e00d1c..7bd618c276 100644
--- a/include/mbedtls/des.h
+++ b/include/mbedtls/des.h
@@ -139,6 +139,7 @@ void mbedtls_des_key_set_parity( unsigned char key[MBEDTLS_DES_KEY_SIZE] );
  *                 security risk. We recommend considering stronger ciphers
  *                 instead.
  */
+MBEDTLS_CHECK_RETURN
 int mbedtls_des_key_check_key_parity( const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
 
 /**
@@ -152,6 +153,7 @@ int mbedtls_des_key_check_key_parity( const unsigned char key[MBEDTLS_DES_KEY_SI
  *                 security risk. We recommend considering stronger ciphers
  *                 instead.
  */
+MBEDTLS_CHECK_RETURN
 int mbedtls_des_key_check_weak( const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
 
 /**
@@ -166,6 +168,7 @@ int mbedtls_des_key_check_weak( const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
  *                 security risk. We recommend considering stronger ciphers
  *                 instead.
  */
+MBEDTLS_CHECK_RETURN
 int mbedtls_des_setkey_enc( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
 
 /**
@@ -180,6 +183,7 @@ int mbedtls_des_setkey_enc( mbedtls_des_context *ctx, const unsigned char key[MB
  *                 security risk. We recommend considering stronger ciphers
  *                 instead.
  */
+MBEDTLS_CHECK_RETURN
 int mbedtls_des_setkey_dec( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
 
 /**
@@ -190,6 +194,7 @@ int mbedtls_des_setkey_dec( mbedtls_des_context *ctx, const unsigned char key[MB
  *
  * \return         0
  */
+MBEDTLS_CHECK_RETURN
 int mbedtls_des3_set2key_enc( mbedtls_des3_context *ctx,
                       const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] );
 
@@ -201,6 +206,7 @@ int mbedtls_des3_set2key_enc( mbedtls_des3_context *ctx,
  *
  * \return         0
  */
+MBEDTLS_CHECK_RETURN
 int mbedtls_des3_set2key_dec( mbedtls_des3_context *ctx,
                       const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] );
 
@@ -212,6 +218,7 @@ int mbedtls_des3_set2key_dec( mbedtls_des3_context *ctx,
  *
  * \return         0
  */
+MBEDTLS_CHECK_RETURN
 int mbedtls_des3_set3key_enc( mbedtls_des3_context *ctx,
                       const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] );
 
@@ -223,6 +230,7 @@ int mbedtls_des3_set3key_enc( mbedtls_des3_context *ctx,
  *
  * \return         0
  */
+MBEDTLS_CHECK_RETURN
 int mbedtls_des3_set3key_dec( mbedtls_des3_context *ctx,
                       const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] );
 
@@ -239,6 +247,7 @@ int mbedtls_des3_set3key_dec( mbedtls_des3_context *ctx,
  *                 security risk. We recommend considering stronger ciphers
  *                 instead.
  */
+MBEDTLS_CHECK_RETURN
 int mbedtls_des_crypt_ecb( mbedtls_des_context *ctx,
                     const unsigned char input[8],
                     unsigned char output[8] );
@@ -266,6 +275,7 @@ int mbedtls_des_crypt_ecb( mbedtls_des_context *ctx,
  *                 security risk. We recommend considering stronger ciphers
  *                 instead.
  */
+MBEDTLS_CHECK_RETURN
 int mbedtls_des_crypt_cbc( mbedtls_des_context *ctx,
                     int mode,
                     size_t length,
@@ -283,6 +293,7 @@ int mbedtls_des_crypt_cbc( mbedtls_des_context *ctx,
  *
  * \return         0 if successful
  */
+MBEDTLS_CHECK_RETURN
 int mbedtls_des3_crypt_ecb( mbedtls_des3_context *ctx,
                      const unsigned char input[8],
                      unsigned char output[8] );
@@ -308,6 +319,7 @@ int mbedtls_des3_crypt_ecb( mbedtls_des3_context *ctx,
  *
  * \return         0 if successful, or MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH
  */
+MBEDTLS_CHECK_RETURN
 int mbedtls_des3_crypt_cbc( mbedtls_des3_context *ctx,
                      int mode,
                      size_t length,
@@ -338,6 +350,7 @@ void mbedtls_des_setkey( uint32_t SK[32],
  *
  * \return         0 if successful, or 1 if the test failed
  */
+MBEDTLS_CHECK_RETURN
 int mbedtls_des_self_test( int verbose );
 
 #endif /* MBEDTLS_SELF_TEST */
diff --git a/library/aes.c b/library/aes.c
index 8e3358c494..4afc3c48ae 100644
--- a/library/aes.c
+++ b/library/aes.c
@@ -1011,6 +1011,7 @@ int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx,
                     unsigned char *output )
 {
     int i;
+    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char temp[16];
 
     AES_VALIDATE_RET( ctx != NULL );
@@ -1040,7 +1041,9 @@ int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx,
         while( length > 0 )
         {
             memcpy( temp, input, 16 );
-            mbedtls_aes_crypt_ecb( ctx, mode, input, output );
+            ret = mbedtls_aes_crypt_ecb( ctx, mode, input, output );
+            if( ret != 0 )
+                goto exit;
 
             for( i = 0; i < 16; i++ )
                 output[i] = (unsigned char)( output[i] ^ iv[i] );
@@ -1059,7 +1062,9 @@ int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx,
             for( i = 0; i < 16; i++ )
                 output[i] = (unsigned char)( input[i] ^ iv[i] );
 
-            mbedtls_aes_crypt_ecb( ctx, mode, output, output );
+            ret = mbedtls_aes_crypt_ecb( ctx, mode, output, output );
+            if( ret != 0 )
+                goto exit;
             memcpy( iv, output, 16 );
 
             input  += 16;
@@ -1067,8 +1072,10 @@ int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx,
             length -= 16;
         }
     }
+    ret = 0;
 
-    return( 0 );
+exit:
+    return( ret );
 }
 #endif /* MBEDTLS_CIPHER_MODE_CBC */
 
@@ -1222,6 +1229,7 @@ int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx,
                        unsigned char *output )
 {
     int c;
+    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t n;
 
     AES_VALIDATE_RET( ctx != NULL );
@@ -1242,7 +1250,11 @@ int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx,
         while( length-- )
         {
             if( n == 0 )
-                mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv );
+            {
+                ret = mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv );
+                if( ret != 0 )
+                    goto exit;
+            }
 
             c = *input++;
             *output++ = (unsigned char)( c ^ iv[n] );
@@ -1256,7 +1268,11 @@ int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx,
         while( length-- )
         {
             if( n == 0 )
-                mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv );
+            {
+                ret = mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv );
+                if( ret != 0 )
+                    goto exit;
+            }
 
             iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ );
 
@@ -1265,8 +1281,10 @@ int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx,
     }
 
     *iv_off = n;
+    ret = 0;
 
-    return( 0 );
+exit:
+    return( ret );
 }
 
 /*
@@ -1279,6 +1297,7 @@ int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx,
                             const unsigned char *input,
                             unsigned char *output )
 {
+    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char c;
     unsigned char ov[17];
 
@@ -1291,7 +1310,9 @@ int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx,
     while( length-- )
     {
         memcpy( ov, iv, 16 );
-        mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv );
+        ret = mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv );
+        if( ret != 0 )
+            goto exit;
 
         if( mode == MBEDTLS_AES_DECRYPT )
             ov[16] = *input;
@@ -1303,8 +1324,10 @@ int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx,
 
         memcpy( iv, ov + 1, 16 );
     }
+    ret = 0;
 
-    return( 0 );
+exit:
+    return( ret );
 }
 #endif /* MBEDTLS_CIPHER_MODE_CFB */
 
@@ -1366,6 +1389,7 @@ int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx,
                        unsigned char *output )
 {
     int c, i;
+    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t n;
 
     AES_VALIDATE_RET( ctx != NULL );
@@ -1383,7 +1407,9 @@ int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx,
     while( length-- )
     {
         if( n == 0 ) {
-            mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, nonce_counter, stream_block );
+            ret = mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, nonce_counter, stream_block );
+            if( ret != 0 )
+                goto exit;
 
             for( i = 16; i > 0; i-- )
                 if( ++nonce_counter[i - 1] != 0 )
@@ -1396,8 +1422,10 @@ int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx,
     }
 
     *nc_off = n;
+    ret = 0;
 
-    return( 0 );
+exit:
+    return( ret );
 }
 #endif /* MBEDTLS_CIPHER_MODE_CTR */
 
diff --git a/library/des.c b/library/des.c
index 7f90faa044..91d22b5d90 100644
--- a/library/des.c
+++ b/library/des.c
@@ -28,6 +28,7 @@
 #if defined(MBEDTLS_DES_C)
 
 #include "mbedtls/des.h"
+#include "mbedtls/error.h"
 #include "mbedtls/platform_util.h"
 
 #include <string.h>
@@ -642,6 +643,7 @@ int mbedtls_des_crypt_cbc( mbedtls_des_context *ctx,
                     unsigned char *output )
 {
     int i;
+    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char temp[8];
 
     if( length % 8 )
@@ -654,7 +656,9 @@ int mbedtls_des_crypt_cbc( mbedtls_des_context *ctx,
             for( i = 0; i < 8; i++ )
                 output[i] = (unsigned char)( input[i] ^ iv[i] );
 
-            mbedtls_des_crypt_ecb( ctx, output, output );
+            ret = mbedtls_des_crypt_ecb( ctx, output, output );
+            if( ret != 0 )
+                goto exit;
             memcpy( iv, output, 8 );
 
             input  += 8;
@@ -667,7 +671,9 @@ int mbedtls_des_crypt_cbc( mbedtls_des_context *ctx,
         while( length > 0 )
         {
             memcpy( temp, input, 8 );
-            mbedtls_des_crypt_ecb( ctx, input, output );
+            ret = mbedtls_des_crypt_ecb( ctx, input, output );
+            if( ret != 0 )
+                goto exit;
 
             for( i = 0; i < 8; i++ )
                 output[i] = (unsigned char)( output[i] ^ iv[i] );
@@ -679,8 +685,10 @@ int mbedtls_des_crypt_cbc( mbedtls_des_context *ctx,
             length -= 8;
         }
     }
+    ret = 0;
 
-    return( 0 );
+exit:
+    return( ret );
 }
 #endif /* MBEDTLS_CIPHER_MODE_CBC */
 
@@ -741,6 +749,7 @@ int mbedtls_des3_crypt_cbc( mbedtls_des3_context *ctx,
                      unsigned char *output )
 {
     int i;
+    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char temp[8];
 
     if( length % 8 )
@@ -753,7 +762,9 @@ int mbedtls_des3_crypt_cbc( mbedtls_des3_context *ctx,
             for( i = 0; i < 8; i++ )
                 output[i] = (unsigned char)( input[i] ^ iv[i] );
 
-            mbedtls_des3_crypt_ecb( ctx, output, output );
+            ret = mbedtls_des3_crypt_ecb( ctx, output, output );
+            if( ret != 0 )
+                goto exit;
             memcpy( iv, output, 8 );
 
             input  += 8;
@@ -766,7 +777,9 @@ int mbedtls_des3_crypt_cbc( mbedtls_des3_context *ctx,
         while( length > 0 )
         {
             memcpy( temp, input, 8 );
-            mbedtls_des3_crypt_ecb( ctx, input, output );
+            ret = mbedtls_des3_crypt_ecb( ctx, input, output );
+            if( ret != 0 )
+                goto exit;
 
             for( i = 0; i < 8; i++ )
                 output[i] = (unsigned char)( output[i] ^ iv[i] );
@@ -778,8 +791,10 @@ int mbedtls_des3_crypt_cbc( mbedtls_des3_context *ctx,
             length -= 8;
         }
     }
+    ret = 0;
 
-    return( 0 );
+exit:
+    return( ret );
 }
 #endif /* MBEDTLS_CIPHER_MODE_CBC */
 
@@ -872,39 +887,43 @@ int mbedtls_des_self_test( int verbose )
         switch( i )
         {
         case 0:
-            mbedtls_des_setkey_dec( &ctx, des3_test_keys );
+            ret = mbedtls_des_setkey_dec( &ctx, des3_test_keys );
             break;
 
         case 1:
-            mbedtls_des_setkey_enc( &ctx, des3_test_keys );
+            ret = mbedtls_des_setkey_enc( &ctx, des3_test_keys );
             break;
 
         case 2:
-            mbedtls_des3_set2key_dec( &ctx3, des3_test_keys );
+            ret = mbedtls_des3_set2key_dec( &ctx3, des3_test_keys );
             break;
 
         case 3:
-            mbedtls_des3_set2key_enc( &ctx3, des3_test_keys );
+            ret = mbedtls_des3_set2key_enc( &ctx3, des3_test_keys );
             break;
 
         case 4:
-            mbedtls_des3_set3key_dec( &ctx3, des3_test_keys );
+            ret = mbedtls_des3_set3key_dec( &ctx3, des3_test_keys );
             break;
 
         case 5:
-            mbedtls_des3_set3key_enc( &ctx3, des3_test_keys );
+            ret = mbedtls_des3_set3key_enc( &ctx3, des3_test_keys );
             break;
 
         default:
             return( 1 );
         }
+        if( ret != 0 )
+            goto exit;
 
         for( j = 0; j < 100; j++ )
         {
             if( u == 0 )
-                mbedtls_des_crypt_ecb( &ctx, buf, buf );
+                ret = mbedtls_des_crypt_ecb( &ctx, buf, buf );
             else
-                mbedtls_des3_crypt_ecb( &ctx3, buf, buf );
+                ret = mbedtls_des3_crypt_ecb( &ctx3, buf, buf );
+            if( ret != 0 )
+                goto exit;
         }
 
         if( ( v == MBEDTLS_DES_DECRYPT &&
@@ -947,41 +966,45 @@ int mbedtls_des_self_test( int verbose )
         switch( i )
         {
         case 0:
-            mbedtls_des_setkey_dec( &ctx, des3_test_keys );
+            ret = mbedtls_des_setkey_dec( &ctx, des3_test_keys );
             break;
 
         case 1:
-            mbedtls_des_setkey_enc( &ctx, des3_test_keys );
+            ret = mbedtls_des_setkey_enc( &ctx, des3_test_keys );
             break;
 
         case 2:
-            mbedtls_des3_set2key_dec( &ctx3, des3_test_keys );
+            ret = mbedtls_des3_set2key_dec( &ctx3, des3_test_keys );
             break;
 
         case 3:
-            mbedtls_des3_set2key_enc( &ctx3, des3_test_keys );
+            ret = mbedtls_des3_set2key_enc( &ctx3, des3_test_keys );
             break;
 
         case 4:
-            mbedtls_des3_set3key_dec( &ctx3, des3_test_keys );
+            ret = mbedtls_des3_set3key_dec( &ctx3, des3_test_keys );
             break;
 
         case 5:
-            mbedtls_des3_set3key_enc( &ctx3, des3_test_keys );
+            ret = mbedtls_des3_set3key_enc( &ctx3, des3_test_keys );
             break;
 
         default:
             return( 1 );
         }
+        if( ret != 0 )
+            goto exit;
 
         if( v == MBEDTLS_DES_DECRYPT )
         {
             for( j = 0; j < 100; j++ )
             {
                 if( u == 0 )
-                    mbedtls_des_crypt_cbc( &ctx, v, 8, iv, buf, buf );
+                    ret = mbedtls_des_crypt_cbc( &ctx, v, 8, iv, buf, buf );
                 else
-                    mbedtls_des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf );
+                    ret = mbedtls_des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf );
+                if( ret != 0 )
+                    goto exit;
             }
         }
         else
@@ -991,9 +1014,11 @@ int mbedtls_des_self_test( int verbose )
                 unsigned char tmp[8];
 
                 if( u == 0 )
-                    mbedtls_des_crypt_cbc( &ctx, v, 8, iv, buf, buf );
+                    ret = mbedtls_des_crypt_cbc( &ctx, v, 8, iv, buf, buf );
                 else
-                    mbedtls_des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf );
+                    ret = mbedtls_des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf );
+                if( ret != 0 )
+                    goto exit;
 
                 memcpy( tmp, prv, 8 );
                 memcpy( prv, buf, 8 );
@@ -1027,6 +1052,8 @@ exit:
     mbedtls_des_free( &ctx );
     mbedtls_des3_free( &ctx3 );
 
+    if( ret != 0 )
+        ret = 1;
     return( ret );
 }
 
diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c
index eccb42ad83..d633e4d1b8 100644
--- a/programs/pkey/dh_client.c
+++ b/programs/pkey/dh_client.c
@@ -270,7 +270,9 @@ int main( void )
     mbedtls_printf( "...\n  . Receiving and decrypting the ciphertext" );
     fflush( stdout );
 
-    mbedtls_aes_setkey_dec( &aes, buf, 256 );
+    ret = mbedtls_aes_setkey_dec( &aes, buf, 256 );
+    if( ret != 0 )
+        goto exit;
 
     memset( buf, 0, sizeof( buf ) );
 
@@ -280,7 +282,9 @@ int main( void )
         goto exit;
     }
 
-    mbedtls_aes_crypt_ecb( &aes, MBEDTLS_AES_DECRYPT, buf, buf );
+    ret = mbedtls_aes_crypt_ecb( &aes, MBEDTLS_AES_DECRYPT, buf, buf );
+    if( ret != 0 )
+        goto exit;
     buf[16] = '\0';
     mbedtls_printf( "\n  . Plaintext is \"%s\"\n\n", (char *) buf );
 
diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c
index 0ddb85cf83..75713ff58d 100644
--- a/programs/pkey/dh_server.c
+++ b/programs/pkey/dh_server.c
@@ -290,9 +290,13 @@ int main( void )
     mbedtls_printf( "...\n  . Encrypting and sending the ciphertext" );
     fflush( stdout );
 
-    mbedtls_aes_setkey_enc( &aes, buf, 256 );
+    ret = mbedtls_aes_setkey_enc( &aes, buf, 256 );
+    if( ret != 0 )
+        goto exit;
     memcpy( buf, PLAINTEXT, 16 );
-    mbedtls_aes_crypt_ecb( &aes, MBEDTLS_AES_ENCRYPT, buf, buf );
+    ret = mbedtls_aes_crypt_ecb( &aes, MBEDTLS_AES_ENCRYPT, buf, buf );
+    if( ret != 0 )
+        goto exit;
 
     if( ( ret = mbedtls_net_send( &client_fd, buf, 16 ) ) != 16 )
     {
diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c
index 5985caf0bb..d3faad91ea 100644
--- a/programs/test/benchmark.c
+++ b/programs/test/benchmark.c
@@ -674,7 +674,8 @@ int main( int argc, char *argv[] )
     {
         mbedtls_des3_context des3;
         mbedtls_des3_init( &des3 );
-        mbedtls_des3_set3key_enc( &des3, tmp );
+        if( mbedtls_des3_set3key_enc( &des3, tmp ) != 0 )
+            mbedtls_exit( 1 );
         TIME_AND_TSC( "3DES",
                 mbedtls_des3_crypt_cbc( &des3, MBEDTLS_DES_ENCRYPT, BUFSIZE, tmp, buf, buf ) );
         mbedtls_des3_free( &des3 );
@@ -684,7 +685,8 @@ int main( int argc, char *argv[] )
     {
         mbedtls_des_context des;
         mbedtls_des_init( &des );
-        mbedtls_des_setkey_enc( &des, tmp );
+        if( mbedtls_des_setkey_enc( &des, tmp ) != 0 )
+            mbedtls_exit( 1 );
         TIME_AND_TSC( "DES",
                 mbedtls_des_crypt_cbc( &des, MBEDTLS_DES_ENCRYPT, BUFSIZE, tmp, buf, buf ) );
         mbedtls_des_free( &des );
@@ -722,7 +724,7 @@ int main( int argc, char *argv[] )
 
             memset( buf, 0, sizeof( buf ) );
             memset( tmp, 0, sizeof( tmp ) );
-            mbedtls_aes_setkey_enc( &aes, tmp, keysize );
+            CHECK_AND_CONTINUE( mbedtls_aes_setkey_enc( &aes, tmp, keysize ) );
 
             TIME_AND_TSC( title,
                 mbedtls_aes_crypt_cbc( &aes, MBEDTLS_AES_ENCRYPT, BUFSIZE, tmp, buf, buf ) );
@@ -743,7 +745,7 @@ int main( int argc, char *argv[] )
 
             memset( buf, 0, sizeof( buf ) );
             memset( tmp, 0, sizeof( tmp ) );
-            mbedtls_aes_xts_setkey_enc( &ctx, tmp, keysize * 2 );
+            CHECK_AND_CONTINUE( mbedtls_aes_xts_setkey_enc( &ctx, tmp, keysize * 2 ) );
 
             TIME_AND_TSC( title,
                     mbedtls_aes_crypt_xts( &ctx, MBEDTLS_AES_ENCRYPT, BUFSIZE,
diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function
index 1892c2595a..52af8e02f2 100644
--- a/tests/suites/test_suite_aes.function
+++ b/tests/suites/test_suite_aes.function
@@ -67,7 +67,7 @@ void aes_encrypt_cbc( data_t * key_str, data_t * iv_str,
 
     mbedtls_aes_init( &ctx );
 
-    mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 );
+    TEST_ASSERT( mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 ) == 0 );
     TEST_ASSERT( mbedtls_aes_crypt_cbc( &ctx, MBEDTLS_AES_ENCRYPT, src_str->len, iv_str->x, src_str->x, output ) == cbc_result );
     if( cbc_result == 0 )
     {
@@ -92,7 +92,7 @@ void aes_decrypt_cbc( data_t * key_str, data_t * iv_str,
     memset(output, 0x00, 100);
     mbedtls_aes_init( &ctx );
 
-    mbedtls_aes_setkey_dec( &ctx, key_str->x, key_str->len * 8 );
+    TEST_ASSERT( mbedtls_aes_setkey_dec( &ctx, key_str->x, key_str->len * 8 ) == 0 );
     TEST_ASSERT( mbedtls_aes_crypt_cbc( &ctx, MBEDTLS_AES_DECRYPT, src_str->len, iv_str->x, src_str->x, output ) == cbc_result );
     if( cbc_result == 0)
     {
@@ -241,7 +241,7 @@ void aes_encrypt_cfb128( data_t * key_str, data_t * iv_str,
     mbedtls_aes_init( &ctx );
 
 
-    mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 );
+    TEST_ASSERT( mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 ) == 0 );
     TEST_ASSERT( mbedtls_aes_crypt_cfb128( &ctx, MBEDTLS_AES_ENCRYPT, 16, &iv_offset, iv_str->x, src_str->x, output ) == 0 );
 
     TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 16, dst->len ) == 0 );
@@ -263,7 +263,7 @@ void aes_decrypt_cfb128( data_t * key_str, data_t * iv_str,
     mbedtls_aes_init( &ctx );
 
 
-    mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 );
+    TEST_ASSERT( mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 ) == 0 );
     TEST_ASSERT( mbedtls_aes_crypt_cfb128( &ctx, MBEDTLS_AES_DECRYPT, 16, &iv_offset, iv_str->x, src_str->x, output ) == 0 );
 
     TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 16, dst->len ) == 0 );
@@ -284,7 +284,7 @@ void aes_encrypt_cfb8( data_t * key_str, data_t * iv_str,
     mbedtls_aes_init( &ctx );
 
 
-    mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 );
+    TEST_ASSERT( mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 ) == 0 );
     TEST_ASSERT( mbedtls_aes_crypt_cfb8( &ctx, MBEDTLS_AES_ENCRYPT, src_str->len, iv_str->x, src_str->x, output ) == 0 );
 
     TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x,
@@ -306,7 +306,7 @@ void aes_decrypt_cfb8( data_t * key_str, data_t * iv_str,
     mbedtls_aes_init( &ctx );
 
 
-    mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 );
+    TEST_ASSERT( mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 ) == 0 );
     TEST_ASSERT( mbedtls_aes_crypt_cfb8( &ctx, MBEDTLS_AES_DECRYPT, src_str->len, iv_str->x, src_str->x, output ) == 0 );
 
     TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x,
diff --git a/tests/suites/test_suite_des.function b/tests/suites/test_suite_des.function
index 5b249355b6..7256fb5376 100644
--- a/tests/suites/test_suite_des.function
+++ b/tests/suites/test_suite_des.function
@@ -24,7 +24,7 @@ void des_encrypt_ecb( data_t * key_str, data_t * src_str, data_t * dst )
     mbedtls_des_init( &ctx );
 
 
-    mbedtls_des_setkey_enc( &ctx, key_str->x );
+    TEST_ASSERT( mbedtls_des_setkey_enc( &ctx, key_str->x ) == 0 );
     TEST_ASSERT( mbedtls_des_crypt_ecb( &ctx, src_str->x, output ) == 0 );
 
     TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 8, dst->len ) == 0 );
@@ -44,7 +44,7 @@ void des_decrypt_ecb( data_t * key_str, data_t * src_str, data_t * dst )
     mbedtls_des_init( &ctx );
 
 
-    mbedtls_des_setkey_dec( &ctx, key_str->x );
+    TEST_ASSERT( mbedtls_des_setkey_dec( &ctx, key_str->x ) == 0 );
     TEST_ASSERT( mbedtls_des_crypt_ecb( &ctx, src_str->x, output ) == 0 );
 
     TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 8, dst->len ) == 0 );
@@ -65,7 +65,7 @@ void des_encrypt_cbc( data_t * key_str, data_t * iv_str,
     mbedtls_des_init( &ctx );
 
 
-    mbedtls_des_setkey_enc( &ctx, key_str->x );
+    TEST_ASSERT( mbedtls_des_setkey_enc( &ctx, key_str->x ) == 0 );
     TEST_ASSERT( mbedtls_des_crypt_cbc( &ctx, MBEDTLS_DES_ENCRYPT, src_str->len, iv_str->x, src_str->x, output ) == cbc_result );
     if( cbc_result == 0 )
     {
@@ -91,7 +91,7 @@ void des_decrypt_cbc( data_t * key_str, data_t * iv_str,
     mbedtls_des_init( &ctx );
 
 
-    mbedtls_des_setkey_dec( &ctx, key_str->x );
+    TEST_ASSERT( mbedtls_des_setkey_dec( &ctx, key_str->x ) == 0 );
     TEST_ASSERT( mbedtls_des_crypt_cbc( &ctx, MBEDTLS_DES_DECRYPT, src_str->len, iv_str->x, src_str->x, output ) == cbc_result );
     if( cbc_result == 0 )
     {
@@ -117,9 +117,9 @@ void des3_encrypt_ecb( int key_count, data_t * key_str,
 
 
     if( key_count == 2 )
-        mbedtls_des3_set2key_enc( &ctx, key_str->x );
+        TEST_ASSERT( mbedtls_des3_set2key_enc( &ctx, key_str->x ) == 0 );
     else if( key_count == 3 )
-        mbedtls_des3_set3key_enc( &ctx, key_str->x );
+        TEST_ASSERT( mbedtls_des3_set3key_enc( &ctx, key_str->x ) == 0 );
     else
         TEST_ASSERT( 0 );
 
@@ -144,9 +144,9 @@ void des3_decrypt_ecb( int key_count, data_t * key_str,
 
 
     if( key_count == 2 )
-        mbedtls_des3_set2key_dec( &ctx, key_str->x );
+        TEST_ASSERT( mbedtls_des3_set2key_dec( &ctx, key_str->x ) == 0 );
     else if( key_count == 3 )
-        mbedtls_des3_set3key_dec( &ctx, key_str->x );
+        TEST_ASSERT( mbedtls_des3_set3key_dec( &ctx, key_str->x ) == 0 );
     else
         TEST_ASSERT( 0 );
 
@@ -172,9 +172,9 @@ void des3_encrypt_cbc( int key_count, data_t * key_str,
 
 
     if( key_count == 2 )
-        mbedtls_des3_set2key_enc( &ctx, key_str->x );
+        TEST_ASSERT( mbedtls_des3_set2key_enc( &ctx, key_str->x ) == 0 );
     else if( key_count == 3 )
-        mbedtls_des3_set3key_enc( &ctx, key_str->x );
+        TEST_ASSERT( mbedtls_des3_set3key_enc( &ctx, key_str->x ) == 0 );
     else
         TEST_ASSERT( 0 );
 
@@ -205,9 +205,9 @@ void des3_decrypt_cbc( int key_count, data_t * key_str,
 
 
     if( key_count == 2 )
-        mbedtls_des3_set2key_dec( &ctx, key_str->x );
+        TEST_ASSERT( mbedtls_des3_set2key_dec( &ctx, key_str->x ) == 0 );
     else if( key_count == 3 )
-        mbedtls_des3_set3key_dec( &ctx, key_str->x );
+        TEST_ASSERT( mbedtls_des3_set3key_dec( &ctx, key_str->x ) == 0 );
     else
         TEST_ASSERT( 0 );
 

From c78833abc70c9b641a5e626388d4c8445eac45f7 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Mon, 27 Sep 2021 16:00:40 +0100
Subject: [PATCH 610/966] Add reminder of assumption to documentation

Key size is not verified by this function, but by the level above it.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto_aead.h | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/library/psa_crypto_aead.h b/library/psa_crypto_aead.h
index 9b6b798b66..e82e1cc098 100644
--- a/library/psa_crypto_aead.h
+++ b/library/psa_crypto_aead.h
@@ -169,6 +169,8 @@ psa_status_t mbedtls_psa_aead_decrypt(
  *                              operation.
  * \param[in]  key_buffer       The buffer containing the key context.
  * \param      key_buffer_size  Size of the \p key_buffer buffer in bytes.
+                                It must be consistent with the size in bits
+                                recorded in \p attributes.
  * \param alg                   The AEAD algorithm to compute
  *                              (\c PSA_ALG_XXX value such that
  *                              #PSA_ALG_IS_AEAD(\p alg) is true).
@@ -210,6 +212,8 @@ psa_status_t mbedtls_psa_aead_encrypt_setup(
  *                              operation.
  * \param[in]  key_buffer       The buffer containing the key context.
  * \param      key_buffer_size  Size of the \p key_buffer buffer in bytes.
+                                It must be consistent with the size in bits
+                                recorded in \p attributes.
  * \param alg                   The AEAD algorithm to compute
  *                              (\c PSA_ALG_XXX value such that
  *                              #PSA_ALG_IS_AEAD(\p alg) is true).

From e35f8f6a770f5f994e9ada6b95c5b474331bc6f9 Mon Sep 17 00:00:00 2001
From: Mateusz Starzyk <mateusz.starzyk@mobica.com>
Date: Wed, 4 Aug 2021 15:38:09 +0200
Subject: [PATCH 611/966] Move MBEDTLS_CHECK_RETURN to platform_util.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
---
 include/mbedtls/aes.h           |  1 +
 include/mbedtls/build_info.h    | 18 ------------------
 include/mbedtls/des.h           |  1 +
 include/mbedtls/platform_util.h | 20 ++++++++++++++++++++
 4 files changed, 22 insertions(+), 18 deletions(-)

diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h
index eb75935c1f..5c07b912d9 100644
--- a/include/mbedtls/aes.h
+++ b/include/mbedtls/aes.h
@@ -42,6 +42,7 @@
 #include "mbedtls/private_access.h"
 
 #include "mbedtls/build_info.h"
+#include "mbedtls/platform_util.h"
 
 #include <stddef.h>
 #include <stdint.h>
diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h
index 46717608be..23f85ba01e 100644
--- a/include/mbedtls/build_info.h
+++ b/include/mbedtls/build_info.h
@@ -53,24 +53,6 @@
 #define _CRT_SECURE_NO_DEPRECATE 1
 #endif
 
-/** \def MBEDTLS_CHECK_RETURN
- *
- * This macro appearing at the beginning of the declaration of a function
- * indicates that its return value should be checked.
- *
- * This should appear before most functions returning an error code
- * (as \c int in the \c mbedtls_xxx API or
- * as ::psa_status_t in the \c psa_xxx API).
- */
-#if defined(__GNUC__)
-#define MBEDTLS_CHECK_RETURN __attribute__((warn_unused_result))
-#elif defined(_MSC_VER) && _MSC_VER >= 1700
-#include <sal.h>
-#define MBEDTLS_CHECK_RETURN _Check_return_
-#else
-#define MBEDTLS_CHECK_RETURN
-#endif
-
 #if !defined(MBEDTLS_CONFIG_FILE)
 #include "mbedtls/mbedtls_config.h"
 #else
diff --git a/include/mbedtls/des.h b/include/mbedtls/des.h
index 7bd618c276..d5289d3fc1 100644
--- a/include/mbedtls/des.h
+++ b/include/mbedtls/des.h
@@ -29,6 +29,7 @@
 #include "mbedtls/private_access.h"
 
 #include "mbedtls/build_info.h"
+#include "mbedtls/platform_util.h"
 
 #include <stddef.h>
 #include <stdint.h>
diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h
index 1a0a13513e..9c64cfd162 100644
--- a/include/mbedtls/platform_util.h
+++ b/include/mbedtls/platform_util.h
@@ -60,6 +60,26 @@ MBEDTLS_DEPRECATED typedef int mbedtls_deprecated_numeric_constant_t;
 #endif /* MBEDTLS_DEPRECATED_WARNING */
 #endif /* MBEDTLS_DEPRECATED_REMOVED */
 
+/** \def MBEDTLS_CHECK_RETURN
+ *
+ * This macro appearing at the beginning of the declaration of a function
+ * indicates that its return value should be checked.
+ *
+ * This should appear before most functions returning an error code
+ * (as \c int in the \c mbedtls_xxx API or
+ * as ::psa_status_t in the \c psa_xxx API).
+ */
+#if !defined(MBEDTLS_CHECK_RETURN)
+#if defined(__GNUC__)
+#define MBEDTLS_CHECK_RETURN __attribute__((warn_unused_result))
+#elif defined(_MSC_VER) && _MSC_VER >= 1700
+#include <sal.h>
+#define MBEDTLS_CHECK_RETURN _Check_return_
+#else
+#define MBEDTLS_CHECK_RETURN
+#endif
+#endif
+
 /**
  * \brief       Securely zeroize a buffer
  *

From 2a25804fd4332594ec27f80fc3bf4bdefe15dd8c Mon Sep 17 00:00:00 2001
From: Mateusz Starzyk <mateusz.starzyk@mobica.com>
Date: Fri, 6 Aug 2021 13:56:54 +0200
Subject: [PATCH 612/966] Add MBEDTLS_CHECK_RETURN description to
 mbedtls_config.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
---
 include/mbedtls/mbedtls_config.h | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index adc317dfef..0b4a3a6b5c 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@@ -256,6 +256,18 @@
  */
 //#define MBEDTLS_DEPRECATED_REMOVED
 
+/** \def MBEDTLS_CHECK_RETURN
+ *
+ * This macro appearing at the beginning of the declaration of a function
+ * indicates that its return value should be checked.
+ *
+ * Default implementation resides in platform_util.h.
+ * You can override default implementation by defining your own.
+ * Custom implementation can be empty, which will disable checking
+ * of functions' return values.
+ */
+//#define MBEDTLS_CHECK_RETURN
+
 /* \} name SECTION: System support */
 
 /**

From ea59237370fcaf04b3e68501d899e4b33cc38b76 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Thu, 23 Sep 2021 17:08:26 +0200
Subject: [PATCH 613/966] Move changelog entry to the appropriate directory

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 check-return.txt => ChangeLog.d/check-return.txt | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename check-return.txt => ChangeLog.d/check-return.txt (100%)

diff --git a/check-return.txt b/ChangeLog.d/check-return.txt
similarity index 100%
rename from check-return.txt
rename to ChangeLog.d/check-return.txt

From 463adf4536b4b04d85ac91eca2b66fe89a35307f Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Thu, 23 Sep 2021 17:28:59 +0200
Subject: [PATCH 614/966] Define indirection macros MBEDTLS_CHECK_RETURN_xxx

Define macros MBEDTLS_CHECK_RETURN_CRITICAL, MBEDTLS_CHECK_RETURN_TYPICAL
and MBEDTLS_CHECK_RETURN_OPTIONAL so that we can indicate on a
function-by-function basis whether checking the function's return value is
almost always necessary (CRITICAL), typically necessary in portable
applications but unnecessary in some reasonable cases (TYPICAL), or
typically unnecessary (OPTIONAL).

Update the documentation of MBEDTLS_CHECK_RETURN accordingly. This is split
between the user documentation (Doxygen, in config.h) and the internal
documentation (non-Doxygen, in platform_util.h, of minor importance since
the macro isn't meant to be used directly).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 include/mbedtls/mbedtls_config.h | 15 +++++----
 include/mbedtls/platform_util.h  | 58 ++++++++++++++++++++++++++++----
 2 files changed, 60 insertions(+), 13 deletions(-)

diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index 0b4a3a6b5c..a840c186a8 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@@ -258,13 +258,16 @@
 
 /** \def MBEDTLS_CHECK_RETURN
  *
- * This macro appearing at the beginning of the declaration of a function
- * indicates that its return value should be checked.
+ * This macro is used at the beginning of the declaration of a function
+ * to indicate that its return value should be checked. It should
+ * instruct the compiler to emit a warning or an error if the function
+ * is called without checking its return value.
  *
- * Default implementation resides in platform_util.h.
- * You can override default implementation by defining your own.
- * Custom implementation can be empty, which will disable checking
- * of functions' return values.
+ * There is a default implementation for popular compilers in platform_util.h.
+ * You can override the default implementation by defining your own here.
+ *
+ * If the implementation here is empty, this will effectively disable the
+ * checking of functions' return values.
  */
 //#define MBEDTLS_CHECK_RETURN
 
diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h
index 9c64cfd162..3a28dac9ac 100644
--- a/include/mbedtls/platform_util.h
+++ b/include/mbedtls/platform_util.h
@@ -60,14 +60,12 @@ MBEDTLS_DEPRECATED typedef int mbedtls_deprecated_numeric_constant_t;
 #endif /* MBEDTLS_DEPRECATED_WARNING */
 #endif /* MBEDTLS_DEPRECATED_REMOVED */
 
-/** \def MBEDTLS_CHECK_RETURN
+/* Implementation of the check-return facility.
+ * See the user documentation in mbedtls_config.h.
  *
- * This macro appearing at the beginning of the declaration of a function
- * indicates that its return value should be checked.
- *
- * This should appear before most functions returning an error code
- * (as \c int in the \c mbedtls_xxx API or
- * as ::psa_status_t in the \c psa_xxx API).
+ * Do not use this macro directly to annotate function: instead,
+ * use one of MBEDTLS_CHECK_RETURN_CRITICAL or MBEDTLS_CHECK_RETURN_TYPICAL
+ * depending on how important it is to check the return value.
  */
 #if !defined(MBEDTLS_CHECK_RETURN)
 #if defined(__GNUC__)
@@ -80,6 +78,52 @@ MBEDTLS_DEPRECATED typedef int mbedtls_deprecated_numeric_constant_t;
 #endif
 #endif
 
+/** Critical-failure function
+ *
+ * This macro appearing at the beginning of the declaration of a function
+ * indicates that its return value should be checked in all applications.
+ * Omitting the check is very likely to indicate a bug in the application
+ * and will result in a compile-time warning if #MBEDTLS_CHECK_RETURN
+ * is implemented for the compiler in use.
+ *
+ * \note  The use of this macro is a work in progress.
+ *        This macro may be added to more functions in the future.
+ *        Such an extension is not considered an API break, provided that
+ *        there are near-unavoidable circumstances under which the function
+ *        can fail. For example, signature/MAC/AEAD verification functions,
+ *        and functions that require a random generator, are considered
+ *        return-check-critical.
+ */
+#define MBEDTLS_CHECK_RETURN_CRITICAL MBEDTLS_CHECK_RETURN
+
+/** Ordinary-failure function
+ *
+ * This macro appearing at the beginning of the declaration of a function
+ * indicates that its return value should be generally be checked in portable
+ * applications. Omitting the check will result in a compile-time warning if
+ * #MBEDTLS_CHECK_RETURN is implemented for the compiler in use.
+ *
+ * \note  The use of this macro is a work in progress.
+ *        This macro will be added to more functions in the future.
+ *        Eventually this should appear before most functions returning
+ *        an error code (as \c int in the \c mbedtls_xxx API or
+ *        as ::psa_status_t in the \c psa_xxx API).
+ */
+#define MBEDTLS_CHECK_RETURN_TYPICAL MBEDTLS_CHECK_RETURN
+
+/** Benign-failure function
+ *
+ * This macro appearing at the beginning of the declaration of a function
+ * indicates that it is rarely useful to check its return value.
+ *
+ * This macro has an empty expansion. It exists for documentation purposes:
+ * a #MBEDTLS_CHECK_RETURN_OPTIONAL annotation indicates that the function
+ * has been analyzed for return-check usefuless, whereas the lack of
+ * an annotation indicates that the function has not been analyzed and its
+ * return-check usefulness is unknown.
+ */
+#define MBEDTLS_CHECK_RETURN_OPTIONAL
+
 /**
  * \brief       Securely zeroize a buffer
  *

From e41803af9cba541de0aeb06d9e6e385649a5cb1c Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Thu, 23 Sep 2021 17:35:37 +0200
Subject: [PATCH 615/966] Change DES and AES functions to
 MBEDTLS_CHECK_RETURN_TYPICAL

For all of these functions, the only possible failures are a hardware
accelerator (not possible unless using an ALT implementation), an internal
error or runtime corruption.

Exception: the self-tests, which serve little purpose if their status isn't
tested.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 include/mbedtls/aes.h | 28 ++++++++++++++--------------
 include/mbedtls/des.h | 26 +++++++++++++-------------
 2 files changed, 27 insertions(+), 27 deletions(-)

diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h
index 5c07b912d9..becbfae1d9 100644
--- a/include/mbedtls/aes.h
+++ b/include/mbedtls/aes.h
@@ -164,7 +164,7 @@ void mbedtls_aes_xts_free( mbedtls_aes_xts_context *ctx );
  * \return         \c 0 on success.
  * \return         #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
  */
-MBEDTLS_CHECK_RETURN
+MBEDTLS_CHECK_RETURN_TYPICAL
 int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
                     unsigned int keybits );
 
@@ -183,7 +183,7 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
  * \return         \c 0 on success.
  * \return         #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
  */
-MBEDTLS_CHECK_RETURN
+MBEDTLS_CHECK_RETURN_TYPICAL
 int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key,
                     unsigned int keybits );
 
@@ -204,7 +204,7 @@ int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key,
  * \return         \c 0 on success.
  * \return         #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
  */
-MBEDTLS_CHECK_RETURN
+MBEDTLS_CHECK_RETURN_TYPICAL
 int mbedtls_aes_xts_setkey_enc( mbedtls_aes_xts_context *ctx,
                                 const unsigned char *key,
                                 unsigned int keybits );
@@ -225,7 +225,7 @@ int mbedtls_aes_xts_setkey_enc( mbedtls_aes_xts_context *ctx,
  * \return         \c 0 on success.
  * \return         #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
  */
-MBEDTLS_CHECK_RETURN
+MBEDTLS_CHECK_RETURN_TYPICAL
 int mbedtls_aes_xts_setkey_dec( mbedtls_aes_xts_context *ctx,
                                 const unsigned char *key,
                                 unsigned int keybits );
@@ -254,7 +254,7 @@ int mbedtls_aes_xts_setkey_dec( mbedtls_aes_xts_context *ctx,
 
  * \return         \c 0 on success.
  */
-MBEDTLS_CHECK_RETURN
+MBEDTLS_CHECK_RETURN_TYPICAL
 int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx,
                     int mode,
                     const unsigned char input[16],
@@ -302,7 +302,7 @@ int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx,
  * \return         #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH
  *                 on failure.
  */
-MBEDTLS_CHECK_RETURN
+MBEDTLS_CHECK_RETURN_TYPICAL
 int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx,
                     int mode,
                     size_t length,
@@ -347,7 +347,7 @@ int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx,
  *                     smaller than an AES block in size (16 Bytes) or if \p
  *                     length is larger than 2^20 blocks (16 MiB).
  */
-MBEDTLS_CHECK_RETURN
+MBEDTLS_CHECK_RETURN_TYPICAL
 int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx,
                            int mode,
                            size_t length,
@@ -396,7 +396,7 @@ int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx,
  *
  * \return         \c 0 on success.
  */
-MBEDTLS_CHECK_RETURN
+MBEDTLS_CHECK_RETURN_TYPICAL
 int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx,
                        int mode,
                        size_t length,
@@ -441,7 +441,7 @@ int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx,
  *
  * \return         \c 0 on success.
  */
-MBEDTLS_CHECK_RETURN
+MBEDTLS_CHECK_RETURN_TYPICAL
 int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx,
                     int mode,
                     size_t length,
@@ -496,7 +496,7 @@ int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx,
  *
  * \return         \c 0 on success.
  */
-MBEDTLS_CHECK_RETURN
+MBEDTLS_CHECK_RETURN_TYPICAL
 int mbedtls_aes_crypt_ofb( mbedtls_aes_context *ctx,
                        size_t length,
                        size_t *iv_off,
@@ -583,7 +583,7 @@ int mbedtls_aes_crypt_ofb( mbedtls_aes_context *ctx,
  *
  * \return                 \c 0 on success.
  */
-MBEDTLS_CHECK_RETURN
+MBEDTLS_CHECK_RETURN_TYPICAL
 int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx,
                        size_t length,
                        size_t *nc_off,
@@ -604,7 +604,7 @@ int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx,
  *
  * \return          \c 0 on success.
  */
-MBEDTLS_CHECK_RETURN
+MBEDTLS_CHECK_RETURN_TYPICAL
 int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx,
                                   const unsigned char input[16],
                                   unsigned char output[16] );
@@ -620,7 +620,7 @@ int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx,
  *
  * \return          \c 0 on success.
  */
-MBEDTLS_CHECK_RETURN
+MBEDTLS_CHECK_RETURN_TYPICAL
 int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx,
                                   const unsigned char input[16],
                                   unsigned char output[16] );
@@ -632,7 +632,7 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx,
  * \return         \c 0 on success.
  * \return         \c 1 on failure.
  */
-MBEDTLS_CHECK_RETURN
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_aes_self_test( int verbose );
 
 #endif /* MBEDTLS_SELF_TEST */
diff --git a/include/mbedtls/des.h b/include/mbedtls/des.h
index d5289d3fc1..be74cb111e 100644
--- a/include/mbedtls/des.h
+++ b/include/mbedtls/des.h
@@ -140,7 +140,7 @@ void mbedtls_des_key_set_parity( unsigned char key[MBEDTLS_DES_KEY_SIZE] );
  *                 security risk. We recommend considering stronger ciphers
  *                 instead.
  */
-MBEDTLS_CHECK_RETURN
+MBEDTLS_CHECK_RETURN_TYPICAL
 int mbedtls_des_key_check_key_parity( const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
 
 /**
@@ -154,7 +154,7 @@ int mbedtls_des_key_check_key_parity( const unsigned char key[MBEDTLS_DES_KEY_SI
  *                 security risk. We recommend considering stronger ciphers
  *                 instead.
  */
-MBEDTLS_CHECK_RETURN
+MBEDTLS_CHECK_RETURN_TYPICAL
 int mbedtls_des_key_check_weak( const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
 
 /**
@@ -169,7 +169,7 @@ int mbedtls_des_key_check_weak( const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
  *                 security risk. We recommend considering stronger ciphers
  *                 instead.
  */
-MBEDTLS_CHECK_RETURN
+MBEDTLS_CHECK_RETURN_TYPICAL
 int mbedtls_des_setkey_enc( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
 
 /**
@@ -184,7 +184,7 @@ int mbedtls_des_setkey_enc( mbedtls_des_context *ctx, const unsigned char key[MB
  *                 security risk. We recommend considering stronger ciphers
  *                 instead.
  */
-MBEDTLS_CHECK_RETURN
+MBEDTLS_CHECK_RETURN_TYPICAL
 int mbedtls_des_setkey_dec( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
 
 /**
@@ -195,7 +195,7 @@ int mbedtls_des_setkey_dec( mbedtls_des_context *ctx, const unsigned char key[MB
  *
  * \return         0
  */
-MBEDTLS_CHECK_RETURN
+MBEDTLS_CHECK_RETURN_TYPICAL
 int mbedtls_des3_set2key_enc( mbedtls_des3_context *ctx,
                       const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] );
 
@@ -207,7 +207,7 @@ int mbedtls_des3_set2key_enc( mbedtls_des3_context *ctx,
  *
  * \return         0
  */
-MBEDTLS_CHECK_RETURN
+MBEDTLS_CHECK_RETURN_TYPICAL
 int mbedtls_des3_set2key_dec( mbedtls_des3_context *ctx,
                       const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] );
 
@@ -219,7 +219,7 @@ int mbedtls_des3_set2key_dec( mbedtls_des3_context *ctx,
  *
  * \return         0
  */
-MBEDTLS_CHECK_RETURN
+MBEDTLS_CHECK_RETURN_TYPICAL
 int mbedtls_des3_set3key_enc( mbedtls_des3_context *ctx,
                       const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] );
 
@@ -231,7 +231,7 @@ int mbedtls_des3_set3key_enc( mbedtls_des3_context *ctx,
  *
  * \return         0
  */
-MBEDTLS_CHECK_RETURN
+MBEDTLS_CHECK_RETURN_TYPICAL
 int mbedtls_des3_set3key_dec( mbedtls_des3_context *ctx,
                       const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] );
 
@@ -248,7 +248,7 @@ int mbedtls_des3_set3key_dec( mbedtls_des3_context *ctx,
  *                 security risk. We recommend considering stronger ciphers
  *                 instead.
  */
-MBEDTLS_CHECK_RETURN
+MBEDTLS_CHECK_RETURN_TYPICAL
 int mbedtls_des_crypt_ecb( mbedtls_des_context *ctx,
                     const unsigned char input[8],
                     unsigned char output[8] );
@@ -276,7 +276,7 @@ int mbedtls_des_crypt_ecb( mbedtls_des_context *ctx,
  *                 security risk. We recommend considering stronger ciphers
  *                 instead.
  */
-MBEDTLS_CHECK_RETURN
+MBEDTLS_CHECK_RETURN_TYPICAL
 int mbedtls_des_crypt_cbc( mbedtls_des_context *ctx,
                     int mode,
                     size_t length,
@@ -294,7 +294,7 @@ int mbedtls_des_crypt_cbc( mbedtls_des_context *ctx,
  *
  * \return         0 if successful
  */
-MBEDTLS_CHECK_RETURN
+MBEDTLS_CHECK_RETURN_TYPICAL
 int mbedtls_des3_crypt_ecb( mbedtls_des3_context *ctx,
                      const unsigned char input[8],
                      unsigned char output[8] );
@@ -320,7 +320,7 @@ int mbedtls_des3_crypt_ecb( mbedtls_des3_context *ctx,
  *
  * \return         0 if successful, or MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH
  */
-MBEDTLS_CHECK_RETURN
+MBEDTLS_CHECK_RETURN_TYPICAL
 int mbedtls_des3_crypt_cbc( mbedtls_des3_context *ctx,
                      int mode,
                      size_t length,
@@ -351,7 +351,7 @@ void mbedtls_des_setkey( uint32_t SK[32],
  *
  * \return         0 if successful, or 1 if the test failed
  */
-MBEDTLS_CHECK_RETURN
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_des_self_test( int verbose );
 
 #endif /* MBEDTLS_SELF_TEST */

From 3f106f762dc0c65583da54c4ed3328ed18718570 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Thu, 23 Sep 2021 17:42:39 +0200
Subject: [PATCH 616/966] Move MBEDTLS_CHECK_RETURN to the correct section

This is not a boolean macro: it's useful for what it expands to.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 include/mbedtls/mbedtls_config.h | 30 +++++++++++++++---------------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index a840c186a8..2110cc27b6 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@@ -256,21 +256,6 @@
  */
 //#define MBEDTLS_DEPRECATED_REMOVED
 
-/** \def MBEDTLS_CHECK_RETURN
- *
- * This macro is used at the beginning of the declaration of a function
- * to indicate that its return value should be checked. It should
- * instruct the compiler to emit a warning or an error if the function
- * is called without checking its return value.
- *
- * There is a default implementation for popular compilers in platform_util.h.
- * You can override the default implementation by defining your own here.
- *
- * If the implementation here is empty, this will effectively disable the
- * checking of functions' return values.
- */
-//#define MBEDTLS_CHECK_RETURN
-
 /* \} name SECTION: System support */
 
 /**
@@ -3082,6 +3067,21 @@
 //#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO   mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */
 //#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO  mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */
 
+/** \def MBEDTLS_CHECK_RETURN
+ *
+ * This macro is used at the beginning of the declaration of a function
+ * to indicate that its return value should be checked. It should
+ * instruct the compiler to emit a warning or an error if the function
+ * is called without checking its return value.
+ *
+ * There is a default implementation for popular compilers in platform_util.h.
+ * You can override the default implementation by defining your own here.
+ *
+ * If the implementation here is empty, this will effectively disable the
+ * checking of functions' return values.
+ */
+//#define MBEDTLS_CHECK_RETURN
+
 /* PSA options */
 /**
  * Use HMAC_DRBG with the specified hash algorithm for HMAC_DRBG for the

From 913fc5fff3831057f03b1de529c76ecd65e34b26 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Thu, 23 Sep 2021 17:43:46 +0200
Subject: [PATCH 617/966] Better default for MBEDTLS_CHECK_RETURN in config.h

An empty expansion is possible, but as documented its effect is to disable
the feature, so that isn't a good example. Instead, use the GCC
implementation as the default: it's plausible that it could work even on
compilers that don't advertise themselves as sufficiently GCC-like to define
__GNUC__, and if not it gives users a concrete idea of what the macro is
supposed to do.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 include/mbedtls/mbedtls_config.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index 2110cc27b6..13c86ed582 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@@ -3080,7 +3080,7 @@
  * If the implementation here is empty, this will effectively disable the
  * checking of functions' return values.
  */
-//#define MBEDTLS_CHECK_RETURN
+//#define MBEDTLS_CHECK_RETURN __attribute__(__warn_unused_result__)
 
 /* PSA options */
 /**

From a33e6935bc061a897a62a5b4ef053693aaf754bd Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Thu, 23 Sep 2021 17:46:12 +0200
Subject: [PATCH 618/966] Use reserved identifier for warn_unused_result

This is normally equivalent, but works even if some other header defines a
macro called warn_unused_result.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 include/mbedtls/platform_util.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h
index 3a28dac9ac..d8379deb31 100644
--- a/include/mbedtls/platform_util.h
+++ b/include/mbedtls/platform_util.h
@@ -69,7 +69,7 @@ MBEDTLS_DEPRECATED typedef int mbedtls_deprecated_numeric_constant_t;
  */
 #if !defined(MBEDTLS_CHECK_RETURN)
 #if defined(__GNUC__)
-#define MBEDTLS_CHECK_RETURN __attribute__((warn_unused_result))
+#define MBEDTLS_CHECK_RETURN __attribute__((__warn_unused_result__))
 #elif defined(_MSC_VER) && _MSC_VER >= 1700
 #include <sal.h>
 #define MBEDTLS_CHECK_RETURN _Check_return_

From 9a7d4c273470fdfb5a33566f8e2b9e36fc8b29d2 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Thu, 23 Sep 2021 18:07:36 +0200
Subject: [PATCH 619/966] New configuration option MBEDTLS_CHECK_RETURN_WARNING

MBEDTLS_CHECK_RETURN_TYPICAL defaults off, but is enabled if
MBEDTLS_CHECK_RETURN_WARNING is enabled at compile time.
(MBEDTLS_CHECK_RETURN_CRITICAL is always enabled.)

The default is off so that a plausible program that builds with one version
of Mbed TLS in the default configuration will still build under the next
version.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 ChangeLog.d/check-return.txt     | 13 +++++++++----
 include/mbedtls/mbedtls_config.h | 23 +++++++++++++++++++++++
 include/mbedtls/platform_util.h  |  4 ++++
 3 files changed, 36 insertions(+), 4 deletions(-)

diff --git a/ChangeLog.d/check-return.txt b/ChangeLog.d/check-return.txt
index e6371ec69b..045b1805ec 100644
--- a/ChangeLog.d/check-return.txt
+++ b/ChangeLog.d/check-return.txt
@@ -6,7 +6,12 @@ Bugfix
      where this function cannot fail, or full-module replacements with
      MBEDTLS_AES_ALT or MBEDTLS_DES_ALT. Reported by Armelle Duboc in #1092.
 
-Changes
-   * Warn if errors from AES or DES functions are ignored. This is currently
-     supported on GCC-like compilers and on MSVC and can be configured by
-     setting MBEDTLS_CHECK_RETURN in mbedtls_config.h.
+Features
+   * Warn if errors from certain functions are ignored. This is currently
+     supported on GCC-like compilers and on MSVC and can be configured through
+     the macro MBEDTLS_CHECK_RETURN. The warnings are always enabled
+     (where supported) for critical functions where ignoring the return
+     value is almost always a bug. Enable the new configuration option
+     MBEDTLS_CHECK_RETURN_WARNING to get warnings for other functions. This
+     is currently implemented in the AES and DES modules, and will be extended
+     to other modules in the future.
diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index 13c86ed582..c31a2cee52 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@@ -520,6 +520,29 @@
  */
 //#define MBEDTLS_CAMELLIA_SMALL_MEMORY
 
+/**
+ * \def MBEDTLS_CHECK_RETURN_WARNING
+ *
+ * If this macro is defined, emit a compile-time warning if application code
+ * calls a function without checking its return value, but the return value
+ * should generally be checked in portable applications.
+ *
+ * This is only supported on platforms where #MBEDTLS_CHECK_RETURN is
+ * implemented. Otherwise this option has no effect.
+ *
+ * Uncomment to get warnings on using fallible functions without checking
+ * their return value.
+ *
+ * \note  This feature is a work in progress.
+ *        Warnings will be added to more functions in the future.
+ *
+ * \note  A few functions are considered critical, and ignoring the return
+ *        value of these functions will trigger a warning even if this
+ *        macro is not defined. To completely disable return value check
+ *        warnings, define #MBEDTLS_CHECK_RETURN with an empty expansion.
+ */
+//#define MBEDTLS_CHECK_RETURN_WARNING
+
 /**
  * \def MBEDTLS_CIPHER_MODE_CBC
  *
diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h
index d8379deb31..ce0611da57 100644
--- a/include/mbedtls/platform_util.h
+++ b/include/mbedtls/platform_util.h
@@ -109,7 +109,11 @@ MBEDTLS_DEPRECATED typedef int mbedtls_deprecated_numeric_constant_t;
  *        an error code (as \c int in the \c mbedtls_xxx API or
  *        as ::psa_status_t in the \c psa_xxx API).
  */
+#if defined(MBEDTLS_CHECK_RETURN_WARNING)
 #define MBEDTLS_CHECK_RETURN_TYPICAL MBEDTLS_CHECK_RETURN
+#else
+#define MBEDTLS_CHECK_RETURN_TYPICAL
+#endif
 
 /** Benign-failure function
  *

From 409fbbe4a2128c961c28d8f885a08afe6b2bd2fe Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Mon, 27 Sep 2021 16:17:51 +0200
Subject: [PATCH 620/966] Minor documentation fix

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 include/mbedtls/platform_util.h | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h
index ce0611da57..e1f063c34e 100644
--- a/include/mbedtls/platform_util.h
+++ b/include/mbedtls/platform_util.h
@@ -101,7 +101,8 @@ MBEDTLS_DEPRECATED typedef int mbedtls_deprecated_numeric_constant_t;
  * This macro appearing at the beginning of the declaration of a function
  * indicates that its return value should be generally be checked in portable
  * applications. Omitting the check will result in a compile-time warning if
- * #MBEDTLS_CHECK_RETURN is implemented for the compiler in use.
+ * #MBEDTLS_CHECK_RETURN is implemented for the compiler in use and
+ * #MBEDTLS_CHECK_RETURN_WARNING is enabled in the compile-time configuration.
  *
  * \note  The use of this macro is a work in progress.
  *        This macro will be added to more functions in the future.

From 89458d1420bd3ccefbc0c4a2a6e037e1a274ccea Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Mon, 27 Sep 2021 19:20:17 +0200
Subject: [PATCH 621/966] More robust handling of excluded files

Don't try to enumerate excluded files. List included files, and remove names
from the list if they match an excluded-file pattern.

This resolves the problem that the script could get into an infinite loop
due to the use of recursive globbing. Unfortunately, Python's recursive
globs follows symbolic links to directories, which leads to an infinite loop
if a symbolic link points to an ancestor of the directory that contains it.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 tests/scripts/check_names.py | 35 ++++++++++++++++-------------------
 1 file changed, 16 insertions(+), 19 deletions(-)

diff --git a/tests/scripts/check_names.py b/tests/scripts/check_names.py
index a9aa118ea4..737b3df3d9 100755
--- a/tests/scripts/check_names.py
+++ b/tests/scripts/check_names.py
@@ -44,6 +44,7 @@ error. It must be run from Mbed TLS root.
 
 import abc
 import argparse
+import fnmatch
 import glob
 import textwrap
 import os
@@ -222,8 +223,9 @@ class CodeParser():
         # Memo for storing "glob expression": set(filepaths)
         self.files = {}
 
-        # Globally excluded filenames
-        self.excluded_files = ["**/bn_mul", "**/compat-2.x.h"]
+        # Globally excluded filenames.
+        # Note that "*" can match directory separators in exclude lists.
+        self.excluded_files = ["*/bn_mul", "*/compat-2.x.h"]
 
     @staticmethod
     def check_repo_path():
@@ -302,6 +304,15 @@ class CodeParser():
             "mbed_words": mbed_words
         }
 
+    def is_file_excluded(self, path, exclude_wildcards):
+        """Whether the give file path is excluded."""
+        # exclude_wildcards may be None. Also, consider the global exclusions.
+        exclude_wildcards = (exclude_wildcards or []) + self.excluded_files
+        for pattern in exclude_wildcards:
+            if fnmatch.fnmatch(path, pattern):
+                return True
+        return False
+
     def get_files(self, include_wildcards, exclude_wildcards):
         """
         Get all files that match any of the UNIX-style wildcards. While the
@@ -317,25 +328,11 @@ class CodeParser():
         """
         accumulator = set()
 
-        # exclude_wildcards may be None. Also, consider the global exclusions.
-        exclude_wildcards = (exclude_wildcards or []) + self.excluded_files
-
-        # Internal function to hit the memoisation cache or add to it the result
-        # of a glob operation. Used both for inclusion and exclusion since the
-        # only difference between them is whether they perform set union or
-        # difference on the return value of this function.
-        def hit_cache(wildcard):
-            if wildcard not in self.files:
-                self.files[wildcard] = set(glob.glob(wildcard, recursive=True))
-            return self.files[wildcard]
-
         for include_wildcard in include_wildcards:
-            accumulator = accumulator.union(hit_cache(include_wildcard))
+            accumulator = accumulator.union(glob.iglob(include_wildcard))
 
-        for exclude_wildcard in exclude_wildcards:
-            accumulator = accumulator.difference(hit_cache(exclude_wildcard))
-
-        return list(accumulator)
+        return list(path for path in accumulator
+                    if not self.is_file_excluded(path, exclude_wildcards))
 
     def parse_macros(self, include, exclude=None):
         """

From 745f5f2724804623a43dc86bcace687923960fec Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Mon, 27 Sep 2021 17:38:08 +0100
Subject: [PATCH 622/966] Add test for PolyChaCha with shortened tag

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 tests/suites/test_suite_psa_crypto.data | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index e48bd976f5..f83f83b86b 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -3330,6 +3330,10 @@ PSA AEAD setup: invalid algorithm (ChaCha20)
 depends_on:PSA_WANT_ALG_STREAM_CIPHER:PSA_WANT_KEY_TYPE_CHACHA20
 aead_multipart_setup:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_STREAM_CIPHER:PSA_ERROR_INVALID_ARGUMENT
 
+PSA AEAD setup: invalid algorithm (ChaCha20 - Poly1305 with short tag)
+depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
+aead_multipart_setup:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CHACHA20_POLY1305,12):PSA_ERROR_NOT_SUPPORTED
+
 PSA Multipart State Checks, AES - GCM
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_state_test:PSA_KEY_TYPE_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":PSA_ALG_GCM:"000102030405060708090A0B0C0D0E0F":"000102030405060708090A0B":"0C0D0E0F101112131415161718191A1B1C1D1E"

From 325d374e3d406f3862d2cfb6570a17087e2361d8 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Mon, 27 Sep 2021 17:56:28 +0100
Subject: [PATCH 623/966] Move set lengths checking to PSA Core

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto.c                 | 35 ++++++++++++++++++++
 library/psa_crypto_aead.c            | 49 ----------------------------
 library/psa_crypto_aead.h            | 41 -----------------------
 library/psa_crypto_driver_wrappers.c |  6 ++--
 tests/src/drivers/test_driver_aead.c |  5 ++-
 5 files changed, 40 insertions(+), 96 deletions(-)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 83b45f097a..65dc5c7fe1 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3901,6 +3901,41 @@ psa_status_t psa_aead_set_lengths( psa_aead_operation_t *operation,
         goto exit;
     }
 
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
+    if( operation->alg == PSA_ALG_GCM )
+    {
+        /* Lengths can only be too large for GCM if size_t is bigger than 32
+        * bits. Without the guard this code will generate warnings on 32bit
+        * builds */
+#if SIZE_MAX > UINT32_MAX
+        if( (( uint64_t ) ad_length ) >> 61 != 0 ||
+            (( uint64_t ) plaintext_length ) > 0xFFFFFFFE0ull )
+        {
+            status = PSA_ERROR_INVALID_ARGUMENT;
+            goto exit;
+        }
+#endif
+    }
+    else
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
+    if( operation->alg == PSA_ALG_CCM )
+    {
+        if( ad_length > 0xFF00 )
+        {
+            status = PSA_ERROR_INVALID_ARGUMENT;
+            goto exit;
+        }
+    }
+    else
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
+    if( operation->alg == PSA_ALG_CHACHA20_POLY1305 )
+    {
+        /* No length restrictions for ChaChaPoly. */
+    }
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
+
     status = psa_driver_wrapper_aead_set_lengths( operation, ad_length,
                                                   plaintext_length );
 
diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c
index 9000abf307..d7317bd1a0 100644
--- a/library/psa_crypto_aead.c
+++ b/library/psa_crypto_aead.c
@@ -477,55 +477,6 @@ psa_status_t mbedtls_psa_aead_set_nonce(
     return( status );
 }
 
- /* Declare the lengths of the message and additional data for AEAD. */
-psa_status_t mbedtls_psa_aead_set_lengths(
-    mbedtls_psa_aead_operation_t *operation,
-    size_t ad_length,
-    size_t plaintext_length )
-{
-
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
-    if( operation->alg == PSA_ALG_GCM )
-    {
-        /* Lengths can only be too large for GCM if size_t is bigger than 32
-         * bits. Without the guard this code will generate warnings on 32bit
-         * builds */
-#if SIZE_MAX > UINT32_MAX
-        if( ( (uint64_t) ad_length ) >> 61 != 0 ||
-            ( (uint64_t) plaintext_length ) > 0xFFFFFFFE0ull )
-        {
-            return ( PSA_ERROR_INVALID_ARGUMENT );
-        }
-#endif
-    }
-    else
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
-    if( operation->alg == PSA_ALG_CCM )
-    {
-        if( ad_length > 0xFF00 )
-            return ( PSA_ERROR_INVALID_ARGUMENT );
-    }
-    else
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
-    if( operation->alg == PSA_ALG_CHACHA20_POLY1305 )
-    {
-        /* No length restrictions for ChaChaPoly. */
-    }
-    else
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
-    {
-        ( void ) operation;
-        ( void ) ad_length;
-        ( void ) plaintext_length;
-
-        return ( PSA_ERROR_NOT_SUPPORTED );
-    }
-
-    return ( PSA_SUCCESS );
-}
-
 /* Pass additional data to an active multipart AEAD operation. */
 psa_status_t mbedtls_psa_aead_update_ad(
     mbedtls_psa_aead_operation_t *operation,
diff --git a/library/psa_crypto_aead.h b/library/psa_crypto_aead.h
index e82e1cc098..f968c15c87 100644
--- a/library/psa_crypto_aead.h
+++ b/library/psa_crypto_aead.h
@@ -267,47 +267,6 @@ psa_status_t mbedtls_psa_aead_set_nonce(
     const uint8_t *nonce,
     size_t nonce_length );
 
-/** Declare the lengths of the message and additional data for AEAD.
- *
- * \note The signature of this function is that of a PSA driver aead_set_lengths
- *       entry point. This function behaves as an aead_set_lengths entry point
- *       as defined in the PSA driver interface specification for transparent
- *       drivers.
- *
- * The PSA core calls this function before calling mbedtls_psa_aead_update_ad()
- * or mbedtls_psa_aead_update() if the algorithm for the operation requires it.
- * If the algorithm does not require it, calling this function is optional, but
- * if this function is called then the implementation must enforce the lengths.
- *
- * The PSA core may call this function before or after setting the nonce with
- * mbedtls_psa_aead_set_nonce().
- *
- * - For #PSA_ALG_CCM, calling this function is required.
- * - For the other AEAD algorithms defined in this specification, calling
- *   this function is not required.
- *
- * If this function returns an error status, the PSA core calls
- * mbedtls_psa_aead_abort().
- *
- * \param[in,out] operation     Active AEAD operation.
- * \param ad_length             Size of the non-encrypted additional
- *                              authenticated data in bytes.
- * \param plaintext_length      Size of the plaintext to encrypt in bytes.
- *
- * \retval #PSA_SUCCESS
- *         Success.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         At least one of the lengths is not acceptable for the chosen
- *         algorithm.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- *         Algorithm previously set is not supported in this configuration of
- *         the library.
- */
-psa_status_t mbedtls_psa_aead_set_lengths(
-    mbedtls_psa_aead_operation_t *operation,
-    size_t ad_length,
-    size_t plaintext_length );
-
 /** Pass additional data to an active AEAD operation.
  *
  *  \note The signature of this function is that of a PSA driver
diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c
index cfc77fbb5b..4bbb61c3d4 100644
--- a/library/psa_crypto_driver_wrappers.c
+++ b/library/psa_crypto_driver_wrappers.c
@@ -1706,9 +1706,9 @@ psa_status_t psa_driver_wrapper_aead_set_lengths(
     {
 #if defined(MBEDTLS_PSA_BUILTIN_AEAD)
         case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
-            return( mbedtls_psa_aead_set_lengths( &operation->ctx.mbedtls_ctx,
-                                                  ad_length,
-                                                  plaintext_length ) );
+            /* No mbedtls_psa_aead_set_lengths, everything is done in PSA
+             * Core. */
+            return( PSA_SUCCESS );
 
 #endif /* MBEDTLS_PSA_BUILTIN_AEAD */
 
diff --git a/tests/src/drivers/test_driver_aead.c b/tests/src/drivers/test_driver_aead.c
index 6befe7cc0f..d27ada294d 100644
--- a/tests/src/drivers/test_driver_aead.c
+++ b/tests/src/drivers/test_driver_aead.c
@@ -171,9 +171,8 @@ psa_status_t mbedtls_test_transparent_aead_set_lengths(
     }
     else
     {
-        mbedtls_test_driver_aead_hooks.driver_status =
-            mbedtls_psa_aead_set_lengths( operation, ad_length,
-                                          plaintext_length );
+       /* No mbedtls_psa_aead_set_lengths, everything is done in PSA Core. */
+       mbedtls_test_driver_aead_hooks.driver_status = PSA_SUCCESS;
     }
 
     return( mbedtls_test_driver_aead_hooks.driver_status );

From 4ed1ed18d2a5595164bbc2b08df7ef814235e289 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Mon, 27 Sep 2021 18:09:28 +0100
Subject: [PATCH 624/966] Move nonce size checking to PSA Core

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto.c      | 42 ++++++++++++++++++++++++++++++++++-----
 library/psa_crypto_aead.c |  6 ------
 2 files changed, 37 insertions(+), 11 deletions(-)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 65dc5c7fe1..fd2069b797 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3863,11 +3863,43 @@ psa_status_t psa_aead_set_nonce( psa_aead_operation_t *operation,
         goto exit;
     }
 
-    /* Not checking nonce size here as GCM spec allows almost arbitrarily
-     * large nonces. Please note that we do not generally recommend the usage
-     * of nonces of greater length than PSA_AEAD_NONCE_MAX_SIZE, as large
-     * nonces are hashed to a shorter size, which can then lead to collisions
-     * if you encrypt a very large number of messages.*/
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
+    if( operation->alg == PSA_ALG_GCM )
+    {
+        /* Not checking max nonce size here as GCM spec allows almost
+         * arbitrarily large nonces. Please note that we do not generally
+         * recommend the usage of nonces of greater length than
+         * PSA_AEAD_NONCE_MAX_SIZE, as large nonces are hashed to a shorter
+         * size, which can then lead to collisions if you encrypt a very
+         * large number of messages.*/
+        if( nonce_length == 0 )
+        {
+            status = PSA_ERROR_INVALID_ARGUMENT;
+            goto exit;
+        }
+    }
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
+    if( operation->alg == PSA_ALG_CCM )
+    {
+        if( nonce_length < 7 || nonce_length > 13 )
+        {
+            status = PSA_ERROR_INVALID_ARGUMENT;
+            goto exit;
+        }
+    }
+    else
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
+        if( operation->alg == PSA_ALG_CHACHA20_POLY1305 )
+        {
+            if( nonce_length != 12 )
+            {
+                status = PSA_ERROR_INVALID_ARGUMENT;
+                goto exit;
+            }
+        }
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
 
     status = psa_driver_wrapper_aead_set_nonce( operation, nonce,
                                                 nonce_length );
diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c
index d7317bd1a0..4f6e70809e 100644
--- a/library/psa_crypto_aead.c
+++ b/library/psa_crypto_aead.c
@@ -438,12 +438,6 @@ psa_status_t mbedtls_psa_aead_set_nonce(
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
-    if( mbedtls_aead_check_nonce_length( operation, nonce_length )
-        != PSA_SUCCESS )
-    {
-        return( PSA_ERROR_INVALID_ARGUMENT );
-    }
-
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
     if( operation->alg == PSA_ALG_GCM )
     {

From 8a8322407227becbf3247a8b24b4b1087ee5d1b3 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Tue, 28 Sep 2021 10:12:49 +0200
Subject: [PATCH 625/966] Fix typo

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 tests/scripts/check_names.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/scripts/check_names.py b/tests/scripts/check_names.py
index 737b3df3d9..ac2490fc1e 100755
--- a/tests/scripts/check_names.py
+++ b/tests/scripts/check_names.py
@@ -305,7 +305,7 @@ class CodeParser():
         }
 
     def is_file_excluded(self, path, exclude_wildcards):
-        """Whether the give file path is excluded."""
+        """Whether the given file path is excluded."""
         # exclude_wildcards may be None. Also, consider the global exclusions.
         exclude_wildcards = (exclude_wildcards or []) + self.excluded_files
         for pattern in exclude_wildcards:

From d52398d31fa85665ea2e2690363cbfee32220ed7 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Tue, 28 Sep 2021 16:13:44 +0800
Subject: [PATCH 626/966] fix double underscore fail

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/common.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/common.h b/library/common.h
index ba8237acf6..9b10ec8fbb 100644
--- a/library/common.h
+++ b/library/common.h
@@ -323,7 +323,7 @@ extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const c
  *      Use MSVC predefine macro to avoid name check fail.
  */
 #if (defined(_MSC_VER) && ( _MSC_VER <= 1900 ))
-#define  __func__ __FUNCTION__
+#define /*no-check-names*/ __func__ __FUNCTION__
 #endif
 
 #endif /* MBEDTLS_LIBRARY_COMMON_H */

From ad8d0bad10e48827c32723ceab0ed5d4c786631a Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Tue, 28 Sep 2021 17:58:26 +0800
Subject: [PATCH 627/966] Keep consistency order.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_tls13_client.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index ab48ec03b3..633bb8da2e 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -802,8 +802,8 @@ static int ssl_tls1_3_process_server_finished( mbedtls_ssl_context *ssl )
  */
 static int ssl_tls1_3_write_client_certificate( mbedtls_ssl_context *ssl )
 {
-    mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY );
     MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) );
+    mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY );
     return( 0 );
 }
 
@@ -812,8 +812,8 @@ static int ssl_tls1_3_write_client_certificate( mbedtls_ssl_context *ssl )
  */
 static int ssl_tls1_3_write_client_certificate_verify( mbedtls_ssl_context *ssl )
 {
-    mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_FINISHED );
     MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) );
+    mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_FINISHED );
     return( 0 );
 }
 
@@ -822,8 +822,8 @@ static int ssl_tls1_3_write_client_certificate_verify( mbedtls_ssl_context *ssl
  */
 static int ssl_tls1_3_write_client_finished( mbedtls_ssl_context *ssl )
 {
-    mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_FLUSH_BUFFERS );
     MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) );
+    mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_FLUSH_BUFFERS );
     return( 0 );
 }
 
@@ -832,8 +832,8 @@ static int ssl_tls1_3_write_client_finished( mbedtls_ssl_context *ssl )
  */
 static int ssl_tls1_3_flush_buffers( mbedtls_ssl_context *ssl )
 {
-    mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_HANDSHAKE_WRAPUP );
     MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) );
+    mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_HANDSHAKE_WRAPUP );
     return( 0 );
 }
 

From dff6c5d963af83a0f0dfda501bdfabc289a51b37 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Tue, 28 Sep 2021 11:00:20 +0100
Subject: [PATCH 628/966] Restore internal driver for aead_set_lengths

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto_aead.c            | 23 ++++++++++++++++
 library/psa_crypto_aead.h            | 41 ++++++++++++++++++++++++++++
 library/psa_crypto_driver_wrappers.c |  6 ++--
 tests/src/drivers/test_driver_aead.c |  5 ++--
 4 files changed, 70 insertions(+), 5 deletions(-)

diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c
index 4f6e70809e..2c6e4435cc 100644
--- a/library/psa_crypto_aead.c
+++ b/library/psa_crypto_aead.c
@@ -471,6 +471,29 @@ psa_status_t mbedtls_psa_aead_set_nonce(
     return( status );
 }
 
+ /* Declare the lengths of the message and additional data for AEAD. */
+psa_status_t mbedtls_psa_aead_set_lengths(
+    mbedtls_psa_aead_operation_t *operation,
+    size_t ad_length,
+    size_t plaintext_length )
+{
+
+    ( void ) operation;
+    ( void ) ad_length;
+    ( void ) plaintext_length;
+
+#if !defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) && \
+    !defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) && \
+    !defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
+    {
+        return ( PSA_ERROR_NOT_SUPPORTED );
+    }
+#endif /* !MBEDTLS_PSA_BUILTIN_ALG_GCM && !MBEDTLS_PSA_BUILTIN_ALG_CCM &&
+         !MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) */
+
+    return ( PSA_SUCCESS );
+}
+
 /* Pass additional data to an active multipart AEAD operation. */
 psa_status_t mbedtls_psa_aead_update_ad(
     mbedtls_psa_aead_operation_t *operation,
diff --git a/library/psa_crypto_aead.h b/library/psa_crypto_aead.h
index f968c15c87..e82e1cc098 100644
--- a/library/psa_crypto_aead.h
+++ b/library/psa_crypto_aead.h
@@ -267,6 +267,47 @@ psa_status_t mbedtls_psa_aead_set_nonce(
     const uint8_t *nonce,
     size_t nonce_length );
 
+/** Declare the lengths of the message and additional data for AEAD.
+ *
+ * \note The signature of this function is that of a PSA driver aead_set_lengths
+ *       entry point. This function behaves as an aead_set_lengths entry point
+ *       as defined in the PSA driver interface specification for transparent
+ *       drivers.
+ *
+ * The PSA core calls this function before calling mbedtls_psa_aead_update_ad()
+ * or mbedtls_psa_aead_update() if the algorithm for the operation requires it.
+ * If the algorithm does not require it, calling this function is optional, but
+ * if this function is called then the implementation must enforce the lengths.
+ *
+ * The PSA core may call this function before or after setting the nonce with
+ * mbedtls_psa_aead_set_nonce().
+ *
+ * - For #PSA_ALG_CCM, calling this function is required.
+ * - For the other AEAD algorithms defined in this specification, calling
+ *   this function is not required.
+ *
+ * If this function returns an error status, the PSA core calls
+ * mbedtls_psa_aead_abort().
+ *
+ * \param[in,out] operation     Active AEAD operation.
+ * \param ad_length             Size of the non-encrypted additional
+ *                              authenticated data in bytes.
+ * \param plaintext_length      Size of the plaintext to encrypt in bytes.
+ *
+ * \retval #PSA_SUCCESS
+ *         Success.
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ *         At least one of the lengths is not acceptable for the chosen
+ *         algorithm.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ *         Algorithm previously set is not supported in this configuration of
+ *         the library.
+ */
+psa_status_t mbedtls_psa_aead_set_lengths(
+    mbedtls_psa_aead_operation_t *operation,
+    size_t ad_length,
+    size_t plaintext_length );
+
 /** Pass additional data to an active AEAD operation.
  *
  *  \note The signature of this function is that of a PSA driver
diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c
index 4bbb61c3d4..cfc77fbb5b 100644
--- a/library/psa_crypto_driver_wrappers.c
+++ b/library/psa_crypto_driver_wrappers.c
@@ -1706,9 +1706,9 @@ psa_status_t psa_driver_wrapper_aead_set_lengths(
     {
 #if defined(MBEDTLS_PSA_BUILTIN_AEAD)
         case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
-            /* No mbedtls_psa_aead_set_lengths, everything is done in PSA
-             * Core. */
-            return( PSA_SUCCESS );
+            return( mbedtls_psa_aead_set_lengths( &operation->ctx.mbedtls_ctx,
+                                                  ad_length,
+                                                  plaintext_length ) );
 
 #endif /* MBEDTLS_PSA_BUILTIN_AEAD */
 
diff --git a/tests/src/drivers/test_driver_aead.c b/tests/src/drivers/test_driver_aead.c
index d27ada294d..6befe7cc0f 100644
--- a/tests/src/drivers/test_driver_aead.c
+++ b/tests/src/drivers/test_driver_aead.c
@@ -171,8 +171,9 @@ psa_status_t mbedtls_test_transparent_aead_set_lengths(
     }
     else
     {
-       /* No mbedtls_psa_aead_set_lengths, everything is done in PSA Core. */
-       mbedtls_test_driver_aead_hooks.driver_status = PSA_SUCCESS;
+        mbedtls_test_driver_aead_hooks.driver_status =
+            mbedtls_psa_aead_set_lengths( operation, ad_length,
+                                          plaintext_length );
     }
 
     return( mbedtls_test_driver_aead_hooks.driver_status );

From bb0f9e1740bf1f6630c120abb4e13a31514dad3f Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Tue, 28 Sep 2021 11:14:27 +0100
Subject: [PATCH 629/966] Move all nonce length checks to PSA Core

Remove duplicated code from oneshot API

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto.c      | 86 +++++++++++++++++++++++----------------
 library/psa_crypto_aead.c | 41 -------------------
 2 files changed, 51 insertions(+), 76 deletions(-)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index fd2069b797..42abdf5c46 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3609,6 +3609,42 @@ exit:
 /* AEAD */
 /****************************************************************/
 
+/* Helper to perform common nonce length checks. */
+static psa_status_t psa_aead_check_nonce_length( psa_algorithm_t alg,
+                                                 size_t nonce_length )
+{
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
+    if( alg == PSA_ALG_GCM )
+    {
+        /* Not checking max nonce size here as GCM spec allows almost
+         * arbitrarily large nonces. Please note that we do not generally
+         * recommend the usage of nonces of greater length than
+         * PSA_AEAD_NONCE_MAX_SIZE, as large nonces are hashed to a shorter
+         * size, which can then lead to collisions if you encrypt a very
+         * large number of messages.*/
+        if( nonce_length == 0 )
+            return( PSA_ERROR_NOT_SUPPORTED );
+    }
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
+    if( alg == PSA_ALG_CCM )
+    {
+        if( nonce_length < 7 || nonce_length > 13 )
+            return( PSA_ERROR_NOT_SUPPORTED );
+    }
+    else
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
+        if( alg == PSA_ALG_CHACHA20_POLY1305 )
+        {
+            if( nonce_length != 12 )
+                return( PSA_ERROR_NOT_SUPPORTED );
+        }
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
+
+    return PSA_SUCCESS;
+}
+
 psa_status_t psa_aead_encrypt( mbedtls_svc_key_id_t key,
                                psa_algorithm_t alg,
                                const uint8_t *nonce,
@@ -3638,6 +3674,10 @@ psa_status_t psa_aead_encrypt( mbedtls_svc_key_id_t key,
       .core = slot->attr
     };
 
+    status = psa_aead_check_nonce_length( alg, nonce_length );
+    if( status != PSA_SUCCESS )
+        goto exit;
+
     status = psa_driver_wrapper_aead_encrypt(
         &attributes, slot->key.data, slot->key.bytes,
         alg,
@@ -3649,6 +3689,7 @@ psa_status_t psa_aead_encrypt( mbedtls_svc_key_id_t key,
     if( status != PSA_SUCCESS && ciphertext_size != 0 )
         memset( ciphertext, 0, ciphertext_size );
 
+exit:
     psa_unlock_key_slot( slot );
 
     return( status );
@@ -3683,6 +3724,10 @@ psa_status_t psa_aead_decrypt( mbedtls_svc_key_id_t key,
       .core = slot->attr
     };
 
+    status = psa_aead_check_nonce_length( alg, nonce_length );
+    if( status != PSA_SUCCESS )
+        goto exit;
+
     status = psa_driver_wrapper_aead_decrypt(
         &attributes, slot->key.data, slot->key.bytes,
         alg,
@@ -3694,6 +3739,7 @@ psa_status_t psa_aead_decrypt( mbedtls_svc_key_id_t key,
     if( status != PSA_SUCCESS && plaintext_size != 0 )
         memset( plaintext, 0, plaintext_size );
 
+exit:
     psa_unlock_key_slot( slot );
 
     return( status );
@@ -3863,43 +3909,13 @@ psa_status_t psa_aead_set_nonce( psa_aead_operation_t *operation,
         goto exit;
     }
 
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
-    if( operation->alg == PSA_ALG_GCM )
+    status = psa_aead_check_nonce_length( operation->alg, nonce_length );
+
+    if( status != PSA_SUCCESS )
     {
-        /* Not checking max nonce size here as GCM spec allows almost
-         * arbitrarily large nonces. Please note that we do not generally
-         * recommend the usage of nonces of greater length than
-         * PSA_AEAD_NONCE_MAX_SIZE, as large nonces are hashed to a shorter
-         * size, which can then lead to collisions if you encrypt a very
-         * large number of messages.*/
-        if( nonce_length == 0 )
-        {
-            status = PSA_ERROR_INVALID_ARGUMENT;
-            goto exit;
-        }
+        status = PSA_ERROR_INVALID_ARGUMENT;
+        goto exit;
     }
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
-    if( operation->alg == PSA_ALG_CCM )
-    {
-        if( nonce_length < 7 || nonce_length > 13 )
-        {
-            status = PSA_ERROR_INVALID_ARGUMENT;
-            goto exit;
-        }
-    }
-    else
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
-        if( operation->alg == PSA_ALG_CHACHA20_POLY1305 )
-        {
-            if( nonce_length != 12 )
-            {
-                status = PSA_ERROR_INVALID_ARGUMENT;
-                goto exit;
-            }
-        }
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
 
     status = psa_driver_wrapper_aead_set_nonce( operation, nonce,
                                                 nonce_length );
diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c
index 2c6e4435cc..5e36932e7c 100644
--- a/library/psa_crypto_aead.c
+++ b/library/psa_crypto_aead.c
@@ -136,37 +136,6 @@ static psa_status_t psa_aead_setup(
     return( PSA_SUCCESS );
 }
 
-/* Perform common nonce length checks */
-static psa_status_t mbedtls_aead_check_nonce_length(
-    mbedtls_psa_aead_operation_t *operation,
-    size_t nonce_length )
-{
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
-    if( operation->alg == PSA_ALG_GCM )
-    {
-        if( nonce_length == 0 )
-            return( PSA_ERROR_NOT_SUPPORTED );
-    }
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
-    if( operation->alg == PSA_ALG_CCM )
-    {
-        if( nonce_length < 7 || nonce_length > 13 )
-            return( PSA_ERROR_NOT_SUPPORTED );
-    }
-    else
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
-    if( operation->alg == PSA_ALG_CHACHA20_POLY1305 )
-    {
-        if( nonce_length != 12 )
-            return( PSA_ERROR_NOT_SUPPORTED );
-    }
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
-
-    return PSA_SUCCESS;
-}
-
 psa_status_t mbedtls_psa_aead_encrypt(
     const psa_key_attributes_t *attributes,
     const uint8_t *key_buffer, size_t key_buffer_size,
@@ -195,11 +164,6 @@ psa_status_t mbedtls_psa_aead_encrypt(
     }
     tag = ciphertext + plaintext_length;
 
-    status = mbedtls_aead_check_nonce_length( &operation, nonce_length );
-
-    if( status != PSA_SUCCESS )
-        goto exit;
-
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
     if( operation.alg == PSA_ALG_CCM )
     {
@@ -308,11 +272,6 @@ psa_status_t mbedtls_psa_aead_decrypt(
     if( status != PSA_SUCCESS )
         goto exit;
 
-    status = mbedtls_aead_check_nonce_length( &operation, nonce_length );
-
-    if( status != PSA_SUCCESS )
-        goto exit;
-
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
     if( operation.alg == PSA_ALG_CCM )
     {

From 5b8618b44cc272e4f851612f1143c038c894a40d Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Tue, 28 Sep 2021 12:34:53 +0200
Subject: [PATCH 630/966] fixup: Make the fields of mbedtls_ecp_curve_info
 public

Remove more places where MBEDTLS_PRIVATE() was used on grp_id, which is now
public.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 include/mbedtls/psa_util.h | 2 +-
 programs/pkey/ecdsa.c      | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h
index f6f2e58054..6f6354591b 100644
--- a/include/mbedtls/psa_util.h
+++ b/include/mbedtls/psa_util.h
@@ -369,7 +369,7 @@ static inline psa_key_type_t mbedtls_psa_parse_tls_ecc_group(
     if( curve_info == NULL )
         return( 0 );
     return( PSA_KEY_TYPE_ECC_KEY_PAIR(
-                mbedtls_ecc_group_to_psa( curve_info->MBEDTLS_PRIVATE(grp_id), bits ) ) );
+                mbedtls_ecc_group_to_psa( curve_info->grp_id, bits ) ) );
 }
 #endif /* MBEDTLS_ECP_C */
 
diff --git a/programs/pkey/ecdsa.c b/programs/pkey/ecdsa.c
index 6b6e9517d4..550a230e8f 100644
--- a/programs/pkey/ecdsa.c
+++ b/programs/pkey/ecdsa.c
@@ -51,7 +51,7 @@
 #define ECPARAMS    MBEDTLS_ECP_DP_SECP192R1
 
 #if !defined(ECPARAMS)
-#define ECPARAMS    mbedtls_ecp_curve_list()->MBEDTLS_PRIVATE(grp_id)
+#define ECPARAMS    mbedtls_ecp_curve_list()->grp_id
 #endif
 
 #if !defined(MBEDTLS_ECDSA_C) || !defined(MBEDTLS_SHA256_C) || \

From 6ca7c7fd6b346d90312bbf906522ce2aefa38240 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Tue, 28 Sep 2021 18:51:40 +0800
Subject: [PATCH 631/966] Remove useless variables

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_tls13_keys.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index cc94984063..b07c1c3b9e 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -826,8 +826,7 @@ int mbedtls_ssl_tls1_3_key_schedule_stage_early( mbedtls_ssl_context *ssl )
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_md_type_t md_type;
-    const unsigned char *input = NULL;
-    size_t input_len = 0;
+
     if( ssl->handshake->ciphersuite_info == NULL )
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "cipher suite info not found" ) );
@@ -836,7 +835,7 @@ int mbedtls_ssl_tls1_3_key_schedule_stage_early( mbedtls_ssl_context *ssl )
 
     md_type = ssl->handshake->ciphersuite_info->mac;
 
-    ret = mbedtls_ssl_tls1_3_evolve_secret( md_type, NULL, input, input_len,
+    ret = mbedtls_ssl_tls1_3_evolve_secret( md_type, NULL, NULL, 0,
                                 ssl->handshake->tls1_3_master_secrets.early );
     if( ret != 0 )
     {

From d9a94fe3d096d488fb54688033c10fbcfd980001 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Tue, 28 Sep 2021 18:58:59 +0800
Subject: [PATCH 632/966] Add counter length macro

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 include/mbedtls/ssl.h |  4 ++--
 library/ssl_misc.h    | 20 ++++++++++----------
 library/ssl_msg.c     | 34 ++++++++++++++++++----------------
 library/ssl_srv.c     |  3 ++-
 library/ssl_tls.c     | 19 +++++++++++--------
 5 files changed, 43 insertions(+), 37 deletions(-)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 3f627139c8..d2f4361388 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -594,7 +594,7 @@ union mbedtls_ssl_premaster_secret
 #define MBEDTLS_PREMASTER_SIZE     sizeof( union mbedtls_ssl_premaster_secret )
 
 /* Length of in_ctr buffer in mbedtls_ssl_session */
-#define MBEDTLS_SSL_IN_CTR_LEN 8
+#define MBEDTLS_SSL_COUNTER_LEN 8
 
 #ifdef __cplusplus
 extern "C" {
@@ -1555,7 +1555,7 @@ struct mbedtls_ssl_context
     size_t MBEDTLS_PRIVATE(out_buf_len);         /*!< length of output buffer          */
 #endif
 
-    unsigned char MBEDTLS_PRIVATE(cur_out_ctr)[8]; /*!<  Outgoing record sequence  number. */
+    unsigned char MBEDTLS_PRIVATE(cur_out_ctr)[MBEDTLS_SSL_COUNTER_LEN]; /*!<  Outgoing record sequence  number. */
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
     uint16_t MBEDTLS_PRIVATE(mtu);               /*!< path mtu, used to fragment outgoing messages */
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index ea891f44a5..6f83fc3276 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -573,8 +573,8 @@ struct mbedtls_ssl_handshake_params
                                               flight being received          */
     mbedtls_ssl_transform *alt_transform_out;   /*!<  Alternative transform for
                                               resending messages             */
-    unsigned char alt_out_ctr[8];       /*!<  Alternative record epoch/counter
-                                              for resending messages         */
+    unsigned char alt_out_ctr[MBEDTLS_SSL_COUNTER_LEN]; /*!<  Alternative record epoch/counter
+                                                              for resending messages         */
 
 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
     /* The state of CID configuration in this handshake. */
@@ -873,14 +873,14 @@ static inline int mbedtls_ssl_transform_uses_aead(
 
 typedef struct
 {
-    uint8_t ctr[8];         /* In TLS:  The implicit record sequence number.
-                             * In DTLS: The 2-byte epoch followed by
-                             *          the 6-byte sequence number.
-                             * This is stored as a raw big endian byte array
-                             * as opposed to a uint64_t because we rarely
-                             * need to perform arithmetic on this, but do
-                             * need it as a Byte array for the purpose of
-                             * MAC computations.                             */
+    uint8_t ctr[MBEDTLS_SSL_COUNTER_LEN];  /* In TLS:  The implicit record sequence number.
+                                            * In DTLS: The 2-byte epoch followed by
+                                            *          the 6-byte sequence number.
+                                            * This is stored as a raw big endian byte array
+                                            * as opposed to a uint64_t because we rarely
+                                            * need to perform arithmetic on this, but do
+                                            * need it as a Byte array for the purpose of
+                                            * MAC computations.                             */
     uint8_t type;           /* The record content type.                      */
     uint8_t ver[2];         /* SSL/TLS version as present on the wire.
                              * Convert to internal presentation of versions
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 518cfeeef4..25e3ca3ec2 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -2117,9 +2117,9 @@ static int ssl_swap_epochs( mbedtls_ssl_context *ssl )
     ssl->handshake->alt_transform_out = tmp_transform;
 
     /* Swap epoch + sequence_number */
-    memcpy( tmp_out_ctr,                 ssl->cur_out_ctr,            8 );
-    memcpy( ssl->cur_out_ctr,            ssl->handshake->alt_out_ctr, 8 );
-    memcpy( ssl->handshake->alt_out_ctr, tmp_out_ctr,                 8 );
+    memcpy( tmp_out_ctr,                 ssl->cur_out_ctr,            sizeof( ssl->cur_out_ctr ) );
+    memcpy( ssl->cur_out_ctr,            ssl->handshake->alt_out_ctr, sizeof( ssl->cur_out_ctr ) );
+    memcpy( ssl->handshake->alt_out_ctr, tmp_out_ctr,                 sizeof( ssl->handshake->alt_out_ctr ) );
 
     /* Adjust to the newly activated transform */
     mbedtls_ssl_update_out_pointers( ssl, ssl->transform_out );
@@ -2562,7 +2562,7 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush )
         mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver,
                            ssl->conf->transport, ssl->out_hdr + 1 );
 
-        memcpy( ssl->out_ctr, ssl->cur_out_ctr, 8 );
+        memcpy( ssl->out_ctr, ssl->cur_out_ctr, sizeof( ssl->cur_out_ctr ) );
         MBEDTLS_PUT_UINT16_BE( len, ssl->out_len, 0);
 
         if( ssl->transform_out != NULL )
@@ -2574,7 +2574,7 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush )
             rec.data_len    = ssl->out_msglen;
             rec.data_offset = ssl->out_msg - rec.buf;
 
-            memcpy( &rec.ctr[0], ssl->out_ctr, 8 );
+            memcpy( &rec.ctr[0], ssl->out_ctr, MBEDTLS_SSL_COUNTER_LEN );
             mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver,
                                        ssl->conf->transport, rec.ver );
             rec.type = ssl->out_msgtype;
@@ -3649,7 +3649,7 @@ static int ssl_prepare_record_content( mbedtls_ssl_context *ssl,
 #endif
         {
             unsigned i;
-            for( i = MBEDTLS_SSL_IN_CTR_LEN; i > mbedtls_ssl_ep_len( ssl ); i-- )
+            for( i = MBEDTLS_SSL_COUNTER_LEN; i > mbedtls_ssl_ep_len( ssl ); i-- )
                 if( ++ssl->in_ctr[i - 1] != 0 )
                     break;
 
@@ -4791,7 +4791,7 @@ int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl )
     }
     else
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
-    mbedtls_platform_zeroize( ssl->in_ctr, MBEDTLS_SSL_IN_CTR_LEN );
+    mbedtls_platform_zeroize( ssl->in_ctr, MBEDTLS_SSL_COUNTER_LEN );
 
     mbedtls_ssl_update_in_pointers( ssl );
 
@@ -4827,12 +4827,12 @@ void mbedtls_ssl_update_out_pointers( mbedtls_ssl_context *ssl,
     {
         ssl->out_ctr = ssl->out_hdr +  3;
 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
-        ssl->out_cid = ssl->out_ctr +  8;
+        ssl->out_cid = ssl->out_ctr + MBEDTLS_SSL_COUNTER_LEN;
         ssl->out_len = ssl->out_cid;
         if( transform != NULL )
             ssl->out_len += transform->out_cid_len;
 #else /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
-        ssl->out_len = ssl->out_ctr + 8;
+        ssl->out_len = ssl->out_ctr + MBEDTLS_SSL_COUNTER_LEN;
 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
         ssl->out_iv  = ssl->out_len + 2;
     }
@@ -4881,17 +4881,17 @@ void mbedtls_ssl_update_in_pointers( mbedtls_ssl_context *ssl )
          * ssl_parse_record_header(). */
         ssl->in_ctr = ssl->in_hdr +  3;
 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
-        ssl->in_cid = ssl->in_ctr +  MBEDTLS_SSL_IN_CTR_LEN;
+        ssl->in_cid = ssl->in_ctr + MBEDTLS_SSL_COUNTER_LEN;
         ssl->in_len = ssl->in_cid; /* Default: no CID */
 #else /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
-        ssl->in_len = ssl->in_ctr + MBEDTLS_SSL_IN_CTR_LEN;
+        ssl->in_len = ssl->in_ctr + MBEDTLS_SSL_COUNTER_LEN;
 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
         ssl->in_iv  = ssl->in_len + 2;
     }
     else
 #endif
     {
-        ssl->in_ctr = ssl->in_hdr - MBEDTLS_SSL_IN_CTR_LEN;
+        ssl->in_ctr = ssl->in_hdr - MBEDTLS_SSL_COUNTER_LEN;
         ssl->in_len = ssl->in_hdr + 3;
 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
         ssl->in_cid = ssl->in_len;
@@ -5065,9 +5065,11 @@ static int ssl_check_ctr_renegotiate( mbedtls_ssl_context *ssl )
     }
 
     in_ctr_cmp = memcmp( ssl->in_ctr + ep_len,
-                        ssl->conf->renego_period + ep_len, 8 - ep_len );
-    out_ctr_cmp = memcmp( ssl->cur_out_ctr + ep_len,
-                          ssl->conf->renego_period + ep_len, 8 - ep_len );
+                         &ssl->conf->renego_period[ep_len],
+                         MBEDTLS_SSL_COUNTER_LEN - ep_len );
+    out_ctr_cmp = memcmp( &ssl->cur_out_ctr[ep_len],
+                          &ssl->conf->renego_period[ep_len],
+                          sizeof( ssl->cur_out_ctr ) - ep_len );
 
     if( in_ctr_cmp <= 0 && out_ctr_cmp <= 0 )
     {
@@ -5558,7 +5560,7 @@ void mbedtls_ssl_set_inbound_transform( mbedtls_ssl_context *ssl,
         return;
 
     ssl->transform_in = transform;
-    mbedtls_platform_zeroize( ssl->in_ctr, MBEDTLS_SSL_IN_CTR_LEN );
+    mbedtls_platform_zeroize( ssl->in_ctr, MBEDTLS_SSL_COUNTER_LEN );
 }
 
 void mbedtls_ssl_set_outbound_transform( mbedtls_ssl_context *ssl,
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 147bb785de..79c160ea4a 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -1220,7 +1220,8 @@ read_record_header:
             return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
         }
 
-        memcpy( ssl->cur_out_ctr + 2, ssl->in_ctr + 2, MBEDTLS_SSL_IN_CTR_LEN - 2 );
+        memcpy( &ssl->cur_out_ctr[2], ssl->in_ctr + 2,
+                MBEDTLS_SSL_COUNTER_LEN - 2 );
 
 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
         if( mbedtls_ssl_dtls_replay_check( ssl ) != 0 )
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index ab36f5d89f..b22db47b5b 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -2820,10 +2820,13 @@ int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl )
 
         /* Remember current epoch settings for resending */
         ssl->handshake->alt_transform_out = ssl->transform_out;
-        memcpy( ssl->handshake->alt_out_ctr, ssl->cur_out_ctr, 8 );
+        memcpy( ssl->handshake->alt_out_ctr, ssl->cur_out_ctr,
+                sizeof( ssl->cur_out_ctr ) );
 
         /* Set sequence_number to zero */
-        memset( ssl->cur_out_ctr + 2, 0, 6 );
+        mbedtls_platform_zeroize( &ssl->cur_out_ctr[2],
+                                  sizeof( ssl->cur_out_ctr ) - 2 );
+
 
         /* Increment epoch */
         for( i = 2; i > 0; i-- )
@@ -2839,7 +2842,7 @@ int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl )
     }
     else
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
-    memset( ssl->cur_out_ctr, 0, 8 );
+    mbedtls_platform_zeroize( ssl->cur_out_ctr, sizeof( ssl->cur_out_ctr ) );
 
     ssl->transform_out = ssl->transform_negotiate;
     ssl->session_out = ssl->session_negotiate;
@@ -3324,7 +3327,7 @@ static void ssl_session_reset_msg_layer( mbedtls_ssl_context *ssl,
     ssl->out_msglen  = 0;
     ssl->out_left    = 0;
     memset( ssl->out_buf, 0, out_buf_len );
-    memset( ssl->cur_out_ctr, 0, sizeof( ssl->cur_out_ctr ) );
+    mbedtls_platform_zeroize( ssl->cur_out_ctr, sizeof( ssl->cur_out_ctr ) );
     ssl->transform_out = NULL;
 
 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
@@ -5778,7 +5781,7 @@ int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl,
     used += 8;
     if( used <= buf_len )
     {
-        memcpy( p, ssl->cur_out_ctr, 8 );
+        memcpy( p, ssl->cur_out_ctr, sizeof( ssl->cur_out_ctr ) );
         p += 8;
     }
 
@@ -6035,11 +6038,11 @@ static int ssl_context_load( mbedtls_ssl_context *ssl,
     ssl->disable_datagram_packing = *p++;
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 
-    if( (size_t)( end - p ) < 8 )
+    if( (size_t)( end - p ) < sizeof( ssl->cur_out_ctr ) )
         return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
 
-    memcpy( ssl->cur_out_ctr, p, 8 );
-    p += 8;
+    memcpy( ssl->cur_out_ctr, p, sizeof( ssl->cur_out_ctr ) );
+    p += sizeof( ssl->cur_out_ctr );
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
     if( (size_t)( end - p ) < 2 )

From 946c9204757da344755d3265a779270ef578c1cb Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Tue, 28 Sep 2021 14:32:55 +0100
Subject: [PATCH 633/966] Add safety for nonce length to internal driver

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto_aead.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c
index 5e36932e7c..bc37a043e6 100644
--- a/library/psa_crypto_aead.c
+++ b/library/psa_crypto_aead.c
@@ -412,6 +412,16 @@ psa_status_t mbedtls_psa_aead_set_nonce(
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
     if( operation->alg == PSA_ALG_CHACHA20_POLY1305 )
     {
+        /* Note - ChaChaPoly allows an 8 byte nonce, but we would have to
+         * allocate a buffer in the operation, copy the nonce to it and pad
+         * it, so for now check the nonce is 12 bytes, as
+         * mbedtls_chachapoly_starts() assumes it can read 12 bytes from the
+         * passed in buffer. */
+        if( nonce_length != 12 )
+        {
+            return( PSA_ERROR_INVALID_ARGUMENT );
+        }
+
         status = mbedtls_to_psa_error(
            mbedtls_chachapoly_starts( &operation->ctx.chachapoly,
                                       nonce,

From 814f0c5fb1e8c47aa7e27c8216e98a6393a8c56e Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Tue, 28 Sep 2021 14:41:22 +0100
Subject: [PATCH 634/966] Remove check for lack of supported ciphers

Add comment explaining (currently) empty function.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto_aead.c | 12 ++----------
 1 file changed, 2 insertions(+), 10 deletions(-)

diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c
index bc37a043e6..a72865c04c 100644
--- a/library/psa_crypto_aead.c
+++ b/library/psa_crypto_aead.c
@@ -446,20 +446,12 @@ psa_status_t mbedtls_psa_aead_set_lengths(
     size_t ad_length,
     size_t plaintext_length )
 {
-
+    /* Nothing here yet, work is currently done in PSA Core, however support
+     * for CCM will require this function. */
     ( void ) operation;
     ( void ) ad_length;
     ( void ) plaintext_length;
 
-#if !defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) && \
-    !defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) && \
-    !defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
-    {
-        return ( PSA_ERROR_NOT_SUPPORTED );
-    }
-#endif /* !MBEDTLS_PSA_BUILTIN_ALG_GCM && !MBEDTLS_PSA_BUILTIN_ALG_CCM &&
-         !MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) */
-
     return ( PSA_SUCCESS );
 }
 

From 8ee9ed6785e1f9ded44f1bd07401b0b70c524479 Mon Sep 17 00:00:00 2001
From: Ronald Cron <ronald.cron@arm.com>
Date: Tue, 28 Sep 2021 14:46:43 +0200
Subject: [PATCH 635/966] Fix and improve the documentation of supported groups

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
---
 docs/architecture/tls13-experimental.md | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/docs/architecture/tls13-experimental.md b/docs/architecture/tls13-experimental.md
index 5421492aee..b15d77ca61 100644
--- a/docs/architecture/tls13-experimental.md
+++ b/docs/architecture/tls13-experimental.md
@@ -135,9 +135,12 @@ MVP definition
 
   (2) The MVP sends one shared secret corresponding to the configured preferred
       group. The preferred group is the group of the first curve in the list of
-      allowed curves as defined by the configuration. By default, it is the
-      mandatory group as defined by section 9.1 of the specification,
-      `secp256r1`. The list of allowed curves can be set through the
+      allowed curves as defined by the configuration. The allowed curves are
+      by default ordered as follow: `secp256r1`, `x25519`, `secp384r1`
+      and finally `secp521r1`. This default order is aligned with the
+      list of mandatory-to-implement groups (in absence of an application
+      profile standard specifying otherwise) defined in section 9.1 of the
+      specification. The list of allowed curves can be changed through the
       `mbedtls_ssl_conf_curves()` API.
 
   (3) The MVP proposes only TLS 1.3 and does not support version negociation.
@@ -148,11 +151,8 @@ MVP definition
       re-initiate a server handshake.
 
 - Supported groups: depends on the library configuration.
-  Minimally (as defined in section 9.1 of the TLS 1.3 specification):
-  secp256r1 and x25519.
-
-  Furthermore, depending on the library configuration, potentially:
-  secp384r1 and secp521r1.
+  Potentially all ECDHE groups but x448:
+  secp256r1, x25519, secp384r1 and secp521r1.
 
   Finite field groups (DHE) are not supported.
 

From fb877215b56152215622b44a48f0d8fe8e11e788 Mon Sep 17 00:00:00 2001
From: Ronald Cron <ronald.cron@arm.com>
Date: Tue, 28 Sep 2021 15:49:39 +0200
Subject: [PATCH 636/966] Fix supported signature documentation

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
---
 docs/architecture/tls13-experimental.md | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/docs/architecture/tls13-experimental.md b/docs/architecture/tls13-experimental.md
index b15d77ca61..5a73715b0e 100644
--- a/docs/architecture/tls13-experimental.md
+++ b/docs/architecture/tls13-experimental.md
@@ -156,12 +156,15 @@ MVP definition
 
   Finite field groups (DHE) are not supported.
 
-- Supported signature algorithms(both for certificates and CertificateVerify):
-  Minimally (as defined in section 9.1 of the TLS 1.3 specification):
-  rsa_pkcs1_sha256, rsa_pss_rsae_sha256 and ecdsa_secp256r1_sha256
+- Supported signature algorithms (both for certificates and CertificateVerify):
+  depends on the library configuration.
+  Potentially:
+  rsa_pkcs1_sha256, rsa_pss_rsae_sha256, ecdsa_secp256r1_sha256,
+  ecdsa_secp384r1_sha384 and ecdsa_secp521r1_sha512.
 
-  Furthermore, depending on the library configuration, potentially:
-  ecdsa_secp384r1_sha384 and ecdsa_secp521r1_sha512
+  Note that in absence of an application profile standard specifying otherwise
+  the three first ones in the list above are mandatory (see section 9.1 of the
+  specification).
 
 - Supported versions: only TLS 1.3, version negotiation is not supported.
 

From 7fc96c1a5731df5fa41bc4dca235e1f6ba62ffad Mon Sep 17 00:00:00 2001
From: Ronald Cron <ronald.cron@arm.com>
Date: Tue, 28 Sep 2021 15:54:57 +0200
Subject: [PATCH 637/966] Fix test description

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
---
 docs/architecture/tls13-experimental.md | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/docs/architecture/tls13-experimental.md b/docs/architecture/tls13-experimental.md
index 5a73715b0e..5d7c14f1bb 100644
--- a/docs/architecture/tls13-experimental.md
+++ b/docs/architecture/tls13-experimental.md
@@ -218,10 +218,9 @@ MVP definition
 - Quality considerations
   - Standard Mbed TLS review bar
   - Interoperability testing with OpenSSL and GnuTLS. Test with all the
-    cipher suites supported by OpenSSL/GnuTLS server with and without
-    certificate base authentication.
+    cipher suites and signature algorithms supported by OpenSSL/GnuTLS server.
   - Negative testing against OpenSSL/GnuTLS servers with which the
-    handshake fails due to imcompatibility with the capabilities of the
+    handshake fails due to incompatibility with the capabilities of the
     MVP: TLS 1.2 or 1.1 server, server sending an HelloRetryRequest message in
     response to the MVP ClientHello, server sending a CertificateRequest
     message ...

From baff51c8b7d0e6d9e023fa4f0cea4410fc08f719 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Tue, 28 Sep 2021 17:44:45 +0100
Subject: [PATCH 638/966] Make sure nonce length checks use base algorithm

Nonce length checks are now being used in the oneshot AEAD code as well,
which passes variant algorithms, not the base version, so need to
convert to base if necessary.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto.c | 30 ++++++++++++++++--------------
 1 file changed, 16 insertions(+), 14 deletions(-)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 42abdf5c46..395a697308 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3609,12 +3609,20 @@ exit:
 /* AEAD */
 /****************************************************************/
 
-/* Helper to perform common nonce length checks. */
+/* Helper function to get the base algorithm from its variants. */
+static psa_algorithm_t psa_aead_get_base_algorithm( psa_algorithm_t alg )
+{
+    return PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG( alg );
+}
+
+/* Helper function to perform common nonce length checks. */
 static psa_status_t psa_aead_check_nonce_length( psa_algorithm_t alg,
                                                  size_t nonce_length )
 {
+    psa_algorithm_t base_alg = psa_aead_get_base_algorithm( alg );
+
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
-    if( alg == PSA_ALG_GCM )
+    if( base_alg == PSA_ALG_GCM )
     {
         /* Not checking max nonce size here as GCM spec allows almost
          * arbitrarily large nonces. Please note that we do not generally
@@ -3627,7 +3635,7 @@ static psa_status_t psa_aead_check_nonce_length( psa_algorithm_t alg,
     }
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
-    if( alg == PSA_ALG_CCM )
+    if( base_alg == PSA_ALG_CCM )
     {
         if( nonce_length < 7 || nonce_length > 13 )
             return( PSA_ERROR_NOT_SUPPORTED );
@@ -3635,11 +3643,11 @@ static psa_status_t psa_aead_check_nonce_length( psa_algorithm_t alg,
     else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
-        if( alg == PSA_ALG_CHACHA20_POLY1305 )
-        {
-            if( nonce_length != 12 )
-                return( PSA_ERROR_NOT_SUPPORTED );
-        }
+    if( base_alg == PSA_ALG_CHACHA20_POLY1305 )
+    {
+        if( nonce_length != 12 )
+            return( PSA_ERROR_NOT_SUPPORTED );
+    }
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
 
     return PSA_SUCCESS;
@@ -3745,12 +3753,6 @@ exit:
     return( status );
 }
 
-/* Helper function to get the base algorithm from its variants. */
-static psa_algorithm_t psa_aead_get_base_algorithm( psa_algorithm_t alg )
-{
-    return PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG( alg );
-}
-
 /* Set the key for a multipart authenticated operation. */
 static psa_status_t psa_aead_setup( psa_aead_operation_t *operation,
                                     int is_encrypt,

From d96a5c2d86ee01c61f3c8d8a16f16d351b72fc82 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Wed, 29 Sep 2021 17:46:51 +0800
Subject: [PATCH 639/966] Fix wrong usage of counter len macro

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 include/mbedtls/ssl.h |  2 +-
 library/ssl_msg.c     | 14 ++++++++------
 library/ssl_srv.c     |  2 +-
 library/ssl_tls.c     |  9 ++++-----
 4 files changed, 14 insertions(+), 13 deletions(-)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index d2f4361388..2b75267e84 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -593,7 +593,7 @@ union mbedtls_ssl_premaster_secret
 
 #define MBEDTLS_PREMASTER_SIZE     sizeof( union mbedtls_ssl_premaster_secret )
 
-/* Length of in_ctr buffer in mbedtls_ssl_session */
+/* Length in number of bytes of the TLS sequence number */
 #define MBEDTLS_SSL_COUNTER_LEN 8
 
 #ifdef __cplusplus
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 25e3ca3ec2..e636762c53 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -2101,7 +2101,7 @@ void mbedtls_ssl_flight_free( mbedtls_ssl_flight_item *flight )
 static int ssl_swap_epochs( mbedtls_ssl_context *ssl )
 {
     mbedtls_ssl_transform *tmp_transform;
-    unsigned char tmp_out_ctr[8];
+    unsigned char tmp_out_ctr[MBEDTLS_SSL_COUNTER_LEN];
 
     if( ssl->transform_out == ssl->handshake->alt_transform_out )
     {
@@ -2117,9 +2117,11 @@ static int ssl_swap_epochs( mbedtls_ssl_context *ssl )
     ssl->handshake->alt_transform_out = tmp_transform;
 
     /* Swap epoch + sequence_number */
-    memcpy( tmp_out_ctr,                 ssl->cur_out_ctr,            sizeof( ssl->cur_out_ctr ) );
-    memcpy( ssl->cur_out_ctr,            ssl->handshake->alt_out_ctr, sizeof( ssl->cur_out_ctr ) );
-    memcpy( ssl->handshake->alt_out_ctr, tmp_out_ctr,                 sizeof( ssl->handshake->alt_out_ctr ) );
+    memcpy( tmp_out_ctr, ssl->cur_out_ctr, sizeof( tmp_out_ctr ) );
+    memcpy( ssl->cur_out_ctr, ssl->handshake->alt_out_ctr,
+            sizeof( ssl->cur_out_ctr ) );
+    memcpy( ssl->handshake->alt_out_ctr, tmp_out_ctr,
+            sizeof( ssl->handshake->alt_out_ctr ) );
 
     /* Adjust to the newly activated transform */
     mbedtls_ssl_update_out_pointers( ssl, ssl->transform_out );
@@ -2562,7 +2564,7 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush )
         mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver,
                            ssl->conf->transport, ssl->out_hdr + 1 );
 
-        memcpy( ssl->out_ctr, ssl->cur_out_ctr, sizeof( ssl->cur_out_ctr ) );
+        memcpy( ssl->out_ctr, ssl->cur_out_ctr, MBEDTLS_SSL_COUNTER_LEN );
         MBEDTLS_PUT_UINT16_BE( len, ssl->out_len, 0);
 
         if( ssl->transform_out != NULL )
@@ -2574,7 +2576,7 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush )
             rec.data_len    = ssl->out_msglen;
             rec.data_offset = ssl->out_msg - rec.buf;
 
-            memcpy( &rec.ctr[0], ssl->out_ctr, MBEDTLS_SSL_COUNTER_LEN );
+            memcpy( &rec.ctr[0], ssl->out_ctr, sizeof( rec.ctr ) );
             mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver,
                                        ssl->conf->transport, rec.ver );
             rec.type = ssl->out_msgtype;
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 79c160ea4a..e27fdff5e3 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -1221,7 +1221,7 @@ read_record_header:
         }
 
         memcpy( &ssl->cur_out_ctr[2], ssl->in_ctr + 2,
-                MBEDTLS_SSL_COUNTER_LEN - 2 );
+                sizeof( ssl->cur_out_ctr ) - 2 );
 
 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
         if( mbedtls_ssl_dtls_replay_check( ssl ) != 0 )
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index b22db47b5b..58b81ff26d 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -2821,7 +2821,7 @@ int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl )
         /* Remember current epoch settings for resending */
         ssl->handshake->alt_transform_out = ssl->transform_out;
         memcpy( ssl->handshake->alt_out_ctr, ssl->cur_out_ctr,
-                sizeof( ssl->cur_out_ctr ) );
+                sizeof( ssl->handshake->alt_out_ctr ) );
 
         /* Set sequence_number to zero */
         mbedtls_platform_zeroize( &ssl->cur_out_ctr[2],
@@ -5778,11 +5778,11 @@ int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl,
     }
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 
-    used += 8;
+    used += MBEDTLS_SSL_COUNTER_LEN;
     if( used <= buf_len )
     {
-        memcpy( p, ssl->cur_out_ctr, sizeof( ssl->cur_out_ctr ) );
-        p += 8;
+        memcpy( p, ssl->cur_out_ctr, MBEDTLS_SSL_COUNTER_LEN );
+        p += MBEDTLS_SSL_COUNTER_LEN;
     }
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
@@ -6040,7 +6040,6 @@ static int ssl_context_load( mbedtls_ssl_context *ssl,
 
     if( (size_t)( end - p ) < sizeof( ssl->cur_out_ctr ) )
         return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
     memcpy( ssl->cur_out_ctr, p, sizeof( ssl->cur_out_ctr ) );
     p += sizeof( ssl->cur_out_ctr );
 

From 8c4eb88fe35d42c5f57868c34135e0cd8f45f1f2 Mon Sep 17 00:00:00 2001
From: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
Date: Wed, 29 Sep 2021 12:10:32 +0200
Subject: [PATCH 640/966] test_suite_cipher: add tests for
 mbedtls_cipher_setup_psa() with ECB

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
---
 tests/suites/test_suite_cipher.aes.data | 96 +++++++++++++++++++++++++
 tests/suites/test_suite_cipher.function |  8 +++
 2 files changed, 104 insertions(+)

diff --git a/tests/suites/test_suite_cipher.aes.data b/tests/suites/test_suite_cipher.aes.data
index 4dbdd52529..4ad593a3a2 100644
--- a/tests/suites/test_suite_cipher.aes.data
+++ b/tests/suites/test_suite_cipher.aes.data
@@ -1798,6 +1798,102 @@ AES-256-CBC crypt Decrypt NIST KAT #4 PSA
 depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
 test_vec_crypt:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"5c9d844ed46f9885085e5d6a4f94c7d7":"014730f80ac625fe84f026c60bfd547d":0:1
 
+AES-128-ECB crypt Encrypt NIST KAT #1 PSA
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_ENCRYPT:"00000000000000000000000000000000":"00000000000000000000000000000000":"80000000000000000000000000000000":"3ad78e726c1ec02b7ebfe92b23d9ec34":0:1
+
+AES-128-ECB crypt Encrypt NIST KAT #2 PSA
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_ENCRYPT:"ffffffffffffffffffffffffffffe000":"00000000000000000000000000000000":"00000000000000000000000000000000":"323994cfb9da285a5d9642e1759b224a":0:1
+
+AES-128-ECB crypt Encrypt NIST KAT #3 PSA
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_ENCRYPT:"10a58869d74be5a374cf867cfb473859":"00000000000000000000000000000000":"00000000000000000000000000000000":"6d251e6944b051e04eaa6fb4dbf78465":0:1
+
+AES-128-ECB crypt Encrypt NIST KAT #4 PSA
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_ENCRYPT:"00000000000000000000000000000000":"00000000000000000000000000000000":"f34481ec3cc627bacd5dc3fb08f273e6":"0336763e966d92595a567cc9ce537f5e":0:1
+
+AES-128-ECB crypt Decrypt NIST KAT #1 PSA
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"00000000000000000000000000000000":"3ad78e726c1ec02b7ebfe92b23d9ec34":"80000000000000000000000000000000":0:1
+
+AES-128-ECB crypt Decrypt NIST KAT #2 PSA
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"ffffc000000000000000000000000000":"00000000000000000000000000000000":"df556a33438db87bc41b1752c55e5e49":"00000000000000000000000000000000":0:1
+
+AES-128-ECB crypt Decrypt NIST KAT #3 PSA
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"10a58869d74be5a374cf867cfb473859":"00000000000000000000000000000000":"6d251e6944b051e04eaa6fb4dbf78465":"00000000000000000000000000000000":0:1
+
+AES-128-ECB crypt Decrypt NIST KAT #4 PSA
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"00000000000000000000000000000000":"0336763e966d92595a567cc9ce537f5e":"f34481ec3cc627bacd5dc3fb08f273e6":0:1
+
+AES-192-ECB crypt Encrypt NIST KAT #1 PSA
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_ENCRYPT:"000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"80000000000000000000000000000000":"6cd02513e8d4dc986b4afe087a60bd0c":0:1
+
+AES-192-ECB crypt Encrypt NIST KAT #2 PSA
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_ENCRYPT:"ff0000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"00000000000000000000000000000000":"833f71258d53036b02952c76c744f5a1":0:1
+
+AES-192-ECB crypt Encrypt NIST KAT #3 PSA
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_ENCRYPT:"e9f065d7c13573587f7875357dfbb16c53489f6a4bd0f7cd":"00000000000000000000000000000000":"00000000000000000000000000000000":"0956259c9cd5cfd0181cca53380cde06":0:1
+
+AES-192-ECB crypt Encrypt NIST KAT #4 PSA
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_ENCRYPT:"000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"1b077a6af4b7f98229de786d7516b639":"275cfc0413d8ccb70513c3859b1d0f72":0:1
+
+AES-192-ECB crypt Decrypt NIST KAT #1 PSA
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"6cd02513e8d4dc986b4afe087a60bd0c":"80000000000000000000000000000000":0:1
+
+AES-192-ECB crypt Decrypt NIST KAT #2 PSA
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"ffe000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"7ababc4b3f516c9aafb35f4140b548f9":"00000000000000000000000000000000":0:1
+
+AES-192-ECB crypt Decrypt NIST KAT #3 PSA
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"e9f065d7c13573587f7875357dfbb16c53489f6a4bd0f7cd":"00000000000000000000000000000000":"0956259c9cd5cfd0181cca53380cde06":"00000000000000000000000000000000":0:1
+
+AES-192-ECB crypt Decrypt NIST KAT #4 PSA
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"275cfc0413d8ccb70513c3859b1d0f72":"1b077a6af4b7f98229de786d7516b639":0:1
+
+AES-256-ECB crypt Encrypt NIST KAT #1 PSA
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_ENCRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"80000000000000000000000000000000":"ddc6bf790c15760d8d9aeb6f9a75fd4e":0:1
+
+AES-256-ECB crypt Encrypt NIST KAT #2 PSA
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_ENCRYPT:"ff00000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"00000000000000000000000000000000":"ec52a212f80a09df6317021bc2a9819e":0:1
+
+AES-256-ECB crypt Encrypt NIST KAT #3 PSA
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_ENCRYPT:"c47b0294dbbbee0fec4757f22ffeee3587ca4730c3d33b691df38bab076bc558":"00000000000000000000000000000000":"00000000000000000000000000000000":"46f2fb342d6f0ab477476fc501242c5f":0:1
+
+AES-256-ECB crypt Encrypt NIST KAT #4 PSA
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_ENCRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"014730f80ac625fe84f026c60bfd547d":"5c9d844ed46f9885085e5d6a4f94c7d7":0:1
+
+AES-256-ECB crypt Decrypt NIST KAT #1 PSA
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"ddc6bf790c15760d8d9aeb6f9a75fd4e":"80000000000000000000000000000000":0:1
+
+AES-256-ECB crypt Decrypt NIST KAT #2 PSA
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"ffe0000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"d1ccb9b1337002cbac42c520b5d67722":"00000000000000000000000000000000":0:1
+
+AES-256-ECB crypt Decrypt NIST KAT #3 PSA
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"c47b0294dbbbee0fec4757f22ffeee3587ca4730c3d33b691df38bab076bc558":"00000000000000000000000000000000":"46f2fb342d6f0ab477476fc501242c5f":"00000000000000000000000000000000":0:1
+
+AES-256-ECB crypt Decrypt NIST KAT #4 PSA
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"5c9d844ed46f9885085e5d6a4f94c7d7":"014730f80ac625fe84f026c60bfd547d":0:1
+
 Cipher Corner Case behaviours
 depends_on:MBEDTLS_AES_C
 cipher_special_behaviours:
diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function
index 674349f764..20d48e2a1b 100644
--- a/tests/suites/test_suite_cipher.function
+++ b/tests/suites/test_suite_cipher.function
@@ -950,6 +950,14 @@ void test_vec_crypt( int cipher_id, int operation, data_t *key,
     if( use_psa == 1 )
     {
         PSA_ASSERT( psa_crypto_init( ) );
+
+        if (cipher_id == MBEDTLS_CIPHER_AES_192_ECB ||
+            cipher_id == MBEDTLS_CIPHER_AES_256_ECB)
+        {
+            TEST_ASSERT( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE == mbedtls_cipher_setup_psa( &ctx,
+                        mbedtls_cipher_info_from_type( cipher_id ), 0 ) );
+            goto exit;
+        }
         TEST_ASSERT( 0 == mbedtls_cipher_setup_psa( &ctx,
                               mbedtls_cipher_info_from_type( cipher_id ), 0 ) );
     }

From 80c6a8e1a6301a0084954dc509515267770026a2 Mon Sep 17 00:00:00 2001
From: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
Date: Wed, 29 Sep 2021 12:13:11 +0200
Subject: [PATCH 641/966] Add PSA support for MBEDTLS_CIPHER_AES_128_ECB

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
---
 include/mbedtls/psa_util.h | 1 +
 library/cipher.c           | 9 ++++++---
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h
index f6f2e58054..31a1254b9f 100644
--- a/include/mbedtls/psa_util.h
+++ b/include/mbedtls/psa_util.h
@@ -57,6 +57,7 @@ static inline psa_key_type_t mbedtls_psa_translate_cipher_type(
         case MBEDTLS_CIPHER_AES_128_CBC:
         case MBEDTLS_CIPHER_AES_192_CBC:
         case MBEDTLS_CIPHER_AES_256_CBC:
+        case MBEDTLS_CIPHER_AES_128_ECB:
             return( PSA_KEY_TYPE_AES );
 
         /* ARIA not yet supported in PSA. */
diff --git a/library/cipher.c b/library/cipher.c
index 546cace552..dc801894b7 100644
--- a/library/cipher.c
+++ b/library/cipher.c
@@ -1266,9 +1266,12 @@ int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx,
         if( status != PSA_SUCCESS )
             return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
 
-        status = psa_cipher_set_iv( &cipher_op, iv, iv_len );
-        if( status != PSA_SUCCESS )
-            return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
+        if( ctx->cipher_info->mode != MBEDTLS_MODE_ECB )
+        {
+            status = psa_cipher_set_iv( &cipher_op, iv, iv_len );
+            if( status != PSA_SUCCESS )
+                return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
+        }
 
         status = psa_cipher_update( &cipher_op,
                                     input, ilen,

From e716e6c00bcc81e54d233b430319b544b065cd75 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Wed, 29 Sep 2021 14:10:20 +0100
Subject: [PATCH 642/966] Switch cipher enabled macros

Switch from using MBEDTLS_PSA_BUILTIN_ macros over to using PSA_WANT_
macros, as code was moved from the internal drivers to the PSA Core.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto.c | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 395a697308..ea02f24d1d 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3621,7 +3621,7 @@ static psa_status_t psa_aead_check_nonce_length( psa_algorithm_t alg,
 {
     psa_algorithm_t base_alg = psa_aead_get_base_algorithm( alg );
 
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
+#if defined(PSA_WANT_ALG_GCM)
     if( base_alg == PSA_ALG_GCM )
     {
         /* Not checking max nonce size here as GCM spec allows almost
@@ -3633,22 +3633,22 @@ static psa_status_t psa_aead_check_nonce_length( psa_algorithm_t alg,
         if( nonce_length == 0 )
             return( PSA_ERROR_NOT_SUPPORTED );
     }
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
+#endif /* PSA_WANT_ALG_GCM */
+#if defined(PSA_WANT_ALG_CCM)
     if( base_alg == PSA_ALG_CCM )
     {
         if( nonce_length < 7 || nonce_length > 13 )
             return( PSA_ERROR_NOT_SUPPORTED );
     }
     else
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
+#endif /* PSA_WANT_ALG_CCM */
+#if defined(PSA_WANT_ALG_CHACHA20_POLY1305)
     if( base_alg == PSA_ALG_CHACHA20_POLY1305 )
     {
         if( nonce_length != 12 )
             return( PSA_ERROR_NOT_SUPPORTED );
     }
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
+#endif /* PSA_WANT_ALG_CHACHA20_POLY1305 */
 
     return PSA_SUCCESS;
 }
@@ -3951,7 +3951,7 @@ psa_status_t psa_aead_set_lengths( psa_aead_operation_t *operation,
         goto exit;
     }
 
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
+#if defined(PSA_WANT_ALG_GCM)
     if( operation->alg == PSA_ALG_GCM )
     {
         /* Lengths can only be too large for GCM if size_t is bigger than 32
@@ -3967,8 +3967,8 @@ psa_status_t psa_aead_set_lengths( psa_aead_operation_t *operation,
 #endif
     }
     else
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
+#endif /* PSA_WANT_ALG_GCM */
+#if defined(PSA_WANT_ALG_CCM)
     if( operation->alg == PSA_ALG_CCM )
     {
         if( ad_length > 0xFF00 )
@@ -3978,13 +3978,13 @@ psa_status_t psa_aead_set_lengths( psa_aead_operation_t *operation,
         }
     }
     else
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
+#endif /* PSA_WANT_ALG_CCM */
+#if defined(PSA_WANT_ALG_CHACHA20_POLY1305)
     if( operation->alg == PSA_ALG_CHACHA20_POLY1305 )
     {
         /* No length restrictions for ChaChaPoly. */
     }
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
+#endif /* PSA_WANT_ALG_CHACHA20_POLY1305 */
 
     status = psa_driver_wrapper_aead_set_lengths( operation, ad_length,
                                                   plaintext_length );

From 355f59edbe7ef021131f1dc378a10013eb668c5f Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Wed, 29 Sep 2021 14:16:19 +0100
Subject: [PATCH 643/966] Fix formatting issues

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index ea02f24d1d..ee2eec59b5 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3912,7 +3912,6 @@ psa_status_t psa_aead_set_nonce( psa_aead_operation_t *operation,
     }
 
     status = psa_aead_check_nonce_length( operation->alg, nonce_length );
-
     if( status != PSA_SUCCESS )
     {
         status = PSA_ERROR_INVALID_ARGUMENT;
@@ -3955,8 +3954,8 @@ psa_status_t psa_aead_set_lengths( psa_aead_operation_t *operation,
     if( operation->alg == PSA_ALG_GCM )
     {
         /* Lengths can only be too large for GCM if size_t is bigger than 32
-        * bits. Without the guard this code will generate warnings on 32bit
-        * builds */
+         * bits. Without the guard this code will generate warnings on 32bit
+         * builds. */
 #if SIZE_MAX > UINT32_MAX
         if( (( uint64_t ) ad_length ) >> 61 != 0 ||
             (( uint64_t ) plaintext_length ) > 0xFFFFFFFE0ull )

From 60116aee9e86206caf8e16d8b2da7a4205d9735a Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Wed, 29 Sep 2021 14:19:11 +0100
Subject: [PATCH 644/966] Invert logic on nonce length tests

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto.c | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index ee2eec59b5..ece64b100d 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3630,27 +3630,27 @@ static psa_status_t psa_aead_check_nonce_length( psa_algorithm_t alg,
          * PSA_AEAD_NONCE_MAX_SIZE, as large nonces are hashed to a shorter
          * size, which can then lead to collisions if you encrypt a very
          * large number of messages.*/
-        if( nonce_length == 0 )
-            return( PSA_ERROR_NOT_SUPPORTED );
+        if( nonce_length != 0 )
+            return( PSA_SUCCESS );
     }
 #endif /* PSA_WANT_ALG_GCM */
 #if defined(PSA_WANT_ALG_CCM)
     if( base_alg == PSA_ALG_CCM )
     {
-        if( nonce_length < 7 || nonce_length > 13 )
-            return( PSA_ERROR_NOT_SUPPORTED );
+        if( nonce_length >= 7 && nonce_length <= 13 )
+            return( PSA_SUCCESS );
     }
     else
 #endif /* PSA_WANT_ALG_CCM */
 #if defined(PSA_WANT_ALG_CHACHA20_POLY1305)
     if( base_alg == PSA_ALG_CHACHA20_POLY1305 )
     {
-        if( nonce_length != 12 )
-            return( PSA_ERROR_NOT_SUPPORTED );
+        if( nonce_length == 12 )
+            return( PSA_SUCCESS );
     }
 #endif /* PSA_WANT_ALG_CHACHA20_POLY1305 */
 
-    return PSA_SUCCESS;
+    return( PSA_ERROR_NOT_SUPPORTED );
 }
 
 psa_status_t psa_aead_encrypt( mbedtls_svc_key_id_t key,

From 4ef7bd8595a8264cad957dca868c317691ed11e7 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Tue, 28 Sep 2021 21:23:57 +0200
Subject: [PATCH 645/966] Simplify PSA_ALG_AEAD_WITH_SHORTENED_TAG with
 full-length tag

Only use PSA_ALG_AEAD_WITH_SHORTENED_TAG with the default tag length when
it's part of a series or when the tag length is a critical part of the test.
Don't use it when the tag length is secondary, to make the test data easier
to read.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 tests/suites/test_suite_psa_crypto.data | 29 +++++++++++++------------
 1 file changed, 15 insertions(+), 14 deletions(-)

diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index f83f83b86b..7830968ce2 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -3212,19 +3212,19 @@ aead_multipart_verify:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909
 
 PSA Multipart Nonce Generation, AES - GCM, NONCE = (Req 12 / Expect 12)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_generate_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):12:12:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS
+aead_multipart_generate_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_GCM:12:12:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS
 
 PSA Multipart Nonce Generation, AES - GCM, NONCE = (Req 11 / Expect 0)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_generate_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):11:0:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_ERROR_BUFFER_TOO_SMALL
+aead_multipart_generate_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_GCM:11:0:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_ERROR_BUFFER_TOO_SMALL
 
 PSA Multipart Nonce Generation, AES - GCM, NONCE = (Req 0 / Expect 0)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_generate_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):0:0:"":"":PSA_ERROR_BUFFER_TOO_SMALL
+aead_multipart_generate_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_GCM:0:0:"":"":PSA_ERROR_BUFFER_TOO_SMALL
 
 PSA Multipart Nonce Generation, AES - GCM, NONCE = (Req 16 / Expect 12)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_generate_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):16:12:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS
+aead_multipart_generate_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_GCM:16:12:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS
 
 PSA Multipart Nonce Generation: ChaCha20 - Poly1305, NONCE = (Req 12 / Expect 12)
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
@@ -3244,19 +3244,20 @@ aead_multipart_generate_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8
 
 PSA Multipart Set Nonce, AES - GCM, NONCE = 0 (NULL)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):0:"":"":PSA_ERROR_INVALID_ARGUMENT
+aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_GCM:0:"":"":PSA_ERROR_INVALID_ARGUMENT
 
 PSA Multipart Set Nonce, AES - GCM, NONCE = 0 (Non-NULL)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):-1:"":"":PSA_ERROR_INVALID_ARGUMENT
+aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_GCM:-1:"":"":PSA_ERROR_INVALID_ARGUMENT
 
 PSA Multipart Set Nonce, AES - GCM, NONCE = 16
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):16:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS
+aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_GCM:16:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS
 
 PSA Multipart Set Nonce, AES - GCM, NONCE = 20
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):20:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS
+aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_GCM:20:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS
+
 
 PSA Multipart Set Nonce: ChaCha20 - Poly1305, NONCE = 11
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
@@ -3280,11 +3281,11 @@ aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f
 
 PSA AEAD output buffer test: AES - GCM, IN = 16, BUF = 15
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_update_buffer_test:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):15:"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":PSA_ERROR_BUFFER_TOO_SMALL
+aead_multipart_update_buffer_test:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_GCM:15:"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":PSA_ERROR_BUFFER_TOO_SMALL
 
 PSA AEAD output buffer test: AES - GCM, IN = 16, BUF = 0
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_update_buffer_test:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):0:"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":PSA_ERROR_BUFFER_TOO_SMALL
+aead_multipart_update_buffer_test:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_GCM:0:"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":PSA_ERROR_BUFFER_TOO_SMALL
 
 PSA AEAD output buffer test: ChaCha20 - Poly1305 IN = 130, BUF = 129
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
@@ -3296,19 +3297,19 @@ aead_multipart_update_buffer_test:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8
 
 PSA AEAD finish buffer test: AES - GCM, BUF = 8, TAG = 16
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_finish_buffer_test:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):8:16:"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":PSA_ERROR_BUFFER_TOO_SMALL
+aead_multipart_finish_buffer_test:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_GCM:8:16:"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":PSA_ERROR_BUFFER_TOO_SMALL
 
 PSA AEAD finish buffer test: AES - GCM, BUF = 15, TAG = 20
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_finish_buffer_test:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):15:20:"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":PSA_SUCCESS
+aead_multipart_finish_buffer_test:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_GCM:15:20:"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":PSA_SUCCESS
 
 PSA AEAD finish buffer test: AES - GCM, BUF = 15, TAG = 15
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_finish_buffer_test:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):15:15:"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":PSA_ERROR_BUFFER_TOO_SMALL
+aead_multipart_finish_buffer_test:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_GCM:15:15:"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":PSA_ERROR_BUFFER_TOO_SMALL
 
 PSA AEAD finish buffer test: AES - GCM, BUF = 15, TAG = 0
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_finish_buffer_test:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):15:0:"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":PSA_ERROR_BUFFER_TOO_SMALL
+aead_multipart_finish_buffer_test:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_GCM:15:0:"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":PSA_ERROR_BUFFER_TOO_SMALL
 
 PSA AEAD finish buffer test: ChaCha20 - Poly1305, BUF = 0, TAG = 20
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20

From 96b332ccaca1395057d45fdb8be24b883446fb3f Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Tue, 28 Sep 2021 21:26:12 +0200
Subject: [PATCH 646/966] Test invalid nonce length for one-shot AEAD
 decryption

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 tests/suites/test_suite_psa_crypto.data | 36 +++++++++++++++++++++++++
 1 file changed, 36 insertions(+)

diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index 7830968ce2..21f52b28b8 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -2482,6 +2482,22 @@ PSA AEAD decrypt: AES-CCM, invalid tag length 18
 depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
 aead_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 18 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT
 
+PSA AEAD decrypt: AES-CCM, invalid nonce length 6
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
+aead_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:"48c090693056":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_NOT_SUPPORTED
+
+PSA AEAD decrypt: AES-CCM, invalid nonce length 14
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
+aead_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:"48c0906930561e0ab0ef4cd97200":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_NOT_SUPPORTED
+
+PSA AEAD decrypt: AES-CCM_8, invalid nonce length 6
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
+aead_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 8 ):"48c090693056":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_NOT_SUPPORTED
+
+PSA AEAD decrypt: AES-CCM_8, invalid nonce length 14
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
+aead_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 8 ):"48c0906930561e0ab0ef4cd97200":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_NOT_SUPPORTED
+
 PSA AEAD encrypt/decrypt, AES-GCM, 19 bytes #1
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":PSA_ALG_GCM:"000102030405060708090A0B0C0D0E0F":"000102030405060708090A0B":"0C0D0E0F101112131415161718191A1B1C1D1E":PSA_SUCCESS
@@ -2634,6 +2650,14 @@ PSA AEAD decrypt: AES-GCM, invalid tag length 2
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 2 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT
 
+PSA AEAD decrypt: AES-GCM, nonce=0 (bad)
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"":PSA_ERROR_NOT_SUPPORTED
+
+PSA AEAD decrypt: AES-GCM, nonce=0 (bad), TAG=12
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"":PSA_ERROR_NOT_SUPPORTED
+
 PSA AEAD decrypt: AES-GCM, invalid tag length 18
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 18 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT
@@ -2738,6 +2762,18 @@ PSA AEAD decrypt: ChaCha20-Poly1305 (good tag, zero-length input)
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
 aead_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"":"a0784d7a4716f3feb4f64e7f4b39bf04":"":PSA_SUCCESS
 
+PSA AEAD decrypt: ChaCha20-Poly1305 (nonce=8, not supported)
+depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
+aead_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"0700000040414243":"":"a0784d7a4716f3feb4f64e7f4b39bf04":"":PSA_ERROR_NOT_SUPPORTED
+
+PSA AEAD decrypt: ChaCha20-Poly1305 (nonce=11, too short)
+depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
+aead_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344":"":"a0784d7a4716f3feb4f64e7f4b39bf04":"":PSA_ERROR_NOT_SUPPORTED
+
+PSA AEAD decrypt: ChaCha20-Poly1305 (nonce=13, too long)
+depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
+aead_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"07000000404142434445464700":"":"a0784d7a4716f3feb4f64e7f4b39bf04":"":PSA_ERROR_NOT_SUPPORTED
+
 PSA AEAD encrypt/decrypt: invalid algorithm (CTR)
 depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
 aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CTR:"000102030405060708090A0B0C0D0E0F":"":"":PSA_ERROR_NOT_SUPPORTED

From cc12395c7b1faa9ce35a5dcf4c34981871e71f6f Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Tue, 28 Sep 2021 21:26:35 +0200
Subject: [PATCH 647/966] Test invalid nonce length for multipart AEAD with
 short tag

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 tests/suites/test_suite_psa_crypto.data | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index 21f52b28b8..5a91fcea28 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -3294,6 +3294,21 @@ PSA Multipart Set Nonce, AES - GCM, NONCE = 20
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
 aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_GCM:20:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS
 
+PSA Multipart Set Nonce, AES - GCM_12, NONCE = 0 (NULL)
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,12):0:"":"":PSA_ERROR_INVALID_ARGUMENT
+
+PSA Multipart Set Nonce, AES - GCM_12, NONCE = 0 (Non-NULL)
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,12):-1:"":"":PSA_ERROR_INVALID_ARGUMENT
+
+PSA Multipart Set Nonce, AES - GCM_12, NONCE = 16
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,12):16:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS
+
+PSA Multipart Set Nonce, AES - GCM_12, NONCE = 20
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,12):20:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS
 
 PSA Multipart Set Nonce: ChaCha20 - Poly1305, NONCE = 11
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20

From 5902cd64e2aa1e3e6be6fde498fa5b3d01fbe4bf Mon Sep 17 00:00:00 2001
From: Andrzej Kurek <andrzej.kurek@arm.com>
Date: Tue, 28 Sep 2021 10:00:32 -0400
Subject: [PATCH 648/966] Remove MBEDTLS_SSL_EXPORT_KEYS, making it always on
 This option only gated an ability to set a callback, but was deemed
 unnecessary as it was yet another define to remember when writing tests, or
 test configurations. Fixes #4653. Signed-off-by: Andrzej Kurek
 <andrzej.kurek@arm.com>

---
 ChangeLog.d/remove-ssl-export-keys.txt |  5 +++++
 configs/config-thread.h                |  1 -
 include/mbedtls/mbedtls_config.h       | 10 ----------
 include/mbedtls/ssl.h                  |  6 ------
 library/ssl_tls.c                      | 16 +++++-----------
 programs/ssl/ssl_client2.c             | 13 -------------
 programs/ssl/ssl_server2.c             | 13 -------------
 programs/ssl/ssl_test_common_source.c  |  3 ---
 programs/ssl/ssl_test_lib.h            |  4 ----
 tests/ssl-opt.sh                       |  1 -
 10 files changed, 10 insertions(+), 62 deletions(-)
 create mode 100644 ChangeLog.d/remove-ssl-export-keys.txt

diff --git a/ChangeLog.d/remove-ssl-export-keys.txt b/ChangeLog.d/remove-ssl-export-keys.txt
new file mode 100644
index 0000000000..1a4b31dcaa
--- /dev/null
+++ b/ChangeLog.d/remove-ssl-export-keys.txt
@@ -0,0 +1,5 @@
+Changes
+   * Remove MBEDTLS_SSL_EXPORT_KEYS, making it always on and increasing the
+     code size by about 80B on an M0 build. This option only gated an ability
+     to set a callback, but was deemed unnecessary as it was yet another define
+     to remember when writing tests, or test configurations. Fixes #4653.
diff --git a/configs/config-thread.h b/configs/config-thread.h
index be889a1874..36d8245106 100644
--- a/configs/config-thread.h
+++ b/configs/config-thread.h
@@ -45,7 +45,6 @@
 #define MBEDTLS_SSL_PROTO_DTLS
 #define MBEDTLS_SSL_DTLS_ANTI_REPLAY
 #define MBEDTLS_SSL_DTLS_HELLO_VERIFY
-#define MBEDTLS_SSL_EXPORT_KEYS
 
 /* mbed TLS modules */
 #define MBEDTLS_AES_C
diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index adc317dfef..fc42dfbd03 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@@ -1598,16 +1598,6 @@
  */
 #define MBEDTLS_SSL_SESSION_TICKETS
 
-/**
- * \def MBEDTLS_SSL_EXPORT_KEYS
- *
- * Enable support for exporting key block and master secret.
- * This is required for certain users of TLS, e.g. EAP-TLS.
- *
- * Comment this macro to disable support for key export
- */
-#define MBEDTLS_SSL_EXPORT_KEYS
-
 /**
  * \def MBEDTLS_SSL_SERVER_NAME_INDICATION
  *
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 725b156d5d..956afc6844 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1139,7 +1139,6 @@ typedef enum
 }
 mbedtls_tls_prf_types;
 
-#if defined(MBEDTLS_SSL_EXPORT_KEYS)
 typedef enum
 {
     MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET = 0,
@@ -1175,7 +1174,6 @@ typedef void mbedtls_ssl_export_keys_t( void *p_expkey,
                                         const unsigned char client_random[32],
                                         const unsigned char server_random[32],
                                         mbedtls_tls_prf_types tls_prf_type );
-#endif /* MBEDTLS_SSL_EXPORT_KEYS */
 
 /**
  * SSL/TLS configuration to be shared between mbedtls_ssl_context structures.
@@ -1617,11 +1615,9 @@ struct mbedtls_ssl_context
                             *   and #MBEDTLS_SSL_CID_DISABLED. */
 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
 
-#if defined(MBEDTLS_SSL_EXPORT_KEYS)
     /** Callback to export key block and master secret                      */
     mbedtls_ssl_export_keys_t *MBEDTLS_PRIVATE(f_export_keys);
     void *MBEDTLS_PRIVATE(p_export_keys);            /*!< context for key export callback    */
-#endif
 };
 
 /**
@@ -2194,7 +2190,6 @@ void mbedtls_ssl_conf_session_tickets_cb( mbedtls_ssl_config *conf,
         void *p_ticket );
 #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_SRV_C */
 
-#if defined(MBEDTLS_SSL_EXPORT_KEYS)
 /**
  * \brief   Configure a key export callback.
  *          (Default: none.)
@@ -2216,7 +2211,6 @@ void mbedtls_ssl_conf_session_tickets_cb( mbedtls_ssl_config *conf,
 void mbedtls_ssl_set_export_keys_cb( mbedtls_ssl_context *ssl,
                                      mbedtls_ssl_export_keys_t *f_export_keys,
                                      void *p_export_keys );
-#endif /* MBEDTLS_SSL_EXPORT_KEYS */
 
 #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
 /**
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 360419240f..f16157a528 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -587,7 +587,6 @@ static int ssl_use_opaque_psk( mbedtls_ssl_context const *ssl )
 #endif /* MBEDTLS_USE_PSA_CRYPTO &&
           MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
 
-#if defined(MBEDTLS_SSL_EXPORT_KEYS)
 static mbedtls_tls_prf_types tls_prf_get_type( mbedtls_ssl_tls_prf_cb *tls_prf )
 {
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
@@ -608,7 +607,6 @@ static mbedtls_tls_prf_types tls_prf_get_type( mbedtls_ssl_tls_prf_cb *tls_prf )
 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
     return( MBEDTLS_SSL_TLS_PRF_NONE );
 }
-#endif /* MBEDTLS_SSL_EXPORT_KEYS */
 
 int  mbedtls_ssl_tls_prf( const mbedtls_tls_prf_types prf,
                           const unsigned char *secret, size_t slen,
@@ -660,8 +658,9 @@ typedef int ssl_tls_prf_t(const unsigned char *, size_t, const char *,
  * - [in] randbytes: buffer holding ServerHello.random + ClientHello.random
  * - [in] minor_ver: SSL/TLS minor version
  * - [in] endpoint: client or server
- * - [in] ssl: optionally used for:
- *        - MBEDTLS_SSL_EXPORT_KEYS: ssl->conf->{f,p}_export_keys
+ * - [in] ssl: used for:
+ *        - ssl->conf->{f,p}_export_keys
+ *      [in] optionally used for:
  *        - MBEDTLS_DEBUG_C: ssl->conf->{f,p}_dbg
  */
 static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
@@ -694,9 +693,8 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
     const mbedtls_cipher_info_t *cipher_info;
     const mbedtls_md_info_t *md_info;
 
-#if !defined(MBEDTLS_SSL_EXPORT_KEYS) && \
-    !defined(MBEDTLS_DEBUG_C)
-    ssl = NULL; /* make sure we don't use it except for those cases */
+#if !defined(MBEDTLS_DEBUG_C)
+    ssl = NULL; /* make sure we don't use it except for this case */
     (void) ssl;
 #endif
 
@@ -960,7 +958,6 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
     ((void) mac_dec);
     ((void) mac_enc);
 
-#if defined(MBEDTLS_SSL_EXPORT_KEYS)
     if( ssl->f_export_keys != NULL )
     {
         ssl->f_export_keys( ssl->p_export_keys,
@@ -970,7 +967,6 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
                             randbytes,
                             tls_prf_get_type( tls_prf ) );
     }
-#endif
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
 
@@ -4229,7 +4225,6 @@ void mbedtls_ssl_conf_session_tickets_cb( mbedtls_ssl_config *conf,
 #endif
 #endif /* MBEDTLS_SSL_SESSION_TICKETS */
 
-#if defined(MBEDTLS_SSL_EXPORT_KEYS)
 void mbedtls_ssl_set_export_keys_cb( mbedtls_ssl_context *ssl,
                                      mbedtls_ssl_export_keys_t *f_export_keys,
                                      void *p_export_keys )
@@ -4237,7 +4232,6 @@ void mbedtls_ssl_set_export_keys_cb( mbedtls_ssl_context *ssl,
     ssl->f_export_keys = f_export_keys;
     ssl->p_export_keys = p_export_keys;
 }
-#endif
 
 #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
 void mbedtls_ssl_conf_async_private_cb(
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index a970503c87..a02d977ec9 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -207,7 +207,6 @@ int main( void )
 #define USAGE_TICKETS ""
 #endif /* MBEDTLS_SSL_SESSION_TICKETS */
 
-#if defined(MBEDTLS_SSL_EXPORT_KEYS)
 #define USAGE_EAP_TLS                                       \
     "    eap_tls=%%d          default: 0 (disabled)\n"
 #define USAGE_NSS_KEYLOG                                    \
@@ -230,12 +229,6 @@ int main( void )
 #else /* MBEDTLS_SSL_DTLS_SRTP */
 #define USAGE_SRTP ""
 #endif
-#else /* MBEDTLS_SSL_EXPORT_KEYS */
-#define USAGE_EAP_TLS ""
-#define USAGE_NSS_KEYLOG ""
-#define USAGE_NSS_KEYLOG_FILE ""
-#define USAGE_SRTP ""
-#endif /* MBEDTLS_SSL_EXPORT_KEYS */
 
 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
 #define USAGE_MAX_FRAG_LEN                                      \
@@ -729,7 +722,6 @@ int main( int argc, char *argv[] )
     unsigned char *context_buf = NULL;
     size_t context_buf_len;
 #endif
-#if defined(MBEDTLS_SSL_EXPORT_KEYS)
     unsigned char eap_tls_keymaterial[16];
     unsigned char eap_tls_iv[8];
     const char* eap_tls_label = "client EAP encryption";
@@ -747,7 +739,6 @@ int main( int argc, char *argv[] )
         MBEDTLS_TLS_SRTP_UNSET
     };
 #endif /* MBEDTLS_SSL_DTLS_SRTP */
-#endif /* MBEDTLS_SSL_EXPORT_KEYS */
 
 #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
     mbedtls_memory_buffer_alloc_init( alloc_buf, sizeof(alloc_buf) );
@@ -1962,7 +1953,6 @@ int main( int argc, char *argv[] )
         goto exit;
     }
 
-#if defined(MBEDTLS_SSL_EXPORT_KEYS)
     if( opt.eap_tls != 0 )
     {
         mbedtls_ssl_set_export_keys_cb( &ssl, eap_tls_key_derivation,
@@ -1981,7 +1971,6 @@ int main( int argc, char *argv[] )
                                         &dtls_srtp_keying );
     }
 #endif /* MBEDTLS_SSL_DTLS_SRTP */
-#endif /* MBEDTLS_SSL_EXPORT_KEYS */
 
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
     if( ( ret = mbedtls_ssl_set_hostname( &ssl, opt.server_name ) ) != 0 )
@@ -2169,7 +2158,6 @@ int main( int argc, char *argv[] )
     }
 #endif
 
-#if defined(MBEDTLS_SSL_EXPORT_KEYS)
     if( opt.eap_tls != 0  )
     {
         size_t j = 0;
@@ -2286,7 +2274,6 @@ int main( int argc, char *argv[] )
         }
     }
 #endif /* MBEDTLS_SSL_DTLS_SRTP */
-#endif /* MBEDTLS_SSL_EXPORT_KEYS */
     if( opt.reconnect != 0 )
     {
         mbedtls_printf("  . Saving session for reuse..." );
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index e8e4ed8aea..40a6902294 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -278,7 +278,6 @@ int main( void )
 #define USAGE_TICKETS ""
 #endif /* MBEDTLS_SSL_SESSION_TICKETS */
 
-#if defined(MBEDTLS_SSL_EXPORT_KEYS)
 #define USAGE_EAP_TLS                                       \
     "    eap_tls=%%d          default: 0 (disabled)\n"
 #define USAGE_NSS_KEYLOG                                    \
@@ -299,12 +298,6 @@ int main( void )
 #else /* MBEDTLS_SSL_DTLS_SRTP */
 #define USAGE_SRTP ""
 #endif
-#else /* MBEDTLS_SSL_EXPORT_KEYS */
-#define USAGE_EAP_TLS ""
-#define USAGE_NSS_KEYLOG ""
-#define USAGE_NSS_KEYLOG_FILE ""
-#define USAGE_SRTP ""
-#endif /* MBEDTLS_SSL_EXPORT_KEYS */
 
 #if defined(MBEDTLS_SSL_CACHE_C)
 #define USAGE_CACHE                                             \
@@ -1365,7 +1358,6 @@ int main( int argc, char *argv[] )
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
     psa_status_t status;
 #endif
-#if defined(MBEDTLS_SSL_EXPORT_KEYS)
     unsigned char eap_tls_keymaterial[16];
     unsigned char eap_tls_iv[8];
     const char* eap_tls_label = "client EAP encryption";
@@ -1383,7 +1375,6 @@ int main( int argc, char *argv[] )
          MBEDTLS_TLS_SRTP_UNSET
      };
 #endif /* MBEDTLS_SSL_DTLS_SRTP */
-#endif /* MBEDTLS_SSL_EXPORT_KEYS */
 
 #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
     mbedtls_memory_buffer_alloc_init( alloc_buf, sizeof(alloc_buf) );
@@ -2966,7 +2957,6 @@ int main( int argc, char *argv[] )
         goto exit;
     }
 
-#if defined(MBEDTLS_SSL_EXPORT_KEYS)
     if( opt.eap_tls != 0 )
     {
         mbedtls_ssl_set_export_keys_cb( &ssl, eap_tls_key_derivation,
@@ -2985,7 +2975,6 @@ int main( int argc, char *argv[] )
                                         &dtls_srtp_keying );
     }
 #endif /* MBEDTLS_SSL_DTLS_SRTP */
-#endif /* MBEDTLS_SSL_EXPORT_KEYS */
 
     io_ctx.ssl = &ssl;
     io_ctx.net = &client_fd;
@@ -3251,7 +3240,6 @@ handshake:
 #endif /* MBEDTLS_X509_REMOVE_INFO */
 #endif /* MBEDTLS_X509_CRT_PARSE_C */
 
-#if defined(MBEDTLS_SSL_EXPORT_KEYS)
     if( opt.eap_tls != 0 )
     {
         size_t j = 0;
@@ -3369,7 +3357,6 @@ handshake:
         }
     }
 #endif /* MBEDTLS_SSL_DTLS_SRTP */
-#endif /* MBEDTLS_SSL_EXPORT_KEYS */
 
 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
     ret = report_cid_usage( &ssl, "initial handshake" );
diff --git a/programs/ssl/ssl_test_common_source.c b/programs/ssl/ssl_test_common_source.c
index 6ec4171a89..62cd35de8f 100644
--- a/programs/ssl/ssl_test_common_source.c
+++ b/programs/ssl/ssl_test_common_source.c
@@ -24,7 +24,6 @@
  *  limitations under the License.
  */
 
-#if defined(MBEDTLS_SSL_EXPORT_KEYS)
 void eap_tls_key_derivation( void *p_expkey,
                              mbedtls_ssl_key_export_type secret_type,
                              const unsigned char *secret,
@@ -140,8 +139,6 @@ void dtls_srtp_key_derivation( void *p_expkey,
 }
 #endif /* MBEDTLS_SSL_DTLS_SRTP */
 
-#endif /* MBEDTLS_SSL_EXPORT_KEYS */
-
 int ssl_check_record( mbedtls_ssl_context const *ssl,
                       unsigned char const *buf, size_t len )
 {
diff --git a/programs/ssl/ssl_test_lib.h b/programs/ssl/ssl_test_lib.h
index f9e031b587..6b9e7b8da7 100644
--- a/programs/ssl/ssl_test_lib.h
+++ b/programs/ssl/ssl_test_lib.h
@@ -95,8 +95,6 @@
 
 #include "../test/query_config.h"
 
-#if defined(MBEDTLS_SSL_EXPORT_KEYS)
-
 typedef struct eap_tls_keys
 {
     unsigned char master_secret[48];
@@ -122,8 +120,6 @@ typedef struct dtls_srtp_keys
 
 #endif /* MBEDTLS_SSL_DTLS_SRTP */
 
-#endif /* MBEDTLS_SSL_EXPORT_KEYS */
-
 typedef struct
 {
     mbedtls_ssl_context *ssl;
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 39499d441c..e641396aa3 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -8613,7 +8613,6 @@ run_test    "DTLS proxy: 3d, gnutls server, fragmentation, nbio" \
             -s "Extra-header:" \
             -c "Extra-header:"
 
-requires_config_enabled MBEDTLS_SSL_EXPORT_KEYS
 run_test    "export keys functionality" \
             "$P_SRV eap_tls=1 debug_level=3" \
             "$P_CLI eap_tls=1 debug_level=3" \

From 324f72ec9c6e77ec4bd215f6d19cd7b7c6e57c58 Mon Sep 17 00:00:00 2001
From: Andrzej Kurek <andrzej.kurek@arm.com>
Date: Wed, 29 Sep 2021 04:21:21 -0400
Subject: [PATCH 649/966] Fix a bug where the ssl context is used after it's
 nullified When not using DEBUG_C, but using the DTLS CID feature - a null
 pointer was accessed in ssl_tls.c. Signed-off-by: Andrzej Kurek
 <andrzej.kurek@arm.com>

---
 library/ssl_tls.c    |  5 +++--
 tests/scripts/all.sh | 12 ++++++++++++
 2 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index f16157a528..821506ff77 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -693,8 +693,9 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
     const mbedtls_cipher_info_t *cipher_info;
     const mbedtls_md_info_t *md_info;
 
-#if !defined(MBEDTLS_DEBUG_C)
-    ssl = NULL; /* make sure we don't use it except for this case */
+#if !defined(MBEDTLS_DEBUG_C) && \
+    !defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+    ssl = NULL; /* make sure we don't use it except for these cases */
     (void) ssl;
 #endif
 
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index f30795c226..00939a7386 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -2083,6 +2083,18 @@ component_test_variable_ssl_in_out_buffer_len_CID () {
     tests/compat.sh
 }
 
+component_test_CID_no_debug() {
+    msg "build: Connection ID enabled, debug disabled"
+    scripts/config.py unset MBEDTLS_DEBUG_C
+    scripts/config.py set MBEDTLS_SSL_DTLS_CONNECTION_ID
+
+    CC=gcc cmake .
+    make
+
+    msg "test: Connection ID enabled, debug disabled"
+    make test
+}
+
 component_test_ssl_alloc_buffer_and_mfl () {
     msg "build: default config with memory buffer allocator and MFL extension"
     scripts/config.py set MBEDTLS_MEMORY_BUFFER_ALLOC_C

From 8739f0fb8d92e8a5e73259ed74f98c03ca19af86 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Wed, 29 Sep 2021 16:16:47 +0100
Subject: [PATCH 650/966] Fix incorrect nonce length on oneshot test

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 tests/suites/test_suite_psa_crypto.data | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index 5a91fcea28..063629e599 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -2768,7 +2768,7 @@ aead_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495
 
 PSA AEAD decrypt: ChaCha20-Poly1305 (nonce=11, too short)
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
-aead_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344":"":"a0784d7a4716f3feb4f64e7f4b39bf04":"":PSA_ERROR_NOT_SUPPORTED
+aead_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"0700000040414243444546":"":"a0784d7a4716f3feb4f64e7f4b39bf04":"":PSA_ERROR_NOT_SUPPORTED
 
 PSA AEAD decrypt: ChaCha20-Poly1305 (nonce=13, too long)
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20

From 86de1b76d8a10ed93ec8930af5a1db525cd1b94f Mon Sep 17 00:00:00 2001
From: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
Date: Wed, 29 Sep 2021 19:43:40 +0200
Subject: [PATCH 651/966] Address review comments

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
---
 include/mbedtls/psa_util.h              |  2 ++
 tests/suites/test_suite_cipher.aes.data | 48 ++++++++++++-------------
 tests/suites/test_suite_cipher.function |  8 -----
 3 files changed, 26 insertions(+), 32 deletions(-)

diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h
index 31a1254b9f..fad2bb3489 100644
--- a/include/mbedtls/psa_util.h
+++ b/include/mbedtls/psa_util.h
@@ -58,6 +58,8 @@ static inline psa_key_type_t mbedtls_psa_translate_cipher_type(
         case MBEDTLS_CIPHER_AES_192_CBC:
         case MBEDTLS_CIPHER_AES_256_CBC:
         case MBEDTLS_CIPHER_AES_128_ECB:
+        case MBEDTLS_CIPHER_AES_192_ECB:
+        case MBEDTLS_CIPHER_AES_256_ECB:
             return( PSA_KEY_TYPE_AES );
 
         /* ARIA not yet supported in PSA. */
diff --git a/tests/suites/test_suite_cipher.aes.data b/tests/suites/test_suite_cipher.aes.data
index 4ad593a3a2..c8fbca290b 100644
--- a/tests/suites/test_suite_cipher.aes.data
+++ b/tests/suites/test_suite_cipher.aes.data
@@ -1800,99 +1800,99 @@ test_vec_crypt:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_DECRYPT:"000000000000000000000
 
 AES-128-ECB crypt Encrypt NIST KAT #1 PSA
 depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
-test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_ENCRYPT:"00000000000000000000000000000000":"00000000000000000000000000000000":"80000000000000000000000000000000":"3ad78e726c1ec02b7ebfe92b23d9ec34":0:1
+test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_ENCRYPT:"00000000000000000000000000000000":"":"80000000000000000000000000000000":"3ad78e726c1ec02b7ebfe92b23d9ec34":0:1
 
 AES-128-ECB crypt Encrypt NIST KAT #2 PSA
 depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
-test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_ENCRYPT:"ffffffffffffffffffffffffffffe000":"00000000000000000000000000000000":"00000000000000000000000000000000":"323994cfb9da285a5d9642e1759b224a":0:1
+test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_ENCRYPT:"ffffffffffffffffffffffffffffe000":"":"00000000000000000000000000000000":"323994cfb9da285a5d9642e1759b224a":0:1
 
 AES-128-ECB crypt Encrypt NIST KAT #3 PSA
 depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
-test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_ENCRYPT:"10a58869d74be5a374cf867cfb473859":"00000000000000000000000000000000":"00000000000000000000000000000000":"6d251e6944b051e04eaa6fb4dbf78465":0:1
+test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_ENCRYPT:"10a58869d74be5a374cf867cfb473859":"":"00000000000000000000000000000000":"6d251e6944b051e04eaa6fb4dbf78465":0:1
 
 AES-128-ECB crypt Encrypt NIST KAT #4 PSA
 depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
-test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_ENCRYPT:"00000000000000000000000000000000":"00000000000000000000000000000000":"f34481ec3cc627bacd5dc3fb08f273e6":"0336763e966d92595a567cc9ce537f5e":0:1
+test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_ENCRYPT:"00000000000000000000000000000000":"":"f34481ec3cc627bacd5dc3fb08f273e6":"0336763e966d92595a567cc9ce537f5e":0:1
 
 AES-128-ECB crypt Decrypt NIST KAT #1 PSA
 depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
-test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"00000000000000000000000000000000":"3ad78e726c1ec02b7ebfe92b23d9ec34":"80000000000000000000000000000000":0:1
+test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"":"3ad78e726c1ec02b7ebfe92b23d9ec34":"80000000000000000000000000000000":0:1
 
 AES-128-ECB crypt Decrypt NIST KAT #2 PSA
 depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
-test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"ffffc000000000000000000000000000":"00000000000000000000000000000000":"df556a33438db87bc41b1752c55e5e49":"00000000000000000000000000000000":0:1
+test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"ffffc000000000000000000000000000":"":"df556a33438db87bc41b1752c55e5e49":"00000000000000000000000000000000":0:1
 
 AES-128-ECB crypt Decrypt NIST KAT #3 PSA
 depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
-test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"10a58869d74be5a374cf867cfb473859":"00000000000000000000000000000000":"6d251e6944b051e04eaa6fb4dbf78465":"00000000000000000000000000000000":0:1
+test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"10a58869d74be5a374cf867cfb473859":"":"6d251e6944b051e04eaa6fb4dbf78465":"00000000000000000000000000000000":0:1
 
 AES-128-ECB crypt Decrypt NIST KAT #4 PSA
 depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
-test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"00000000000000000000000000000000":"0336763e966d92595a567cc9ce537f5e":"f34481ec3cc627bacd5dc3fb08f273e6":0:1
+test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"":"0336763e966d92595a567cc9ce537f5e":"f34481ec3cc627bacd5dc3fb08f273e6":0:1
 
 AES-192-ECB crypt Encrypt NIST KAT #1 PSA
 depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
-test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_ENCRYPT:"000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"80000000000000000000000000000000":"6cd02513e8d4dc986b4afe087a60bd0c":0:1
+test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_ENCRYPT:"000000000000000000000000000000000000000000000000":"":"80000000000000000000000000000000":"6cd02513e8d4dc986b4afe087a60bd0c":0:1
 
 AES-192-ECB crypt Encrypt NIST KAT #2 PSA
 depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
-test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_ENCRYPT:"ff0000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"00000000000000000000000000000000":"833f71258d53036b02952c76c744f5a1":0:1
+test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_ENCRYPT:"ff0000000000000000000000000000000000000000000000":"":"00000000000000000000000000000000":"833f71258d53036b02952c76c744f5a1":0:1
 
 AES-192-ECB crypt Encrypt NIST KAT #3 PSA
 depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
-test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_ENCRYPT:"e9f065d7c13573587f7875357dfbb16c53489f6a4bd0f7cd":"00000000000000000000000000000000":"00000000000000000000000000000000":"0956259c9cd5cfd0181cca53380cde06":0:1
+test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_ENCRYPT:"e9f065d7c13573587f7875357dfbb16c53489f6a4bd0f7cd":"":"00000000000000000000000000000000":"0956259c9cd5cfd0181cca53380cde06":0:1
 
 AES-192-ECB crypt Encrypt NIST KAT #4 PSA
 depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
-test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_ENCRYPT:"000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"1b077a6af4b7f98229de786d7516b639":"275cfc0413d8ccb70513c3859b1d0f72":0:1
+test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_ENCRYPT:"000000000000000000000000000000000000000000000000":"":"1b077a6af4b7f98229de786d7516b639":"275cfc0413d8ccb70513c3859b1d0f72":0:1
 
 AES-192-ECB crypt Decrypt NIST KAT #1 PSA
 depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
-test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"6cd02513e8d4dc986b4afe087a60bd0c":"80000000000000000000000000000000":0:1
+test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"":"6cd02513e8d4dc986b4afe087a60bd0c":"80000000000000000000000000000000":0:1
 
 AES-192-ECB crypt Decrypt NIST KAT #2 PSA
 depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
-test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"ffe000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"7ababc4b3f516c9aafb35f4140b548f9":"00000000000000000000000000000000":0:1
+test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"ffe000000000000000000000000000000000000000000000":"":"7ababc4b3f516c9aafb35f4140b548f9":"00000000000000000000000000000000":0:1
 
 AES-192-ECB crypt Decrypt NIST KAT #3 PSA
 depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
-test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"e9f065d7c13573587f7875357dfbb16c53489f6a4bd0f7cd":"00000000000000000000000000000000":"0956259c9cd5cfd0181cca53380cde06":"00000000000000000000000000000000":0:1
+test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"e9f065d7c13573587f7875357dfbb16c53489f6a4bd0f7cd":"":"0956259c9cd5cfd0181cca53380cde06":"00000000000000000000000000000000":0:1
 
 AES-192-ECB crypt Decrypt NIST KAT #4 PSA
 depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
-test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"275cfc0413d8ccb70513c3859b1d0f72":"1b077a6af4b7f98229de786d7516b639":0:1
+test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"":"275cfc0413d8ccb70513c3859b1d0f72":"1b077a6af4b7f98229de786d7516b639":0:1
 
 AES-256-ECB crypt Encrypt NIST KAT #1 PSA
 depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
-test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_ENCRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"80000000000000000000000000000000":"ddc6bf790c15760d8d9aeb6f9a75fd4e":0:1
+test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_ENCRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"":"80000000000000000000000000000000":"ddc6bf790c15760d8d9aeb6f9a75fd4e":0:1
 
 AES-256-ECB crypt Encrypt NIST KAT #2 PSA
 depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
-test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_ENCRYPT:"ff00000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"00000000000000000000000000000000":"ec52a212f80a09df6317021bc2a9819e":0:1
+test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_ENCRYPT:"ff00000000000000000000000000000000000000000000000000000000000000":"":"00000000000000000000000000000000":"ec52a212f80a09df6317021bc2a9819e":0:1
 
 AES-256-ECB crypt Encrypt NIST KAT #3 PSA
 depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
-test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_ENCRYPT:"c47b0294dbbbee0fec4757f22ffeee3587ca4730c3d33b691df38bab076bc558":"00000000000000000000000000000000":"00000000000000000000000000000000":"46f2fb342d6f0ab477476fc501242c5f":0:1
+test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_ENCRYPT:"c47b0294dbbbee0fec4757f22ffeee3587ca4730c3d33b691df38bab076bc558":"":"00000000000000000000000000000000":"46f2fb342d6f0ab477476fc501242c5f":0:1
 
 AES-256-ECB crypt Encrypt NIST KAT #4 PSA
 depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
-test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_ENCRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"014730f80ac625fe84f026c60bfd547d":"5c9d844ed46f9885085e5d6a4f94c7d7":0:1
+test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_ENCRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"":"014730f80ac625fe84f026c60bfd547d":"5c9d844ed46f9885085e5d6a4f94c7d7":0:1
 
 AES-256-ECB crypt Decrypt NIST KAT #1 PSA
 depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
-test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"ddc6bf790c15760d8d9aeb6f9a75fd4e":"80000000000000000000000000000000":0:1
+test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"":"ddc6bf790c15760d8d9aeb6f9a75fd4e":"80000000000000000000000000000000":0:1
 
 AES-256-ECB crypt Decrypt NIST KAT #2 PSA
 depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
-test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"ffe0000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"d1ccb9b1337002cbac42c520b5d67722":"00000000000000000000000000000000":0:1
+test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"ffe0000000000000000000000000000000000000000000000000000000000000":"":"d1ccb9b1337002cbac42c520b5d67722":"00000000000000000000000000000000":0:1
 
 AES-256-ECB crypt Decrypt NIST KAT #3 PSA
 depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
-test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"c47b0294dbbbee0fec4757f22ffeee3587ca4730c3d33b691df38bab076bc558":"00000000000000000000000000000000":"46f2fb342d6f0ab477476fc501242c5f":"00000000000000000000000000000000":0:1
+test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"c47b0294dbbbee0fec4757f22ffeee3587ca4730c3d33b691df38bab076bc558":"":"46f2fb342d6f0ab477476fc501242c5f":"00000000000000000000000000000000":0:1
 
 AES-256-ECB crypt Decrypt NIST KAT #4 PSA
 depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
-test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"5c9d844ed46f9885085e5d6a4f94c7d7":"014730f80ac625fe84f026c60bfd547d":0:1
+test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"":"5c9d844ed46f9885085e5d6a4f94c7d7":"014730f80ac625fe84f026c60bfd547d":0:1
 
 Cipher Corner Case behaviours
 depends_on:MBEDTLS_AES_C
diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function
index 20d48e2a1b..674349f764 100644
--- a/tests/suites/test_suite_cipher.function
+++ b/tests/suites/test_suite_cipher.function
@@ -950,14 +950,6 @@ void test_vec_crypt( int cipher_id, int operation, data_t *key,
     if( use_psa == 1 )
     {
         PSA_ASSERT( psa_crypto_init( ) );
-
-        if (cipher_id == MBEDTLS_CIPHER_AES_192_ECB ||
-            cipher_id == MBEDTLS_CIPHER_AES_256_ECB)
-        {
-            TEST_ASSERT( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE == mbedtls_cipher_setup_psa( &ctx,
-                        mbedtls_cipher_info_from_type( cipher_id ), 0 ) );
-            goto exit;
-        }
         TEST_ASSERT( 0 == mbedtls_cipher_setup_psa( &ctx,
                               mbedtls_cipher_info_from_type( cipher_id ), 0 ) );
     }

From 5c4ca32f936753bfe586649b28abea74b81d285f Mon Sep 17 00:00:00 2001
From: Mateusz Starzyk <mateusz.starzyk@mobica.com>
Date: Thu, 5 Aug 2021 13:56:48 +0200
Subject: [PATCH 652/966] Silence warnings about unused return value

This macro is not used inside the library yet, but may be used in deprecated
functions in the future, if a function returning void has to change to
returning an error. It may also be useful in user code, so it is in a public
header.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 include/mbedtls/platform_util.h | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h
index e1f063c34e..0882dc68d2 100644
--- a/include/mbedtls/platform_util.h
+++ b/include/mbedtls/platform_util.h
@@ -129,6 +129,13 @@ MBEDTLS_DEPRECATED typedef int mbedtls_deprecated_numeric_constant_t;
  */
 #define MBEDTLS_CHECK_RETURN_OPTIONAL
 
+/** \def MBEDTLS_IGNORE_RETURN
+ *
+ * Silences warning about unused return value given by functions
+ * with \c MBEDTLS_CHECK_RETURN attribute.
+ */
+#define MBEDTLS_IGNORE_RETURN(result) if( result ) {}
+
 /**
  * \brief       Securely zeroize a buffer
  *

From a72fe641cc44c320b1ed0e61f936f5161731411f Mon Sep 17 00:00:00 2001
From: Andrzej Kurek <andrzej.kurek@arm.com>
Date: Wed, 29 Sep 2021 15:57:30 -0400
Subject: [PATCH 653/966] Do not zeroize the ssl context if a key exporting
 function is set Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>

---
 library/ssl_tls.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 821506ff77..11ccf274c2 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -695,8 +695,11 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
 
 #if !defined(MBEDTLS_DEBUG_C) && \
     !defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
-    ssl = NULL; /* make sure we don't use it except for these cases */
-    (void) ssl;
+    if( ssl->f_export_keys == NULL )
+    {
+        ssl = NULL; /* make sure we don't use it except for these cases */
+        (void) ssl;
+    }
 #endif
 
     /*
@@ -959,7 +962,7 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
     ((void) mac_dec);
     ((void) mac_enc);
 
-    if( ssl->f_export_keys != NULL )
+    if( ssl != NULL && ssl->f_export_keys != NULL )
     {
         ssl->f_export_keys( ssl->p_export_keys,
                             MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET,

From 6b226b0874e46b98feb7a46e83624f71cc757ee1 Mon Sep 17 00:00:00 2001
From: XiaokangQian <xiaokang.qian@arm.com>
Date: Fri, 24 Sep 2021 07:51:16 +0000
Subject: [PATCH 654/966] Add fetch_hand_message in generic

This function is one common function in generic file, get it from
the encrypted extension and submit one patch independently.

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
---
 library/ssl_misc.h          |  8 ++++++++
 library/ssl_tls13_generic.c | 32 ++++++++++++++++++++++++++++++++
 2 files changed, 40 insertions(+)

diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index a1128eda00..fa777cc936 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -1489,6 +1489,14 @@ static inline void mbedtls_ssl_handshake_set_state( mbedtls_ssl_context *ssl,
     ssl->state = ( int ) state;
 }
 
+/*
+ * Fetch TLS 1.3 handshake message header
+ */
+int mbedtls_ssl_tls1_3_fetch_handshake_msg( mbedtls_ssl_context *ssl,
+                                       unsigned hs_type,
+                                       unsigned char **buf,
+                                       size_t *buf_len );
+
 /*
  * Write TLS 1.3 handshake message header
  */
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 5c20f29283..4aaafa5ea2 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -28,6 +28,38 @@
 
 #include "ssl_misc.h"
 
+int mbedtls_ssl_tls1_3_fetch_handshake_msg( mbedtls_ssl_context *ssl,
+                                     unsigned hs_type,
+                                     unsigned char **buf,
+                                     size_t *buflen )
+{
+    int ret;
+
+    if( ( ret = mbedtls_ssl_read_record( ssl, 0 ) ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
+        goto cleanup;
+    }
+
+    if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE         ||
+        ssl->in_msg[0]  != hs_type )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate verify message" ) );
+        MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE,
+                              MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
+        ret = MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE;
+        goto cleanup;
+    }
+
+    *buf    = ssl->in_msg   + 4;
+    *buflen = ssl->in_hslen - 4;
+
+
+cleanup:
+
+    return( ret );
+}
+
 int mbedtls_ssl_tls13_start_handshake_msg( mbedtls_ssl_context *ssl,
                                            unsigned hs_type,
                                            unsigned char **buf,

From 16c61aa7385da89712d345b68959ef62d26f1c69 Mon Sep 17 00:00:00 2001
From: XiaokangQian <xiaokang.qian@arm.com>
Date: Mon, 27 Sep 2021 09:30:17 +0000
Subject: [PATCH 655/966] TLS1.3: Alignment coding styles based on comments

Fix kinds of alignment issues in fetch handshake messages.

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
---
 library/ssl_misc.h          |  6 +++---
 library/ssl_tls13_generic.c | 11 +++++------
 2 files changed, 8 insertions(+), 9 deletions(-)

diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index fa777cc936..3f3f505031 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -1493,9 +1493,9 @@ static inline void mbedtls_ssl_handshake_set_state( mbedtls_ssl_context *ssl,
  * Fetch TLS 1.3 handshake message header
  */
 int mbedtls_ssl_tls1_3_fetch_handshake_msg( mbedtls_ssl_context *ssl,
-                                       unsigned hs_type,
-                                       unsigned char **buf,
-                                       size_t *buf_len );
+                                            unsigned hs_type,
+                                            unsigned char **buf,
+                                            size_t *buf_len );
 
 /*
  * Write TLS 1.3 handshake message header
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 4aaafa5ea2..f7112332f2 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -29,9 +29,9 @@
 #include "ssl_misc.h"
 
 int mbedtls_ssl_tls1_3_fetch_handshake_msg( mbedtls_ssl_context *ssl,
-                                     unsigned hs_type,
-                                     unsigned char **buf,
-                                     size_t *buflen )
+                                            unsigned hs_type,
+                                            unsigned char **buf,
+                                            size_t *buflen )
 {
     int ret;
 
@@ -41,10 +41,10 @@ int mbedtls_ssl_tls1_3_fetch_handshake_msg( mbedtls_ssl_context *ssl,
         goto cleanup;
     }
 
-    if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE         ||
+    if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ||
         ssl->in_msg[0]  != hs_type )
     {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate verify message" ) );
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "Receive unexpected handshake message." ) );
         MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE,
                               MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
         ret = MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE;
@@ -54,7 +54,6 @@ int mbedtls_ssl_tls1_3_fetch_handshake_msg( mbedtls_ssl_context *ssl,
     *buf    = ssl->in_msg   + 4;
     *buflen = ssl->in_hslen - 4;
 
-
 cleanup:
 
     return( ret );

From 05420b120b5a529a246f301492434c139b6ae403 Mon Sep 17 00:00:00 2001
From: XiaokangQian <xiaokang.qian@arm.com>
Date: Wed, 29 Sep 2021 08:46:37 +0000
Subject: [PATCH 656/966] TLS1.3: Add useful comments based on RFC8446

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
---
 library/ssl_tls13_generic.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index f7112332f2..99ab2695d3 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -46,11 +46,18 @@ int mbedtls_ssl_tls1_3_fetch_handshake_msg( mbedtls_ssl_context *ssl,
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "Receive unexpected handshake message." ) );
         MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE,
-                              MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
+                                      MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
         ret = MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE;
         goto cleanup;
     }
 
+    /*
+     * Jump handshake header (4 bytes, see Section 4 of RFC 8446).
+     *    ...
+     *    HandshakeType msg_type;
+     *    uint24 length;
+     *    ...
+     */
     *buf    = ssl->in_msg   + 4;
     *buflen = ssl->in_hslen - 4;
 

From 73142dfb989651da6b701cc874f104324fc91da9 Mon Sep 17 00:00:00 2001
From: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
Date: Thu, 30 Sep 2021 12:11:16 +0200
Subject: [PATCH 657/966] Add change-log: fix-mbedtls_cipher_crypt-aes-ecb.txt

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
---
 ChangeLog.d/fix-mbedtls_cipher_crypt-aes-ecb.txt | 2 ++
 1 file changed, 2 insertions(+)
 create mode 100644 ChangeLog.d/fix-mbedtls_cipher_crypt-aes-ecb.txt

diff --git a/ChangeLog.d/fix-mbedtls_cipher_crypt-aes-ecb.txt b/ChangeLog.d/fix-mbedtls_cipher_crypt-aes-ecb.txt
new file mode 100644
index 0000000000..6dc47244fe
--- /dev/null
+++ b/ChangeLog.d/fix-mbedtls_cipher_crypt-aes-ecb.txt
@@ -0,0 +1,2 @@
+Bugfix
+   * Fix mbedtls_cipher_crypt: AES-ECB when MBEDTLS_USE_PSA_CRYPTO is enabled.

From b6b15b26e9ff59fb55625d17e18ce303e47bdb62 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Thu, 30 Sep 2021 14:10:06 +0200
Subject: [PATCH 658/966] Add contact information directly on the home page

This information was already present in SECURITY.md and SUPPORT.md, but that
wasn't very apparent.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 README.md | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/README.md b/README.md
index b80ee115aa..dbe6a2325e 100644
--- a/README.md
+++ b/README.md
@@ -298,3 +298,10 @@ Contributing
 ------------
 
 We gratefully accept bug reports and contributions from the community. Please see the [contributing guidelines](CONTRIBUTING.md) for details on how to do this.
+
+Contact
+-------
+
+* To report a security vulnerability in Mbed TLS, please email <mbed-tls-security@lists.trustedfirmware.org>. For more information, see [`SECURITY.md`](SECURITY.md).
+* To report a bug or request a feature in Mbed TLS, please [file an issue on GitHub](https://github.com/ARMmbed/mbedtls/issues/new/choose).
+* Please see [`SUPPORT.md`](SUPPORT.md) for other channels for discussion and support about Mbed TLS.

From 050d2fc2014b2b65948aaa68e1930ba4eba943e5 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Thu, 30 Sep 2021 18:24:21 +0200
Subject: [PATCH 659/966] Limit make parallelism to the number of CPUs

Don't default to unbridled -j, which causes a load spike and isn't really
faster.

"Number of CPUs" is implemented here as a reasonable compromise between
portability, correctness and simplicity. This is just a default that can be
overridden by setting MAKEFLAGS in the environment.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 tests/scripts/all.sh | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index f30795c226..aeca888384 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -175,7 +175,7 @@ pre_initialize_variables () {
 
     # if MAKEFLAGS is not set add the -j option to speed up invocations of make
     if [ -z "${MAKEFLAGS+set}" ]; then
-        export MAKEFLAGS="-j"
+        export MAKEFLAGS="-j$(all_sh_nproc)"
     fi
 
     # Include more verbose output for failing tests run by CMake
@@ -343,6 +343,18 @@ trap 'fatal_signal HUP' HUP
 trap 'fatal_signal INT' INT
 trap 'fatal_signal TERM' TERM
 
+# Number of processors on this machine. Used as the default setting
+# for parallel make.
+all_sh_nproc ()
+{
+    {
+        nproc || # Linux
+        sysctl -n hw.ncpuonline || # NetBSD, OpenBSD
+        sysctl -n hw.ncpu || # FreeBSD
+        echo 1
+    } 2>/dev/null
+}
+
 msg()
 {
     if [ -n "${current_component:-}" ]; then

From cd79dfc4bbfb8b89d4ba9d12024a7e1d90c01cef Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Thu, 30 Sep 2021 18:53:36 +0200
Subject: [PATCH 660/966] Fix mistake in the sample implementation of
 MBEDTLS_CHECK_RETURN

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 include/mbedtls/mbedtls_config.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index c31a2cee52..f7d06d03a0 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@@ -3103,7 +3103,7 @@
  * If the implementation here is empty, this will effectively disable the
  * checking of functions' return values.
  */
-//#define MBEDTLS_CHECK_RETURN __attribute__(__warn_unused_result__)
+//#define MBEDTLS_CHECK_RETURN __attribute__((__warn_unused_result__))
 
 /* PSA options */
 /**

From 252b758dd6a990a6c69e3a8d3a99005977a50407 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Thu, 30 Sep 2021 18:54:51 +0200
Subject: [PATCH 661/966] Cleaner implementation of MBEDTLS_IGNORE_RETURN

The previous implementation was misparsed in constructs like
`if (condition) MBEDTLS_IGNORE_RETURN(...); else ...;`.

Implement it as an expression, tested with GCC, Clang and MSVC.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 include/mbedtls/platform_util.h | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h
index 0882dc68d2..d632eed4f8 100644
--- a/include/mbedtls/platform_util.h
+++ b/include/mbedtls/platform_util.h
@@ -133,8 +133,15 @@ MBEDTLS_DEPRECATED typedef int mbedtls_deprecated_numeric_constant_t;
  *
  * Silences warning about unused return value given by functions
  * with \c MBEDTLS_CHECK_RETURN attribute.
+/* GCC doesn't silence the warning with just (void)(result).
+ * !(void)(result) is known to work up at least up to GCC 10, as well
+ * as with Clang and MSVC.
+ *
+ * https://gcc.gnu.org/onlinedocs/gcc-3.4.6/gcc/Non_002dbugs.html
+ * https://stackoverflow.com/questions/40576003/ignoring-warning-wunused-result
+ * https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66425#c34
  */
-#define MBEDTLS_IGNORE_RETURN(result) if( result ) {}
+#define MBEDTLS_IGNORE_RETURN(result) ( (void) !( result ) )
 
 /**
  * \brief       Securely zeroize a buffer

From fcc93d797b9fdb99900bf274356d38795ffe915e Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Thu, 30 Sep 2021 18:56:17 +0200
Subject: [PATCH 662/966] Make MBEDTLS_IGNORE_RETURN configurable

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 include/mbedtls/mbedtls_config.h |  8 ++++++++
 include/mbedtls/platform_util.h  | 10 ++++++++--
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index f7d06d03a0..4757aa66cf 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@@ -3105,6 +3105,14 @@
  */
 //#define MBEDTLS_CHECK_RETURN __attribute__((__warn_unused_result__))
 
+/** \def MBEDTLS_IGNORE_RETURN
+ *
+ * This macro requires one argument, which should be a C function call.
+ * If that function call would cause a #MBEDTLS_CHECK_RETURN warning, this
+ * warning is suppressed.
+ */
+//#define MBEDTLS_IGNORE_RETURN( result ) ((void) !(result))
+
 /* PSA options */
 /**
  * Use HMAC_DRBG with the specified hash algorithm for HMAC_DRBG for the
diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h
index d632eed4f8..6f6b6967aa 100644
--- a/include/mbedtls/platform_util.h
+++ b/include/mbedtls/platform_util.h
@@ -104,6 +104,9 @@ MBEDTLS_DEPRECATED typedef int mbedtls_deprecated_numeric_constant_t;
  * #MBEDTLS_CHECK_RETURN is implemented for the compiler in use and
  * #MBEDTLS_CHECK_RETURN_WARNING is enabled in the compile-time configuration.
  *
+ * You can use #MBEDTLS_IGNORE_RETURN to explicitly ignore the return value
+ * of a function that is annotated with #MBEDTLS_CHECK_RETURN.
+ *
  * \note  The use of this macro is a work in progress.
  *        This macro will be added to more functions in the future.
  *        Eventually this should appear before most functions returning
@@ -131,8 +134,10 @@ MBEDTLS_DEPRECATED typedef int mbedtls_deprecated_numeric_constant_t;
 
 /** \def MBEDTLS_IGNORE_RETURN
  *
- * Silences warning about unused return value given by functions
- * with \c MBEDTLS_CHECK_RETURN attribute.
+ * Call this macro with one argument, a function call, to suppress a warning
+ * from #MBEDTLS_CHECK_RETURN due to that function call.
+ */
+#if !defined(MBEDTLS_IGNORE_RETURN)
 /* GCC doesn't silence the warning with just (void)(result).
  * !(void)(result) is known to work up at least up to GCC 10, as well
  * as with Clang and MSVC.
@@ -142,6 +147,7 @@ MBEDTLS_DEPRECATED typedef int mbedtls_deprecated_numeric_constant_t;
  * https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66425#c34
  */
 #define MBEDTLS_IGNORE_RETURN(result) ( (void) !( result ) )
+#endif
 
 /**
  * \brief       Securely zeroize a buffer

From 2aefc9ef2e08157a848e8ce2200b0a7b8d0640d0 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Thu, 30 Sep 2021 20:34:29 +0200
Subject: [PATCH 663/966] Fix typo in comment

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 include/mbedtls/platform_util.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h
index 6f6b6967aa..36e3718e6c 100644
--- a/include/mbedtls/platform_util.h
+++ b/include/mbedtls/platform_util.h
@@ -139,7 +139,7 @@ MBEDTLS_DEPRECATED typedef int mbedtls_deprecated_numeric_constant_t;
  */
 #if !defined(MBEDTLS_IGNORE_RETURN)
 /* GCC doesn't silence the warning with just (void)(result).
- * !(void)(result) is known to work up at least up to GCC 10, as well
+ * (void)!(result) is known to work up at least up to GCC 10, as well
  * as with Clang and MSVC.
  *
  * https://gcc.gnu.org/onlinedocs/gcc-3.4.6/gcc/Non_002dbugs.html

From eb009232c0233ebca6d6b706593a16684f1180d9 Mon Sep 17 00:00:00 2001
From: LuoPeng <wuhanluop@163.com>
Date: Wed, 22 Sep 2021 23:51:19 +0800
Subject: [PATCH 664/966] Update library/gcm.c

Co-authored-by: davidhorstmann-arm <70948878+davidhorstmann-arm@users.noreply.github.com>
Signed-off-by: openluopworld <luopengxq@gmail.com>
---
 library/gcm.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/gcm.c b/library/gcm.c
index e1c1c7d518..0e402dd8ca 100644
--- a/library/gcm.c
+++ b/library/gcm.c
@@ -278,7 +278,7 @@ int mbedtls_gcm_starts( mbedtls_gcm_context *ctx,
     else
     {
         memset( work_buf, 0x00, 16 );
-        MBEDTLS_PUT_UINT64_BE( iv_len * 8,  work_buf, 8 );
+        MBEDTLS_PUT_UINT64_BE( iv_len * 8, work_buf, 8 );
 
         p = iv;
         while( iv_len > 0 )

From eab65acca45c6287799877aaed0c30341687f330 Mon Sep 17 00:00:00 2001
From: openluopworld <luopengxq@gmail.com>
Date: Wed, 22 Sep 2021 23:59:42 +0800
Subject: [PATCH 665/966] bugfix: if the len of iv is not 96-bit, y0 can be
 calculated incorrectly. An initialization vector IV can have any number of
 bits between 1 and 2^64. So it should be filled to the lower 64-bit in the
 last step when computing ghash.

Signed-off-by: openluopworld <luopengxq@gmail.com>
---
 library/gcm.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/library/gcm.c b/library/gcm.c
index 0e402dd8ca..4c0a44e413 100644
--- a/library/gcm.c
+++ b/library/gcm.c
@@ -254,6 +254,7 @@ int mbedtls_gcm_starts( mbedtls_gcm_context *ctx,
     size_t i;
     const unsigned char *p;
     size_t use_len, olen = 0;
+    uint64_t iv_bits;
 
     GCM_VALIDATE_RET( ctx != NULL );
     GCM_VALIDATE_RET( iv != NULL );
@@ -278,7 +279,8 @@ int mbedtls_gcm_starts( mbedtls_gcm_context *ctx,
     else
     {
         memset( work_buf, 0x00, 16 );
-        MBEDTLS_PUT_UINT64_BE( iv_len * 8, work_buf, 8 );
+        iv_bits = (uint64_t)iv_len * 8;
+        MBEDTLS_PUT_UINT64_BE( iv_bits, work_buf, 8 );
 
         p = iv;
         while( iv_len > 0 )

From 0483e3d65272a20ca13baf4e1f6e93b154d87892 Mon Sep 17 00:00:00 2001
From: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
Date: Mon, 4 Oct 2021 11:13:22 +0200
Subject: [PATCH 666/966] Add key_opaque option to ssl_server2.c + test

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
---
 programs/ssl/ssl_server2.c | 32 +++++++++++++++++++++++++++++++-
 tests/ssl-opt.sh           | 15 +++++++++++++++
 2 files changed, 46 insertions(+), 1 deletion(-)

diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index e8e4ed8aea..abc9b5f5d4 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -80,6 +80,7 @@ int main( void )
 #define DFL_CA_PATH             ""
 #define DFL_CRT_FILE            ""
 #define DFL_KEY_FILE            ""
+#define DFL_KEY_OPAQUE          0
 #define DFL_KEY_PWD             ""
 #define DFL_CRT_FILE2           ""
 #define DFL_KEY_FILE2           ""
@@ -200,6 +201,13 @@ int main( void )
 #else
 #define USAGE_IO ""
 #endif /* MBEDTLS_X509_CRT_PARSE_C */
+#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_X509_CRT_PARSE_C)
+#define USAGE_KEY_OPAQUE \
+    "    key_opaque=%%d       Handle your private key as if it were opaque\n" \
+    "                        default: 0 (disabled)\n"
+#else
+#define USAGE_KEY_OPAQUE ""
+#endif
 
 #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
 #define USAGE_SSL_ASYNC \
@@ -483,6 +491,7 @@ int main( void )
     "    cert_req_ca_list=%%d default: 1 (send ca list)\n"  \
     "                        options: 1 (send ca list), 0 (don't send)\n" \
     USAGE_IO                                                \
+    USAGE_KEY_OPAQUE                                        \
     "\n"                                                    \
     USAGE_PSK                                               \
     USAGE_CA_CALLBACK                                       \
@@ -567,6 +576,7 @@ struct options
     const char *ca_path;        /* the path with the CA certificate(s) reside */
     const char *crt_file;       /* the file with the server certificate     */
     const char *key_file;       /* the file with the server key             */
+    int key_opaque;             /* handle private key as if it were opaque  */
     const char *key_pwd;        /* the password for the server key          */
     const char *crt_file2;      /* the file with the 2nd server certificate */
     const char *key_file2;      /* the file with the 2nd server key         */
@@ -1315,6 +1325,9 @@ int main( int argc, char *argv[] )
     mbedtls_pk_context pkey;
     mbedtls_x509_crt srvcert2;
     mbedtls_pk_context pkey2;
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    psa_key_id_t key_slot = 0; /* invalid key slot */
+#endif
     int key_cert_init = 0, key_cert_init2 = 0;
 #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
     ssl_async_key_context_t ssl_async_keys;
@@ -1491,6 +1504,7 @@ int main( int argc, char *argv[] )
     opt.ca_path             = DFL_CA_PATH;
     opt.crt_file            = DFL_CRT_FILE;
     opt.key_file            = DFL_KEY_FILE;
+    opt.key_opaque          = DFL_KEY_OPAQUE;
     opt.key_pwd             = DFL_KEY_PWD;
     opt.crt_file2           = DFL_CRT_FILE2;
     opt.key_file2           = DFL_KEY_FILE2;
@@ -1622,6 +1636,10 @@ int main( int argc, char *argv[] )
             opt.key_file = q;
         else if( strcmp( p, "key_pwd" ) == 0 )
             opt.key_pwd = q;
+#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_X509_CRT_PARSE_C)
+        else if( strcmp( p, "key_opaque" ) == 0 )
+            opt.key_opaque = atoi( q );
+#endif
         else if( strcmp( p, "crt_file2" ) == 0 )
             opt.crt_file2 = q;
         else if( strcmp( p, "key_file2" ) == 0 )
@@ -2473,11 +2491,23 @@ int main( int argc, char *argv[] )
                             (unsigned int) -ret );
             goto exit;
         }
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    if( opt.key_opaque != 0 )
+    {
+        if( ( ret = mbedtls_pk_wrap_as_opaque( &pkey2, &key_slot,
+                                               PSA_ALG_SHA_256 ) ) != 0 )
+        {
+            mbedtls_printf( " failed\n  !  "
+                            "mbedtls_pk_wrap_as_opaque returned -0x%x\n\n", (unsigned int)  -ret );
+            goto exit;
+        }
+    }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
         key_cert_init2 = 2;
 #endif /* MBEDTLS_ECDSA_C */
     }
 
-    mbedtls_printf( " ok\n" );
+    mbedtls_printf( " ok (key type: %s)\n", mbedtls_pk_get_name( &pkey2 ) );
 #endif /* MBEDTLS_X509_CRT_PARSE_C */
 
 #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO)
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 66c648573b..d6fef13013 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -1444,6 +1444,21 @@ run_test    "Opaque key for client authentication" \
             -S "error" \
             -C "error"
 
+# Test using an opaque private key for server authentication
+requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
+requires_config_enabled MBEDTLS_ECDSA_C
+requires_config_enabled MBEDTLS_SHA256_C
+run_test    "Opaque key for server authentication" \
+            "$P_SRV auth_mode=required key_opaque=1" \
+            "$P_CLI crt_file=data_files/server5.crt \
+             key_file=data_files/server5.key" \
+            0 \
+            -c "Verifying peer X.509 certificate... ok" \
+            -s "key type: Opaque" \
+            -S "error" \
+            -C "error"
+
 # Test ciphersuites which we expect to be fully supported by PSA Crypto
 # and check that we don't fall back to Mbed TLS' internal crypto primitives.
 run_test_psa TLS-ECDHE-ECDSA-WITH-AES-128-CCM

From f28261fc14da5f52b460c903e027aff187f9cf5f Mon Sep 17 00:00:00 2001
From: Mateusz Starzyk <mateusz.starzyk@mobica.com>
Date: Thu, 30 Sep 2021 16:39:07 +0200
Subject: [PATCH 667/966] Remove output buffer limitation for PSA with GCM.

The requirement of minimum 15 bytes for output buffer in
psa_aead_finish() and psa_aead_verify() does not apply
to the built-in implementation of the GCM.

Alternative implementations are expected to verify the
length of the provided output buffers and to return
the MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL in case the
buffer length is too small.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
---
 ChangeLog.d/psa_gcm_buffer_limitation.txt | 11 +++++++++++
 include/mbedtls/gcm.h                     |  2 ++
 library/psa_crypto.c                      |  2 ++
 library/psa_crypto_aead.c                 |  3 ---
 tests/suites/test_suite_psa_crypto.data   |  2 +-
 5 files changed, 16 insertions(+), 4 deletions(-)
 create mode 100644 ChangeLog.d/psa_gcm_buffer_limitation.txt

diff --git a/ChangeLog.d/psa_gcm_buffer_limitation.txt b/ChangeLog.d/psa_gcm_buffer_limitation.txt
new file mode 100644
index 0000000000..7259e50684
--- /dev/null
+++ b/ChangeLog.d/psa_gcm_buffer_limitation.txt
@@ -0,0 +1,11 @@
+Bugfix
+   * Remove PSA'a AEAD finish/verify output buffer limitation for GCM.
+     The requirement of minimum 15 bytes for output buffer in
+     psa_aead_finish() and psa_aead_verify() does not apply to the built-in
+     implementation of GCM.
+
+API changes
+   * New error code for GCM: MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL.
+     Alternative GCM implementations are expected to verify
+     the length of the provided output buffers and to return the
+     MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL in case the buffer length is too small.
diff --git a/include/mbedtls/gcm.h b/include/mbedtls/gcm.h
index 9d9155fc5b..a4de9191d8 100644
--- a/include/mbedtls/gcm.h
+++ b/include/mbedtls/gcm.h
@@ -45,6 +45,8 @@
 #define MBEDTLS_ERR_GCM_AUTH_FAILED                       -0x0012
 /** Bad input parameters to function. */
 #define MBEDTLS_ERR_GCM_BAD_INPUT                         -0x0014
+/** An output buffer is too small. */
+#define MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL                  -0x0018
 
 #ifdef __cplusplus
 extern "C" {
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index ece64b100d..5978b6ac5b 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -201,6 +201,8 @@ psa_status_t mbedtls_to_psa_error( int ret )
 
         case MBEDTLS_ERR_GCM_AUTH_FAILED:
             return( PSA_ERROR_INVALID_SIGNATURE );
+        case MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL:
+            return( PSA_ERROR_BUFFER_TOO_SMALL );
         case MBEDTLS_ERR_GCM_BAD_INPUT:
             return( PSA_ERROR_INVALID_ARGUMENT );
 
diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c
index a72865c04c..673cdf3448 100644
--- a/library/psa_crypto_aead.c
+++ b/library/psa_crypto_aead.c
@@ -567,9 +567,6 @@ psa_status_t mbedtls_psa_aead_finish(
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
     if( operation->alg == PSA_ALG_GCM )
     {
-        if( ciphertext_size < 15 )
-            return( PSA_ERROR_BUFFER_TOO_SMALL );
-
         status =  mbedtls_to_psa_error(
             mbedtls_gcm_finish( &operation->ctx.gcm,
                                 ciphertext, ciphertext_size, ciphertext_length,
diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index 063629e599..3a3e67821a 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -3348,7 +3348,7 @@ aead_multipart_update_buffer_test:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8
 
 PSA AEAD finish buffer test: AES - GCM, BUF = 8, TAG = 16
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_finish_buffer_test:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_GCM:8:16:"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":PSA_ERROR_BUFFER_TOO_SMALL
+aead_multipart_finish_buffer_test:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_GCM:8:16:"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":PSA_SUCCESS
 
 PSA AEAD finish buffer test: AES - GCM, BUF = 15, TAG = 20
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES

From c48f43b44de534af4a89aae26cefebdba0a14aca Mon Sep 17 00:00:00 2001
From: Mateusz Starzyk <mateusz.starzyk@mobica.com>
Date: Mon, 4 Oct 2021 13:46:38 +0200
Subject: [PATCH 668/966] Fix PSA AEAD GCM's update output buffer length
 verification.

Move GCM's update output buffer length verification
from PSA AEAD to the built-in implementation of the GCM.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
---
 ChangeLog.d/psa_gcm_buffer_limitation.txt  |  5 +++++
 library/gcm.c                              |  2 +-
 library/psa_crypto_aead.c                  |  3 ---
 tests/suites/test_suite_gcm.aes128_de.data |  4 ++++
 tests/suites/test_suite_gcm.aes128_en.data |  3 +++
 tests/suites/test_suite_gcm.function       | 24 ++++++++++++++++++++++
 6 files changed, 37 insertions(+), 4 deletions(-)

diff --git a/ChangeLog.d/psa_gcm_buffer_limitation.txt b/ChangeLog.d/psa_gcm_buffer_limitation.txt
index 7259e50684..0c07e24154 100644
--- a/ChangeLog.d/psa_gcm_buffer_limitation.txt
+++ b/ChangeLog.d/psa_gcm_buffer_limitation.txt
@@ -3,6 +3,11 @@ Bugfix
      The requirement of minimum 15 bytes for output buffer in
      psa_aead_finish() and psa_aead_verify() does not apply to the built-in
      implementation of GCM.
+   * Move GCM's update output buffer length verification from PSA AEAD to
+     the built-in implementation of the GCM.
+     The requirement for output buffer size to be equal or greater then
+     input buffer size is valid only for the built-in implementation of GCM.
+     Alternative GCM implementations can process whole blocks only.
 
 API changes
    * New error code for GCM: MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL.
diff --git a/library/gcm.c b/library/gcm.c
index 910646b281..6d625642eb 100644
--- a/library/gcm.c
+++ b/library/gcm.c
@@ -431,7 +431,7 @@ int mbedtls_gcm_update( mbedtls_gcm_context *ctx,
     unsigned char ectr[16];
 
     if( output_size < input_length )
-        return( MBEDTLS_ERR_GCM_BAD_INPUT );
+        return( MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL );
     GCM_VALIDATE_RET( output_length != NULL );
     *output_length = input_length;
 
diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c
index 673cdf3448..c7f7352fbd 100644
--- a/library/psa_crypto_aead.c
+++ b/library/psa_crypto_aead.c
@@ -510,9 +510,6 @@ psa_status_t mbedtls_psa_aead_update(
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
     if( operation->alg == PSA_ALG_GCM )
     {
-        if( output_size < input_length )
-            return( PSA_ERROR_BUFFER_TOO_SMALL );
-
         status =  mbedtls_to_psa_error(
             mbedtls_gcm_update( &operation->ctx.gcm,
                                 input, input_length,
diff --git a/tests/suites/test_suite_gcm.aes128_de.data b/tests/suites/test_suite_gcm.aes128_de.data
index 3df31e56bf..ede6f243c1 100644
--- a/tests/suites/test_suite_gcm.aes128_de.data
+++ b/tests/suites/test_suite_gcm.aes128_de.data
@@ -726,6 +726,10 @@ AES-GCM Bad IV (AES-128,128,0,0,32) #0
 depends_on:MBEDTLS_AES_C
 gcm_bad_parameters:MBEDTLS_CIPHER_ID_AES:MBEDTLS_GCM_DECRYPT:"d0194b6ee68f0ed8adc4b22ed15dbf14":"":"":"":32:MBEDTLS_ERR_GCM_BAD_INPUT
 
+AES-GCM, output buffer too small, NIST Validation (AES-128,128,1024,0,128) #0
+depends_on:MBEDTLS_AES_C
+gcm_update_output_buffer_too_small:MBEDTLS_CIPHER_ID_AES:MBEDTLS_GCM_DECRYPT:"0dd358bc3f992f26e81e3a2f3aa2d517":"87cc4fd75788c9d5cc83bae5d764dd249d178ab23224049795d4288b5ed9ea3f317068a39a7574b300c8544226e87b08e008fbe241d094545c211d56ac44437d41491a438272738968c8d371aa7787b5f606c8549a9d868d8a71380e9657d3c0337979feb01de5991fc1470dfc59eb02511efbbff3fcb479a862ba3844a25aaa":"d8c750bb443ee1a169dfe97cfe4d855b"
+
 AES-GCM Selftest
 depends_on:MBEDTLS_AES_C
 gcm_selftest:
diff --git a/tests/suites/test_suite_gcm.aes128_en.data b/tests/suites/test_suite_gcm.aes128_en.data
index d60c458bcd..273642cbd7 100644
--- a/tests/suites/test_suite_gcm.aes128_en.data
+++ b/tests/suites/test_suite_gcm.aes128_en.data
@@ -726,6 +726,9 @@ AES-GCM Bad IV (AES-128,128,0,0,32) #0
 depends_on:MBEDTLS_AES_C
 gcm_bad_parameters:MBEDTLS_CIPHER_ID_AES:MBEDTLS_GCM_ENCRYPT:"d0194b6ee68f0ed8adc4b22ed15dbf14":"":"":"":32:MBEDTLS_ERR_GCM_BAD_INPUT
 
+AES-GCM, output buffer too small, NIST Validation (AES-128,128,1024,0,128) #0
+gcm_update_output_buffer_too_small:MBEDTLS_CIPHER_ID_AES:MBEDTLS_GCM_ENCRYPT:"ce0f8cfe9d64c4f4c045d11b97c2d918":"dfff250d380f363880963b42d6913c1ba11e8edf7c4ab8b76d79ccbaac628f548ee542f48728a9a2620a0d69339c8291e8d398440d740e310908cdee7c273cc91275ce7271ba12f69237998b07b789b3993aaac8dc4ec1914432a30f5172f79ea0539bd1f70b36d437e5170bc63039a5280816c05e1e41760b58e35696cebd55":"ad4c3627a494fc628316dc03faf81db8"
+
 AES-GCM Selftest
 depends_on:MBEDTLS_AES_C
 gcm_selftest:
diff --git a/tests/suites/test_suite_gcm.function b/tests/suites/test_suite_gcm.function
index c530e6b429..816ebc4ec5 100644
--- a/tests/suites/test_suite_gcm.function
+++ b/tests/suites/test_suite_gcm.function
@@ -431,6 +431,30 @@ exit:
 }
 /* END_CASE */
 
+/* BEGIN_CASE */
+void gcm_update_output_buffer_too_small( int cipher_id, int mode,
+                                         data_t * key_str, const data_t *input,
+                                         const data_t *iv )
+{
+    mbedtls_gcm_context ctx;
+    uint8_t *output = NULL;
+    size_t olen;
+    size_t output_len = input->len - 1;
+
+    mbedtls_gcm_init( &ctx );
+    TEST_EQUAL( mbedtls_gcm_setkey( &ctx, cipher_id, key_str->x, key_str->len * 8 ), 0 );
+    TEST_EQUAL( 0, mbedtls_gcm_starts( &ctx, mode, iv->x, iv->len ) );
+
+    ASSERT_ALLOC( output, output_len );
+    olen = 0xdeadbeef;
+    TEST_EQUAL( MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL, mbedtls_gcm_update( &ctx, input->x, input->len, output, output_len, &olen ) );
+
+exit:
+    mbedtls_free( output );
+    mbedtls_gcm_free( &ctx );
+}
+/* END_CASE */
+
 /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
 void gcm_selftest(  )
 {

From ff0aee0e7b542f325f1d25df8df91cfae501fd7e Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Tue, 5 Oct 2021 09:36:03 +0200
Subject: [PATCH 669/966] Build with -O2 when running ssl-opt

SSL testing benefits from faster executables, so use -O2 rather than -O1.
Some builds use -O1, but that's intended for jobs that only run unit tests,
where the build takes longer than the tests.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 tests/scripts/all.sh | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 812b6b1c64..567fa936c4 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -2275,7 +2275,7 @@ component_build_mbedtls_config_file () {
 }
 
 component_test_m32_o0 () {
-    # Build once with -O0, to compile out the i386 specific inline assembly
+    # Build without optimization, to not use the i386 specific inline assembly.
     msg "build: i386, make, gcc -O0 (ASan build)" # ~ 30s
     scripts/config.py full
     make CC=gcc CFLAGS="$ASAN_CFLAGS -m32 -O0" LDFLAGS="-m32 $ASAN_CFLAGS"
@@ -2290,16 +2290,17 @@ support_test_m32_o0 () {
     esac
 }
 
-component_test_m32_o1 () {
-    # Build again with -O1, to compile in the i386 specific inline assembly
-    msg "build: i386, make, gcc -O1 (ASan build)" # ~ 30s
+component_test_m32_o2 () {
+    # Build with optimization, to use the i386 specific inline assembly
+    # and go faster for tests.
+    msg "build: i386, make, gcc -O2 (ASan build)" # ~ 30s
     scripts/config.py full
-    make CC=gcc CFLAGS="$ASAN_CFLAGS -m32 -O1" LDFLAGS="-m32 $ASAN_CFLAGS"
+    make CC=gcc CFLAGS="$ASAN_CFLAGS -m32 -O2" LDFLAGS="-m32 $ASAN_CFLAGS"
 
-    msg "test: i386, make, gcc -O1 (ASan build)"
+    msg "test: i386, make, gcc -O2 (ASan build)"
     make test
 
-    msg "test ssl-opt.sh, i386, make, gcc-O1"
+    msg "test ssl-opt.sh, i386, make, gcc-O2"
     tests/ssl-opt.sh
 }
 support_test_m32_o1 () {
@@ -2411,7 +2412,7 @@ component_test_no_x509_info () {
     scripts/config.pl full
     scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests
     scripts/config.pl set MBEDTLS_X509_REMOVE_INFO
-    make CFLAGS='-Werror -O1'
+    make CFLAGS='-Werror -O2'
 
     msg "test: full + MBEDTLS_X509_REMOVE_INFO" # ~ 10s
     make test

From 8135cb9e072cb693727a786a871e3a1299e5a295 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Mon, 4 Oct 2021 18:10:16 +0200
Subject: [PATCH 670/966] Break out algorithm_tester() as a separate method

No intended behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 scripts/mbedtls_dev/macro_collector.py | 26 ++++++++++++++++++++------
 1 file changed, 20 insertions(+), 6 deletions(-)

diff --git a/scripts/mbedtls_dev/macro_collector.py b/scripts/mbedtls_dev/macro_collector.py
index f9ef5f9150..bd2d296c01 100644
--- a/scripts/mbedtls_dev/macro_collector.py
+++ b/scripts/mbedtls_dev/macro_collector.py
@@ -233,6 +233,25 @@ class PSAMacroCollector(PSAMacroEnumerator):
         self.key_types_from_group = {} #type: Dict[str, str]
         self.algorithms_from_hash = {} #type: Dict[str, str]
 
+    @staticmethod
+    def algorithm_tester(name: str) -> str:
+        """The predicate for whether an algorithm is built from the given constructor.
+
+        The given name must be the name of an algorithm constructor of the
+        form ``PSA_ALG_xxx`` which is used as ``PSA_ALG_xxx(yyy)`` to build
+        an algorithm value. Return the corresponding predicate macro which
+        is used as ``predicate(alg)`` to test whether ``alg`` can be built
+        as ``PSA_ALG_xxx(yyy)``. The predicate is usually called
+        ``PSA_ALG_IS_xxx``.
+        """
+        prefix = 'PSA_ALG_'
+        assert name.startswith(prefix)
+        midfix = 'IS_'
+        suffix = name[len(prefix):]
+        if suffix in ['DSA', 'ECDSA']:
+            midfix += 'RANDOMIZED_'
+        return prefix + midfix + suffix
+
     def record_algorithm_subtype(self, name: str, expansion: str) -> None:
         """Record the subtype of an algorithm constructor.
 
@@ -308,12 +327,7 @@ class PSAMacroCollector(PSAMacroEnumerator):
             self.algorithms.add(name)
             self.record_algorithm_subtype(name, expansion)
         elif name.startswith('PSA_ALG_') and parameter == 'hash_alg':
-            if name in ['PSA_ALG_DSA', 'PSA_ALG_ECDSA']:
-                # A naming irregularity
-                tester = name[:8] + 'IS_RANDOMIZED_' + name[8:]
-            else:
-                tester = name[:8] + 'IS_' + name[8:]
-            self.algorithms_from_hash[name] = tester
+            self.algorithms_from_hash[name] = self.algorithm_tester(name)
         elif name.startswith('PSA_KEY_USAGE_') and not parameter:
             self.key_usage_flags.add(name)
         else:

From acd2d0e92389a7e64a7d8d1b7d3e1d2077124dfb Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Mon, 4 Oct 2021 18:10:38 +0200
Subject: [PATCH 671/966] New algorithm PSA_ALG_RSA_PSS_ANY_SALT

This is a variant of PSA_ALG_RSA_PSS which currently has exactly the same
behavior, but is intended to have a different behavior when verifying
signatures.

In a subsequent commit, PSA_ALG_RSA_PSS will change to requiring the salt
length to be what it would produce when signing, as is currently documented,
whereas PSA_ALG_RSA_PSS_ANY_SALT will retain the current behavior of
allowing any salt length (including 0).

Changes in this commit:

* New algorithm constructor PSA_ALG_RSA_PSS_ANY_SALT.
* New predicates PSA_ALG_IS_RSA_PSS_STANDARD_SALT (corresponding to
  PSA_ALG_RSA_PSS) and PSA_ALG_IS_RSA_PSS_ANY_SALT (corresponding to
  PSA_ALG_RSA_PSS_ANY_SALT).
* Support for the new predicates in macro_collector.py (needed for
  generate_psa_constant_names).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 include/psa/crypto_values.h                   | 68 ++++++++++++++++++-
 scripts/mbedtls_dev/macro_collector.py        |  2 +
 .../test_suite_psa_crypto_metadata.data       |  8 +++
 3 files changed, 76 insertions(+), 2 deletions(-)

diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h
index daef9416cc..aa7d02ef39 100644
--- a/include/psa/crypto_values.h
+++ b/include/psa/crypto_values.h
@@ -886,7 +886,7 @@
  * algorithm parametrized with any supported hash.
  *
  * That is, suppose that `PSA_xxx_SIGNATURE` is one of the following macros:
- * - #PSA_ALG_RSA_PKCS1V15_SIGN, #PSA_ALG_RSA_PSS,
+ * - #PSA_ALG_RSA_PKCS1V15_SIGN, #PSA_ALG_RSA_PSS, #PSA_ALG_RSA_PSS_ANY_SALT,
  * - #PSA_ALG_ECDSA, #PSA_ALG_DETERMINISTIC_ECDSA.
  * Then you may create and use a key as follows:
  * - Set the key usage field using #PSA_ALG_ANY_HASH, for example:
@@ -1341,6 +1341,7 @@
     (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_RSA_PKCS1V15_SIGN_BASE)
 
 #define PSA_ALG_RSA_PSS_BASE               ((psa_algorithm_t)0x06000300)
+#define PSA_ALG_RSA_PSS_ANY_SALT_BASE      ((psa_algorithm_t)0x06001300)
 /** RSA PSS signature with hashing.
  *
  * This is the signature scheme defined by RFC 8017
@@ -1361,9 +1362,72 @@
  */
 #define PSA_ALG_RSA_PSS(hash_alg)                               \
     (PSA_ALG_RSA_PSS_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
-#define PSA_ALG_IS_RSA_PSS(alg)                                 \
+
+/** RSA PSS signature with hashing with relaxed verification.
+ *
+ * This algorithm has the same behavior as #PSA_ALG_RSA_PSS when signing,
+ * but allows an arbitrary salt length (including \c 0) when verifying a
+ * signature.
+ *
+ * \param hash_alg      A hash algorithm (\c PSA_ALG_XXX value such that
+ *                      #PSA_ALG_IS_HASH(\p hash_alg) is true).
+ *                      This includes #PSA_ALG_ANY_HASH
+ *                      when specifying the algorithm in a usage policy.
+ *
+ * \return              The corresponding RSA PSS signature algorithm.
+ * \return              Unspecified if \p hash_alg is not a supported
+ *                      hash algorithm.
+ */
+#define PSA_ALG_RSA_PSS_ANY_SALT(hash_alg)                      \
+    (PSA_ALG_RSA_PSS_ANY_SALT_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
+
+/** Whether the specified algorithm is RSA PSS with standard salt.
+ *
+ * \param alg           An algorithm value or an algorithm policy wildcard.
+ *
+ * \return              1 if \p alg is of the form
+ *                      #PSA_ALG_RSA_PSS(\c hash_alg),
+ *                      where \c hash_alg is a hash algorithm or
+ *                      #PSA_ALG_ANY_HASH. 0 otherwise.
+ *                      This macro may return either 0 or 1 if \p alg is not
+ *                      a supported algorithm identifier or policy.
+ */
+#define PSA_ALG_IS_RSA_PSS_STANDARD_SALT(alg)                   \
     (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_RSA_PSS_BASE)
 
+/** Whether the specified algorithm is RSA PSS with any salt.
+ *
+ * \param alg           An algorithm value or an algorithm policy wildcard.
+ *
+ * \return              1 if \p alg is of the form
+ *                      #PSA_ALG_RSA_PSS_ANY_SALT_BASE(\c hash_alg),
+ *                      where \c hash_alg is a hash algorithm or
+ *                      #PSA_ALG_ANY_HASH. 0 otherwise.
+ *                      This macro may return either 0 or 1 if \p alg is not
+ *                      a supported algorithm identifier or policy.
+ */
+#define PSA_ALG_IS_RSA_PSS_ANY_SALT(alg)                                \
+    (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_RSA_PSS_ANY_SALT_BASE)
+
+/** Whether the specified algorithm is RSA PSS.
+ *
+ * This includes any of the RSA PSS algorithm variants, regardless of the
+ * constraints on salt length.
+ *
+ * \param alg           An algorithm value or an algorithm policy wildcard.
+ *
+ * \return              1 if \p alg is of the form
+ *                      #PSA_ALG_RSA_PSS(\c hash_alg) or
+ *                      #PSA_ALG_RSA_PSS_ANY_SALT_BASE(\c hash_alg),
+ *                      where \c hash_alg is a hash algorithm or
+ *                      #PSA_ALG_ANY_HASH. 0 otherwise.
+ *                      This macro may return either 0 or 1 if \p alg is not
+ *                      a supported algorithm identifier or policy.
+ */
+#define PSA_ALG_IS_RSA_PSS(alg)                                 \
+    ((((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_RSA_PSS_BASE) ||  \
+     (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_RSA_PSS_ANY_SALT_BASE))
+
 #define PSA_ALG_ECDSA_BASE                      ((psa_algorithm_t)0x06000600)
 /** ECDSA signature with hashing.
  *
diff --git a/scripts/mbedtls_dev/macro_collector.py b/scripts/mbedtls_dev/macro_collector.py
index bd2d296c01..bf82f13dc5 100644
--- a/scripts/mbedtls_dev/macro_collector.py
+++ b/scripts/mbedtls_dev/macro_collector.py
@@ -250,6 +250,8 @@ class PSAMacroCollector(PSAMacroEnumerator):
         suffix = name[len(prefix):]
         if suffix in ['DSA', 'ECDSA']:
             midfix += 'RANDOMIZED_'
+        elif suffix == 'RSA_PSS':
+            suffix += '_STANDARD_SALT'
         return prefix + midfix + suffix
 
     def record_algorithm_subtype(self, name: str, expansion: str) -> None:
diff --git a/tests/suites/test_suite_psa_crypto_metadata.data b/tests/suites/test_suite_psa_crypto_metadata.data
index a3668fcc94..f2b43741a6 100644
--- a/tests/suites/test_suite_psa_crypto_metadata.data
+++ b/tests/suites/test_suite_psa_crypto_metadata.data
@@ -182,6 +182,10 @@ Asymmetric signature: RSA PSS SHA-256
 depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256
 asymmetric_signature_algorithm:PSA_ALG_RSA_PSS( PSA_ALG_SHA_256 ):ALG_IS_RSA_PSS | ALG_IS_HASH_AND_SIGN
 
+Asymmetric signature: RSA PSS-any-salt SHA-256
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256
+asymmetric_signature_algorithm:PSA_ALG_RSA_PSS_ANY_SALT( PSA_ALG_SHA_256 ):ALG_IS_RSA_PSS | ALG_IS_HASH_AND_SIGN
+
 Asymmetric signature: randomized ECDSA (no hashing)
 depends_on:PSA_WANT_ALG_ECDSA
 asymmetric_signature_algorithm:PSA_ALG_ECDSA_ANY:ALG_IS_ECDSA | ALG_IS_RANDOMIZED_ECDSA | ALG_IS_HASH_AND_SIGN
@@ -214,6 +218,10 @@ Asymmetric signature: RSA PSS with wildcard hash
 depends_on:PSA_WANT_ALG_RSA_PSS
 asymmetric_signature_wildcard:PSA_ALG_RSA_PSS( PSA_ALG_ANY_HASH ):ALG_IS_RSA_PSS
 
+Asymmetric signature: RSA PSS-any-salt with wildcard hash
+depends_on:PSA_WANT_ALG_RSA_PSS
+asymmetric_signature_wildcard:PSA_ALG_RSA_PSS_ANY_SALT( PSA_ALG_ANY_HASH ):ALG_IS_RSA_PSS
+
 Asymmetric signature: randomized ECDSA with wildcard hash
 depends_on:PSA_WANT_ALG_ECDSA
 asymmetric_signature_wildcard:PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ):ALG_IS_ECDSA | ALG_IS_RANDOMIZED_ECDSA

From a4337d7b154cc2dd9eba9c261b5f4fb43c531c76 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Mon, 4 Oct 2021 18:14:59 +0200
Subject: [PATCH 672/966] Update metadata tests with the new
 IS_ALG_RSA_PSS_xxx_SALT predicates

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 .../test_suite_psa_crypto_metadata.data       |  8 ++--
 .../test_suite_psa_crypto_metadata.function   | 40 ++++++++++---------
 2 files changed, 25 insertions(+), 23 deletions(-)

diff --git a/tests/suites/test_suite_psa_crypto_metadata.data b/tests/suites/test_suite_psa_crypto_metadata.data
index f2b43741a6..7eb1dc92cf 100644
--- a/tests/suites/test_suite_psa_crypto_metadata.data
+++ b/tests/suites/test_suite_psa_crypto_metadata.data
@@ -180,11 +180,11 @@ asymmetric_signature_algorithm:PSA_ALG_RSA_PKCS1V15_SIGN( PSA_ALG_SHA_256 ):ALG_
 
 Asymmetric signature: RSA PSS SHA-256
 depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256
-asymmetric_signature_algorithm:PSA_ALG_RSA_PSS( PSA_ALG_SHA_256 ):ALG_IS_RSA_PSS | ALG_IS_HASH_AND_SIGN
+asymmetric_signature_algorithm:PSA_ALG_RSA_PSS( PSA_ALG_SHA_256 ):ALG_IS_RSA_PSS | ALG_IS_RSA_PSS_STANDARD_SALT | ALG_IS_HASH_AND_SIGN
 
 Asymmetric signature: RSA PSS-any-salt SHA-256
 depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256
-asymmetric_signature_algorithm:PSA_ALG_RSA_PSS_ANY_SALT( PSA_ALG_SHA_256 ):ALG_IS_RSA_PSS | ALG_IS_HASH_AND_SIGN
+asymmetric_signature_algorithm:PSA_ALG_RSA_PSS_ANY_SALT( PSA_ALG_SHA_256 ):ALG_IS_RSA_PSS | ALG_IS_RSA_PSS_ANY_SALT | ALG_IS_HASH_AND_SIGN
 
 Asymmetric signature: randomized ECDSA (no hashing)
 depends_on:PSA_WANT_ALG_ECDSA
@@ -216,11 +216,11 @@ asymmetric_signature_wildcard:PSA_ALG_RSA_PKCS1V15_SIGN( PSA_ALG_ANY_HASH ):ALG_
 
 Asymmetric signature: RSA PSS with wildcard hash
 depends_on:PSA_WANT_ALG_RSA_PSS
-asymmetric_signature_wildcard:PSA_ALG_RSA_PSS( PSA_ALG_ANY_HASH ):ALG_IS_RSA_PSS
+asymmetric_signature_wildcard:PSA_ALG_RSA_PSS( PSA_ALG_ANY_HASH ):ALG_IS_RSA_PSS | ALG_IS_RSA_PSS_STANDARD_SALT
 
 Asymmetric signature: RSA PSS-any-salt with wildcard hash
 depends_on:PSA_WANT_ALG_RSA_PSS
-asymmetric_signature_wildcard:PSA_ALG_RSA_PSS_ANY_SALT( PSA_ALG_ANY_HASH ):ALG_IS_RSA_PSS
+asymmetric_signature_wildcard:PSA_ALG_RSA_PSS_ANY_SALT( PSA_ALG_ANY_HASH ):ALG_IS_RSA_PSS | ALG_IS_RSA_PSS_ANY_SALT
 
 Asymmetric signature: randomized ECDSA with wildcard hash
 depends_on:PSA_WANT_ALG_ECDSA
diff --git a/tests/suites/test_suite_psa_crypto_metadata.function b/tests/suites/test_suite_psa_crypto_metadata.function
index 9f4fc75495..ab9b2f879a 100644
--- a/tests/suites/test_suite_psa_crypto_metadata.function
+++ b/tests/suites/test_suite_psa_crypto_metadata.function
@@ -22,25 +22,27 @@
 #define ALG_IS_STREAM_CIPHER            ( 1u << 3 )
 #define ALG_IS_RSA_PKCS1V15_SIGN        ( 1u << 4 )
 #define ALG_IS_RSA_PSS                  ( 1u << 5 )
-#define ALG_IS_DSA                      ( 1u << 6 )
-#define ALG_DSA_IS_DETERMINISTIC        ( 1u << 7 )
-#define ALG_IS_DETERMINISTIC_DSA        ( 1u << 8 )
-#define ALG_IS_RANDOMIZED_DSA           ( 1u << 9 )
-#define ALG_IS_ECDSA                    ( 1u << 10 )
-#define ALG_ECDSA_IS_DETERMINISTIC      ( 1u << 11 )
-#define ALG_IS_DETERMINISTIC_ECDSA      ( 1u << 12 )
-#define ALG_IS_RANDOMIZED_ECDSA         ( 1u << 13 )
-#define ALG_IS_HASH_EDDSA               ( 1u << 14 )
-#define ALG_IS_HASH_AND_SIGN            ( 1u << 15 )
-#define ALG_IS_RSA_OAEP                 ( 1u << 16 )
-#define ALG_IS_HKDF                     ( 1u << 17 )
-#define ALG_IS_FFDH                     ( 1u << 18 )
-#define ALG_IS_ECDH                     ( 1u << 19 )
-#define ALG_IS_WILDCARD                 ( 1u << 20 )
-#define ALG_IS_RAW_KEY_AGREEMENT        ( 1u << 21 )
-#define ALG_IS_AEAD_ON_BLOCK_CIPHER     ( 1u << 22 )
-#define ALG_IS_TLS12_PRF                ( 1u << 23 )
-#define ALG_IS_TLS12_PSK_TO_MS          ( 1u << 24 )
+#define ALG_IS_RSA_PSS_ANY_SALT         ( 1u << 6 )
+#define ALG_IS_RSA_PSS_STANDARD_SALT    ( 1u << 7 )
+#define ALG_IS_DSA                      ( 1u << 8 )
+#define ALG_DSA_IS_DETERMINISTIC        ( 1u << 9 )
+#define ALG_IS_DETERMINISTIC_DSA        ( 1u << 10 )
+#define ALG_IS_RANDOMIZED_DSA           ( 1u << 11 )
+#define ALG_IS_ECDSA                    ( 1u << 12 )
+#define ALG_ECDSA_IS_DETERMINISTIC      ( 1u << 13 )
+#define ALG_IS_DETERMINISTIC_ECDSA      ( 1u << 14 )
+#define ALG_IS_RANDOMIZED_ECDSA         ( 1u << 15 )
+#define ALG_IS_HASH_EDDSA               ( 1u << 16 )
+#define ALG_IS_HASH_AND_SIGN            ( 1u << 17 )
+#define ALG_IS_RSA_OAEP                 ( 1u << 18 )
+#define ALG_IS_HKDF                     ( 1u << 19 )
+#define ALG_IS_FFDH                     ( 1u << 20 )
+#define ALG_IS_ECDH                     ( 1u << 21 )
+#define ALG_IS_WILDCARD                 ( 1u << 22 )
+#define ALG_IS_RAW_KEY_AGREEMENT        ( 1u << 23 )
+#define ALG_IS_AEAD_ON_BLOCK_CIPHER     ( 1u << 24 )
+#define ALG_IS_TLS12_PRF                ( 1u << 25 )
+#define ALG_IS_TLS12_PSK_TO_MS          ( 1u << 26 )
 
 /* Flags for key type classification macros. There is a flag for every
  * key type classification macro PSA_KEY_TYPE_IS_xxx except for some that

From 454f31c9b9ac07714e98753f10cc41272cf5e018 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Mon, 4 Oct 2021 18:30:27 +0200
Subject: [PATCH 673/966] Add test cases for PSA_ALG_RSA_PSS_ANY_SALT

The test cases strictly replicate a subset of the test cases for
PSA_ALG_RSA_PSS. The subset validates that PSA_ALG_RSA_PSS_ANY_SALT is
recognized wherever PSA_ALG_RSA_PSS is.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 tests/suites/test_suite_psa_crypto.data | 60 +++++++++++++++++++++++++
 1 file changed, 60 insertions(+)

diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index 063629e599..72df17a23d 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -3406,6 +3406,10 @@ PSA signature size: RSA keypair, 1024 bits, PSS
 depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR
 signature_size:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_ALG_RSA_PSS( PSA_ALG_SHA_256 ):128
 
+PSA signature size: RSA keypair, 1024 bits, PSS-any-salt
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR
+signature_size:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_ALG_RSA_PSS_ANY_SALT( PSA_ALG_SHA_256 ):128
+
 PSA signature size: RSA keypair, 1023 bits, PKCS#1 v1.5 raw
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR
 signature_size:PSA_KEY_TYPE_RSA_KEY_PAIR:1023:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:128
@@ -3422,6 +3426,10 @@ PSA import/exercise RSA keypair, PSS-SHA-256
 depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
 import_and_exercise_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256)
 
+PSA import/exercise RSA keypair, PSS-any-salt-SHA-256
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+import_and_exercise_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256)
+
 PSA import/exercise RSA public key, PKCS#1 v1.5 raw
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
 import_and_exercise_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:1024:PSA_ALG_RSA_PKCS1V15_SIGN_RAW
@@ -3430,6 +3438,10 @@ PSA import/exercise RSA public key, PSS-SHA-256
 depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
 import_and_exercise_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256)
 
+PSA import/exercise RSA public key, PSS-any-salt-SHA-256
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+import_and_exercise_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:1024:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256)
+
 PSA import/exercise: ECP SECP256R1 keypair, ECDSA
 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
 import_and_exercise_key:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_ALG_ECDSA_ANY
@@ -3490,10 +3502,18 @@ PSA sign hash: RSA PSS SHA-256, wrong hash length (0 bytes)
 depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
 sign_hash_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"":127:PSA_ERROR_INVALID_ARGUMENT
 
+PSA sign hash: RSA PSS-any-salt SHA-256, wrong hash length (0 bytes)
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+sign_hash_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):"":127:PSA_ERROR_INVALID_ARGUMENT
+
 PSA sign hash: RSA PSS SHA-256, wrong hash length (129 bytes)
 depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
 sign_hash_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":127:PSA_ERROR_INVALID_ARGUMENT
 
+PSA sign hash: RSA PSS-any-salt SHA-256, wrong hash length (129 bytes)
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+sign_hash_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":127:PSA_ERROR_INVALID_ARGUMENT
+
 PSA sign hash: deterministic ECDSA SECP256R1 SHA-256, output buffer too small
 depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
 sign_hash_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":63:PSA_ERROR_BUFFER_TOO_SMALL
@@ -3538,6 +3558,10 @@ PSA sign/verify hash: RSA PSS SHA-256, 32 bytes (hash size)
 depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
 sign_verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad"
 
+PSA sign/verify hash: RSA PSS-any-salt SHA-256, 32 bytes (hash size)
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+sign_verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad"
+
 PSA sign/verify hash: randomized ECDSA SECP256R1 SHA-256
 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
 sign_verify_hash:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b"
@@ -3598,14 +3622,26 @@ PSA verify hash: RSA PSS SHA-256, good signature, 32 bytes (hash size)
 depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
 verify_hash:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"1967ae568cc071dfebeeca76b11d40bd1ec5af241c50b3dcceff21f4536c0693a7179a8d5d163a7625fefd37c161127800edeebc24fa73ca772096827bd3f75e8ccf2c64f07b7171b5c99022a4d73b760f34a385ccff0bd5ed7997d2a29d2847acb0767f93a2a404bc046c97de66d95dc9f7646fdb216b627b2ea0de8afcefb7"
 
+PSA verify hash: RSA PSS-any-salt SHA-256, good signature, 32 bytes (hash size)
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+verify_hash:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"1967ae568cc071dfebeeca76b11d40bd1ec5af241c50b3dcceff21f4536c0693a7179a8d5d163a7625fefd37c161127800edeebc24fa73ca772096827bd3f75e8ccf2c64f07b7171b5c99022a4d73b760f34a385ccff0bd5ed7997d2a29d2847acb0767f93a2a404bc046c97de66d95dc9f7646fdb216b627b2ea0de8afcefb7"
+
 PSA verify hash: RSA PSS SHA-256, wrong hash length (0 bytes)
 depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
 verify_hash_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"":"34c011b625c32d992f4ab8fcfa52b616ea66270b5b75a4fc71af712f9b8806bcdd374ce50eafcbb489562b93347885f93c2de1d404c45cacccefceb112ff6ffdfe4264f91d66320bbbe09304b851b8ad6280bbccc571eebcd49c7db5dfa399a6289e1978407904598751613d9870770cdd8507e3dc7b46851dbf05ae1df2988d":PSA_ERROR_INVALID_ARGUMENT
 
+PSA verify hash: RSA PSS-any-salt SHA-256, wrong hash length (0 bytes)
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+verify_hash_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):"":"34c011b625c32d992f4ab8fcfa52b616ea66270b5b75a4fc71af712f9b8806bcdd374ce50eafcbb489562b93347885f93c2de1d404c45cacccefceb112ff6ffdfe4264f91d66320bbbe09304b851b8ad6280bbccc571eebcd49c7db5dfa399a6289e1978407904598751613d9870770cdd8507e3dc7b46851dbf05ae1df2988d":PSA_ERROR_INVALID_ARGUMENT
+
 PSA verify hash: RSA PSS SHA-256, wrong hash length (129 bytes)
 depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
 verify_hash_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"1491cead330b4ad5b092f8351518141ac11d0888591572669c1e79d6e932c488acd62d44479b0e14cd91a048778bc02398a772ad6bdb4f7764780cf0afe70293d0cac86f2695a1dcb54568bb37d7086f9e86f95a6802d2ee5a4facaa762beff5261bb2816b62cb5af86404974c3f6b67985ac1fbfdf46d6de54f6e29d9274308":PSA_ERROR_INVALID_ARGUMENT
 
+PSA verify hash: RSA PSS-any-salt SHA-256, wrong hash length (129 bytes)
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+verify_hash_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"1491cead330b4ad5b092f8351518141ac11d0888591572669c1e79d6e932c488acd62d44479b0e14cd91a048778bc02398a772ad6bdb4f7764780cf0afe70293d0cac86f2695a1dcb54568bb37d7086f9e86f95a6802d2ee5a4facaa762beff5261bb2816b62cb5af86404974c3f6b67985ac1fbfdf46d6de54f6e29d9274308":PSA_ERROR_INVALID_ARGUMENT
+
 PSA verify hash: ECDSA SECP256R1, good
 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
 verify_hash:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f"
@@ -3722,6 +3758,10 @@ PSA sign/verify message: RSA PSS SHA-256
 depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
 sign_verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"616263"
 
+PSA sign/verify message: RSA PSS-any-salt SHA-256
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+sign_verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):"616263"
+
 PSA sign/verify message: RSA PSS SHA-256, 0 bytes
 depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
 sign_verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):""
@@ -3790,18 +3830,34 @@ PSA verify message: RSA PSS SHA-256, good signature, 0 bytes
 depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
 verify_message:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"":"50c06249deb97228e277b51d3e3542a6e5c140d6f6d1cb8a3dff53b5ce6e6fcb39d0767703174135208adf5d75399dd7525702b275153e7605ec38b65d33337bb9bbeb8c392ee22e3e9c0dafa43074a8205e17df2106bedd7bf6f1ada702aeb2ce04864c0ca9ec31964f9a957d8ebb9abc82454ad37c541e9b4d9842436c14a4"
 
+PSA verify message: RSA PSS-any-salt SHA-256, good signature, 0 bytes
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+verify_message:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):"":"50c06249deb97228e277b51d3e3542a6e5c140d6f6d1cb8a3dff53b5ce6e6fcb39d0767703174135208adf5d75399dd7525702b275153e7605ec38b65d33337bb9bbeb8c392ee22e3e9c0dafa43074a8205e17df2106bedd7bf6f1ada702aeb2ce04864c0ca9ec31964f9a957d8ebb9abc82454ad37c541e9b4d9842436c14a4"
+
 PSA verify message: RSA PSS SHA-256, good signature, 32 bytes (hash size)
 depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
 verify_message:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"6b65e1fdc900dce8a2b82130ae8ccfac27b6d0eb5f2c0c1085b80f34ceaaf064c8ff237e74a24a3c6fb7a842f172e5146315616281bbbeeae90febaab139a212decf1c68923f2a48e242b1fd72105e3a3f2329c30d78abe8673335ad08c5ba1aa515360bb5660050f1994bb08d3dd17e3407a379403bafa4e229b3c851283f6d"
 
+PSA verify message: RSA PSS-any-salt SHA-256, good signature, 32 bytes (hash size)
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+verify_message:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"6b65e1fdc900dce8a2b82130ae8ccfac27b6d0eb5f2c0c1085b80f34ceaaf064c8ff237e74a24a3c6fb7a842f172e5146315616281bbbeeae90febaab139a212decf1c68923f2a48e242b1fd72105e3a3f2329c30d78abe8673335ad08c5ba1aa515360bb5660050f1994bb08d3dd17e3407a379403bafa4e229b3c851283f6d"
+
 PSA verify message: RSA PSS SHA-256, good signature, 128 bytes (signature size)
 depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
 verify_message:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"29b65db0936b7fe408bda672077b0bc5e176177ba9a550fb548c292f7b4af1bb6475e0a979ba43dd644780801fabe5b62a1359cf7692918f30013e90c2362235765abc2078905d13b345dd689bf15e4e94ca51535d12f0675d5f13e9f254ba7696f0096d62deb023d106e9a96a5da3162bead6a745c8b9000868d2f9a447d5c5"
 
+PSA verify message: RSA-any-salt PSS SHA-256, good signature, 128 bytes (signature size)
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+verify_message:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"29b65db0936b7fe408bda672077b0bc5e176177ba9a550fb548c292f7b4af1bb6475e0a979ba43dd644780801fabe5b62a1359cf7692918f30013e90c2362235765abc2078905d13b345dd689bf15e4e94ca51535d12f0675d5f13e9f254ba7696f0096d62deb023d106e9a96a5da3162bead6a745c8b9000868d2f9a447d5c5"
+
 PSA verify message: RSA PSS SHA-256, good signature, 129 bytes
 depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
 verify_message:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"43286cc0fc599603fbb0cd1fd70c3a17b08d2adf4f90202dddfa4b9d74be8c720bbb1c714665466de6452d401ca061b68225785ff387c2615f03c81351cc3838cd3014a031a4f4c9f70bba06f504c6a9942ac2dbfed2329e590d526a9be26b4025a6d7c4151b4e795cfe756c9a8a5e8fa9228a6f5f6f427a5a070e5c0ea69830"
 
+PSA verify message: RSA PSS-any-salt SHA-256, good signature, 129 bytes
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+verify_message:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"43286cc0fc599603fbb0cd1fd70c3a17b08d2adf4f90202dddfa4b9d74be8c720bbb1c714665466de6452d401ca061b68225785ff387c2615f03c81351cc3838cd3014a031a4f4c9f70bba06f504c6a9942ac2dbfed2329e590d526a9be26b4025a6d7c4151b4e795cfe756c9a8a5e8fa9228a6f5f6f427a5a070e5c0ea69830"
+
 PSA verify message: ECDSA SECP256R1 SHA-256, good
 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
 verify_message:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"616263":"0f8c19f5affea6d593a33e176aa52717bff8d5875165fc63e80a2d65580d295789db5ffb5397ba4c67834e2731ee268ea6f7e83846fbb02145b35442db18cf0b"
@@ -4768,6 +4824,10 @@ PSA generate key: RSA, 1024 bits, good, sign (PSS SHA-256)
 depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_GENPRIME:MBEDTLS_MD_C
 generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_SUCCESS:0
 
+PSA generate key: RSA, 1024 bits, good, sign (PSS-any-salt SHA-256)
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_GENPRIME:MBEDTLS_MD_C
+generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):PSA_SUCCESS:0
+
 PSA generate key: RSA, 512 bits, good, encrypt (PKCS#1 v1.5)
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_GENPRIME
 generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:512:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_SUCCESS:0

From 44c96aa046102bfbee7738baae4324971f9ea231 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Mon, 4 Oct 2021 18:33:56 +0200
Subject: [PATCH 674/966] Support PSA_ALG_RSA_PSS_ANY_SALT iff PSA_ALG_RSA_PSS
 is supported

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 include/mbedtls/config_psa.h | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h
index 3b01b78d29..60191f1491 100644
--- a/include/mbedtls/config_psa.h
+++ b/include/mbedtls/config_psa.h
@@ -56,6 +56,12 @@ extern "C" {
 #define PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW PSA_WANT_ALG_RSA_PKCS1V15_SIGN
 #endif
 
+#if defined(PSA_WANT_ALG_RSA_PSS_ANY_SALT) && !defined(PSA_WANT_ALG_RSA_PSS)
+#define PSA_WANT_ALG_RSA_PSS PSA_WANT_ALG_RSA_PSS_ANY_SALT
+#elif !defined(PSA_WANT_ALG_RSA_PSS_ANY_SALT) && defined(PSA_WANT_ALG_RSA_PSS)
+#define PSA_WANT_ALG_RSA_PSS_ANY_SALT PSA_WANT_ALG_RSA_PSS
+#endif
+
 
 
 /****************************************************************/

From f5322b32235c8df13357419dcb8700a389a2876e Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Mon, 4 Oct 2021 18:39:58 +0200
Subject: [PATCH 675/966] Shorten some test descriptions

Ensure the unique part fits in the 66 columns that the test runner displays.
Leave room for an additional distinguisher on signature key policy negative
test cases.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 tests/suites/test_suite_psa_crypto.data | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index 72df17a23d..d4a5209baa 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -912,11 +912,11 @@ PSA key policy: asymmetric signature, sign | verify, key usage extension
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_MD_C
 asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):32:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE
 
-PSA key policy: asymmetric signature, wrong algorithm family
+PSA key policy: asymmetric signature, wrong alg family (RSA v15/PSS)
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR
 asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE
 
-PSA key policy: asymmetric signature, wildcard in policy, wrong algorithm family
+PSA key policy: asymmetric signature, wildcard in policy, wrong alg family
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR
 asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE
 
@@ -952,39 +952,39 @@ PSA key policy: asymmetric signature, neither sign nor verify
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_MD_C
 asymmetric_signature_key_policy:0:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):32:0
 
-PSA key policy: asymmetric signature for message, sign | verify
+PSA key policy: msg asymmetric signature, sign | verify
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR
 asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE
 
-PSA key policy: asymmetric signature for message, wrong algorithm family
+PSA key policy: msg asymmetric signature, wrong alg family (RSA v15/PSS)
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR
 asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE
 
-PSA key policy: asymmetric signature for message, wildcard in policy, wrong algorithm family
+PSA key policy: msg asymmetric signature, wildcard in policy, wrong alg family
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR
 asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE
 
-PSA key policy: asymmetric signature for message, wildcard in policy, ECDSA SHA-256
+PSA key policy: msg asymmetric signature, wildcard in policy, ECDSA SHA-256
 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256
 asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_ECDSA(PSA_ALG_SHA_256):32:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE
 
-PSA key policy: asymmetric signature for message, wildcard in policy, PKCS#1v1.5 SHA-256
+PSA key policy: msg asymmetric signature, wildcard in policy, PKCS#1v1.5 SHA-256
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR
 asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):32:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE
 
-PSA key policy: asymmetric signature for message, wrong hash algorithm
+PSA key policy: msg asymmetric signature, wrong hash algorithm
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR
 asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_384):0:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE
 
-PSA key policy: asymmetric signature for message, alg=0 in policy
+PSA key policy: msg asymmetric signature, alg=0 in policy
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR
 asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE
 
-PSA key policy: asymmetric signature for message, sign but not verify
+PSA key policy: msg asymmetric signature, sign but not verify
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR
 asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):1:PSA_KEY_USAGE_SIGN_MESSAGE
 
-PSA key policy: asymmetric signature for message, verify but not sign
+PSA key policy: msg asymmetric signature, verify but not sign
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR
 asymmetric_signature_key_policy:PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):1:PSA_KEY_USAGE_VERIFY_MESSAGE
 

From 033b178dce57a4a94e5c98131d6b6747948e4034 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Mon, 4 Oct 2021 18:41:27 +0200
Subject: [PATCH 676/966] Test that a PSS policy doesn't allow PSS_ANY_SALT and
 vice versa

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 tests/suites/test_suite_psa_crypto.data | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index d4a5209baa..741a9bebee 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -912,6 +912,14 @@ PSA key policy: asymmetric signature, sign | verify, key usage extension
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_MD_C
 asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):32:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE
 
+PSA key policy: asymmetric signature, wrong alg family (PSS std/any salt)
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR
+asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE
+
+PSA key policy: asymmetric signature, wrong alg family (PSS any/std salt)
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR
+asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE
+
 PSA key policy: asymmetric signature, wrong alg family (RSA v15/PSS)
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR
 asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE
@@ -956,6 +964,14 @@ PSA key policy: msg asymmetric signature, sign | verify
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR
 asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE
 
+PSA key policy: msg asymmetric signature, wrong alg family (PSS std/any salt)
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR
+asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE
+
+PSA key policy: msg asymmetric signature, wrong alg family (PSS any/std salt)
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR
+asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE
+
 PSA key policy: msg asymmetric signature, wrong alg family (RSA v15/PSS)
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR
 asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE

From 25794d8946c524b0c1906cd0f6ab26473e1ec85b Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Mon, 4 Oct 2021 20:17:55 +0200
Subject: [PATCH 677/966] Test PSS verification with different salt lengths

Test the following combinations:
* 1024-bit key, SHA-256, salt=0
* 1024-bit key, SHA-256, salt=31 (1 byte shorter than standard)
* 1024-bit key, SHA-256, salt=32 (standard length)
* 1024-bit key, SHA-256, salt=94 (maximum possible length)
* 1024-bit key, SHA-512, salt=61 (1 byte shorter than standard)
* 1024-bit key, SHA-512, salt=62 (standard = maximum possible length)
* 528-bit key, SHA-512, salt=0 (only possible length)

Test psa_verify_hash() for both PSA_ALG_RSA_PSS and PSA_ALG_RSA_PSS_ANY_SALT
with all of these combinations. For psa_verify_message(), just test once
with the standard length and once with a different length.

Note that as of this commit, both PSA_ALG_RSA_PSS and
PSA_ALG_RSA_PSS_ANY_SALT accept any salt length during verification, hence
all the new test cases are positive.

The verify test cases were generated using the Python script below.

```
from Cryptodome import Hash
from Cryptodome.Hash import SHA512
from Cryptodome import PublicKey
from Cryptodome.PublicKey import RSA
from Cryptodome.Signature import pss

key = {
    528: RSA.import_key(bytes.fromhex("30820145020100024300e31c246d46485984261fd174cab3d4357344602ecd793c47dbe54252d37bb350bc634359b19515542080e4724a4b672291be57c7648f51629eaef234e847d99cc65f0203010001024300b166322e09504a5c274b83592f5cf8ce2793a96de5a265abdbe060c641dbc65db0d11c782fe133a7e60aea686d21058d928cad3ef58924c4bb26b9206a03001d0241022200f85d72e463b406ffa282c34b5f0c2d6c2aacf210246af53d5bc7a0b7fa036e1cdb022200ea176c3d9a7fb355fb9fb7707e679b4acfb7bcb645b907e27cdf1764bc340971cd02212e13380342b3dd3083777abf7acc8988ad8a1406069b890f6efd63c57dae31394d022200c3602d3cf537e3cbbda93e072bd8f92965586aae8e5eb20ffc3c8e5fcb1c7b4d7902220098a04f18e48c689ad2f5b9bd404333def54cb2506cd0075c967a2968261e8b8f10")),
    1024: RSA.import_key(bytes.fromhex("3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24")),
}
hash_module = {
    256: Hash.SHA256,
    512: Hash.SHA512,
}

def print_test_case(remark, pub, kbits, hbits, input, output):
    key_hex = pub.hex()
    input_hex = input.hex()
    output_hex = output.hex()
    print(f"""\
PSA verify hash: RSA-{kbits} PSS SHA-{hbits}, {remark}
depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_{hbits}:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
verify_hash:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"{key_hex}":PSA_ALG_RSA_PSS(PSA_ALG_SHA_{hbits}):"{input_hex}":"{output_hex}"

PSA verify hash: RSA-{kbits} PSS-any-salt SHA-{hbits}, {remark}
depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_{hbits}:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
verify_hash:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"{key_hex}":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_{hbits}):"{input_hex}":"{output_hex}"
""")

def rand(n):
    return bytes(x & 0xff for x in range(n))

def test_case(kbits, hbits, slen):
    priv = key[kbits]
    pub_spki = priv.publickey().export_key('DER')
    pub_raw = PublicKey._expand_subject_public_key_info(pub_spki)[1]
    hash_op = hash_module[hbits].new(b'abc')
    digest = hash_op.copy().digest()
    output = pss.new(priv, salt_bytes=slen, rand_func=rand).sign(hash_op)
    print_test_case(f"slen={slen}", pub_raw, kbits, hbits, digest, output)

test_case(1024, 256, 0)
test_case(1024, 256, 31)
test_case(1024, 256, 32)
test_case(1024, 256, 94)
test_case(1024, 512, 61)
test_case(1024, 512, 62)
test_case(528, 512, 0)
```

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 tests/suites/test_suite_psa_crypto.data | 72 ++++++++++++++++++++++---
 1 file changed, 64 insertions(+), 8 deletions(-)

diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index 741a9bebee..40bd5eaae5 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -3634,13 +3634,61 @@ PSA verify hash: RSA PKCS#1 v1.5 SHA-256, wrong signature (leading junk)
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
 verify_hash_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"21a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_ERROR_INVALID_SIGNATURE
 
-PSA verify hash: RSA PSS SHA-256, good signature, 32 bytes (hash size)
+PSA verify hash: RSA-1024 PSS SHA-256, slen=0
 depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
-verify_hash:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"1967ae568cc071dfebeeca76b11d40bd1ec5af241c50b3dcceff21f4536c0693a7179a8d5d163a7625fefd37c161127800edeebc24fa73ca772096827bd3f75e8ccf2c64f07b7171b5c99022a4d73b760f34a385ccff0bd5ed7997d2a29d2847acb0767f93a2a404bc046c97de66d95dc9f7646fdb216b627b2ea0de8afcefb7"
+verify_hash:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"abc4b612c6b71e13fa5965b2e25ee6adec5b1f211b2db158e9f3c4547d6cbef909a73dfb474b8caaf6c8fcafa10ec0bbadfd1883289ce33ad08ad533c61ea004fef4d9b76a1efc267efd066ae8918cb8e994faad30ff5e340e14c941926ba7ca9422b86e8055df1c1b90a5959a59cc7a5fc15cbd0d848cd40f7857b7629b668b"
 
-PSA verify hash: RSA PSS-any-salt SHA-256, good signature, 32 bytes (hash size)
+PSA verify hash: RSA-1024 PSS-any-salt SHA-256, slen=0
 depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
-verify_hash:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"1967ae568cc071dfebeeca76b11d40bd1ec5af241c50b3dcceff21f4536c0693a7179a8d5d163a7625fefd37c161127800edeebc24fa73ca772096827bd3f75e8ccf2c64f07b7171b5c99022a4d73b760f34a385ccff0bd5ed7997d2a29d2847acb0767f93a2a404bc046c97de66d95dc9f7646fdb216b627b2ea0de8afcefb7"
+verify_hash:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"abc4b612c6b71e13fa5965b2e25ee6adec5b1f211b2db158e9f3c4547d6cbef909a73dfb474b8caaf6c8fcafa10ec0bbadfd1883289ce33ad08ad533c61ea004fef4d9b76a1efc267efd066ae8918cb8e994faad30ff5e340e14c941926ba7ca9422b86e8055df1c1b90a5959a59cc7a5fc15cbd0d848cd40f7857b7629b668b"
+
+PSA verify hash: RSA-1024 PSS SHA-256, slen=31
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+verify_hash:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"797914eadbbe8293a7b0fe29d2db9fb246b519128d46d3ec93142a1a08a2992ba5325ad9b5ce55344b37996dbb81eb89628263cae4e3fc0e947dec0b8b0c7b0ee94bca02dd287f9cc619e2d88fb2279fb2a8f8301271c58009bb1223f3cfa730cb852947685678cfdef2968c82a9b8bffd8c0d518476b1ea2a5ad6c100045d8e"
+
+PSA verify hash: RSA-1024 PSS-any-salt SHA-256, slen=31
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+verify_hash:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"797914eadbbe8293a7b0fe29d2db9fb246b519128d46d3ec93142a1a08a2992ba5325ad9b5ce55344b37996dbb81eb89628263cae4e3fc0e947dec0b8b0c7b0ee94bca02dd287f9cc619e2d88fb2279fb2a8f8301271c58009bb1223f3cfa730cb852947685678cfdef2968c82a9b8bffd8c0d518476b1ea2a5ad6c100045d8e"
+
+PSA verify hash: RSA-1024 PSS SHA-256, slen=32
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+verify_hash:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"6b201c50637962338d1b218c1d26f031205a0e3c47bc4c54856aa037e5a332d2981e80a51648e902e46046e5507a255c4c73f5ff40d5a54c0a11d2eca7804e1767b20ea12c945a23f5473181d379689c1ba634a2c47c0a8ec90c922ca6466ae9e9fb92871c9043b5858ae34828bceb4ead82db8f21a18ebe1d95b469bbdef1df"
+
+PSA verify hash: RSA-1024 PSS-any-salt SHA-256, slen=32
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+verify_hash:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"6b201c50637962338d1b218c1d26f031205a0e3c47bc4c54856aa037e5a332d2981e80a51648e902e46046e5507a255c4c73f5ff40d5a54c0a11d2eca7804e1767b20ea12c945a23f5473181d379689c1ba634a2c47c0a8ec90c922ca6466ae9e9fb92871c9043b5858ae34828bceb4ead82db8f21a18ebe1d95b469bbdef1df"
+
+PSA verify hash: RSA-1024 PSS SHA-256, slen=94
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+verify_hash:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"44a09fa66f1b2e790474960e90517e418747cfcd18423dff957516a598569d74f26ef1eae4a200d12d801e16fc6fde375330c79c0d8430825e0a7f69c664faefccfa25e7fbfc68af02af0f67fe4c49f68f6abc68c8f66d3fd77fc838961f4415827340c66e39c79ed7dae0738c08ce8272aebe50c72e31994b9b6db640b51800"
+
+PSA verify hash: RSA-1024 PSS-any-salt SHA-256, slen=94
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+verify_hash:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"44a09fa66f1b2e790474960e90517e418747cfcd18423dff957516a598569d74f26ef1eae4a200d12d801e16fc6fde375330c79c0d8430825e0a7f69c664faefccfa25e7fbfc68af02af0f67fe4c49f68f6abc68c8f66d3fd77fc838961f4415827340c66e39c79ed7dae0738c08ce8272aebe50c72e31994b9b6db640b51800"
+
+PSA verify hash: RSA-1024 PSS SHA-512, slen=61
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+verify_hash:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_512):"ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f":"23f5b30c8d612d8f31206c177ac2023c4f44754d03c7ff67daff99f24fa369b3e5f7c15b228a4417a1ff1c93fb8d645d619c2f4f559ac6c7f7bac20ba9df32353d19941265a4e74261adaf45d48682c0bc86cea6128f11ad172ff461fb1d97bded615861843996e2a98e7b8313b695519d001ae35305d6cbf3c0ee6c7ab06d1a"
+
+PSA verify hash: RSA-1024 PSS-any-salt SHA-512, slen=61
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+verify_hash:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_512):"ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f":"23f5b30c8d612d8f31206c177ac2023c4f44754d03c7ff67daff99f24fa369b3e5f7c15b228a4417a1ff1c93fb8d645d619c2f4f559ac6c7f7bac20ba9df32353d19941265a4e74261adaf45d48682c0bc86cea6128f11ad172ff461fb1d97bded615861843996e2a98e7b8313b695519d001ae35305d6cbf3c0ee6c7ab06d1a"
+
+PSA verify hash: RSA-1024 PSS SHA-512, slen=62
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+verify_hash:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_512):"ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f":"6b215d77cf88b2d08be53b4f3ac6e72ebfbf7e0dc6c1e77b238cfb661c247a011b8746709fbefe4bc05d37343391683e9489d720ecbb7df37f4e36967918958996939461703465c2014a4c12faf875f8def70070e55b765b165c7e9c6f2eb05c98351b1e82219c31a2fb3ddce05f8988f552ff92f0b3471f63c0e53824c550a4"
+
+PSA verify hash: RSA-1024 PSS-any-salt SHA-512, slen=62
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+verify_hash:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_512):"ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f":"6b215d77cf88b2d08be53b4f3ac6e72ebfbf7e0dc6c1e77b238cfb661c247a011b8746709fbefe4bc05d37343391683e9489d720ecbb7df37f4e36967918958996939461703465c2014a4c12faf875f8def70070e55b765b165c7e9c6f2eb05c98351b1e82219c31a2fb3ddce05f8988f552ff92f0b3471f63c0e53824c550a4"
+
+PSA verify hash: RSA-528 PSS SHA-512, slen=0
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+verify_hash:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"304a024300e31c246d46485984261fd174cab3d4357344602ecd793c47dbe54252d37bb350bc634359b19515542080e4724a4b672291be57c7648f51629eaef234e847d99cc65f0203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_512):"ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f":"a14ad0fef77d36c28658a66129ee632e40e1032003eefe7fcda8e52b06675a051c80b2ca1cb99ed0762e90c9a48c434cd1063638eed7895a9c770e5435af750a1955"
+
+PSA verify hash: RSA-528 PSS-any-salt SHA-512, slen=0
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+verify_hash:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"304a024300e31c246d46485984261fd174cab3d4357344602ecd793c47dbe54252d37bb350bc634359b19515542080e4724a4b672291be57c7648f51629eaef234e847d99cc65f0203010001":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_512):"ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f":"a14ad0fef77d36c28658a66129ee632e40e1032003eefe7fcda8e52b06675a051c80b2ca1cb99ed0762e90c9a48c434cd1063638eed7895a9c770e5435af750a1955"
 
 PSA verify hash: RSA PSS SHA-256, wrong hash length (0 bytes)
 depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
@@ -3842,13 +3890,21 @@ PSA verify message with keypair: RSA PKCS#1 v1.5 SHA-256, good signature
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
 verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"616263":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311"
 
-PSA verify message: RSA PSS SHA-256, good signature, 0 bytes
+PSA verify message: RSA-1024 PSS SHA-256, slen=0
 depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
-verify_message:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"":"50c06249deb97228e277b51d3e3542a6e5c140d6f6d1cb8a3dff53b5ce6e6fcb39d0767703174135208adf5d75399dd7525702b275153e7605ec38b65d33337bb9bbeb8c392ee22e3e9c0dafa43074a8205e17df2106bedd7bf6f1ada702aeb2ce04864c0ca9ec31964f9a957d8ebb9abc82454ad37c541e9b4d9842436c14a4"
+verify_message:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"616263":"abc4b612c6b71e13fa5965b2e25ee6adec5b1f211b2db158e9f3c4547d6cbef909a73dfb474b8caaf6c8fcafa10ec0bbadfd1883289ce33ad08ad533c61ea004fef4d9b76a1efc267efd066ae8918cb8e994faad30ff5e340e14c941926ba7ca9422b86e8055df1c1b90a5959a59cc7a5fc15cbd0d848cd40f7857b7629b668b"
 
-PSA verify message: RSA PSS-any-salt SHA-256, good signature, 0 bytes
+PSA verify message: RSA-1024 PSS-any-salt SHA-256, slen=0
 depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
-verify_message:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):"":"50c06249deb97228e277b51d3e3542a6e5c140d6f6d1cb8a3dff53b5ce6e6fcb39d0767703174135208adf5d75399dd7525702b275153e7605ec38b65d33337bb9bbeb8c392ee22e3e9c0dafa43074a8205e17df2106bedd7bf6f1ada702aeb2ce04864c0ca9ec31964f9a957d8ebb9abc82454ad37c541e9b4d9842436c14a4"
+verify_message:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):"616263":"abc4b612c6b71e13fa5965b2e25ee6adec5b1f211b2db158e9f3c4547d6cbef909a73dfb474b8caaf6c8fcafa10ec0bbadfd1883289ce33ad08ad533c61ea004fef4d9b76a1efc267efd066ae8918cb8e994faad30ff5e340e14c941926ba7ca9422b86e8055df1c1b90a5959a59cc7a5fc15cbd0d848cd40f7857b7629b668b"
+
+PSA verify message: RSA-1024 PSS SHA-256, slen=32
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+verify_message:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"616263":"6b201c50637962338d1b218c1d26f031205a0e3c47bc4c54856aa037e5a332d2981e80a51648e902e46046e5507a255c4c73f5ff40d5a54c0a11d2eca7804e1767b20ea12c945a23f5473181d379689c1ba634a2c47c0a8ec90c922ca6466ae9e9fb92871c9043b5858ae34828bceb4ead82db8f21a18ebe1d95b469bbdef1df"
+
+PSA verify message: RSA-1024 PSS-any-salt SHA-256, slen=32
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+verify_message:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):"616263":"6b201c50637962338d1b218c1d26f031205a0e3c47bc4c54856aa037e5a332d2981e80a51648e902e46046e5507a255c4c73f5ff40d5a54c0a11d2eca7804e1767b20ea12c945a23f5473181d379689c1ba634a2c47c0a8ec90c922ca6466ae9e9fb92871c9043b5858ae34828bceb4ead82db8f21a18ebe1d95b469bbdef1df"
 
 PSA verify message: RSA PSS SHA-256, good signature, 32 bytes (hash size)
 depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C

From b9b817e9777b30ab913fb1a3c0cad7f9c3d7a476 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Mon, 4 Oct 2021 22:15:05 +0200
Subject: [PATCH 678/966] Fix PSA_ALG_RSA_PSS verification accepting an
 arbitrary salt length

PSA_ALG_RSA_PSS algorithm now accepts only the same salt length for
verification that it produces when signing, as documented.

Fixes #4946.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 ChangeLog.d/psa_alg_rsa_pss.txt         |  5 ++++
 library/psa_crypto_rsa.c                | 34 +++++++++++++++++++++----
 tests/suites/test_suite_psa_crypto.data | 28 ++++++++++++--------
 3 files changed, 52 insertions(+), 15 deletions(-)
 create mode 100644 ChangeLog.d/psa_alg_rsa_pss.txt

diff --git a/ChangeLog.d/psa_alg_rsa_pss.txt b/ChangeLog.d/psa_alg_rsa_pss.txt
new file mode 100644
index 0000000000..5c6048fe6c
--- /dev/null
+++ b/ChangeLog.d/psa_alg_rsa_pss.txt
@@ -0,0 +1,5 @@
+Bugfix
+   * Fix PSA_ALG_RSA_PSS verification accepting an arbitrary salt length.
+     This algorithm now accepts only the same salt length for verification
+     that it produces when signing, as documented. Use the new algorithm
+     PSA_ALG_RSA_PSS_ANY_SALT to accept any salt length. Fixes #4946.
diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c
index 2c357c91ce..7ee15ea077 100644
--- a/library/psa_crypto_rsa.c
+++ b/library/psa_crypto_rsa.c
@@ -453,6 +453,27 @@ exit:
     return( status );
 }
 
+#if defined(BUILTIN_ALG_RSA_PSS)
+static int rsa_pss_expected_salt_len( psa_algorithm_t alg,
+                                      const mbedtls_rsa_context *rsa,
+                                      size_t hash_length )
+{
+    if( PSA_ALG_IS_RSA_PSS_ANY_SALT( alg ) )
+        return( MBEDTLS_RSA_SALT_LEN_ANY );
+    /* Otherwise: standard salt length, i.e. largest possible salt length
+     * up to the hash length. */
+    int klen = (int) (int) mbedtls_rsa_get_len( rsa ); // known to fit
+    int hlen = (int) hash_length; // known to fit
+    int room = klen - 2 - hlen;
+    if( room < 0 )
+        return( 0 ); // there is no valid signature in this case anyway
+    else if( room > hlen )
+        return( hlen );
+    else
+        return( room );
+}
+#endif
+
 static psa_status_t rsa_verify_hash(
     const psa_key_attributes_t *attributes,
     const uint8_t *key_buffer, size_t key_buffer_size,
@@ -503,11 +524,14 @@ static psa_status_t rsa_verify_hash(
         ret = mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg );
         if( ret == 0 )
         {
-            ret = mbedtls_rsa_rsassa_pss_verify( rsa,
-                                                 md_alg,
-                                                 (unsigned int) hash_length,
-                                                 hash,
-                                                 signature );
+            int slen = rsa_pss_expected_salt_len( alg, rsa, hash_length );
+            ret = mbedtls_rsa_rsassa_pss_verify_ext( rsa,
+                                                     md_alg,
+                                                     (unsigned) hash_length,
+                                                     hash,
+                                                     md_alg,
+                                                     slen,
+                                                     signature );
         }
     }
     else
diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index 40bd5eaae5..e189d0f4fa 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -3634,17 +3634,17 @@ PSA verify hash: RSA PKCS#1 v1.5 SHA-256, wrong signature (leading junk)
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
 verify_hash_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"21a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_ERROR_INVALID_SIGNATURE
 
-PSA verify hash: RSA-1024 PSS SHA-256, slen=0
+PSA verify hash: RSA-1024 PSS SHA-256, slen=0 (bad)
 depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
-verify_hash:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"abc4b612c6b71e13fa5965b2e25ee6adec5b1f211b2db158e9f3c4547d6cbef909a73dfb474b8caaf6c8fcafa10ec0bbadfd1883289ce33ad08ad533c61ea004fef4d9b76a1efc267efd066ae8918cb8e994faad30ff5e340e14c941926ba7ca9422b86e8055df1c1b90a5959a59cc7a5fc15cbd0d848cd40f7857b7629b668b"
+verify_hash_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"abc4b612c6b71e13fa5965b2e25ee6adec5b1f211b2db158e9f3c4547d6cbef909a73dfb474b8caaf6c8fcafa10ec0bbadfd1883289ce33ad08ad533c61ea004fef4d9b76a1efc267efd066ae8918cb8e994faad30ff5e340e14c941926ba7ca9422b86e8055df1c1b90a5959a59cc7a5fc15cbd0d848cd40f7857b7629b668b":PSA_ERROR_INVALID_SIGNATURE
 
 PSA verify hash: RSA-1024 PSS-any-salt SHA-256, slen=0
 depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
 verify_hash:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"abc4b612c6b71e13fa5965b2e25ee6adec5b1f211b2db158e9f3c4547d6cbef909a73dfb474b8caaf6c8fcafa10ec0bbadfd1883289ce33ad08ad533c61ea004fef4d9b76a1efc267efd066ae8918cb8e994faad30ff5e340e14c941926ba7ca9422b86e8055df1c1b90a5959a59cc7a5fc15cbd0d848cd40f7857b7629b668b"
 
-PSA verify hash: RSA-1024 PSS SHA-256, slen=31
+PSA verify hash: RSA-1024 PSS SHA-256, slen=31 (bad)
 depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
-verify_hash:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"797914eadbbe8293a7b0fe29d2db9fb246b519128d46d3ec93142a1a08a2992ba5325ad9b5ce55344b37996dbb81eb89628263cae4e3fc0e947dec0b8b0c7b0ee94bca02dd287f9cc619e2d88fb2279fb2a8f8301271c58009bb1223f3cfa730cb852947685678cfdef2968c82a9b8bffd8c0d518476b1ea2a5ad6c100045d8e"
+verify_hash_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"797914eadbbe8293a7b0fe29d2db9fb246b519128d46d3ec93142a1a08a2992ba5325ad9b5ce55344b37996dbb81eb89628263cae4e3fc0e947dec0b8b0c7b0ee94bca02dd287f9cc619e2d88fb2279fb2a8f8301271c58009bb1223f3cfa730cb852947685678cfdef2968c82a9b8bffd8c0d518476b1ea2a5ad6c100045d8e":PSA_ERROR_INVALID_SIGNATURE
 
 PSA verify hash: RSA-1024 PSS-any-salt SHA-256, slen=31
 depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
@@ -3658,17 +3658,17 @@ PSA verify hash: RSA-1024 PSS-any-salt SHA-256, slen=32
 depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
 verify_hash:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"6b201c50637962338d1b218c1d26f031205a0e3c47bc4c54856aa037e5a332d2981e80a51648e902e46046e5507a255c4c73f5ff40d5a54c0a11d2eca7804e1767b20ea12c945a23f5473181d379689c1ba634a2c47c0a8ec90c922ca6466ae9e9fb92871c9043b5858ae34828bceb4ead82db8f21a18ebe1d95b469bbdef1df"
 
-PSA verify hash: RSA-1024 PSS SHA-256, slen=94
+PSA verify hash: RSA-1024 PSS SHA-256, slen=94 (bad)
 depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
-verify_hash:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"44a09fa66f1b2e790474960e90517e418747cfcd18423dff957516a598569d74f26ef1eae4a200d12d801e16fc6fde375330c79c0d8430825e0a7f69c664faefccfa25e7fbfc68af02af0f67fe4c49f68f6abc68c8f66d3fd77fc838961f4415827340c66e39c79ed7dae0738c08ce8272aebe50c72e31994b9b6db640b51800"
+verify_hash_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"44a09fa66f1b2e790474960e90517e418747cfcd18423dff957516a598569d74f26ef1eae4a200d12d801e16fc6fde375330c79c0d8430825e0a7f69c664faefccfa25e7fbfc68af02af0f67fe4c49f68f6abc68c8f66d3fd77fc838961f4415827340c66e39c79ed7dae0738c08ce8272aebe50c72e31994b9b6db640b51800":PSA_ERROR_INVALID_SIGNATURE
 
 PSA verify hash: RSA-1024 PSS-any-salt SHA-256, slen=94
 depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
 verify_hash:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"44a09fa66f1b2e790474960e90517e418747cfcd18423dff957516a598569d74f26ef1eae4a200d12d801e16fc6fde375330c79c0d8430825e0a7f69c664faefccfa25e7fbfc68af02af0f67fe4c49f68f6abc68c8f66d3fd77fc838961f4415827340c66e39c79ed7dae0738c08ce8272aebe50c72e31994b9b6db640b51800"
 
-PSA verify hash: RSA-1024 PSS SHA-512, slen=61
+PSA verify hash: RSA-1024 PSS SHA-512, slen=61 (bad)
 depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
-verify_hash:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_512):"ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f":"23f5b30c8d612d8f31206c177ac2023c4f44754d03c7ff67daff99f24fa369b3e5f7c15b228a4417a1ff1c93fb8d645d619c2f4f559ac6c7f7bac20ba9df32353d19941265a4e74261adaf45d48682c0bc86cea6128f11ad172ff461fb1d97bded615861843996e2a98e7b8313b695519d001ae35305d6cbf3c0ee6c7ab06d1a"
+verify_hash_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_512):"ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f":"23f5b30c8d612d8f31206c177ac2023c4f44754d03c7ff67daff99f24fa369b3e5f7c15b228a4417a1ff1c93fb8d645d619c2f4f559ac6c7f7bac20ba9df32353d19941265a4e74261adaf45d48682c0bc86cea6128f11ad172ff461fb1d97bded615861843996e2a98e7b8313b695519d001ae35305d6cbf3c0ee6c7ab06d1a":PSA_ERROR_INVALID_SIGNATURE
 
 PSA verify hash: RSA-1024 PSS-any-salt SHA-512, slen=61
 depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
@@ -3690,6 +3690,14 @@ PSA verify hash: RSA-528 PSS-any-salt SHA-512, slen=0
 depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
 verify_hash:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"304a024300e31c246d46485984261fd174cab3d4357344602ecd793c47dbe54252d37bb350bc634359b19515542080e4724a4b672291be57c7648f51629eaef234e847d99cc65f0203010001":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_512):"ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f":"a14ad0fef77d36c28658a66129ee632e40e1032003eefe7fcda8e52b06675a051c80b2ca1cb99ed0762e90c9a48c434cd1063638eed7895a9c770e5435af750a1955"
 
+PSA verify hash: RSA-520 PSS SHA-512 (hash too large)
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+verify_hash_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"3049024200d5a06f86e5b9d87428540165ca966fa8893a62e2a59d0bfd7617780bb039f9165a373a8e119d0766f8de556710f33f67019153bad8223775e797d451d48206f3bf0203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_512):"ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f":"deaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddead42":PSA_ERROR_INVALID_ARGUMENT
+
+PSA verify hash: RSA-520 PSS-any-salt SHA-512 (hash too large)
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+verify_hash_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"3049024200d5a06f86e5b9d87428540165ca966fa8893a62e2a59d0bfd7617780bb039f9165a373a8e119d0766f8de556710f33f67019153bad8223775e797d451d48206f3bf0203010001":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_512):"ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f":"deaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddead42":PSA_ERROR_INVALID_ARGUMENT
+
 PSA verify hash: RSA PSS SHA-256, wrong hash length (0 bytes)
 depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
 verify_hash_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"":"34c011b625c32d992f4ab8fcfa52b616ea66270b5b75a4fc71af712f9b8806bcdd374ce50eafcbb489562b93347885f93c2de1d404c45cacccefceb112ff6ffdfe4264f91d66320bbbe09304b851b8ad6280bbccc571eebcd49c7db5dfa399a6289e1978407904598751613d9870770cdd8507e3dc7b46851dbf05ae1df2988d":PSA_ERROR_INVALID_ARGUMENT
@@ -3890,9 +3898,9 @@ PSA verify message with keypair: RSA PKCS#1 v1.5 SHA-256, good signature
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
 verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"616263":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311"
 
-PSA verify message: RSA-1024 PSS SHA-256, slen=0
+PSA verify message: RSA-1024 PSS SHA-256, slen=0 (bad)
 depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
-verify_message:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"616263":"abc4b612c6b71e13fa5965b2e25ee6adec5b1f211b2db158e9f3c4547d6cbef909a73dfb474b8caaf6c8fcafa10ec0bbadfd1883289ce33ad08ad533c61ea004fef4d9b76a1efc267efd066ae8918cb8e994faad30ff5e340e14c941926ba7ca9422b86e8055df1c1b90a5959a59cc7a5fc15cbd0d848cd40f7857b7629b668b"
+verify_message_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"616263":"abc4b612c6b71e13fa5965b2e25ee6adec5b1f211b2db158e9f3c4547d6cbef909a73dfb474b8caaf6c8fcafa10ec0bbadfd1883289ce33ad08ad533c61ea004fef4d9b76a1efc267efd066ae8918cb8e994faad30ff5e340e14c941926ba7ca9422b86e8055df1c1b90a5959a59cc7a5fc15cbd0d848cd40f7857b7629b668b":PSA_ERROR_INVALID_SIGNATURE
 
 PSA verify message: RSA-1024 PSS-any-salt SHA-256, slen=0
 depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C

From 575f23c3d5bad874a03b3def02fa68a5458cdc9b Mon Sep 17 00:00:00 2001
From: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
Date: Wed, 6 Oct 2021 11:31:49 +0200
Subject: [PATCH 679/966] add client/server opaque test

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
---
 tests/ssl-opt.sh | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index d6fef13013..7d0b31381f 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -1459,6 +1459,23 @@ run_test    "Opaque key for server authentication" \
             -S "error" \
             -C "error"
 
+# Test using an opaque private key for client/server authentication
+requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
+requires_config_enabled MBEDTLS_ECDSA_C
+requires_config_enabled MBEDTLS_SHA256_C
+run_test    "Opaque key for client/server authentication" \
+            "$P_SRV auth_mode=required key_opaque=1" \
+            "$P_CLI key_opaque=1 crt_file=data_files/server5.crt \
+             key_file=data_files/server5.key" \
+            0 \
+            -c "key type: Opaque" \
+            -c "Verifying peer X.509 certificate... ok" \
+            -s "key type: Opaque" \
+            -s "Verifying peer X.509 certificate... ok" \
+            -S "error" \
+            -C "error"
+
 # Test ciphersuites which we expect to be fully supported by PSA Crypto
 # and check that we don't fall back to Mbed TLS' internal crypto primitives.
 run_test_psa TLS-ECDHE-ECDSA-WITH-AES-128-CCM

From c0fe820dc9f79050189b1d02fbe0922dd5875b86 Mon Sep 17 00:00:00 2001
From: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
Date: Thu, 7 Oct 2021 11:08:56 +0200
Subject: [PATCH 680/966] psa_generate_key(): return PSA_ERROR_INVALID_ARGUMENT
 for public key

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
---
 library/psa_crypto.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index ece64b100d..59c267827a 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -5703,6 +5703,10 @@ psa_status_t psa_generate_key( const psa_key_attributes_t *attributes,
     if( psa_get_key_bits( attributes ) == 0 )
         return( PSA_ERROR_INVALID_ARGUMENT );
 
+    /* Reject any attempt to create a public key. */
+    if( PSA_KEY_TYPE_IS_PUBLIC_KEY(attributes->core.type) )
+        return( PSA_ERROR_INVALID_ARGUMENT );
+
     status = psa_start_key_creation( PSA_KEY_CREATION_GENERATE, attributes,
                                      &slot, &driver );
     if( status != PSA_SUCCESS )

From 770153e83665426606a19ed8a4b8755211dfda74 Mon Sep 17 00:00:00 2001
From: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
Date: Thu, 7 Oct 2021 11:12:41 +0200
Subject: [PATCH 681/966] Add change-log entry

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
---
 ChangeLog.d/fix-psa_gen_key-status.txt | 2 ++
 1 file changed, 2 insertions(+)
 create mode 100644 ChangeLog.d/fix-psa_gen_key-status.txt

diff --git a/ChangeLog.d/fix-psa_gen_key-status.txt b/ChangeLog.d/fix-psa_gen_key-status.txt
new file mode 100644
index 0000000000..c46bd6f01f
--- /dev/null
+++ b/ChangeLog.d/fix-psa_gen_key-status.txt
@@ -0,0 +1,2 @@
+Bugfix
+   * Fix status ret by psa_generate_key() for public key. Fixes #4551.

From db0ed7c57999ddc2f50c841a6df94ef242599876 Mon Sep 17 00:00:00 2001
From: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
Date: Thu, 7 Oct 2021 15:11:32 +0200
Subject: [PATCH 682/966] ssl_server2.c: fix build err (key_slot - unused
 variable)

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
---
 programs/ssl/ssl_server2.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index abc9b5f5d4..68e92b7121 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -1325,7 +1325,7 @@ int main( int argc, char *argv[] )
     mbedtls_pk_context pkey;
     mbedtls_x509_crt srvcert2;
     mbedtls_pk_context pkey2;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_USE_PSA_CRYPTO)
     psa_key_id_t key_slot = 0; /* invalid key slot */
 #endif
     int key_cert_init = 0, key_cert_init2 = 0;

From 4086159910dfc1cf95fab62d9b3d94906d87982c Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Thu, 7 Oct 2021 19:12:44 +0200
Subject: [PATCH 683/966] Remove obsolete specification draft

See https://armmbed.github.io/mbed-crypto/psa/#hardware-abstraction-layer
instead.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 docs/.gitignore                   |   1 -
 docs/PSACryptoDriverModelSpec.pdf | Bin 565092 -> 0 bytes
 2 files changed, 1 deletion(-)
 delete mode 100644 docs/PSACryptoDriverModelSpec.pdf

diff --git a/docs/.gitignore b/docs/.gitignore
index 33ae5acf64..23f832b734 100644
--- a/docs/.gitignore
+++ b/docs/.gitignore
@@ -1,3 +1,2 @@
 *.html
 *.pdf
-!PSACryptoDriverModelSpec.pdf
diff --git a/docs/PSACryptoDriverModelSpec.pdf b/docs/PSACryptoDriverModelSpec.pdf
deleted file mode 100644
index cf11380e840184071cdf3b55ae11d7f67b389e8e..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 565092
zcmeFYWppL6vMy$3W@ct)W@ct)W@e9>Va&|T%*-A$Gc(&`d$yf9_ucz)lXF(yN&Y1(
zTK%J1t-V{SmOj;2r6N}nlb~m2V22_9wLH2G!$QPF<Y;08!^a21sOIftPQ<8aVx#J2
z55uTH#LUD5!zf|x;_61k#rjv2Gk36bvm#<<;btQGkMfVFc5db_M2r%4#%|_f=BAEj
z<}d;RFs^Pc=En9gUYjf0@`}e2NWJs*6-T$=UDY3|I<=`_)KkP$!Tc`4#u!RXpvFe6
z?{D7h%0Bn;&ReFq>!9|mJGWJD2Hpk>S}e!XaNtd=$`n_4+M;ynHAs+ylw?C@q|yWA
zNz-z6lg+wJs)<6^)L?obqp=Yz<hu?wab$e4wj+1z84p2Xdj1r0+QxR}Nk!URcDD~T
zPaP7n2-M;aP!YDV$Bl+#CJ6u+lt%>Z^RuK3dy4!-cR4h=M$=}YCa5DSuW)23R5=JK
z);b_Gc$E>Pa4={UFom(Qbrmk%=qw+mR5}&T9x17vGa+atkYq(*q##P_RG?cp?$G0b
zAl4035nhGge95RvDZneVT%dLWqv7mw3?P;4LYXy>Xh57HP@sGeGrCp>8%8iodBPD>
z$K+S=4ZP|QSzd&~DOD(TT0xfEM9N6;0b1CI$E+l}OmG?vh0%4sT2N?oV2w&t6B_A}
z*<gJSviCgTyP`}U#)T@8N=qQpQXgDyFxX_;Q0Q?*K`O|L2NF~)NLr=pL}+27@EMIt
zv^=#86X?AUu&}*C5M@MIBtn3Kmt$nu<WV>Rdo}LIHYO$0EE+Xg1zE@@a>y=wHEWcz
zMAc{$430{v0sBFzDJZK#eU2>Rk?E<%aGy+e(TRvw1zUI(n;%d)g*6)Z=7_0q1kLjv
z4+o(5`HK(r?fDKDzr%Lv>*wzXG~Og%`ThTNczIGV?^EVso7Ny$j$!wHl@04eK;qxJ
zcdQ(!L`dSNo4=OL)a?o4CcTk9E=BgYhy9j~Q1><XX@0vE@N3rQ-O06E;E<zWt3lE?
zu^V-rFG22AbYdw^(T$7IE>|#@*Iwlheq(~U2^{pIL`X{tlXe}xUnjtB`(B2Nx;ou_
z<!6)4PM8wo()Xl`y;-M6)7P(qI<WWd<HpU<Cqhc|^}7B|-4E3b<LrBP*qrQ;4)pb<
zodD~{4jW*A*8`X*;_*D%Ox5J8ylUh0>q~aXaUY-Cnre;3?l$Ay*xD>5{uecKezkVo
zvwlM#8~+o#>l$6iw8+4k%HUae=GGj{7F%cFHuE|n6e9Q#EAWPSz(&pW3J@C$THH+7
zscYq)d*@c_TPGzBCt92@I-B8i*N*I;&K@29#*acRfSgu)zJ99vTPcDs2()N$SZ0tO
zd#)+vFXMU*ylC3FFk7!qbi7<ckI&TxQ(OJTy;AqR!x_P>J<ZtIy{bJ|L~6<>-&@5c
zw196Xtqb~W@J8SMe)xBYqu}LuJ7|Ovp0bMro$P^>HfTr^yd8Mw+Q5D3&j?WCc!!jZ
zRi68j+F?2-$u~tkTVAilwj&{wF*Xf7TOqGSh-0BJ{@{{Ap+#9x>;)6|fYzz|l$0fu
zSJ@}Gv%<_>mwMPucFZ+-u51}s;vEM@$5!fOhqH9)Y?4ZLah5u29S<3<z0AmE93t#B
zAo<9vGP_OGpKzn(jG?w}&7`dsl4I<=rUP*f&Lyjd6CD_qa2?Ef46SwIWA5~(PPJ1I
znCjzKbbOo#g+ueB@*dxhznk-K)N_g-5fR@s@atWQjwsxFF0G@ommUmW)Czp|4^P=f
zHMz)~*xTJ)yH41GAX_2pP753qApL7aQ8b%1ILll6Rx_ijvFo#!ybKSY3xsaa)(E{!
z0#)wy*$I8lpVmt6IFP?JdRIMpgYuVc{by|fT=l&SsNI~FIMvVW)z3#YP4rI;<)4_V
zIJy8Ba|g5k1jWD7KLD47iS^%vUM}|k9eP>0S^iz<oz;<7B;`ixJ=6Tn<qF+4?Xj_F
zRkFg8HEh$mIEU8>hJw`s*FaWqvUgW~eHc&d*3DZ>hSIU~<yUW@-q}59Q{B?ULuKh~
zY+j_iS}=)HC!s9V?L1{2QLULrQm5=ahLwT_iEWEcnKzMh%rpm)W`-a0(lQRTSV2}J
zCV@?>f1FCZ5!%DDE2Ak!Zp1-u&Siuv1cJxkh;YOvq=l)JG}L$<;%?@i&9r_r#+?uy
z8>97WI*!fvLV+y237M=mF`7Z%jz~Of0X>8SG=QUl1O<gi3at?{2E8N(pQee`R~#-Q
zos@>oG`Wb(t%11|XeP;sl@@oX4aatUf~ko}4hMaE!z|Txh-7d;0g0mi7mz~1@v3iW
z30`r2L28T{MM<N}q7Y>jITkcrDklOH^Aheg98D2gml69NP@WiX0=V?Zld=wq8d=N0
zN8W~_7$RbG0eJyPFBA*}J+0_q0jZJDAkb%Yl2X*-i8@hGM5~$;8ND<(BNGq<80?G^
z6Idc?BqkOpw2}yjQ%J};Fuv5NPKJmu2M8QYQ@A%YOw&F&)da&>t8UZJv_c|N932oE
z5hNIwuni~}mt=P%K*eZgq0zEdUV)Kbb5Mw~8xa*&E);CFIF_>r5mI9>3S}hSEzqpV
zBT1`<l28c;4R$8N_M}dwSDMuh3Nl;+6|fA<U<_}?$fkmTzY68v^5k0go#*ATn!lDn
z-t_#TiMziiue+*XtLjIEKwzF97b(K;6V}?+6cd{8dG>5uve8Trow_#_y3!13=AVbc
z(UjBy$MNQU{xeIbou1^QCi<UR;F~YtHy)t=)T6Cv?VYR78X>R#!k;@r^^WtU9n+zj
zcL%dlqPSBHQRfM8w!KSx+B>7C6^1Momec{KCP@!`X4wXIbAQ<1_|I}RGUwE9b5C~J
zZ_aLP*ucumQVzQ;I0kdl6D_eH<!>__3HxV8aPr`PUdf%ep|;l!+jBbmG2Xlp7C8it
zTC`d;ZNabJ);I4OIImsWPxJkzk-VsiFT0UlB8Wd#tz%zeczR3=t7J6h!8;JwcslI0
zQ<~g-F~30=_sO&E)w1l{9!uLRiJ*wtwIG3Si%^MJQKs~CnAh>Enatf<LQ2Tm?xgK}
z>Pz{w$-qUJ`Pfc-@!r!8B>K)x0KMfw@Y)+66q1c~Rd8D49{d!bgvc^o10`$2Chp?~
z?mOPJ-hma7<cPhwpeC@zNVu^kkIx!4)x=03HG2@>=uU`eT~EtBg4*cBtk*B5Zf%rq
zU0~Z+t{v7_?fxz?g>PQICA3~<lGQg(A46;oB?zgc{aXC};8|cgcg~S#i~K^-$awOK
zXnyIni}%qQ)=dTd>gH9vrQaaz6MF#j+y?o<9HP;7ZQdkY*nRF1p}7}pYw8rYhcM(Q
zIU1<$Gw(fVwt;WFLxKkJO@F5;wsdE1lacl-;Fb3^HdCXBXUd8NJ>GaMjzSe(-lE;g
zCJ>@~PGryVJ!Z_XbgPDjdqX(KM{K<(^;<oI{|+b@LbyC{@*qD6{uZLp!?dt(Ucf!i
zw9R|1ZhyJq!UJD7X-%QsZ@}B<joR4NA_eZu(SWFK>a0|lyNP1|X5n-q>sQ;+sTA*x
zWs@-XV_M9dZ}+^ocQ=h`*~i0(0;E=l<KuSbb(7o3sUV^a^&(NU8xp^x%fqE1O;&q+
zw!rod(XB(m_Fit|`S23r;l<lTGeB-@=;?6$I-u2SU1GLhx~G{%x&PUpHeZuqnsG7V
z1X`8O>t}?31FzRd59oJ&>R!5*zxo#+>xeF!xApET{b6Z6!28*JxoX#nvG{8yMlZeZ
z{_<1)Q_}^jbcha;C-)ot_Be3vp8=kYiS7RZz_YM({<{GG*S2=V<%aA1)I49;Ly;yE
zhgW(=yWVa0ogp{0k2@{K<sI}11PCZ7Z=iPL$R~p=iJEznB_;SBHcJ>Q&hfrpN<Ad$
z|C)1#Vi*gWKc|8c7)>(bBO5oFXQoU!I?sg}Bjvt13?c1~XTn%<kM2Z%6`6>qE=bvr
zEP`DqODsq+j!A|s;aKi8BFOB8J#5T@#-D?=@E~r4r{<YDA8^6!ABNTk!H8n`0mKW0
z21?OHCYE#{%YzAxgat+73p5r2WeTfsUGyv(9Y3Tn#Xte8krcLU+&R=_Ay(Ls1I>V>
zdrb!|rE!gtZh1G+{A^8}Z_Lf=vW7_9UKnbgQ6MnDP%x~uOWeOm9E||25XSvm1V#{U
zJT;W(p&{o%YXHqX74s0eUy@`L*E~|FrxYtpx*<$P0@492DSClYDi_NWx}an{ZW((0
zC^lA_%?Sk)<ZFE>X`PqC&1f35>_iI0xRX0xi`YnsB$?hwX{Inp7<q);NGaJEB2<co
z9t=)KLJ!2Gq`70j=&{c*8levwOKz}W$O;Am9j**Y1q_a2D+&Yx6&H>vgR3;0=&R&!
zy@_pxrPka;SJ2=xF$HkwC8{5AFoc=xK!HRkFa-NhPmnPAFf2q`6CD^-YAa;Cef%G2
ztYtH8@X)LeB_r)w7OZ8vbmTURX)LT|1SRCs>0RB9u=wAjpKrIv#k}uNUw6KqE|<Ht
z1dJMMKd(*zJB@e|M_$JQep)@er1HO)SnqnZT<zqkdaY(NEgka%wVGQ_H?weU>pUoP
zbX*;0OW6}vx6|J}S8Hmy8GFsOoju)<9$A;ijX`d2nhAmW;Rm0o2x~S{7u<2<xzHuI
zhn>|2S`Mk8s&?P_Yh@Pai9$y`?;fn*9=tPqskiN+^?r&^hkT4reIC}dKPVo2`*^PU
zU~Y~V&W@Y7GF{c19IIaN;}tx7RP>!lw#_MW%v>=2enR;pkKMt;7syWL(MjHBy?3`C
zZ{K05Ue(CI*Q%nAKAum>6|ahar#Z9aR8K$swbdeAP>FPYV?O0{uZH(0oke{Xq*t$u
zAp-ryTx!*kR9cM@IjfpXxp&AaFImj=A6JWd@i)!0z#De?$Dhf&xAaE=*1gT1CAB-Y
z(_X~^)ojnaOMk-vf(Vfo@_uFj3wp@4@Nc!DKH6RZYQs&Ul1ijSf-r&Wn5G><oIsG7
zZiSb+h`{KNqMnLL|1|r6&TYZ!?})+<M~k9UJx$EK>MU3NLa#iVIa8ZCdB_<{^<D>8
zymFr1pU?B6yNqo}J`T3#8tQD`-kJXNi5$Mo`S{`a0aM#@(aM+EqNh5sr1h^X^Co!y
z-RZCGy%*y-3!Y}yRTI-F5AxO?3b^50UmNncbXhPlH1&q_Q+HkPAd2Aw5rJRd^oCcI
ziHAKtm(q?5s_o_g{R?~X*IyR-!E&WO8zr4nYE_teS><x2%$YJbmOr+}T)2RU6~dLe
zc?|HmFdR3XeyQO-^O$o11(%CtkSGjmPQ)~w^cfngl~jLBl`#IStCav4c%JDn;^tP%
zS@*8G<*}5S{^N4z=1ZuLaBm9O&`*z-{`oc4O^1(4XOB{|woP%7VPu_R)O*SyJ<ibb
zoQA1W57>){*Y~`r@3~!UykfBLy4_5=;K=u`n%8^c9vl2dRcSZ=XJqAI{_kFk|MW_*
zu(AIS;3WEAdnMu$<z+{N;C|cz(7D?pqEg;veD(A-k-*%~$_UaOG+{35N};}dmlUeI
ziKswRdWfHnbCImL!A2lzUyX7G2M{jTuK7h*YiKh<c+!Tu8>izcvte;$y?z|@O<5KF
zr3~@E&zO02m7!NnD?o&|qhKdz6Jk2TBmBJkwMGxA4J>_tU|(4RQUV|RDJ^gR(0&aY
z0l8S|Gff&r*$v{3Ep8p(dGu1HlFu=A&5QOczBkzl!k|8u$$m&&lC;mtE?$LN&1HA_
zFR!j-_wDq<2c`zYiD`KYBGm9T!4~9T_*&>lwQszHAm^zma=5k>GE$eA_5BMivM~L(
z{pr7aJFIN~wia2{n1Dn?!9`t3`AtDp!AVg``B`02!;kgqL>Ty8L0v&*!Kq4Prob;i
zt66|q<&8ifd@x`xV2BoTr;%*B7-qcm$)0jWI-Ymn=+R>3UuNiL;m}1EgX(~q;*jc~
zq?IFAouFOZU>9QH9}Zc7u;JKN*})uGFgzhah~>x`aDc2Gn7seRu-G~Nd03pB|GBIF
z8<XSa@3y)rgw*>)`)WnlvvZeVij!55R#a8#XdSNCOe_VB<QtV7xYycC0bvJOR270j
z+=!L#&3eb5FdhW#g7}wHC6XXOkt#_+EJh3-0m+ahK?FptBF5aMb!)vRuQ(D_41l4{
z{{+1*mURDJf&6XC_uDBLy#Nn}o+;8%ALEwYdzOSCG~39_-vc>9@Q4vq4a~z>aI|`Y
z-aF7W!RO2-oWUk3P1i$4wmVXZM!Sq$pIroqm@QRHLpyiglK3E)-2pjxb`7Ow$PzWd
z)n7a8SV)vUl8S@`Ng5`zxDoEhFcfK6$UH*^j2#CeX?y(7%3Pid3$uZY5IrT&{eEr#
zt|-VNA5$^vV?Fh)D9ElV<Xic34y6b_j`?1xF5F3CsKdla(ZxP8km({QYm?e$Fb9%3
zaiHPI?o@^8ZVXG~)na%HrDk_TrMqBblN6ahcO0%7x)%NhPQc66S3Y)<XlOMYqVSz8
zqOj-b)KtZk&U+YnTnD~kR?2zqxq#uzIJbABDuh%!PJ(jSBq{I=4`H7X3rr*0gMNnO
z@zRKH7VkW{DNu|Y`kP$I+%j~B&WmkIYmOzPtUsbSiv%Lj!Cf8q9E#-QR+H2gbXYjq
za(A=qG3QXD!g&@;;@LhR58sbu7o=GBuCjdX&Ic1e#V-bLFvuHuS_=U@>g7;qqU6>w
zD5djJNP{Gb5=Yn8&xs|)-W!q<osH9@6AqU{2>L%gv6@=UAmOK{3XVpy>{+;yA!k9h
zV!$_NhY-a!?6UUoYYBJFL^v~zc$ps1P_Q%Xd_J4xVZ^Vw=m)xC6$8>JhxnT5UkE-1
zl-Q;EFfog=W1=!MYg$PohqG(;RJ*V10F@nfp6>*Nqb-Y*;v+HnWD^vmBZ}+J6;_Gl
z&3;K{0R>;EM;zpmf<6-f2s;;?hPRfQ?e}N$a^TPUZa@2hRd{k8NV_d7VwQ$tHv@Or
zr)?K&^baonbskkmja}yiVs=4{6J6PI-c*BK&58I=n9|>ck#!sa9)<wHdtA^xRONrM
zvbfp*d1Y~Pv;NzFaicTsu*HS8^GVxLf^m2c(Bg2`EfCtWuGKGNLerKGi!zne;G5k;
zl%A}#myQn`By%x^YM{#M>N&ele#@W$UN-<k5=R~eQBp`!!y|iI06<aKGyt#AZ~MF5
zy=!b^zL$ZJ!q)|V{^24?dvP)q*lr5Mi2M32#AXB{O$r@ZSA*Fm7wC;VI{=Os82CmE
z6Cjo^v5wtlu_vjRj{E1!qF#O)0RhS=F-fiKE6rV3rXbc{bZWP`^$LfH)Seb{aV;+p
zfYSSoBHyFCn)_Lv$3f8|k@exg5MadAyyxFk!c;sc*mr{GG?=(QlkPZZHhs3J5TK9!
z=c{p0d59TB2b3Io2v?K4==D%osv^~?GrGLlk3V;OvSs3^dxd3gsXK^9OYVCpcF(*z
z+q!X>wgV~+840{_;P;DTm<mEvo!&O(=&tCLU533erhh{{Xq9o6rDlRVPDvRfe44O{
zk5C$Z!Prk>E7+JGD=aJVA8fz)7pf7?Z4+OR8a(1ZEzgz4>`;q%kzBa;R~m+b4>|r6
z?n_yB;iAp-{h$sv{P_S7#R-dL=JL*&Um}@Dd7C)!ZtIbLQnx2Taz#^q5LA-eq$)$h
z{`ugEB{9+`$rW+b64|`vrqRULW{27#^Ju4S7SpX`Wb9n@b{{f^RGSgE4d<`7slKJK
z{6lKRF=6VvC9(|>m{f{Z0~eC;XzR-A5Hs##h>><lU5AhEDu#0S50`dDDT*Ype|(5_
zn}Zb5@o&q*d6Ju7gi}%6F)=N~5OBB@0h^$Lf|30I&Ea2^LWBq-!U#PjtFy^jG_2=-
zBR&m8h)szUKiz-lB%4l5)%>hGPOFOrncYv%TWz2^ncuh>k`z0<{9?G8%O!aXThWka
z*z=M&#b-Oy5ILk=*<kJS9@m~zta=(X?U8nW^jPWq1{KgwrB(cBCjNvXkAUqV@U>@g
zC3KBBPS1i1Xu%a~o-4o=Z}VQ!&qAp?2ma|9dKKPkgS=Ybt-JyKq|j%hp18w#0ExEU
zG;THR(1Ca(BU|_*MDJxWs%SAPe`$rLua1Lge4}-?T%#N<c!lOu%ih;rCVL(}^tM@&
zTEV8VT<7}ZE{m&j6f@zTqLm6~`B2_2C35XYl{l`=Sb(69O{XSXh0MHs%n!Cd^zwUI
zug}YP+e;-Oc)Y@8kitDt1s-XyxM2w!f*Pv4<0NQJD&^zU7=aq$$V5rXa^1}|vAAZX
z@%B+At>@6+u8(sT7WDhxUmbK9=H5A$S3$@brzcN;C)vRa<(;nP_`%3nwQaJQgHiH&
z`P1di?<%U8)nR|5Z;*+Rw77pp3{DpAe}Nbr|2GgLOV@Fe32l7u9WB6(;P4%1E5Xh!
zjpAmr#~pQws5D7ON_1?bJ^v<*0UkKH67!s-WbDT}_gP^4d_4qe&}<A43AKq9&=fTc
z8Dz@V;0};9T_eQFXyAJ5(YF3J`}-+;ELsNe=bN9<)COSoIl%m@{a}CAw+IN8>K8EZ
zL0aQb%Y`BB5OqgbvE%St;T!26rU4HV)*EdvLD$e7!&zHbOIT2_Us8~44f8+8u8DwD
zvVEl<o;~vg!!7fNU~Pf+^@yuVG8g^ZTr{w4Z*K`(GKHy2DtxC-5aG&Bn-L{Y%g}${
z-1dO$F_Cex-rzbZGk0cCW~ZSB@H#f6IK_sk2tj}y#FgSfizVIriG%``O<VEJY8+iz
zdGp5y_z0*wC7m4o2~OT$TniIDeg`>1?Lm^^F6nx%WWc)zmsC+kb+>qIRHJ4ZW-7gR
z#n}Nw^XD@|L`=Wj*ymVIj=XaF{j6Q`W1cR0-eeuBy()6{A1cB}OHI-bQHgG$2S<Ds
z8;K>&8CK4boRsIIXT!(-%jp!F$YxVUdl-y^Mz2!ugL>=|dOGUp=+of!G0Gg!$EUke
zlPkUzrzoeKBodQnMulzkqr#>iZOr3tZO6P0WG1~bXHK`kHK=`_4IC-+WP1U(b$m3&
zIpmtQ2?G!fPA)RE@QtAe<4;j1BBGJuew_u22m+6x0t!bdkBv$9O=N!O)DX>9eR9Qg
zd0Qx1-?+Cg)xwC5!mlzrDg0Z6viqAhsr*~{Ra*BLcJ*V%gd0yX?}<!%!Cqf1k#{-H
zp9KbQZstpi3;tV%g9$Ws@bOKr@wX*BfeeS}&S?1CM>jiL(9f10j8>udFg|L~4+k4g
zYC`4P4QsGuW&SU=*q|HchV?$Lg6V%pZ8!f#X%col6tFV##g#>{eJ3rhC;;02jalK<
zhl*2v=6!^q>^N9zU9a_&+Za%LgAjDv*1XKGPw=;wo2&f#dC?4Au=>voT`jvoOycpo
zPdCT55VBYHlMh_8&Xi?Hc0X{-a?qbAFe+c%^ix}(ya+6nRmGP=UTp2EHy;!Pg;DG@
zb(BJ*ZeEBki0JD?H_v5Y^?g(MT<nSUl}wI|SoJijY_z5HGnosqDW6I%WC^GZYE?Rf
z$+`?nv~v;yDc+k7XlG3a6fEU$=SA&vg-}qih1|IUj}@?)K|o5#RnwM~^a=*_a;6L!
zev~!QD1Vt~v`A_<Jz@nrYdi~XzCq`VakkALh+lp@kiExa=cA#~NlIvXFR+cR_<w-@
zqTTrYFED|F`JXX?nd!gS+y9!p{WmKj74!736;bA{S|Glasny-Wq!#5I{!uvLqVo+%
zOupXq0aHl?ai+zJr20X^IM3hn7D)mz@x?TdEELT}6e~oG4W(K9iJU4$0zWl<{AZQ_
zXS<1a5<U%*ni25!UOTDYs{pr~Aos<0n&8J74y_P3nvT)_o;Iyr=AWjagn?Sl-p;Pq
zal=2Jq{lpMJADrc{G986d;q?V2U8Fzd@IpV9AoW<2vDUxu3qdHQg<Qn%21n2%8adH
z;KzCY`}w>}a}D>~coKp>6*&52L?<9b$n5)VE<~giMDQ`4c7Q89M_Jb(WFu-;T=1gk
z`u@~Dv@lvU{F(|x)U6>^ICdOWA@XhadK^`z@{L#v61JJ;iaE)^;|Fm^F4GX7Rlbl_
z2b&%f@v>=&SnVaM5Y)1RIuZ;vX1^X#Eh?Dl?y{M14_nexSohWs>m0KO3w`%cAwQsY
z5C$6OG|G--5Y0fj)ON)&RA1&Tnhccc;6DDG0Rm@`Q6=fk0jEPQhVc7jd!~fNh<6I;
zTTcsudYE>*MZ2$^&dKYu){0`VemO2BQj}x7s0q7fx1*t(K70`2Q9{|Qu{78VZkba{
z$RevrMtt(k1lbz=QnNRA?1%)V=mlA*-!<@w(3VOxDx`>&R9ThMM-j|t28rd1Jq%is
z;s-WKSsJaRXaHXn+Pg}fi2|KGV7=v_s{)+>MXQrswHUq^G4)nIPv;?srHV-EqDbne
zU&%W@)U1Nd5HCd+;?0d!nmSDDS$03!O3Z2*V&P|re#MJvF@(;P3^qkUGFsdgb)%8G
zCoQnN9j<~`e{7Q%GNynR5yE;=k}0Tb!NbJgPtPbfsarwAlQ)XQ=m<GU!^eP0ygpbb
zf`_MOnO`u>cvMoGuThK>ZJ%6DL5vqjqaw+txraL7;<8q3bkcUfPGM<Bc{+(2g`D4u
zWai?iN+sjETB<Z7$jc|{9bbtE>+ML_O_G{%TXm4E<#4sF>=JEUP78a+!XfCYnE2vn
zn=gw6ZiocRyzf<wx#jbh;2q}-jfC%Y>d#&XRF-RvL2wZ&UVtYbN1B;Iknxgu_Z>Ky
zQB+zK-vqR>XyZgEPD&>q{lvrIzHF8sm=@<f&b0*UXiJ<-^!#AF^YF`lLg1d}-STRz
z3(WmB{54fP!NL4S29C}c$3ReGdOhm-xk(Um@&IJd$*gm$4##t$ooE)SaG79s6oH-B
z{HR75?)*4gqPQp(t#4p34hTcV4_iV779jXtmD_NLqNDT5Wtf&<RD=apL9Tv_hHj2S
zLSipVC3aC0XsNl%8SPuIAGVHmQn`g(vd(Jl{5`lr$~d*t?&dy|P5x?=9rj=;rtS4x
zAX5;3+gyA>M=N*z+xP13{-05XgXzC>mH&%_E!@m3|1-ME!p_C<?>gT{b!8Lq+L8O_
z>-QJt3L{2M)RTgY1`w&36M=q|ilS&kYU_}R#OjOc0MGT$Yxc4u)_Yj`^vEAK4By_|
z9<Gg=@b^)$ucfA(rgs!vNb9OhMX?mtR+>r3R;r0^IsY_ttYpbUk#3b<6q%Ic(2==J
zED3+`3lCC3O`=91L+*Yqin6KYY7k>Fw26xSbDCEH-4$wexr6wNaivGuh_>{=!h*=S
zAIxeoD3}~Ql*wGa6q~G>d~THSpcD!#4c~K|pPjOfOEt*UI!I5}L{yN*tBRYTGOAl}
z*S2b7MG3q9$|a~<=0_flfnN3Wf?Dknbw#<yc10`sBz}goHVj%pa!SLYb0JxBZ%pz?
zAetlX=>XcBn`TUM0!Tnh2SK6SOS?OL^>k62^3M~+eaPVxuVp-jd!uJMUV@v+=%dD*
zSY8JXxMU$t8}dvJC{~44rZSk?19Gckiprz}F0_ScST@->UY?fpEHzEo^0EO_EG{ZI
ze{IEFJyWa%13cN{<!Vsd2B=E+;y6`JLSeV<>;xjQX9owT%T);21&HhkaG_TA_JZs0
zP<6B5q1JBoIhF##sag0oOg!N!i9&G_ngH~9mBDH2@#Y4?HR!x>Y9UN4C6d6opadw!
z2-0<0cPWk;2%6*9*uF|Msy!wXwIFj-Y=1Q5{%C>dH)#8#3Bw7$)qyD@@KrguC@v8~
zz2(+$%g)1S<71~|C@6qS^%vO3$?nwYMstgQQd?l3w|7e0UMZu1L2s{rpevv}YV+qs
zbv=jSpOLb^M-^P=_CDuZzk8nYX}{lZraxH>-u>n-##{WqzFu2ly<hE`{onTt>la@m
zIKR6#?fQE=`+B?j0Fjycf97Ui$Ey=K^96c(Ke!aX-VFo0ecrxiIXU}FH5uf)<VI^t
z7MDM+;K}@hptc>JZWgAU?*hNa1q<sc2hC=zrZRBX@&n#aUT$~Kgp%++U0n!=gEN^*
z$huMAM0oP|D{l}99d`RVy5#HcDfajkw|;8&@09fpL>M+6&l@)KAD|P40VD^b0w5GF
z34z-IA0HnOD2B7U8^oQSeYV`2IJIKc3py?In*nPs@f^p_6Gw^T#0jDV5qt>Vc#mAi
zD~Xz-2E8esilR@xc5RFT06*UR?-#&JAjg)YgFsLB2a_#H|L&LhC*XBUlP$mFc30$L
zld=O<6ZMlUEDLLZZ7oX8d2Q|DOU?K5j<bK)z(2z(&&oDLDQn*cc!(lQwBrw-bz2J2
zln;?k?tVh}*70CsmBOenu-qI#80o;RjOFi#2XZ#tc~oN}65&%XOzGNhbyr^Se%m+l
ze<V`HZGg^S2CuJ=i6$1Bp?qctpux&CP^>DdtBV#<ozD}!U^{cwqqy-=L3fu|S8AK&
zYrM8M0b3t}f_I{4f1`eTWlB^OBs9hj8M|bQ@Mx_ZHYNeiHiJ$_KchzhkwaHhdpe%P
zzzklIGI=4UO(^Pwv{HY$CPMdOu>v16$#ZB<(AST(3QJ~D1Zm!&jq(FBXC^ZsR0;OH
zfQqJTAnxc{G_FeM07MY204MI7U^!z`Uxejw5NqcjHxk_gkzoT_w-IY`&Lv6tdULuL
zjV8JQk#!J|9oLbeF;?)gx<DDkPOQEzR74+y0f9}*iT;q%KPWklO<=h46<3i%D~aMI
zl>bp7<+IC}jx2yvx^#`{DUe0;BViMT4HOTlbGY(89E4UVDpCZw0s~tf`>14Rry%Ss
z8g0FK{yMZBZvhCuvmF`HDltBJ&hO8qiBP}mf`L{vUv0xRRo&+8$b05j$!6`eWvlKP
z<*Ea_O*KxddfaA}guQxkTa~izN<}T14Q<q>Op!)PV!5;aQP-IJj()-y+sD$mVzFS{
zU!ghCl6YPuFPsn78{?7gSbL(m&ElrLnN#$by~2(YTn^Vn*3ixwl%#=q2v;HjzEiLT
z*vqMKnixKEKmt2n#FE~cVNwa@9y}33%*cL16%QqchL>~ufSV!643voYb+U#$w@Ni3
z(%%EPq|HO4z;$RjDX$>odiLzA7}zo)Yz=W(CPOctG#Mn<b^1v;L-H65t5SNZ&|!)D
zoF15!Xd7Cnp&TrBSt#et8mN83#7j<wNUF|UVwrNiiAb~YBuJtn@<V?$OzE7h#%Zi$
z!9)slsxA6_J3$h@OdL}P2Z^m}5T|NQishuHlH-RuV+0$K)pB%lKLmAf8_ZWAFqwY-
zL{&xG0sORFt+47VRt|q+S088<wsw19`}TsC7$y8ikU3l&I3gGuBu@2U`ZNlgXe3=<
zwNz>$ZoxuV2T5gdWDNrAt?P<LPIV==MGxL05{2x3F+NK2$~!7Y6#$kf&Zr4zQ1&g;
z`?-F)6f<MVMM^Y-PV0GL0R4uN{!^fYSWcst)ln!ULSeKzekg{x_7(*e#n&~f?1Vd;
zVKjwQ;0VneNHx^0?-M5;-!aT>SHbEu$Q;TM>`gS@WE__`<!<^{?0y{9k{(m(=CQ4{
zlu|4`8xHmnDl{}du=3SX4+-cyA7hENS*)y>%H6bI*AR1C=0q|q&;t{RZFv!FBwgnn
z0wHNRg5UCMXT9R3qRxwvC*ecFBsJ};n9EeiA8X;S7NS6%L_zwAe2im7*vE44_oaVS
zQ?w?oi5eh!^B=!-^p67ow*iLRu4^hS<T~+f60{38Eg1GO9LJ*}=*5YW=49L_63g0*
zB;{s1P#%~JvHbY9P^I??;)<%OzEoX(p&lYKcv4|8u3^i-(~(XGda3xTFqRz^q-^Fy
z@F#day|F(QnIA*|yfbi<nyNVzMFc`@BGPJiGG2sD-ocmBGM55Hz`&xX3Cxm_3QsC;
z$hCdf!<E#Wmy3Ag);2Z?BM|rQU#&miSOIXv?m{eKymT9w?ANF7+%%U^a@Z3h*fRAl
z$k67dW$$@mA(bs2*nj2Izp@R7`bmrw748T@IuB)~uT*(t1td{z{{Sr%HA^PWVr)v-
zGJy>4xcJTKhY3R!yz$t`8Z17u>3{Wnv>P#f+PZ=x5_@YwiB}5qmy-R?1%Vxe$ckRu
zFsnt|64~FM8}7M94_x6jVxLu%gQg?@xUNb0$BkAwDH|x<1~p~sW#4gas!Nu0mnEA&
zQg-mOK0@T2vf|${I*j?gPHw>Q4h!I~rkx;PmG8U#PV~zy&Wj&_D?EWhh(LT_<KDf%
zniHC<oU2Y|JjlVDPvoK1P#i>FtNWR#z*_VeXq1~OV47PZ80X#ubfsH%yJ_TZqMNAP
zz=KwU0A8&cvJ!Q}gt28z*EXzW7ty$mVA_a3X0jDC+J+fp&xo;QK-bo*W#`Mh%a6(R
zf3Bu`Y0|nhZ(P25sX|L=@lK+jy|VqVp1Uv-0JZ2&k?)hSn|~m(Q`bilyRhp0{sw|O
zO}G4KQ<RhYUlZPc+tj?t)_2|HLi=&|j^4$FY4t+?-ejLO=V8&^9o*e=<Q$vq1GCOd
zk$qiXZwAWTX00sCz_Q8|D%g-PI=sMrhl~O-(evLZuT=VfP~IXWJI<70QC~xM^lFcd
zTd)wAZQ#!@<FNKsO5UfGAAt7e1;U?Nz*B`#;1JEaOEArfdAiKmp;!Bdm$N5!f6QN<
z!)lC8UjcTGo#i{<S!=gbs5k?{P@=+N{(Wq-7$6hB^g^%7`#(RIt^ws6%N#&VuFc2G
z88rgFQcG3(W&CfSk~emLd2eN&D*!yW^ZmNG@NX>ftGZ4PWQ_WFMn^Zux_F^A_t3%i
z{!&y?mRUt9i&e!a(!>5FQG_MWXhzE^^K#UWuP_w?bHhtSEzvIBhn<3j>WF1l15#|T
zwKEygiSGak-YOK@7<gP4!~QzRq=Kw<7gTgP46d<PGtwyctA2|Ny=<8D9XC~((5MMK
zN77c`;gQ31D6RZbA&sL_;zAUc7SnEmuaZ`=?aW$l8Dhg*&*Ko-d{NXrXzEQ#kaSAp
z;-mTwV0i&BLFDMG>|v*!;?Rk`|5ccrFJw=W=3BzkdEw?a*$ZM77F=vZnIl{&wPk7V
zCLRX%&J%w+Dr$C84KqbDee+69Q`=`g*h0r4t!=wQ>t7AqE7Mg(cMKXV9chf^p{0?$
zq5*-~6}uF^iw?P&gRm-{bn34jEVS)=HE%-uq`t;IY!|pPileScP+HxR(nW>f-{C%C
z8ex|YTgR)4vt4r1HTx5p5LRJEuP3duZzHTUzo?TzZei402|Uy)yG2392<2dHJg$qJ
z`Zi^`6R4O$H@{@tl*(OJ<qwhcds4Nb$ktg`+;gf~jJVz<i9yT453zS3rxL9b$l^eE
z0v7zfY>TirS<HSv0^sF@_eNoKg|vuEvVsw0;MQ2phg<^(Nst@~Aga^)3PV=T6S5u`
z9!#TU^Q*KJ-vmpCDQUd)x9Q@>)E@@}rj;pY9AQg(_0uHHb05pf3MwC5PB8M9OMrL%
z7EMv{_fv}`3VcO%x5WMUbFz&^>1nR0CceJC^V@xt&xL-{#}$$z2N`Lf(qk;*_bBqR
zXP%3k+pYQ(Gf_%%?Km~TbmcuUwy4N)Z?-2X!RhPp3Kc=xOFZWnB$}t@B7-sA?xoox
zAFCEA$L?^HK~Ny79H0+tb4H*SZ<EZV=N;_R!n=!GIrWqaM4nE(AFK7vzm&sJkwv8C
zMy1Kry2&X5>rOu&5;0BDTv`p$hRuCz6)f%HI3c2@r!s5+u%ki)N-8T_mBU<U7OMQe
z^Dl5!U8o3pX!9Ofs^1u|zxB|v_c{f>rt`)J^%$?2VavSTYf_dWzDpPs+C0bF&3kQe
z*1i<>fQ3x;0{<1v{CCFt|Cw+;C-=VyAuw|>{oBW&bG39Gw>Z!O=Iigb%nDY?WYUj&
zOK*70gn}Jrx4IxDl1)jPj#bo}|9s}+x;rnMV1bAo9~>NX`u&mO*%iCTbUf4xmu}gs
zPz%@2bC`OXUCU-lcsy@Nns?Y3^)5+MVSNdqqT@)w{qwygPq*s1`^UlJ`vx#OPk3mO
zay@*VIGX)Q>IH1i?(J-7{{^%A?frQW@c9O~<3z@RXzt%lNZ0)H1^U%<`Wt?b#s@tA
z`%t5Zg9e868GL(+IE!w}Oq+l}ZP1{X_adhH#^a}$I8w83j5tvnXb1YKxI&|Nw!TJ~
zj5*(T-A<MNzFqsyU^|YCWtYcjYy!~C4QIrCVj*x7gaNfyNX^bB>m2xaN~VfmPyyO`
z@|<E#BUAAZ9tdhUf&OHuVw}e~0-Q)al)&1FQQTG)iPyn{uCB?QnVx>v;A+hq`KDyP
zz}^t01v}{}TcCn|Xfl^mnVGa9uY;T9S651HtEsEyj4XkgyJ*U;k>X%#DXVya?oN;0
zQBcdJ!L!1q#(YKTAb%tdOwAA*b-|&t*ZLi|!H&k3J`VZ5Z?Z^F0b+_vmY55GMkVzX
zQ>z5(a&f;$#q_}GKutVFdgrkn)%@ah$7tH8(}p0nE_r)(d~>x{ll4qiHGdH3oJ)sp
z`?kp+N2rau%?f)3oCv&XPflG_1trZG{N8lX^x+g<CVF4^&3!a9i2oz24adjQu;Xpu
zviInA)F#M!a;eck2f}UXSJ6Cw0^L;@PMxmSu>y1yYj4Urjxu=vtmzd#Yb_V7ZLQe!
zD~~5gDOsV?0qM(6l|>*72wdA%32)UvQRAJkfJ`!&6uH+m0JL%59reYsm!%;?oo~yB
z3yDzZc`v&iXrq<(tMdqR0CmS=79@&EBo!<DRTt_Fwv{@5xH>}LE#2#|4h0Y!m*3U1
zUj6kSp_nIE#_~7`*x4d&X&Ow9xFTAnLNL30<~{@t{9qo0c+u%=ahO^GU;PdEr1}r(
z=Ek|`p_arS=pE)G3gO_vWb8YmEeUkR*QQ4_pHy7{w|0!_tD8`1zLKUk9<o?qyX7v<
zND-TF(2kl4v0uI%kxX{<72#xnp!W{FiZUgb5n40xH<q+wD>M2eg{abfrLfFVGLtQ*
z4IAHOa<ivy_AU_K<*@x62)L29BDG?TsDi<yfDAoz=o@*ZN?pLO2@fnE=I4D*W~iOY
zEAu~F9*A5mWw;|>sh0P;j!9?KE6zxDgz@h`hLv4%N+Xy;hNDA#t7TiBo~^opnb-tB
z4f8{#2`E18+7y?>Uaeui3`xPqkf@hCL_A4&LCf(WYp|j}fY0-@I|A={2^8AQh2MRW
zV%RN@!jMLIa;mlyMMhl+u2*4VkI!p3X2PKDq4swP)&=F4_UEEnP~%S>wxYII4Izh*
zF`Tv5se&sn7L!NNW=#?wMUvzDn+%}`=oZMmelfO=y(^ad9?EToc*fc3IjA$H>(J4(
z9Yo-_2L)5{Trh+L-a|FN8$If&#fc4^n;-4D6{m4$OxARdXiUndul74$M&>;FJu(aK
z%zBB0i(cvU*RlB!oP9BM;QcdIT>J^rTB}_ymT9Vi)~mm8U^dr4dWtrg^xOnMS|=!j
zq3}lc6gJb2GWwG=qJXrjs5_PrHGY@W5qAC%cv0pAmXP?)0`Iw`xBpNib;jC~An9*V
zY8hUhoibJ&A<8r?c8nIBH25;wMFFNAyy1dpQgL-LX~S|k-D{tr9(FHu%`2%PM4r+U
zip$*lc+jIOE3Q}1f|oVvCS7h+TTd?NXD)sROLG3IueHx=#{I`MIyr+Qz}iddKt5&Q
z#_$Ah025tOut?eF-80CJqLcOo%z>R!mf%G%D3oAvO-$;E5BU^MDUm;4j#R@dX3b?x
zv0Fqwo3J!b!At;eye#**Kae@>NOZ}b<A8QLDO=^k3)t9L1FHY0GPTEyr^{7lhVrN+
zA2tCst-&?_;=#w99rlmPZH5WlMo#^B<0Rm_Q`+DMb+9Dib~|BH{)2wRz_57ypE!hK
zpH%Pt=Te7oKkukIxUzFOekD~yw~Ddl@%|!EL`Og;JE}yP7Bv=d=K(EX9Sk~sKfzoV
z3r2=)(OM}gr{7k{eH&@H;-sCbEK+%lNi&cn8f2<dW>E>zDHw50KuIN&8_1d$b}}3D
zxrAXSrLDN|cZtiI{DNbTRu&x&OF>8I+bn9qIVPMc&fUgP&Dw^)#j%`>Y~Fr)LC(9D
z(kbj|4)!bZlNRvoP)$o^D>dXNf=>ov2^+#@T=W%`hZQu10J)y&03wX!pAW>zH^6L!
z@<gDZ_1hz;_uG#Fk@^!X(q@oLdOQ()+4#D;3dnFIeX})m@Q$7%j-XWcb$^vhpzJH<
z{1ZB!d|)Z)2Y`)4W1;zHi-C)Y>t96TnE#&g`H%9yj>P3^$T}W#!1evjFgge3F_=y!
zyrj3!B7sHQ;c(r$6>j9mCJqp9<IM;(R4F-2k_);u2|^ZE_VXt*M;^IH4W3Am8naHU
zAe(YQPraGFl20A?t^qYz{i)k?R+>t=G89=%;)QVk{f0ZZxfb*BlKExG!I^(6jy%CO
z<wg-Qi_rtb!|mNz8B%|+v)BHXz0y8=mW_oTy1B<8Is120g$;-~{&pgQcPnWo6aD1w
z$Tb(P6P8GP0i%ahxuU|Tm}MpGQdbE}xze=Ns_x9O+w;a8Y+Wl}5!Y816F-y>0AN6(
z=lK5slhz0GW!!+ENmH&O`z3$xb^5*a5_ig`k)(lLT>2=63};y)xTt;2Ss9IaS{|VR
z=Gi;H$}C&s;a~PPOjbz}f5=rHwp|Z{{p!$~9)(b@FE1vTv6gvpv;9sNCpc&@Mp=j{
zXYOAhZ(Fvhy_6V>A7x9u<F2`ao_%iZ{|KaKg;REdvW-z#i(%R3*t3PLdGiqMJcE7Z
zVsPFyxaF>!a+A*pb1y^eq7lYGl1m{NDfLK9V(B9&CUy)H%|<LnV6SOH1;WDoz_VyW
zMW(w6yr_@tx{1xG5oSo>81+)k3n#E3v=`uQM1J!Nui1pJ$gQDWUR13gydvY`Np{FC
z0zLkT$?LwrX2fN^E}1VUdol#x1%gNz4+-OX7>k9N2$>pOJ6}(j(GBC(N~^rE@TM8C
zh6(N(F($XQ+o}{Q6RGMyv;dp+Y7Uic+L(+1O7PJo6jzr&>738ark>tgZTBXpOGpI8
zz!Momp7W%Q6Q2^A2`n79(AvNUqQoQ#miP)q<ctoSCR=5i8iaBex!L7&(3q7w=$ne(
z$FV3a%Z0x#!>Irv6N%X9tMxMRrXc)lp$Ky7T1HMEzDweWX;|flt{`2>p$Awzr$GDf
zdHtL70XOs*pEs^|Qv8p)A8Fa#XBH51FCyUVIYDSnt#RHqm#7dtA%$l<08~^evd(fa
zG9W6+9(=DbbTZUEor$4Uk;*#Dv2FrVa|;q~5iBjqu+fl)-vjP^1q7lSrlu#v)nxRK
z`lkAWLzM5!7UCi7aJ|Pf%iT#_zPvY)Ri}lG<YK~GrFHVAly#V9x^&MXOnC!X^3%&p
zcG)yKwW|0LxDzJu`)j}9tlY6}da>RrhIqJ_;;v$lu=0VO1me@=4BhDL#`Og`wK%Yk
zgQqWqB#(*id6!g{K$@?49b)**dMVA-`P1i$(sQx|meA_fPRnU3s?SXea{SqVU?p-)
zM$%vI!@#E4<P#)b-O#HKVC2R(mG}aaIt*~5A!zGJW$?5*XtS{ig|@MD{`#!_$Uy;$
zbn2l>6+Hz4q7J6rn0=3SP6&G2flax0CMCWV4fNT2jhR#0GR55(OTKTUJ?RYAkF_&k
z2@vP&(VJ<G{H(qg{;ChpqtuH_mlhy{ZF~qHOY5!~AOzHaaB6RX)`JeP0xPk6!S_3X
z`$fFIyS}rhIl%)JFzpgo?R``RbUz~sZYc@v^jv<>CMiWk=3kx}2GmwOLtlu;<HR9!
zB6Rg4;R&DudB*xWU>$6DiT(C%s7d<=TLWL9S3gip{~7x@x&Qkq;r|gI)cTwGZf@!Z
z!>H<R;`Se@@Y43imgX>wn$~9jk@n8@HwRwI+}hI0jfj)wuPkEi=Bi}wBI;=G<mh1T
z@Ha~yhEdef&e28H$=LL7CcT)shqbA>iloT@j4(2@a{NvE{73m;qwCEMVuRj_@!msj
zSD75N^$LZ@A=YIH!pgp~ic`oD7EI;NrmAQ(en>7?G&6O|!@3tAS?R<2kCIwjloU2*
zuJz0bRW!~fN_+GI4RDUaXgOh#HtHfi++Z^^q(E|FAt{hBpPAs4V&B_dUyr?|&*r<Q
z%ssPTOSgUgp9BZ~{&%+oJYYcofBAot1_oxhu0l1xk9ohFH<Gk|U+CC<ivWfq1g<_E
zEG#Slu>DLENExUHh6C+-&+N^ljrU8fP~YKQ7l@F5A6xM2hV_#Mf3X9q17~Mu<i0^Z
z)}HIX*jZUw0kG$WOZ^{fGcz;Kj0J)6-<O7eYnS?i{`bZqU+n+0#knEtfBnb*vHCw-
z$bE-=<yQB8BRcE_?(d)0`aUA|-8I$c0~T~G&k$x#&ldl_3*(Rj@IE=u-~ILgx#~-G
z$f4Kk22hvfL$D|d44ypSt6tm1yxX#@-{AQK_+Ffq50wktUk@67A-3aR%nM}a%YM&A
zd;zZJ@t$Uu5{`cce(g7Rx9$C&{q~RuXmr=ad-=6ImB{zN;_E5D<G&PM%h_?0E_-Bt
z`+gO3`JLVU06R_4Yw6wv09Cx9x*HbJ`z}^~+8>|B^K;mvr;We+rg$}!_$KJI@4LOe
z@6Dba-}|evkS~50->v>$@5?^QBY#`G^xWAmf2XrPY(6^N{)#gMf$v6i&olsU^FMm`
z{RO|#`uXL~+g=O3)o!Uvx}j1QP6v;<?!E`FFOSLMJs*mDxVJj496hpsv7<Y5C^)a9
zG}4Vv5XM`_Z#(ALcD7Ivc>i+e_uIfzpY!#uk6#xbgyZkGk`wwKBkKL^RuuR;W^Hyd
zYI*r{MvC@g{_XR1cX+)g!81xEPZ%3GV`_PXna<yLblMbXioySIU-p3)bAz<)`y~08
z5ctHXu=liI3)>YKA%Me<*!PwD4Y2)(>ZLFDydIza>it7=&&v%%A$Ya_!*lMF6Tbs4
zJp0@ABx&1eGNQk?>XhbU;!%oHmNE4U|HBH-|NiA4b7`r+Akgyr_{?j){c3w(tLEEw
zSoC1XaO;oO9~u#zy5EnUV|`k?{rcj5@0jg;Ev|t*xw*awdY(_A7xBG+=SZOW((r-K
zgJZkkAGh63=3`uwHBbM#>94DuH-US#E~k#cz27sZtM#`bivFbj?g`hsf_oo2-|<OC
z%zGZ&oke8`hw|!q$U5GQTDk`aVS!$kjl4(d1nYk~SAEf|Sp)d=nYY^|@3ip=6Mr$j
zH=h1pVLz_*S=&5O6!7u=sP649v&qZQd$Pjo{E|2H@-uPoIs43CC%E(eZRCd)s=wtp
zbEiH_y1LYV&?wW6SNAf2ui3i$yW-7;hcmC;=KIZOctsXh(WSn}VZM0bJ4MwsfA;T^
zI^WySv)f${)gPBL{n&B7%exO8-un@_{(Q6ZU<=L9wLALb)zNO<ix;=dV{|zV{<BfA
zm-dTU&E|LYdhPoT0&{j9N`1g|F0bi)TR`3Oqv6BQ7QuElrR$aE+K2bcoyf)BbI<Z`
zU$2>VmJl6N4h^A`q^7B+_{@gC^RH3<^=1R(_Wty07x`;Fa%${swjL|rB0H}qN5DEV
zHFs-uL^pnZ*#COhR<*q3jAFcB2EhIt<Uae41)*3TxP+N^>)kN}XgBmeFD-W&FULJg
zF#f9pb-#y38AZ#0i|iHeqn9_E9^8bROu=jZy(`{2?!TH=yR2Bd@n-u7bg{W@&dmG*
z2k>UYW@cjQ(GBuxs(y^hDM%VkW2z8bm;eB{^)C~*fcKOn(Uq|u@PVJR^a*F<mPb2t
zj)navx`zHd{e#o}9i^w$w1V|t`bYrWK==8h!@|n6_rihI;Z|acr@gJGqXqyYB6|zD
zDFxfD%GJu#<xD-6KysZ{pN`}A6;8P9X~a$6OWG5ndJl)@e+}-5kuQ+B&W#hNR{uLP
zZ4^^*@izp!!k@g;UYwUP-TbcIr(TDiM-PDev}ExkW%;8(cIJiQum0v{*1)Uu@q9lD
z!2@m$gCn%_Rm3vQxc`m4_l|2S?e@jT$|wTPSWr+HMF$lHl@gE=J1PPyN{0vtNDW1L
z$*7|!2#f_$TCAW_6(RH}2q*|qTIc~HL<kT<C<#gS{yjTXotbyubAIRCd+z66|L{YS
zy`N`2tA5woYbAO@N44{ead5=M@h`)x`?v(Ur?QqM{QfJ&uaU^nSzeBLUx^u(w8yJN
zEGlo=8d*LX*P`JF-xV>wyWeR=mXu7jLPNc>1*v8IM1N0(_T!$ncs)2<YQKx-akV}f
z!_^qNO-)W?<G5qLBvyo0K^wY@u?d0=p)aS~?GZ0N;iIA-Tpc-fH@BG;*JOOHx6cNX
z!n|1#o#s!m#lRytqEAU(T88hV(KY-QR<1-yu^BOM7`OKmk(G&KRZ9ChYE$n=g-6@!
zt%{Sbx*=3B9J#Ej<s_G&v9aN6QQETY>5Zz4yeudG{SIFr4onlMQZzJd8HLg5mTAZ_
zp6EOEzP!{k$)F<KCq2=V+6^!NOd(39S^AIbO25bAZa}H<hvx+(JG%+-5k^WpFYxPA
z`_GA`_QZw)tuwkC8q5K~Yoat6@9q$b3|((P103^k&)8AMrg+$#Q&GmrvX(BT=_Qt)
z8dSUO`Gf{%x9bJ(O?4mkB(0KMTO+YuGxFmn#nW=q;rIPrXeM7NP*``;u4ua#xbht4
z1XP7#$e|9y4e%Eb#A=Cec))UgZ!qMO8sl52MCRfHUWxYo5kXKUl{i6wQ+j!}iFt#2
zN#W7@N>W)kR?iOoJ@L1x#L>vI`F)faD)E5+wgf#m!iPG_mn6P%`!I5&?Ij84%_9S=
z&sfeSj6O}<hJUG^DK6Q|A*Pn@p_1TKUf&2~V=pC5YMuX8&ts*K!GnMaR2v*Fr@uY<
z;b>@WAjJ5j@B;d5yoIkm#=_Y@!6kW8qxdZoZ`a}=Y*ooKT$LcgmJs*@d&-*q`xp;P
zFcYdp`#m_#CQ;&a2E|uM!h&-h%^kxA+IjksO0=y@vWqUCl5y7d=hLA4RGjQ%TuJ)Z
zsnEztXZD^oVXrELhs?X57k3Lgy6}o$$x5}?v7p`I`pl8R9kz$Fii%tV*R~(Vyk4wB
zN@ja^e>f6ZRxm($7->wFlZqCrv~Y?ZUw1OKz{rN;>!fp+LLbh*8~k1pWz0HeK8jWY
z;9^8!r#@inl`xxzr)4+9+jD7qsi|18tit1l-K7&C!UVen!4%{2-W^wKO<GeKeX)Z_
zfgcSJk>11O<3gmY8;C1viM`J4AY@;=@3$o&ybFp>-a)BMTvj&Hb8MGQzSbclI5D8n
z>#Th1Kp8jr?vmT>mMWHs%!-l_QJgqALBalswoUsO<CAvE=vb}IDm*)`T{Q=Gv#%<Y
z;Fg)0y&4UOClcLqm?MgmQK@o{7gstw0ly9e#tHFzviugWVNd#PZ-WVoq375qPlC>k
zL%iR5*ND^gEB|<dDPZP5cR65)0kI79qY``6d(*SgypeKfB<<6~Zi7hTtKLrW{GO)E
zewESD1-vjbsped?rRp6lm49WFaSjg`Okt93ml*tEI6f<!AUEJAk{lzRo98qzTxYWD
zH49}kz@S_(b-2H*H?&jd2!RM+AK;wKeSN31^YeQd;3?H`lmwSvCv1UE|1$-Vc(eqI
z!=pjkDRlK3-<18y5Tza)4{=C9Mn*c>!RZ7DADJjU>_+u5_q5A#<tX1Jrv@rjOdVNO
z32zDe_4|<Ht4oi=)poF6Szdy4vvjpejX`Ra06`i7sK{3*(AD<8=ov}BFK~_%;7!VP
z6OxYeb2Y#^#L&~BdVnH!H^Batj(Tv6AR0J<>%d=vTM}`j;AZgWUN{C^3czY2ZXSR7
z3TV+tdM^f93as^sICJqQqTSRQAh<Yv^ELuy5hIxayA{jl-1yJCjHDm`8;m>m?MW1j
z1o(e~&wqop{}xIAui6FSX(Ddle}wCEm<R5gkqeOiwB){hd+Lh+o?Sqig2cU<L`Lqw
z9P<7h4cc8blLJkVk54B)4{&qep1K0Twttlx{f%trT>R~F|2uX8#)TlTf3m2*VcvJf
zHEFls+1!-*{pWTm<tO{_?bx4{70n(9!}>G1X);f_A1Aih&QAD(FcV#bcoIaN5<vnx
zlc);PmMKy9B0+t|M}T|;Sm@M8&?q+(I2c4(5CPNzCj*?vRQ`&%E}*>vIo%heF@Lkw
z0fKvPP5KU#S4WB(b!G8^ZjAPFa{71>=66cabQbOGJ>kRORj$E$FT;tPV3D-)xn+`A
zH1!70njW#I?_reOfrsxZ`{QGpJvs$>X$_K>=6-!NfpN#0W%qxsPp%!1ZhZN;Kup-S
z`+$T-p>5>?Ba1T_C7*;K@0^CWL0nfgh@Cs}vmGmwPT{cH$l%PA_NUUsmy8)_deObp
zOjcxLTe1(oNqit|A|anazbcux6m@QRg`~<mVk-9josTb9lz^PGnE^9hLxikYCiYdQ
zHG0H)Zxbj95aCLyH0Maryn&WHFFjF!b(%Pxy?KMJ!Q&v!n{u|`YuHqd$u4%7ILotX
z|CO-AESuI7TM31)V!cb$9UWbXs~3~7^5ym>F>*&6uCx%t70`j949j578tpRL(DH0h
zBLMz+s`TL8Fo9ZMCi3*|bc$(|`Xcw(o>v-#qpHIEShN-k&Pf0wnwFV$#cC_~D!S}m
zkXvbJ45o()(!Mt)elOQ(Po{m<Ano%G9P~^b-=<>6^Ubr)!A7Q8w)y|;!RwP4mcpAB
zX~e$?{Cb6^HICkuD=Ssmj^)=BuaeZfhdXJ3an2(!y}OK>eQVswNs<$rpU9QjJC?Ul
zh(Q5?TZ)BhW!r+N;i>qSG_y~&#3)SlOadrIDtoFUNs5_D03REB;%6DwOVPMgqi9S`
zuX=eZM9W9naywLG>325yRSM?gMK8MbvHq6q9j%?}6lTOw`C)aG7B;w){d?=km+q0H
z2MqenGk<OO2rL`4AzQ}2+Ng<AgU(buO<2&t7t)u+c+jH_$FMvbYM4u4Y)zrAzGg5}
zCDX|(D6az2jXdYSrPx*~XSm{kf+k8s%ddd0=p7`S7m9rXAW?vFdwBWSN9myi>4Yl#
zgtcg?ZC-WsF%1bmI#hYw1Q^RypoMne;aI|(19C<^+JmNI<g2gb%u<qE=%kbgVm(Tb
zb1f!K<y<+gaOHB4b7?mfc|n{Ie@tvL5htmi=*q9DnD1B^l8SMrZg7md);`+1jf=u<
zVv+agP`Y=2kRvX#WrmM*-|$I4T*z#o6_4|Vlq^dMpuFzKCpnLe{pRq~k56M;momp`
z!#=}hA0CC<yk&Y<l-O&=D}$WskO^c>iP@Q2evK98WqX92d5?>4(>M&@6_*!&#-pr|
z@OeCHnI)wyHSw-J4RX=^z1jbsM;&$_XS4yQX49Jd5?i1gCx<UF3l1OUn|;4CO!@jI
zV!b8<bfxzuB`vKs+b)H#K<`$<Y7bC`e=wA(-9u{Lk=CfXBv<)>e_kT|X>1MOti2?S
z`Vc6W|IS)C;wN!^6}<ri&TfOK$a5TB1?jj7>^?ekkXaP>5Gf~ELJSQ)KOeZ8eDu&o
z-dOop%7k=j1vdpZ3gCtSA8<&c#G5MZzijP39{9q>bbEI~v%~<0=t8(H4Lin(wR)Bw
zR(?HJ`YGCda3ZhF55gXTRUq1>GVxgaxLHgHzXkWQH&AVquU-~T9>+rdnA}|x1W5a&
zK;n~uk*`kWxA^Y2^>46BPLNCwL_bJytW?a<(7sT#9v<-D=%@>i;a*1Bcgm+wiPRu9
zQ2c5~7URt?*<7pWU9JT;F@evW#7EB12-ZkURI^0wiYL7FlV<(hLAY#%{&w64Y+;uY
z9#$U-lj!B+wEHNKLUxa4H0>xH!RJxd_ELIVeQn|FV7D?nY{uFNAm@x12YFZU<92oB
ztnOlA7A3FtW$KWm7ySA4!*oqa?2EvCsV#SR1X$N5CJ-(=1coLNoVO+?jdr_HlY1K8
z*^t5p$LbE!4@gj!j-6l@Tg!}M^YH5Al&!?ZG?YPtX;A@f`Ir6?#wYAPkmN)%yXypc
zk+r!}I$;<SI)c@uE_SlKp8P$}svupO3h>}Ec6ROV{B(J<1g4pkj2<>^rD8VS;KCWR
zybz1>&&6%71?wG6*7dfXrP@j;tPK1*gt8bwd#MyYF%HZru32F0`6L~tzPy|_cmVjL
z>y5qf-rPvB>iw`NfA#Bj$QPqGledJ(;&7dA)L#1sbj=7BeGDz3i4GO`$|wgUGWSv(
z65zm=SGK?j#%s4$XE{kS<eOO%hRO;a%2|Pa6_1P~H~~pxMrM12U-LxJ7P|tM^p1^V
zDGAaCb#&HBNre||MGTpn?V^JTpz2yUS)Niq+;CS|Vf%t}b&v?EeY7;Yy=BOc;Y&B8
zm2gOW%B3`Qm9l7qCL*;BNj9J%XZ~01TB34i84B+=C)tob1cLNFxIzi39*;2IrPF)k
zqH^uEU5ggYBmupY`=+D~&djF*05<K8;_r<Xyt~V;K{A3Vo6rS0$^<6JG_V&z<WoUW
z02gM$7QhII^$0+!q5wP~HzS)L2l>cM3IY<=85kk}3)7j$H>hF?a7+f@zuyM{FJw8y
zlL~Oszk(REsgHotDceD41L1F~A`kZacc9F@-G6buX}J9Tp=QecQ;W~?WM*Goc!J;b
z5y0Uo1TdGCbB<^?&B}jgD*za0Kpn!NDF}+x3;uZ@fJFbyO2KVF_d#wl`)K2P*&>Vo
z=l7jbmH)x#o2$Esc}!&^KpzBNLGUmK2zmzf0wji%|0nH8E^(4w-<(eXmVx1b%m~RP
zW|;R45(kS<r9(iyX7{Zn2IIh^iz%!7MpY0IS}e==9nz%vZJ8tU!VEfE*|+r8zUar1
z5-Ct*SRM|$W|^hhnmAMU4`(jFeObD|xA-jh-jl&6f=5$Rw%(AH4!!NL$Dr6uBe4c3
zfl9O)W5kWv@#B?d_7?=tS!>+U0~NBPi+om(M9T*;m3l`Ac<2))uA581sO0oLDoOhp
zJsf6#Awj!s!ied41$`BFzOcKD7Q{L0R^MsQlhRxh*n4HoN0Mey=hMi8(d&Yvd}U~f
z21P=biGjUX(vE6-Eo>`Pn3F>=S{H0T!8qC)e)%nFwND~l&+=s8%Wz?oE3rp(gcmjA
zd{pM~B{z=zPF>6hYOxyi?|W5}u&?!f;}*-!?asj$-9|^s(J;GXRJMS<ww87bB_)4f
z)@`Dolcr+mB4z!uLr+y>zs=nQe|Dy|f*LRK`C6N^Jp?s_a-7oyp(o)Bi0{#^8KZhC
zu0;1yUoOW&!e6Mm3R+XtNG4Sn#3GsRlyozji2Ih-G?d!Bl7{O`(r%4=1Yc~dOhv6p
zzel;4CS1<Ko2?kG>-xhM+IV^wy+*r2{JLXRnF*be5a8kJF3hK)#R~nYrhK0_TN|eI
z4(Nc(&2_L#-0!W;#I3$IWr^z|g#04;`625?T??y*L%Uy6U*Sk}*N+X3m60}<=5d?A
z$sLLymY>WRmaOS;j{6K0;zlPz9%)!Q^8+edw4{QMxpavaeV)$yKxq}y#W@Fcxlu#I
zZ$AZytl`)7>pnp7JxoekKn)HB9=4F{S(l3sNQaJ`ebG^o$Hdni8g{xoee4w!V(-zS
zqd~BW>xTGt^IBpzZGAIQbMys{&LuFFtZ4h`AYM$mVwWyZ9lz*TM<s?A=%VVqAkP9F
z4lTZ#LlP$70Q||N_sPUBZC_Q5`2Fb(ZZ{LVolfZ{;aDvS7$-T)UBR2+f+)UO(KV*|
zDE6^;t@>JvQ$hN6w9)i!+;MBbGu<h($~xr9L*W)YW}j=XfJ9(kC=u@RvZ+ZVHLA+w
zxj#^Y5iQVMKU&bfB}}|hEXY#h*oerEuN9EXx{I0wU&XG9B#KJ=o3FP9)tkOj8j?}%
znlEVJIazS2j`$#YjSH~fX&0<=lmv&jO>{XOU9Zfpc}n5h@R<~zS^+0X$B0*|2=$b)
zjEeU3vqTqT{5QO-mh?Wcd#w4v!1ZKhAx%~?X16P>VtIpJ5Doc$$QeJkvmYpX>)AbD
zTPGH_KlJJ7>d)&!On*w#RN}LWpflujtEH6!$1;QOKrHzt4hTvZf~*~UlH%b6SC3x-
zp>QV6U;i0X@-DiHlcqKJL=l}aMj<kJuP)J8jBVJ7ETS*xbGZ~ZbVcys0n8}K*aZ#=
z0tH8~Rw9myQ?FP$2wQaHabMFTw8o+o0yv-Hem<NDr2`_S>H~<UR3Y%q3^Twx(>hm0
z<5x4{81RyNx}Fa&p~stR1vgBE>veF}QB6p4%!y|Clh#)@veZl<*L8#whc$mD!I}f)
zbib;tl?PsnT4sEyhez&Upxe70aQ)%55S+0`>(S2L8?e+J1)LK4-J)(3)eCN@w1ggG
zeHkQPUqt~9*JpuS2lWYI0!)K1%R-fr7lL*M-tDC%XWS-n9<$&2mRklibH%MA>9a9*
zwLYv;;Zw#PPr~);TiaZH!@G%Rb8ze!)Vs4EZ4~eJi0uf{Dflu@9L7H}Q-wwu5z+eO
z@KfNS%YEO}vRz$6Z%6!+{L-zDg;a(RMT{cFjjx3~nG<ZntjK||Sai1;h4_#i!4ZPL
zG723{ik4sRr22(Jb@>oGL_d%&N#WXS3fbE@++DIZa-fIc-M0vq3GU<Fdg&cq$R|kp
zC@`AXZ+Xv{jpHvg=5ec}Ey+1z6LTU>_AiD_M2iVLEXjSjy=vHW*S6ZVl@^?)BV^+$
z^zaHa9zz&a>g{b!KHPWL2q~6K!>}ySXmHaK?t6_P_Q;Z;wogy2(*4_7%pzZ_bTPp`
z<CoE6iDhaZQu!_HBkw!iQpxxL+u%0@Wz+H^qt08*kF?jmql<i&zMj_OL}01ar{Sw-
zH3pw}R@l5#1ke38Q_&$rP3mQG2=3bWreL?lj5Fkm*jbhB#hAV3$6AJN(`?G7AE&+q
z>97lJ<WW`c<;r%brF($HE*yrm=MY`mN=(f%Hi_YrUJv-|zPR1a;r4FpwKMo}T&Z7)
z5j9u4dMO1;wK|*0ckBW`zZiaA)P29KcNtCEbV5M_ugP=&;4Z7I7o5-(5Y_&ZDsG>{
zH$<JLp=sDC?hA6EW`mQhL!xX;4+G`~p@$+5knVEUqEAxq+SK1o=V`<TL{XdrxgG2-
zqjvbnEC9%UkAXQ}Sg!BVkIQc)71$rjId1E4bzv}2a;n#XG>F|ReLUT*{ww9ec~u<o
ziEm1F*6}3I^kO}K8lxPg9^tdSwOH~lEKWnuQQ2Rg<6Le9yL_6pph>7dEmB~eb5#Qo
z$h1cj_>ymM^S^Q~00IF{&fq3wp;>4Hw)oSkGk{s})M2I~S^G_T0zm0EiOJu1JFq?i
zU#GntkP8C4X3J%OIF7}k|8g2aw*uHU&6K~PVb<v(^!zik+1OCPb8wv%a{U|#IL%-|
zsU0cmB9cOKI|N-%vkAEs<W&fpW-<c=x=q&<kVTMHzhn1|*rpGIgx@&~ttEQa5YayE
z*ekJF4~50<+^Ppsn${GH9KNKh=TNkL%O^E<8h9H~gh_{uEHWw34&qipNUtY;8?pc`
z0%{TLEFkn>ycWcWNj6X82>=q1a5Sr4lY}EWgJ`(;891S^^EOEfZZ#nUZwxwD&!<aD
ze-;owO{KaOXqc*d;f9iL=J}Ni$e-qr&nYg7=b0lWH^_a#!XpQp^U3&^SovmdD>NF}
zcE<9Tw!#rY@*sxD=uj-j;P#RH>ZS>uOsnIu{DA5*N=pWPFf~BhbhsO{m5NFbUB5t0
zYJD|2AvC8TPjHf%@J-W)%k<k+6C}OsvS`0=sgC>+vnOktWeU@%+<bgcdyHZ7RaTFV
zXo}z#AaTldG{j{<l!{@{Q1k|cejkhfvd&Z$*EO`T;M{Al`mD&}*^o%DY0<D}Kc!6b
zczi5gRCAsza2s=1J5)pLR)_DF<0>;B9~hJJ;S=xwb{i=t&T28EtCzx7Y9Be+@sQLP
zp0pQ}>s7Tdjt6RP0=ZAgKp#$wE;**Z&^2!5dPoILQd{hi^XAW&oq@Aeuz3Ntw6r`N
z|6vJU8Cho529TbRTJx`z;qco)4?sc&BrT|7s2}A^l5nmCPPe{gplk|`Mfd@<V<Gkd
zK0=;WFc#urjiX5MV$zWad=P@Grp^S#T2COl#81wcy-DyicFrRI`ZZz|K&dB5pR7g*
zRunvNor-(0jGE_XdPSYvxSwt*z@dWOXQa4<PFYTz)>yuKX%HqH4jj9x--AQSIg={5
z51xPtK)uhyQl4%3(oIBrzKu^7l=|&Tpf_zej`lcB)4n7vpQV0Rf-|MEBg`-roEG{{
z0nk=Pqnk;=-aQcoeb8v{aPQ@AjI#XlzI<LkV8mRvqTbFSz1(ZIAX5X9jD3Cc+186x
z)-_3^B?O8WXUOPbbR-eFG_2GQP)Lqs=d|c1&+k)5CLR;Ak`%fm$(IyciaMrdj<S#&
z!|FflNir+P>4{gv#=(z#&#B#gHCKdyfCxUM%~?XSNXOOtuTw#TuS>n!GHL=665c`1
z{rXJS@pFLHvkpg{$&b}OzpbhPs>*!re!l@4@Z082=8(dZ)@Xl!90O3O?HU+~gv;2v
zvPWp;I7tf)rPqZ})U0j+J@Hx0MPVCvCBQ9TDTjB{2+JWyQf7deSg(p+_*~TjQl~hK
zVYjsMyq;R8skHZPVSHjQH3}CGtcDxEQp&i(C`+fjK-S|lGtu$Pz}vq9y61T5(Q=@x
zO`4|*{5|_WX_&GqQI3RB4v}-)uOvLA#|0qoG{W9cyA8qLn%|>6uwR2=(bLc7ngfWE
zO&W#3nNws4yeru?2AAzSb-%qU9g4rbFroW)+&621KCv(V+wDT|ycOv1bbOjT(R7>v
zkyK!|h;v7xyWr{8jEer#YeCk79C_MvfMuo)li&PcDk3_XeWOr_a(%<rDG!ODqVIgi
z<fBn!#Y|3y0l@xO@uy<hSFqDqH`xW*96WEGjEu;-a~{4ThKq!;Nyvn_YS6Sa{UixE
zl-Xhv;#y{kc+-cTDsRpN$eGfJ;E1zjJ;Za)kRXWg2s0<K;4}%d2bnGW@&yiUw)%yL
zVore;5yfA<o<0qrVzyMAh_gS3_N>M&jZC=TG~a@av!113wu@TO;4)n}1w;d?C))x9
z?JhG402)`O`&I;OQRGjzGzj*bDZBylW(se7y7;y~ZzNYMfFGd4L(qC5P#4hmjWnwu
z1+W=<1RMqOn7j-*IdZt^jV3Rg246^pd%ChXMfWtX|LH&i?F8#0?UPf$Nzl(Dh+BWZ
z3!+9dT|bj-n?_<&Ee(Rj{sa7+)^nuCeO7tro>;)8Nd!5=m%nA--0cw?0IZ$jGB_~-
zhvuj0U!BC5m}k>n_l)9!KQ-7-<rd#}<Nu2ep+EKR*#0<~g8Yj%{<*tM7$qVGFx>$J
zPKc~HA^z(dNeb)!kivtR8H2)JP5f98N>MQrx`J7A?#KU=W+wh0t^cQSK)4weB2`9h
z`14ek>R){8<NuPWuH7n=L$m+RRF_Cbx9z@iruzMZKi7{vvfXcIr@oUsUs!R&mL2iG
z?cbc@yn+x{c5+=vsK@EAn#W(ATIo`Jy{b4ddet+RpbgD`oQ*zneRJBYjAXg(>G_rO
zD+lM(2ObI~NF~6Pe${F|3_4Ab;_l7Rq_uih7k2QOXocF^|I;M=e>=S&Zx~QKK8O`e
zke*yV3C6e_;k|`DsnWwi(VLF)frtHwOmRuSiN^ES_MTlCoOibaeZq*(`F+#TQ~EkX
zKASRdws14?)}{~8qJB&haV&k)(O0;6T%)mczTDAU{g^jU6yFIxc54$?e9om@qgS{A
z%+Xut;7feD>AT)SQT-UM(XCBQ#ItY(l!e=jERcbty+9R?Uk&1lIXAyjhdU&z;eH23
zj;nXt8|UC1TryO@-<e8T&us+rg+!{O&mm|2=F0S<^Y^*?Zt;b;NALqaG%J+T#~xN@
ze}o`ShKxa{4g)vxMgf9Gg}BM29`Y+3tpwte#MX_yFB$)m1ovIk_HoT0X2HIvf?s(t
z&|lJ?pRpQ#SKHsD=2dydKFhMB!HE=>lsk$hrNMBkh;)3xctd^f@HqN)q2Kz|*8K6q
zRq@jLo*gd>$(DiVVAM-kX^ipKsdiP;6-JwLJ1jVNz>t48)>3h_TZrl<Ct6tz9{qWi
zw<Ggg*g6}bqKWD-tm`1<KHqeV!J`nZya)1v+9Fb&_6PW2cl>G=<6w37>WY5eux!4H
z#k~*t40CC;89Jio$TF$+EVY%ehSTMZmIH3Gt-hS+ioq{6#}D)4v0zS(;YIeNLT&j0
zVF%s-?w<XrpQ3sM%c;0Lj%L5#zHW_65RbJ_Vzi1+=MZ%~;nlTUMQcXhvdMw{&g`#W
z_$}!UgA~;;shj{C{<^T14LJib1e!F=L&xQCtLdvpp!L4kx>k;WWN^y)VGeMa5E}RO
z)eacS4Y2Rr@Chh}I!!RcC5)PEu&c-?`Z`pZ)ZFZTD7C%t#2DjEfK3M=7N`}XAL?AO
z;E0f*d@0Fw;&fsvQ7(?H7&{n7*m%4$3?9{y!EdJ!EyCEBB3+7{%8Pu})V&$Rt{C;&
zRRJX&Jio3iza+QIp3ug3EApiNq43UvGMZHlx0t!+Qy*UFa=S=`F6yQd2E!Q~^E|Kd
z{$><qEQ_yRyfBRA!qpWgr(E_u85Q|ss)mWVS?AK<(Ha*hy3Fl9&J%9*tWac%D}I+b
zApmQ!p7BQpX4s~R*|2Ij)t}Y8N~}HLz(id_yn(X*@w8l&Xgj0}+TC96v1A2_Ifs!o
z0(Z8DzpZvL>LI`Ak)k&dJByA*udDVd4;Rm}WM_~a<Ah0qDK4PQVY0bK2?SdES1_)U
zTRq8?*wQM=@w4PzwW@sA0v8`PWvFQ=BplPa3ait2`Ek5+2NW);Vp%=$Jl?&pOoUra
z%u|DuQ|gAE=a{jQ*Oxi((b3>$p$4u6WRE&MjfO*I+x=+?fx8Lqc@61Ku>2i<Y(lgI
zPArm@s&>h=+}V6yly=3oXs@^>`K}mo!iV-YvyxTq7fO?hF<~c70^4{um=4*!A1Zsp
zuHJlQLyz(O!1T)*Z}awR-rAe{fob4?6VW(p;fd%5wV!gKq*hrhDVKj$I0+xP%_lI=
zJy^P-)y5)Bq1~vr_oIGr<{pIt$TZx$(><WaCxA3QQC6vUU0O`etC2O<D#=HyDU(eE
zzQI0ory^^Sc=TB<quP-$MYZ)8U5fq~J|Rm758KRvG^5dL)l!;stV-<BL=MDbI~O!_
zHjiLA4MzBCg(09bX`rlz9Qc}GkgL4Z!XSD0z{S)Mr;>YBI4mi$WQ?d$_h!dh`~B`w
zrlf@QYTk`bncf>!M)U!k#bdV$UPha^R+dLzS5~g$V0er=E{-2d8RC`Z)YNau_U3Cg
zm<KXtN>R^zJI3#k9UFzQL4E$D@jTz|feDrhBfJ71S3%!?bWEX<m|44(7&O2a)4GN3
zP)jT5+VCkAJd==!7riCw^$Oyv_bc9vjXpud<rf(;nG*qJP<#k@JhP;WE$qjN=5>8e
zDt+1Et5!vI*Nk+L0{yV4vz}XDyFO~LdB^#X=dDX-c?)Uf=MJ|&%Vm`}5mQ4>n28yP
z21F{0W9UJr;+(%YDGy&Eh$5q0Dp(snl*$9MQPavMhKzEl&>TsgcGUgH?WH;AO0~CP
z^7=$*xUnGkLJLr{hwQ!dpT@8x@;1>cK#O{Cdx7VsK~?%h_~AgQqFfjl<&slH$E+3e
z?Ur7viVbNaR>@eG4$@;TRw=HI%y(^5);!?Q0cN=Z9`{sB+rz6-1%9b9gr~z&a(Z`N
zEhL6tvKxDqx)0|YQq6r?=z}8+%4qa<V)qLaEgD@sIm<Oguaj7CLh!K3>*wr#att}?
zg~>H#SvjqrwQWi2ySmfUqa>~1vB1=>msMj7Yk!_+x11!67RueC<+FQLv<FE>EyN$f
z(!0M1)rAV7$Kzh!+mL$sDJ@|w`^Wl<0GmY17QfYFSop(m$Szb>9kjl)m_FIE2#(L!
zkKoIJSlB~?boI}>)WbL0a>3(Pg`FwYU>@tHG~CZl=eNMm1k+q;dr4PN`12b5;5(GD
ztbIwI9y|inZoHRE=wUP72(60D#A)XbP4FeLXH{+e%Ld;^f^jY*B&fXuBUq=5qQIzF
z(`}Ja9;IP&oU6cVjPWyg{21WYArn`7x*zxB1waQGSMuU<44CJ-VWS26bcDYkqE=Tx
z>p2{v;wxNv?oh?dJXhO!_}DAlTPS{No@?S0r8lW)#69rJmmVkkGYKg;xJ>Rue+8Ns
zs{l<1sVJxWv5&N7q%t0yUe@x^63&GkTZmyc@Kwy`@&35H?iZQE7;5d?S3`3CaA$5s
z$Wj#Mgj0#OtTYH8ByQzOOjoBxY^>so(NQmI<<M&GBd?5+f>113V{KpiJp$LKL$hHt
zw7e?6yC+M|KjN98W%5mh0xumEBDsoTI<Y}PKBFfprw`}Rj{z36Qy&OLSiIaMTE$L-
z8PUcKBNWBE2Ha1nxIGFcmDpLMd>nO;9(GrpRB78pT2XJzJJwhMd1%Cd0=Tllj_dQe
zpE7d3oiFARspz?9a-_?pC|cKZXClfd6tqj~To|BS5Xl$)cqQ4QfavI1{Dcr4p0w4{
z&v)WEqpR7|^J*TdX8?r2$Slj?y!5UW_*zM!ap}R7TtgX*Fa54F-;%~qSSPQ+|L9X#
z?jGC@1w5w7mP1h>P_oX!-kR*((WChe6NOAoyw2^h1Pku)f<&3P6rAbRCA^n%#9P@e
z_v($zJ?&%eOPjEsjy!kqLGuvL-v6n`AQGL$9F+C0dMq@&gQC&BNV+AE91+BPXT@2~
zP;iFj2g}h|5Wx!xX?kHDObkSPo$Z@nlR(aR;de7RmYjA(T~2g>S7po{$NC#Pc<z3p
zcs2G9c^qXy%kX25=Sn3dg*PMbC<Hoo1J_^cqR_tCyD|D|H6xtEW7D7jFx7Rc)yOIt
z8t*f@0kdg9PELZUE*@FEM$9i~NK!$4a~#1>GM1KFfQmt@0iehgzn7q&4r>hO(<3~0
zHxV;)apKw*B(VYMYKgw*4U>>@00R(Se2ag?AEut*9$;GFbrx=ba>xKob(wtoUg=4g
zzQb(#y(tVTz?k5ss7*jgW`HGMxRE%GLFbR9PXo{2_;S;iHWF`5BiDY+he<ff7amJL
zhoIRx5S8zAb<SP?w82?8#$kHje*^pew}b2d+6|5(Li-Qo0kfBW1OAUqXAc>;&9mZ|
zWZQrJ1|Z`=)M_SWQCv7n)<0)5<m0#hMop&DqUnYI>-F%zeS_~5{U1$cj`AaRGDF{A
zEBqwe=33Ifxxv#$ec~9ZI5KV1j!(tJcQZ+56!9v*{N3;1-PK(%r+GSy1S#drCBTI=
z5vR-*i5ltCe&7S*g`1~8;?u|N1s_fx;}vc*;sB;}RImnu*lr=YD}dvFv(w^iE6y-!
zyIJ-@*Zwk_NX-m;65j|jz%5!x<W75{r%g>nBWdqOneo=!@H5=#XKfz~zituP_&a##
zwhbYzS&nCnw=k6g5))PMUWW8Vu9}Pj-xxD6$ORd-(q&~C7KM8(AZVZ^mTdK~u0ZE<
z2nt(7eH7LwUZtB9zq;D%ETi2iQo|$7wb(h>i|YdgjsuShOcXg!R?axKv0yyij9^n0
z^Qk@6ENouvVvBoEI~S^>IUmxlNZJiApp(l<4cPli_o;fzN+(CO97EKtYM&=n*ZF>A
z)Cgg7Ht-2oc3^P<{Q1rKwv}<~7QV*W(?XKy1)khC0!Z^Gjkvz6omg6P{jyTfPDq*Z
zD_LJ}u&5`d2MU+#xfm`<CmZn2ptoG@6p>BH;pWj-4?;U!gV{f0ayu^l6mf&pxxtz1
zlZN=|se(dgHm=sHHKT4AZ6x(UB&mQ~qvKS4D`GooU{l-`0Kw77kQUIeX5yrzoQ^vz
z8Kex6RqYrB>@H+V>(Cjk-!g~Kxv#q-w;US!q>C!ebcTmQ%+k-a-eXdGZ*=Ch<@<Zl
zFaJSJmHQG9=vW#$@<UHA95Cn!uecphX5+~qw7+&Mvli<?y`YyRI!P+Xw%2qWEw{k9
zcIY0lzd@>th$e!uH(#UQ#S#_r=oNBiL~9b^fjw;49%q$auPUB^t%sx&L@J}j!IYK;
zmQ?r|22)z`vjVb(dt|m~URH*h*BSM_p{14GF2yv<i8-H<r_1)d$@6kQ*58(=Y~C4b
zIr?IVY^^SiL7{B|_q+NJdrUmCGUzwX{M8Z}(+Y~lB-kDDclF?%j?vK+O5utntVZRI
zCMtvJ7$<j|FswmdcJK3YeRDhSv@`{yTwJZ@{lQST7<Ksqw}}t5tL3thK0&2vVDzL*
zvae^ESL)&Xp&U(?dI2rOzIJQUyU38JJ^g+GgW-^LX$;+2U=RWy&Lwbolt5ubjf20W
zjk>uQdsppf$aJAgo2<trE2N#GH?c$#@Vf#x#lPfq<?$5`tkk<NZObjLh^j42uc{~F
z!ek8qn|r{V*40#0c1~ER&?BFq+zKG!+Z?C(rwk9zTSmdcF=5zev5L)E5@W??cwq{w
z#Gv4+AKx!_{BU=qb+=dcj21?baS;lJ;5Rv4Aw5eC<JYRI*C{0Vu~Y2rMe=d6VXru0
zLG<4pG!Mt&Q=G0|&<x9ko2q2`DLvO?g`aUKD?*b$`=^>l%7_J8W69H#T8-F!tg!}4
z+)rus@5S5qAd^}x1>vJy!m#$s;XN(W3J6zl;lo@4mf@GwEUBllE43pqtdwfN(Oz8L
zVl|Fs{b0DOc8_#ci>eLtmoE)#YcicC020l>#ga4VzURr|x;}Ojj5ROWXQ{7)wqfjE
z3@11T*T(wjbrT+p`i`GR*>_|~(28T>_#_<cYFxy-iz2EKc}Pz39Sh3QWcaXY!M;;5
zip=K`&vWhsG&H!8V3+(j9@~iN+mWESI{Bd&W?A4`T3U;81q%n-37B}{P{~;IAi+Uu
zkOJKf_w?)=XZ$E`NyM?p+=}oF938iEQg0P?k>JhsDI3Q!f3FxxDKXR(x8wxx)lA-j
zzgSg%t(rh3TIe54Z6fkf*~2Gugz0R?c~p`I9O2zL%0;!majTfkl%@iL1JqAR(^MV$
zsoFtx9KA5lKI<u+*!k>n4Dkyg!Tlo*7A-h=pb%!9;1b}nh638KMiWs64f`A(W2lN-
z=HkrIs>rup<Vwyptp)~VNOCmc`SU9K_$as`KEmY+<rz0JQ6zAn$@gTHcwJtw$1reB
z0qvrR?4QN3?XBjTsR|*I7-fQ;##q5uS5nORLLI8vTRoJevGX&2Y#J>>*(nB<O|QC>
zWSH_*ZK0YvNMQ&M=&K^Nb3nzy@ry9F?N*g^LJxXnFFvMg{^Y#YXF+69u0`Sq$j4fV
zy)UbPnnWss;yM`EY6*OYWvy}d_k5~qlV5a@?5G3uLDe*;xwPe>inz8vs?j&5>&m4h
z{6u0hUo2i%Ve4u}+KIdcP7x!cIE}#vY4ktRTmm<G`zN(Q)XSL}IH6!+Qw7}XSOd@0
z!$m_4JDMg+ZX@3`F*Kt13Hhc8KQ1FYLHZEDT>xqezzs+iSxge}*zLd}YIS+1SeO;$
zpC>sP*B896uM1t}u)4JS9?{1UcGQWS?*d)LSFds1pT`So$?g{Ve9GZ!NPrAwCB`_{
zgVB)Mn=Ov*GiBXsc0cE$MNjGZVXZfORhW_YGL@_n*d~c#hH{2LLIGUOD#^~C(}R@H
z@<=8DMz;LQ)oakooyDklk7KG>mWm3=%nz&dz1n>yk6x&*$W6K&jlDP%EXEke>pg#L
zVZRa-tIxudzRBlv9qVVavS<P12lx*`DNV$%$B+?TrAPn)1u@<U)S{y{3D_}p$yCS(
zt01`m2r>Z3BQO;JikaHC02oXq76SM%RUQX-Ap1;3F(eB@`244Z!GZ{CnU2)9f8Ga)
zs{-&2>g>~KV)K6l>P)lYulH#pmfaDY=bL>1T$;?4zB>}ANld0w-@>SG5LOcyytz9G
zmL~cCcN+s(HHE#9tn6Rx1X6(+9w2yT3akUx{}tzu#|$$k5~LM>-baA(5M25lPMj-N
zWbOa_wv*@iclH5Aff-%{+NV=jAmT}l`xob#bS2Z6b>=(>5<-*@2x%_s{#Jbu)tpR)
zrnGh{9h>3XxBK*CY$o~k%{~J4Mnb}W$RZ}U?Z*(&Itayoy)iAr^H(XKL<)>ZbBfZQ
z*LZb@jpIS2`^H>Z;Q-ij&n|cN!QMqHRyc`43<5sxo^QjucTB|arlc67&u`2BRTNkD
z?qSIB6zH<7)^P8*9`Ebt$jB@o{_rIV(eo9`Y<xCxs9!gBef+qFr%C1KcGZi-F^3i6
z@h-r5&tw^nZ+)s2E=bXWC}z@d9Ua4glWvq>qncdm*%M*kJK@~g{F!-MpQlXZb!}(X
z4AWOvd%Rb?`&7Ywa1D1n?)vp4{p03$g1+$e3qM}Cq?o|-2+=zp$a^mC(f#gSq@7q=
z1crX2>~b2(IiClgkITv7#mIePZJm>^Y!e;si3}W6Q(8CPD;(h)n3tHej25QMQx4je
zfFgeBswuu68Q4IL%ufSla`$G+NdE_3?`xXWM}BNNS=Ebmf34VXqU_2Lq89Cgu(Kv)
zW*+Q5=F8!nk?>tq{T`BV?GLl-eqJ?u;9a0}<+Z-Nq=<8!+Em-)q8S+1;I!**t(<E;
zgW@(ZR4<DgYva5mCy+B^Zt?@{#+Ou|H{TCa@j?lOsz&gtq2*3<5-cGvxF_=PAUZG(
z9k?gq6?;F^*R>ncHB-kyjJ1W4T+p*eQw(V((!7^}#!5{$*gIa6cu3jkfzxkJq5&K^
z%BtXFSzm=I=ch$%dJa^|d7iBM#b}>X^#He>(x`*NWnCq5aOE0Mi!z!kMigx&TG*4s
zmX2dC26mXeWet2yfORZ35>*<flEV6p0T5OqRhf$_R5IM1$t9>l>eY0#!X>_$hHj(H
zLnL@i<r?q{cod)C{^c2Gf|MGGix9dN%ZOGIj>ILf`0B${e15ehsF5XfZWq)B1U02*
zqT}6&WKj(uGHh@Kub@h%pfpg5Jz-RuY*8xr2l(<h(q~y1y3tRu9!T`r{i2naIW}Pw
z#T{RVM4nlX(APdchf`c#YOWjU5+OrS?J(=_9=Xt_gbjPRz8o8TsYi0tp;E4N5FdrM
zcTt&$koJOCYo8^ZFGzChuEmC-cJ3ii3qxbT*M;?SOeWIzvRR6F4R`qM`6hwum^8#Q
z%+nNe)-^X!J2y=%T@k_(UV@+CvZP?A7(%I&@s&vNNZjC_eb6=f&}LD;G8prjTCNJ2
z73>|kuMds3T8R?NI-3IBd%Fy1*#i{b15bL@TA*1Us-1WU2Aa0_`j1k-%3H#Yybwzo
zK-1)%!a4$vIF-JFp!l~hK`eg$Dho3%vH`GXCNiwA!<5`msPc<m=l*dk){+~bVA5p%
zmc{XjiiRrC8vIWsVz?gRU|uSI4CW%WfoTW)G=?t;6CdYZ;^K@r*9j2!VF;S;ppPCY
zZy!+@#Umuo3Duq;m5^%$+fK)MN3HREVtx&A;gem$a_kZk`t6(#k43<aFQs4+e#Kgb
znDhnS9D19GrYT(14$5UF_?C#^fmbvs!p0j7*Wt{5HMDQ50%Yr1qs7=PS0a6Pz58)h
z-FpP)&z57^UX>U~l39RZy-vcB!Z5H5v0xj8h#qMcyQ&|=W$C|H7<z{H4<HMb7_Eg(
zuS96_6}p6|s{)`USkr3(t<#?L9PHQ&w2f2EhWMQrc4f}4k~h3Gap)sKYrNEbXOE4d
zd=<kO8uqQg1~!Z*>8K7LLQCu8t0kZETl{Uiazkz2bzbhJNBE_7-4RU^!;9EQ$|5sa
z(@X)vySqO+i0Y#fjpaikVT=qcXAtW@cFuAQn91Tu@E?+chtwneOLZ(^6qw1P);R0E
z_jN`QUsEY;5>tnkbi>JK_zPugnq`qaRfzStOa_zOvmgTlI8f@9F~fYY&+3CwT!IeF
z!cl{r<*RyfyPh47G#-q>mtF`@=Hy$l6*+!p(!Xj}XKhP#W%bW33e|Tt5)TwY^-GA}
zO=59lgBeE;khCVgG{~fu`UW<&Gyr~Dnri%-3#>?biKl8D{gA!+J?SBr^{Iduw+i-q
z+G!2$rGOt_&jCn$bptMHS(!|PTA|+!-^GZ%vuQ(3x7&xW4~6*Zb_v-JnR=~fBT4HF
zOuX9<=_(wGN^ou&Jwm++9yc{t_a2I^6_V8lv!vZ5b`}`RngbDZ{NU`g(u$`|@bQ*3
z@{>J1^|+YoTk<L*oe3i9Jz0pp&Me(e33Nz|K9*(@!#tE6qd)4RRimm|%u&A!pJUdS
zV4{I)F*|7Y3k`eMUu22j`If9YDxO8C2pan=TRv)<t5kd2g*6WIuVT6F8TPR(#o&is
zx2P{%iiTOL<ZZ-8_SjoyX?g*CbCw(RKjZkc#~4nU(#{evspcgfQhQpyYUf3KKx?RP
z`%WVw;~n9NQO>q8>>i~!BIcBaVN2fe@?67*HkSM(W>o}rm2mV>*DBlqlQif2pzXkM
z7r*)JEQGQZbd<~>#K}xxrVu#k+-6xa$CU%{|6MLH`x3!4)7irm!~rj7(IEoSW{(;*
zdFeEw0t*ATJ%jNk37jc0o)ggfk1r>&-OR<aFK2;Uu+htJ#4R}6RHYV)Ki}Zlxd90v
z@4tO1VKC>@NtpiBDmHLnQD@R=#Tv1qLH?xsoJ5FE{Q`JCUDPCp!!aZxdrkqiiRhjD
zXD0l;l)$2bY-<wxB9P%5$1C_4sm21E2at8<rJ$K;GRfkSm(46+bAmhmdKAa|Y9y^b
znuk6vojWp?92R+_*3Te15quL&lPCEVj*o!LIkjIU(7aMzpNR@Omso~%?-a*zYAy0x
z1eDBV1y$9M2u>8<rnkcDqiB8?jnPEl_HkX)GzO8{*c^ClX9Y_I)Hel4wUFbI-B)V&
zW=6LMkG3y}T*tYN8tZS$!No@UX?+>4B{K>(!_m0BM&I={<*brVG+hgcqORlyytMuw
zhy8PY?HwugAfeC1Js3TVppY5yh6Te3MV<P^zq+{A=d7TLhEtXF-t(vq&MG7+@$>XI
z&V$`uUp<+dyB1`|>Yo|h6IApmEX2yEZObg8264chL1AM%x_n*toB#mPcezSj3j4H1
zT}$4^+I@}I>%~EtFDq1c{Wz9%qDtD;!W_>_*F+&qpJBD>NI4GFhzymbdFvv>dxZR0
zpJSv?58!rVq2Fj}WTK;{Xe{n}*BV!{(b^mw7kg)}R%Cs}!!3c`w63O{lQE$jYnPxQ
zPdc+H?L%waQ%%qOp6Bl@0Nx;;L{x4%!>K>z%cph4<IGSFFEva0HM>?2n@2ln4dtfg
z!s}o*HgCSW4;V}dvoOa!o@)WgPcv}T4b2xCU(-wqIa-Bol`$36Bu%mVY2ZtXm}f#i
z#9{Wc>jt&QUt2!C`286{Thk+5_1C^9F0h>;Ra(yGB*}D_D7`ph+G!?qtZG3~DcKPM
z&!MA+g){&}l7|!$>9@ipku-kB745jfZ`mVOOMIH&-uaB)`HtfU7HMBcJfUUEszs%r
zVQuk*&b7OBc2>Mb#?;Mz@%m0!%mK=-N{pQ&R2Qi8co%*Qse#X~-VM;|d_U+8@spvy
z<Is)%3y7d+>O4_*JD~OKgaS{ki`oHyWX=_WEiBJO7}bxNs_+SF7J|D4e<7}LPPrW^
znt;ovOb2`-FiD{Nb5PZ!WzFcw<oz?G{-sZzQS2GpMywnZO9T*1kZU4;{r@NC-w6=^
zDPjaMW13M2tsom0FlyFg3(odkV3^_3p9m9NJ@qJg^1066`owP;g)nX|qyCZ@V8v$0
zdNaOlG9*l!*`H$CzwpT4?k<QQvr?N&jNOkj%YVz6zYLk*ac24f``nWun)Qu7f@MME
zLxL07cLwE8>f@Y(*LU&zKSm7T+P|ld|0!bXYubqEepvR_`Wqv~wKPV&Un{AoWfr@G
zy5x*6ocm<+o08mAweFuPf&Y^Wa#csr9uv}6q%Dq`KDdIrK7%d3YxbBF_SA!ZMC)dH
zk8dGYPU;)-Ud)Cmt3EozK;-QyYeX79rX1AdZFVt;^d|d31fFQJWf{>VLBGlL!l2qT
ziTnPo_UPG5{|B{2OrhiNI=N>_owCC}F#s_>LI3wRT{M$y`=;;Wzhnczb)<uBy6Jod
z?frc(`s@kbf&oUvCw!+S#T$oik%NBWE!eXDMzKEm6j!M4X?g&jk-zC^p8~J=?A8C<
zX9)h^`TsjPknw=8Q2#_W`Y&dXb}9bFuj;ApRulZ})4%b%Pf^Au*jAP0!Q<&CSSQX4
zhpqOKJ0z?+w#Vy_Ck_pM$1W`@tQlO|a4b|*-4zbBSA8O%9`NS3L!uw<WA#L%B~^It
zmqSE7T_|oEA&VZ`JB!Lv^o-AkcsoCfRF3ab%dNb9K!1hv>b2?%V4_xMX#UeCGZ`q|
zRj)eD_gs#aaMy2=D6_ruZ0z^C-(G{Ss*I!=p~BKpSUu-+%bcT8nlzal_&0PR3;n}T
z_`TALD;@;m%RhQr%iOS9A<Il#DYB6`+PeRf{Es(wh8ll4Vu&X;AD-`o-Rq8uxFM9w
zI_q0h8A!U~?wWEq$9b{oqo@v+>AWS&26vH#*ByLxXklEF#D^-a9rW@m-NT=@6Gr%j
zrp9{b6SK}|zPe}ZkQnP?oL0Ht$YgX~b$%Mh>gi(fQSb#b`KG72&X+fpYrt;0PE8Lh
zY7dxh-+M~u(wD1tR_>k{Z@>Ml!Z+*3g=Kde?AdyLUqZiVj+?NrRc_*_$J?qMA{eDM
zms&fQBu>8F=JC5G7lm4S7MU3*(B@ruw=Ztdz?00?eUYIa)z%c*LwI}N(1RrB@umHV
zcPg(ZEcM#9)xpN(S=6b0uH#-YeO8A35~WN-C5K1Z+oVLAT@F;nzG7SFx2MS@6~_5i
zb%;_ooQtiz@3G3hc0GOvCA*4pFdqD5+@pq!P#$x0%zL4JzqE_b>z`B)itj#szGxt{
z>h`^xWnmjiqL^`yAECX^z3Km<AYOH`xW|f3?baGUuEC!8wBGunf|YyMwTzD6GES`N
zFt^#qZMt~h<@$Cv62DmN_|5Jv75!a5{4lW_dn&hH+pOaJFVWtiI5Wq^!?kx>R{Mzb
z?C(>0F)u57ao#T%9yzQL(IP*LXH@KQ8V|XDJp~$hA2E1RJ#ACk`*r!BC0oDVkKX)Y
zTZLiilWez$%T)P>rf%Jjp$_IsF57O&sA*DJ849e^vO@2&w9@wb?OlJY4qmyp{bVU6
z>8$GdYx;#UmrYU!w|+eN^Rv_wCW_)8Q#R308J%?4PG5cNr#8p%Q<dR1^L?|fEw<W2
ztvnV;U-^gneWl2-_lhBx9-g$TdRBdL!R{l@;)dmRE;ZifDh2mruO4^S^OBNN=H9M<
zaz2sL@>>32S`&89`aRD*9P08{x@){pztlVYHD~+M`lqjA4BOt|jVw0#zgScJ;sxbk
z(8(t?4QH*kR~Jc!_b;LM`dqX+ESuHzn|#&cP5baB-60|d%U(O_m<O=}b4@V?dEjT1
z{MGGnU*`W&yiu}v0dd_E+a0S{JkpDs=XuuPlUBI+wU{fvEq|O775M8jE6x(f2R}JB
zMm&oaPuIK7`@yP3c%96WfK62TkBP>sf9+fJ#PZbG+7~~sk$+HdM?PtfM)(FlVV@G^
zh?Dq_)hO+yD-NRaB(VL<gcKkCvUk%_u|v#}<@*;Nja!v*LFosDa?#(ClSzwXvb*%g
zSDaW*Y>a4oU$aOiVqCb6`KYgXar)JrD$&le+BbI>XzyE$msOeP9h=hZl>1?sQ17DH
zu_jk+_g2oYMnc*}7Yp<C>Mj)|BucO?Uu$!J%3J8d%D!DX-^FCb(+|+QTGi8pm8cIE
zez6}k_J{V}cT*jzSn|i~vGqGPqWr9y8`Wxxa^;Um_Fk&ZmER<EVeRF#`b(FVj5upw
ze!V5X&GHQYXtX-k{jGdLdGVVwSB^w4{py&$y5m?Ie)*!6@6;dNH<#64`1|7froz7w
z4t@Q7Q-?*fl6A<>ac?vj=N?rySUvWfXD7aL)6qREMn3xRer5)(Zn@a0x+~K!#qvZN
z^@>Ny&RfD0cQ(dZNSjk%1@;U)QZ<ul(5J|+OIXU5_w@Zye{uaDOWS<CBnA7p#g#?d
z4g?#98%w{l6A^Jtl@F&o<fpHYqNY7Kki0Uj-1@du)=jI@A>WJIVy!|q0u&jdSW*2#
zwQG%NmF&wD+t^Ewk~=NcYj%r?Ns&?WSBJPhX%!puu<i~%y)u6&&E#^zybBvv)Ds(v
zQkU31Z8vbLI4dQz{WsMtRnK)@W4FzR)<kO9JQx$wf8Kd*zX>hnkMNVNPb2BSDwu^Y
z=t;^ub=+r6B%*!k!XGLehQ*i6bBmB9Me3bNt<6pj8!deQGId{t!pJ;KiV<F3{%&$T
zX`6k}S|8=aRU+t9W~d>w`eX3ez|e2qhy713Je;@f$m5jXP6aO4rbxUuXj>qYe57{q
z$Ga9I#Crv%Vz=(--Po0?vvTW>CwutIlrJ5=qt?2XzK9WFk{Q~+bNA^tM@$;h4=lJ^
zCw-@J9N%7K@pXlbxTd{<)Xrt~GFMlPm^^O~E!Vj}|Jdik^9h*&8#{J*e*CzpvuW==
zx*gxtO1?v=`BR!i%8-mG_lUG!O6QJ-;)Pl0c-WHlrF@0-sS*wv9sfR*Hhl7uoL++1
zhvzXHw(YoyzO#BwrD#d_i<iSyK1XOLsLb6V*}-Q%_~pGFY@=fr_?>b#lbD~AtA|@~
zU{@F6ucGeGIZ^lTe$VkR*24vi=z{+RSL|A<aN_hKWBJ1l&bE41F1EjHkymi@w8FSp
z*<d^`Sb1E)c-p#q*}B@;%DbJj+d6gi3GkbcdR{KpwjRGsFL2b=4tvnS2K)fzZY4m*
zDe%*f`?0>im?1Q&q7;8o-lb%*RN<7ZC)Ufu#@6!}4GplC2iC^G_QEe_zbKqIc=#9a
z`61s6+6EV_F4zh_KZOFTDGOH90{>=yLQ-|7lIre%oHLHQQ&{<`TQz09YI=GjRcc)r
zwoh1Nod5f>7N0+q&yT+$Qi@}L$bK<=`0$q|;agjN?uh+V40CgXD`=N+ym2xG$0xuq
zwO}sHrB9dy+}VZZl*1efF3KyYIgOt*K%!h4#0TLj`p`k>jLy<m3Vc32y)g7G<%e?8
zvu#buru*lQd=?s09@@oL!}>;U`b=Y=?Hi(!F+-;8QLaL@*bnc2MPEgWw{nP(^p?IX
zMjM(VwAxFfX$xVc*NMc8XQ)+K?WgM=5;qW|_igVxbZGOEFJ>#OPaumXEhKVeSM9s?
zRlj|g7kl2Jr<fC`KTa(;zWGpmYWkA08|Vkm&ZlfN+<efm&H2o3?c72K`OCzYU(8Qu
zJHGsVVce=mjJFd0!ygTwZhCX@-kzqVmO5vCV=eeWS2wbglxn!1B@q-fEVg~ydEU>-
z8@HXSuQJ^1d8g&Roz(KM3d0@F^_4$cyTz}1L=kuT`eBP%)U6*@SoNJt_Rv|?!TVva
zL9Gp&WtgmmcDn2@iQ9YfvvIU>)N+$iyX0GHeci_uu~U@v*)Cb4DtC}51Qt;=iMl<x
zi2u>Ki;V4V*oNmV2%9(`*k*m^b^Rg3!loDJBKmX{Bb$FaWSe~J_i()>KXv%HU0Fje
zmGIx)ocruty=2OZ>=&ksRM9_#Y8tBUl6Ry(wHTL$eM3XbOi^Z0KS?~cM3}OpTFFzA
z7rvSH$Xou!=1m<b%c&A64`oTtXO7K3{`>RWsU2CTkwre$jjZAQ{x0X4SG8ZgK6LTW
zqHu;;=$<VG#;0Fxi+#Kr8)LgX?3khLlC|+GtTRYUcU2&iRD93dS04ax9~tf#FPLC|
zkv?&HXG62~nf>SLYY>wAbTgMhWw$&}Hoa*1`DZu7Yxc(WBAR}7$)|okyYYCu^P=>p
z+um^I{m}HKe8}D^`K}o6vR%{H=bB}#K9!S|Fb!9%sqYVuE5uz4gg{Zdkcs9+H7DHc
zj){9m{CN7oqxzabyx#%*-i%26#JPy%p36*+i~Yhs)UR7!cfdg8X1~dft&4S~gF0MU
zNoRKdSWKt&p47Tkopxa@My8{eL!XC(H~XzzvU=|=>t7-vu6g34+=QmPTNa!p8n1OO
zZZ}zbVBVdtyRTK`7_W`Lb8`FST7!q8=4FVST%4F`W@Y=^&9x79FMG86nfI%O!oM8-
z>1+4tGIX`~`{pxFi;K&YAG=kZH&?vm7kO+{((6D4_&egsn!3zW1Fp&o9@Z^8roBBh
zeHY96*OXI7r4H?1m84UpYRQsiZFuEfAG2@umza||c1me$>+k!tE<U-|Tv392qw<#Z
z3DU7qr88$1o1So7{8VOjDfyn?t`&yQH$`rI7+U+(Ze>6f{^Py(&4&O570Qo2s-BrE
z#wap!M4-cMf9&2ixkUA`tdRO;znd$nu7A0usO)3d{fuJ>E6&7iP=4I(1fA16)F5xF
zxZE&p?f*yFTZYBeH0#14c!0s(0t`-Ymx16G+}%C6yA19Y+=9CV2m~M8AvnR^9fIdf
zp7-6?-e-U3`t~`0mQ+{WUDdW)s#mAlO73P(XL}8DM~rM_e#ENbO~DCq)~G0TieSfx
zqZrB0WGk{bnQ2c)u2f5sN>u76RN<)T*h9C_w>y=C>Hy&?bQ-7A<M;vnMHfOqp}jOA
za5G9whOGsv!#=0^o0QCthY=E&TowjnV0DJ!Lg}(C`EtT>gKNZV_U5}{E?DEu%;^>j
zoEpN_EDu6)bH~46&D8xH{ETzowA9QuY()RR>A+EJ!Ra$jKDIKnyim;r8yny>exS#}
zTtnCk#dwbWL1C`<7epe^us79)rIHY-*g}clMA<hs1E0e<RrZPwtAba~M)LatxK%&n
z%h-|Px{A(c;ZGKpe>`7=JN3v|kA21l;<ukKEaUWR!-&<VjAX-?wu(*zZ?E+pvZg~1
zcnS_{K6!j@vF+7AKGX47$ZVTmX*#M=_o!~M?bmNxX*zD7KfBgxTWvb6`Rp-%Sj^YK
zS(>(Y^E2BZb4Jd^+ggF;|45uWEavY}D@{APQOPl=n2~eyE>~drpNQE8Q8RK*-t-DA
z{fEW89XO?FTQ@5I1F`4}WI_5vXzgc@&uzA&`nqS!t_vk?+$&9+HEtf&ZMNh3K00$$
zf8x7rSS&RMl}4l-A1h}JNnejHG~2qCU*`5|xdWOWE9VS9yxLr9vIN{ZYgQkd9@N?g
zxII-GXpSFOc<FQ1R_?jYwbx`Ws9*oE`9BdW3^eDCE4=m9Yb%f3)H`Y_7SwNl{7=L!
zH}&?Ks0H=Q9}EVX{l^ua`na`~{{ykXJ~{tR9qD`5kC(aKTIK+^|89*e`SQ8<T>)xw
zBV1`0|I6HFEg+!jsdClu^Q+CZW@VSo%iLBiUcl{@CX2`1qf*%G(Vgb^uA~2d^Ztv?
z|M%woC+GjYdH>1Dcr1o&;}GijRQbzL|Mlof^S@hDaZ^xv`VHNju9%wlW$qAarrSN#
z%+tSSX8kqu2x?~2ePvpgcWdQ*IQtFM%pWh%4Ei6k@;_|-f6B`Lu=W2XEC0h*ZE{&9
zA4c#m!_~iLrv1&d|J|Bm^q2kZqbRA<>)<8Em!gi1{?b#FEVP&V+l4}vSLg{N*O5Z^
z0X@wXf=q$A=~Lz`8a3Tl93xUH2ew=0^7`GiT}RwE@=Z&%aqw>1{LfkBPYYs)QE@n?
zMu~_PDN$pcI4&ZCABFSZ<OG-|E|J5wKjp3*_o5;Qv2_#LYtpkrxLSu!RKGLewxYu;
znTaWx-PKZk)c*o_S-YjX5+)T&Mn=@h@J~wR(e*M}u;xB~e&WH)i}v+fd=9A=<W;W0
zSM;A9fm<5Mscv5!dEwOTn0!?3pNxZ3gQp{X_0xIC1EddwNvmUoWiH*mrIHuUKGkV&
zuWOk#UlEXV|1o0pP)IqJF#N7VxM{)Y(R^jW_<ct2!l05on+j72H{bQ(_g{>-#J?Ew
z!owrqJtsCUthsIfQ;nSJ6~6yeBeuGIY2=hsvu)zBhYt%z9Y!`hAW!49wAX~)Sd4L7
zQN_1oX(V2G*=@1v%7KYpw>2I;tLs}TG406h*K@h*m@ue#Y_;#V)MM)!_ng}h7vS59
zw<!u8r?>%*KzSNFBlB08PECB>)@_^-JB^3m4oo2YhsU}HV%=7!uX-#$0Ds;tjimk?
zK;vIZXuv4^ONkIec4Ja4vqm(p`N-eDOj9%fS;PM*5erqKK9%twCBAA%de)~_-j6n<
zj#}6J7YP5fnUO!P?Q%3#R_2c~8h9)%VKY|Wv^Uqg>hJY-j(hiN?RG~ZojW|Q3N>hk
zG%UzHnlVc3_iS#f{wAgo?uP6AZ|mJB`VF*>FRzOWWIS$$QXRiM-)IJ$d5!j*+&`}e
z{MZ#<tVDNRSeRr+6BOpzIaN092&h3$+W#4>H~H{w#19F=(e>wXQVQYdZL%@ZWZiF6
z2?noRuOIcTJu{7Z!Usk7V{QIKC0~<nQ<{2&Hn`y5mg&ADlTgGtcu|Cf=_g5|!cV9y
zz25eiz2a~hW=eW#e+_GUEKGZlzvz@cv$V=+Ih%KFFhle9U~%PsT~YO)e*`|ORk`DL
zZ<hw9`Y;N=Kz`?wadZZ_pGW1<N<I|;55wMAzQEj!ArkSvzp;dFIS-+Fo<uo%Ds8&9
za71{5>q8c%X4oAYXbQ+RpcNhG-u#yDEY)3+S<05bUrB#%&0gupei!xvKS1_WN@D)_
zlptS)MYxb>&?Dr%Cj2}2w|n_<Jl5~z-iWNhNo=l_#0yoKQNi^BuYJ9ClcreNZm|O<
zAydD>>#J$KnvvIxmt@E5dnUeh%=#nQ^@8OcC>Q-;!0WAirf7&-Bv+RJ*N_0Wv>dHm
z(Z}Fl*Gq4(nd?8s9T6K1KyPO{M&MqaA+|}H`(SZxhHe^ysS7lfb-7b|2oZ4+uKXEN
zOCN&uNFhSHlYK(rAc8ek#S!5k0-tDzT+09gpKJ@&=HmMg=h@MkRn4uwu=0PoTl4o)
z9AnX(!8DnU@n}CAhg&`Sr9xIt!!0}%!ye&?SNYuwcfQNoWv7-l^yNNIc3C90l_kEu
zEO7X{$o{nZL`lD-s!ge=z5K;NX4u&X>q_I*PcW5Qsx!~}Q?VZR)XjSM4k5lndhA%1
zg=##Uu!_vRc1<k23*p6B2p(r1mu(Lr##}F0vufDoZm_QZEW%Upx*p-wyPzbOHf$_E
zH&gf5KB*iU>#(ZS(W4pDd4i5btLM??t9VPC&QbKI1u7h_pi;J#8t)>1plQ9h-&!<_
z(y-}BCI7Ff-zdn!ET3n|*OVlO%r^B@|D;`Tl-yVo+|YcEJdYsQ8~R=bf4zi<ZldV%
ze3O2z^|>&~65Mi3ySY!Qw{K*kkg*jNy{!m|cd9^BG|R3e<pDD7!KC8O-c94l{V_ZF
z1-N0W8<u-GX&=y1TyKJ&<#3>PbUCx|nMD6FKeHnfdRj2zd5aLC&RJyX9tfpB#yqBS
z(n$6^!70gm5!^OQd{|gumg3M!wN>hrVsMay-*^b^F;~baf(nXi@97`(&LSr&tIHG*
zzJ0kHnlvL(&;DU0M<-Y2B$PDF1t;k?)D^y6UhYCR6MWkqJN9V~w7KTRMvrFM#1I>Q
z7O^=0b}|Z6{qCS4c{BIBzX1i%we9Kfx)yx=NROZ5y&;Hk1q_+$E=jvcIO1!u&fJrB
zKDtu=xv0QSpBj-j@^M)&zFaAz;i}|SXmfDImIM}#Gs^`@=AIr=-OK8}%<q0S^sM`g
z!?b>ZW6I4pTsB|SxV4c&=z4DzM97kxE|?=(;M<(1yFdM#)_C#l{(4s(KxKbalghur
z+w>7dIP=+U_BK>~3(aIEkj(np0K$R3k#RV`3ZG%xy&!AaT#H4pV?^7RJA!o&8AHyE
zda1Ht_var&p`AEI^jLK7Xt|rV*BN-S+-OGJG?W@(P_&h&{Jfg0B7-@a1l*M3fu*f)
z?7wZ_|Jg&JX>m?~5&(MtsLjLjDM_TMYEnE>>)4}#{3g(+Z;8g2dCM}3MwvQh@za3o
zMC0dXditgIX(0ReMreVz$nr>>2qijQ4_Hl06K{7QBsGWsc5a&cyGm=Ve(Zz%&pPNK
zD~tOw#8S-9*}L=lY}u_6WyKp_<S`Y3hmd1T(4PfAnsu{~1on%#Vk8=``GHASI%B`V
z9e)UWPgE>#`c@jp<lZpK*h0mfl+u^LtVYiCF9po5Ul9-+CP{0xMoX~nMQZ%8<~;<D
z^l(RMTJxPajX#9P^ciirOy^w~2ok1voVdwr=jpYZR$DL>B+*ozW9Vx$OJ`w9`2@y}
zz+X!gu?1GAbfE_|9ytqb699;`*&P@8sj&r0SqKKo)veVSHG}XJy~4LA!7S-44E}bm
zEW~-_G6U_y*D<>IjkW~JUbMkPJ&gYRcon=1iO!<_tpzlZH;#8|UzoBVgT#5d92?Rv
zOzD=d7X>W?a4yP55YA%qNN}?dy0KZ2&bH$s@>&N%@3onKVw)U>3attZR9qg{{<%d|
zAafj%29d>frCDqN??p17t9IUZ>2F`0zX975Ka;%H@T{UKz_hfh>;rgD7%D4V5DltB
zR^Z_hT*BYGongT2sQe6CzlsueJqzU6>3Ue;)f3p5#f+Q%<u(lC-&WIG3ybl?_QK^k
zONb<JYB(yY6DD2C?MO>UO)H92f~!b@R4&@)aN~S8>d`@gG=clURqb^?gM_XdbjvN^
z_GtY|5;z3>&ReHsqlb88tbT!<uA=6SvN4+8kWsp3>9^4yk#8@D=yFp1=rBQYF|__{
zOHxCkB44jsn720=l<_th8ny1Rh)`7&Ihw7q42N9Qvch%#+cex%>&~LGFM!uOjTatT
zKpE0bukwR{xpR8L2&22r&CD~;o5cF>yj6eWT{c#4`KqxyI9GAXiQf6MYQzh(a_!4M
zeT{>5nDHlvS1!N;+F??kLaKk}I>I~+=N%S4f^6)uh(J};D~yiX*-KH`?SB#dSFEM6
z{D@C>f=hyW+})t+^qe8+;o1xNps$B6H$FC`2jS{HEF#q-AXu9@@66KFZy-kl@i(n0
zu2b5*y0`1uTu1GTnuQZiEjAk$s$&YzGtZoL-=&fx7>$c(`((E37(|+E%xkFWZTQA#
zMzqN@6L@8mKagH6IY~h6jg5)}$AZ)a^f;k0XXYHtH1`S@enmH)+dud{#m@?;+#37{
zP3H-v$}cm52ie9N=KHAiHubJkm3_LmhB+MfcPH7G=$c*k=4vZ=C*g*YOSgo*zc$mI
zq#>$X8Ol9MZDhHGlx&kR!MfGE7h}A@lMH1ev0a9fOsDq-@#Kni4g(Z?S5A)>g4Z>9
zQla4v2wJBDE77!)U(^=s+s}Hjx1-@`+Wkm732_xxjYdD1thrVx&g4f%w9w7UW{#y>
zbOq1Ri#i}-=+oJh-;=q0FN@D)VEWbtX(0Z_AF*M5*rJW|p2k3O(C^c@>|w0M4vh0W
zysq(ST%fiPJg;rtJ}&&*RXj3u>XTTXM@yq}9ieBAkxz4!ru<uQnbkf`y>c)(t;V$s
zTYL3hq6ehNGs>rzfMJ0hlMG==h+f<_@_W|m>txoh!m(gW^DmX`8!1J;SoUPP!?$q}
z+M0s`;#o=2JXO1_e^6~x80u*}OC`MqCFvFY60Hhx@ZVa4k<%9G`agXnQXi;SZlDFP
zVQgH)Cgm^{;rfTq(@At!vqCnBsk?NS)xccbvh>-jn2wRLDmZkptlKMe{j}Xg#j-7!
z79_;GNU_YDM8w6O!cZLtCCk0`CGVq}*ek)6J`ied+2K&ma<Hvk3Ki!J*vBrV;?r<H
zF^HI&+-UZ4Hn1K*j+U4n9~S%lO6|*{>Yfw@+T1f;)nOEzDx`!_(L7Sft*H88zL5)&
zAxK?4!%|k;c`s`+gORK;u2-tiz>yb(E*uyo-m;y{nrE-cJFfS8vnue`aU~DDpsa`p
z>N!LAmg+kZR%ZE`;-x1t9_n_&IPWh>tw`!M56Fu-B-I!N;wzyW;|p(^-@2|I)3vT8
zvL3#3uV8qji{>uo8BRY@-Vk)n$tBt?-`3>&02ZK*2O8hazM&kA3h&v<py)7yoRk~C
zlzCblkYau-MM!Zq6=v|qg9ljkP&zC!^<fb(Y*?`yuXTp&)JyxEWKxJJLv|{RsWMtD
z4$zQY%xiAL=jpdHVLoAHW3Yp=Fj`L{ZDDX?zmRTaQY3+w)C*6d8C$Xu(<E>=aVG~c
zDsvU(tu{`R+0fk-&k(vo!sX7auq`yvjw|}P#Lgqq^|>~376d2nDe|;_@;s;bs_>~%
zj@Fh<&Zuu&8%%z!C+Q@bSGSebemjnWUv-lGvGD0te5jL%Q>a_j`EI;B%Atnn?UHIp
z0iVs#?He~4M;{inA#$d7hL>=bi%uXIpNEA<;Fv#=x#D?=vON(owgnGbPxwbI=d#N%
z*c8>P8=Dl_zLOH=O|=u6Qhc4rQ9EkmtC_mPxO?+OG?;IB2&m$UKCkJ}yL!TS%&-pY
zVo!pVKhacX-WT_K>+WZ-!XK10!e|F<*;xo~^iRpGXKphNE;Cb=nBTG_B?kOBTgHT$
zYp__fhz1VJmD|P?)xUC}Il13cdf~il=7<ksqCbXUo+gZ;;ByluS4swTKHkiBZ)Zt`
z63)<98(q(0M4Hc)s63{~L^Xa&0*>Vpc{Yolx0<n*a4j?LL4IME<@d5t8N1@zhU*UC
z%cSk$jeGE`E~cpJ(E?y6cz07u8+NjtE96VFGn*C2)W2fO`!UGH(U)cmj?PYyaEW8p
z^V)2%hw*-N$U5n1*u_1b6{SutQ6@|-M2OMFCNA-`7@GZH%pCsdwGUnNTsmElKF*`A
zHgsnT*OpJsS@8r9YtKUsbyq1)uiTvqaL3!hWu{@aMnox-E=2EW(|p;%t{sAoo#tgJ
z?wj%nIH?2^-2%?KfsF^%2c+p;SP>OyNe`Gf1si<?pNJa|M`wkaZQ$y1>9U&^i_(mp
zvvSGMh$mu7sb<F!?Uv-2UeDG=#(C=dCa!QgX29(&gcpW=e1D_0_6gP*v=KcH9{wa&
z*J>RBG+o1gn`ht|$}1<bfkBXCc)2FXrW}c<lFi=G_o(T06ut9RJFnHco0(`OnYGQj
zn`r~G6{Q=7x<Z(o6^8b*^~KmjT;84tm*CssbLx0Z6;-_CTAf-<!0#Eln~ywXxx)_p
z2s5>9o4zq1qyef%?wEw_htFV=&m>@yw+F~lLlg<1Mbg{^SXCa;IMH<v6e_7{^!AL-
z5YUySJvu^w?1=I~uf3rB_PQ@qiJ@1o7op!?tdz}X0yac5wMf2voJZb}kBYn|fH3hg
z3VNg^gcAEcl6w==y##ssSVU41_CdrTVVZp-A3%dQ9|8A`?Rg~Ad^lQcJ}i3$9H}1Z
zqLU@TM?_uc$~p94fXv6L(DJOqi+;qA=xq9TIf&}-_8yHcN`a(ylL{Ivh%=Im12f7x
zLUvZ-qzTH@M;k}oae}=O{EJE7bza^dCE)bwr2ohO82YldI+mo&hcLjq_+#9gHUOF}
zX)6~(oC?*qkLjvOxj7+#p)xFYN4EnzH>wjOIR=VeUL*k^d_7)?eMv7qc?@$leev&n
z*`5{h@p_SGA24ErB^4CF3kq=h7obXZ1%^<43s3{dskZMUHIt#TAV72qFM2-@nH_h%
z-wIg@<tXMPSEEmdh3m;n_NWsg)_yVDuo}M?kQMlB1xE(e{sOA~33)G);82p}6f58@
zy39uzzAz5b&U+)zO?moNDS=jz<;zUr$Tg9>DzjU6R;NY_K{7=EfS4%pZ`upC@Ux;I
z1y$VkMF<kG!wg=Cll|NH4yf^Wg-s#Y;BN9{uR0+{?GEx7l4{~SDeLXJ0!(ia$<(Qk
zN?4yeRH~czatsCGBF#T&Z@T}b`6X2I8*(jrFfq6%FUcFnaV;^$CMR-!JFkYklS&$H
zFpt#EHJk><A8pEhjN7+(ImfIQGf1{`BP(wseo3wk(d(SKa~sX!m2w5hoA?Jhifoyt
zdP>`qjY?um6}za_a@YDUY|)*AQb=1r2xizBey5?72wb5M;uQyL`SKQ?;=mO3g1sRM
z{lxQIm1bLm<c6%BuwC@Oide?r{L3^RX-(@XHw`VUu%5YtygPU{5h9Y3d5Ukcglj&!
zxy1zE6BPHXNgs072w@eG-v_fi+P%_GexeR%S(&n%Ji1KYP<>^Chn&J{aJdV0`zLF@
zj*}A#V#%K;Hj+DX`SlYExANy{W$%LVy((B<-(3%b@AtOTW(kE)!JxfD^o%@FQ1Ku_
zFS#|y+v@~%o&Q3V+V}y-rdxrdh;1tR9ni7w!fWvJj8rX6`Ta)`Nc`%i!gEP9N^|S`
zn>ne0WX2p{o-3S=KP2R0mMhb__g-8z@p1uIQsfg5L@#6wd&E%TLvCcdcLhiJf%ieW
zv`^yC?O4(9jN7{GGV4AYJZpq<_3r{;<C>gfp}qZ0y<p*4DorQWjf#}<CE@dyp6ME&
zuT-`J_<99`_b_N(rcTiVwJg}#S8lM}3QRo5?(!xKp026^7jiX`A3)odhki~xeWdEU
zc+K}896UW9>qdaHG#vI>kLk9~igN<lAko@uD{TI*h<&9%n{FZGwrtjUf|EX)O7BZj
zwc)po002)30vV!z3_@iLLMcDFd53q&jtL{?y`{e@KP|cjVatLqfb)85;Oh&ExV&w@
z47UfVyq~(Gr2Rq0bc=%k%45U5c)YLCz{XAK#TyM{Q#~N5d&C7wUPHxAmQ`_#v2eJ6
zHxV5EX^!zi47nd1s^!?W#<L&{;@yJZ3g#t)uu?&uf0TP1O|s%=qHBZqB-1PVr#Uo8
zn9fH^H|}PL#9j`0G39T9tB1U$AYY3ZxRmF#oOF`w2}C=Mcw~CcF{U|JtRi<Pw;`%Q
zkaalWhpnTL4(GmW?Na%tWpvki&k<S=aY3&W&o%ve%))c=f{G<4p9lCXFLB6v8W38v
z>s54W8jES=cX=P*(H(+*B!QjE;aqO~)A!4RIPYjrbOG-8bwj;9<N_jA@{=cJVx9Or
zso*7p=q?XGApUy2NEYEa^^S7U3H3|-N`m7@cCPH8DaO70T=SnBf1>gZ;bO@crsLoM
zbNkN>i4O3m<xGjSh~&r!sCZY^F?kvDj|BLdo3T_cH!Pc3x)uI{Nc?2`XfSu=4{<3a
zu||c%^pLtQY}y-aeGE6<)@~;nJa=P`XNZROY2(;w9o7>GPKaniT2aW;hvCzCem!dP
z0~dX}z%F#?Kb=y61=`&dUJQTgd^$H|P?jvQWV4<VlEbhFJg}-#iO%|W-o%47U3ekE
z!w$L5)=hy;$Bu6=I4%8g1kIU!`hGO--=V@N9GZoWqa#;l%L1rBR5WWl1KVdtB`B+$
z%^eJ#u*2Mb`pxe=ZHfNGA2noU@!5^ud#gGYBE`JD7rFbcZbNN1$tUzmyICedfw^bz
zaQEaz5DUmeJykD0TIS(drGrI7I75Xw;@2}Vu!z<x-bTRoYdstsf!=9!G4w*<CfXY9
zR;cJVa_>yw?ENIbz89zU@2Ntr1lfomA56W%r<}E!BfROLqx=MXZJFJ;2no$cz#Pr~
z7A|p*UJteF6Tw`RbXDpcO0&$qX5<BUQB@nF#z^ztCY8nWkC9ipb#b@l4g`eoEk4HU
zj#i%W3yZN1TO=R>+6Tgm7Xl97A8sMo81So>5sG(x?CoZ>D8a=}_XdCAl56ytDgD})
zuKpFKpto9cf6b6r?r1I>xIMzCZjBQ!&MjSs*=|}cPeUP_z~cFuolTh@Sx!QYEK8Bz
zP-GxRGv_J<L7Tbdco??j^ZG;Fj1>W<lV$(nfn*+OE_y>y|GkgJlC*%yD>n&OK$bmM
z&pb4&&|s2fnOe&%mdDN<8#yru+A?GCV~)b3y(5(4Gt>HrLf$Jq5c-|+loX%E1&Hsk
zI6{F%Z{2qVm`U9cZ6vJ!j<{S_Rkx`$dO-|mTJi6t09|MO<l`YZ;t05cQs$vSo7hY|
z!?m~2SKMt!f+OSJf-iX7BzhoL(~IhTFQlHg0?uV_VPX+FX#%eI!MzmX@VUX;Q=6ot
z%<VD<Qxw~{016<!N=l3+FBr+3)~(SI$v8fvyjj3?=pGP`(X@63<<-4(@Hn`De-c9)
z24~Zo3HDNeiF5!IYDTx!p<)qbWNO-#%I4LH2I{6j-k;W7B_t{ZDd*|VU7{l|QS|Hd
zy8@-C#4U)*OhseI_p!DoaBk|$)&b?9`8oB2Z}u<2)<I>*YwrvZ;=G`<%V8wj0+I2i
zoc5Y13ry$fGA{D@q2Xz~VbsY;c}X%fXVC4&o?xx^f*WZqQt^nC%YL6Z(efL*1bT*t
zxEO6eNcoM{8y^ayuU&5nR7}ctLq6=!cgZ&PF>GSd2zq%K$gPx?<z5qCZq)b5u6%9{
z@&MXBiL@MQ_$2QlXf$}(NjMmjm)#NF1<8L+c8B(b&B)6j3;RE*KB~*LJo)9nL;NgP
z!my!Bb}2YarQC~Xsy2Yqd0l{@*$UE|<qiy{3M^&Q{5-~MA5Yj!r1q5<#Vw|8E+1=V
zEW*cvCb2q9YO5KK-N3lAAnvpouXCerPHBG^N@4b|EST^<`_L|$qfid_8xM=gzp`g-
zlH*526C6M7Ec+2DOl{qqk#|vbC=2grF2M&RT{N1_TiF395}->t;S!*W=2qn>1u?Gd
zxtf5^aNE33ouUM7<2Dm9;Wz#(TtlUm%4jaNQ>^Ll6nOL8#hAF~zJV71F$p`VMdznP
zl9$DlZ-40cwE2&1+EMu4l~yNB#9_LP-1SgwPDI7IcW$5!UbKj@m3a-*aDL#2)l;$2
zZh%;;e&@0QJF4`yAv6ZmGqA8T{P<wDq9vqm(ZxXTd4g7DH|Z-HEY^+6YRYfc>o7-`
zJn`|pX|Anxa&DFjb&g1%ZAfsu`C9g11K`ZFS3gWSRlW#zQVUOa((rk&5klMCs14CK
z?LJOo*5_YPZxtOPMP4T$LgFqN0Dg8U&YWe1p5L1;KIgBVi-WfFJ*)zm*ns!cNTmww
z1>dr$50QtE%0U*UX6TPH_r|aNJE=CueRLdmmSqCu|M1q^`}GKNqS7SXP#3zF?F0CG
z*5<~`sO+4AJKFM;EJ<h=eIAkB2B5ELc}iU-8Ag>N0u-K+c}A7urCAJ{hvpC}g}UDt
z*hgTWY@_o%+F8Ou<hz=|>_?O-?LGItQQU0t7dTyNjjb)(S!6>f42y6<96@{X3!Kkq
z;erWXg}Tj)t86Iphaa+yRkj1j&9bghWzZP{g}Q|+D5^)gQSZkizJfSUL;GMfA`lcM
zjkjm*HeD4lfp)R(asyE(^`Oq%&?!Iky4b~NoEOk|0AopI3+6&?tef_aslvSDomyK(
zuR@OJovIK=)VX;pfG{7^D-unvP6lfWfwEm3@YPASpYu*Z!UOlaAEVsz)sdn6>rhCH
zpZndJj<K*G?tf>)+73A7&&l?~9y5XvmfHq{@EA7u>MTeQb-0kxlaUvo(ey*bpqfB!
z{D-c|PGa?IPN=jQnd#L8C3~4B5%3GxSMUO#m%V&i5ho_Fjm6u<HsseDFMtIoTE-R1
zh>n%5)$*}TwOaQ*U(~G>f3kp9zsBzf!lj>q%a}Zl>3#K*(oMuC++@II!Ud6vm$Jn~
zE6Www^5%?8>Be<7MZ^3bCyrx`Sd9LR)FjuL;uCbxPxq#&0rph=8U9JU*Dtp=(^VE;
zl53sLo%98u#=^Pd*i-u=>9IvSgzcQlY4FE+dc4;sqoa&XXmABIdf5{t9wLmVK=zY_
z_~2eVz7a~90nzWwL0LozNHc8Aa|fDCL0R&mL7AOKYg38cpW?x~XrF1#R{Euqd4P3h
z&Uev&dop-bPyr=#qe1zg%(Z$rdw!s=9{#Ni|62P?H&i_TRu+2%3wh<nY%$bk#Pb4)
zuFa?#^$fwPYO>|G3v-~&-f;5@rc-JTH(>RqktjFLw5mjtF0PiQK<N`9EUnUm)&Wfw
z>f#rA4Ap@U#xk%y`>M=Ai5R3HOP-xCH6jQHDT^Z1-p1QgF2s3&%^kZrn`*^yAhr|>
ztL>0paB_!UV+NnemM?DA3@dWg>~o|EmtRjb_ZHAy6*ehSmqzzDttoyx^6_fD_Yi?~
z5J*3SN88U(jou(1!NI1fub|`$@9ZpDI8myVa5=Q-qH-~86i{!o&dwf%e~H;vDt!1^
zAW6Nva!a3#Bisn|?Jqz`7n~^A#T`{De5<Y)*^?!2V$->$)SF~lhK$f>Uk7-Qj4tG9
z;%}wamE|~DT~^gLna&coc!DG)onB<_sBjEHDNm5<)D7gh<y|21f`F$e7q5%3VBT8&
ziCY#}Ft*d^962<Db)gh4`Zw67I=4oV5J9nQKJ(hwdr;?XYQnzi0GFqzHjQ{KX4($2
zIr}A)iGQ**M)v}2BU0h-3F<Iq)b+?!B>cXCY~H$&$hnCnSTF?{q}LpP#?|yAdw)it
zS*JN0iUWPuX4cBWMD)pz^+sAVd;57-2*H6pl9{s&ef|c%E!5(7PbPa@PnJ&G3xs{U
zZpwG;1n<ka7G5UJbZ|57-<!X3-Uybq757VXCjJ*_#Vc6yYb=Q|y(y9E_czXPj9D`)
z*$dreeC<8>BwZ}FnRQXxXPlHky6}DtH);bs%Z$?_bKv`iViH|AvWuP_<FzqD2#NYC
zNsw7NgVj8G1AN|yp^!ux`x{Ps&Pa(s`*5<5mm(Ap>a>+78d4OLo!}5k$wyI)BH@fh
zL_RxHC#~?DRqi-3Bm_tOI(U(o&ARJ`_kg+!T+-Iqp`ybH7LMN&KUxu!4g@kMgRxr?
zFRLO}Ilm@P{WcQMG{($1_&v|BjLt}onX}_m4=AxKfq0Nnbn*%i{XuT1=qX@b4<MUE
zo|7@oxi6g}vo@mL(Zp=CHlr;#?eP@rr4+bysK&mnyTV+OA;Uj58nLJlbrOlAY+F=F
zQEzg7V3F{k#IB(z62>ZxJal9ASGBd^iM;^23K6`u(E`&xb~GxGVEPSUZpx5rGPWTp
z-c0n4%=LSIt*S^p4xk^w&T!Nhy`#F!OxHl%=7q_NTKq&Mg!~CTESL!IFfzb4hnMmx
zhU#ZBs7Av*G4~)RJQeC54%VK_S4MgjT*fYU0Z=?7wtSK=4Y|x-Hs*=F2i^!0VA(7t
zLsu1`vd=M8Tgieo%GqHYxSiKXFat}|_e!UzWOH!~&-87I=6gRZF0;}l5x4o9?A>RE
z6h%iv3JSs`{I}M1XdjJtsji^H)7fFs&){=G(I6*xP6ZsShqBbHjy*+fKL(C@x9IJ@
z8$N<{<aD<_dm<Rw15Z}***YYp8y~A2f^g`G9ZDm6g&OXd`4Qv$b<Q4a`4Qbx)hmDG
zl=CC1r6{{P>L1$mChb7opV|`NWWb9MqM)t}?77HB&`JRfStnkNtQ86r!O@6FgoknX
zdO-IG*^M{f&J+ip<0Pwc2KJ~VhSNtV?lqa7hWAV<s&ClPn5o72p!0Yc?nkP<#C}f0
zdV)=u-}V?S@W!_zqX~k$HljPp?c^;!w7vmd2N!+D{6<J<dnu9c3PR+vNoHkNb`Dz>
zZAQsAqWR$!9Iw4Bazwj#?iHrLr8}9vC}=EpRdijhxKPKuea$8h1_j4X51vJ&^ZIQt
zzM+)Hl_Xny_@SKRklxZ7Pa9<>V60c$v%n(0z(N928Z@3rWaBduIRQ`(<EfBugwgT`
zP+SJFSS17t7%x+V*t`(}E8ldd@h8M<qRJNgM!|7c6_`t`M9!9?G7`3`$izg)M7|7s
zHA9MwU&UlgeC#ghCZR1yha(8QkS3hD;}l2Azb9wN5NG_{4yw~t;Eqc7^kY4M@k^Z$
z1Yu~FPdp5#%W(ruA};P1Ninf&(XFn@<Rig8^9hO(AFiVkAItL;nW7qR;HhfS?JPzG
z@VGvk94k7qlQMIuY~R8J>qXg934(S@O7hq)A4S4}`go@dJ!`BTyYOjQgiq>_Q+88l
zDKM$+Sws3@sr%<rn8|`}Prnmq$ZRF(vj<i=Jodw^!bezk(BqHf<v~jNcTMsApK$E+
zRJZa}obyaqjQ@Qp<gswhQx)9-;R)7HC5^nFe#(x=K<uOEb9Vmu)E%+6=(lk!Oc{n}
zfKBkzu|+05!Z!cc{>Q}f&-rPRB_|OXBvN(LhfoWt{wRc=yB^{uZ&O}j+~bPIcK&wq
z(H1n0z)%f;V;6e#u8S;_e=65f9v;I^VqO4?hPvk?^MaHH6<lPuJWxKYu7#F?5a*?L
z(T|liDe;L87)}nL{X7ej|3gNBy+!BM&boJS`-T>sjP)QfDKZ(c0ytr|c43T{r1okD
z67_~vtLk^iXR=~cOpkKB!5-Tz^Z@Ez{3_4uX;;(xE-=+gxSM3Wpa+m8k3_Rb0X0cK
zNfT7Vd9ID2yG)bfs%NnIKhaLn`JIG;Q341)2p-8-soI+)1@zbb89h;Ds-Fl!_HF3%
z+}$l_!7|Upe@7m(U=;&;mpBz3%%dV!fG(8^1Q}D_@LBCe_UyM%hzMR)sqe?gZ@^-a
zOtMS9EHKQdIJi*X1c^CDT~NS*924S_Lt_%BO08mKDJ~KZ(hXT}KgPsP4Q^ROr)CY7
z2a)`sF6Z|VJ1Du0Pc3{^8Lao+-+%F{(8$-^l8mkr_`O4~mOOM(L-~5c2QPjITQ5pd
zIO&DL_Sh1xb)3wnn{nQ^l~A!Wg+&TBi<AH-mUc>W0?Jv(rB|k7A}a^B65eISf}8Jy
ztq&^;Sio%1I@R)^R3th~)g!fDCvl;KJV-v?@(@^*gqX8MD__iuhpacT4T#rPg(kNv
zJ%x0ak>!5!+@NSu1z0S>zvuoTJro6(nK-g8^>VlFa{qvo(8aLoJfYp?Bv-SlKu{gh
z1L7$0(0VU594cNemp*FjbXHX4F4b35xefhs$lql%(WH0uF`>IEk<FaO0}qtb@AV$l
zlC-p#QymFvSO~HmIT_OG?xka@S<)^2uu|o&%#~Z!zD}3il#7WnfhdR5wfvYE(h`oP
zacVTHlv~BWDz|`pX;G>;QY{<A3mqk%a*9BB>$1|m;z>@sbj(=mvUFZWXzeDa&1#Uu
z!p@Bcm#|zc=%1_<QrU2OA-c$xajS_JH10}1h?iGdGzJ&Ss9zj;E1}D3cx$rG#v?I{
zS=(lJ^%okD463A<NVmZ)Ze*5tad+=t%Ox$ybRm20N<Q#4WhZ!n0J$O5ER+(==Pe{c
zxx$xBD@!)ojRJ}i!D2M)yNOf%l!B~k*0+X3TOR+J3kiB*LaLmk*S4;NIdrwF{AlH8
zH_Xxq;*P}E$y0R>twz|n<ugXtMH4-7k^Qo6W5kUw5N{Ne145!6qt`xr-b4ZHV~UPa
z?W5OfO;V{r_R$Gz9myzK6TU)6>t5n?PckPi1af2oF-@xvVgnw$@fbQ}d;y;Q-ed(>
zpaAH+fERd2G!CCVcT-T5sd^uilD9$+Wgk;nnD*Ob0SDz3pPFPaRgQ+~2t{i0(!O*?
zgl}AmjAMyQY07yvJI9l>r<3^|jOBcom~~*g;0K=b56H>!Oh#Qsdi2Y0wbFf0;=q@^
zrk=DP8bZquoxLy~;H;GA)lAGSlX6+G(7I@`-Z=;f6XKJpm?_Fc_yWNO1L7y9AMe3K
zQs+bIjit)>3AIw9XMQk5zVZ2~@iN|>(p7y-(^xd}eITjGjG@6RVm8dDZ0fTgTloT5
z^Q-TdJ+Qq=>1gA89Pa77QQAI=ZYNW72c$r2gDa18gs<llZO@rU2zWrM(iw7%%FV<H
z8r%(xoG+E-L<C+1xjPl?33kWF6;tF@ftpwIu~zjk0C`M&c)X@zrwFMB?jd#KLwBMB
zjCMRog|P}k?0{crkj%gB&a->S)YZ@(gcxL@M!9(!8WX*4pCCA7@e!i;?w5UnGnofm
zJH$QYK&2VKbE9$fy*&G0_%#D)2Dpb@EI}Cu1fZaQ3!&qp{Z#v?$`RTzyFPV$!lY;D
zDZ+559iCY`lr?4c3@P2stzE2<zSXmL&^?6pN=wUf^RoWUI3*uHyFY{6MBRjF`P*+q
z3cA!=loVqi1(gH&^!-9Ys?9fcDlu8hz*EWN3J#OKJHGkqu{~4hde#kSP!eJ0VaizH
zkD0vT;N~U{muce0$9L|h^82vW6@l;^1FFqy4_byTCXL!OW7y1}7v%R%g+BI)pNH%+
z&3cTP23fj-kcIW1j2d!>QQCulZ4zF8J+^kpX=YBJ7<?QG%vjq$FwdA6Jd-BqYOSi{
z5YCW~bnj%bCuK=LqQo{~MFz-A<{tKcJXftfHv7%yIX%S$!ZyKJ)t0^|a#m;x4UPK3
z>MR8jKZ89F+<-`)!De*NX$)`*u5bcg-|d=wQ3D0@(kzMZ7k)cJ(#<yG$ck4$Wsgg?
zv$(Doz=GasjuW+SJv`+bBuri~uy1`67gLg{`TONP`((J29}d85n`E?0^3cQplF%--
zkzF65+Lc6J&>2Q1+a;1vGyALLT;Tr0@PL*+>=%bsdrCV;I4HxddU8<oh^9L&VPbC1
z04*mav(K~mk)Ike#-uFfFwa<rEf~nFM=)WVCYP|7h07IMz%twk4+ri1fr7&pvZ<!|
z>XCrTv6F3}|371R`Q5@^GYA);@t=HI*%ldf1@YI>2yTfmVi8+qOh_UA9m9|6vGFU=
z=s_P`LGEJR^5-t7jq($Pu*byBL0_n${Jw)hUk-g;)8$(R{yspfAQXv94sjm;1VM+U
zhYvxg<T^2ttA}^0;p4x#hM`;$wY*d88S#KB!oi^V)M(-F76|x+MKNoGKj;dMpzSlW
zF3{*SWOZ;Ow4-VJF0qE&bnC8uLZ{_#1YW5Xz1SQl2l+Q))!*<U-NwgulBuN@#-RQg
zT9)H_pav=8ddDY`06!<M$WbZ&l^8~WTbZ;EdLZZ*q3;y-g*||_-yPvwx5*vaubciM
zzmrBy>L1e-aD0Y9@8(KH>d2hC3b3L_myyRZqZ#NYPe9LRqvn-)X$QmfH+{dO1Uru(
zS(oohJ0SH`rERrZiaruw!`no6li_vFZ!(yszpYwzCI3SFvgE2kt@roa0U8Lc&+x`G
zMyHQ%RyDX>IT^9XA|mZHTK*YyPO?MV_@R&Z9ihkFRLTeB&8vC=N*a4|&wVaM+4SH7
z@27oS2d6ro$m}HvzuXnj)UT;he1>|Ey2?lrTmM)2J+WU}PswbFPg9Zvi4_<b=;Q@7
zi)|CI3KrxYWJbGw&A(<IMF0iyp8ZGH6-l2=ZJ{k5>~{V3ZO}GDSpy+<ZTv<r@Vkaj
zs_V(~r?)e2WT{QIZeil@k1f6w>CP+Fv7|v;yv2!Jj0X}AIA}9CRbpFA%RoLi{r(ny
zhX3qq<TuQxH!rB3+(h;0s5DtOxNKNYf!BrGx6_G~n@%-o;K4y=DfxELMbo%NvZ{Kx
zo@()ZT(ML3END=K3X51Hooqk4FAUd<K_)Ip63AX>c7jM$ay1=9z0Eu2*!h>nT{WZ{
zUUVNsy~zmR9IGpY9fg*>Flz1^)<i|T#X8DKvq&_~9)H@WxW&;$4+Rv3Uv1_eP><<y
z`f~Yy&ifgE()I9E|2g*VS?vqS69l4ea;5~?p-KX0EDf#{fYYSz4h-wbD$Bq^e+Tpc
zYBf-U#&`>y2OY%(v^E3Iltd>AGdz1WP!sE(pac3AF&Sq0R!kq4>>JP?fVz*5a<~N^
z%Dj)Mn9t+;rCQ)Obb#*|o}@SANo0HpjVhCBfoi3PRMyjr6V~Cr%zU&}*t|VNAjM1+
zm(Yo|fB3|OiCw}ZnY85afwEqLM$Sw<W21G*jEr2LlE$}Rg68@j+Sv)0D5*Oh`g(<X
zOsPt(A!~6toKzU_S%8UM{cE)R=H;}6ImAQHj6FU+ZUs55<*#%b)fOIphMlFpTBnh&
z*(-6qqAq@4n%Gachfgbr(Jih6@I^?KdN;=lhRKvaDV!io;^9G#pkxI<y*ENIJpuEO
zia)v(N@Tvk&`uhIfmwJ#_%M8w=a)1ySzx-UjO-iX$67ey$rlVW)M4y<9+&q_TeCq8
zBGZU3!NKycu@YTn2k2mxgKg;c2N)**XNd`iAY12Y7KX<PwHrPhqiHmgX$J;=8P>rh
zoDlu^uYa(o(SNxl%pLORcGS%U@fgqbh9w95k>qlmu0_`j@6j;KW?o3{Y}Uznuj|(^
zhp+3G3th|C4NZg&co_RFD)FJazc60wgan|6UvTKpFxa`hC)K^J+uT^!a&3MjAg=+0
zRD<~RYiRveZQQ_F)u5##=tW^>GrAfgT_O%iHTgCd4c)~S5wMt>Q>D<gbd*{RXxFbK
z<tBmdf2atG_V;Vyha&B`w&uFtzsg0$B~*hJ{~N}ZMWyCnJ>JwqJpxDrJes}DE2(7U
z1nd?cc<^$n*9OBY#Vjk)71EAn*3)!I(R{wmA?m(ZRQ{fEy*H_3O`=b9EN)pknuG3z
z6Bn_Yl+-9)x4RwCK$Oj$Lnj_NUoS&oe!Sg0np!*xnc4OJxtYvG&oA2SZCMFr^Unkr
z+TlvFQ)5-&WTynq9Q_eT>Vvu#xIM2f9>rG2t$cc^GluR4ac%Y{hNebr_1ZtFf#1Xr
ziLO?lk7#0bgL)?{GQ>dhSB;*R9$~lfQ5X}p9_n9^<Ns|=K$kTA%e=K%Ic=9R8no2(
z&J{GwQA5*HF?aR|Zs{l`SPMm!=RcBDG&MLG%Tebg4=H##`wRCEI`828fOdZjI3cf_
zM0af?C%0cZ6hG~Ce@V>01dA1|HrwNC|0b0y(@s`0TaEFEXk`4`pKKQ`T2*q_`(8^H
z+_r3rRo3JbPMrk)jZ1k7!urc^d#Ns(=+<RKZmr2q5#+*QK=HGNNQd&YLS$G}n^4<X
zviftKX}H~38MBBL4k~mLeqH+-LE$CJz>@HC;Fl{OWS6UNzRy7E6A{!+_eT+}TExYS
zcfav;mOsEe*`uah$MGb&LPyXO&JfXEhLsl|qzuNe<6$imj-FhiRBhg@(31d%z0TcG
zSqLOY$mkp4&lZ-ridb<_o(C!u->6U!c~1b=S|2Kyb3>06xnV%C2U)Skb%e7$9ECE4
zjSbeAfKrG2e4y$Do_>W2XZi6by<MV=kt&k<0`H^Bsaak`BwhrBd?iW71W9r|C8k(w
zt1b9no&k|~Na`}g%eq^E>QR`NQN+AKEwuaycrU?>p&TNm7$dmft$-(rj_*jB|K%58
z^vp4(Z>e)4BY%O+1GwcVbyXAP?)b+kpkzw}xoJ3NIM%5fndeq5%PKI}V1Js%)gN=a
z0{o@|<~I;J-q$j%!_KNY>i1BhMw#O0UCH=Cy)yWreZylr5KU1t@Yle1I4<>|fIXgK
zmmJvf>c*>;?{~+4-2%@241=~F)<o9;z`^%c+v4h!$%n9^x~(#Cz9Iug8fc~;07lYC
zz@)(_9%a$rD#h#KjOOxsJd4xY?-x-%=Nd1dR)$49%<5fS_esPEK)>D5qUk~}vn7Z$
z@NjFqMIAlEiNDpRoSqdER2@jtlnvrz+rKLg5Y6nDSS6~6cTgECtL$c4*%S@g6Gl@2
zk0NE>u`d)_gB{6#`*M6CFbZwu&-Hb3D>mTUJhnJ<KU^T+y+~1nZk)JUROU-D>Eiz$
z7{-zAVYi2goCvV|w?jZtv8DWOUFTc5AJvS*1U!mHack(;f?ODbuQ7h3524kECH9`i
zh)A)AU+6xss9`lP5+>XE8WJs3Z;`^BQ#&=wEbSuQ#_#~`l<62dM8$-*H~z#8N)(36
z6j2?T!~O6|Mrv&rN~IR%S&v3n&%L}-rt?`66v5W?9pL${W}GEO8h;)3hWZ9gk$74X
zYyXyTzS9Um@^te%l#I7JZq=qgmoV<7o3BGNx8+SGGB{w2U@7Qv-bBL$Hfid@kQFzX
zP0)#N_*~4{)JimEifJPOgE&F@uMdFsJ&C8>1d*)Kii{HE%s^gr-gbA6B(BcrDyvja
z=L5r_8~4ZUsgqRLp&Nb^{R)?-1a_zc0DPpq$aL*1_izC)E-8Up3c_X|EHl4xWca<d
z1$mw1TK3aQjq^bJeK7Ua+rjRGXNqsDm`;^Hd8PuV`4yLGiT2TC-=imUYE=V=hVf6{
zOg>*oC)A~g3}SsKT-&U-k@*^*L589b3Y`rwJqgowV_W|N0^-o`qwKX@VcC{`H(8~t
z>cs9O3Cmu4jf-ien)k3;<HN7jLMy_Gvd^n;hfUwj8pVaLlG7Tcpg6B8a+d1*%IFtv
zlk9RCRZL=3h#Tw@xnpJi@~)><o-(oc1iFl~p+}Q%q-R)%J~8*py{Dyf10#F%iW(aJ
z6}AXup0pe6WG*P?SR=I+?9^cjm@t2<I*If*)Mg&K<S*(Z0c#Tei+ZFGuJx#cPiBA%
zuGJgJTs9{#FIj-~j`9}%>Ahw;a<olqK2C6m-YsaNOoK4&y=I3Z{_GK{E^-NqP3k4m
z#~LQ=uY(aC)c$<O(g~IO^!T$3+l0Y-x1D-Ql^%BHy3A$j0~~Oz4SE;((9{wOPc_h2
zs*I6Ca-MtI4c39KDhxtz=1k|T`sz?oQwQ|MX(XQ;rtVENvEkc#&quSQUtuCz1`>iS
zxj|eRj1!P(!vp=!z+vJ+RIhj2LBMx4gpQ0|>J7PUyT9&s#I);S37r&Qz2x0p%__})
zhU-&8TR|3x4yGX|<ELEX5x}=-O}kw@nL=$z2+_Lo{GRIDVV8AMwluK|mJi2lWHIf#
zYnFN{6LsJ*US@hrEm0bhv=j~|3XV9r5yCGCwOY`(5A>EgDie)G+14_AGfB>2)MgMT
z8NOaD_Dv|wA1%Y^-||fKmIf*{jBuSNmEi6)8fDxg=qgPRi-biG3pF*0u{9R5i#2q0
z2p$^#W0$OG72@phN&D=w-qg^#zv--HMRz06B}MM-eP&Tu=w5QxhspuvmLi5j--J1j
z&BHZ{%>j8`Cqq_$-6#&(8@^Lr9#f|zjDl>{AskZ=`#xWx?x4I>vg`2=#vzPk9Og`z
zN{r+gnME6H@HjSh@1}IECOJ))ar$df=#tMwXib|d0iz-$zT#mM_mD~1cw?{CLDn%4
zo}tseRWwZo!Hs}1FMe7ihCdyc_MEe|*qC>d#!Yd4)yFY3K>%wned)q_;h)9lMhox$
z18D`ZKV-fe?5ts2YU4cxIZJI!rXWf!-*$7FO=}~_XR8IpN{#m=YcDNSTM%1}MauIc
zVX|SGQ&r2cHiQr=@y8@(fp%Sj`Ln(7`k3uHgqaNJL`_SW@hP)E!6+}l_V;dhy=GN!
zrfehrvIoh$+E@JyP%1Tl)kgur@OrQuRPYFT*Cl}h4AjFx0l4|0K)rQ))c{-={i)gF
zH;Jt{F_nDy!7RKj(1%<Q95UXy%EdFUAJW^t1>Ur`uB5zrNNe>iIO$+Lq|S{E71n!G
zb0><S7SFU`r@0N4i-Z1F46~IGxt^9V7Yfh8EfpgyXJ{~DS}-mCMCki%EWLMOxltpe
zWZTF^F7){$70@VZHlSSY^!Yz*nc)c6dx`@Afn)z-t<xZblD==K1R@Cj@9|#jY~4^u
z*TJQ|wQHOx-k6Scp&0T+Ona;LXH)bduD`hZucO>rPw|^t5@t9|;Q+<7;L??e&<zv-
zGyEcB2KvX~Rj8>yA*i!J{ihC6i~Q|n`+*1eaKeL@GnWxU<JM<X*A!<3KI|%E1b$gJ
zj)@rE^q@>}i~K@0p6%!07ij3#QwW$v7}jrg%OabwmKBzC!IfjegNZ{ac`Alu8`mOV
zk$EMCW79d5@PKY^oVRO(6}CxM0?J~?F{Nyi9u%jt8gq>T;85Z~9w+DMgrMG(XV?#9
zTmm?zq@a+7j_E;<Nz;9>!oMVNA^WdNTB(985Wwf|@A{mFeP^_$We)d!McWn1)c1Ur
zpe^Tc(?aFGLXEQsf;((twBLH^<^o%bvukxH`k6%qwGjNV^8_l=QTXqF-o%Rm4efs9
zzOO95ijlaL4tF<X)%|+K`x(pGj_<Qr%?HA0*a_-h`_vD7_RpA=E@AHE=1wg19^%iO
zw;y(k!uYG&0*&u*vp$Ep;d{K838tN$unemS{qpY<5A?kuyXCidwIhpP0@ac0NUt`_
zzzI1G)La^!!>m_rqZSyh_>_r%;VJ~wNNN9c`syWn^eL9f_^frqhp0kfM!~E*h-I_?
zNls#q-);1eWId7f{6{>wnJUq3M)S5=>1O1Z07CrcZtm3A=4gQero^TK=!Z5{xHW*C
zwiozY6nRvEz~eOjZAt9|=BPV(-uL2ry3{AdmTT<E#yaSxD?9d4fwNg;L9UVyUC68(
z@|RjS0X@dp8;LCv0RuA*Z)3PuzWzZ0WW6bL`+g8G*nn(=#bsh^jNJ{?AoN~@V~w<X
zD~R>|VAAvcQ{Z%o?u}(TgyzkWXEqNU0XIw->91|5^j+4Qo+Dno-(>rJ4AX>;ZQI!`
ztNws&r)=!sqo0DQn2Z%xDzo6E7Pqonc!UuZS_b**WnC3e6ICYp90&de=E2hHLH;Fl
z5$Cei{7iC>dz`IBEr_V#ImpN6`zc@|h$`&-`X!s7lSX*In-Gei!H^5vwPmWXq6>{?
z?_ab`aH%WQ35516Ee}=-RsGjwB!%=nAL0b>M5O+387ZjpZNM}CKvF+DxlE?Gg5N-y
zcbv~V&yaWIn>^G#BK_p?K$vl)OF~faIM%5e-ydyfvhp}W#kPT%QhiE3mCQ@vhY~UC
z^?F*>$UEI{gSmF@>n`RbJ`H?&3%Hx8LQ8rz$5D<@vi-UXweR5nqU){0qWYr7UulMB
z$f3I%6p$`yNeMwZL^`CKp}Rr4MUX~Dq+{rAq)R$PLh>H`zQ6am@!Y>=&ps>mo-?!0
zoV7lCom>^h#pIDApQ;!cHPnfBW4Y|>5bwGLzp+%OXt9OLwqM@8i^=6spDL)q;egeZ
zm~I#UrG@KlF8k(uvQ5cG?g0_C*uqjRbJou*LkM6^wd-E}pU5>}iOT1nCFjEdLttWD
znMhM_9~=`-MUky-K>L|~Ww<ZlrJqG!o)73{D_HC_RKVDOQ-T~<P`Afa;0|@OWqUu_
zQM*L10^Oy5{BC%u45w))OIBGbAJKa)NfOY>>u&my!wwBH)McqCqF=YaCBkQQ(FrB^
zIk2c_>Kyur9RufA34YrqNBgl&@&C|cCvTNoO6`A`_|sGQLd_VDzqxdXfWM_8`)~85
zWpk)iTAa*Bt!yZn&A^h>Bdf^&lygj^_I$Xc<kN11`sgWEcAA6dcA)F*ZnjvqR6oD~
zSb@<Kf?eg}2m5UQ?4#;41u$1E#E1WIYFV-ZOsR7fgT(2ynfH&qSsse51R{y!$3J5$
z5xV+7{`r=r_LO=AT+UCy!v>zE96-!8f4PZTk6;COo%#>@=}HG6p8utK01D`M4{a9e
zLGeEGxzR~Kzze-C_cZbA?UVF*f{3Q>{)31<fT@@WR-E&fhX5;M02|aa3ZOvF6z|^+
zIOXTeG5!kXk-hgrZwP7L4$0$~z%gJXXq^P|z1|1XRtrn$uxeG$vz_Y8*|kywV1FcZ
zJLMg`%t!A8t7wvacI7Rj&N$V7m`|TtmP%pkh1iw>%_5DO=W8<CZ=aOzRKK^YdJb8)
zO`3;TcP+@EiJJO(*zc!0TMw(WIyqm&dEFq+l!T9o%bNA(oj$L+J?v)qJrWEo8Fvfe
zpk4lW?)iXA-s*Mnb0Da0O`XR57Z5OW@)=}U_S;Ex#?12@uJ}GCy22Z9X^N<&hMnh^
z(KEf&Wlc?28!uW2)FOh=8@Gnz{ccoN*h`=*dlw=!w%7~c#Z&#)&uIIo0LtP()k8vJ
zqP38PfO;GgArdAUr+YxdC5SNG!#tjGEgP(#T8!6k`;Zb@y^@Z1)~RcchHLzTYvW}I
z^>7ucL@X2+&*k7O`7X<5mqwtP2x8J1!-ljvNhiTtUEhxy8|0{;$jOR0MD*7faveCG
z2)Yi8yIfmEa;5FdoVTA;qhCdmWoi!nm;l~-A}u6pR9N}MxMn+3MzpVASI{I;CYtCl
zvJN&i{ch(wnehXi87)f-duk<eZ@eJ*fqi3B>=QUHd&ltjkJCWXW}n(L%Tet76i=5&
zBwI%h9{lq5`#dms=jtk2sE?YJTALUTiOZ+RWz>6tIx$I$J5G*}6q>n6cRfhe=hVN>
zjlYFd<xWH^hZi*1b(Jxs&UGGiOIw?{XcsG#Sx^TCZ|S)BYYocsUe%#R#I!@L<A7mL
z;IIRZ&o@78`+tgB@zTqzFVd+>BSdiA4zQfBa7FJldMC{%{{i^uhkG3Erht80iIHhF
z7@EOdl^%K!QnHyrmDSHW$7SWGIY%{omSyFsS&VYS-YbKTgO$3O&xr#tN@yxB=-!Ie
z8WiQd`l6f2^X(uR*sLlmQHiDgm7^h6bIbh`#_9qNyO#T>x8L<OhrjPe-BrhUr!JVS
zmnHOqKfaTzn(uZnWR6j(rqietQ)~~PjdTWFpG*%97nkX{m(nq{cK>UNC(+SK0t2_6
z+`Ki;{9{yQ%_N3tKZb~D!A)UTX7NM)(%1>zo?FxtJorFl``#zjiRCuN1L*lLl=A*o
z{W4i`EV%r@oQ(9H!oF-0PyLeqd!O~rWcABxJ(-^sP??2*PTGdnEor(L>lW$vKD7;D
z-$;VaT<c%dZDA3_t7zdp1a7v{*nx*%!_IR}Ns8zKI(v$-<>Q%Cjr^L!K0?xSP3fix
z?CiXsqU>e5S*Wi~Ux-G?Iv2fM<w1c9<+3ClK{KV_ZEo`fP=z`i=EVq8Y&>U>MIqRi
zdQTiz(~ay+>W_`+z@P&4R>$UwL1uCDMCqdL^nJt*(PYh|3yS4_uaD1PU<A?O!?7FW
zz2IXS!-^hcMt<@q`x#Bjdq)U#LDPmSyE&TSn@%f<8;YSlP@I7SFGoAG?SF+&P)7BN
zl5WvsXFLRNWh~+bz$f7ILKi?PB2o*t!3(#PzSwDk;BEx|i)d32eD7<fp>V<t(_|<p
zJ<*$PVAXjY?5eaj^CCkzp}|LMUSo3_NnZN>4P+`&#7$w+(s?OTdF6NT5a+s!>=QeI
zLxh!Qte)OW;oWE}f=x<HvaGEtBIhn_y8p&B;9C-1glx5Y+<fxs#9U5;cY<|XUuT1N
z$4*0pbh_8Y>&O75$cs4V@W_kGG9t590HH8z)v6PwfXG2itXc^se`Wom?`d~aip$QP
z_U0)Rwi2W9Da^;}Vnvl98^NGwniSf-v{5H~E4*7myDQtJqQX4?`4E_B;%yb8JZft&
z?94>3SJXFDy@>VjD?0HA8n|cLH1TzT)%L~sH0_Q892{2dT5QEy2<+)(1>IX^uEk78
zNWC$*w*WYb8gqc7@EOXups|~isw_+JyzuNaYw)J<VU%Vnn(F85(kYum$`<uhxHDVt
z4q*fFXX^T9gfgVE+R_yZPQQ9H;ll7$)SNB&f}ks}%!2{T2a`vZmziPi2xnEJQ4L=8
zox;r<ug7BZp<w*i4BZjEDYou&#~rI53`uOC`8HLZyDHv)+B*k8is#4tM=t2)@4mA}
z4Y98fM&Ef#i{R3Z4S}Qg=$^LfrjQhjZAy-TxTvr6`_CC9mEk?UCbUKwVkZDVfgz}C
zIm)u-MH6&(hzS4`gHw|xu8dP5HEx9Ol>5(V8YoqW+e{dy*!5Hz@REN?$s-U<acA7n
zz+aUzgXyP2a1~#MSrYTL0%VI9-QQs5Bk|+BRsrkyAf=)Lrp-axyshp4t0{KT2C|$L
z4bF(yCxm!8RLJ`-cHX}@w-Ao0%)YAaSeaJwW?#R%>MZs65LraT7%69-4CIandwG|j
z+t}<}Kqb|U$O<cStE6O@rZEqv-}B>?nwbSk{HDQoNMHLxad1B%4wtUhgpO$r6wfHZ
zuQ5mm20v1JC9(R$wJ{7B6olhNM6Fac`qjR;7As?5EJ_&H)SnN04wvhu#7$ii*!&xu
z$cSUUgpY}P-mmC86vG`J`{Ol`3coe;3*XAw+-cqTN|~atqgo#c-J=|LNA)MC|DM28
z3vw0a7_S79!x0&7|0g;87RP+LJ|lyzHVt0sX3Ri_pp~Ztj*ct`#|8aG`H_*)mCuaN
z)xL&Dp!M65m-kI!BGpB?Or0UtaEx_CBx{d580nnIRz)T8J-W*J*bw4@$~KTmL(iD-
zXD-O?O(R4UOSCYQu~RJQo_cW__Vp(i6mEYP>}RKFI-cC00J*|5(7fIUQiFiVdQZJd
z%UTiXRBzI-Cv-k32~*3eXN7{f;>k|iOG*WBF73Bsrwv8DULa#*|6MN$G6tx-(AvhJ
z|A^;gwfN{Q)&VwC#-Pl#TtlIjgBfxR#3)B_vS#wgy*gBN#@k=e5yLcbD?+c5R`F1B
zphR%~NW|;9+Q~C|E|(9N2|(H%=94VEqZ8ccfQLk1?b}q3l3wtftVJaASQ?&k>&_3}
zIny7HU=l3X%6A!l1QLWr7aJeWw)!ekndBX>IfRs%#`wTHp9jqc+@f6z{5*OLaXR6j
zJz~(T_tMR$MRZd6E9v;-Dh44siJ-nW+gKI-F`Hjp!rp9=e|xj7QZbkbNPK0pe*0#$
z;Y+qZ1Y&CVX0#?sMd&MAnei(oQr&<0IDnjP>hK%u_0rJw;|z-0t<UN}jx2k<^iAn{
z>2rH*imza7uCHpA1NaVa^^Qh;1>c=Ge~VO8TTD9J%eh+mwq_23%}{KUiPB~CwEx|j
z3OVQDDp%U#QNI3@4gK`H7|XwNH!L=eOE59+45xA!7o4Vrkz>jep8G_*?Ne&KW|}Cn
zZ+aNW2#N20L3hza*U8CkC#q72HpIDm-Da|cdz6D~0xeLTvjqvhG@3@CPTpO>#wRGJ
zN~<^Vu}~5vi;9)yUN6hU*;mk)Mk_l?=1Ja{x|+%Kj1#AwC=gnQ6RD@KsuWs#FvPUY
z!@~J8yAr+}_70VjsC-PcfoFQ-e7oOo#L;Z^e#cyv+Zp{*LU<V*vP;3U{-XF~wd-CX
zd==OLFI$dwGJjt@9ip<<pUZnhzLbvjvC6PTO6KrGUx&M(M1my++KZj>DQDJoGSqKB
zu7fx>g=%=~b8svi=TToI&hx;ry!BnM%%3v#*mlDO%=G$DMl8GG{4yl1E>0Xf*#eIx
zJQIrf3@J6Vx|r^c9s8;n?;U+fbumn+w3;Xg$Vuwc5PENrBsha|QM!QHcycrV0yM>*
z8;U@%qF$2mQ1KK6Z49wsf<P@eM){Nj&q(Z?1CL7Vi~)$9j3Ju#0{yy`xhQO=z;Peo
zIF%R#fsd=R-ekAn^U`|l>3*hl5Z+!SvlN`&llZeN;8_Xq%-0rT9i+Y&X)Fn6^dv@4
z1x}kYW-f|!40A4WwVoKJinMY%w~!|>PkJs4%%B$x2p<5301d#92%y26>j`c#yWmg<
zH4Vjh0DjrT#C~IvmR}t9sDJ(gBo;dBC1HPhl4&-Jsznwq?8HBS4-h>v;xV#vhb4fB
z2Q|@4u}oE_;XCga)I_hufQ%;DPLXsu^Z6JMPl^8m@E8ByaL<p)hgPfp2m=Bt)I>^R
z2g-Ctrs8bKUVM+fy)UVWB8MgTpE^>!`La}ChW}dbzz!C1w&%(_d5+iF@fi3yBl4k|
z@yz*<u)m*4Wv!AS#=v2yH?Xl#WLQ2_U2P{1h^WNhxJ>wJD|E5JvB}W7sahg$o}1by
zgH+(Ms;FAi-)aPgIm^Ds!zjXKwf&i@>wz@>r3mTY5&`9={_>JmljULUffk$W0n$}d
zdC??H+eiGLwcslnL(Nut^J$_#G@>D<_JbNLBr%tP_!(L43LRr5*~HSiB=5&S^&+q5
zcwvLDD6gL3*U!Nx!g;Enene-7Qi^+PhI+sA$2xegu&Ig37Ogvu1K@uycpL<cRbAeU
zQPG$c3JKldG0jei@RcrN{VWdUEdC)sPi^hnKufimp@{u0<2$Zt<k2v?jZs>P9RHXM
z-`?FOX6b|N(mXf$1l2qOJUxcQQ5640A#egrDPHH&R`LfiO)RG>h6_}aen3|Z(03tB
zwYjM4c~LKr!vRSi6ARVDWoj%=fO<u%y!51<t^Y#J>!_hOV{P_y3P)dgdK;37_ukp1
z>9!P;tCx!XB*U{3TfhMBqGkhm4h9CrH}{%Qq55ME3PN_+=&L~4*cP*8GWAFYWb|sI
zwE0(oq8D<721s3%eLe^voc8B5E#7qv0JiiMfoWF60iDMV8%u1s>}w$RydySpR-UL&
z-=QAkOA@PGG3K-S^_b1WjK~W&3nf_30<Y`A)3sDc#L7i12b+0m^H7iB#eZ+CDXjX2
zmrB3#uY;}nRI17Z8Cn3v^51SR?!xTdhrxjOQ^&xCn_*POz-3%w>;Ujb5(;$Lrj3Rf
z*JM%hGcNN!*~-LWCbjOf!^`=}Xt)8G0K@__Kb&Mx@;By=hVjSMo9lArQu6cXP!40%
z=TZ)TkyV3c5OZUC&JDsY>X6+_B+qZuiBDU`VHa%*b{$(_ivh1CHV!X$Vx}c;_b-e|
zMN_$b!dc1L)~3>~?tiS=CRU;sF0*^Cj3GcyYVV>!P{|Yi5Cgdc{{DF!j%Aps-Bv?S
z=JO(ZZtB1LJ*GPEj%Bo~{wRW40}Zn=hX`2jLk#G=;nBN$Hm_C|5H|Ry<pW4OHO7t=
zgf6WO>j8nzDhYG5<{}C6D6zc`aLhe~T=svYOvV7<6L1f@Y<L_5#H$RK@_09ME00p0
ztBF5-W$Z7z+1|kwgPN-Sl7!SJM~)U`m;#1LAy;cTqH5-dV*T4vH6%2LKm}3_?Z^um
zmE0>i7vnp{N`?3K!V-}4y<J9XPxMYIJy6@=Kt{SiOstdI6TyduJK0R(`DYND!Q|o`
z<&aZL6{;i7G<Hi@3$B+{&fvj6rew4V78`Qxk%f7r!443Ej}`Pt2>;;6jIT%ui|lLw
zmwQKNsm?#Zn$1D26OD<HI1d!VzqCNXH^s%oD4m=7lFc)2uBU9`-MZ=0A={+;92Fn$
zQ0fOv-Ia>wXRg3jvi%9^`!|K%Z1qRNk<@zpaY&p~2YWo3r$B@MaDftme|v>@oUb<*
zrxJ*-jYstWc+~t<(DO~6alU}8xMa`?(CE!w#yg8Z;w0GF>$nNC&$o;Oq=Bf)lNuoL
zud$K{1WLYJ0Rq9xl0!XieUd|jK74gdq-bwnMEs9bC$LJK0nr_T!@d9FD&ODd6X`q$
zFe{gn-NFp<ljxpiyR^0AO5S5gOHGrzug~HPlZvm8y!FT(a97pkdso#>P`|SGA7?e7
zF-Rq1n?~{OoKnJHGxFo?a5eK17(%d0^=FPGJ-ziqNw=!!d0+dYC4YPFGH_ivl4>9J
zRkE|@!Q{YOtx+|OaT;sG(1<*a!?0N<iS$P*1V}4CqC)Tk#ulc#aVUCc?w=83r)xIZ
z-<HOqpJho3Zl-DXj@c7p41hk*lP&fH-Ad!o2w4e4eD79{aqlt!{qaWvA6=dJ0xSjQ
zYlWa81%CoY4f?m0&Ir01wj}pA7jsib=O?SDSu(QXPDm(mqFjNw&%9R}$3N~iNt@8!
zC}8-hw#1ZUdJ>{=6JOtQ52PpnOiIc#|3AiFSGl*HrbxoE*MeFE&kOs4|8ICpStkNb
ziZrz~&n{?9#c*r#&S346q1$gd=mIyf9}bG1TZrDDtf<%E;aY}XlewbZ$Da1SOA3pR
zHzPWZb{8O>lW=U{k<+ms)(VaPu_<jrPi%^P<4dV;FZ&p*Y)$vAUi#L)Aq9p5)3p2M
zT|ak+fJ^<eK6&Qs%A`W@+s(6ztM0In0P~53eRE&fORWDvQ>@T#IGyTem<{~uXZmdZ
zKPIUEnRtS10Q5x9kK#qj>i_Z_fL7Vi1+rLR$u9cBe#qChh5b!||AT}WvO0Y8ZUP3u
z4OmE=IrFft0Pq&Hiump@pxP-g2tQyD03Wjk@G+u(S^xiV%Q67B-1+_=xTRC)#N=Ws
zOjFIjhzzzn2k<fG70S(qYU5)DPlV0N!oHxvGEnp5|4Fv=O!YmHEp>zjel;`XdVW+d
z?C!{;M|B)G0W76<M&xN4?`pp9T2KOTjKo>=*OmVTeV)h^GxgUMj|9fRM3SC(BLF7?
zY)}F={ulJo{^tD)m`MIf8{s|OFISG2=a;qrZ$Jj2Z00et$q_NUv{*ZldHU?~e)A%v
z$#F7~<rUkaf;eYwKhxx+%s0mC&q`~e=txotTbNdC4ofr7R68I9-V;w{Gzh$|{vub6
zibIA(9O4jZfItny@HXBZdm5!~l6{zy+GPe**}E>7NSgsN7hTvO4(UL>QV>e&iRG9C
z0>Io!kwGbKCcbE|!WWCV<IDtkx}>^3$aS?3k274`BU)}-Sy~K0L_Wm1Kr7@e*7twG
z3_WkSg`gFA_u`vV%rHOL4M@v2S}ku4Yki+O5>xFlj?u7Hkwx^LgraLkBGYMokAFqn
z@LsDQuj*kU8dEK=7J8B7bm6K^lKViZ4D(J__q+j;&bp6VU7=-auoFOxwK=*d@eHtM
z4gA5lLH0q{bp+$+#;Xwm+E3lQTJnHSiC*2Cn8x4eYI!``wj@<l*q+d`fIe{53Ik#8
z118S;ex70W*&e|XE#Q3g$$9LPI{Ny)#yz0!!Lh!tDs9iViQhFdCjJhvcLf1FHvtns
z33s}fXV(Wje+}urFQT0oa<uz8zK4zTFiA_pD_|Un`W5jJ>tnVM_e7ADT_lVdX(S~-
zV)1d*<*yUj7>D|Xj*KM8bBdHX2_5&Q<9#pM{Kvl?F<*noUH{mF>?otRYByBZ1$Xu*
z9Sc+W975i96xop>>-J)69DXvr$aLydW$Qde##aFr`EK1Q^@4R=@n>AfAz>Q*-I&=F
zzDg+n6|abuNgg<;O}x4sfGOxjXCam<;vWIU2^8OaDEyKbOm4{$mcOggjx$Aw^&zA*
zQE#kYCDD1aTrx4AvZ8sd4?=<?T73V~H&DE?Y|Qf<AXPriBe#R>5Mr%(s^^F4!Eq=F
zH7%QPC7bV)X;i%Fo4f49&fW8r_?w!bo!xt$F)bvUL$&!PibF2<Guj;LAk6hUl<<U6
z0&x-vX(4OhzX_wRijUob78KGi#~2d}SfJ-3X$hlD6LA(_@fQ0S$i(G<eT1MR{yBHr
zZ2mSsns497c8{)@H^I^`i{kpcWCCf6`4@N50jswOqn-QnUmXrJxlQ)FK6Lz7m4Y|v
z^1{B?j?fq%7Dx+Mg+JA$ko}khR5yk18nQgqrLa+$WKQDtoRlWk>u%brEI@|mAdAT7
zwlH|(^5CkMy?LLF7&|2(^`&>`eG?NYMO~W`EVtF{-J(zUGx4&?35>gedgPJ&pA6wi
zyHk7IU}e3jfu!fKoAbG;x6TAy{jwg@7X5FUp4l7M$bR2==AcHx%o}|j7a^b87KDn0
zeeirj$gxIwMi=DEe506<%sr2g`*%H&#*{TEj`8iQR(g{Our@JU{ci2JwvhP~mr@`p
zl;jSoFG*57xQs~*Iqtl|_0}2wp)YtdT^3W(eJTs`U>K&XZI$`W1wiyxG>HN+nVA5b
zg4iaIULhSF53T679{5+E;u2?~bZY}!S-9hs2UaK?Y-@QiiC3ps=-dM2coNm$v#pI=
zLvGdIA2b{8)&sv~>3Uy97J=mcXEthk30|w>fAqUV!lZvR;rd-hF%o{lP!VGflh%s-
z==fVZg`!|Q7^p|_PBMT~gUxx%V9qHiMx<K1M1w;p687Uoum?x#00XulM%!9s{q3MD
z$8gV9V9sqa0IC#ys<Is@{!}F&A?j`YJ8RD6_k*AvBi;aVc&8ftcbwPM;36Nbcg(!O
zMtc3|PVeD)O69yp(%B9h=Bi^7mqQ#M2HLDsANjYs$l?uY7N9bRtXiYtcz!}{icA<$
z!zpi!#gZrc<cf2cc(`GUDSLRB_^+f_PxOi+muwck53uD`X}-uB0mqTD^m&DXoqFoD
znampf0PHtb<(Z)~!Vg|9{{q2VL?%ZH{$f^@XGtuupKD*`zM1nLfLz<`)x=YXL=wPP
zTe=gJlq(H-YdpbQv<w3<=PMjrxxu&TCfh>1-hDa_i8Onw%;sM5+l}A1q;HO)-zkCv
zZ1m&t3%5A0X1bDo<HH!YNGQ@$;(Iu0`Eis7-`s<LWB$)8<xtWj!`mCO^c1FvvvxRR
ziK2z#_b<lMR)BoPUq%bKvts1G;w@o}jElQ^(*B+Pijd0JL<NI3y~Vx5A7Z;7zVK-m
zvQ3xO$>!EIBu1ljM=C4P{q<Ae%G}s}Dhn*NxXgJ)bF`lBQ(^zavuy4=_cnTihFWKM
zSn5)32Wq}1Q4xPqb7-z4V{~d(WKg-;sJ_kaK~Z`PmRb8V^O2vJ8H7J59IC>5BT8Sw
z43l2_Bfo)IV$FeH@K4_9CYU~mUj2sT5UGsY3U5~9`T9E0dSICWZV19U_A1iNNy9`|
zYLH(Gf>4ykp1Rby4D<iQJg0k(JA_H`Gfr|3NI+yeq(&i@w3}mQKNN!z%eaNsMG;GY
zw1QJ}CbTRF6ptr#U!KXO?hWTeer<fp`x~F-9up^M$`8oA#^HxG^4{^JIaAESPrLQH
z#IS6O{+a^Ol*(8DJoz6og^Ur$mTjU+1z3V8XJ1_aVw`~3ttrPket0AAl2Dq-f7)<U
zy>p$usE$1TMbOVry?HfXh3`NHzF||sYV)&)>rnd<%GdL=hEI(>poe2qR#(W>U=xSg
zj*B{@R_+W=#o0kZksz2Vs){jYmQM9E!HmzLKRY;;x~Z26h(<Y-g8GiiQ9ASFMUEq`
zrQ@h7@2BnNEZH4NwT)`46168!Rkkp9Jo;x7w}W3bqsNc18r!u|(N>fv)ramSzCdd?
z`6g>gf|NXtuxLa6QhEq>Cbim2g%n?$E&l<c3p{)w-;iVsZ7VJ?sKZNHm^ZJZmJ^Ad
zL&2za@fBk~Ban-p-LCOZRhcnQQHH(V|MfB3@Mza`UX-fd&t&<H!tx79sFAq&oTpPZ
zR0eA`U%L?dgYIe|7^r~FyI1)l99lh{e>@&Yw^A;3G#<E8^ZYX<nR-{b)N&h&*XNQ1
z)RNw<1N<=567Mb46lXhiwh7ddF()M8jv2KVd0~+P+@=|_SRf_WVixjtN-$s7?ptOX
z0weHlu>b)D3x0<Efn+t1FYcdDzESLbE@#zZ@H>RFUteEu%t=D}p5q6Meo1BTpq!Px
z<E${cN@%we1DcE#RYBnYWC_mFE1OXVg(@SjWfUu-@K0)(Hn{bV!Xo4i3C=vqn^C=c
zo0&90)j?n?XVo6#y0^Vio_)_J{Qf>yhXc-1qvj;5uk{GdNb>tWMMzlA{MXHtm@B$L
zIrrrB>9)w0?jh~XzwsopLq-Tss60&93Rgo-2YA<8e3sThdy<Q{9|~f#WDWkbnv=IT
zIZi?PUQ}7zE-6ti&29g@ZW~<qOi)=6ds5N-BF7oieu-fco@Z^C^$_ew9^kUQ=myt)
zzj<|O|8kw^=e3w$mVfUe{ABN^TNnGcGoRZRl&5V~<M69D?*IiE@+KuY`x{CF@&HYc
zy|3|1;~uwAgEK#<aXhAa9)9w(X%FgQ_s`hoIQ;3?k~VbWbLjHjFOFO2&<DUu#u86I
z-ulJ+**A@yp@ahsPM{HIx!TPziFsrj=7*cy&lL{juIo-}*Z-W%|LXSyq|5Fc^5_A^
z$Pah=Ovn+P=MY$G;{cQMCqBp(T5`MY>QT2;KLl1fm=xiu@q<66t2HfK1M5#bmdO0j
zOu$%!H-Cc{9!u-YkGVFwWmc#mL%((J<biq={&7G(ii8-HRWH+RDa2{HzdcE9>!ZfZ
z6yOzvs2c`KZYr`MVUjm3U3xYkOAx1xB%h~|QO#?srSIf~WhL06j6y>@_;l;DV+aT{
zhF%lh9<r5j8ad**^V??e4;W}Q)#};ds*|-@BiH)MYl5gqKZ$lC!$*UNB+Sn)$QOBJ
zJwp7XaX@jUWfm@M_!2WAsHuHA#VS-{-?`QF;DmcWYqu$EuVO4ky>6zJfCtT54s?Ay
zAQ?tA5c2C{F4pacr}n3|x83wSMdALPwK&ZFd#hq%SjPKP#5z(>QC5<l`ge-6!<y5>
z)5ghC=HfQ)FNEB9S!i*+7Z^tRbi&Q=Bgzh2>Qv~s<bc}FHM(h_e#`^ROC$Xs#J@r>
zP|&J5hSEJPGi9@W06giCmnoy+@mgx5@M*KBX{-6=AYafIw9m~sx@n5qBRAS98MrzE
zH0~iEQK~E7wR)(-={+sQz<`}NOP?Nwt&2Y>KGht<(C?;<uom6fs#~}2K^{-bBX1Gz
zN)J0mSPqE}{5Q_oV4X??6}`~_`;f&(>c!*v<?;NdgO{K3176i0@r{C4r_m?J$fPR=
z+g?GnUaPf-3L+@{Dow2T+A49E(u1aeNP}+Yq$ku;1B8TiXHjwEx-k#PZGWanKfDGV
z2+GRUzCDdgIRz#!)D;dm6!WySS4eX6H1#tlFWLdLjyu_hKG3#8&XkPw4XTE|OphXT
zzfl?!QaYmGF$_J1S|=?2Jk|7uYkc^{v%*#qV3xX=S{O|oju}w2`=v<DG71pnH7xl9
zl}}g{wtzWUfvQ;=wT4fNBm*@*I1VZALD0&V<8K1^FV$Pap;RBzp{t!H&yL6lmrLGJ
zD1|>X*2o0%e8Q86e4NWtl6Wk<XnH?Pi(dRp|Jj!FT_aA^TlzqA98g1sjCALh!3w;7
z>xUn_;ro7y{j{fFU((@-9p!)KI>qfv3<}^}!lQ|y>rwmtNa2LW2Qo-TAg=rjCwsfN
z^=st7u1+fYc|+yEB^%<<^S`Tbvfu;@iVwTxhY%a|FwCOw{V>&=xh^b(LfU4=HgIc#
zS0PmqmZD;rKqgiCM5o|S^>x8msp6Oa2Jv~tKjqOrhBkulO#UHtO-b<i-$E8H;HKlD
z@l-m{DdJl3!T6uPy8Qo3yWq<{i{R~WfZ#XvcQVqLVyR;En4M0he~2N14|81@2!)-i
zV6{l2e$k0IjWA=kl)uiD+s-&de&?i?RdI1HO}e!2pIoaHG;@JiwbPNc3W1okoPDD6
z!Jq0-0z}!6c7{Tnr@>PeVFAvm=QNIgsZR*TYwYarvUvCqAxI29zDQHgk&y<?Fs{3O
zHkiwQ&&lU7OhEh!9S?gV>00rRbR?}?%x|QuI6kozx0GdI-amN<wR1{~d|RT-(En;Y
zH1R^&`ue&97(Kxr2XY8dizTvq+w~B(F!;d@!(+ARM7##-=OUGOLCS4+93uaE$|98+
zo0o&#M!gdyhRKiihxvofXHHe`the%`G|tju4T=Id?bLe{Jm2LNKZgJA5qbsDcBizA
zgA^AnjTRJUNcFL}4%1L>+f)}O$OE(Y8>ZoUgz)cfUQzI)FD(o9jxiu^Ar@^dg6((m
zodl=~T1+sQz2Cfc=f)4<$s|s@?g;(OOQF^wthNjUCk4q+d>b>QCR3o_DT4!gzvc0U
zaM*{6m)fv1P{gbAm3oR3ag9#4zK**_f`cNUe<Ot-_Ro6c_GpZF{E=J?)m;?I<)kD6
z&ys7f=*{ih@C4o`$fc*Q^b;On<B(ZEyg(mb8AXB_AfCoGWBu$J!3=p0a1o2GR7oiv
zx(x{5Z>1&bfsWf)M*3<^A*2&b9EcaAW`f1qh-Y|A3;1O}An=)Hpd-r}1ROYxw^+OH
z`IM;3njIv#3I2BsG@HZIH(%?t3TEq9k`<K!yb%H3_>XA;ivsl3vY1I&Es(K<MBPFZ
zMR8!mPJci9L~x~S2Zh*^@xv$Yk<aO?HCX=hE^L@kyr$~(<o%yO!;|+jbin)N|9ThY
z=BEP81Ey1&At(G#t-3sdr=c4@4gFg0VDy=E<3x7jGikgCe~lW+I2t$2J1sKl-FXio
z=y>gk$^g8if;SxRCF@p#0da5t4yiQrR{qQ-IvV~<R(aJ?8tIy%@1)X=?l`Pm6Iv$9
z-A7EO81YC$;*L=il4v?M=$W~^kYf~saVmCv9=X5ePBBV(`7Dw(U(G0uXq^PMr|`PW
zf@r0EeKM2m<iv5cC@1YL429Y}ei8Ca%Ch70egy9vZ#k+9ntcn?3E(RY%FiYsd>_f`
zgzNK-I+_-$sKyCRkdC6!ZZ?#%&a*Sj;`C3DZuajU-}uvig72^*%D@{X`+$%ptGENy
z>XS}U3Ks=Ul6;`oX&~F<h|kD!swALb1<nSR5;$U?;y%jjhYa3J%tMQL)pUBN1k2AU
zl2S>Dzfr=mQo$?=U==IhzyDg878HEiO4n2a3V$P?%amx^ovramWxDhP87IlpYY4~(
zA!BS{@qt#v3u2(4$v=po^n`+>O=L<GL@Wp!qe_BBv2Ulij3ucnHaRj5QG!%=7i#KY
zmo%L8#b*<KXQ+@0o+qYB@k5Lawwax22-M6pM5zRep7_OXv3dqgLCc!rY~KiLG~;V^
zn}!*SCE=_}WVTJ1RA`e9CWTuK3JT6k5TOt{SoH@?${N4f`xn)QQ62>(t>}xwjYKrL
z+a*{IG?+pk-{ZH?CstyZloPbMK(pDE!K4yLJp<1$-%-HHBvJWNZB>v669vBe8eTRg
zeuh)Ygh{0mHQVVrgADeJ=6A@=4+)54AJy?COh5D%FgS_CgAugUXuI*ooQ(?uaL~IT
zKb*zQ(M+fMH)vC`F0NvDsc>MRrRa@y0p%|7pK9<K)96WaM(|GKd|T(ocGiV0=9Oki
zkfr8Lb<7@lTJgIN2>NL>SL%SA?f2A(jGO&C)T`3j4J2C;4)^iI89A1hQw$HIn7uBr
zeyvCsi;wtG7S03nmLC)Kq>_rZQNk;^G`WZN3kgTo3)S>>NaBc!^$o!*ycL+?rxP4p
z#`AT}JiSRUr{a8-nqKYP0m7kuF#H6IlHqR=hg*U=-*NV1S<(6=BEkU0H4x5cwM@!f
zLs28#$254xpp(F$H<a<oly#ATFFsX)v{hl$aa{FHMGu<zr_PkD$sTK!)xfGnSeG(q
zB|rUTw=*0!$-a974a8_3b%f-opVc<>Jx%KFEipICM!mgCW-+p5i<h+6y*{fZ?o9B<
z7-TP~tW08!=#5Vx;p{Kp`^>J7555~kpro!hWDw`g`TJQ_ZO}n~#JxI2LCCQ781now
zi)9UTO_+tESe^x<l|nraS2XIOk<35eFiY!HWqtNNUx61v``b+N*HJSx)8&H)#SC_?
z>vUVY?dVy?#T~|-xCJ%_wx?wjCSJ^$n;7_kaeWsv58HZ>ft7v}u1`r4ZJ>#%|AS!1
z9sS$9R3DD>H~;VRQl)Q{DrqL@jGe~W7<Cd@LLq2hHO)|Lf?`5+Sn+*jqwjjYykV33
zs1Qk*!ukz&K#QAj1`x!nNCcsN)ucm-)X8w3W)s#P*P!Xhf1_0VWU6M4tve%c!cUg4
zZdW|qsV60*;JRF;wk*!W*5B2y$%;)ks?>h2jBmT&k?YK7)Ejr^3bsfntgw?Lhx2mK
zX)FJ{{MO~@Z3{hVZ@}Le3JXP(Sh{e1uyDVI;p7|%MN$W_OsD>XCQ^BX-X^3*c!o06
zfVmWs+N@e+z<MR`!FnJP21R4z8Z|`r+V`@?L!Q@90{s}WhQM*q1HGcLL@iSgQ51vU
z2rTTMZqo*ov9r`}1dvi<09;^LD^AXF`!WTk(ukxX>vW+w&(2{1$`HI%1Oh5rP$e>E
z9T>kU0a+&)1(19i)s4GzhGZ1ItDT+sbu7mwtk$`KW;q>vY-&zE;%EWsi;XqE-hFi$
zYHv;uWp7Tw&Y~4(ACu=@Fb{`M1Y0mi*MtHRD0}df(+F~M6wH?x$fSZVfbTrHKHSv&
z+}t0IQ`h}GlF~xn1}wT;+~5Wa)9}IROe{j945pU{VC<kGw44+O&K!^LIH=kQ#&i}k
znl2CkW1>}OTgfGtzoSvqaNzw=?8;Z#!QSy;zy8d1iz25SM9swZ>44%>pOUOftzY1y
z*N)2{YV~$!-M?L>EFcsLzMVU-&TDLbYDG@BYUOzq?G^(U<*%|`^SU(#Nf23YtzjrP
zX&=%Zs%HfOMs`7}EA*5U`?3nUN5*KEz9mef5#rXQoKc8QdCMq|T?a;RC8T}N3fX2v
z#XF4u{K?mpoVK*%AtEgls-MR#u*?yYaO@7!A}ug)->Lzw+NK*;>YW(z2}-3bJ{G>i
zv@bK$6<GROz)>UYII2bGEbHK3L}=p^`iZBhJ2R9!8a*N-6_h&@XyQ9FIKWYX>SLaG
z#2t5v^C*K4jNrKQC?Bm~8gOSLQ14EvDE<HF<4*pkk8{qpLG+6#9C6a?PiQ>;Cx0r&
zmdTbyQ!13<322;G??gzYY?rgq(LP|p%gC8DT}Dka>Vq7GYQIK{QHt|)vXF1WnQo8B
zz9NNGzY_8=P~}Z5QU<-;D8(t#J4szdZ39pG3yCGgABH$Jb1cXijyE_QuMQDE{xh?)
zB+X28Tg{%LibgBTI{pO%4z0x!(OKM+#3UFZFBU1Rd{Kyd_=f?f#dTMaLRx{a2)QV?
z2g%IV`=3L}r#~b>2Le=^dr)X!vFcqVvok|}_sj0H5S#-nEgbxmyup;Im-GdOcDdwo
z*3ab$T?i$r`Qy$FahBZDyg7J7?Q)d~Y1#3evCj>=&<9#ZVWD1CggL*!uM~DJFfY#y
z&8GVWMy@f=v%AsvT3&nhdikqKRJYfRocr8(<(x)6^)GN-=yhQ%h^F&M>(H(9jD^-)
z7zM1m<|?03W&wsGnBBunbB6-^IYzDl`H+8h`n*P^pl(Li6g%G?NmftGuKBER6IrCq
z9z8odspvGIJ=uvoazuPS5wiGoh#)kdh@MOQ+dgI;p9oDi#w1edOtV>Bul>-%OT0+B
z9@GTnrlxQOEZSOYhGE{&VX7`EXdEH}Dxif2zU{-jyiDNPu~wnQV;`WR<Ap+#c)j?#
z5JwJsHIxVGXzvKdMo5rjq?LOxnc698R{I6}o5EYA`K&DU?v)tAfR!f045L%9+AFM(
zHN)!rqwfai9B~Ytd%=7jVACnB43krdH!VfbaxkMSi9$BQH}O&pPN*HxlF5>RiGsfo
zvWILiH?kJPQrwQlGOF2x%Zxnp%yx!ZN6oCn?yU)bX`pls%MVX!CvucuK3#{1o<ED%
z9Dej_^swMHY!-JINjgSmY=An&LJoFzRbY-$u5aKiKR)}UA>+LSzHSBs_1UvZYJ_bG
zAI-%8Ch{4Hq8hO}x*Kc8De#h3pn6Zli%J;$yt9{}?hTU}?3*Wth6Pz;9(^g`G2G@n
zfuKU>Yb5JRtx6n!ae}ZdtDM>#1IHMq+`IZe<+8lioFz4`vzYFqZ^6<E44ott*^R|U
zJC!AbVq()}ID^~S_28WZ>77c(M86*41A>bBH1%mgWkht#;G^i@Dy5%obtu~T3jw=|
z$h4`kV5&}i<qd>L*I8yA@<`2j+<g=uYfcbtad1EvyO6D72NipwlhbTczNAhhuCKtR
z`=~zTWUZ31v1T-89=8vo)1TeQU=km-09pkM1tUi0O_GQ&G7(;eDrK~ru4rpwE~L|?
z6#d;X$JjeTxCAuM0xJ=zuSs)vvg?8SZhd7oQ%XoJbrgN!IBl&fFr;z*IIxI3o@S89
zI)uSJj>ZB740QBeXn^i9vwFA)3H*fo)k`TVa3n6Ic_VY^(IX?M*3kh8+{qD+bs|Q0
z3>r5=bRMNc3JC?qKQSRa$9>rwpb>d8&o3XPV#4HKv3UBlOShz~2=XoFwX<0@@Ar7L
zZ_g>yAiFBIJA^%6v_CMfURJk1Tp4fQ{0(^gq=r;X*y56nOL>Mw{L=a|5645(@y|Lw
z#!|CG%DqM5@?9t&6>%wS?j~2I^Wgh?1Me-Gh_`}P-Liq8kkRpHY9OLpEQfBeU|3)j
zOkLJEjA!PSU!{pCg0#@yy>fa-FXdiZMv>Z2Ms~*WE&`vh_AM*kWd0pP<!T`IMx}PZ
z3oyDL5pPrQ`h*=TUX4595+*!*a5mK>=|}<;Zdyu-K8hOk?Ql#AK`=27ne~|*+8lz8
zGl|jFv6CgSOb99#1{w~DsX)i6Cm!RbJWboq8Fq!R&IZBYE-8vA_P$!z4T|39riv+k
zqpH`?uSC!>ch|^>#<DH)*;MUlM~<WGIb%UNVX8F_)FOIMHylPUTSv7R<4>oZ2PCtI
z>5*o@!+F%0Ayuu{$$#qQoj#HycAVY$E2&Yo#Kqq9j7=A!JG|N>^%h!>oc)P&%-J9>
zt&ny$ER^y7_>o-gRUVFEf*C3qyRDo|S~!l6g=^tB4+<8Vm<iwBnr{dJzRD%#fmW^f
z>h;1l&--i*u43T9Y&j7m@3@w)_+@Bwt5hx{@>KV}92ip3;PuwS-$n*f$9*TRT*Irw
z_Q5VBk>u#|-_)}-+$I+sa+XFQE+zGpv5kv<-Bn*S@~1PzJZS@G#r`criv>_l4+V|?
zJi{Bb$`ZUO$cxWGaU`0AsGggbt9nl`wc#s{5QOCq)~3RXLvj_KEpYcW?^(ovVa1L3
zZ$)D`LKS1(*@Va!VM^~v2L;Rk=&>r~b~F0NBZNF(onPE}l_E})6^RwH8ow|8zJ7b)
zO2MkveGE#10&W`lsJ6k+ig(5-%3q>cqw!8q5v4(z5|3Em3mvC3Y!^GHkLcC4{$=y&
zGY!7B&lS!heI~WnzH%#%@Uc&^I@KY;(I4T1zs5mMQpbh|{B0WN0;OS0&k56DvOTVA
z&f@+xUHwbZbL+vFS0vMKl+dSX+qIa34bguQGZ;Q6{*!_j{j8KAk%SRZttp%*J(-;^
zO|Ztq1=oS1S{2m&^==_<2HT8hOol=UwtwlHXhUeWt~JHAblv7`y57e^H1`8a%QgeE
zk>2=%VAvr-fTP(Zqti}>mWVEI-9@B4_hW5g(Vs56PNcIU@nT0#tW(6P%f!KXV|KYj
z$B@p<Z5}R0aok`oLXJs?<VCa2R<T;tCAhC#AWHrW^=&vr7E8Qrm?iv;Np6cSJISe1
z(y6*?&>WrUCB?T(h8EOZED1fh40DIpx%I~zxT@Ti3rHeFqJ!T$<}?Neb+VP!2-uWF
z{g-kT!L^nUX8|)09=KZK<Z=@fRsrnnh)m#0Em5zbv~hx`3~KpQb_@){;t}z=v2+6S
zdUm@}#*AR$YZwpA4#SR06GX`Eh_vVYmI8+LYD!I?ykbn>I581^z>tgVQy05n-js?g
zftWk4r@jC#+nXZ}>LO&8+vK?PD?$|1q=llh=aEG@sT<nXgA*<V3d;0cqMsLCU`E>U
z-txnyU0=87R2N8#W#PEE8{}*hOdSMSkfP1se`6cZq-#r!-qU&(eGckaNoJMFYt{#S
zsnN86QENmK6BD-QT}~ZpmBw8!n5$*Ny*<OINDM7?YTjSQ{3%IhKukb!d%KCD$=VS<
zz+d9xu2I^urj^f{%3oFY>^xR3UznxA-D0>k22m9OX<h(f2Sw`(HqrYU)o|%-UU_oe
zpwd9|N!l)7^F*5%Iy#j@MMDKf?qH1PO1$u7LCdJ9=O}h?IxP;;5NL>@*4hU{cD7Ut
zLteVvf#)TYBa-a+XT90XE~*I0FTTZXWjJ!U#A+zS4Zuw16_affAn(8S)&iGi<xE5K
zR_5RlDboQs3&W7b5^HDl;0xUC$<P>2mNoY?g1R}$)4Jt&Fg}U?uHHA+wHoavE^f%d
z#z0-HhU~Y_f$6kCK8UUod4652OK>F%P%nktAepT!WEzZ*yMkL57decSWZ8B``?KNI
z-_U$}mY*y^Y1ONeHY%N|;+t%03g+vdc4<wl3@;<sBcmB9Srd6I6E&hu%A4%q>St;!
zX#z!rhFS!(+!2kV`%V+nDtd372exM2l_H_rAQ)b}nu75p-JjrX(DZe{!gWnzSfBjm
zJ3TybDQ3od^g_na>a+dAWT%4Av9z!7h4}{A4ku$@7iF|q++WM&D6tl+^RE<GI4&7{
zwcaYPMb?$*gl|i1(h=z9eHL9Pk?rE6oPYbJ6{L0B7GQKL9OU%+0{jPsF~a+_KT^t+
zC+a=c11D_aVmr1|3D4GPFWWfjYdd!aIIa9Stix}`wbYVgxU=MH3NhQH8>;>R*B?EF
zEBdH?RqwD9EmV)uoCp0eLkwmj>i7atp5}Kj$Lq0n0TVNPE*^9@U&$opF3b=DDi_d_
z`w^_jCAO_b4;m{?ycQ#eOArnC8qzP->&oWuW3tixE31UO)WP7Z2gO_(X`6YLZMw}J
zK}Jj1h_*?u?U)kDM?4^P*r``B#4td@p_#7m$+u`hiNV+W)$>L)5*R`3EiY%*zd>!k
zdOSf7MM~L3<>s__9MOB*dASxouAq$X<J74<<9Ql*xf;V-^?4zr_Ev*zN2f)G7nME8
zt{t*cIVF(eVRGBp%d<{p*ID8kC&!7;TZX1-z{91$5|V!=DAm-lZg#WFT>Qh{;<E&r
z+;e!Ru#ho}Q#mU0ckxtKA$VNiQjW7Jm*?)TyatVnp!2P4eB(3WMw(7z`L791+EWc+
zubq6u9#j>t&KA|+bBT*H&R`7C`#e%|fAM@jqyo&XX&&|bc$@tptxRe23z1l=V>5F(
zOHY;RJFCMK(|O_7+gAh?e0GGI{`~HPrx`|nM}*kA&Aqk-*C|s?VOsud?Rk2FlqH|}
zD7?Ww9!44v;=xW$5ACpv<u6#>5jlg7a19965PLgl>@$|D00OYc#1EeC8vVWR`GUnB
znz{;=*A5GUyawzMrJ5dzy$Oq@8?4dP`>X0HZ|P}QeaF;N$QQ%6TVTy73N*f~7u+!|
z74cOPz6sN~5lvZzT5E@e5?Ev@cmjid68Dw2)cb|N-kx`@9`<Xg%nH-hx-R2|LiRvL
z9RpH)zVfLIYeotI3#Kx1r8&*UF(Fqv7!=)MsF;$Ws#1&OC=jp#Csrt#hvsFMzSOcK
zn7Oiu`ebFDUO;DV2fuYZ+o4nR)J(vqY=&B2$P>GIAK1g~dh_T?UvD!{9`V26bW|_7
z>z`6;F4`&}JW6;|2)rx{UzDrh4|Jn5*f99Y516mKo<>igcgff)Xao<)puc$dJ=}@^
zQ<)3`9OL4)@ij{nO)>G~FWNFKVsr@u&N7=9bOK3Yba9AYzN1zhsj=nQ3h$1VQp&&m
z%l%3PzLEdqZvx8e`INrVrn^$(pRFj;gZ-x!qRRe-kFJilb9+c{(Rz>eO}39|(jX{f
zIec~*x=o|f{6BDJ@Ash<LpU`=-wGA;gUMc82;#ns**()#7dL&rRqfw7%JDws*DVkw
z(rZ^=IJO{Sft_1%q;j|L8~iMm?U{UjiM=OM-b<3^es|zymC%KYy8m%Akf$Vpk$dyC
z3!C9i(n(Uj!Rd?dNOt7x(Vw*6XKk#$mRyK>b{Ff>da#y?s5z$|?uB)UQc1i-_DjkF
z!y@QYf8=j0phkdKCj(CENc4>sD;EL*Su=-ei!(cExQ(-iQ)C3K+(_|TRY8^QFdtfp
zJW|I4EWsMQ)FSgCGFEQS5v+DF&vMprhNiWqm<<|GJp`yoI{5{%iJrhKrHqVqkNw)v
zsaaMn&{c?(WGx$C+1E5nL7LW-*ZeQs!gTUO?PuAp$+!|V1!Z6vThdLa&45XIyNZ4K
zsTNi@8q=Odofo>Y)gEt?$|^8nVp>_Bs7S%3{SlV#KsbCCI98kFq5fhAtJA0#lzA%4
zFPyEkp1SbT!QZwsGx4<LCHJe?@0P?^r8bOUIEz#R={nM6x!RS4OqO#u`-L9szC}p_
z?CjPPE%S_z%X6SsxAt*PAEw1!uG5j;B1QIM_aQh<!E;^pjoq$XG;xXTfm7BwQiH*)
zT|r>h_QQbZ*|^HAwR4S$l!g_SrzYt_NRD+uiKeowp-Any1@CCa2O1e)b2FJG602<l
zG{KbMN`1xj9(GlsE`;t$^rG{K*~aFHAk{gf7t8}Xep5jRN2550ijh3bUtsMKx7I~t
zU7@p3630sIGvjhrfpfi<@Pr<sCb5#;7!*afbX^RK6k~<NGCmX>FVRrFM-+1hVZ&vc
zmeSQdf>NLidu2Wm{h<CEy~^_6zf&}>v%^>+xH~H@i8C7oJc7ZBw-0~e)7R&qU7Dp7
zsj0*JR5MCWHA@VvdG}?u6l*<_gP#|0$X~1jvpKZVJ8>4IAJi;_udX=iJ*5ON91omm
z;&kKK!`G9J@K{VbJdp3F8F4|qg9@qqa^epHc2_Vh7P%{wQ6D!=hjxAo3J(m}qw6si
zP|Q#3aNi>=ru%hm)+z*i>|CZEbxe4Jb%F(&`|l7`d5LxQ$RiBuvBVlk@8;@>)~v-6
z`rmt#n$a9uGn{qzL&6_7IkfA<9vGHvD-iLsS}jQ`)^@GK9YD@@iPcTOWaKIzmV@Z>
zac^hsnOpcOYv9i@K!MUDYMk(smtY0!Ra&OJFs}%c63VP%#uuzlAXWu(N1vq9%?E1&
zi3)i<jOs)%RD~-+094H3U$04w-Ta;$GUZ#6FQu6t_7X3b&#Gl0LCG}y6f`LQlePhg
z6Yi5xJDz3@o6uN3{{EK*E%^jtoong-?Uq%1!Y1wNg3vR(#Sf>0?Q8xG8t&ooU0E+&
z5d}p|`-jn0=j+ColS!0$yv6th%<DAx!<fT3h79R8Mh`lTw#5FZXXLzixI?8e4P(bJ
z73v$qWSVj%!nAJv@t&55*|jS~#AZ+^c=M(EAgu9cf2KZ@6<joIZ8gvpgRW{_6YJHp
z-Ffb%hM!Q)_om8v$SYmqpfQsP-=xqNz?Pue60)4jlX}^X6bjrXq(#kRrfA{80Eq5i
zxayfyjC9%gxDVmQZMm>OH^Lw!&}@Rqojf$)6?+HfP7_Hjcqs!|2`?pk+T|Rkg&gK(
zh)AX#?>-xnVjt&Mst2ESUFUr+KNsT4#mj+qLzyArtOw|gnTNay<jLRcxA!$7+UXoZ
z+&d;ph6bAZuphg|==$p4vIwB@J8+OJ`If$2e?a3fT$>5a-k{B^!0Qo~<(Ce)ax!Ho
z!Ex}nfQ*OkCT<U^g*n)S95qPEb_Ji9ge;xoe*LEM*PbvH0$czl%GQ>B$8cV#c%E&P
zJOm*OOR=L-MSN491q<a@NUW0by=X>bt7?a63DGW5jH4k*tg6`gb{c-f7ya4T%K~Sl
zvszVN49rCv{HTGQyM2c3rt2_nKrya68tt2PSTt{oL*aKn^if>Vc>J+xp<FcK2lAWO
z{05zeJZh@By6yMXsn&OP#18>pMG6&noyu?B5zF^V{KUSmYtn6W-d41>W?kPRr07GR
z9i2%URV?RIrx``hd+@pY?n%uFMxj%E9nL=>mlN>uVbhYG6U1QU=AJ*e!7dD=YW9QE
z@80O}PF%#&eQFi6OgVPDjWHO%FtB;u^aw9}Qo7aoFn$qhM!6hZ<w!Vjc#oH)v^0p*
z?9c82bQca40++Z_2f>>Ei@3KAin9y)M1uzj4udE75ZoPt6I_D31&4tIcXuBM?(XjH
z5-hm8>)-_2dEf85d-qmt-KuZ*Zr#78&p9nqBj@RJy8G8R@f5zy>ctp-Xq*=sGUmh`
z%7~2agx9Y;^cmC~i%1TDOce@4p?q^RMGmbv=owKhiOQMB9y0-vFcOV$qZuO}FVfg{
zFE0%cj{c8I)vQvs6VTgaGjd(_5PjplknKI83t!;E<J-;Fe#-<kMewrWxYld^bfLrJ
zV1~w>WX@y^qYm(sxi8sL_t$hyZRGM@3i6(a_9Lhh=3$Q!WPURUSL@S#Dqw|6>MJ>N
zw+`eJ{^yHr$X{nz{~j(h;4rcd9K^i(R(Og{H~IG?jAD^T!UE<zu6Ex}Eb9i3;WK>{
z$;1m+dhF~VIlyfyBX%|w5H3`6>LFv81Kc7DqI!6y!!;ub%IE4(f@XY(s;q?Q-oUof
z4>`sm(W89*t9;6dB#9Xh&K6bSr!7O`NBMfj)pK~}Q}Jx;ANS-VMII*P`gKf!B{vp+
z#|cFOxd})mC>u5+aq*>07o%l306&Q8rTXW$e#-Y>-)=R6r1f_TAz5!QF8bbxfw6=;
zxmX@a;I}8Asi)oGp(n-HgSS`V2VJ-X9QUYlvqSE@h-vtG_^lsgM?c737T*58ZBb5`
z6*zPUH{!47!te(4iod7c39pGJi)8;e2akq%qr?Qtd>S;Aq(2V}lk5*9AD2TASj<Iu
zq#)NE5EC)zi=@L3HC!cPwaG~eB`8Oj{2snxiauoc@!NQoVl%iak!=%g)8$YOg;FYv
zWM#QH{!MumGT42w!<fRhC|JL>=zP=f{3iBXXFlV`k|9(tO0G@@dvDT@%Oc7`RNcH0
z8t+hWY)51*O(nDXPN-2h3sg&6t&Fez7pK#Vgxh1NQI^jk&)&HACky>02~uvlpzAeh
zT7bW|3!wpl{9ex~`3B2_XUJo)%O4yj+$&j@(sTkGaapQWmVMiRW()2m9pE9Vx0A0L
z`?miy%*WqNQD9gkByOz?;Fa{sPdb)u#7Ze*E9D1LMSj-pQ8AI2-oTasLLm%LG8SX(
z<)Bi>2iW!;4;=Ouj^_`Mz;0Uy)#k*;k(sAS1JYI$ejU%QMB^Fp%u!sgV*{Vti8?Zc
z06Whn6%;*`K*Pvk|FG`9%au&G9J#w10pRcmA+ubV_{j$}@q_nL&7*6Fa~BW-0UacE
zxvbt#;*VZR`G8G+oCVGTjuaE|ug%Awd-N|ecFwozJ0a4yaEeI^QMrQfuX=llxulF3
zX0TE77aZQ30VsYEpewuh53kQoiu#nvS5MjBZYVv0f0$EX&jv^G6+4ucx2rj>Zsn${
z#JY)P?(R6w{O8|TQRKe2;(7b!9c_m$l69N8YSSIwec1IT<d&yE<BDfFj`#O@aoUJz
ziw6>7XhH1$G+wkhx~vvwzQB>~UU?}I4cf^xvx^Cj;j>+SC^R$<N7ZEBE+Q?qq%4dO
zPgg_GaB-9^%v@f4!pfEjOha~4HP{Wlwc+O05BS@Ey&r)m*}`J~r5ChD_#M`zmtFnZ
zezl?n0VX~q!SEP%RXRETa$YSvR%>$|m+v^|8(IfGB=?gd4?hI72)y2RHAyqp%;kWC
zDZ^e*Za(bE5c_H*(3Lh{rR+oDtsP98>F-dS+}9x9uSpC>cLj+g?`n4!Y}k8Vf1oP>
zl^#UKIVi~`Xy?4i!c_r=+2dHrsI#XAZK8_Qq_YR$FYxfNwL$MF5U&yKtb!;bMFMxj
zjmN=2?Td%~N+p!xdqq{8K@%4+x1A$>^ECfQ7iZlmioxK99D+93HP2{l7{Dn<KY*Rv
zN(yMNbdPxYi#PmM;+MUR8xw$(Y6-Rk*Kn&fwpY<?w543M^usDT6Uq1Y4-%beq9X)<
zj6%@{a-ycJee=c8Zg2ct5~U?X-I7rPLaBdmygSRv+|=&=d3=3<pvq6shtr_?1oeHX
zxR+>w2yJTHs5<O{6d$6Jg^dIUoTfS>7h?vQxkdX`3F4#fY4&Rax1bo2X0at5U~;^?
z{?A#9sWiCF6Mwwf_U(N)sn!;f;Vg3$G$p0+&sB!Whh*T<V7es*yBuuyaViIB=beE;
zI;ku^&^n6Bpu6w=-U1epcFQwdx{(FdZlZoa%?S|mlITTZ;aOl?l6-Q?2LU{Zu*!#-
z8SFc-tiWpS(6vKE{L0ti8070*5rRGx-qDMI+%f4Et$Y>~UKnVcU1<Y`>FV?6pvtg#
zx9tNQm9fdIdH#e0pIlAA7&Ht`RJ38a3v^!Cbc)XmSk#MH&>`-`Ym@l*Z|B)mx%byj
zZ!A%T8GS4p`nlF5HIYe}<|KzcAEwgac})3-u9gDA*wHC!`x|Spk?RiWC>$-p@%rN1
zKHar}L<lK62rK)2(_tuomy4y-K~WTJ$&Kxya)JXY4)2u3zq7Z6_h)HJnC8Vo7cnRt
ztrcjZs}ZpX(>&Lt!a|SSQ^JN3BI%vVq|;eQDssP5P}C}mi!;g3|G*A2U_q}98|HB}
zZKQ(X-XfCNRqv2acfgG!4;iMz_A$YVOYEg^7*rMyE^!R+Cq%*`gmd8~Y`GLk9qwm-
z=r#GA7?*`bFw0Mc<6{yB<z;i|jgoLnjC1&%G}2AD0Hka>Hro!=0mtcFLze`{hA{!b
zzq1v!(8T7LQh!NHS2JN7WKMv2xDKbI;J)Nobb{hAzlf$pnCyr%;D{o&%s^V%%zL9~
zQ)*p`0v)BoeECxnzP|Rv3jM(dq6BztQ7Z@kUHZ{wqM;I7Wtq;wDiE&nvuWnu6h-%E
z_JffgRlDDbLT?oOJ~^?EeS7P*Xd(+WtUyw$!hISvb~?=AYSjZ1AP((W0&C{A<>b(g
zTwoJ96X#$gf)?-h2PY^fK*tJ;B`6=;6CG7~;=ElIX(Is}9?8PvXuRX=GtHC3VD2&A
zhf0aIw4~7HRo#oUJeQy0N1y$dP&<o*S0AbH3^4ufxue#dR=z1Vr?O0l{1*T0x0nBB
z`de^}08SjwoA#G<a$|wlQGRMIgJYR6ivosz>}F~);O5i&B*0A|tjTXk7QQWr#sXcY
z%teJp7Sg8bE)>b}XO#DLFr2N`+nUi$F@~aimRD7Q^+$Min=<ah52bmkv@6Pp>p?Fi
zM0s+wpW86Pg0%Lg3DmM$d)Ril%)@-VBjis&ERa2e6&jyQUnos3AAU4w`*PFCWF+$2
zXe?yLTrzJH2YI1upi(+~(xyG^+6r79?d#nzt7<!uEWk;;DzkGa+C(>yT>gw&7GDk~
zmZINs<4k%+s`AD0l5iRoAKs20=SA-^hI&Txmq-?_fdv+fPyXHh*uaoyqvc$xP#^SB
zdHk$MWpoLh?(HqhZw{G@$QngcpUSTM^QmF+ThQ4eK?@&LqV3}m*w4-Ry$h12sdN=q
zg67v9jx+)Ee5l-P*-B`eb#jzRf<QK>CvXvp?3$vF$oulZDiIy4GE*1mIqxm;+gRwq
z_%^eV#r8g-Ja_}CAmWmRd(tv5l-eK2+?;Uv1|r6|9RJZAP@6^`R_My7C=zamzq<GQ
z*;xR6&`ueGA5OR4M%vnl#0gw)bCuxVDR#XWqhBVJ8X#us%Lu>Y#^0I)=3AJP;9YpR
zN$_uB<6Y?GZp#Y}v^u|2hU`aVm0I{1tF=dohCBB%0@pzRh^8kcgEAzTCM(>zU*J>7
zcGQ|1a2ffc*p*%a@50IBUlVmW;PYR|zo53Z@y;Uiwm*y<C`ddJM{HN%s@JnehjYs%
zs!mVvd|p2^*}}CqeEg5Wr-Q8UJ6iPt9bm2ntta#y4xWCirwmSV8z4@28;2f+I6to&
z!VBV^1?s4`Z^0IGd(lfYfuCBjIr=KVJ~_olI&?P26FkYC<Rj~rP$ISSo>YEAM%lsj
z0;qnmC%*<gUi}TWZVjn;LM??d&+}8Jb_N;iF+iW*vp1xY=q_x{ko_3Ai~X24>`DmF
zW##L`1y0#>39gXk7!Mhe4C5{f^NuUY@Gk~vzQz{MWfBf^Nk5?R`(X(YH^(+vG+Y7t
z@-M6=Pm*E|LG<<z;a6GL!JTf8$DJ-k8+ja*kM-07I}X{iqRy>>Is)kJWl)CZ{+;fp
zt0AAP#bpO5U!d&&HD9pPJqln_)@k|l{Xi^^H-b-d@Ky<DiutBg)!eO*Y8z{eTT{J4
z1DP7T5|oCAz~%lW`i{!>8KBR=OenF?<sp^er}Xn^x=0@gK;isCSG$#?^z6^t=?#~H
z#VDnSw3%UX^Z;m|wDeVsB{QRjwaXRZjLt{wqq+zz#v+{gblM9mP2!IB6|~l4XpGAm
zGiwbWFe1iE{1v{(P^Ib!jf$|!ki`u+@g*LDj+o$XYyN5E0UZ%1FSMsWlN@dY6*^g@
z|IaEKlyFJ+quL=uqnS+Rg&W~cGV2GLei~^;3P7IkWuQWyFl6b;<bi73ST{6g2*Qt7
zw18@?Fl1pxA(Yk!u_O!NLbbahLhU;s#z#uAB)_}JLW~EHpwZNr@gR@2FFHo4-cO2P
zt$b&E)-61|DujNY-*e~;#$xj@1?F9Q+W(I6N-^ry^BMn%)LK{LVqRBy@VAvJe0Yx#
zRhhsQ0LWgIkCnTD`G!Y5!8Z(>3IfP~NiwwjmH1whT1&`mrZXVQR|fuc2#>cdlwpBR
z`szAX`c2xcCt=rJCC7&}K<3XnccVVeXjI4-!ZB_;Eu4CM?(-_bh<4zL{SgJHw4X1r
zb=zIojxI7iB&dQ=G%lFt_eOQ)F^z|bIgMvDB0A=3pA#7u-uaR{p$L#`dbdQ5H_|~e
zApqdfq+neTDjX%4NauW`OspeoJMt}j9@!Ij)hJTAv3&(tyx4A}Mx03&Jf>OS!LeAY
z&yt05(#$=7E7AEoc~bu4QuP%MMRRwFeej^=aQIm@u=fHh+^p)y>Wce{^1|)6N1TA*
zGqUO)eai<8T+Y1`07?bM)FUp7qDE{aEBsmwVpvRExeB3_a$Su;6*UEoIlZ9qH=%gj
zOVksZdyq*{^@rl_jo~O6KQW5P2Lu<xVQ3WT*?;<Brkh8c^9VP!*zX7}ncjq#3GcCF
zVXzR$6nBX*U3}?|Gg8(u%x{VMHfUqPHY$OZUPEFQ)5Y(V7oOvfUm3YX;yjnP*G#DA
zxvS6HhN*y){0q4ZconMF%qXT_81eE)1pB$4>L5!|u2Q3446QpNkF|%Ctd@0JJqsit
z-rtzD4Gp`j&|%{XkZXKET%g!=o=JgkR{p8|C9sxgkEPChUp|k>0gF+hf28tNFW`g_
zVk~wSo5bnRx`mB=-HYT8gh(7bMVHHanQ)Pkf<J6)4}LhvFTeQxwORL1V`>f0t4-X!
zk$9*gqTac?yX@$t2KM(K!;BXe+{i1{?*p1&gQj=AvJ}7ID(ITQo&&U*$%Sa@xX}n@
zhU>4XbeD)klaVaasVNXGVes?S=?GWEmYyd>RcVYhcT<@>aDR15;OWqnDv2R}tTMiT
zB5}dU4HsmpQlZs_zJ_a*;8ZFPkj<6NA~zKq(@Ut?cm=B+N9KipKt51N<lCZWq-}!o
ztSb+kkCn}4Y3?Z%RLf*sMt^qh%1|KPY=-J6g|6F)45%kjWc)=X`^=SZdHK0fMYCXn
zr*tv4`|Mi@PUnAElv=$ghTf4rtNy!`V}?upgslqv7(kD(F4k1mlPC^_Qml9B_vGr&
zYFT=VVAy0%{@`d#?nC8)F9f|5r;sQu7Xa5KZ*)~(6{_HW{XsZ(OwJcS>#s=6w(orC
zhR|5wicK~ttI)kTgqgR{WLqXN=t$EWjVMW2Yc|<8-qw^Ah?LHoQ>@IR!uEio7Xpl9
z2}%)CkLlr}V8nvp8U>y`<JG#5I=|T4P;#W}37fnIFF!WmQ{>RLOMvV~(`Ho|<5+GJ
zGpnrZuiTDNopC}bPa-sfV8=h^B}cPAT?zS1wkQew0K<Yc+U-+I`|G6Xs9Mjn>=${_
zIxsCfyn2Ye=#p+WPXDkG-AB5GO>4pH8&jeGsf=Sie{Hr_C77pc><QCfW!Ajg?a3t;
zZ;;CQDns>~|Gb^Luh+D|&<H=vzI_SxE8UQ*t-1mBK)s%qVqx)~gMu=G^z(SKha6+f
z4<3x;NQu4a$Fg$^6$&FQn5118OtSAI2RO|5C*)jjq2?CW5A1b;9s*);fW~Whh8@@7
zMr~jmh(}CkE-S^$SWrwg9DS!X*GLRFh+Zby7p!uF_TjTjW{Mff<W#rvxd8hZ4-uF8
zz4>?K7^rBlFm#-m6O>cbd`yk<0DU-mR{%GwoQ7{;#9^{thQV|=oq4{K<gYQ<WB~;|
zs1Hw9uwK3Ya>5v78TkqA05{9va1^HkU2rdZdX8}qaWa*=4f;@TvNW443aY<kT}Hyb
zYAfW%fTUo24D_=Vo8e&$w8E+WGP}Ni$kz6NF`#3ZGABWJcJlBO+9E}GZs>r@gu@Dz
zmlu7>a=^V58?(T+<7LIEdl`Q{k%OMsyB9+OBXlL$wmu8UU(m3*=lfPqFF($rnlW)X
zuOHuL0bA>3h}k4o-f6*abFR4$S+~m6aIZm7K%N*ubJ6#-krb#JZQCzlA;x7I@J4jj
zzq**?9NL8;N~?bop|8_SJ_Zy!u0FlMTJREk{m+igYOvs~qpZf@^v%+LuH~-3cJ_16
z7o6VRQ&SAuHy5B;8(C}kLtf$U`fGlgk(?_M$Zjp)BHPk=w6ZanN#+!sAcR2E)5kwT
z)j+uhGlY{WBX?eqH(!1nx%U{+MKI=prVi;nAbj&OH~^0;4!MUdpFev{(Zh&wO$)5w
zk*}S<n`rJo*1?@}ln#khRHsG!>;nwa++HK=c@UBC#5~F@dEz@OT?!l{C_JM)F;XI&
z;SwKQ3LAE6Sc8eX9{u;kQ!%i~WYp?7)qDGx%rlw-#m#Yop2@O#04~v&XgOoVSps)i
z+?xF@I^n-oZgUaYzT%!}<Ve%w?0dYMx6*>NtYhh$Cos3DeieouSe-I438bO8xDG=P
zy?+kr$vTbmJ&U40OK@U)9S1pD4uKw+k~J5xka5PKfZ?=Gk%5Z4Bk`9U89{}jiS!A&
z6h^$81J*?(;oeivZ9dqwiLijt<(=0G+_j1my!#7xQXS`a4sVqM7Yoo}gOAwk-j6PY
z=7E<st}X*8SkgayUAKhm(Co@5?)-TE`x9s=qU&Vu{v?#VFlwbsXUVSXb+FclI0(9O
z0hMP&CyT7^|4;G0*9ry+;yZxA-G%l)s{U2uQsE7?0A<04TJVHg()aF~;5pxb?s3i?
zh>9e6hbRcsZW*-E%KbP8*;A5l{yx8PiY&8nuiD*udT@#w#@yE1H#fs(mYrJHO%DYf
zv^x|R($E5E70OoJ);&#@(7@Sin&wkKz{av&0=J^m<Js#I*ZT-ais|!A2X5E?0X?N(
z4e=PU9BwmtMx}at3?44~Ep3Bjl_aP4o1SEpsxB=a0pYs-Y$$r}?me&AvtpoMnfjn+
z__@?B{M)DOMXK-`1nso*KdOU$2L8Qr@XjYkIHT0SJk5(65V8!N6d(qKJPLH&ql+e~
zWYp_@Q2wG#FrKDMKrLE<y{mnB4f!iGwb^_nO%rPQr7Ml@@7CMjlfNF(dRZMWf8FL;
z-VX-X+&l#bs1B3)^o&>!@jJiR;Z~-3BPdb?3%-p`8c#hp#XKMQJS%#``|ksWDU?`Y
z-vd0>TMiy)v9!9-o#WFd_1&2H<Y*Pr6R|OAerI}OW@cN&yC=i!H2%D-a<xVT<;eZk
zx$!?D2K7o0rRgGHB5B^zn%E5%r?VpINp-&)zy)n@Dplv1Aa(}w>wvcMexj||$A{-=
zbGr+B8rmkS*o~GavwFcfw)|MPtsE!^b8#ElAz@5aahO_Y2jtl;ntz()(w@%_&#oDl
z#g>=B;<+B|FHLqKJ)ud78=^u$iB_VsZ&cd6^ui3P!Zsa+e2ZY-M->=q(lQY|9x^LN
zzDv@gPOSBoX1Ad)*z!%6AI9~t8UnPfQ#M76lJF9dVz39c-8}rpMVA9><$v5Q0gMK@
zMaGJjviyWkzeX7D?Ud)T(3C>o{<(qmqn%>VmEfy!U{YwZV>}ngcJtf5&2VtveT{c#
zO(C!PXufzk@-_EhtX#25gx``H_O3eGL`Uv8c!M(Ejz~|%MMgL}+LF|uI_iRXL=pq%
zyYxJ9-m2z7B+|&)X8adBHqbY8|C#n!TDC%}6aN~mpS)_a;=h?DhPd;$RU(*eOek?j
zA8-91i38YEEg22#C$#DIomqsmE1}gUowfGT_A-o})n-`b5gLL1B_po{evV#OmW;PN
zW}EWOL{&36Bq2^<bj4&!mc`hLh^`R?ivCS}fv%j4rt)Y&!wFp9YHoY8WX~S^mQ$QK
z-(3=WJ1Y72OBCO;#%i&(pDcrRw<a@w+*#U@@^Fc)G_sz-esxsLN$**U=bs-3>-?!t
zJdHn5?+iXKvetY;M=7xvXrtWq{nW};exl33*518y<d-h&?5~ZS{D)d<7{)>JqvxM8
za1Spn1WR9l1=((Jcb!!-E<qPvnc|w<s58ZyT_zXBGAxjlozT0kdI8>a00!kNdX}q<
zkWn6*E<f9TPu8fV&27MRp$j6zS!}(mqU`+!!f^|g@<Ts7+m{p{N)III#%PGe=+Ch4
zwaK+5gdZ=@w=??No`M45?b}&`o=&z=@ax@1oRdN1I<2<F5kDp^!UDsLzHDdnF|G~P
z=;&XzR71#lCRe307=V8m(cg`OBYPxa*M3(5uJ-|k`n$|Lyck)^7GV>v$O$gItOjF@
zSIBh(7lu}M_zT!D_IF)@_Ug{(n<D~7J+Fbae1tGhyDrC4cOE$b0V3-NC~f(83k#+w
z@=Y82@5!+x`cINvLgi|C7#bPmU{tp6O|*0hvkWiXdE69(Lyb8$1JYPstDbswiTxtD
zRs(4>grX|O28`*vRsF95xtTqnnJ&r`-mB@A3qbCpUxYK!@WeDvdSAY*iAl@2*2SB7
za1~HBVng33X)#M0zUo|7ESx?IvnTg~x9TVZfIgiiV3}e|?>o4UfvWFwcN+V(ZzUCS
zopZKz96VYAHZq`<22sCSfTs71+e&{!)2`pvXg3^tKPv#XB_1TdktkQsjO%{v;vUl)
zsH?hHAdFP-<L~rmBW1RM!XoJ2Nq93%Ah2ZNO!HeGn@fk>?svg8YY#pyIBiX2_x>F(
zV%m}L{QwHGwKUY(buFmIPh#=uyWuGbWD)CSJP!XO1N8x&5{~lz#Fbam91a2=kM?(f
zGxgx!TA$vAEFG*yIVy%_9&9_dzqPlkr%ol*6l6blojk>Oq^%%9wt<1Yt(t?+ALjP+
z@oO=uSD|-bbO}jTVSz1Gr^J8Kp#Lq;UF)t?i&8vT((Dar6slUhmkZ1?6eu+wPFi?q
zC!~b$o+Hi>!DKCTXePSM{44Z<%{E!kaduYo@|R+}ox=`xcm=L!Y66{A)4!*6;kim#
zIc_jIpHZg?{Eq_)0BonhSRMV&sBum{OqZ*211!vsFV5ZDE7bh&_i86Kli<1B2Xo#S
zPeA}%q3VFtlzOp3IpD<3DieC9mDwn@UbZ45-`o6z&w8J6h4S;l$ecy6{0OiXAt$fj
zy=WL8cS9`Y;L-hLs{F1YLhVa@w^VzJ9z%B%-(O49F;{irdMD%%2S4bqQ5T;UP(`wi
zS<1T^d5>zZ&mWnqry~(K1|Hv6$y-%tkCEtaKD6qc;kj~61*Zv_)O^wJEp%epv4Y-t
z(iu%P%IYy%WLOJ-G}J)(V~lHU_JN{HxqMAD&Y6axETNIuPJJP79t(hvRk5bAa7zkJ
zPZ<exF2IY?+wGqR<$ZgLYPgk|Zp7ya(zgejl&(7rsD@X%?tNcN#czJcdf+U$(B}TQ
z_u1%j%q1Z=SPPoW9Ns(VZ(bZS5%>O6T;YTjpYgfKh+VAnu2Ly`Wl{W^HgChRA`j=1
zmxGMcASZB1p3S2=J>CIThKuVM%0ebG;tecPe?it75qe*)GUQEV9`E*f2{G~DhBJji
z=1%M%F+t!`#jR?YLbV%p+t(}NM<|#t*ye_V7kq60yP+jrCBp$(hRd-#=bQPef4pr6
zjm({h5%mf%|6A8)wkfxC&rjeSVN<qg9>x%PSSNHUZ)G^=-!*!P#8XM$Ikl3BW<+Wo
zw=ei{kpb~hy4;i4Sd-bN#7zk*FHr+a1!L1nSZ<QQcKw{4UapbTN8Le+manQFPRISI
z=twGuMh@vdroS`QO7#VvfgTq@@_+kt^$E=4(THli#lEptATSt76~L?WM-!RX-MV0;
z;U3&vEyuN=o0cEw1x##4!4|>GBT6}IZT^iM@xqBAZ=9`N)K17Q|M>^V%eJ{8Xv5v|
zU`%YO+em<WX}C|k()>OMAwAHZx9(RMd5^g%1(mK@>oHDZQFGG!hbgJ>$PZ)W!Y~hX
z0W%ihVtk-PqVIa1b~dgWYOe=KjJU7D{PJ9+*H11wke}{pDtg*Rd-L@r$cYCmdKVno
zmi~^>`Rm8lI!Z+<3oh)x-5iw2cK2jV?5&`nI|&1+!ePTlf9{U`X9Im?EQe(+gtMAZ
zudFx6oi7Y<J0O%eGLZCp*UZ&;Bng(DQ=x}@JZ;rv7Uui5Zbr$x2vSnWi2&`|+n-0a
zjF3>dXAj?~Jy;KihNFnA*IxBotC@vF%-<V4e}n0BIsi2nZX_QrfHU!Va<b8EjJ%`u
zyZ;WZGg*-(rBd)oOxU8K^E`v5B&25ApvcETK41?k&CVfkrrli5zel;yZ88}xAWsf8
znw5Ex|6g%`6S=`@<wAs^<jA~#7YL>P)zn!N73C5MbvXaWHD(^3(fUn->nM!tvr^@%
zpc~O5vb4*+n`JkCi96I%{W9En6H0xJS?h(p+r>cHS?e5SC<7?M{me=s?!`ZMfk@<L
zc`62oSblz^9aK7SY|SQds~tu`UdOOSbi1sUK|ySU?0(joPC@+1Rm8Oef0ar>@DAs?
zw59`UhxB&Y$xV=J3;S04jC0O9io(4@MKflc=eS{0?&on0^wM`hbTwA>KW1v2j%x^|
zI@E!MP&5L*+r`iYyj$%pn59a#X!i>Dp|4?~9<$boD_Sux{kaP=(wHlZ;NBCBUVf50
z&RhD}Ffs@!`qO3QSk3u&-CiSul>yRoFOxMW&(qhzt!hPU@<^PT`W?d#QccD!(4u+A
zNW(+_kX;TZEtbMn(1<qp5-)m`wI@C!O3EUdrIzdL+D4!UI(2lHPa5T8LP}gvO_Fqp
zBDJTDZ1xg*0c4b+FAyKxD%RzXmzam|Q*KfI_IcgYiCR^zb$<Fcxaa<vi`E>WN-#Y^
zlxLmaj4l+{H56=GAh-VzI6%Yt@Oc;iW1)zQ{UDbjEmMI<gg`$vMW;k>e1=U#+i8B#
z6%Mm=`nT|gTPDb^3b3){#DmQ&TjQgOW@uaq4g|jmFGI$gO?(*g{^w`gXhNzkqz49j
z(xyj7`NX)70l|l;%zwN47`UY-U}6l}N`PjNxm4#LY><FIkAFY>)PC2Cm*B6(35o!I
zpNIgZev%&e^?)&Rfi*fup5lCe-us$t%(S(#E6G=+BJ=TQ-(cnuPdy>?(UGWSPTC{T
zp+O-102_JWi7!1B$L6Qc>Tehqr8i+ne1#6(u0^Ipo`WAJWS?(joKSljJJW`E9y*%w
zgl6ZOX$-!c>{sshbXrP!Zb!|VZV!)Bc20NQVJJ(VCXl1MPOr%c5eWxNIsXYXH@o&f
z9k?$pe}UGeY|*?G+S?op>9Y-U@|tumPL4k$5+PbUb>-#-D9?Jk(MpBz^YQiHZ??(a
z-qV3U-P7@jyYZYWn(97#g@<fTpt9kk*4$WkonOOB1iuPNbTzgKL&9!_21I%oDR=l+
zi(G;4At*se*m&X>ssi9^p@A8Z^VfdVyL&o!ODMse^n@#!^MpgV0Lt1X41{X&|J9{9
z%}iTuc6g!sbJ%JCiF6W^y1Ca2C2!aZ#dEh=7~<dOg;GA_;6nk$v3bH(%v*a21CX4n
z3gEi<Y!i=pg$MYz9igJ%(}CPc?rGUNd%eQZndHu)miZ45!qK3@r#_~ZR)a|3CtT4@
zR9xh9P!?>_Kl+T4MJGa6sUISfq<L10y3G#%F}C9st}lye5=kK{%S;){s(1ClZx>qx
z)5Kk?Xf=NG&RCB5p03H1pg)<ZQiP$=RM(%t1Q*NXln`47+E9Uybw5YfuHrq&gLVHX
zQPu7%2%fc2j3`gc=5df>kRWLOK2i$P1eA|nL%l=VpInrvVDpurbv%r9P?oCE(*(yP
zvk9IRkuGF09@G**khhbwV%^Ul%8H@G2NgIPAlUsYW;5an&q~9ECJ{A?3~Sy;{Q|v!
zCoR)(4tLEFAYDgQ*)0*@lDNyCl7rsAqlt0wrs|MT6MxqUa>IhePQ6Q9QnDHZ=T(+s
zEUQW$wG-e_@6d!Wqvq=NxuiDpWycJ02hab4R$GM3j!`O?7wwhE<zPK!48{&Rd8qnh
zM+4S+z}dK*)C56tNX$IR*zRrVN1F&ps-pG-Dd=pKJ>V(o9^5qa&YEOwu(7SJ;6E=m
zITs_itkgH^8As6mZgR*Si8Iczn|t!eih!)f0C*P`>c!!NqfO#6x|}AbOgv&-Sv7n1
zbUgaK!%n=3@F)uN0gOEX5(Q95-8K`%)znXsNBhmaYjp`UNS%&%ufMi*$&F86s4U(6
zyE(AVxB>w~+n15RxFO}rBXFx+^GVr_$;d~2l{_JipPmb4DG%C7O$#FCVBUw^#Gj5Q
zjOSwBM_2_?x4}Em_B4iWO;eBEsOaVc+NjDr*qwb^HI3h7Oi3ofE4W+mvlh$WI)+ZX
zB(Z*oUO?QllxMrAu5UYqtX6LmbL(7gnosB@?&-ZgE88q+pj=!L4(a)P>l&k7-L7Qj
ztkd)9-!bqQ1<qYuK~p|YVzyl#70cURfes75bhVjrPmZu%yb2C0KSDq2#EV0V*<zu^
z_$raGznkwjNrn#*BFKi(<49|JLOlrX#sEnmS;-t<Ip*Z5C~0Zh3IrstQB4IZs#tKN
z8r)YWPyR?=gsf3l<-by4`g0-W3ApRW#5#R}qU81ZEMC2hEG6(E(AzM(VQ()f!GL$F
zpdCbZndhEoKad*Smi=pkoS)Z$!J}5B`<?Iu*L(ZB;dAwEMej|=uIS5}bDxaYg){Gr
zUr$czZ`Su+f3@We%J!@qJS&o_=B^sFJJnYfte&)O4a&}}8@wv)49Zp(j_(>;p`=Ec
z)SZxzt;TJa^V`WySF3izw$+@>e~$iYs~MCXTdR3hlvb(THduA4k1v!yYI7Qt?OV@z
zRkT*A-8WpVt_w7APo9nc@VNfpBiDX-+^?<+Hn~im{r^E;IKH|MzNLF^z&gfhj6(aT
ze+A8<7;7O6L*aL2TzOmPG46s8Vd}AIh*?cs{q5&0!$KcZ-|AFB59K50d4{`j@W1Q{
za>-*Hgp_-7L;?gvJJ<@;aC5ysZj68_6y-bTW0p2};qv=zj=lcsu+7w1BBIH~k_i~`
zRTvJJtj+VF!vBU^lKsnbb=&upw{w7S%_5wvdiCfxWWf+ob+8~6c}@^D0F1)9k(+Sx
zR(hy()&mZA8P-C9=hCEl2x+^VRzcqqS&LpxBSktwQ5(d2f9k3f4gT8gj{{AUsd^x`
z^UUJThO0^<2jTW_4DlbXvYK#(tF`<@@c+2HL7pTqM{kJE(N920`v)rwngH?R_?-pa
z2NDReI8sRaw=9C%kktbm%o~yejsDX(xa*iab96om<=_a{xFpx=(?UvY=pzs*H-xw$
zp)KtInWuI>OEL1d^nF8C(`9u)8w0}ky?1Sxb?L#po8!tYS)4(HSt0ON{x5itQh_Y$
z2}08{n-?G!B%2b4gI5(@Q(+OQp&1GSLLwQm0-<k+EZos`q;0`f`49?POHXmE86uT4
zmP>*L;B{w4mn>PW#p_yWf8T#Cza>diKot*tCA{n@Y$3LUtb^yyak!)Cq`@d;6KAwL
zlCOlA&6z3-mBH0wu)O!e8ydYca44e#ke{E7-|{`96G+&6E2?3T6H*SR3#hUv`IAN9
z(aR@kI}JbZWhG0GxQ_1kn}eMk{FPE}k$-e!>2UYY=*d#a*%4K9IoNfFM-x`N8qJTt
zdyMTsUs45&((l^4!_9l-GQ@szvz#5FWzsB)Sb#+QFys4;+(cj^9GfT#mDVS6!v9*r
zJv@}FpsV=`Gvii>^(o=><=Q_5CaIQ~R<;+D;f2=3a&R7$6_w6G_L8ppQ%r8S)>3V7
zHVSzr71qX8@yPqT?ej4GF2X?g4#MMIf+02chi0S6y7LsZ6U}U#{ZRVGezE9jcWH7$
z=5^e9g#-mm?SdD!ogaQX)xUmP!F%a&?Rhh_--pW4u%5FaWaj?<Et3L`>r#M!MsGAN
z^#L?L6gmyIgE50?c_69Ki#rL1<S)4G*4+Bb`0}la?Li$uj`eDH@#3r_>Kh4kbs+Vt
zHSuB58ipPBx@y(8{e8zDu0dau?I#wA8hAfsC%t!FqY##tj~(d~c4PD28rblC2&^>{
zQ!%UkF+E2?@yyjbO)9INDIFKWqNKO;iE;|g2i@OUkZ1q=O2!X<4_96;QwCSxQ30i*
zfjJpaK<D6eQR@a7NRuc0fejq&D*rCWdu-K_tw<R31A~>?MBT>_jZW@x{57!K3RC|a
zPITp7YyGcO`d<U!{3J9ncN6pyy>pM@Cd9=BuQ2!JNNZM3yz7X&xyaXI{DxRKWbphg
z1>l$A;q>&P2<*6fT)8tSId3}mPCIY%dUZB9uy=9lYH3}qWNIptZP7J@!jx96z45(N
zRf-lg6D6wr=crSCZlU!5-c?hp)UN;guIgk^cK+XYRiaMyz6GlX?GFZJTh^Rj6@^uE
zHw~$s>N5*gkJ^j|^pjfyb*>NreSrkP<laD?8^lvzAP+EkG*IUbY1bF115BRH{qVS5
z)fa5i_^*+8Xgzl)M*e|OWdRb%xdz6~5{svNp=25Zb)%6V=b-&g%kX99T*btZHIK<>
z&Jd_!5u;La!Hx{A9{}n`8^$t&F~hzap7}(x-?<j?=_+a0onCrlmPb2FB?-B;^zTzO
ztK@p7G7g6gFUFzUq9BT0&t(Qk@%eRx;3h^ySxdRSV|oVQo^7Pt9Y|M)PkE@k%zu0E
zZfFDHG{Tpah&pmQ_Fk}JQd6>}#@d0zW%2%8{<ae2g8&C0!9|yH7k0GL$rNqyQ~ior
zj}x4RLYj-k%oiI1Y`ggrHgtp>AbX-p-7|@kps6G){wy6+)}xf*4H2jbg?5@(^nlNU
z7XH#Ay6czw5t!A^WC@CWb{f2m%i^5^6}bDay@O-^AqYoyg&21HBhPFLh{Y;S(`;u&
zw;X#e^ILuE&q^Mv=T2G&Q=mUxixHpXs)a95nNuC5|9Rqh-Wyv|tqvG`&eSdm3Jc6C
zVW%yywVz#Mlj;WFetUvLW%jT1yI;Dj0PHQn!V2~UkZh`+`9}<!79K#llSB<9(8#Vh
z;vRc(R^e?v{e@O)lC!chp-1S7_`Vd)8oyF4#x=DdcNwP{5(%YYRUm@Sztj@qj8b5X
zNrCe~q}5cyWBaHyoG?ii?f%M@lKU`~_oy^K{2SZ5eRhDDpWspRG4yZzM77DjU1@2&
z!d#OXf=`}Py2aCWoFGSEdQ{gVRMI8BC`e8DBz~R<f1|!X{Brf8bB9>&*&oBDhF@XH
z!}t+}Xex^nt@IiNzv@gfMS3K8bqShy2lpl>lGh}66-gHq#)z|*OGOJ!`Xk@vs5b=V
zFZ)loT2{Ct0{dhPlG_6a%xe0Gg#2#{SCj}<t?+HktyN^T%0ta5ByH7LqVf3Vw8H}J
zt9iD$ODI33f5y$G*Lw4P<md+OuHX8*T{f}lh{<9{a(A#BTMmvF&clvr`&q4XgrS1m
zdL#(!KY#b!ntoRag~J2e6D|^ULC{evh{9RT^hI%#04<^B%i<>#V;F>WXPSF4MI-HC
znXu3$3iL5VwNOD;5u4O&T9c;2mtHeFd1xlw`G_d%QdzeXpY9?B0#crwR1S*>VPE!7
z<G2XdmqF=Oj9)#0LL%g}^6-ixotVR2Zq+55+X<;Ez;6uUf-D0<kn!^0fqAwCAEM7c
z0%>ZNt=Y^RdWT@SKhjRH$2PO|t19WDP628z8MXD~**Yyc>TfOV6?S`06npVvu#7?q
zkW8xqlda6{bKI?)L7avmHFW1*bf@Yg;0+nxHj~TKNL&w;^>K~*sve<w$?1tI&nigJ
z)o+fQ{>CB-iTPg%qO#V#n?(NfQ`<O^DkB##zviWa$C@vF<vPP@IC1{TlYN1vbWX0e
zqhakKXy{izZE%otUC7}y1lu!o){FA;hxSFbD@9&F&mn}T+aw{FjFH9juLnN91@Gmy
zEyR%WBFO6_)4SFV>=gl|U32^1#OF<W-ffc`+Pps2l}zJv1ud-{8o$nu|LEzpmdUy}
z9aS>*&6zc~qG|lvI%d<=D=ZuP>6B8*G&5(`+RC8uYwx&LS1+k-%+YD7l4)hmtgY2X
z<JZ}-W7~i1w`2d30y-rog=LQhA#YBP26{o6PD?LDnmm^vL*vPTfjS3>r>+1cU~*)j
z&JohCE5Htz93QCr0eRLH5Ccq357hmH2<Qo@0w(9o0*}tE_XyiuCzvuDA`Z^BQ`%h5
znKC;f4lcF{+sms_9<|-bm@`Kr4z9MB+Fga1Gp8dCZnm{LT=kh<G)Z2L4_i9i?W!_Y
z$`0<1{~u&9CqKio(H#1ivu4wOd0YN3@8<ubS6=xE(>1L7f9jw!hSDi3KpIfuWiZwL
zCw@G!i09S+mW%(t<je<{l8Ik`N<-QbkUq#<X*;+(Z|U%`yZGNBw_3bh?LKC%gdE)c
zFOpc`>Fg*;r`d(i!2JJZJw*q1M=f6Nc3GJ#|DTYAr_4R?a2Qy6;BjnN{tG${GFN^b
z-0ih^x!L_6Ao1j)d-e$;qo<D#t^eO`G#%WXwRm~hZDg+eA0gj144<DoeBq{p$6As%
zNGJVLRlJGK{H%%f%>r(iH|uUi>0Dj*JU^>$wtjqYJy~Fv=t6fvykuz+CG$mzi%DcD
z2!6`-(8kNEe<MHroZiFK9M`S!ab(Qij~PSvU37C!R@$b4;ispk%%()?WYV5Z;zME>
z7nWjXnnABeBu@yZR6)1f;Y$K*3(S@iZEGyDpWK+d%jBlEMSp_lX9)WIwso}bWXPZ5
znb%IHPVyiZX^QVd?Glf*(~nsO)5N+kkAoH0i9!XlFd;|C7v||q{eSRWt5M|{XJbQY
zJ=$3dE1N;@Bb<Z!GG5>`Qal00Vulr>_m!JM8vRkL<n;M1BFv0=95!@|y7cbOTWSo=
zr%9KuZ9Rmix#dGjiXf_%qfsgr^Zrd5%?~?z^C6Q@$`r=M>)G~~QObuIA`RImDF)3m
zg5;EP&7(<>K3rmZIIDv08T8U6yUu!ImUNh%Rn_xCc9&06KP7xhMO`4(Z<L5{g(CMl
zkoMMGomF`aw5`9(+)0^AD9yw#;)@0GU@}ryScQ-rdjOLq@($;A1p%M`vt+$*2&OUm
z>z80S<I}Vd4~I#_b~BJ=O5f%q;E{Lb7%hj!!RybhGF|sNH_`b&8KLTG?~$6#*0fR2
zqIZMnz=2tDoqze}E4ZBWh;X_7qTYW6P)A)|;+Sg6Yj#59>Vp(57(XQsJd9{Aix6CW
z|7j=uOPYX*jm)5%rG4P|GOPhlX3JUfx51S6A0m*VB+20RFXE5J!0PVNb#ZVg`SvHi
zHzDH^afx5<J<gZc$OU?mFv8nc3Dw>?RvTYQGY1;q#EWgeglavxCgyLzkxZu3U3+?I
z+;yXPnvfC|7!p&?GD`!r@S0UA(ffRr2|`YdxmRt!%#<qOBl<qb3*p1a%YA-+0%p+J
zPCIo4{Mlsl9EA34a!^z{Z5zx*GbQ{iOgJVg@&FJYa)742OC+H`pd(|;xTzlq*}8pw
z(6R!Y9R*b`x(uHL+Xr1bW9HnV1{~yjyyFYa#XQjl1E)qvki)V@aS4jITGfDWuw|bo
zC5f1-Eo8Wd-w{c)_CTvz+>TwFDmVYq=tZ2ZP1gDXrq1NU9LqPaQ5<Wq#hHSKzfz!P
zy_s-;XaO;2dz+DYx@aQkio85KKtRmi-lk7?yB$%`?!WVHxC*>HTcms2H37PjEnm_9
zWt!aH+l1n!)F?}%D?EfdLYg~B(l4VOA)5N=3a*kZu5!#sv;w)hHn?#SLpP3~L1m_3
z5rMtUKo@Yt(A|HG<)(^Ao-vYlw*!3Z`2Vr{AMZmzJvM^;%PAd_Imw>!`wg$ro;TkD
z+F+bON+_~YFof?vl{ou@0$pMwhM+>Bmde*qC%`SoV}HRb@9TX$Zx|R_gNTB{6iW|>
z-`;X0LyA6G*Z&Haxm)9<1ma+uZ|Q~;U^UWJ?UZ{+dZbPlT$<BB<!PR>H!#gI@L|-t
zC<!;H2K*f4Tm=@3A4)8$0J}aj#qcn{lHe}w-w1{&At4Y3xc^D7at+|vc1v*8#Yf=x
z^(?g!AiDABPP-U5TIPBr0w+m7q^J~2&PKrI%BgXDu5{jL{^0n;J(`y(bj`j+jZF~L
z;io;)DA<e-18u``8q#w%RY}=9{fpB1oU-fgiMGcCb>RDYuW>!9dATF*#g6K@0JJvS
z=|@4<-Ht8B`v^&OeryBwP75f446TT3wRmnCCbU~zQ}{-^kX)j;1<Y4Xel`40(ghx*
z)NDzN?{h;paYlD%_wCVU{O3OnpC426|HeF_;xFiaFt$M(ekWs(P3R!znd>GK)fT?F
z?r`ACMv*t1zQP#3cUPhRD5wF}YM4lI98PSK$s%of5vDCrs_*D{(7zDbI=j{qczL^G
z5a;b*S^X^gr#9)b;uwZG;z^%jRT??QzWFYY62+nZ5V7Gs_mr|Q7QPk}(NTe9@#=@W
z{yxSSP-;zT6Rjoh6Pd2<x9^nol|_o8@6*J%qhlQda%m!6A{tYDiO&r;G&zj&1gr;0
zgpn1E*sCFHx&=8iRG(T5%VyBr-`S(HQya06Wuvv3DuJUcZvPJUyRwYmF-pPb#S!ji
zXXB<q>Yyza%nLA+Fv+q>W_Y*G)BuLcTEY3^-Je>g*|h1Bsi-`t8C^H?$D7-npJf>P
zN){9f@V_aCvhM)Un#UDB%lBoV_O^y1R+`yusTUjuG6rR7Uwv;@ypanJ-D1K&&8gPQ
z3xcup-EvU^xfSa52k`o`u7>QF{047G`hgFDj7oR2jw-YJU%-)c`TYTas7pc9*WM1b
z<`mKzGR2%yWX1QwV~}sB9<4fFNTe&kT+^8jwE1$l#TWZ|Uw%Cg-Ji5cONR(EUZQ6G
zj`FQ?rBG~%_Sr%+VXzD=x8>ZMua+Dqisc+LK|oYWlHMobqtee!rtK`6RhCN_K_?^H
zTrRjJvsjT`V<iSVL86|?H%Imie;bsgvlNoq5>wq@(B__3sD8uK1(qUbFK(X*K_NcF
z=H*(vfyomR;G;;95;1(Uy=7po?oPwv_t6{FbrPodL~D{Z6Xx+`6^ljv2o3rZ9$E3o
zTlPI7dwYG|h<Wc<m;^^JOi-134<Hl0)G-RDpxSx<U=p=3Eu>Ue_``?g+Zo=UQCST~
z0MD1G@FI%^SBOt-VAsK<u;Cd>PBvf0=B9SIa}->ojm9_u_G?C)ogX+eL?{D-j^gYW
zSZ?|oy#8Ua%Hij)#%oV3)Fx$9CkD(dA(0vjokuw=;(HMhx&s6g7Ogr5VcgcGQT!8t
zoJQQ-px!9xpItZ5@OffA`j1i(j?CaBpZ_s+S~F@9I)1_(_jjBotp04hPYG7cRk*Ac
zE2=3Jh_=GcRDX8l*Tz@+x1YwYIP*>0l_vxnkrl!}hv;r-QYqz4i7cb;+Yc+J&-q6m
z>$5b8p+BMI-<QwHn4T&=U20#~;tbiBk1L^Yb8L-4J86?PGgG4HLB^tDN$wN1H3>FT
zGC&d%lM}U@+cauu7;Qp1oN_=@<x$N}rHboj^x^{OBgv4o2t59T^G24P9(QsQAx)&~
zr)a|f#rQG_bVu<ydU33TbusSsCIDG{YNN2D#`%RwK$O8y><L91zJ|Gd_Y_4@UWS=e
z<LSRQ0~^g;Dc+0AW+Yffh)@foh*rzQxgEp2Dj}m1Ug@#P5Rjfq*E)5gn!=_Gh8eBR
zKo1O#q^&r$j!ii{@)M=V2f6e<*_-dvC0>P)Qp0v?)#rd<x-1rVGonJqO~`_%9i<4|
zb!AsJ$*``6MT|_O{X$PnBU!_j#3?q52EM59w3LMFB6Bb4=4VE2vqLqUN5PA+#)9Xy
zzDPt!`;&mB(WoRb;lcz(5aR&4ZmfoIBdT=x%@%*9G=pw;6AH-6zWQra$Kpmdj>~6%
zee|<^X|rue-l5$Zbl{j3^-tvKuX|4~TQHhefw}<=$%^bhv*Lu+V5f+8)}%;hMw<=-
za7IK#v|bPt9g%QwM#L<?InC4KR4QDE)9fXx%EIeLbAq7Yuk|!sVeOmVjXN4vgbH2y
z%qkeP3d_Qh%EbGWcz=GR7^9|j(yAUCD%Sv}y)HMm5w2UAr3hnAskKRt{0Qqng{h`1
zgZD}lCQE_*5~U2LLzeXz?eF&N{Y}F#zUcGWqgNDU;Z2}v(pR=u$j@NIl--QdTFiUZ
zGn$`<;HR|Jfz<5LPV_#}m!^Mg%0i?4dX>-i#)p_V(56`4Q3&=6!H1UQ><_@?)??$i
z%tuOm0Y^0%(AcQL#H@^?hI!|%;R?!shJ@K(2K9az*ZgL2Ryr1Vc9*clipj$f;QwxU
zG13_~tawJI$RI#&pvi5?%fvQLrFooihPHktA91w|+40s%Q&Q09&X*d&!v*UoT=+Gp
z;;*PBhcI@MJx2|Cr2EarW7ml*5vp5CWq97z`s~9Q3{#SanPc>RQ(<J@JFZqhGd7LK
zR?RRP@BF6OA&yQFa*#%I;2v=+pB1C)i=5_i4t;gwH(7WFuY$7npEUMxSfiTXmgp0W
zJ;q59Y;zVfsiD{~F>L1{CZv+EvkJi|ofO#tI0M`1Ocu|~b+saWqZ~;a&^U5A3E`JZ
zVs~~@EK|=9qlPq6hzRXPhnRlwZ=pybXfu=nu&+X&@Q>sCRBn8;(V~f+mF&2-F!vB#
zYPCn>L|`yJ^NDv;`U8FkbMmqQ#nk0^*+RWyc4~OEfyo9m(IG0CDsT#ZsL6~YI~Y=T
z2s83=4NG%*zNE-fpae?>lkkiYf=r-*YQA{y!UmrGZRm1Mpe+7~$wu;rAfzDi(@03+
zbdC=*r{nbJEY|zKx>92UAN~5qo6?+XrD}CwXm^+#3qa)QD<&6c--bF_ORNuY5>N0P
z%ul=|gaT-J@Jq^xkO8y{4hHG9M!kRwdn!=34YsOn4ipvgQJ@5WwAmPJKG&D7eJ9ta
zS`r8ts)tWQ9S2j_wd?6lhPruCMVd&mQbHq00;3g<(zDb$MDzn2nhH{2Soi&x1PHqd
zaRv*&8IP#KF^#gRZn93>DQK7PDgg0qx#Yh2cXpNOZ~P+ii+3CBkOqXc6CCE07MZ2|
zuhgCikVpJ79&|!JPW#klEC81k);<i8IWz%+1)T6Y{La?<AfFD0mBCT|mmsc;dM#g-
zp_u}YR)$73n~yObp?Wo&IZ4F?y=Dq~wE6*Q`ENp`vTJnpeZ}(e#h%f0P(9y;p;@$R
zhh~OG?LXu{qD|cFJ|fnd)oirs<r6DuDR8>e$L;MYyuGGQ`aPr1VNnDBeUN?`G3WLp
zQumfwb#&R$w{ef)Ci_xG77UQf{k)XrW5n_WTj8*@N7&HWi#;4AeDll9I-UF9B50eG
z@NSQ4L@?dmw}ZR~xtgkf@X{)H=(xiw2~~ABog#wV>vZ5Tqz6~$B7F+T#UYoK5K}ce
zZ5?S)W_F{-n0a_+IZ;qxN94}PvEIv9t3inAt=&HyeBLfmv}K$4&YAf%o<Rw7Pgk@h
zS(*y!iP;CmPtmkxGSff4d3{#BF`bLbh%6!?|Mt>KYrV|p9r0qBx`=l%-e^Pr<KmhV
zl=o_k((=QEM?S8wK~CpY5RZL3-Fd=Y&mncK>6A)`z=C~Xl;o9O4)S3j?QsD;`T<Xu
zJDhjjTuw2K@>L9L36u2V4W_POJA2A$D{{bI((aQ%ghw>90<^3s^_R{BcFw8{yr+l3
zbE!V=w{iR5=MPAJYZoT=#u&dSm}pL8?Qw~>_+592C3LT9I>&V{+1J-;yZjX=ILxSa
zIFrqG$%LA}+&ca@;@&bUt|bT%4i?;HZ~}xd6I_B@aCdiicMT-CySoR6puuHu4;Gxk
z-5mludGGu7?B6}Rd)_(s%&qQ{u6r4}d#b9dk|YT=K3@&jENu8C`kr^y-EWfw`<}Dq
zv{#2KyoeYz+DJ0Mu9-{jxUckpUh|4DN=(uLw(=gcv*V<LO4O_=G}4>$LWrsLqF|K<
z{oB!+jpa|aHoiTjCITWCV>O3819#K7`f8jH{q+%UGM$$>wXRkA=}dql6<sQmTLaul
z-z|6h8(NOZXKi<`8h_xaufW#M<PpU;UOWFDNPA}r5j1c6#8Jf~<uqiTGv(?rgD=(E
zswc`4Zx!ddOg8??yK>b@;PqRd*Pj`<Q{NW^L>Fj0!!9JsgR5rHh-YHYz>%vaRwP#D
zyEpTY*PqXjnFkbdp40XmoU6JU%5RSP26N~koS{KB|Nr0w6Gs#yUP8HscY8PD---K6
ze_lNRpc+sTL7bqy7kf7f)RS<JNEDE%+y#xRw~5d-P3(jfC417sHx#N(5ZM&1X0I2&
zd#}@eyc1N&fOPx0zcFu(KM!lx0tMb>)i_tyf*_uUK&}(=-VJ8|U&i1o?~TVRsP>^(
zkH1;7zML2@CK&U5wxJy+#<`Y4CIDG4czhekOpu`JDNrBwU=tI3&M~<cd<`tD^WbSt
zK-xm1q$r^tI;&bd>mY{g+{MlgxNVrokn^rzX8Kn(cXwXZJk#%TzEJoscTJGyxv?kc
zZ5-PfjWHK1V$=g<VG1@dc*u_h&uFz^U{M<$6IqUUqM$h}=jj;Y9bZWp{gyemMdhq7
z!pq3^aLJS@#J(F?X0=ZqPBF*p5Bx&uwP-7b=AKi5=AM(O1|ueMJfl)SQ|Dqbi@!W`
zBO$1)o32P{lWEMw{+d1I^sooFw=;*(qF6nuQ*GEdmwJqRc~G>}ICflz<DE3QZ#zfN
zN|Oa`ZH~!4j<vjPez)1v;&NQ0R3!Qo9ssZZhD$lp0H%u@8s4qCb!!68eR?~|nL=tK
zZj~m2HN!r2$dl7Z?tdO<ufyk0LdOv}sVd&z9!ym4f^Kr`D9u|+13M5y0gk*D4fVNF
ze4U`_tQ~)suUJqWwL_9{F>LLm5*}1c)+|8Dkc@-uVz8QJ_lw8H#Cj4yUx8k_&o&Yb
zV)3U)1gbdZK+HK8?d;Ly2fP%yx)x^eU4Q#1{+5JYjksbla&`{TYO!oueV%VEqlB4^
zd`~@qRTYJ)4V~Cg!2;T0z^P1En?A4(5$BJP&lbv@bj8L?z0k;jk0r}v_Yc;4JLIuk
zlv_wOa>_LUOkYIeQ^MH-k|fjQ<foLw30pktRvS3{AS|Yf1S93MHP}q#`4aL!tsZ{2
zXCSG(<>UTZQg=h&AZ#5TW<%Sw7M)7AQx)uc5&e~f(+;ElvPD7m<~bC|)sqtC(j82%
zITdSaImH60;)FyN?V4PfyCmArWA}N1OC0FQ)qcIr4|T$f@w`x%Ik`{P7Qc#L4K~lm
z>z1z7LMyFkYggtl=l$cymkjFY5fucnlj)y>8~kcF6)?{B?_QvZ>GVJHTaJf0&o?^X
zYD1%a5_vNh9)cdeoA9BKTLD~{T{t8K9+2}-mXn)b4vJvA6f1Lg%0%-ak7R?Gp?D3k
zU(J}=&M69o_6cRp!%8ovdc%1d;mFVlTcW0vKX!6%P>T%`VJF(9u?&p8A6JKF)wAsR
zY9)ki)IW;A7dG^ChiY(MauqJoPm>!LhUk4JBt)0s-tS|iNIny##Ti%}(fhME9Qm@R
z*Tc9g9x+1pPt@>tHuJq5?~6ZM7U2&MZ}gtzfK@LH3nygc?V<v{lElF8FHf4!xYb4V
zOXhD(E?#eLcQrGPp@qd>)FIBuXO86Ran2S@l=2qI8~H`QmL2*eVVT>MbJVGx`xMx=
z-o(8@`c~v6gB&_sB)Ue+k4e=l*$+o><#^tSwojN{VwJDjsoy3!i+dPM_<7f{B-&Gx
z>*pT#EN;qsXEZN*1AKIsUh=#b+pl9d_*|Qq(NtF1iB%VvEBj4zBK!RWSS!qq=yQDJ
z(ir~Vl2rFa&s!2`OEB@j_O?D@tqN&*NBPT`!v?ZwTyFC=)vaG7yEyr7AnIq*=m6<M
zVNB@XF=}Mie^i+Ngs2BY;Zz($<SfQF;1D31g@eI4Jh-A&KYIY=yqrR?-R0D6pftJT
z8Qn2xhmB4q(-wj&nK*Jab4bq&_NTwB`vQ^J((31%KFtLwxc13385tEu2PBJ~QBy{y
zRn#o)e>BE&LXKTr3vy8OBe?XXR@+B#)p0!cL5oZMhU=4QEm`Ab`?MN^P-eEj%Do#7
zCwCn(!W)mu)FkeLBzTUYV3O7yQ5JgXJ!gAxq_yM&SJot-9J%VD-D?!%+p>o7`F(TF
zb2ugdIhcg7)_2P_ZdSN;%4GQu*ZU_Huv7TN@wuY#k}I!Ye$wX@VQD%QD*cAxHx)cN
znw~)RnQy0W>U#kLLl8efCw5XKhoP<Hf{X+Kd{Ft!=UORHP14mY&{p7W#1}nig%30d
zqVPpVL*;%%Q9=tV&U9wxcQDGXTz!IHo)t#}&v6S|P$7pcyZ9c(mVq~Al1lx0pvvzO
z$M|<AS?(|zH7z#ds!kda7<mG2!2XYiFcvi}XSVD&Oy48gl;vOF*R;^>T)W&xv?;1O
zHE&6XEG-@gEA*sA;QOuh@%m2Pc}jUK>Z}OrhMX?88yabZ@+spweAPGe{^5L|#G)5o
zW43y$n2<KpB58cnn<uyB_JlqT);+4ll^>-$TyuS;O{S6t7bd<0k0{6)Z?dyHy}(#F
zgUO`D`l&a2h_!cgwrw`iZn@S|bHny7KoH}wabbm&q;pRSOr;WsAxjQb`%Whd&ONc7
zm<ROiaI!31%rPNopjD)Ehzm*Rz8qygDae))j~$a*|1u`Zi41=;^RP~cD#!No@DCkI
zH1pYtpg}$JTXAhGxrObzJRF0xmEb$vju);eubvb3J1UC2G8V@us+{(<80HYspHEI`
z*i8Ads@4X~sN2-qk-Rw0^yTIFbuFJn@hfoN6w<(&PX}d9CYyenCpxF$Cq4h><&~9K
znIfVU>DvgDNX{Om(s&z7{gUaesTshY0-&#dXTz>m5ZVyb7dIXe<xhmWbGxU9dF8v+
zLl4W!W>yl~4<l+G5et*X+x^*RI&FyX0q2|Wl&r30SC=7CfbgT@_@8~CX7AR3JJWVn
z0c{3h!v4FLfw+pwOj^}3HXS=AJUz_oGD)pR)vd1udVyiQHGm&y=Zd!-Y}hPz+PU$Q
zCUq&)2&6gfYytA-q*TT<x<LI}`qg0FX8S3p)1V`Vv7CM}2w6l%>T-R6P01O51mO6V
z-a39K$+kVLe!2d;7+)(i_g=GwlFTO`JZ#Qp3n$<Y3#XiX{)n(hC>m?s<wQv|Yc)q~
zeEC>Ow0$L~pUrV#{&7HWFUaZ^NTqK-2|IYaREX4K`d0=ERE7prhG*n0u=8TE-g9m9
zmOjoIDnb{^NrbCU20LLtS&(9S3xo|>WAPyX!Yz=Cfk#iY?o;CVFx+V^NTu3SvcHi+
z15JS&Ba%an$tLOY>DnZjW{-G##%FAG<!D~Uj(#&`b-mL)nR&Uy1qO6GNsx~c5nrCI
zG@*HMx$)A~-$h1cTfP$;;ja@trp@3v2IHJx<I3r|8;Ac^V2_i7<Y@AxxDr_uC`HJ#
zKcXqn!!QX>&zjMu1eE4lS~ug$bdM{rcjMfFFT>pmlu)2}PAJ~~U;N<@D1KRieME<^
z&Ue$MpbQEN{e<FDb1hwEJu{FzAHz#9c<bO-{)ob{I{wSt0)4oMOhJu!iA4jc_d3`B
zjB&_*(Gsxqt;7So=67=952_>-`9>pW`9hZH!sg^5$=r~KLAaF7S&%k@V9cMCsaFCg
z6B6Dl48kUhT5$Y4VwukEiK_R<Z8EIrMA;uM#K0`En~(LP0M&>SyD$OzgT2?Cme$v2
z%#pmGZ_R3Qu&P4CyAJOk&R!8s-rliIU^)y6zC8K6Jj&@CZd4lboNE{oaKU^CzOM}2
z(?Wec^8fRC$AIgeW>ZQ-!>^ZdE@ZlMT@Fn&4Q6umv~bLzBj#z?Vi}(UOk{kE0J%6H
z(ub0)R;GPm5+ph$r3=QCeHN8OCH*{hFGgZ=*%lb6&dW6;DrNLB_i*Fm3!Hv}ku-3Y
zp(~#bR7IBkMw*1P?}Z%pH@)XO`E^_nmeS8~*gjMX^7&Y}v<D&u7_$i>3H_PbVp{$W
zPG(V{!Im?q3AcqG)?gd5J43mlH~O$gBJ$Sl3Cx&KHo4hbh^$fXc*uV^iZ-1eS2MaL
zPxp4qhA-{XN9AqqkP6DZ!UEJBsl_H(f?(zy_vt#G@*~8lFgcgSLIW-|JOwEYvp}d4
zhW10zFt?x!VF@;B+HOl0uEmHF3aM?LXjuDTO7833eR#_+YebO81DWq7R@LnzZr!z`
znS?_1vD_REOpU)oB|c&yO1;gD0p;l19h$AF=@r^N4$JmE=mA&}Zdhssu?PW#v)y_(
zqF?e;ZNb7Q`^k*^!NP$TKK%GV$BlTE6=X9ikuF1JKPT7%JdgHOICAcxOtNz-OhRbn
zDyJ{>VU*+r9m$U(Sv6<FaGdrYjB5+8^W&N^z$7-8!2kzU(9U7LI4>4c(#*`IYSC2K
zpAeRy9dgXM0xS<c6AX)BP6YzdhYn!UK71^u%A_dDJ+ahx=!swH8oq<k1!|}dRl=Ja
zjyvnFXhu2Q&bwrT(gcU=H)VH_xaSbz;IkqZ0bZ6V?wxygUG&UoKE0N}H7Mq;71$)8
zIw);l-S9B>sR`N3=;*Vh`ibEtWUKKO#G^lo_??X`>5q>RYpJgnkZ;vg_Tusz?qr{<
zWz|r-OgsfPYT)qKnX&ZrhM++y_{`X~tq~TEDnQw@ud(GvF=dchJb=^q@huwiY7%2(
z0D1toKNa-M?`{e}rPs(Dc}n#=QSxo1p)KW)_r}Dizftq9x}<x89{IR7dJ#j?PiQwS
z?gxuzD)H)4xZ#N=n^SVb*y!*@CNeFW@EU{q!V}>GQ6ziht)$M3#mgNkx2W+9%hjPH
zI0&`g{XEm|X_cbhXKoI>m~&>pX1-Bl%=)6@!v;Wk6Zty~GuvK9zbL7IN-Y6DKdeg9
zj#d~3F<x6fh%e`JQ3-B7rf>MHD;1t2R@si|&=#4fH7~Yv%X?a7=QuS{pfQuOG<N*A
zo))p8t@gmbyyP|SlxM<|2KypaPt}72E{JmN#ef^wqSidvm!1gmOY%Xmw^TG8AS%3z
zNJ%F~eaq!u6`D{g8)qxNDM0ZImxwVuVh|hmlMJZihgzFsG=^vGn)E$pcC+ZRwhR{^
z_raU~lRn%6S`<3(cF{>JMx_zcKihn4%nFOB1pJnl*d?r%>zZ72hVtM2JnPxL5L3@v
zB4&TNaTF)@MdStf8XJ!L3Bpt&5y`+3s1yuc!zb^LY5bw>?!+imu3sGePQ$0~8Al}0
zU081_UUaNuKuBDd&M>IXOQ1rehnJHBTjDaN<!mj0N5Ilb3)&RW`n>0pM2_Mmp@1Cf
zg-O)e6MDi;@m}^88FSQU<<$KdnPJOiY=yF*J#_>Wuj;2hqGYgBCiye@G^IU&A|lL%
zOuzf6#dHaVX~RwXD~6{ROwA~YYxgp$=c;-hzx^<3i?V9>4H3b9SVzEu83ND70YW<l
z-4u)m?Z!rL8^R-QMF6T8JkQ1{w3~XGTplV$=j$zDQ)W~^vnj$OssXHiD&Sm%@@vd*
zR8KwiJh&X_cnz>*=jX8cq4<BLwxz^l$twxd%qedn5$;oIX2Nw^3nTIpTlm3@bmNd~
z_<j3f*l;QhFY9H(T5J(O>-qHc=p`IN&L2^x9w9GWb#EmF%nOZkt3HcP8uQw%bqBk-
z+VUHZkR*b%NN%x?4l60epj&pbieb}A8q(cyK)0{F?+EYot$$C!0|Um1yGiWx)I;^o
z`|vC$6141#OiXO<m7#i};T}s@G2FGJr$bz(PVI|=I1u!>2xp*`hgAj~Jqrj@HK=!e
z2dWAVJYw&WLJmF9##OI^zz85FzBk=Qbr@D~1}60OxzV~g(VX#Ye_aY>m8$L1BT`w%
z1G&V#lG5ptR8hB(9I@<32a7>##)bEiv#)i!X|keci4}%3ex!jd!46hnEsf+KLT(Va
zNWf!|_8Q=-$qfUTaR#0iAc{)KC?iKwp1`!OB(RG-#(=sw5dbxry>uerW9>i}yD`P%
zzEBXchc16gxQk*6;|QE%GLq-8zUbc8wB0ZUk{M1ESNyZ{88v<2O~k-p&GgukAokT)
zQ}$V|Mers~20%5m(ZNmXG%HX~27b({B4Q-@yz6=fAfLr>@jBIG>0IfoydyFl?w$7v
z?xFX3+vuD3Uar&y*kS{C$3i794c3Sxt4%VzLCB3(+kC_I<gN6DX+%+8x539%X?MqR
zO%NMXmSW`2yw_sZIXg*x6O}2OB+c1PVY2lDZ^UgKbfeF%*k!cOWfH_SIK>uBM7?d}
z>pHb1jNIm!7#&lTvQ^Pr7({WuUn;HDKqW4_z7h5!SgOA16_K_odDuqWdNB@tgHjK^
z->$4IX*$oX-l{a@lXI>O%;aqHSQ>cSN^HdvQU2mI4EoJWMJ(AJ_+eyAi#U;PptF?8
z_mdp(cpW9J%ZbkvTF@~bR(<^^{oBAvTr1>QmmP4-W3*|9eeQh&wN{Nz_j7bbO@wU!
zN+$X8MK?>v+|g;hwjTe+rklr43?cTju#QuKdOGadg;j`iypG0euY`w2M7f}e*Qy@S
z;&l2>JmT<_O-GO4xTbBC#f>N&O3x^TD32Ukv9M~CW&aPNt!_}u?P7jrF-TFGK%?(t
z`$u6DhM|^`p7%lmm&u+d7P#!jId5jef}>7TwVuB5*7Uf-`bSFlXI+JxeNd4u7z@H4
zCGHMKyeJ9r0)>*-fb)r^+?CWfr9X`MmieUsi_74$?ehD}@=|Q?>{edy2V^|;K#9sY
zZ*|Y--G5J%%4-tUSfxIUh{)Hud}tpgkx-`EpjrDM#m&92`26OI&T!%rdK+!SF(|mn
zPiTs3S<sTlQ$wv=hTn?*I@8b3HqHx;8(rehPuW(Q`Q()IG<b~3(&-KJR#!6Xx(mY_
z!0wX@BZ{4xsO%|$W=*mBb`z`%;7fQ~32ArlJUc@vgE3EkZZm3Zz@V$0PXcc#vs9Jk
zIQrl|oW((;NPgB93{yHW&BEoj?*>miHyT3)qKSbcVQ7k@CO~-cqjqZ`-Jhe{>}??L
zSNLhW2H#im5iOMYji39$u#2V+u)6%$S8oA`AEqWgC_9$CtJ+32fmiFyHT1Ye)dwEQ
zJjK>i*WKMCxOhg|H#54U<!2I<lQI9v-F{2Yx46bljurI~wusny9})T^B?!+cJfMG%
z!Ts2HltBBf^*QZYq~3R7?ybiDPK=~NynP=kvr7g?Pv%_V#vuh9mb)|_`FZx3_^?o4
zwcQmOBj{^2ba#}yAOm5JuG|EN4}uVaTDZ#W{Fx#$40N(`zB=ESIC_7ik$E?LdYnm{
z&Cor3Sl)7d+oF4=NM%^Vabh)B6tH;qR+^1Qb6E$L)H3F&*TP2^<Vv9nenwY(0l~%2
z3X3yt)Y%7aSwDav%y)ATrc+rXA<Q!+^ErRan3u8d;?MoK_bB{vLfDJ$)6;U>#!tN(
zUC6<Ge6YI?hK?lB=6hl2n$q+et!ytMAZ%F}R9gGPERcQuy0+}Lf^Rufj=hy(cY}kg
zw`DE*xZZyLfghh(VnkxU2=;IVh+9iFLOMs_Mi^TQ%!eUyPv!bUQ-$rv-M4Id>rHqD
z$c5t%%^CI|cj0b|7{R7Yn-Ehao1O$bCzl`J8Te^PtK|ub*|hFq=|2<XdhlrZlJiW#
z(MDRhhT{uf%sKQA>4WEnsnovq4}aY?#m1#ggC%gMi^MlpWLkV0D1BTVT0?F60aTk}
zyk;ITo|x#+bm2G!hb6i&&GWWi6CEg2%IAteN+ga~BDGQ7F**(R^ecZ7dTgRLo%Ux`
zIMIIDnu)Sr3C9K;>CgV1K(YdTE~da8nv^4#8G%&xf8}wWf)#u}RgriYgU5dY8VOhp
z;Ip!Q>UK?6!eL5JRwC#6hrgKEg+?Yud-C2D%nSR>Y>}=+Hk$6~`vM2D37woz`$LVh
z0-1jQ1RMlBs8Jb1Rq!J6*rZjz+sqG34)79)@=*d=kj+D9jTS(idn)e*0`J}C4BSBW
z{kK0$Xc~1ZHcs7(KLJizj8MhhPsIdpvsn91ddMPfC5b@7i$Xj*aAJ2Gj3_PC)UG~`
zX*`f67oQ$`%<7cW+YJmc_my*Ab7;f*c7=-39kY7m4`=({ZL}GtJV@itv>DL@SQ;C-
z9LS5O#<n^IahyMH?+>L~+YEIk1!KHFVyHGFIXg#nUo(~+bMy)|I6r~*5S>9&P-&$l
z39mr_P;z`@2c|Pe@UmAVMZ^_>3uk=bZ@4{%>PEsd=wV5Ri~Kkbu1(vH{z;+LQzOh#
zs3_aZ9kLit9tWr3yuDFg(hJA6O%ZGdCx#i%P=nelf~^g`HAq<V6@eh$78$f8i_Wua
z$_2(NoPEL;C3NV&$|NO@@;-mdZoaoFyCN{LPx!ahA}n;jL-sPT$<PTjMTY0gZYCT&
zzQmAdhZ5!!o;h~Mo)~xZ<8Ma%RhQc{(&mcNKCO5g#R|3M5sPzNyO+{#T~m045hYp*
z%m}VhC;3I-2qnSn4{8uQ7G5F$hHUjTfV1hY#FaPhK})lEPH8XAjgry{QhpCcr}GW|
zpH%<KD=VOZb*Hq?kO~!9>Z}WDAw&6>!n%>t4u+Frv&65I(jFkDN?5EYxr_>>Y+Q_M
z0ze0<4XlZ43iAtF7Ga^ZW4gz1G67QBCq?Z3RYPQjJOUZ2@B>!!lI_22p|8cco#)6-
z6;*A81dVbYv%;X%F;|C{mb*MY;U%E-_pdygSEu@7^FywYn!4EG_<SviWx3-ifU%4r
zECmGxXV@6%W<X|{G$}5xY1QqMADqsvUr;yR(cm*f4g6@T^XD7Wm>Mx%a7etGB(b|R
z7yai?hX%<LxR|!xD}Oe6iqo}0<qaM;wcaTAVuP$n6Q7XN&OV(|G3Y(}M9<y^aGU%+
zSg2BN6&_%P$TJPWI5rYUQ&_<6GR$e%;TRGj@-0Wq{fx5mW9W=It<QDCkna>zy(J3$
z6ZEtq0n6ToVN@ZQo`D87rSUUg>_-l`@e&8Vejf;YbWqI-hD=<Cu*GG6Fp=Yc-iFE0
zMzl5GYM}dVaI7yWid8&zB-4-j(C;$dfnvml;A1V-c^r*2JS4*Aaa=LR6~Fp;nO7Ja
zI#KDOZ1Ne}>KL5T{Oh7YbD-lA+3-_@#E(v+*r(gh&CV)^dsGU{9Od8WBz1TAG7R9E
zzxP;MzdmeUgA3q1=W}@D-;AGcv$AV65A*zvoFY1ni_2;}@s3C^TD%P|ETJU9H6@?^
zZPv{SvkwL&-r<i18$wsz9lw4*?e%k7fh>+H2d;mbI_tHA_I!>}=9itD>6H$@O@1ov
zLzkngYw=^hev_X#Fg^wsX@6zL)_B4v+rTHw04+}b&LEEwgFiYUVI4J|wnro}zn>xo
zo1hP2@vj&z<1;#UlUJE%LvQ$d%3~YUo$IaZy^udX$8Bm#^Bxril}Sqn<l9%OMY<8J
zD^7NPE7IIIYan5_DeDIzZh=#g&!z4GYlG;3U+V%VVI8qPjAvUpqfadm-g#)}5VSL(
z?aFD=-ft;a({DxiXKSe!MYFOzg~!>Jdc<SP-|0p8H$DT{H$?*!+ON*$J}S4^`%xH1
z;j}QL-AMmhkxD&zQrJBnX%Vx8cctP-ZsguTn1XcuXUwpn_`r|G2Q%XFq4-qEM|xBn
ziD1TQT&)uEmXQ}!XZ^B@=YIJo919WdZ{;=7c<3HlzH@nLD%dJbO(t<w+EH7~#)3+W
zQhD!a_)0`$2EiKh#)&VuqZdb^WSqg@hLTz;Jjuf%VZX>$J1I-^Qv}ymEC&<Un)*z;
zpE$kR1{5LAez0>Vk--(HW0wL+xVv-ef6e@1#)pZpWo*Fm7C_@902h2~6esfn6B&4`
zXt@}XCI`GG*?>#Ht8t<sO{rFoU-JF44uaHG!iVeW=}^_<*v+>?+8y$hBO<2e!vcl4
z$>`f2e*F%hNls!HnAt^E?|5$CD0&k?>ok2a31cy0j+}^$v9V-v`zE&=Fp!e^6h0&0
z;v`e(hrUCP`nV=JePDWpjEu#0934Q@WTzN(J>wh0VjOA!-r6^M|2_Dp1k{yXQYkC)
z?z3;&I%O}LOSkH;gx|(V3s~m3!@8s47|HJzv2~<(lJmF;cH$-D7PY!a{>c`%P^faN
zmLni1c(7h80yTVJ1vv(wvDpOkf7QY+5nD7kSm1`A$MfH@V4=KPmUy`me4!PDO;2Mp
ztzcxxH9ntk7IZ7N8EAmRbTAK_DdnY0R=y}F<w};z9Ad(2QI4**fMyT|x(dOQni8Q-
zA!NW<=u)#W6N`<zYinGU*i7>keF}k4w4%OfmEU+El1%7M9_{>SmgfvG3mY!AQC+{_
z;aoyB`-R>MbH(|Nmy1k2Nt(XZn#I^2{HubnI9Z#@@UUcVXF}^hvgH%=crL(JJWalI
zW{k=1$p^@sYAEg+dw>#Q!Cs*|DgP1W7HDp9m)4H_t<EkwL{!>SR{iV`I)t*UAF*>l
z66i`Xg<9fJsde_TYFaKC&xM-MV0<12Mnz&6v8Z(C$>6>fn3$zVWY3;OrohVf)xI>i
zuqgeBhpF?&Gz7eobCDv;w-IR*a@#oQSI?C_t*wj7xIr0Ym**(52%=snQ_D>|)8$E;
zePCq@wF+hFYYf4ItO0t*0Mx67Th=evkPnS2&UmJpG8Zr3N<*ify@Bkq*jqR8M5h3~
zJFy!ghnt|la|6w4O5P-vgAXRL^^#P2GIwaO8B!lt$URWpf0l-teTV{N3GGwRYf$u&
zRg>&RQao{*!TNqoWJiQkDOmw6?xpkWlXJy7IV2GS=VYF6-o}DBwsA^7gTkQ|AUva4
zz9cY$gEI~2Pzcw$E-^K$d(=lpTp#4S`EC;&iHqTaJ<-3E_Ag=l{1H%{6X?zObCvuQ
zW*E4b?jUp3GGz^;;VAXWrm@8-u(7M+C_E&I<X9m8I%ER~50v4((!wHJvDDAn!CSep
z@QZf5yr!HZYW>30i7>q7qg?1^AF;CeDS>%9y2yqx%^T)Uo=RHg-ZE2PNTbbfOKJhA
zAN05-1ejm*<?y|>`fwY7m{HBil(_Jebe@J2nHMmfUP!sgd%&@!;A>7(Y#93-qF>}n
z<CBn5D^{T*o$G2d=%rE=S4mk+2%TF%XIOTovi60tR^*r~Jnbb7pPM(caL75e5*|=g
zr5L{6fagw873MuL%x20-9Q!QklEiY@_Twbp>KqYOgdM;aZ`hdrHLPyqm=tfz-krXc
zt-$$hk;LvG+irMOxlFE7Fl)2=cKyX#BRqg52Gs&ZyF)^!=x9euBOXCl^KNTY1!E^&
z@0>?3t~es-W-H+PoEU+H5lp%?pJ|&AZ9#u4`s?Y&fD8xQ?+QMQu>(b&G~_Pk(YG`o
zum!4pug>!Mb|r<i((p2G#mjvAtNbx(etyq<@|pg0jn<~WA{WY|50qesW`Q2T!bi-i
z23pf+!OVP8NUdd*W~eS8aJ=0`E}i0n+EjvwQjx(P!xiz@;cCHv2ts4%|5yx&w$U)>
zoS9cfDFf8yBf08|rgR|5qDC!1EqmOsIHqzX4XV8LX;+?UL?U?~fnP-mV?pGr<)g0E
zoR7m&EHaOYbT@R@RT~q*kswzSb^tf%nfP%CjLXcqDXaHO_OB7~*F(s4;p`^r`Yt|S
z^v#eb5d*1M2^)%~z*l_|=Hi`qE)n(-3V~$r!tHZ0TdbBP|7brEwkc9=xJ4N#gBEa1
z01k*RV8h;8Qly<RoJ2j&ug;{Opflv~<1Eh_vE%!<?M^DB!68xkjm_~NQ9Y>a6h)n{
zRLcc*Br&XlOe?yPh6`X$cf<N0x>H#nm0t1Xe{1PrWWCd;IYAZRiiw~!A6iMu-DLbx
zbRnI8U8~W2Hjr_g|2uXD{d&AgB($JnBIgU4azrK13xAjMw|HN8XCshpQ5+5?Vh6qE
z3f25Po$jO4iWQ7;feV>@yUEY9tNPGPJKPSZ4C5=O=z*t#F2~I>VbD_UeSG#h@LaVi
zsq%(3&Mmw&6zIv<{MlBFvqYR;exNrhJXE0`1aUOtMdhI1CrKZ}+IT>@Q}N$uyg9Ya
z&r11Fx=OcW-KN-5M}8TQ(<EY$TCt0<rDt<x&l?0+R8a*ZqUxXDG;?d1!CK7FY5IpO
zw~0<nCxiTt(>P~@^t_itk*S~ckFOEQs92`$y12S>M>&PC@G_ezVWtQJBJoI<2&!Dd
zA1)z1Dv)YpSww?KwxSEk9WyS8EPIjGT|2Zrhp~`rvG0NeN!w@#+6gRK)DshN1Gl;%
zF5o$$Uzq)b6YH922a&zz^=D!N!iQ)FB1-NvoMI7#|KP9z7Lr@(L!*u{T)ZN!DW+(9
z0axxJ>}v*Ji2mUdS>ywGwr5i^AeQvg|E1CPQ9y@E3%SlW{i(HL0_ApE_?MeF7G$ur
zhw2{U8th}r*!O_IEApuLJ5F2+XL<2kLKbBeeRrZ{z<iu|4#~n928V?tU1>e!Ih;wP
zRekju8$lejH{h~3L@jrWFpB$YDkEy={M)K}A}KDv$<76pLYp>@r)*M+UgZO=y3D2`
zfqWtM73a|QuaDjDn<k{x`+p$~Xw*Y(xb=LLcYHD$mtfpFTZ{Ob=Sd>+wYM9PgX0g~
zylrp;h7?Q2zm+F_<=C;WOg&0IE&}4pMz+GS(Pxzf#zFRQD}E0H7M|dEQIwcaT<Ujm
zl&z`<p2&Qa?J#-0@OGlpDeDaFW3ee_rlN2?%f0+f-}>&dd~Ae31y33+qvo9|v&4>P
z`Eaqp<2NCw6YG%$Jj%FVW0NG<Y1dI1&AUp^Pe<hPql*D!PfR9P$aY+L;?iLF_=uKY
zrsMaMWkf2~tvO~|xjad|KFrx?<ab=T9j-iuZzM3JtZC`ruBU1H^E=%r^5A9_;<fL*
z+<AXgwgi9aBmA|Py`4ppT>lu!M!nIL?NZpggP+Q_g}}Qf9!&q5%0|6;kVVocw>5ST
zK3w5SV)O3f=1g*SvYmR?nR<pOFOQ~UUpP-hquh~`I*11>b8%WP53oDN)zETJpp)j0
zreA!^cIk`dp~$}$|6DVVgw#S<m}g-F?`zD0f|38irP!|Y1~Jo~`rXE1^tZK2Y%Iq+
z@y}=TNcUiCJkkh4gla&UMJOjqQbE>thX}k+DBjKDLfzve2pwAgvgrS1xfTDc@GlE6
zI65Gpo)g8p4oWshg7C{{5Xgncf|ArLE(Bf!?vE40z-Tz&T^mOSgmowdgi<q6zcY5g
z1Byk##?dsw(F50jSOjs4{UR24ZzlEB148>q5PA=c;e8>?K*DSd(#y3!{7KYgg(JI3
zrKFfC%B&Y^;DT9?94W{ns@Bi%L4Ca*hkf6!{5te$_~d^qP`|Xr$4sI;yBXZy*Csjd
zhMZ{pIHjha^r05h_(3Vp&t-Xzn`d2&SAB&w*1BUv1UNEu$Os<o3rSCo(*QO{#qdTC
zauU=qW?4AbIY`I-ZsxJ8)By|Jp5$w8O>RL<)(@F`?6LLh96aUi*Q=l@1sTvujtJ^v
z{d|D5E8{Q}PaiA}<&T$VL_W-)Ahi9%zRa2OyICY(vpG!fc$p39!#u;rUpcjP_DsL~
zJNd~fF6?g|D4yJbI8PxvHJZ%;Ta)!#9*uv7MW1BV|CbJe+)X!sLQz}UFf-8FVF-8%
z`Q_B#iooX!9ZVVUbn6-u?&j0Oaf|-+3g6}@jKQG-i_nI!Z?djfAYZE!z<7%u8>c_u
z{}(9DgGxepf-3i9MEi>}nM&!_vvLXyofs=&E@x4LF;m=eEhsJ=o$lOXc&7xqtqMVh
zx*mCc0n7cX3(2xse`p1ANQ<#F5b4*a@^Gty<Qd5o*xYoZp}W4e7M~Nz>3M1lr#l5X
zy_F7S@HpYQGgJ`cUy0WfQ{1vye&E&qRSNP1ZQl(xaq0Xw2>{>0RU3TQ@+;5Q79YEk
z6r}r@HbH)d_19inX82fH?MSarHk63E(AeFG#yG(`&9P8Lf70)3#=C4yOB(^1&1n}%
z`(~7geC_>cIIcQFxtgDXMX)0mZ>Y#@a@LI1BdpsWOC*&dz0jdjRyz9ITN~rx?AMI-
z=d_1l01hlQwhY?}l?3(5zlAYcJR{RFWh;V79j^%Luh;6*FvaN2i)({P>zdQ@0rsfe
z8@mj<YE}QVDHV^K;;3(-j9}xpTFTUm-wqkfjbQZaU|k8=&X>%ne7HLL>9ZIKE&-hk
z=3MDE9W8BIHFn)|K29Eu`paP*01v=XBRZE4)9J*#%~NnJKm+t~hu3Ra11M4Y*I2&P
z$*TjU@Aq-~ioocz&}ZGzvYgRI&T-biI__;peXFm_dD!J?oAP6PLpH!i2tb2fbJl64
zt<js;dhUDm&CA1%U?LxOA#&S>iFLzmo*;wfj^GJu(}>y&p5_y7{6VwESSr-|=1MEl
z(G|li5BuDwBfn7lgyl;;{$^2cqwK(UG|%(^3r}IR&mf4?VB+a-d3oWf3Hj~r_ed0;
zqfzhhZjnS~58xF~fv==dnmjPB<czl#zzSt5sz0kj$4%jEh9OorlSXCeI<i}PxNNw;
zyzJM+VFyKWhtiBc(2#GC7}MY&`m?lM84d|!F;j4G%M6>>E6I31U(1*vzAL3BB(0Px
zF#%_<#$?)YuQTHGo{*+VPfJx4A3*O)h`af5eU}Klh~_dgT=dlB6JHmVIWb1VGF=Rt
zW~2HpaVy}i6y<d)GQr6OD!2cv+~up}qi@>W3^|6HJWGz>gt{3vv7d4CcJGj;S*%#`
zbzV3bHXU=$V~Q<j{~379A4)m*`l#q?@<-9~mv4`~NrzcmJbB%^=0e5+6uYl!(N(wh
zV^uQtw?k#KE$6SUI@?ORokPm5x-Y;V(O+^R@D|1IOu}4*hChUDo{7azMV4CVG7scS
z?g#s0c4l53Z$(AvpQ&ez$sB{{SZgb%YzvaU9ul_eV0gtT`6wyw7~H9}NfX_<m19%r
z!8bbh{47@IWeRFLC)8MM;KF;t>yX;C=VA0eFG&Vnm(&~m(!M2~+vbZ>e#gXi`TOHa
zbK_OHE0BRtjSZ0i)IX1S^!wvecSB5-Q};s|waP4^U39`?hmt(6^#w!ydhc0Zi59<+
zmOm2;k7VwkAyZlkjf9~Z36Kr}=`C3f$i{IcZ3W>zIt+2wUf2wUY23D>{+C3#0(fb;
zlCQB^d4h&--b6N1nX~Cbbz5-zUAU1Ad~}is$Wj+NO}ud<kyEciFje$^&tz<mXkyD<
zQ?A@=A`O=X!Re7(j}xIpZwvv9g)$M72!|@y$6#@%PMupqy=FY77n;OrtSE@^bZd^V
zVVY?zbse|t*$h@tn?V-;n=@E<kI8~0r<tx=j5tNZ8YD!1LnoIy*0M%J^Jq=6*bd67
zt>DDcfKZEJVs<`}V<OXbfGs>0;Bs2i-!2&gu~EtM@SQZ+kb>!u|GKa#zeCMmAmDa+
z>Pv6`7Q)PO{yKB!_b(J392$OjE~wCgczP*ljF5|s-xF8S!!Im<e*iC0;@OtKJl|IM
z-#;w{k}tE=ZVC4yZLwM=04~rxjSFa#NHe}$q9&8VIBc++yJ;H=y<yl$E%+m?_vw-h
zOk9T+I+0pPC=E{Yzjzc~IEepv5zJ&Ydl0|0$Kt<vm|@(?Y5X^aFitU<U3c0bsX%)`
zm#<;dS9N4seY>o18YtG7!@Vt9YAJqt)KXA>q}lkX_`5wv^TK>m!BU0~W~UEkP1V;b
z%f?S2m%}PNI}-b!#CCE(37r`SE5X(pmFT7!1Md-Azwnf4m7Nny)iH15^;b0^*flt@
z<kXy5l1)&zkPlVx1gx_m2iEq=L;id0t8Ji!LIQ`_NHMn?SE%LnY)<`*3a{xGHt%x(
zh&9!$oFx|*Z|lh~GX;AP_K7_kd4&^hUj9alnpOAq_dc0-NqMEWtYAh6bylb{TX}HD
z(5-zxK<pX#9!uqoUhIb>5hFy7gE!bR7U2ZbGP^VR%Dr1b9`D}G7|VVREtG7({(A0j
zlHQ!utAxmu)(JzWM&?nai5k{2atg4)UQ%YjKHt4Zjd}lT%@mGzlX3?C=@Qe-aMUxX
zdLuE6h5>zrw5}*86_eF?kuE8C$EuAE;+TSbWJP4|e&!e_qn-duBXCYcS&Zk3Dh4fx
zC`RhgJ*9pA3!9}`B$dFf3>xn<Dd)Zx$@{!Eg@9FuPpR4IU1eX#g{MWFv$tXljfG>s
zzsnm^kD;;X3Gv{ZmN(TdYiIINBDgwC0#!(n7Nl62EgjTqIDC1mF^SILJfXN*Qb-@q
zynO+ACvu+nT$T8ptu>tS%YK3ODMUXfEw)>&XL6qS`PIf)o74Ets7Ofq2Fp-$pXf6q
z7KGP7<qutAB-#e(P?4E_fd*UnrExs<SBexgQ8Iwj+Z0ZN_Zlak^qFne9IxI=8!oUZ
zus0*FOb$EoS**_`ENNrrXJvS$1}oPZ#Lqmn45R}Sw^YM$E;jujdp?QYZuLrf)5EvX
zs4|E70jPF=MB6#+Yy)_+y)C8I-k`Zh-0xyIZ`_)EDs+0iD|oMdCjW$Kb}7%Tq|a<x
zFi3{aE)@?m)jCN?av7~~6|BrsOJ)2bIyardqbNg_qR#Gaa^F-4Z$-tKe5sV>A`1$&
z5Wm&kUK2UPaG6H>=kiRC6i@qmng4VB3;+8$FsjSmk$FK>XZjJyQj^%|SDeL~0Y|G?
zZO*`Xa<>SMA!M(W{y75QlRK@kNNF?4Ool#>>AfN!eS6Vk#Fk>K>D~J<e@GgK58TW5
zWk-=|Ic)A=@CF)-+??1c6@O<aQ7G$h2O7`(ZN9pFpO#!B;Kx(@(9|r3DVBu%O76?K
zYUkg(ll%^H3Fod~eSRNSkD5wh5eg50I@zF*)%pcAIX~o*ngN&m6*H|*86&uNi+YVw
z_a#3I$qRM%GQsg7{x9LrwDWtwaqo^q^#{He5}B6gd__-RaDT`sW{bgLgl-tuPblH`
zEHrWY@8D6)A*Wu-%iFVq-W^P_-krK<eDc?Cb}fABdnmD(T(kg2L1zxg1rwAqHcQU)
zS<sLJ88g_O$e<QARpOups(?JB?w9UH#1GI<vr!GtXVfOhrAWezqVF^9cG_DSMPJ{5
z(csZS(d>IqOqU-}_4jxM1cU*Mu_{x4hw^KA9<pw_sD>_#<d1Q>@0suxF$EM5B2LRG
zP+0Cz-P;Z^`;QAG_*Sc1=Vd+SFvaG(u4ePm>LbaWJpRS`n=GnnjLeCQpOjNX9Ovgk
z6BOM}{UO|ZM35)Kb>^35p`6Fw<K6ZSpx8&Ldl?{g_QO7mg<A~PjZKgXa|8E7fi2Tb
zsL2W7{6|qX?1poGZdZ}3d+Ck}TKLtd80tK}OoY0fOci_rMt4x^Vl?Y1oQ7_uj%C}Y
z;B|F}ZUT-~HK1~ap>pV@bP;V>3^YldLWL>kVMM&iaGj%{9fLI`poERLIU%|Rc=PO-
z!NQf$_xJP5<7Ci3n476AX{hTOI)1}ikY*PY@B@-MNB?-QG>>5laEAVBmJto$*!KP|
zli}}C+ZJcD<BC!D0@fJ1;qr>$+J4MW!#aX~S)iw;KY$+*+TxCs5|QgLT5SKn2cn&i
zI}+hm?$m9_QJz>Tg9iCjD%jx~lQ9>uvr;Z#?!-)?GH1pe!ALpF2j~Yt-^Uh`9_2jr
zPp<o<G?-q`QDXxXdn&;Ad()8e`=}UGosT!qKy}+HZl~Ui)Z(KjV(spVUc7&Qq!Rk8
z(jMFKrd7O3z4;zoZi57k0o-(pW-~9)+E<A$XbmCh^KaQIb8R6hOI$uU>&p3w@a~|p
z>)9p~b~&Q!vfguW=5=FvgSFJciHqiC05RdAu`Tw~(@|{~<JFPm?t;>B&G?J8%_rNc
zlB&6e#*8NQnR)9aZ3dkRGn+=+s+6j^AB{^*>dW)i%i4B26?WEYiDhbX{Vz+$HGMDE
z)(BE+X9g~HT^xTUE@|WIR2bW+*;YkVsns=>H>uCfmoI6n=~P(T%-L3DRH@ZB{#emx
zXx11#nRE7O{67Q7oqg(8*65o#M^FA^kfGUQ^kmi9r+H=VzXki8pK4bG=$kP|PyS<&
zp;=+{WXAcaVMXA71N>ru&G%7jBMmc#F>z~En#+-SBZDXQVBi*!sgoZm2jLY*@dGqi
zhtDMHLg4dd5H$AbfocJ!)ax8(B7~E5H|k|z^3`TVfv@6?UX<?pBmJW8Xs75?{p34Q
z>G;yO>pf4hT#iZX#u&)tSV?ltSx%??Lsn@Q)rz533Q?4|K<++yn9zq!?Cx-;9%=`|
z?Gv59`Chp+1YmY0$j`>ok7oiSxi5s-D6cyXzS*_D+7U^Yj&%Fw`MkCp@?2n0$|XWe
zW#IBS#+n7<kSi>C8%5oLv2mfbB|y}lQ(Yv?9LY_>U^6}0vijp<(K#633CD>`fwp6w
zI@Z2EEx|C3NKVnja<83p#`hJeV<>oiZHlBWfX2;6v*H-?O1b|2v;ZK#cmaEsmU_WX
z5av62tyua74BzJr$}iuH*pn+b59^_|?ROWXoO`Nh!=~|Z+;P+s>;A?__3|?^6>C*a
zQZVg1RwSNK%XBY<yeJWyh5~kI0#x(HZus6SVjnZc(w+pch?~=_e@{7YQPKaVbWfP5
z?~F{QyQBd2eMw!uplygUbviE!@VI^E5Bdg&{=z;XA9%&!nm*{~EXV!(Isd%dX%%kw
zPx;KF)<dCgw@B2>S4@mYq4@B&&x8J3^fEp9hTAsaWY~ary>W~bnfOMqJ&pk;cZT9?
zs(zgts0HqKCGv#~TpM(@!rj|Rp%2lfuJSoH91GCQ^66*EtnoM(8;w@Z7;zTwTGK(W
zyT9+*Tx8cWpwZbX@K|H=*@JHjzZgD{IL;IVYMGO3DJKcDZ8LRzJ(MdK0yp3<9x!7q
zuwKZ@qir!eaIp>K<i)*#TI>;EA<?7JIe90NEwzv7&0QCpU`oJF*_lF6FU*Kjc9Vz^
z_#hfXhK|D^`43Q+5CL8zxsXp#Pee)35y5?M?JmtCc{Z4aHC%gBy}gfKB@7E?oQ0eK
z1&-L+8ga*3pUt&98usf1sUWXHHPl-^T=8u_{OV(GMBi27*E{$@4;$t046e3)yiY;S
zct4UoQ&92RcbBjTu&7M^Ozk@_+?^z0*DBB#KE0K#M>1)DNub(j3>vJ|g-E^WG)~<8
zltv@8CU8N}NiZ^}s3i%zv)}NTBl-1>7*&{eFp3s9i>_i6`zW+`95PH}*lBPes}N~o
z291nPoZ<dl0!v^*^dzNx55wsX!?>Q@=$&WyTHMA^HyQ>#rlH|+4qaXpE>7aVJ9!)j
zb^*kA{jbDkpl;85gj5pfnq}F<0-t4Jz&t6Ta$30V+l5w1yF)94K}31KHyeSZ@ks%&
z&lZ|sC2TAWw!P^d#&1>gaY_2<TOz{W$;|QWy>X2`z}2XMa?Qdh{0I$Z*ZdPQ-A883
z?)3_F!X{4}J0MJ`Jo`;4Uq97E-L}4j>^?qJrLTuP*sXTWxxT7L{%y(Xm6yq|xmlGk
zj?WgSx3a6G+8_Rs(`zl0;dDDFVeFeVOKU|_Ni{lTmDMXL8)bJ(FJYXSHOpwFS4lNH
z{2{BCQZ~x!wphZrJZqNOYO9j!w@_Tv#z=#IrNh>RezmNZnsC;dq&wy?{>(AvP{J7E
z5eZo}_G~6xWB7j$R)u&}Kvu0in~B%{W6<2QnP|-}#3K{3`rm>lAs%gzReR57lC}RB
zH1hNyTq6td2!*Wvw_tXNM=500%F}~*?LP+1JUxik^g=vRA*=tFz&~BD$*2~BcH1Nf
zOh%;)m?h8TC`Eh&rg%Tk^#qylq$fQE@j;Fw)>Oe=<e<l!*Q*-(y~>ZrzZA*5YH~pP
z<3-tITsb26#0|(ENSVeo#6NF(64R}^_6yGKD+N@!uWl)Sw;KK#De1<Se}k^CB+xpF
z=NZH4dRS0h8>`6n0B>1b?*O&4nJon@I7a02SO&h|wD6?ZO7G3e(U@K{+gV)+1JR<J
zcp5tg76%Px8N-(c@hVLkG~la1-q=4q40OEsq#<%`$$+1cTUQRN@pQkp`ctKtW9^3g
zbGqd%-zRbObyrs6w*>8X*jJhj&kkP#kYkyR3NT2~xQfbUw^)jFg;MD8{1WNb?_ltb
z>0)Wc7+D4;3JGx;AS|UJ)s9H<ojrGsYMt+PagXkizSd-+Y6`F*+DByZ&=U!T7UKt<
zxyytH{452Yt>jiXP*yA|1c|#ERxmU}`lUc0<?S>t!heUU9I5+K-EPii;O7QZ07})X
z?tP7k7-?$nMUVTX=z4mgo~O;(RwyzQP|8sW?FCCAf0Sn?Y`%wI>ELR#@2B0^?JrZK
z6Mz9Q$;aKF6XYsXZY5UT!|P^oS&^ln<@Jq6CN`-+t5f$&Jtb_@b_3-*SV-cpUps(u
z1V)m@VV~N7*#j+o_O%Gl?DR!LFxfSM)tGQ1=0^eCXV@m51&a3rP*-s={CXS`Zs0rT
zJ-XIlbhup|v<+7lr!eJ+?;?+A7RzCpc)8MLhHNVlF`q1|QMg<TfCjhk&o*!{ni;4v
zfhI!sN9UAi5Jc5#-B8rgm+&;q1vrggV0g9t&{Dqb<EBthKFMXLwCD4fM4~{q3H3Ak
zJ~XC<E3PHs?0cna@$dCaVHFiH+_xW!qurwe<S3(nEGG#@XD*dIG?Q&r6#Bm*2bzxa
zrnOhV9r&@U2ijiu=1m1lz+q_iO+jJ#UB60L`Ju3qpBgzzkWLSI-)NJvY644$i`EFu
z1cv8g%8*_BSU_f~9TIh?8TZDinU5>oC=4dkvb56TyoF{8_3aP-jO3kwiqsRON_xbs
z4qK7DJ(@8CMN=JQ`cW7Qre(!onKb@N{ib{pdo2u4u0{1P##%4nRNL5HvnNH#|3!cu
z7mm}Yb9etJ$9s~FAZ{V1<!U|P*ZPP}ZU`NgkaGV<@8{d|a)f~b{-pf3#AxndwcKvk
zN-uK_s*P_K_J+Aemd-g@nQ=BR(V(%*FTy3cbt}F_K{Vnm0=S@h<tD{S5?0cnrJGy;
zA2WPguNdAef8`8os5m_ZK6x%Hf(>%$1NoZtLc^bY$}Nu<&+hClQ*ReIdD(8{Pjq6E
zFa2p$KSH_8Sq(e?V1F<xZ?OCl`@UQDIT{tgiyS3XS6p_ukWOzQLcx~tGn-R)f$X8K
zKq!}75p+wlOQM_)f$7A|u6V%oRC>RjuQ>S}vQ|XCmINSV#9YSp(FFF!J{Aal-&qGo
z`;Jmq5;Geh%6{&xHFYf~p>U2v7BGy-5|ja}7AMNUXKgqleMwl9N`XhYdI7tJg8#rP
ztio{efEC-)TvcvZ%7Xd=SFEDWK2wgYruW@3GQnfJ81(#vJC!r%%!#8Wm`s*EsE?%h
zCgVBgp%$o=6W-sCdGGt_D;9i~q$}^8Y(d%E6LmuRYm_*a9U}{SB^|Wtg0qE9qT1`D
z^bGY~4d?Ixz=619{(F8(TSmE;-gkty7gZlHW<&w<pq;U?mgo(LtYDXh5u#3^t}6iH
zCJQh|inIsg^he8AkhX>ByyPjs3x^g>!Bqr$AdqVPJiXCgxPyNXrr_-Pb0mIuu{mgO
z=cQL}7p@qKvxm0++%`{WUAb|)Ob7z=h%OT1vWBxx_%q9pu-R9xI>qhYh=P4CRQAD!
zj26%R8bE-rihS~t{HCitTtZB6a-t~gC(L2YQdY7&G}#<m?HA*#RWr>%k9VImU^y8K
zzck-QfAJmJsUT>3c{Ldbf+sL`?O&uU>*oJr{^IKs{w|bsF7o~X*QPJXQ4i0));B*#
ze~ah5e5<ZWc%iD%6ts;)E{LMbbjLYgds?qhnf0miiQe!b$TeyHvvRqQ?I7%+g+oou
zsNZI#zfVg$PiLxH3H9yaeNMG#w?5f=U-^2j=A2XUkZyCP%3yMyODptyS{`#|HFp-4
z{g=4wFR{M*9}G_)H{UZEIFIg%E&J{ZJ~{15Tayny!G~NRtF{j5Vo8r24|rjQ>-+>&
zi0I7)0$WA6fYvs-RZ2Nv47F^?Olq8qQvW>OZ$vEaV|DwGw?jaGJhpZF?V0;79S=>}
zdJ#;drZt1em!)DF(s?~uj{m{kTL<;=ERUkW`QRGd-8HzoB@o;-xVu|$3+`@#;7)MY
z;4Z=4-R&;lb56Z;>)oo~eg8g++RyAvcTe}sZtqBUkI9#{uS}9&h%{LPGG(RHL6gkG
zO3H8rt@<(;xh*t%ndNU@A5Q2=5HO-ccXn#<oCE~F29oVQ$|s$N*v&c6uG^XFjXj77
zTJQpnN|tnie%5t<dOkd+8TI%rOzSOg_EOtCwzFz*+Fq^)RH$l2l?mEWK9^C2pC7E!
zUfkBN6R+H-ICQI~)nra31l_w-_59h`O7gruls_;(O82fD((P?cc@j3}RN|-Y(?P`*
z>7hIIP9M_Qo$t-bw^wsm;k=M<9$Y6X!DP*X+kDY;ho0Z3Ld62Av1)t*%6n|?#I?)X
z9S({45A5L|WoTBo&ymId-ay4!;lcQH&D<Q<-gR=H%hL245ZOB;J%ghPC-(?!?&9Bz
zGp3q`0K3oc@c8$8I1URP`g@&Bg}6XwAAm9Rj^TjxT*PY|{X(UjwFunXNsswQt8fuM
zeTZ;e#~Mnjq~JT9^Y^_EduCm`=Q_{Mazc8J5JA`L9rM?d`GoWo3V;Fj`Bl+eyf8ko
zUgz7@(G%R~-Yp6mW#a6JKRCD(NLs^C1I{({ec^>T%!kFzOT%=8wD&?a9>0_}9)w{1
zUBrv$R+Csf)*yS@1h)I}L%yf&!++!`cj~wk#VK$`PC^K=G+g_$UcZ}b$4@g5cB?5F
zeD3$+*7kMyO!2`YL<Wbe-5%W=nEzKq|JH9#(JVkG4tb?GBD`!mwX9k940LihcN>CK
z;R2J^pc*rVfbifGU%`42p($|P0Mjt>fcxXsB}=u|jX(~@!^h97jlQhL(=|{2!=7e?
z#aJi6_I%w0Nikoi(N?ad>ki#65tz?{toWVEr8C7K#1|1`Oq*QP)2IS|!o%tzfc}u*
zv=4-l!ftSIY2xl(WQq)UcapT_U^L59ZBjVeZz3o#YhGoI69l`=22>OM3`}<bg|Jx?
zYz8sfd5X=V<a{`}4xaXmFH|XVEex$+7E1%qHEp&$%v*<9JCCNW^<CF)@WSZn)n#^#
zTH>^0Vi;BYy#PJv$z<fX8G{}jgz)w~x-!W@tB&50E*X}qR729yb~;LFs!5O~2xd)Q
zN?x@w)&q94h#T-}7X7Nd!1p6XafSe*CDHJn+HkMYy+4{lPR8x8+rd^_M~_&mgSVkZ
zv_EEBbPM~@G+;&kTeeo<#Fk!Dv*qs+p<8;jM)ocIEr(H~zzNo|RliSDy`bMrt5&v4
z@7RF1z*yU!eFR`Eu9RN=uPmMB8*^VH>y#UF$z$)oMM$mqo_|}TpK!D-$)JIZLVy~l
z>R1h6Ql1(8G$R~1ytTi@7{fDUbp|MEEbk&%d%-gd7lnp9MmSAjrUmOWevI18yYDNv
zx|4RCi>q`3ACLqcZO?>PqbvoPI&B*72){3mJ@wbLxl-4ps(J9r2Imi&tiEq>vyCI;
z;1U|S_lVM1xUGL>tNuivGIx&MgNuvm*<<8nX(o1zhz$F&1u@E&etJANCKt7ulaIJ(
z$Jz{%uXO_~wXSSKn4qsA7-IDtdl?ruTOAR(uqqez+#z@%rGM(&&aFq3HOB%Joep4e
zopP{)SFD~ZgyRzCYlxB=+PZbFuLMhU_TUj3ssD4Ye>?wY0x(B%!-x9<59ZNhgkWS2
zxsMn<*|w4EpKtXKH&UW*8n}82|EkFDDi|hm?%&+pMXtdabWQ`*aAkXXFcG6^R%3#B
zzX5v#j4DdcBC)Jg+M8z7P}G%f)z-qxI8wsZl$G<Gr&f5>L9G=`Zn-I(2SUUOTT*gl
zCVTOx)n>$`?&uKoG3DqQneio;CmF<q>&H>*`1JvdgMHs}7g&JZ0Q(UW=~fyN6~xg}
zTZGBrX+C>sIq(+X@C9IV0L94@^E9#OCbL0_Z1;5PWLD!dmu|1P0IkwVf>9ZO%pKCZ
z5guaTKK$6*yP3eN7zx;O0j6lU-56xdigj3O%<##d;FH~=hu{$GYHVmEHfZPE@vAxE
z)IO!(p*s4U)q1w_Jk6MUKEQ`VmqV`BA*l=G;H_#x5!U(@qVgOr$uVqHIVCtGU6a>l
zg}8W`kH8aI{yfpbzVga}!QafOK=vlH-SIIz;UHlrgo)lk|EvmI0(Q2mNvx9GrZd82
z38$`Z{zrJPo`Pgbzo#9dyir2Qu?PI8YjzgRUAueW&v|ol)tL63LR&;8ZyD~IhVR!5
zbl%J1=^?t0E;UmhtCQO^%j=-DTdz+ndQaeo?Wp|=8P+!oZCh~I*0&4g(|=K9T%QoX
zV+7F25b5gM7TT^^843d=3r^tau$ZW<3D1bVpFZZ`na!#^lG}ZSS5L{jKJfzm<(=3V
zQ(Yo;nW9?Tt$=5iS<71OYAkZzhvI7uuth$ac<NoMuz$G5KSvUH;cM9=y+vwoD-&fh
z+*=QT<-9p)gD8J!Kx*?#c04~AD7@p#n(QiKcRoL{Ch$NKoX&GTpG}AoJ;QVCLGsr&
zMWs4hpXM3l+qk$!YUc;2te+BiE&o)$@8=QVC=>xcD))6rQ?-QS>+7ZF&BSvhV2;1<
zP}l8*%RV8Ze}DY0gJSu4B@uQ3s(Ox`<!O8Dtskw|gSzZ`UinyckYo_oGb;=OWZ2iN
zBV5X~09~yLYtr&vRj*3RohV$xoGgnm6mvjoQ<Wc}=hNB658Gr@o~%YwM8{kj7qUOc
zA4Gt`bS5rbc?$2MyBcEH+RU`z?ru3Y_Q#W&b(33z$@cS;%MtYNvSchY$Ti&+TYBA9
zQPk{H)FLV13TS|tqN9+=VEdMQf8;)Vs7SX(Akl>n^$atTwv#)Nv;yxU2|*Oj4TpX4
zpM;(Ct=YOLvm_W0DzMy}+5u(aj`G%y=G1IG7gqit0^C0u+R(Z(-w$lhIvQF4(h-As
zbLR*29N*~IPAscv=()0%&---`{SNHs3TEJuZq5Ix8DOF4XxnUE{Gv^^eFp3J2ed#o
zizJv{6)$e+OZpkG`t8boo|}^I$8;}%I~WrUy{VsB>j!pNLGUE;4~Ny)r4`H+=>Wh2
z0V1E(*yq>YJu`iV(Zal9@tVa!4cJ0_b9>Xz&squymWfxWzwtM$&q$q%3n8hC$e>U4
zRbU4X56L3Wk)-_RY^6bg9WaBmon&-weUn!zb3>e=u8=yxKh}lxY9THaWByvxk_2p5
z&1r^cqyuBGBpX!Dt^-a7axr=WL1PQR@C;go6-x{*Xyb3f$R`kX{jN6pxO~+H6sEsK
zPb3j@QI9@?yq$7#6727oHNuY*as(qSD4?Dny3De=n~1%lL--6)<0w!BgJ70+8Yamu
zL6mu9{L@nyRlQI<Y*Ktyfb!5qVojeije(<ufAbR;cSVy>Otyu`4`g)o5y=zFFk2Qu
z7!0v9aeICtC~>2P;v6K!c;boAg<UI3ba_oLH6ngu4J>5m%JjKKiKO+qBm608hPQ>6
zy)^G=SM&xsNW_&%h8eSZwcsQ;Ry8Zh&X2LR9=agOK5Idi(q64Te*<TD*~!f}wl|~$
z7@hWPxzBKM=~g+r@j*Cw;S&j2tXe@T^)luicx8BwZ{d=qA$`Ut95*csAk)X1R8Ei5
zf9zjk#_PhUjyB_Q)(@K4IwVW8s7IAUeG2`lX$?93{`CXyT0(y+!DvkI{XqR(|De=T
zpK8<$_Ndf?+}BJ8ywcGeI$?foJ^71D&1>oegrk;<@Bi6L{NrNbJbY>Vg--xy@1?+T
z!|%6v)q?dAMg;;$Fs(iLeE^wJCn#<CcyBeQGl7W^aDz;7MKj5R#5?>#wY666_J>v)
z1)KUt<g=d#JuT+U&b1-i$&=kkCF#2ggAC}^uG7~BE3BxVoKf)OPi@pw<=$MJpU?W4
zwhSC?(pJl~cF{}IC1?&44rW`-6Y{>`yl=^-_aovUZJm=`gpe{2GLpZdkdwdW<=~tL
zI~zYisL`jQ02Tovn@7wn=cvsw_dHgx&wvx;h4aF{^Q%bC0dLGrWbxFYpkBI-!6H6%
znz|>=5JZ39E=KZpBs}o9?=J;hR<K^Z0C8s2^zH2Xz+OQ?=d>epv>9enxXSSRSYjDe
zx}?)G$~ij2#o7s%Q6IpY3v#h!-T>)`%@(DXq4`wq;J(PrB+H4d$Qcspc$>lBpi_L}
z5DaY_9)|%z{o7x(2G>N$y&pvKiT*fDU_=OYPIb_Vxv4xf0~6CLaD3(7KJ>glwD6;W
zXiQvZTA>MfnJGUBW9kEomd)CghlPgWO&aISTgai4(qJ-1j;o{P5ltif*jDxAsn|FC
zohjj~_5?3d`Lr|K2pAiVQJfI5UH5|v<qp!TxshCBd6^AOcqV>v+#oL3kkWxgYYly;
zVs-qH0DC|3b><~w9KE$>5DIBnu1jeEZ7a;i*l*D&?ty%som%+R#cfq(733fqD6k1K
zrA<1M2=}?~c)hXvpiQl^Ve{8FIpZ$B>21%qQ{!hy5Sn<IP>uvY3S%=f<g2%6^F+<Q
z>+eueSf-8+@7s<y&XsdellOh~6NA^=-WRwHIOMk@w0k`u9@3@t8_Z$k9gGo!do+Vu
z6Rsw8Ots1MWb0>Hhl0*5xjfrJz(4-t^GYU@MsRsnDiApa3iDQfzcYD%WW8KZ5UeIU
zjyUTgS6s)(wQ4dFhF9LHoHJwJuO3GG!EWz~$_Jx_V+1|Nry)CZ2hRcV`4=$x9}`5C
zC4*gyN<ss3<iu=B)#bgMRNde>3LV9s#v%H#zSr>5MvZ<%$U@Z{)D|lIq9&c~Pq=bU
z5WSe%hrKM(j`6<qH_+Zr;+(AMwZSGK0ybOp(yIRoogv7aSTd?AQ^g)|zG6p%%Iuox
zBl4(tcpg-UY3CK9?MsXZA{z;;!j;_^oLX};_Ux7B@`-JH%AH6fdpWV+I~lj^{pgzj
z?-nZgRjT(QBPmiZ-^JTtg5d;x+)ZG~xHn>CobT6tcL%z3I#?O#8&|Se?SM%ajzj$8
z;J1>l1_};A{pJip)}0vU@RvAVl|A%;{@)|$m^7%SsQqHDN_+uAs)?|_2Qo2(EW_1J
zrrf$fANydC1yI0YcGvTBZeHBjDLZ@}WsnQ&5S(B6Va^@;r1zkvZKxX*OHytr&<L+o
z=TS>y2hn2CPzB$x()#YrW@~TNFlr%TuwTKpj=coIRs$d3&t~+%v=`>~kx17ytL6ab
z5K0xC?_g8DtcLiQ&6-h_!pE0rK(EW(#B`NUiZ19h>=m?pbF_!fh!lg_Eh6Gq3wC9?
zfNT;5F|RG~CoiDYwk+aMzcAhxIfmO<);YLhbAgKKK5NeGXF6#!ltj`g<9wp)SaxVv
z;E2vghoST=-peP>U^0_iP)07qaY)NS6;g&ytLeSpqNR8B6}hN{tXu1#7z9qfXoW)#
z$O7~@K_yTduUMt!BdRvVt>6-R#dm*~$9L7U>zKnD00|d{rx^Z~4m|4;>8l)cw#;nm
z=$5c&h^Yx)M!UAG+uv{2V-8uh4qCKK9(up4FCD2fKd$*@9~dIWNo8@|>(as6YK#y;
zBWJysV9VzHeR&wkC?KYTa$vv9#u_P|Hfo(r<&}bQFqZ|ZCE6}qwUh39cj}_Cfj5ch
zr{c#lCxyq^fV#qfMb&dMQ=?{f)NjF+FYyewT2WBmWjLyH0F$R73{NCRpE6_!@pZMM
zV%F(Gh|fha@pZyXK^45<TB_d09S7BqbcDoZxtC7)*NEw+N^KPR^mr=Z7t!N>quDTE
zFrli?Ovu|T2Eu3YIk(}FI-0bsjV2teP~?L<v>gPI%5Sh>seXgLe0ThC*35{#4Pv#c
zX{U+rWiV9rl`;*iMQG*xpe;**|IuDMuakakxPpSOBK@KL5)ygu`(T9-<9&bUk5NAR
zCC%Tuu?`Xq9=sYfve|K<1C~g-tgjBgtA%Sc7B!>NMOoKL)~0jN>h9y99#*=-@N96v
zk>H8cHtbCpUeO^;2dfdnMu&c5Kl3L{UzVT1VT2;}#s3DjE@Q@Al%#aLyUJ$$Pok8@
z#v-up{n6bzy%4ds1l54}rt_E*=@v}#1aNw9y$PYSicHLgUTz@Fl5nrvsN9=AzFhvg
z+v*mAo$ES2OlmH}pL&Vlk}#~sivfM8rv0M+^-x6lqs0-O8b$6PpRVnPz>B;YT+d5h
zI)*1Ormu}+_AzzKfTQT8SNHwooU}~qt%@=n*_fm-o(Clq4W`P)+7SU%qE_@pY54@O
zOT-{xO9uD3Q+73nLFp<I_y};e3CTXB$QV^v6j=Cdl2{ff4l+jnzJl$d<R<{fvl^c)
z*w{cj-J~(Kh4YD7L+rIlFGeTl3G+#@Adv;)A^zadA0?kgSt9ifQ(REbBjLa<jfMOC
z%{_I)0E$L`(p{x*$*@Bj6ut2cfyp!qCc#;gb%XS@=3C9@9j#kBQ#YwWd&A#j=YFhe
zfRRDQGx&<I6J^Nvtg4Fo*H-<n$cs8kN`gqd^c(iPNPOIVWbicMot!@H;w+UivBq^j
z4?oU{#vUB;VFEpBF|hS_BPVhov&jM(^}&a!5Ui$rRQtz($CwQ6`nI`kZQ6G-ayrLl
zL8jj&J-k=BL~Msn;04@$#|m{F4))=TxuJ$G)CHk!`b8=H82O>%8JUKvj;!J8o#woK
z$GO<z$9NF{K!}#=dN$_0Da`Alzi-3WUhuIYS`*~1^N5f|T9Z#$J<NovMJbu~KT#k0
zC0Tj`!1@;zNxW}&w8Pw1$CA=Q>?^#C>>IQ(&MP3fGJ)XT6NGy*y??m1s=g*WQmn^i
z)QU$(RypqAMbz%(Ray4AQV@I`9$R#v9`*u!BT!A@2@RSu=)nF6Q#d!QvsC_RLIYfk
zKJuYBajTIMjx8#7O}cZdwO4a#Ar;nkdh%t|LOpCaREV`^)b3noacMEa@oFIjWzaD#
z@MvY7vW+E%CObClhY>TNRyj5(tB*774a2*PC5alC!oy8p{KMjo9oRSxp{8j>R>9^P
z{|LZKN@fNfu%@O}@(o+9NStAXn<2p=OwJJr^^K6HT_J-^lIF0%ef0#NTjpzHl<#;Y
zr1!K7o&_U{a+w6?m=ze~EF+ruui-Cb&P5>@k-0{bGtNSSp1&6-vvUP=yz;j+%2s@~
zNbt)rPNr48JLtr3pbO>7ll@1?#?@&0t1xwM-A0j9DzUjVA$pHZfgo`LWDa$~!}BMh
zN#|iImI~nwb&P`cbmGeu7#3E3c?7b{Bnze)4dQ&_n}sJgQ(Z6v19%9$pM#dZkm^27
z#+(QCV+mNF=^Ax!eY#4_dyIV#=F0N5pIfDhA3xFMkMdfDs_`v~$Ualp#Oq2!3skt+
z`PdR$zYbJyKnPRwFzcAC!`<y<!cs%p*Ump?GS-@-`{<=Vov7K3xPG_(oJpFE1Ygxv
zIvlc)03x{3+*p0emoH13$_@Rw-5dwL95J7ekSA9JIB?A-c)XJsvXtT17#%bUwW&!{
z)KX=GbMyH83$YZ(+i*4^p&J00wv=($6=To$Yn)H0yHi%;!I=D~p!bW?ce*3n(ZQ{T
zwtuQ6y-ib0S7i%du#}NO{R|2`P>kZ!)>TquT)&wWEdn@ECPRL&eo=$%u{ZfA`%F8A
zwFC{jZP&T<47@w6ZWSL1Vq)(gj}KT2a|Ij=yxM|7Z*x$Ofp)#ChHv%mnmTw6Qei9;
zx&8z6fO@8ka*{=KA<ib70OBkflB}9=gL)cw0h{?PNIfJ!j7*6JL%RoJhWimZX)E;L
zmJDHa5pWkA<v@*~En`4;ElW68e{Pykd<=dJWvM#A%LZ%q>OG<o`cfJ>m!^CG`2+H|
zm}cR<Ay_itD0s`ZkKcH^NeMM>M8!k?#Rr&R4`5*b^TUO0pWHZRk$;y!Jn8AIie8Ro
zZ$IgYo#`E+(aEC}ku&BLawKk+cXzlzsd<Jcd%Y@7!g%5Klh@<SpGtq+|2XfCFg#+l
zM-)-5ZWZ1IAi;rNeiudIai&16$z;gVOzwefxP6A05n2mCRlU$@o<X(jw-sqsy75OR
zMXd5-gst{aRhYG5S>@kdX9SxCftg~p-LWr=9RZ$TZE7SMr<mn;$m-Vwg%e|E@a_3`
z3VZ<cJGD}jPJ_HVTF4OXNe`w4@iT+7Y`ZpjYAs%o9J{s;jS;J&VLTfiU?zBNcXba)
z^AQu`XB*^B;s9NuHnlw`-WM6};ElgFMQ;k<q8|ZuSTpTQ-MhrJaB?k(QCmxN;lTS+
zWb&R_Q|X(<lVI+0OGXGl=cZ)7*wXX9ggAH<w`9JGa`W^5{nDZ6q__5iq*5Q3Eq}N2
zuPf88O=n+92c4GV9eU}5C$-s`hkENnOZX>Oh>F$cAc+;Ad?mdDh2Jr~C0kuBQxx@T
z-kHMr?0mOUab{r_@QO|ADAjW0T;CmCn=Na?v%A?nqn-N;cvM}vQdpk)7=H3i>;`Bo
zrgxMA0gKiTNA*tlKlvhykLVRvHQ`mW`Kr|d#k2n^Hne@Muo_(nZF?xiVDS}BdH1;5
z9M#(a*Q5n^+C4k$U%jz&yHZQd99@z3O6`cDUkc_swh+Y!XB5~rz{1-^sYZ5RSPbTZ
z%<vlQ`NGk=fo?e%p!g%lw!^sXIkg3d9#Rb9LIuFt-I5^3=sztL+*U2bgjnAd^Ope>
z)c!@mF8@dT-l^^$%J3}K^bx+y<g8*g@Dg(;bn{5`>h3M99AbkZS2~)FD(@+TTVOxV
z<T{laLH=zWt4^O~5vV@Im*M7DZX2`jm-B3P&lIJW++#L^O}ImEeFKah>a*NkF}R=L
zT#V+Y%g(jt^D7+h*S5L&#GeGONV$Y~mmgj#>0YQq=57D@6sD}DJy@r#&AlvtxwCCa
z0c@fge*NKa9vV`nEHd=9zMVJl{e%f_I`Cr2csp<6OK_|9-zK`W|81hHV*M`@U5f_Q
z(YcaEO=qoA8_QYi^5$}t#(LZa)t)(v1x-Y)QUl9R)_}Ee;?B912A>w;c+ybq&ZX5N
zpO(OQ(j@SuvC`nz(j8A)tlhaaY-&@tVM<z#`2UuiQf&5VV}%ql^YWA{0Bb2uX@c!O
zSgy?y>JFE@09EnJO22~1OZTX6AmVsur4nWY(9~!9vCvk~zFt*AxmRTY0cB7H(*%4j
zzY;QE9d}<hp1_=~c>+fiki>ZXMeh7;x_+n;qlaX%14=Q5a5Nrbiv`aVMegcKm6S~f
z8D1aC_pTd!Prfz%6`W>^fKw^B?rBl`3K^*e2Kv6*Ykc*5ygt1unGLR8or@QMaNvzh
zB800WHzRUmzlC_TqN{AlrIW%@!774ty<%GEPH#4t;G|T{XxB!}Y}1(|1Xjd1EYTgP
z(sH4-JWWl%!MyNY9vEC@VUKtLPBahdf1|%Znm%fFy{3#<+xgD1nSe13N~%<=@`;ED
zLm>z2WczE4Wxa-CD?VXvQ>+UVQ@I6YH>mz9>d^rPb)rEBv>O-sGdp#^3R6^Eur@z&
zWpWX+J);LOq3y`gL{Lm_4U^Rgi}$pf#jrOM_+0&#FWc#>L<!33r$Ie`y~8K|Gt=UW
zWP1{L_SicTrH^+yw1t#v#N4y>^D~Z9@D?-g{S0r9TEux<<lwaGF+=o53e+{C(LVe_
zj(L$-XG{bv^ZiGmbZ8K^Hhi&hZ`6Id7GO3CU%=9HgHC*jqOAP&lPI{CslLP}g8xat
z&+TUgU1m)<W=XZW2*<qAmx5C!Z2p0wo9Ig^qC{|{@2b)9gAyErVTN6~am*~<n-me9
zxqNT_Ux`>KbMcQ16y+4IXGmT;8Dj5CAMgmmCc>COMvjx;x-wg4fBl(g{SNgVcinzm
zf4A#e0zB;j8vXZu(&3eVi`<Qjxmeim++0}n&qOnM!F%#z`(%{Juc;h_aELQB8|Sqm
zeA9h?S{QEoUH<-#m<TF?LG8rw;fikGp9?vK+VCtsfKC1E&B^>$K{~EI!b6z9LW>;&
zzoG;*0iH|pdITc!A|C<NpGjnVfnbdtbXS2yM_4?nM68i5-``O+t(}v;9)$ycBU#j?
z-Knw9pe56!Q?lFraqeJ{W8^XLLTG~E36F@Do(Q<p1uo%|M~Flg#6nR-xAn=?gKYe?
zw1ALzLu&53cSVa_wOMF{@jKC;<Jv{R?T8BbJkI4kCO%IAN`xyRA8MeqpVeq2u{;r!
zGqy>gB*;&kl{~h--njLIhgg00nF;YDsqQo<pFz5cMF!4aPvxrw1c=D;W5c0FPQ{;R
z{+cuBy^;HOG@<lYs?Bi}#;obhC;y4!HUGGaL1b-e1l&b<i8Jbb?sQraZdPZPFzmLS
zyXU$IQMcWEKNf~dzrJ{i_<{B?avxx7<#tb@q$}~e^P^*dkv`ZpHmXme-3>H98tfx%
zYtm_sf7I^hO5^T>+kqT(lLicw=IVpx>lt_`({vMRP-3{BY~I6uY-UuEKcP&aITi;c
zUtSKsi0_w76g}s_epjnDK6~oaiccuR@Qm!%RLV{Mywqr5=oS+Pqpl<6?OA?V8ohA|
zG+c_sAw!w$=D`<`*gx4TR{0X%9_Qa~D&LTQp-;KO8QXkwbaF5@uzpY38d|_{u`v@f
z6TheU_~4l2jBQMv%!pZ-x!8#R`GaGUFt>6tb|7YwurhEm7Be=o{bmd&AOQDoDsD@e
zs@As494N1+dcyidln|Jr;RU*?R(^QAObpF#4UL6T@WL^P3&mD6aT&zek87Ufed-N6
z$q3M8(+6%$$V7zEq~L<##e4b^kPg2CbfWX!Cf$$qqut1bZhBU|5|0uv)krzvzI$K$
zZNC|Z%&l5)t=inbF&|{;C=jvuuXGlgIUsBJ9hcRn$W3O>65TLTuGq#$6Oa-FEO%|s
zI?As4c8#lN#rO$<A!!dJUhqpTJI7-AA<j-VMMkQl=!+C`7PjiT5UiDims$2WHiwtG
zHz?DHSVUKTjpAJ!XwMf}^(HfeTN3~mqCcOkt<ffC#QvD!pOI%z=9@^0KG^3!;FU^B
z24<2Kz?W=j7&p?xI!gN#t)VQJolgqtpkk7_`C=>|bK(zSjaP`QvrN(ZC<EzT*}nWk
zw0aNvb1f0B{qa*w$p@^UCFLuQ=HndR9ZKmx-;7)>UVQ5za%GfD>#36!vHp1AUW|=7
zscs#&$5HGzYA9Rerp@9O%fU|<hjVP6g2b2d5~NRTd@8fYZ#?lC>Z@oiqrQsSXB0@I
zs%TVe*bwBbhLiqM?PK){pHewlcYVSB;klvD-i#CEyDHaxvDULOYR0<Xq1O|bDwYiX
z_8DXuRn}{Q;3&_2^w0+wnBPgh1*)~#yWKRo68@<4aDvZ*&}uru!EdypwF}<&YckQk
ziA!h2bN0dY0#WG&2T0IXCLC2P=9;f}9bj;+OP>GvL!I$aeuFf;rzAAV7>Qm(b-3k+
zlIqv5LkKMWhz{w*Eq`CLQ>gwNeB_~OBBip;Ap86I+*Q^O&9yYY1w^>y<lxoeTGP_j
zwzAMfhSSE7+gMu_#1Im_{1F2Ama4McF+~D(C(ZYlx#Z&I{4jetl~Dna+S}ZyNo>&&
z_($=}cDKe^Gnwg!rRG1N5Hd#Hf(ScGc_~oR!;oq2>w3opxY?1H_0z1}(|&H?G$};a
zmZI)BVIBsI2-oFhfM14THcQ*L=Nff#6_)504oB@HQQ9-3@$i=OJDsDkJ)LyT2YQ;}
zQS_F*MSKQGCyGtdejFF?BEm52tqNcfDDUyx+-!L55tQVM)i{^pQv=?Z>i{Y(^+!7f
zHt6|U<)J*LU1U0Ue%5~aZ~_K|2zs?zDOF0PUz_1*LugX5YH5f|m(9C5xcV5#^$%R`
z+WzhiXfiMpc_Rb8xzG$>5Y#1>0us4?sPs7Vs*VWH*c;GW1ceg>(q_rV1)@>vk1N+u
z9x9f~)JgMNA?U{^Me8>yP6<H9o}iCFNpdJ}&0I$nD4AE7v^q0H_WT9b`A=;MG^;iE
zH@NiuHCWe%ZW~X)JWORU3Fr9uoF!&!X{^V7;{W_M03myv#_uP9AobAAlMMAu^Azi<
zh%sMPasO^y5t(0EI7Nm4MG@_z+~$K?x0@BST50~1Ohn9vi-8~*=mEa#|DcOlIsQu*
zDZASl6EmsH8(J6}Il(b0IU73tlOtj4U=64x;Q9{)3mlVzvbZ`Upr?$#7+4z<Q!_Hz
zIU490+ZZ{x+d1hu8ap}L0atrxAjg=|?wbkCzcCaHOpU)dTN?t}?LS1MZA@&%%#ECg
zx!67dtSG`UiHO*`5o^8cNG^6xVs@@iI&e&i#*Vhm4o1d~#P2#&!NJx@$=Hcli<n74
zOoA9F7k6`#RB{5;<v-<$oB*|V!4v_#324s$C|OPpZf4g1QNLy+w8_S;2$d0V&C{O#
zhB4mF*7o1?kyTjm37E=Rfw1ie^93g^^vH#s<tI)ZfsA?E?s|LTZXe$B^L@U%%hr24
z@huyFdwugE&^y969+7{&@O{0jtob32SMFPXbtO4*<E)!q^Qb0hyKrI1jr{WRG`|?q
zW$U+PshpVMttkS2J&AYwsYA0+5|vPI53Es<$9u}yE6Q)JgBbaHyRSX8_y_l7r~O90
z+m2Tvg>HLY)3<G+;y`=TD&4$5;YD!@?Sep;ShV2R;5es%;=q6eAvEep%HEvAe9mLj
zuM{7&MHBoEu2s}Q-qar`u)!(x|3&cpPQ!&_#KjT{pZN6yMUH=|8#u{jU_8ISoI0cJ
zn9Vt!bGMAXJa$ry-%8k{d6u67pZ^pp-KOP8K@7|l$yg5T#Ahyo#}ht-5u@vyAwdO@
zej#a=UvV5&#xdwyw}ZPQM?f*;ZQyX$1Oo}Qv1^`BD%A(RK6Gk=YSQ+8IXHJ_qD_SG
z4=aJwU2Dl#fj$KF!VIB;LLjqs(k!7+z70cpV)VJ5^je%}iOedr1@vYLa{YgZ5M#*a
zIQ53#<Fe6gcX@@fQG+|7e+lv7mESimQxSN8p#>{*3Z){Z-3DQKf~Qsyu4c><)B5x0
zR#CCbhIUo+PI8T)cP=Emfftgg_RgnBlOXSkW(cF^q}%bFYw32$n6=eC$-LUr`6GB$
zQ89}^%mutRNd%|qr~4=#1B!PtQk|z_Tg>u8)LB9Yp_mt+OcVzL9#BjbAY)vm-#ICE
z9Lx8)L{{#$F7(m)S07bT#egg?cK^P!vY{_uoP+}A1H(H>y$kw)d;uvVSr%H!5<ge-
z^lvIKzF2#powR|K$8Dk<NM^f^UUb-4DvVo5R)g}@jJ|cw!@$JOECmJ<uom<v!~a9)
z5TC^%y{z)(daV;Fzl|b}!+l<_9;?(c1$Mi-z3<>(&zSISy<Z1>-;PG#Vk_rd8bb%R
z3tm|SAWYk2720h~pY!c}qF!l^w;D$;9Q-$7e`C5?YHV-{&7?|=aWK$;J?<lpH?;3&
zM%en_l-AwEI*rLBUwi^T{Q_boIe$vt{z|U?K|0)@@A1qYm&=;Lx`Y+lI4!|Gmi6(Q
zF#?oAo()Q(eGID<c+gY<HoNzAaO2Z2)(@+xCdT?a3Z#k>L~sf?&|h&<BxCi#$Z5da
zPKWQ0+@i`>X4qhBOfhaF$Fjb*xwmxL&LGkS@EfTsg1Z#)w75fyTp-9u(uY^FTp3c1
z{34GgB^fx_#Oc$$inqtpXeluzwmQZM;?J)(RkmF<K}qb&np|LOrs&H#{o;&th2W>d
z7chky0X*WZDIiDMp?qLnx!Fykdj9#_v&3A*Ar9ms8?C2=(YV=aE8erjN)_unHif=x
ziDQZ>F~&IXSmptbC6h^ahRh{3nnMOj*4L9yf;a=Q^${M>-NRX5|G~f7EeAw9#!2MQ
z*HA<lK2_dhAOFDB%Lcp|)b0Hv5vj~YaeU!{_@<$z%ATXh{f<^Ad0E0S|FC@<slPh<
ztNkly8NzKO&<!n0nbUj_xo*&fWFPzHQ`}k5ca`HLV`H}DE+T=dvFEGnk#7)ch~K%U
zKE_!|Z^RZeu6l1l3uzWEpwW`up*0o$-(vrClc=44*7q8i6Zogeoo*w$vshZ)BmUjw
z`I`SUIe`6tXmX8BoE2U4es^O{R(K)vdhbs-nJ+hwzI@t*SA@MxI8-0;saDm-J=nFg
zT4o&*k@EXN=u<v|o_Y^G#l(-4Gk@!MD^y&|n=Siv=uVe50BetWmy`LWor=uUrGp9v
zSL-IrX`S@bCA<0Hmfh>A4BfP8Sw|1^FHEBch1_lIMalnUmQ2e!d;I#sG<#6U)23XM
ze0Z&xsrx@=a<yR;C2w9UX6S}b%i4R;d|~Q4DEuEXr5J)LV>RLQcvtGDb+k^G9Oi$v
zaIDmCR3N&Rw^**|Se`EFl)AM)6Lrwa6_uMCQX7*mJkRb{s`}PHmiFl}ydG{;5}uZP
zQbc%}oz~-jncb;m^mTqLoz^3GJv>)yt4NzyxoWo1RU17jao71&S-R^y+xnh)(_Esf
zHhWa!p`%h+dg!duR#EalW@1*BZaS;9R)o*1Tr|__s`VX}xas^4nTen5AnR3x-5yJe
zI+~vW_P)Hc*8{L;ai`YOvGhFKR)4g&pv4=kX!w0p&-&HkMy<3%^Lci&k`NHCLep|!
z;$5z3J)PIXOSPg7o|oB;N+e%^_5V$t|3}FGdwKo~^8Z?%|B_t8Qc__VGq9+`<FWM5
zJA2pf>^%eQx%k#Um5%DIXtf0KZkCw;|5LOM+X_`aN|(1gNuQ}<3L<(fb!Vi<izhXj
z0AJr8TY)UG$A%E73H0-p>@t1-9m|C1pLT2T$u!Q;9ljf$I4h#+W2o@VwHZiny92LH
zL7EqS3;62W{y2rCS1dJJsuzBXFA#7O51b!UqYGD194e97Qm!GNPt_7h$@r+SQWf`2
z3rX*CKZIMshRbmqf|(>u=dP)(gg-Y%DY9;e(M`+O)ZpW4O?cUG96dkbMU0CJEC@YU
zeYlG7`IQK&N#urVKq;))?Y=AVmHMGB#3*!dezr2~yNpDEj#S6`n(@t8fE4;?$-GHz
ze@FG8)ebj+%^YCh!-7=LihF5D=Lly-BBL`Jbf)qagJ12Z?Kjo6_8d-R<q-#h(M<J;
zOJw54h1J=AM+eTV)!q(3>_vuW?!XSwOeNMzRnmw5dT7DuRrwgQ9SW7A@g>CfO!akn
zjxx0>Kk<Sp+kAaXPrt;)ilg)yFJeTM@Ex0Ne-|siI1!Z)7)Sdvi2W*UI&V89iX;1|
zZ^BLRsN+KSW(^T92ON0(96yGBVNe+q-#==S=<92A(KHBy7fSR|-zS%#UZ{b!sPkjq
z%&hjk?hW$Lzq??y{JGIuhSdO1{aYPkCK>O-uw7c66-WG<`nLuLA}eB_6k)awY?boJ
zs;d9AoQ3h-JNh6LHBh-LP&r$i+``20b$ppNfbCLe!$J4IxBJ)GVaUbd3~;SbMK#9_
z&sjloNqS<e9H;v`o1G)Zb*S>BSFUJB?HMm?AJ@%~z?sFn6w9GoSH5p9e|*n1*e7)K
z^i0j|FkS;&S7^)T=UHrr@Q*BoEB2l>ca|VGQqT0>9!d?SVJLgpPoeEI#VPLCT-i9}
zxqN(E2Ek6}##(-g&{8%Hz^DayKJt@8fZZp3*P29!@(?_RUwd32*J31AvpbDmogAL;
z1yxA(J9i+Q9>Sb>2ukg))XQa1Sn_B%AbGel)x~?RDYef%l6!H&+~H%M-_z>vc>a8L
zmbVxF?lE%z$m6NzCCIXbMIp@z$#sO4<H<L{_}ep)Nf{g8>8&-#-lx7{%}ed!5fqBv
z&Yz#akGB&T^#J>6Iq>fLFacPp#p$qL5%*{Jdf)Qfp#{8KPV6T}nZ@C2(|CHPu*f5|
zN`-dMYc~crTP(efM7J^d?$NEMFx*qAdzUHJJ6E$+Zmddm>wGk>`l{rt>UIdEjZev?
z9zLV5(!bqXlQYgj)tw8^6s#Q>b*mG$1bw^g4fRM=3}??|FfYR~r>2I`e#N*sc$E5q
zlGRCa8CL1^`>REMoLcAy_NWcA+|k~D7t^5aq{W^%$5dRCy`kyGr7OUcJB9t-3uiu@
z50_$J5tBavXO8A@6KNELpW98LZ4?y964*kvp-#eZmJy*=*1+urCHD^AlyjJ17lr8%
zNSkICjX6~})a2Hu6~u=(G?(cw&?S+4yF&fI5q4YqsGPK~^!8x+u_=P~AY0G%ZInj3
z{!>`NH+kbQzWT!Qhq(lH7)ly0`V~cw7^{bNOWQ(ij*08+&kjkRq2S{>>}kyu_tFyG
zjkQrw-mG3)ke|%5Zc5i-L!X&9F!|lbeDE3;2vB?6%7ohlzAD|Ji%KXo?#<o04{U-_
zHhC9R$oF3&U9kS?I|<pN>aKVH#l)c#tuQl_qw~~ukhl~Z*@t!l#8?)hsGp1#@eKY+
z1`_p@JK2CT4wU;i_Nm?%RB6u}Vla_DL(xuVh)t%K_i==ZNV~()M>yi)$1DeJQ=-SL
zeD@vi!k)hVmsG=nzE`S^rzVRPbeui2WkgVfdxe%URDIiQ-;^NEQ!|A12yWbXmt&-J
zqfSv>aU=Q0^5U0coqpo+c2mR6rhS;R`_rdk2l>BYE9iZZh0&I-rZQ(SK5?20fi3q@
zb(0FL!<=iV7dqTBOxI%&hwNqkaa1c0fpP7dE!&PwRM6uMc>=kknoFePw?VXDKG#ts
zP$)Oq41GiP*Cn_-+xX4zJZ7z4b($-fn*LW{W7VCN2Gew9$!1xf+#ntPFPnt&qIYim
z#%ZIE?#78I*D&i)dAFtjXs!0xLFgCN4+s+ZDbVLK4-m5b_>jspyJVbB^40fX^JID%
zip^zisdRl><)0(1zr5w|Pdnxpcwmb;Jh9@=b&wn$TF^_1Up%R$rq9vS$0Pf6UEvol
z2x$G&e(X$zL+XV!$oEIUP`c)SrOrM%nzFyXk;Zl{KDe{J7Pjzuu;?vaD<>-O-3;;T
z;M5bGq*x_ZMKp{3q9OZXtuywQj8mk2_q<Lmzl@DDqdKU%sHR|TY!^~L@+$sfMW2w%
z&PHM0=Z)v6YjuFghuq5tQTvwo+4GP3mO+$sLB+BXEsdc@9J$wD`E}x?kE~~R_)9oj
zBgX_r8+R~bf=8Rbq|u6#Zc@n&EWN3ogyG$Oa4qqf;#;SQB{Cbb;Y{0`ADJmBP1)y5
zf3q?N9_c8KO42BJl_kNBiXK@~0j2{2V`xX+Wv;WV>Q*Bht&{?zzVZ8p@l1|eZFJhj
z!cs#nhX@7PuC4Z#;NcwjN=dgjy>b2rO8CG8e^+{O<{?^Ud>Qq%>ff1Fa#e<8NI&mS
zMjS8Jcbb<+N={G{DAp-IAqE>4!xI#D1s{74(9PBSf)rRX&knpHa3xXetC40bCi<-Y
zhlHOc#Vz}q%8QW@VVHM29eb#cSCvx<l*n%29kM^{AiNaGwFF_MjD*cZ+6Yfy_`C?I
zSo+8Q&S=5>+fc8KWiq{01|jpc5_3S8eE1LWPk=2Mo)L(MSy$O>8J4Ga`gAY_%l*{n
z$j`$&vl&e|aUF9_2ao%QOhLx{RCpTsRQIBihQsCrGI{fTP(WYcnWXvX)+WnSxu2HG
zoV}@6V?<vt*tuBH#g>a?udAdZaeGn3b)foVZ_+72zUA}lO^1)&U_L86WagEhbufCn
zsZlT)33QIAnn;CWurTjA2^!xY5)esoGJkk>nD?jR39sWV8y{T!t_i1g+VjD6OYDhi
zWMPkE(f27jjL#oBAGhOtR-!>7iTFez{Es52U<sVVl>T^6pAX2lKZHn~JB5(<b`l2R
zI;Nq0P#tL_gydEMof~ZZgcS8a*;b}d=ed7!lDVH3j`1j=nyBVh1kY?mL7)4RUW->J
zN<u0OFCzl^Wlzlc3X+eRPG<eYv_0~Des6jAzHoAAexT3YO7(nXCdEICj#5oEp@G0c
zay)XjYXyCh5-K(EJq`upA7sBnP%DXdINFlUe^wY$TrUErbuW5)NS%LCO%!<+K=Ndg
zPzJU=u4Ihn5a6SNxQA)7CQb;B#jLL&TWMw1oo3Jh?2!O>a8m`ojT)yI_g>HLjvvu8
zg;{=~{QhH>p&)}hA7FLEOj24*<VQ^}dRkjRX0dhF2L*oNDO8G?m4XBqB>*`=|6twr
z4D`mMpjhMvo+l2yjgD{Ft=h_6D$J`*idM6ZCU16&#BEsP4t`Gbi;7t(&O>D7^V0C?
z`|66&Dg^<b;U@ovo}}C%eMzAIA_YZE-eTbW;*-f3;*vdjYz$P9n@GLuU~c><`iGK#
zp)dXieO)-7R;Ehr`Fui};1G1Jfk)#%q`VM#4+5|aCy;VN1M!W+sgyl|6_o`(F!|z8
zw0rDu50S;s;R6aI=s?;{q}ply?mX*!+=$xCQy};<xfGd7!LJnTbqR#Aevt3j;s9wJ
zA6T@FAk+34b{dK|fE0~40GwRF`ovU$1C%XH!z@t|fShX;sz%sAb&oMjxp-NfEkaXe
z6A`FRO9TJ5lp0U}i&?raH;V6u7|f)iK3n7$b4UQl5IBln(_p~$xJbcI9EwU6G|i<~
zMff&>2j1I5dPC^x*LSTi&0j*l$S1^1U(FDz|7A%P4h20#*xq*8KLwmGj~NRTQ_Hvj
zXXy$#a!AwYSspN^8v`B-ZMh_k(X;ydNg9JDF;k2Nt4X}SE>-L7LByHrtKV&Lr-xhb
zs1abH=1MM?KDEqCeij$OX*GvBr1M!HidM)+w5i;Q6ICl~c)!jE)&6Q>xZG82ByDMx
zq<LGeRfr)VQ=}U17h0*0T1kvrS<K~3fEZl?a5xTJid`6{B9f6*&@h*(l)zaoFhueS
z+Ri6egvieQB@3wyL5ANha@kTSAg*o{l+e9M00xXh#Qhb)*v2pwzX+%YDT7)(-iIU#
z8)y~PBEvYyZSO;iPyb?%TN^R5suzyNJ?6iM7K+Y8sc!zBLE8*z9-ipei!N~D<SuZ1
zj~ec@vd1*MG^B|$U&7VvF~bVU0sYJW&yb?-6AZ0?Q1R+rLd~~v&a(oD+2#5r7q~*g
zyS2&2c%+HH%3N!xEN5%;4n>}2CtT2v>*jkb7?q=v2Y<nd&L?<DchO1L`>aoj6gn*p
z&<`<7VTvK!QJV4kA`b|5jpE?V+=U!LOc#pXst#>r22(0HGc}7E80ONfl%5Ih>n=Yt
z#c5u;=l;+``am{(Ng2;uKSV-m-Z>7d^8;OJU|5O*$yHRAY;pg%IU_+0@N%xY)XD|=
z-nb`svsbe16VQ2BfYX4ad;z*l%8xvCB1%d5>)^n}M7j*R#ppbtAjqI^tt!M;!^hNc
z7?G5C4%cGjpsTM54j)}?7ta_Y{;p&82>ZRfN+<Ffoo?D-W?Bk{l76=8_Co2yHRpEA
z1Ns`~>v|?4FBNyxho)YK_Kn(8*KF36@U*|kxd}&EH1n3cK_a93^_k&rF+$<qzzzT7
zv)Evff|-=x9_RfGi2M0LIz>Jgwn2&7L$a3@*)JG2U6@-OyeY$VQTHNnw5CB2Oi#Dr
zLONwU_ixk$KU#sdJ*U&gWHRgn23*f5HTeR&yKAD_B4lR?JPqU^j6#e_gJHPWrkDgZ
zXc~lpw>cPw-a?`;;15nPfqf5|&Gl=?kB?F+sRYIf#!v@kNGD=ovhj*aVf@cCxm1yS
zPUikMZUJi%hM{Nj$Zt5;%U`nhXG0&Zr5Vs$)Oo$Z-6iDRx)kYdA*h8!r63d&_s>Pf
z?D(WkH@f|0xgV9|5>%@2mdO?FY~O}bzT_k<F9h7`KlFl}f+kMC$+e7sKY<LFqOaue
zn<|o1EYOW3Hvky>l)dJtjuq+d+oSE_`JLTqDJ-7;1OMGi=TJa_qlzPR#%W9_BKwZi
zAYk7PlXj_`bPVx1@jysvdX6Mt#!3B`yzvmnL;`^`&cq@ZMywb;jDpoB>44<7yvuNB
zq1-s}fTGBQ4>GBUMa(WA#G$P~j@(v*RC~PFKLQT|2XB!CL`i`Gw<c0zr<su#={9H1
z&tV^Eac4aHs(#?NU&IAk9C#)kP~>(x?}kxM2&?_YSI<>hWBv42rlSJW>%gnl^aKDP
zkIBG3ktO6m2S~BxBYUF91P<TD94^8~r<0;oCb7tNT~jK^vGPVk^Z9StsG(HD?2hx%
z2o47Q<6wqflu1l9lY~xl+&wyB#y&hP3cA2TY1TUGWJeyLgzNJLlEy{4^TP^gc5C)Z
z3LpCGT*C*tv2xLV_5Y|imi{g5Q&pNp5(e(=A_yag$=?%g7oEB)VeVrlQZ72xl)I@M
zl|tE5GCCD7Bya+UYJLm*iN%)xd3X;hT<iJigG?^dY^;fx&(+wQff!kki*<~70iqFZ
zlP})16dvAm=m(E(mMGW)rq~cu+}xQ&^FZA)WwJDy4GNN5a7qS)bESq@5xp|971%eE
zVU!my0u#gQ7oM?%CFXwA!D7}QLNwR*(D7Mzkz@#AG-68nA5mp=a3uHpWVrKE(R|QG
zs$-H-?pcmtmmT9~|40zzWmj*ZW;HKPq(~Cy5A$`OGA|zX^K~b+&K%-hh5qcE1Lo^a
z*M|8&W92~dAa1Dm6y|%HCjdKU_JUI>w9XKc97+%x3lA3p^i3H@YJq@KYXw_szmZk0
z%7Ce%*_1f<U--oUzTP{2DoS5hw1(6|RzR69CvB{1RA@n615mvbP`y|;U<z@QF#FvH
zZ@PCOMT#A&;bURN&wMOAm8fqrZnB{(e$t=Q@*D46bD(NWsY<tOe`1)=!b;0nrXwDq
zNT31o$5ru~akY^gf4pACrt0sP%A={Or*{5C(6&HrNv_nbH&sH>w?0rtZZ-Zzb?uk9
zCYxd0lnWj%8^C?4^a25UXjYB(gso8)HXd8pPhu;wp41<@Rx_XC0LOB3-XZB_U`d`B
z?%TM8DwS;YY&vQ}!W<_auIRh$G61&IDoQX~!#9=Ec;|(~tlU6Fwdu)-sBQ^X3NOlS
z3^^B(^#OVcD**cpZ&vC^LRoQX!OBdIBIc_xt%2)=pZl<KcT$<fP1G+jC6wFPjTD*v
zJ_%#8R5V?52RKUp_r8x)EGpDFlJlbQZD}XKY`Xg0e(xEMKJH%oLBP?BE6e7Hu*jLp
zpD8^}hVZ;k{#@;`5R9m^fUMVT0I&UC$u+SIf-Q-q!-&9b=DBevJR*)IIpE?<-6iGs
znn{kWX@YAXAv#h5FWr6)sq}Brk0hliR><<!cb@72ddv83AD=O`E>vpHOOs&a&itZx
zzD!{mgSU6my~J0m$5tg~L9J0vY(3{i(l5dq$aLJ7k|<-5EU@+c!iqMr0bSDa>GOEE
zn^mL9v@c<?ZgfH~QwcASXM=Ctf;r;05bAfFJ3{2lcJ(|r22Qt7`C{4Z^BHkDMAHpY
za&!LyG4Xu&z1%BwrQFVkcoyR`3dIUomDe-F3Qdd1&Z2*Ptm{m{>TuWzlj**Unh#90
zkuqA(rHR3hiE>3q@B70)c`h3gXmGBv?pas@#oI)D%`Mv>pZP@~v?*e>qoJ~u?ev@c
zy$$|eb77+v%smd0mwAf*j)%g7mUBG&d8e(6pBWp^BGu+oqB{M($X%S=R0#e3g-5?)
z*)UOKzFI}~3Mz|wQio7$G03m-iq_cicAU4p?H9*guMkfRjCL;Hy)jCM5pYP%xD0y6
z<s!7|7kbX4+xG7m2#q#}SU!0TRsE(2L^_Uay@)D>xWRgVv$9>ioF5J4D72~AY_30_
z(#C6*czy}YE-Uk}L|3Z;&k_YI@ox{C`~z}4^5is(S82OPa;W)G?%!kl%b(YuXzPv^
z#THkv*pR2vQ;M+x&EI!7eQFWZKAdu09`DS4wLYA8!gPLDw@FULNicGtVkc$;duZc`
zj8U-z3=#ct0$#Ga2^LO9edSmyBLsA4bL1>ICuMNfMDvFc`JKN<bgXFpwg)D=9LWQP
z_dei)OU(_uq`_A!=iyJt{GDZ*SU2uWD7ed(9o`ckNJL}^_WjLNWOR`eTN~y3wLkQ0
z#qRtF)R68>7RsWw2$WAHK?jab-k$b~SAOn9``nY5w7|>C$cIt<T<r*!pWEV4iqGQZ
zB5=YcG10e4lKmI;V!M5dQKL^LQj!v`i84}Ow>njl9H<j?#oO7Zy5>mniQj-Rq#jdY
z%F$8=t^XIAIQHL>TDY4R&{JB#XkT+N4&_I@Vma4W-u>O}k~rq&qitk&+o3L3`U#W%
zJv3E%#oM@BNgFBbt&U09KwTE|b#^T0*UEdsFA8V5Xx38tyxwDyVP25$6KAiF?y}4X
zwN>H9UdZ3)2Bi8=FCAe<*Vrk&>_5*|k_rzPb&zzvQV<PJRiRq3bBpiKu~NeS^;OM<
zaVa&b^)UQ{fJacptMi5McVt9A0*>p10+HqjI>&L;{0W#63r-JuNW542H$pqEByv7D
zW@+=8nAmMFc~Z&Nfss8LZc+HIuzLCL=dswVDa=P*3>y!Gw^jO=5h2=#ANRU&RlxA+
zO*gT&xvBR;+nvUym58_s<1xSZNbO%L*U*^9E}IM`{V&GeI;^VTTl|*h&>UJy;s8?8
zA|>73CDPr}AQFc@bVx`Yx;eCzc<2&PN=jO!k(AKiM!)xY@BQ8PeV+FpW|+O!n!Wez
zGqY#bXVyN>GUEmpj&?v+JV?4%RmTp8=RQUhYar-(G-|eV4m|Y~lHPip!u+>(MU_@K
z(vHT}!o>VRLK8W5N8j@vSv(HCfEden^;*rOXl`cG#XLSj5v8``$GaJz-dM_4lZFux
zQYNeg!${z!{n=BC`Fs*Ik?+iYC&1n_%>HNH5Wg6_UOZ~J!VqMYfxE7&49xqhRrR&s
zGg(fhcgr;2uh0#=GpLoTsq`Ewmvu4%BIpN6C_^9g=Z%23lXy`)2E<lL9E>BROHIF@
zK$;wRu7@%e-bgc8{Q~1qrP^avXk=M?e3MCm9kI9;Y?ttMu_RJN^KH}eN5DX;;!N&C
znX)-gU$ZNv@v%H4dbkwe<$4zZE1?@#;;R+YNmuqzu?|J&_$W$l#|QGr6<ht)oLXYe
zQkqi7%obtJoe_XXrTgU^TZ6LpXjmg}bol05eYzxbUsnpEQ>M+3lLS5(-3192-NU9B
zy-ORL*Gf6DeoGdd9MHr2!W3d?9sktXh6IFoXU%y;lt(&>;f+J3@~qfI3fFB}aiB@K
z`@_bnL&D}dzR5FLMo7HjibZ>hX|xd2#f2pGM_&8ZRn5_3T!LoP;ExOvr)od;aS6`p
zp8vv#!cpK`3X_SDDRxbId6G2JvZ~436J1D0PQ&KerQ$V#Wn1m@0mOj1>{;#|sTOVg
zcG1hP$ASbt`^811)5<8q0OTfO-HBv@ZimICoZ#gU748=&kP9*F^YYL95TfPlMzY98
zXk4_aMHzIG{qf8pAe?uTwrBCvVA!A%Vwj$602QL1wgL+908N`3`SfP_0KIrb&*x;j
zhQ5-Z{<IrnZQG9-pVGCvJxA(8I(S#5N5m38xF_Tmd{P#zc{1ZcBZAxYy@oK8C0gXD
zrfpfcRTM12FnIMz`pDk2PW@eDr<E-lUnn`9*?M`ADx<6xi%}bSuE!eP`X)w+33B&Q
zX&H>rtctw097jQUw_cRb_8eq1?SkSQQ63lk07=}hIf|w7sph$IQy=>pm_^LrtQK;p
zqdV~{-p~D|CFD?OxknV-;{C|ftEy|*3oUn_)?~`W5Ua8)()&^BPQi=(5wH<f<uT%Y
zlj5o)$oB(*u0@f{uqH-AhJu){zUuU`d_?+5m_|@JQtu)vd>50)3*FsdyE2{X=76_X
zJ6zezqA-Ct<Dsr)HkHTt7<0q4yUNmM=>ZN-!D)~7k_arCjEC&im(D7<R1_bkH7y2Q
zop9?kqjcCmHb<bxy>zU<JdNhI<O)pyHNyfFdH}UdItPa}l(LdYQF@DtkIZ5(hlK%K
zYZN$q6200ov>Z#x?uL%_ov(le_=k!RftU%uh!V_E3@%dZpvV$Tj*2DX`d#I3g$tXe
zot7q!<vJI45y4HL7<w&Oz<M#wR=_;K`K-wMgn$L+$mWucCqb!I#!2rCcCEH|`i_!c
zkDtgv8eaL9Q~FCWe-ET2<1xp+katdzyx-HQbOU_*J4?MhYXPyABoC`|0jj&o;`NrN
znuE(RD$}@>D7LCO&Rg(<TbzxVgAmC9vDwe;_=7w`vE#7NhuN$@1;)dLGev5u@_ogM
zsr81X^MJmn0Yk6m$p{&tL9qiKrN+?ymrfIseIic<B*lOj>eHS?p0NsYJ(z)*$5*;#
zx}`Mrh({hz+iYn&(~#)Kpi{i#%?+?E*wqj$5qYSt^#z*qXBqHhYzlG}yE5JJ)@@0D
z3+P!ARJ9#AgA@gn-w=rONK{d4Da@}wxY-Yu%=Mr#&;LSL&Yys`|LPaYIY$Oc3r-Vp
z*xM_V7G<xt3NW1+ix?nE1BkjOqU|^SLh&B(2zfp0qI&nhE6ra-{zpKDaF2dWdfOF>
zH&Owx7DcbA&{-?oV^&75X-9)KU+@2(u>2*0`~}2#R&e8i2}DG8x~xGKYu*X4g|wqI
z@0H(`C`h;xTY5k(&`DTM!u`)att6fKOD3Nt_9@qM5laQ!8<oJpY>$2Wy7horY^NRj
zx@{m01pYr1orNmw+v~w;4`yBiB0KgcjUzQyYHg9gul(>LL2&&PAP$2t+kC6*3`LF8
z-3POe$wU|Sj%l5cf<8?Km$Xg;h$6kR^@MXWH^7FKLZJ6Ige{Gzu^`Ad6*M<LW!CRo
z4WdUBbrJk4H{jd1Uz`#*Y6EfBTjN@<u_R+IGRqSD4)JX`_R&=!$nyYMui<BWA8lSv
zb~neZo3p7ol{A~BsIF;NZgT1VG;drbyJ-8GU8SkHn>#CMLzjPD^fLAOp#|;-!PWVX
z{I#K6xB3Vxtcf<P7I%I@MED0Qy6%vUcNRGY5aU~Y<@s&Fn0>7U9V6soCrg3LGS+^p
z|DwlxAVbsQ&-Jol+zEVo&f$Ez^2BGcovN;WJWyq+<xq6n#f&5~!1i9d(kNdUygVI`
z*(X$hx42nU-YVD9pqPR<9#WC5#Kh}sidUh#i-j<zE3u)@plxH&#wdELw9QU>N)NpF
zWdAb^Jwx>(_#`2kHPMopQ4h@(%{lWi>WpYcv~CWxbq_9~G|2koxw|YoN%>0$X(LAB
z3gZ*raz45xv=R1st~J|`>uXrxw?Wi$TRP`aT4Dnu2dmxOj@e^(nsCi7>1S7t;8>}2
z-XxUt#QtJwyPkGc;!-}k{Q_|6h!-nwg%D`4m~VJpml0F_QFSC~YUPh@F7FYl!2(^w
zS1rPkR8Q%Y6*Vh6j>S^S9_bPqZhO+CjWC1LMs~p%g#kTr<m=3AGr4v0;p&H6U>~iD
z$)lF9G6RZu=vkX21lvcf&-!tv%XMoq=4Yb&7Frjq42r-mtmhS+$+hwrOU>3a?b*h!
z=TbcO9R*%4%#_Pkbx7ExtaoHU6X$0hy!x@y+-dp4QMX|CF)w?%lIpm^zN4(=3pJic
zLgC&+PmO6ZD)oN*SgJTgHk$;pt8j9rk9fT>)cH(imP#rZE|v~y;a)NZu@)MOzGJq)
zJ3!<^9qYe$=LQ7~Hq5$!MI6pT?v&WZptP@*>#tHZYi90tbRyT7b)ClVMT}9?Cx^>m
zPQoCYETS%X)6Yt5sl!U;vz4O1(mZfk3m>|dyRqi4Aku3(QZ=Yr-N7TCAH^MzkatjN
zT(=HWs(ipw)#$yYZ5tpNxx!;D<fNz`j}8}~loyvR;S1H@r7P0Tl4Z?iUyHFBaD{(;
zO<D=F(yg53evTLuRuypL?}*tF&4?*gYASGvxKCa<pUk%_S;N1c-MHi#vIO<V*j`!y
zvwMpQSF)QJ8ze7hdR8`TM%`7EMMaYG;JP-$w4XM3K_*PiVwDhIEkf)GdA9P^YuT{P
z=P9J9aW>FNBo0Gbl6E$Mf-!u~UYBJA8fo)cOc{@rEkyo3>hVi#jfhPV^8DB}Qkynx
zJ;h;5hRUR0{nEOijYP#H0>u<d^Tc){J#>iQ&@n^hvEcVwn7DlU=81rf^HeR-t(Ynq
z`@*^|aoUwOI8HW9!-6Meypvlu-TgrfIv2YVv2d==%s79Grd~>dA?Zu2?S56~lTX5l
z59e`k3bg9#1)dWcM8vlE>EZSB$Ho~(G;wwKzZhb-zyO1cbyF-?-&MNiAtI_%{)<zy
zj0+s_pMGFq_~0D&^Cgan+^pF)m3Q3Jep88uuu4HUGm3U)zc7JMGxO30#D<?LTIyx2
za9@=CD7R~y)JuyQ=dZ*y>)#@_nf{}F#olniH&Je~^w{=tsz6urpdqLAkf9p-OmX8y
zJQtJ<?YpkYRUsmxzQIeD%KPaPJ4>BNT+0ZINqa-=V7h@=Qt@&Aiz}V6%c74J#yoYn
zHV{+khnJ4dO2nB!y*#p3K*<k#zsfa$kDFgF^q><w)>|yHYz82=E#?M4ec+0-<Lo2Q
zrGP6|<glRld}Uy-6%#Ml^GxrX7+OI<B%wn@okNbD7X?N9X*o)LQl_GKQT!ieLym?E
zo{1e3G4^fr&*plPR82W^5iQ_uhWK#7mPvi|$XAsJ{{iv^W&gNoep7pnb*=@mqK;Ml
zu_oq`oj)bV`h6<Qg{Lciab~r4EAW6od#MIH@&`(s?kd!7Q``*lkCMgAX}+UAVe9uM
zo@D@B@}g$$$vtfB6=?|AFWUHdrTA9G*c9G$nd2kFi`>>BOYa|64+T}&LS<8UUg78o
zZ!|=AMHogsYV5(hj?Loo3S2K&6#5-Pc&)9C9RZ=h@by|`wGv{o;_AjuYa80hlcP3j
z7$lN0OI*M@-6eqv{!FFvix#cYqRGQjtuDd8GL9~VmdCOug*N>h&TNZAr}j?<rrc8$
zQnEsfD`Y<l11?{w4*r305GT87kPiDIg#~LOeg$M!URYP2ME`gPN_s-bjpjjtf+B&z
zMN|t9AWcvu<>f+09Sk0vakQXoSG)GV#ecPW*X_Zp=G`-9sJqjlXv><CNlQgilPGsb
z<ips(WNFC}=Jt+z9mh6+ab5sU=|lXbT@+JXcqoiBOBW4Rk8PQkB*(~tWW=_WN?VZD
zgeJr4eh+7=2r;9^5|MtTB_^>T?j*S#+KDp1TwmCU0(X-<M8aiK8hN&Ykcx)r`MJZQ
z<TKW>GD)k}c`qwd<qgp}hDmD_uwz$GpRTfg%EXRyfARhZDo0cpy7Dv3Y0Vs+-Jwk<
z{ZVd1HBqC3M|`i2x_1coAnV36Qpy*}FVr)$HH9bnGb7_Foy+X8sod}vKN(t|Jc>XJ
z!Jp&UOmUxRJhq#f9p?G3KWBV)K-+&}#6^iImJ?;3h2IgwTjn7q>OQlKJKY1`uGMm6
z>XGWD18dtUuykJHpOQ?^DM<Q=zCNvw3zd-@D}Ejp&oXovP3a$Do>Mx>!4l=WNpM7*
zfeYt#ZtcCyrHmY7Ql-9_5_ymFfoAua=6gHUuN2N0v!Y-Yvh>2kA!X<)MN$;@FgAIg
z93&hyo6?H7-%sQ@)fZlt*ki9?7(!9;fW)?xzNnvq`%wqex>0dDZJ+F5kj&~^VITkA
z90x^I7p#Osl2YGkc>;&`pGWd|(yf4RP8TX3DN=509GfYyVT?;14H#O_&t=CW6dCiV
ztcaoS3LR5;7H~J-5EYUVlZHM>%Q|^49KyJl4T{~5gyOz#s-ZbirPk$UCI|{wEY!WY
z;nIANN@5ekyFIEy2;Q2c2w=o{?jOu2-_95-uS6Cp5vPZG3yrC@FPdZxh95*e@Q`U8
z(ZaD{MMb%Apn4Mg+uT*i&clWytdW=WgY0|^kC;%?G8L1F)>LK=Qk{89f}TfE4i;ZC
zv>skr%$-of=q%R(osW_I8N$jHNk>zuwiC0eh;#84^u-sggu=l!v##8o&<QG+V?|^!
z#r+7$h!=t6lx7MbAt8TXW_V=qYac2{Zlnjv$+ORARpDH}_w-E-RZ15#CF}CDu+zm=
zvs;UUTQ^X?1Q~1uU^65w1CF(idJ!Iq$ck<YTn#ulp*-8;ltCXtC^D&$sf<t~YkRjy
zOV?P+IaIl$9abq}ZudR6X(+6^5?b^?-27JL(>gXtFR_ns^vZpHC-f`<*34U*(4_e4
zBywDqu@Jiy^qHDdxMWibegqjSslR%ytq%OSK2Ki|OhN3{F<hneBaQ|v6Dnk#vXXv_
zDGDGnCDNJ6U#UW9toBiQe=*`dW5JUHOYWnb&TB{~C=GCKW-2=`acQ`KE!n_I1AT_p
z41-W%MQK=<CH^xOa2yW{x*Q?cNo5Oo8=<uN6n6WIMW^2In495VIvs6VF@mU_q2fWE
zVXhJoNM#RYqE5UvgNIaUvj$c{N#3Dy6|$cI)v%Ok_9gnBWV4Rp)^85N*i%kgF-LST
z6PAudck%jsVvJjcI7>1PXI?=$>C$-!l=>>4cD{u{XvjD=Ds&#lRzcn;J(eGEX2>nZ
zrUq^?Zxq4&iWE#HBaWgoJ)BwpbM!O&o>GpH2nT*kx5V7Wp$r;m;}AI|w8{Q$b<<{u
zvsBCGqiQ*!bBb9;r(|fe{aYG~VHAfrpZVUD@MH3Wl&!ZknbiYA42I?=1W3O|m5hHA
zdTGNb>o03$dn{08zb_0MWI_zg6xwMpyLl+K%{TuzA**4l9E5u7kE9de5Y$^yh!*&m
zt8_W^DJ`A*JT%F4C{KET-&s1k#G6DKJ!iDJ9z=ZJNJ8Nv!juPB1CZd)4uYjL+FxVh
zTGC?5>{YVR14Rs!e~mom_ee%pGgxPYt@;oWk)-|l@i9(ST9=uB9t-wLE(ZlyD|tDY
zC)fc0sMx6Gm`IA-BIG!d3-(UgOG?r(nvR*G)-@{x>2s+u5Ftu#WB`UU#t>xk5>prj
zNind07Ug3(cL<T%WLkF*`_Vc;#%yh4g$c)s$;iMkZimJ+*>iBEk{X#Yv3!PiHNBV%
z-bsM^Uo-5vO4Fi8^r;_VxM8?i@G4TqHuPa8W;<u>SSGoX4zFtrEI+{nDI|+{B3~tz
zaMH*vZiU1&V(&hz`Oct5tQ!~Ee)`~fMMgm9EAp?7zzp6+3b0_EvjL;hr`Cm6;Ui0!
zs&Ijc!@{E=agm=x!qr09tVt`$?k83F(jv@NxNd&bnlVrV3O?@OW~rZ#oG?JI9y>Qn
zjl5qbKE|oShpQO9@au7Cmh$riN+EnM!}k_U606C88Tt&S1$u)hn4k(j+jqF1T8JbD
zTKW@I3)JPG)Eowz05V%mqNuiNE=NQ!JXy?ETNWOf%8(<BDPuV=niN~;-sO*^h+8%%
z^{2g3T3}CRB1Rf*GDiqS__Jm6YCldh;z4$JkpFncZ)wZ5U|Tb$W9=)e+9$Wjhe<*<
zrJq1dK~;M6+dWFT+)I(q{$?>cu0Y<q{^da17fe<Z0%dqxBP!LYp~{{B37HWG5ztO+
zrin@s+d{23ogW)5m_0i32fDUWc_&&5PC9%R7@cU*Y!~1)uWhn{Vb$U`gVga<={)xi
zhX7_i?)Py$M%0Cv1|x)J#y*Zczu`>}7Cy@6B$QItfE+C0r=z0(5LycK=$ZC$tF#dn
zCDEnW0<bTounMQPa>CnO<(5-&mklRI_RlEZP_Bf!tTIIf464Bs!Bb!e1_9|8q91<O
z7;YO*$@7$PO2D%wvThxkz(Ydk5i~9)Ct{}B_WuZ<8@Z^`zFFiUnbL0o56&?nK9fJs
zQ@@JdaN1^T=)@d*Cuia?_hazOy?uVHd%Gqd<;)>AVQ|i`@?TP%Gv=?dAIEx$<sMTF
z%&BS>C(!U}k{_I}9&h}Bs?fYdQ%NSMKpO(A#eTguO1G~YNt07wznOtqJs+i!TTo#!
z1u_D1fFn`-qH#>8_|6f@bkWF&2+r`2ZF)H_eAcKMR<vx56g&ftT0cb}>y$HjK3XmF
z8PP4dXJ-Tl<PG-ivPu*KhoMgQnV~~P;fuz7gN3?o^SKGW)`{5(K9%H)DyqTY419PO
zU<s&48)*BWzTga_zja(R7FvtCB%f&xm{`}Oxf6*i){b!GGlt4vOR{7@3CDs4`HPS`
z%m*$5eJ0jiEywqF`IJWQhSioZ#q|f3aUd6}Q*IWVO{HblNP8UYRF_q(sBgza{+ZFf
zo|+;<F}ApWyzOU&ghOLQG4Sq?sTk+p32j!|hsi(Ar?6+D*x+o)HA~;Yi8=<x0<V__
zz!ZG(haTu?U&8#u7Y=5*&jQa^>%VYNHQq}JXyq?3mo0uB_lw9iTO&xxT{fr|?P5f{
zezC?DkW{|$L&u1by5m!r>QE1jD9>=I8vEM)AaIt<>oq=IkIjLzZ@Okz=|*{Fd2z$)
zO+c8L;b~sxbpVrVNK5kgPLka~$$)p?9DRmR0&ikg{N!0l?uvI$uBvaA%bdT+sU14Y
zVPvXT_>;v5mZoTDz#tjc0gT4&+4-=T+Gz3*(K}H)G1iL$8!Il@lIRNYQQMvhed#r*
z=xk@`Q}|L6g~@*X0f%}J)~o9)YgMS6@7t(gSE$@^N#DDCbil%zZH9`e8OFvQd(MM_
z2bt0#eY)rhYk?)C4ioyb>wGMgj3(nGj_`wokeJGHOKgJx_)l!Qn^HW7pFW&R9sF>(
z@lH=SF`3lXlhag&&!jUrOD4toaLDK13~LAt5Hw?mTR~MoZn8_aMc~&n>+GO4DwXm1
ztk@O;dFI(%p2dmqzIGCScBT9OKNnilh)|ZYd?tWw%ztzr_$M=@lT&;}09j-5;TfYW
zrX8VfA&7*S_#($-3Bh~nn-!c>1h%b@e0j!DnKAi=3YVe$)$=1dMwS{b4ttLEr8Rr)
z><+dV!R#t6Gv;e%2qsOWDsu`nt71t1M}(cC{?<!Gt$P(zgF@W=4Z3o9jCE|b2S}j+
zihciF(}aQ>7{>dkTP&lYpTr=By~J$8;T1ybDG8Dls)>>y{3Jy_*EQ@kP5j}H`M}s*
z-NAG}okv&pEWEQvLICxLj{vBLAIMZPjQ3No(73z@B=P~3P3dMTkNQD%{U)_1a+XE3
zwsZkW^Jgg#k=(I)wI^A*imXu}dXIqNec1qo0gHgg@1(@?gF=D*JE7?*F)<C+PUeeL
zrEl4%ew1jE{P5yi<4}K+m8}?f1XX!w#wQ5OWIW=&sI)YWvE~=5J^9nGJ54@WS?3)>
zc;W{4F_cA_o&#CqACo=5y}omz%e~*@aJ@jkDi$fu9g-LF?Kb(e71=SzNw0<?G1>V<
zXBY2qeLapU_|Iom1k`g(3AC#4XIRDS8==;h?E*OA7&pZo9Nya&f^6FGazL_jT~Wsc
zYfiaE2jTq`4p-9XIa2?Y`vw=->5!|v<HZQmwhNJa8ZB4$&lqppuKw8v1Q9}<)hIW(
zaR%4qb?D5VZ7;CbKnvgWEF6Cz5trxrkGICTk4$oP%$<O}1|k6n5twZ(WS^A6q-)+O
zxaV2l1&y`$t@zj7h#HBHyWWk3w*&CTneXP|CmVQ?zlMdUckSonYCip!>)w!7p1&XL
z6B}1!wlDbHoYFFoph4u$w#uMIB+0V6<!k-VBR5?%io1J#)G>{LLVeaD{qLmn#%b-@
z31-y<MOl`ht;|$#y~&+hko3LhfAE_sq=nstw(WG*Rpx|*Q^e#oo)G2pPX#&oFu1;g
zU;PZQN#h@SP}OT+YAF3|yO=U<dH0PKp=F@Y-^!o1h-iMS>Hb=O{68v}*Qz41t^&4b
za4Ek~Q+T2uHT9oHn6LT$wDwVp9aGiD(I<U3XYbW*qt}gVA3q>=oX;iZ&2NRnZG-tL
zjcF|`{%`eMc>PRH*EZIe<UKl2_RZP5bP2`6#OhxAzu$E#y&CnT|9#s=^p7sG>5m^Y
zKjS)Bkl#eP-aC)SD$m`)-C~yTlEzX9aELQ5Az1bdRb^3SPK_haDHtjv`nA%yrV)nw
z>p3OxLGwTAwOB*Em20XxR`H$zSOYHp{qF3s84vV4Ju^tiZM6zhUh1^T@dl_4AVD~3
z^t!f%MC6D5@voSB$3iqfP1sS=?z-djrz>FL)<6D(ch=j%=>p6G<5xXyTgmC!xGcpL
zswO$d>-N3MK^@H2?SOmtQJ}OgO?E}~C+44IRQ*h84~m<0NNH0abfD>h2{65$Cfnyn
z4;EVrCj1P`Vni<BUd-`lSQ6W^zOVwOg}B3}z^ABRnt){xT0>z5OQGXK;=DYcw$N((
zY7@nX(l`jVV7DhAZVS8qk(e#pWp%tkjP_K&^SJ0?l8hmKC+%uA-RHZzo2{J|!tcEg
zG~9E?GKVkcmW!>TcSR{kn{YBoYJUx9u8S~93KE^yn5k#>y7r!U>YuNR4h@SfJrp+8
z3)#To-cDCyM(T+|il<mScx&n0qy1-AO}ueE(^t=U>lWT$JTd^~F>LFJYEW#jZ*cT=
z^2PLZw&&lA)+Yj@4;IY+kmN}K0v&N4=^nVebq{IA7cEV@tYZ9az_I^|4o%xA4XB(t
z&22w*3$9t3imwu#j=YP#mx}ZEE(2Sd30_qP#(A8F$c%CDgZP_S#bm~+Fb8j10JTe^
z)7=a}pHR53^CzST;(5FDP;Xw6;f)YTuKWfwX7ZEOX)5m(wFK|8Nt~ekPK66aKWP1j
zgI)3>qNC_5pZuBfjxwYvc+g5qFR)+vur?*Z<C>1=gN*b~WA5_b3T!1wvodkRb4=EP
zf^>*-y2r)iXtpW>Kg#s9li{|l_$1*hVp-E&imicauKe$RvWm?MHvejS*qQ<iijrL%
zTg5@-PTU1KulsFtEXOg>Wfa?#O(*26^oL}ZcY~4PMJNt?9%^)<L$sjA*GZt5X_sWd
z0?4O%Jvw`F5gJRlyCzmM9Sd>obuj5g5hs=K<PrqGNJ`Ay^}RV5*LHW1ykY&&h|iS<
z()rV{jQ*id1n^2J0v4A3dJ-Bquf7(?W8E)GNAq=rS$}#sUNZxG?Sptaq(<{mhUlx$
zYChVENbp*C&V>oetIIRk-g_*wC|2gHc;MOnsG*x+Xg$Ev*tsDU-*doQlAKW?c!!4i
zgJyD^u0EpT;~^%wd6Q^`pF$4}M(QIm&1#eZYH&+PUAh@VVIGCL^U8^sy|pu#f1Qj`
zG*dQL3UD>X?7OQ72Z&?%jkjHe)cO8utqgw6=PKru+Cxyjf%ryLAe*&*f$PG|kbcB)
zgSJgM?t7}Y6S}-RNpTqf<wYo2qc5%PBv6xF@-0zbp+xa|L~+ScqqDZ%X11Z}h2n>i
zbRvPA|5qVQ^)@;SRcA02iSNAa%0Lg{d}55KYuo~*@W$3)-;3V#VSM6C9v1mH7pqlY
zPAkjQN#F?G0B~eWD?jZ7$7<b-`zdB{4`4%G4iIs+S|^~Pa8+G85y*%SrFW+!$x*Ub
zeEV0hlp4)W45+u)qQM34Hl#Om{w-{e0Wq?^bP<B_ekEHqL+fXk60@#;U6XbadXr>C
zqGG`bTW0yyK{9hvK@=_9vIAuj^Fq1u??&0vH*Xupi5RO}$)uqbecCBy4c55Cvw<*s
z7qClf0L=ciO3-M!hx2edu0^hSwEc3&eF_88MDtvazf!~PiRO19GAgsL(f437vU@8)
z3N-;la)9!LW{3``)f6-sJ==AIJxc|ott|g6PFJ*T1@xP!%v$}^!J;wY69l!&+{?Bm
zzaC9@2W$vlkhYpq4Q7m`!*<t_czMRR{)9jW8HANp+=tpqWkQ-nr+5iz2YZHCtz2Jw
zZKBhkC%(U*ABV*p6;FL_v#!<XZ8aEUK&TeP6Lt1sX!6HERrrUI=?k#8s=OSDDT67;
za6>}AjF>oC)ef?uM)mhh7W(<Js(VCWMP!jU3Mg%0a)dS6zOhf46a3hsFMY1Irf(+W
z1<wa!iWO-Dm|o}=WvBN(Vw{<~QrzVDgdp!WvU!Jns^NkXw!|#rHVOD1?Z9{I@q~HL
zWW^GAQbP{bxZ0csyc6-`9<Ho^v{@3~`8ng@Un--^Tut5fW)CGe>Tx=i3BUc1AcZRM
zfxcZlE!Ua&KVPKXD{&{NxL4Dwwmd;3m8dbcOef$etec;zlod6m6gU7pi-kqGy+GOJ
z<kY8Kz)`8PZ~uKwbk?Anwnn)P@KN?9_~?H_uq;_A;Od-pS&a+(H0|mxA-dOVigNjV
znvR{04EYmiYqFso!%)E4X_0GlWJpqrD9WAjt)?1Gm`#U?EC{}q)gZA)YnG4RaR9s2
z>q!%f(I3-Ikt7Z}6N~Y?GQhu!EBXRu?$JA6L(8n=R(~ZlH|xicokjokN6rFw#KcLs
zutn~8tSvG+uNBi2eF7E;2+z3#`gsiSvaD=Iziz+>xpe4B$B@^mTz%Ekaj@>6BO9i*
z2zVh+I@KgkI_T>Yzb{X$ulqh<C7M|L2?0vsm~&;So^4mlpgNAe)5EceCnp`>cn42~
zLMs&}D6M0D<%*><KkO2HNVFJo3LC}zE~kRp?${Hi2C{os8Kui(Ge3ROd*$@rBM@pw
zGw|{)eTyAU<jH0IIQ}B=0~|;!YPYx%-3~BEeJs}9*PP9gEcBUKAbR`?yZ6duJ@SC~
zTSQ{-)!td}1#E-oxAEf89g6*)pZ}{~mNfc-D%n7c^y7N*HR7m~x#QjoXdqC-IN>6H
zLhn`8wZ#ob3w&;#*A(J|$38Vu2GCJHcn0Tym<i>;%Vpp@WOS~SZ}6WxYxoUV+%~r)
z2R?A1d^5q<CfihbImk@pgZ+G)x;`Hxdl)<eD@lcXPkJc0WUDmrYLZzpO)x?4B59k@
zu-$^rB4Hy%KK%&0jYjXH=wXXc{WmBX9y}u0tk9Vvr?}VHG3;GXe{V!!uzhhJB29AO
zT3^14$$Sb-;|Ax8qvN3C3henbV0{_KsvbUw!eTUk`+QZIKT34)Ds){~-8X}AgY1(r
z%qmh8yxs14l+>xhy;2V_6SOAbuq|58S)`|yhkEjfr{9zJOT>tskrjr8G}BIt$Ad0K
zpOGTJ*u<+-tNO0F0Ls6``=^#uW_OM(%N|+<sm2qJFXvb^rAI~YZi2)=j%s{U5Wn~p
z5C&2Gh85J;tv1JBYjN!g&gv$-G7QYAeQy5zHT}8!mviXoR@qUj@sgML2Cxc)W<=!N
z{yV`2kj$>N6YD*DowilFNA=R;TEg)^_P2EfUc4C;dQE>!TaW`-;|T(+t@6Bnn(E#Q
z_IQsxd;REC{@Y=+U&N0awo$b?diTukn-nea%_B3Hkk={~#NJ_oc=ZZSu99~l8xK10
zpBH=*Ca7OLL)$grL~|yyXF`8+g65pQ17Hba1?p{sC_a0^A-V3jX!|Ci_d2}~0wtpZ
zsdS#BP}%S`{iL-BaRGCjtYJ=r<~Z=`-D0RU?SdjvF3Lyo%Yg^dJW*sh<eJuLN)K*R
z!-Q9_2A7cqy!_U{nJk5fY;0l8x1!!>oaoJqB3l9a;Q$+Le{oExG~p3pePANcB{Z41
z7yxX+mgp?ZN@0<3u2J4lTA_+MB1pW4Ty$Y2Xb{-wc`sHJp;&j{1?|`eo&y*I#H;Dx
zCy?3!x<6_6IA#;{Axj9Bpn(MPmhwx0fG`69ikE#y|ATaJaYGaxjQ{OM^wp5S+6%;|
z=?;J*`VIhGLRR40-*ebgmZv?i56)deUyzJ{I6JHc$8S-#e{qX)w6|$R+RB}GLOeUH
z@L{R_3XNcIvnb#7#VxIqQw^BQ{v`tFV_L?6y{Gn0%NqBRWV6GA!b|Ob1CZ*}Z|pvM
z>r}1v>aL}w-Y34*fVJv+^;$5;Z!x6EdnN1SIRJ<=V||KJ6ZhQwgSy1PkJ)~DcSF|J
zpkd(f*xW?Dy2RNeiV|O*Mec1z8(?B=Z<B@R90phf>oo$)?CtDy_|YysX(t;!wr4`S
z&SJMLz#6%@RrH5X?DW1#3Ln-#VNI!hE)NIx&3UaBKlu>ug#Uz<nX|*G{Soh$SQ+sC
zv#NzBuRg%aLO*>NuY4Ve^+uvy>56}@T;nq$sKUKfsCb=hj!B@9Gr2LsH`3qG4B;?r
zm|*>bozj{n2jy^&BqQ~Uh;hi>>};zjBX`5+0rXHSy0TzgcV98LBus~!JG8)g*eE<v
zl9j-gS7S*^)oT&9Wjd2~&ONhCI`<SrQ0#M0Ind<}lC;(+X1)DXRG_2YcH%DGasG8F
zN}tMrPWj#KM`TZ8<da?Tg8UJHbP)C&V72}k_p&V5&3g}CC^-Po4z>N_e8FEh!fW<Y
zJ$%1}KYnREycNyrN#S$#?zWh<@0*5aEJgGTT1PfntF@lx!D6gQ1Iv_;XFr!ws-i*T
zE%`ng!He;qCiR5EK7t&s!`ZS`H-L!MFRpp0-BL;yq}$2A|MSdP8${H0DMc{me8)pY
zA2K^r-3bZwO~3d^eo)2vtiXwd#^XRAc>nWvR9T#jfIv(r^p&*uhjfe@YH;%vX1<Op
zIlNR)IT?OYT>F)p9u>dN3{m^Fs#s@c!te9ili&N;{Jj2*zQK&s(nHP^a7k04F16$0
zQ=#nJ$BmT1e>i5r<<@JL_Ee*y8BHYFpjj*A3iv~=H#b#}<j%RVUW&(7WhCeM)yhDw
zP<`A-TDSQT7H}pBfbjk#$klV=Zevw594UN#l48Tr&1A7Iy|{wd7Sj3f3fP4)DvN}u
z8Lkwze>SZbVj=)o#TSCA0(u4M53hdR$?8BvrgT9Xocul{<9o*>qtR=(QTg`LNfECt
zvpn9}=Z$J`zC@@C=)p0>?cUi}$}Y+Q9fB9!AK)cauV5tOr#}H52K(rId$WEGPLf&=
zctz=U%ofLX%ywclZYX=>j7}RawL$_>c8|}b&1N)7&zKi#e4i%skOrF)L(&{i`r3<G
zp`<^QYs;8|1*FqntB#^Ecp49MsBi?>W&XzQLI0VZuT7;Nt;jG!ndzWEAUDDWhZTmr
z-$j2|Q>d7vp?r@-_(Y#rj65(zU@N=&Rq`Fqz3bq^d-#6MVWhqo`<*(~ALggf=3p(%
z9u+Ylrc^(Ch^aNFl}Z3ElUyJNd5l{2s<PdG0Dly0qbXvk6%?OE!Ed1s@h1h5OQyg-
z`%PT2E;Cf0R`FrlW~T!Yi2C>|pB`bxUu!bkYXKpO?v*hm&;PH$L4~O0cBFyh8XzKz
zM1?ezW73I7?NSIf&+!8wdQUu_7W1ZX*?o+hdY$HR{^Lrv@Gn{u<sJTyNpkGm>1OyV
zArS@sK*bP7XZMP~6-(uL#M+^sx~kipMFU}pfEYQ8PV*HD+f)x`_?c<7BKhx;2+Z$V
z=@v@F$9X3jDSaa2{FCzQRI*BJ<Z=@2%booN#4NE;&UWDZyX5Ujo=!Z#t+dk=Q4=rP
z2SAXfaelT$AaA5Co3kUnk>3>KoqZpa=uwI^aN3lI+v0c+BjAcda2>Itc_*l%2N3UQ
zmnuzNXF}Kqh?WGLNZMd&-W2C!)D`~UO2vjz{+K<F^Q4+0EVZl!m&OAr1+?Y<#TBxw
zvnYF*WA|te&K6!lHp8E=+$mer=8vhvQEBI;g7XnLdpAe9?my|qCtCr<`qi%$kIA8G
z(w{+ZEnP@wuTV%he9+{dvGXf@45^vZm!Kl)fSVT?G>I~@g!M0^eSNLuhlay*8OtHp
zKA*>yas<u7%ca7|!pW6hvKiyt9!zs5=_G%^>L;w9AZsng7A=PytHri34S;C#uFG?l
z@jh<<#uNJWsAC2dfR}~IaJA}r-@wt4qnXiITxog7tP21?kk2T;C;I-g4lJjeC%|W*
zFFzXidSt^R6&5*b9_4=2xNiI8=ooEcVSHg*G#xf+*n>)S;#b3z)Fp7h;i$!q6x~zu
z*?KThAJR_D%+mQVVBn%piJ^_&z2xe-%(qZx%$_2`WLL217?XzgXErj101)~+0cE*W
z#|OV}V9&^RrD$&Cldz>icDSBUcKcdZ4%s%l2ZJ|>q<j}wDCUH5Dq^G_4YFFnhShqo
z$qqb`q&(O=D3~M>+UW;0uB_`_7K_iwxY){+n!2pi<ybwWgz4R}M;<fBK6GJTqYCrH
zNd!*w<UW%OM_(Je!jXEW2bX#lp{Nz+E@4ierek>B#GvSRUGPr2*#4>PlC-9Jq1-0h
zJ2%a6&sf<ociX=uTGN?ypb4Th9edJ)1gMOr`UwXJ`781g(2}qRtjXV7TLq5e!Fg@K
zc?@i2lWf4fz5J^I!Tyd$Aoa{@*vCvxI1cxq{DfVZ^2Nqsc<MMA6)qEtw1}|VIPqGh
zmgcMc<5kKb<KR-x`zPR&%+8PZ0%Nh*QAk8-mqnZm6F6E4rAu|-ilDrT717|y-SnGP
zb!*<3h`R!q*X`mMCoyckekhGQ=g%h}DEV?|<|VT)#PxM6QJ?QeUNvN2Ew&o=WzSe?
zIhQ2z?D6evBu~zL8zMNQmG%&?Akq(>?t6SYwk?DwhiV$3e5Tl-EP;8?wYX0mr1IvX
z%`XtK=rjRX#mm~Bw6;_ZBqh1Y2CN2CZFdbSUROQr60OKtoJj<+RWcGqFh;)Ql&@~H
zaO_wu@`K|ytr|}vtW`T>!{QC54izbHh~4qUrXKA_PJTyP{=qdR4b(X{lfGsYSK++M
zE=_^(toMQ5xwA2<=<}-g<G*^x;V>5=qtz*B1#HQ=eIX1qLUc?pUS<a-FHQ8!Fr%Bh
z(zt=LoP%P#HgUE#Ww*F_T<M^-8>vo%08BIAqvWXof%y}>SRWZAO@bMc160RA)U<{_
zLG+AnH24E%4)~&v6Jf4%zp=Mh1M~(in?KQZWq*duXG0Y6u}H|pN%W(~F5;tT^Qb;s
zXF7{{6tZ@WW_Ei!mF76X+5P45g8Mu(-xZk%@c8w9!=j1o1vFo14RGK^MMzH_MqlCd
zTC8cNt+^q`3ha9=(s$eqg-LC$ZbI(d4Y9AAY*{*Q?@JCMqXQ`kaG4kr-+U_|h>~OM
z{RX=)2!{idSRD@yIi?&Cc?3v5q^uoLuSE4CMFDFTfZ-!Ff?f;WXuNGcGYer(;5rrh
zn1H&av?4zc3gblq51z7I=CZWCbdfG;j264Gs)p_JF;ue*KAe8eP#f0CE{QY@F(Lt+
zeykYp4AU@91eme{F2_%XBNwN_p27tITqhUyrAXV>W;^z&**GP#+`iVARD%~VBhqF;
z<+gzfSj>Hk1UgS-Drqg&K^2@QWGxS<_#Zpoq<h#;WR_~=6hWPUjM9`Vc4ih?>jli8
zxCA9IbT$tm3&_{a=kX@OTjT-2_dWxVy3P~xbxn5xA8W;}E<V<XThYn6eBetsprV#F
z0W1OaDBR!I=z}cuk+chrjrqKYl!LxlzAOVvIanSD%ZQ0atmhd|W)(5VE)m;CTq&;z
z)RGaneHORoq$|U{0^3Tm_`Sl17$(>n>GRPkMqqkoio5_m6gAcx){TB*e+??m)2Ddg
zY(cBM343<~2JQRj{@lUcU{hsNvlgHOydX{K@sxm?zA@PF2P2Die^*oboGEi1F-gU`
z*@6r!p_c+uEGtA2L)V)-{sk_<MP$t?V|@x=xMha(D=Z};6=$K3G_fLq(LlG{`W5{Z
zTQ-w|DWL)3ZVM&vb1ITD#_8tJslg<9;z~K0W&e<GvC85r&&XPX^&tyYd}Z*|t6;&6
z`3b%l_(cln63G1R=3sZ6B##|GWFN=gRV!BK+c3%<81NI^aW<YgJk4?^yg#~tPy7}T
z=Yo4xKbgEX%CP^C?H+T-`Gw8#NtS!!eP#i0Xa{H9Dc{Uc>|YzP&@WvZm1<4@t*$|;
z=`G;N4$g46Z|{5Oue{b@$1*kGAZIr|_DDD6=x2^01mjC^gFyhAce%PDU0i<Pg5*M{
zr?_u`HKHKX9sClLfXG?1ICG9I;zg$n=bFaiY{;w`e;gd0dZI0Ibpr`6=W<1g13Kh@
z&N@|CVqEUCg)7{q<hW$^S@qEs`N}q~I6mIBaCH6O_Qbk*%HRU<no+4D3vG{I&oPLw
z`VF2~FE?i_;Kwx=>-r$L{Ej!-P`}jyF4nBHlS&J0?yZjHar%DA^PWL9n0L=D6W2{6
zDNHja=+mlH!!x?)=@43jyY4Owf9Y|r=tU%o2b=32CiA?v`#?p2q7AFwQsi+Tyxi&n
zdqNm$2bS|*hxHPfDU!<l3;|MMu+7l#$Qs6S*&GZD#h|320)2G8`=t;WKL)KdOm0gC
zy`^kL7A@eJN|3p7`dTmkyCvhq*cE$XKbjCsi)@sP+6N^9hEe54o%+NH*0LmlK2sP-
zXEmetpZIb3#lJvpWVIdE-(&vDiQo?XMdCe_=Z*^m3D*#qOZ01F5IbdceT$aoflWvn
zE8<A_2!AcYMV<T%rhy=JoPmk+s#L#9Dx+gAabIK<dsCbP@PwJDK(Cz-$HSxN@$M06
zBJGy$U@~VE>zi`=`is<}2?J|-rQU_O%KEdi<G>XTW!PoQE3uJB;#TYt_@^ZRxP_8h
z>h61DPA)YKIn%FiybH<A^;MU9obADm4905uO-SjFYC-&7L|u+%Wd&b-VAR6u32^zd
z2haVnzQ1^N5(Y3_Mr|iqkGejp8!6I_6#S3{WH?%Z(aFK_4c4AE-w9qb-T=S?Z6fpR
z<CYl_bf$SDDX(KpqxYS6f#r>I+<bUyTg5dRfsQYOW?GEzfI((EZWJ6KWk5iQR$4{C
zfS~HK9{k@w*Ju|yz7{)Q*r`0;-%h_!yzhMN00ju+#LTw>^<_CmopacIK?J-xf%v7x
zE;niHy%%<uI~byK{<KqLIl^zU^iaBxP3L~`<<OES%a3&|Emp{z0_XmTCHrs35Z0n)
z@c6ncSuJ3#VwR_yoIsA2){bUyZmiJWml;S^lL3Z+qBFh@@B%xq01wR0RW^o59<T;-
zBKV4J_ex}qd|(dwS9oAfF@4Bt_sk?J3)<2^YY|if<~Udz_yXe3U)ML@)|l>O35q;v
zzJIX;MV&O)KOFJ9#{Wl;`~=3hsV0^jh)6g2wJeo}UFYqU@eavMGD-KvN%JJ|z=+$5
z$Wgy!3WwuWFx}%Lh{b>Sh*#`?;Ul*(_xOnA^HCEhFvf5JSVv(wfP(-W$vr;ujI{Y5
zJ~CN$zk~tcBZcKpnS%y`GpLA5tX_xCPBh5g%s?lA?k61RwumpmH%7La_rHQW&YScL
z;QO!Vja~hK^j|v{jm|^|5E5=gzRmr>XKt$tbVRnA|2m?`l!LU`7TH>`Q%NTMi4<IA
zlQ9``g4OvX8EEsCRuH{KjHxi`c>=5#{GNwex%CXMri&c#oBtqbw06pc%y1$uvO%Oa
zN@5!voXNPM@Rl~v+j?1U^!uTci!(Vc*I(@x<4|Q&deBZ~lN~`uu+0oKOIRDQm~mgL
z8Td_4aEvK7X^8{im54Frv%Q!4+q-0#fG7MSA)af3X^<0xYT(2W7#?dHK}ne#!vH73
zu?}z|<o&mAglnI;Z0L|G4akO|zTkh#IW`~3U*Z#Nc2dl=6Z!tt5CDlBs-LAjo%BrN
zgfOd`I4)YEH~xKJ&tViH^(I#>$9iAv*}ZxntKz4U)AZ)2V(h3VKX5J64T~5b+YB38
zDwV1ims9~hMRkj*b&6ynus5Uk$#>R`SpXB+j7$HEiA2<(ZaSZ#YcZ_9Yd6a`z>{fO
zxL{p9)}jX35>>=IfiyurIpL6J-&v)87q4pjDCjRkxa-1D#=Al8yQ0rQ;5f#hA7432
z6r*sxxwtLhT1)z;nL-{wYr(YucC-WXhccc~b^at08-PW6*di*?RB&D=Ix@#<{u;ft
zjwX#gzEidPLTm%SAO!h7g_w`XcF^!@u}NQQfBk$b^@*YT7*=At&lzii)woVq%|k4q
zSS@PgL8#9R6x`<Rp%KuI{S2%HRzr9=4nJ1*wWpF@nnws}iKa!{ErpW_$sA~|)O+*r
zAAZDfS_d$bRH{pJU~kfxa$r4DlMR!<w09ZGR6GCkA1kuxSYPZ?^^x%(D{?Voz8#TD
z+=gJ=%@kWpjnZsap6JACXa5uFl5WNv*Ub^s(*rlOO|8KE!m>*$XvsYwG;EUs^qLmM
z&z4p`%0_3$Jaz6T8jko@08w<4luOT5)Y8kUe>$LE%=YCullC;o0x9bmT|slUGQeRM
zkM}d|G6jKdhrCPm*s^^fyf-o!P1;PamdRx;&Z|SZOA8_yUb`SDm6|r~TpOP%4enQ}
zrR43h`a<^oKNv}I+kY?;xuE}!kv!94jUwhxT^H)I-j)T%U*Rrm37ISn37H(T*dFEK
z;uxa_!TJ=(41hdwAn_K-I;JXntC~~Z<=dxP)OP+yHOJmp)^y`6<$&{a*v|gT=o<vv
ziVUMUn(^R)%unj!2o~+W9)`}-tEJw&@Zh`O-m}OLAJ(4o5~GMYH4pxam$`HG4d=+L
zF-Ran{X9(D?)ZkHD|7Ag$vCMB+u*yj2f=6g?_w_R+|L{d*spu`J*S?qUoXq7Jfl3r
z#bE?U22y{DM`_aZc04~oSIc$mateN;1Z26|A!y5nXI5-IaOys|&VOhMQ*VyzZ<OG#
zc_cNTJ`C@kn^!%l5BTcr_djup>yrN$mO~T+2wvQJ{q2hAYo3+n6jrWhF@TS-8oq8U
zyatiy)<|Gc!|0z2zBnN<G+l=mL7udTl=aMtbp0sxr39{IJ8ydF<tf^QOw0F2RbSj%
z0xYUD>H`F+wc~iEc6nxs;PlQs!KNX<K%D%_Q-s$%sIlDtlSCQeW&K-!8^PDS-0Fl6
zSSDTdGgyXQ+4!Twe{l}#2GPk4y!KziY?j_(gPU-j|Am9_vUSY-8E_uD*thn+9@npP
zK1b1av+ec#pCpUCk?~o$1m#Eg{|8S(C-YxC31EOg-z^89;?F%vbMu#^$^JE5?&uAT
z_}@ebQojx$Lh8vI#Hs&6Jk%y#;WIb3z5W0Ha1u8_*`4$gALl{rQdL6HG4N^n1f<b3
z&K;3Vt>2#nqpm6UoGiK_Z8bQz{5%_7HiP7Ef@dKpAmNN#=LpbA#8qI+#_{IrrM<fS
zpHMn#^w<04N~)r-3&>+nZBn@CGZ8J!dGyC0Bv*8$wXPqrs+3<^Tpp$JY7LneV2kbh
zs+fAE!XT>ANtY9|T<T0fI3g`F3sQMz&iopqdFX<~ks<b>+Gk$<HMDJCMMKL`40&lq
zP34asq}7>0;?nvgNpkB4a0Q&b(~z&=8lAr9sk+57UtMIH-cxC?v_xf{z*Rk~WpQYe
zPF9n=z(M9M15?CXz#JAkW<=>1C%LnEDA!8;S9xZluZ_WcwctfkM=CqzuiFzE17Kn$
zOTvO@2`#`3e-X>JK4RKsN>2HYn7M(!xv|7eG?_BQxbXUzjBSmML-(i~6|!U*u{&c>
z09C2h?7G4^i=DA&U&BfBsMgHJtppRdXcjgBXN=S=)J-%E<xBXhenwR*3A!`{_PYRP
z$T`v?snbOnCA1^jr7;3}^$Tk?Ls4x5P^&bPV!Hm?M}4(V#<pSjx7rQULU|aG6F3G-
zG!RB4+L4HT6Cwkhe`cyUkN#h&6?EQYoe^nE!_=28%h<Ov(H31#IIj?$Thtz1PZfoY
zXuJW^!GGzIA!A=Q^q=&nLnb7Pm?dB?NOm5J1~{OjB|GoyOl<i*n%L4UChl)#hWwz`
zQ4pZsYIh;d=!_JXkIr3IfWGcwkgk406;C>dW6^xr!UCPqj=>jJz;mPg^08@c)cfV2
z9$YXW!*I~<#9L&;aL^*quWA~&L4&_uId##kMtcVlyeuQhLnKtm?g=-o2IhVep7z*r
zz7zqRQr<!2z%dC+TKczjU+N6^uG)ff6DTE4FTH6JSoghwH@3Yinr?MFn!Pp=vbi4y
zoiiTu3BW-b_c{RU6{%%edzkGW=S^ejcnAoC_pUhq33E`*^!9g4Z%jUal=MyuD;FV$
zU))gZV{gR1LhQa}@Cb?(i~r&T*gz6dDe??9Z5o9>i<C4zqP!w24U{%1^pB7<VM(qx
zzR=B3EU0-OolK18wEQW9mrua*9oJH4R+VdbG2nXGc-GPPRhl;OF7g3nrwn$RQH|Eq
zs{Z{uN-D-7`+FSmdXroliwMmg-+u4HH~e%Aq{q<nsZr@a-ButBXE4qk(86r1AmWED
zlOL!ih;S%XS|WarU*Q#ou)3eR6~6g~fTFH2ccPM>$B0A<<JsV1IHR5`sj;arlOCIv
z;ojw(;1q_q#oTA^btbO?9sWb0mIIx@{ci?rg&}Iv|0$V1E+CzMx<Mw5l5+@Xv#e?M
zuo%5l?kgk2fbA|z|FPwK9ouri!5Ik=lV)4(IOaYB)<OV%#=?*qZmk_)F-98Y+b>VR
znpq&5`B?|oncIK?Hiq->1jL({g^{S;-gMF^RejkzuOb1<$-*tbopWb1C(#5{_hnEt
z623hu`gm`|q??(vUa6^lPlv^U8!#dWMeT+FwTW&6dOYW8L^$)zrM3XZDsb#30BkTd
zz^f3|pqGBSL8<MVCjkXEMsFp5iJE-fBT>w4Yw3u$jNMGc=iO$Cw~QyFxEy%ACcV>b
z#TBZ|26Y|aEv~f*JI{0{sBq!~RRliYlHReUk=gw;3g{2&3;nY?2kaNsM)DSO8~foF
z=6L+8?vgg=?JuHss==i84BT1UzK?X~MHn<ZH|4Ksqo_*&Z>{48h-(_%NoOsPQ-7{J
zA)K&Kx25o-&QRfieQMw+cFjW#UXvh^4iRzukU?L<8WgE@<NZr3pa-|@aJih;TkL`w
z6|cyrX-Y^LcmtlMtNtCIAW2_4FTWwe!;^4u6(dPjK4CrFqSmJTwiM-(=XVJ7G<;Us
zUGbNQZoFtmguSjF8r91tvVw=4WoMf~3dpN*;qJysQSPrBlKkCP2~V6+xq=vCr&(kA
z@`ON~C4g6mZ$4^OiS}D#I|0s73=m(ZY#kgNK=!peMHFm%u5|Td5w$HPbh)1-sr(CG
zO;G&cPa{hRc}yD5`bd#C$4SdF^jCbFdxtGVq8j5P5PX4r3(oFi6mqaQymG%0etX}}
zUQ3nnAPT^+KEs#5bSXNxDeljL;u>N(^<$qZm|ji^I{M+(=6Y;6?9Dis><XPqd2c+}
z@(-a;P_Y@1DAwmD9_RRzX>BU3+Bs?%)37ULnLXvzut`&GA-vhp+(Pv<Ppz`S@k!v5
zs}M-%v&+~jb*lWIw8VAnv=7xK4buG%i5kyOaY~$?Dn*SCqCfl9VO`R8JGsMX^*9u!
zQGFkW0S?KU%b~N_{w6^<|21=8!hbyQ7}!QF;1k@F&JxRaZ8np?J=7L8{zK2Cjme^R
z?}A{s0|@Pr6Ds?;LQoM1fRghi1J@X5q)oK*t?6O3p_k1Ok&7~bAEa%xXo(^}jXFa1
zJInhP5ab4_mLl_rR*wD7OxX(~{XL8CTN!P+|A(u$4u~r1zJ?t_QgSHi7?`2ELAtxU
z8>G7gB!;dbM7mMBrKFLT2Bo`GN#nad&+q--_=|J**=OxDmpgM}ue(kr8ilW!9{H1=
za>U$4S9R-cO(x28{f(#cs+#h!{&E0U>}glEZwKIa>SuOt@+mJfp<*N8)55l|5x1-5
zfo;pNuhDt~fEoEe2Ckt*{zQy_5YGK)&7zz2H&$x0B5W7SzGmk-K!4agMA&czfd-20
zmWuw-d0F3i)__oAr(LTAZF9gL%TzoE*@Cp->;>BLZ*Tfz^g6*_DnRVupT>cIyC=W|
z01CaEJ^#cGu<LdILvO;Z*DW4U&A7be-XcI-F8LpcgaOcF$bXa<?!3sgUp=F=C78bk
zHAPWde3VhHCSbSh=fSCe0w@ZRfSkhJIodoKKud57mG~W3bI68MAC&lyuz;rt<Weau
z?)K5<G442f&j$eEgnZYq7cbWV1JJYc1O9RxfK^~0`yW;TCBP-JeoO*(?`F7hqr5Zl
z^NUI-vrY_=a{=Xqe}tre#3W#q!bZWl4CMW#<+1wI0p)}(9`FA&+rkI9O;}C;hkyc{
z@+`Z@TJ=7G@=O$9B>=h%3svpbAw$OUBFW1$Qvl@&U?=^TRsfI^!q@)Mmhu})DChn+
zZOP|yALOg~hCiHN!(iy7M26fYgLM@@pck!WF=~Pit)#t1)&EMorFGGZeT`@kV6gN%
z{pF2mnfl7oZS}fF*9!IQ|6mx1*;4=Mud*BV(lYm|sv;&&|NcEv{g=D1bAzRums=6N
z8Cs}dd<{3d<ohc19Nr$Qe|ic(>h~%E!hw<H_zXj%xt+Q#hMQ1MSSu-Y{f4KBb35BG
zAg4e9$SLeO5b(7FFZrLhlJdA(j(Z$6(0sEB9_iX^zx9%-&VSiTp=#v>RA@pv`bhtA
z4h;K`GJUAdd6oN5Fe{7~J60Vt{a7oERir8m0r8_X;2CzzjGU&=b?r-gU17*wyX8GD
z{9a`8I%&^)oN=p(RkNUU=UlxlTjIA8;TVC?ny3A8p517B<Q&@xD}XvIFSyniwqz|b
znRZ2{*0$PW_iE}IbI&_o@eruA7hH>&s?W1iyl36=jz3aUYjYtGU$aUZs**AJeMGEt
z;hO{5`4>B<32^c^1%jLU`{nF`V&>QwQ|H+9vJQF2k#Q=Fi77Z%)S7HeR)0ME<ys)d
zu-bn_eB&nyg!&2eSO1@`!P$48!CE=UH??D6m%%g<v)y@A(3|hzs53JGkWF})1?u$H
zrk59T$Nkta{{5ZvW2-ahcuABUD0k|lQ|z=@kv7<oV<F-4Jbbbw8^f){EW^3+UHx#2
zF_0$Ttzvs^Op=LkF*Sh5PSOBsjjim#HSWyzrgMtiR9iYzY#tTv>;Gs1k!szd7H^pC
zSHhp=*2%U1s>=1rd*aH)9;nLg{Ot43DPz;K!X40$siGK<JmlKWP}|E^QQKQp|D-KQ
zW)46FP@IFOL^2!SMNW0fxLkZSY}t<pnvK*K%y>(@?)Qn{9PsJL5sA7<nv|Q&>mO~8
z(H6?Ynz0*X$r}?&9#`j8rO9|a7afq9W8j|Q#ZYCXz7(J7l8<z?dUu5lr1?o*tscS#
zWNxS=KK+kCLUkdV3a=_1TP`pNaL;r>{&}JkP8uWsD_{bJp??J;#vD7R9D^R~e1|{q
z;;MDrmOxBpZR;c#S{WxaQ#pPL&_o~o*TWo{2o)7TA0gmHI{#XTH2Iew@JrXXFH@Kt
zh22~7WS;256yKw~bWB&MfA-I7QeE*qv%6dT|4PWmL9L+{dQ{<Zn+ycIc4?)g%O#{i
zeF#v!6+UA4NXK@yPRP%el=o%D90Ev=3+8eEQQScRgR8M4NrIlIGseoMa@h-9Sbl}(
z$#~AL{X6exKuuR*y4}*S`2Wf3_aP~0>AbuE2nD_o>7*YL!hr*aOiHn@u-(?zsuFe;
z84mL2KYfnQ19TEV8e;zr1Il0TniI(Yjx+L7cRH_ofGrTBY~a}zq7L!E4HQ}9s)gSN
zG<*_T;K^=Q{0}8y*b>N&JH5Bx)YXeFozo%v-;{v3|Dgmt5Xw+#+G0=evb+`D0Z&&>
zbx9o1e}xwU;>!byT<&TM6Fhi&y3Z@<#{~UuJQ@GIS+AuW_gt4d=#C>7Ii&9yB@(=2
zEt>Kdu2jmMxRv)$dsey;J1wJ2%?`N&MbJnf$=kbAw(#73L^qhaZ`&&L+{gvFquXm-
zLdY}|y1cMCQ10>DrKK^V<Phevh2-TQ_6`$*P%?N9#bkx7^9SNHplJ3Ql<}T&>vhG?
zG&6brybh~e6#%FNQ-$s-+{L6dM-=M~TR6lJ@XHzYT&_EN2AlalvS<GTko$iD&{+uW
zY(ytSNUO|}J?nITj_QzxKXk8paGCVN?;cu&x8uE)@affn$^y<*@4eP68HJ3Jkag~W
zvScaF)FzGA7@6&7Ov$F)tBbb^9uG@2S{$EWp`=E1X!4q3(4lf!b0oZD(=1hs3sD+S
zI7{dxkaM!1&fwG%X>E#36^2sCVW!1MjwvS5`$$dsy%CiPFI5}UOy@}ff2rad!&gwc
zCOor{#k1hEhBGF^kZ^OE%QT({q!c3v<yU?A<&zLvLXsJX%j^hI$uJwG1{%vknh5S)
zqQIe-oBA-kQ^Iyut6#%Y!_bx#iLdwqQwPwZ(z3Enncii6clIvDX1YYxBq!TJK`Qsl
z{4`3~-u|%GG=4;Q^!*zC+$}x<;}y#8rDoa%)C!ZSg@;k`zS6Yc8j}f?ZE}f>0#kkT
zj#8X?(>gLO+GKdjGbKV1q;9h6xA$d0R~&!t>WMPUuvq>KIGmKj9&Y0$mmU!|aHn^5
z6LyDv3~n_?+NNkyf(Ge%MAGHSg7jZ~6iiB+iVce|(50w!%(@hOFdS+q^d|1!60?&^
zH3T;l=$c^V5rRlweQf{t0YddW+>Tk}mZzDEP7NW`Usy5Q9}S1NO1;%kOnz0TB{&=P
z@32gK*t46#61Q7uockh`1ofF<#-T0qqTAfICyGh=20^-Qij!72VvQ4=`mo=$`#NrS
zFg-;p+NyC|%pwb-ZlwV8Lp^QURV1wfK6U{_eOp0MuL~ZMDO%=`DH=-;F}$LxpG;$t
zj6-}v@-@6>NSfc5O9rZAF^3$l)(h=M3FB;r;+O45)1g}L+bCScmGfm%fv|vYWE}&`
zI=MIiep;3XQ7`_7jCR_%I~rCQjPu_Xosk0z|7n^=bOGvQ4d}78H>k?9mx%x#BU&k;
z`Dx$sKw+4DK7Q<h*MwKuVfB7J(DwtM!O(m!3RqqlaI2<;5cBL?9yd3+)`~}6IPFgX
z><F=Gp-jZo34BfTKtfhn6`9>N-;1@%w0CEG`lfYaFf=?Uzs>fbWrV`;IQxJ?QOVx1
zcWBxxiJ?Uq<@7-4CS&S^#ARP-#9Vk^NIq>gfU=?BK$J#U8JQgj%K+S{o!x`~zoOPw
z-T|hm<mUj>P(Fbcpmh<#G{IouY9tf|H42Y%4)ByIYig-)c$g4jgUw>fy_!Yg2-38>
zmepxV*FIS)R4cXdCgF=VE_hOu&ZCs!%6)K@kuFnED~+GQDvqUvFxj1^swC`f?$03k
zAC76e<OC&Rn|;&fQC2+f@Lvrmoh85t<dmTJ0$KQ)NJ|RO2lXe&@CEEZ_zmN5sAMTa
zf#u+utqg)jt21(B4k)xsrGc)9rh_vVf5r4LO^0cT&=+g*3yi&|ljWgPLV=BjkzToz
z;X@)2HkxtmodCL|Q`TjB2T;IQ;-=}bnuJ$^r@}}*d;q6taD^bY`*H&On@<|P2caN+
zF`gi*RoK5chni{AoZIKzbV@%eOCkp*|6|HU;*tXT3CqFPEXS*mNcaj^zi1k_`irvD
zXP5sA?Ma3oH4Q=DCKm^K!&;p8&-uAJ61SKJ@82SEBIv)~3L<YKw*t`v5r=PZmjQ@4
z;3g=o2seuQXv6^^9=<?jWx9<-@DLCPD)P4oB{{J06r!0Q2UZMokV~ogI&M#l*wp;6
zfpW@&r38hJGTg_tnc93)iNIa9BL@2Z;XJ4-*iJHbp&580xUrN(p*4f#>yvnxWdzt?
zfwsa9`p+qNu$WbW=B13fwaB;cP$4f7yK_MU_Tw&$eee)F$*QPYdC=2D1VNP|00KDj
zLTiS|#Yrda2ojb73?m1(z|-L!I8%$RPb@X$!vk{bhmOc(0@d%<I7~j3#}wjDB<RZ@
zk16IAy>Cd`b$yClhU_00!li_4rmhu{G8%P#aHz^Y1oX~T9aD%ZE%C%avggh4g#za_
zdnG@9P(FofPEyzFF08=|8cJK+Ql;fzS5On)I?+wbj2*!c23p&FUk$Xfw=SuwpOFh(
z^gA|KD>|adB<Qat<LoYL0>3~03zR*IZyAb;-0NN(d@;XNYpMkAF=1f;lrXGhevP#9
z^@M4=ukrP@PAZ@QDb8aR2WcU6S30dUrL#B|SM80ZEf!p}yEngaB@q6mXAp&pSTmwK
zT?|n1D4kl2D^WZ?<{C;BHV&#fEF=ImK|xVb<>RxzihC{G`~^(VJIg3|nYCJXzb?te
zjS*mwLmKHVFzH)tV<Qv4C7gQnOo)DoK`VblSI()$x%ARCmeUig5+4y_4_f!k3J8u)
zCAe6|q0b;ViV<<pDRtp9&JQdsWoV2VAlKZOS04n^#0sBa(?jCdkjsD6c91G%mjl0l
z2{)0$!`{)UNIRst<^BUfs`^SyS=NL17#ieGLej>us(e;XL#<;<BFO|e+UhgW`EQvl
z&1W;;#H0z=lO6CN5WKHr(g-FWK-T`HH9^YHAS;0U){Aw?_r9@Vx?U-6?rSZ?9QUMj
z<=A-W1<#JKzH_ko;N7SXE^Mxy1L2RWZpc@&v|{ZmUoTshwpPeS$h|Iz)kq@hGMSp&
z-tdY}{g$7pivKw-GL;*=V;ImoHAm-BV)LEQ!!Ms0gR({0Uo@{m)=ECs9<seB%BG~L
z9zU2wFg=Fc3RJ6<YIAS8im?%hIFVeo3#tRMR#r=6<T~o{8iP#)9v=C`u@q&qT$|^j
zYy?71S?J3FMv--cP1n)t0E+Rqf7Ouu475{GHg1~6cZuyH07B9?h-fX)iPRFnF)XiQ
zsO=OR;&ZqJ7EvN{!p&N$6Y@qlq2dSq&XN8%NCJQ9rK`k$N8tW8f*Ox(w`<^n7X;rG
zzO?HdJz1g<R{A*<#!+YPbqHm{Z&<3Ml|mfO|M^>ENB8aZPB!5CnvJm82jmBMELWQ9
zC%<2+b8dO`9yI&BZ=v=<{qttY)(`;0!>on#+Q^I?X8d`-QuBj4nn_;hq-F^s75QB5
zpJikk2e-~#dK0Q!MG1f8i@6Y5G%P#(Fs50GJyiP<|H&tFK<<c{?DEG6t32=lDfTtA
zMuf+UO1w>92tN4eL4)%4zG`;V%AGD6CMlPW+w{)WG*JluyQvR8naGl({f|g@!sB35
zePq|ryuDt{4yEU!zlF!cOPXZ{L-TBVW_^C5z6XM^QJ%1(CC&QqS$&?m4m<pBM6`dm
z^!&f=fDlWDON~5fh-wWH#5`@8AnQD`?Mxd#Y9#MiA)KQ+xD09l+_k;ey<nx|lx3h3
zS?Jk!l^x<95=@4f`CFMwQi4W?-CcHLw0V0qsf~MlBZ*_NxpVm16fnHyC~{?w5}obm
zz}FGy-K0l}FGh?|68Kn|_q~6vhsNvys_Ud}OzO8OxiS|lv>2<v!b)e&0!+l2iw>p;
z33a^>ztSoce-d|Dh`h||`${FETNP1(qr^8g1dsRPR}y6MVDGW=;ZM4m#~Xqk)NA4*
zCjGB<O5tuZ2{h!5LZ>t0lXR9Pkp!GTj0!^rjl^8DfT7?VTWd24I$yxxfXE>b-KWut
z;fi=GcSb;E@0TOHjXrvmp)Y!4Xf$1WpD&86a5l%Pv?3+D4u%Eh$kNFHweWP2Njm(J
zK`)Z4J+&r<LEurk^akLN5dZK2FIaFOWcvuHnt+PuZ_~=B%+9fX^YP5FCA{a2$Gg8*
z3R}suOLfq6ipRS51R5I6YxY|uQMITyDKtaHdkBg|CW`@)G&*f~a-GZ}fKv)JrAAV-
zQ|?VIzMZBb0lIl_qE^?nb;BD!NF_{6T6DS>iOeacaqCH^jyl%Ri!MuyfUhA9%oKY|
z#x8SknlxC4<BypEVghfuPa_E2@364ZJZ4e%UR<C?!$v&&`--WcK|-k&bh0GbUMLWB
z?b%M&Q`IeZwF5jmw}!n6I@?!1T|vfg_tw6@WJNT}hZn>l=3Y*0x!=MlFo?^91A2j#
zYU)>Yr;IlP-<3GP;+xlDXE2Ib;xgm;uo#gj`i6JF&(j)U`P<BL6_IRLeY30@HV3p3
zKCS)XAE_;<G^Z^{@J>-662#$$DPR0*bR}J&%eWjYzOmg9Y+aC&YIG?4^3uJ+oq>A}
zn2G@_ZHC9W+951)xyo#90epR+kyAs^+z!6lmO?^dcehTQlL!I!ad`1}<)SaX*Pw#$
z${3`O_XF_G?`BH9|AvpYZUm=V7a%#%(XG=zGq&BDCAEU2xA79z(T#A>Y|Kk&|8!O+
z6Q8yqvc1)sMZgA3QTzc*0?!4L`R2Nr)Me#5<LYr2O|xtV9|YSXg-2#p0qfJ%fj&Dr
zdB58O9|r5**3!^r!J8-bp0nw?zmGmFihrLzZv3Jt+srr%K146#bg!x_!0c{z;ORx6
zRMbFc-A34^ks--_TX;XkQfDvz91szq?wOWr2nr^nsm)?as{8k1KJL4XMfjJ3ypDaM
z@fa$Ke=H(V?KF^9&zEMuasNYtox?X!+Yz$vp$hhUqkS&>Yn=q8dgIyqf-10#jZr~Z
z84=2~ofjy^Pd<EGsZp<kfPHO2z1KBc6K5MEqm=DQ2)e29grdMD$lN{wGov*56VqGr
ziQXCon-J?nm2}C%Raldby*=>4?KH<4VpfzeRlX~$8B4jyVN<{TUU+TC_E^ThE#h*;
zm3^z>77=Xi2U*yrR2KR3%LuVdAeE{^O4-*v%aE%a)H%R|Pu&%2$+q8%wJR(R;-MdN
zpX@6rEnq`J!$$GieF(`q7xpJ2{~7naROdZfnH2a8?&cb`%2J53<Cu*h>2zK5reB8V
zFUP9<Dy1Nl=SwcPBXgsuw}CWUcfZ;*qfJhi$lfGV9+dV-Mb9NvqGZeltMkXMouHFg
zNjw1v?a<CAZ#px?nN7csKl%%{^fhb2fLwuS@%EUiTVOJoQfApJKx0O6`_e={$|BK!
z;x2y-WdAT+{C4;~63B@&!DcR}<SRzI{^}<kxH(+pMdeb<aXv8!7hj9Jp%--~xr*dc
z>eb6oo+3S9o8Gp!-I_FFT7+>cSlmOs`vF5EKtk|5pMm#XU+&jeAZHd=+YH9ZZnyDE
zx%Qw4k1UCdchEBSgq<TUm$-%#8pQSHc^y`Cvlfq;$9qJpgSN01T~9{O#~G{f^tz3|
zrwcrrlAu?2+n8+&Dbwv?Bg+1E3S|~W9mI~P3`IETNQoa5=y0OU<^pmpBi$PGqtM_4
zSF)yw;}88M*vk)Jo-PD&G11>>Xc)*>2jk?`_kQ>M@(3ppjuFt7PRC?cHtDw(?bJSe
zOD1RcB6ENY^^RNz20=Max%e7eNWw1Ksii~lhXM>|LuP*81I2UbSc?=-FvD-?3MWcm
zDD_}?kJRIgEPlkcM!YH}JYN*n#6C^(+FCC&n!)6L-NSCrUK?|)Gi*Gn0^}i8JpYV+
zGXnz+w#hhK_aMp8Kl6^0NA=<sYk6aU{Uaf|o{gAb0&oO7=&j*!rSV6ln)b*M(pi+H
z%OJb$N7V2mP5h%T$RPXFP`rrjM=hv367rAWY{|jRlJNv?1ET#t=b!sXX$&BNHCR0>
z(r}662t>3;7Bljs8jmMsSbF7m?E_ohx`!^2km<zq;j2#v6O6t4l=g$gVYjJa$-z&4
zy(TKL{d$Gl;dQ!FhVwBP2|$7#t<3V?W`7$_%gMvsAxQN3oQe1|-_``iJ>##;1)>A9
zwA~qC5gk;Fop0DK-3ddqA<3W!1|jVSdsWN#5=wn?hdqg}gQ64EBN4|$&F@BAO22+*
z#i#4pMV+mUZyHmM4WpfCYv$P^%!Ob8ulK41jAT4GYb$gn`d{C#VqI@v6|LTWY1$#Y
z{EhhmVtM*nNw*q;R9?!)`I+R7KUpZ(G-5q?pvAKz;RzyoNR)L&U7T{5CV87pK+&(`
zG>MImkpt(5i>fU?b`>2`&mzEQ!j_1QxpvfGvW>E!JOpV+KXV<?cOaV@Vr4ZWfuOB`
z4WAPVZ!gl96>ocJy=14wz2By)EVZf_Y#1ww(x9_YOCKlACq+2wD5Iz-ik*x1Z|BWE
z?|pa2_v(Ul@HM}>gES#ifqx;q%>ES-%(P%z;*a|gk|Cpo(kgPtCY{-V2`}pmy&2-C
z%u*yu=28REGMq3fJ%+Dn2bp`8m+_*VeUvQk8WGocs)xjoORE=F!(<Gcr$Job+;a1n
zB>{W2xCeg{<r1AS;8%zZi&|SwN#m9swizE~0V5BV+t^&e_pq#Xmwh%D=qwzgY6ZTj
z!SL%vXF_-IW7e`t)5I+Tko2?atb-lg#&_sVaMa4e&>#(wL=}Ej2SqJ%6GA9=amY>^
zElC7a`erZAGx=W@H0o#LumubRMMlnMe-_){-RdP2mCoVHmYay>Nfwd?$pd4bt#Ey+
z<J~?@H^a6U(pGK+^3w>)11N3+7&JsJl-i<~Jlx@%=&uyjja-r0tHIv<;$>+t`?yT>
z_WECw?G5UX*k3ZLyOc{(oinPMM~3Vi>KVne+68goj0(t&fi%U+bwF=dEpDsI8l}aa
zeQ(BDBKMCnqbo8lmO|;piikiFE@U_yF3^;czbQwhzbh3^&uk(jk70ax>>8zf&?^bT
z%?WY;k@YTICF8Uny?$<Xf^^I)U-hTE%NV$-&m-bR)GoO;73a~C|Elf@s*<WvlmV-S
z(taG89gCPG%v*xY&aASU*yTLM^sXGPGZEXkRvOsgS!yeoR26W1>Q51GlzlZQR*G2D
zz1y6z4)+YM_RrLdYmXs_Ng(q3icD3_{be6nDsAy~aa_B|UyTT7B*Brg$Pu2V#nI<w
zI<Ur+`?u>2akgbCqg+-G&!1v^A^xw?+eOf3Tq_Zm1|3SLoSi(Q8iWm$4&d>OZALe=
znevobJQ~RIH(~j+iSFtQl+`XX?T_e|?D&_&W4~Th3F&X6o^Rn}elnxW<ft?&@u7KZ
zI{5m8Zxz$A0zeFOdL!MT<#ZL@_7=*gCX}~S2=;$pJXftd(}avVYsg;uMLRW3k$?ha
zbyyyoY`91gub;59aIY8}m1%&YwD%nQbCMD5R&_Z$;&Gy!VV#~}4}_IovEk3k#<!xy
zq%~yD#s4c<;_3NzOPukfW??e9o{HajxRmuzN;%viHu>PyTSf>x;OLyh-u)Z6L2#w*
zYkZ6kBeP^zY}Ls;14M9}jZAUo#C06M!HcQfOdZ!MjP#@P6Ct6^sL6=$DN+2ZtHP8i
z3NAtLtM3K=OO_(|Vw;mK{@{z}4G5xSs|bbq-O%y?%F9hh+SbQN#nTz;KEA+#ZOv8i
zHH{o=(CaJcI%0fz0BN5$I7sYh0pKQ*xWhtQ<+&ttB=lTF%phJGr_RMMnPq>)-lH$P
z*Le(6hWt&xCv4DLx_vHgu^v@Lah~`S2E)JX-)%fr?|Q;aSfE~c)nk3dM1_c|pb-P(
zXe2pzjnMtI9Gu0xWnxtEPGnbXHG(ME<hgT60M>VVg#g^sjO<{IfAqGB4$=b-y$Pq(
z_YC-r6P(gBl&*FvD?9MS?tskQK9tO;Lfji-{opM{zv&(j8N@w2R*TY7l{{{|LThpA
zsEaEY!1AQ9_<_p(R_|7`T32lIxaPFP=wo2-r145dv7T>8^u#eJkVPc2NUTh*cg1)`
zzESUI7>Aqf#kkRed4thPM!%j<^2lDzDQUue{Rgz%?u-x}XWiswpn22shd*&`z_pt#
z+L+^iY(5J9s4oPA{u{HQtuYxup}*DhUE-d9wMm+(tD8|AS7l@Nrm*runYwIT<%jnY
z9~^tfKYnm$JpHOlnVY4p+oD(efmxDBJ46oV9($;xN`L#|m{gB1WC$=@-l^Vw_@Jf3
zwE)c6b#(;-1&iIk?{8ak60spGt?Z0EyrG6h`RGDyR%-()^=4%iW8E;D%;`d4o2_hL
zD4#TEW1VBeJ}Gk-Fe$i4*f-!j|2DzGUd#uz74QxWir3=L0v>LpIRXq*V%%@#@+P`*
zb8>IS>=03|gZ(*lt+aCIf{1Q-fTMyHVm4K+a;K}W-@N^kEyPWpV663J&G`3JJ<h~h
zi<hROK&jQY1l~=Fp(d2;TN3uMjlM4+dCnE=e&<`tSG{&f^sz_^<|2UEE+Ueq7lFpU
zd3>huO#`;&aqG))refC{rrk_mvwx<bL`$z4ww~1dp@kgPq>Iwg)>$BK`Fm>fzDX=e
zdkm9dr)KX8aEa6Pgx>BilGduN<iFZQso44N8(c>D_m|J#pb$(2f-cM~`xQKPEYgTy
zIEL7}cR2!ETX${B;1|^7*UJx?ZhwgA`0*m2vH#Hz&1Bd7b+CSW&_$Cfbf#_if@Hto
zt>>M>ql`hJH5SEzl&+}2x8-$k7qWlEVDk3ssntVKoWFLGQ9}>@u-$-;0QsKB=j6_W
z?~(dLLXZ|Y!29v0;Ry%RbeUuJ;sveW86l#XwJRGbJ?TbWmX0F@Ph{63B-!THTVd!?
zzgqCMBNMpwmoADqI#oU_VjT91B0;miE--w~+mvD>dG?yulfJC37Y3Yw<x%FmjXFh&
zOEox5#0IukDlo+BDGQ-;FY#mNuU^gAt_yR0Zc5BqI~?JW{oD^N>ymW#ukQ!lwgHr_
z(cuG1d&iaXgpF(!E`c$rx3=7&LzcoFIuZ%RgdEaNY{Bvo=n@5R!t-R59rVI7n=E(I
zM{;iAfuF{KNOY|b((r!B`enX?R1tkT{<y$%>Z;Y2Y#m@w9hqk;Ez_d2IA>Atk~E>|
z#)z2^$B)Z({2WhN5G(xkjw_Zfit#1-F!u8W6m8P^Q&74(jOgU~v}X2sx>S*6y}pOk
z^HoVAj(VD6OPaPJw@E=Br1RzzaPTXToLhFX5uJsKr(!=kb&6V)wB?-!n#!k*dae0U
zrJ}r@yDOYVO}Sjo;l9KNg#3QB1FD;!bqht$?u*&_=r(U)AV!O>=#4gGXg=f}TkCcY
z`Gr3Z;Wmc4KY54JQHk=t<&&Ub#e<F|;7E&dR~IyTRaol)yV~Flq)cIA!7&|5vTaI2
z^6ieVJh+0nuF79>gk}bhx%+XLx+0A>)7+=*ye(#0!nSP>wNyP6{C)VJT|ZL^bld|C
zLZj{t(e3dsH={C`{}AO!@gzs!FJZY|Ti?JvCzjQ!NDH9#71RpA5*&42U72?AO)sSi
z6cFp_>M%V*rfPP1Z7RtkhiLjhQ(bj^Jzws9?pQ3dnjLf_yZC_p@F#`ba;{nYBKzeV
zaS&x>JU8j4b4clFQf7r{)N>cAwGP-_Jr1Ug_nf=j`T!=zmq5+2Hm#H=c{$AQgvs1s
zzMrL+jW{G2ms-C2^LmXGNT^+e(S-#ayR=28+&X&-E7YIKhZ}T~GNfP~>=G(uomvtJ
z*<QBr<vMU~xWZm=?`R#E=X(aNRhyRkIh83HQf+9NMqDlU5xWi>WdB)f!bLwiEZrP7
z+{hx`J68v`ridTl`3j(QaifU-Rsy~Csl}$6-qnwLcQ%ISe#H{SO;m?ncW(f*yJA7r
zn988tJk`gfe39}%%+RDIQ3x@mzz#dFXBjf^wMF-T%;@KfvRf~HJ=Re^Au7DAyE)7<
zQ4FsdyJzq@33JG6p5ywP{#&zEzKO6voj?fFktrO}=cYGSD4De;Hz;aOD`=6?VNqdv
zD3$1MR(iUA^0TxL(6knijpWLX$}%L|>agbjcu@Mb3f1*Z5oZL6Fa4aR3~Ahn3&k_^
z@>zrHjq5-1FjT84o4`98wM{#;;JOgPoO+qBAo;g-1Zm3>CWY`L8+L2|;#h-yV9J<@
z=A80^wQlUR`SO5?lYDsmd!%ttI1K~-zzf#i;1t?A=FXIabfL}RJYE|L{e#qV<<1wl
zzfT4evPbaNqr99nnNyGwN0LGYbURg{?@)|;i!bfO-BXJaZ}28T+QOUCIy;H2KAG;M
z5xNi~90$d413`uf&A;)2;{x?{n;1o3XOIuYl(O8HC~_<%YHV;i7K#;5<*u?l8V<jR
zQr&!SGQc?Z5D9ISnEwnKVe4_AXo$hYoc9anC?!oiD#X^0xavi@ZPz~VC@ncgJ<l~W
zz={c?g|xt)1X@RU4O=rl2GRYwZs#=uaV2@1Ij!wPf8H{*)x(O~w-`kI8G%_<iOCng
z*00~+-5rxRB}X_YBqL}0d#ykGiqOr!!8QyP|Jd`0un7NkeQsvF=`($+w<e$Nmx;7{
zG8%p40+_XKwJ%*eB9pKfyZq}bV>BBJ1=1)E`&qKS5VV&EdY!SjlEgKsLZNTy&q-DA
zNYF$rA__Q+UkCS^_-Klb^9@0VA)@7?`d!b~a7#~$U#@OnVeo3#&KYBW)lZ7YaXm}6
zsv~p%@iXfvc($kT?^3I_VM=Xx&ET9TL=vi4Ir{s!;&01!g4=oP-*IwT<2_tP#}$my
za>b_(uK{4Pnz*#|`?h0YgQReR4#goE_1fs{`S1E4IU}v<4LjOCK_NhPrKI%y_VGQP
z$kT6~(l2Ijv>k4Moiek(jM?2GgOg`J{f2DnKEoQDHq>7$@dZ7><G-JfC<OYRo^3Ro
z{uGe)y@lAeEo~syW`@pwMm74~`l353o6LF#{YJvKm^3qo#u)5Y(Cw|dlC%Q{V}gPk
zq(acyqkjHWaC9lzK&VM^Sea4FGnz|<W7)K0;=;DvZ9lz=7S)uY^T0@Mf;0F!X66Ru
zF-i}MxF&i>sjj@XU7AFeMbiX!`-;?U-}$uvkvEAnyuVi*b#knDpyFIh{dV(tQ?pgN
z`8oDgNd12GoAa4+kARUxNKnzK_efd|0*eCfr;H_=D}v!2myHfG^R_3rCHBv{FTYGM
zJEVESnqaaPkVPxpmD?{+n0crI=0am>T?XBW;1FhQ|7oT%J9OZmuGfg@WOA+bwP;9m
z)jGwlhUK#FdB6n|wIPp~^f6wac}o~Fd=F)bbxIieGQMcT0*4yUVc{9YVITF=Hg77l
zzzzCoN^MG-y#p{sTdKerWQTH!6Io*HI))?ph9ztVHASrmX2reSYGRc-hP6qpp~Is$
zHNU>ar9Qj~gv5$xm)bHpm?<(ZFw25S>KHPD4`rt%KIY<fe~H-6VEA3{jTo7PDgOPH
zK|2AVoVy>{*djhd6TQCsajyc84LH%wCOt9#o5-X=+*KU9{p#-{b#QC*D3ko~^5J_;
zt9g*F<bAH}W3KGqU*G=@$WJt6^y4Qg<@u|kd%uV)VL-rno+Ed0O@*#9TcC8m_w0Lj
z=_e|jHzf{rP{1bjOz0=>@@;im3nY;9>VWy1v07nfLP)dZ6JlzBosB&tl*1u6?ksCw
z)(`s!L~45;WxSWj!JSj3f*;F@G{IV3mh*UhFY081soi1`Q{ictNo;xN{C}mxGz|Qm
z=y6d@|JF)uhW^N=W5$r9C%z-sq?^)NQ?$;ja7UJT|Jc>v*Jj3VTio($6SC7TsHXF&
zl#qlf6+1hx347YZK>0BqcDAi7gNB;?RW8`Fy@C8jXd)s;n`J_v3qk2#oShxv@jX_u
zsadACEe(CP(UigyDM?Yfo%xp&@_6|O#=t=)<5CqrD*b55UaXW?hTImlXmlkA&){+R
zS5jvlY1(P|Cg>{c(_6B2Tz3j~HoVK4$}J`WY7Z;Mtms#?`FQQTYH{*<FJ(oa9(0R7
z);B?(=V;yX{@dj)c)Y=y8||xhBXU#yO@UC6AD0}a!IDFIF>rUKQrH_}EXw^xBPE^w
zxtpbJ05Y<s5DJZw5Zvw1!&%f=ghyqMGf?V596F12nV00L3X|O@)kK<NhTQA8?DaMa
z)^J^KlT%d}G27nZ?e?ingO40SfNinno`L%{=Ut9^!LPeDmDIm}727<Qg>9fkO%bev
zkFpfPeRphTE2yBH!K7`fJyftqA2_<cgBu8~k~rU153`!Ue{{PzcS?|t_EdHdbx=S2
ztzSljIizuDAXYJ9kC=1akN{h~-bY0lCAjFROcNSiXYTw{OzDp9hUC8ZME1Ss_+W4*
z9xL6E9)wd-B4W*4cFXXxTxQUl5yWnHk-2l&=gX~lQ8fQaBRoEPx|I(eqmsIGNaYaz
zqtHDMNas&+g(JAz&8SE`iF7>8`w8Fm7(L0(tcvy=in3XsW9>=-=j?7v%nMBYc(JTA
zn-iaL>Hfv#xjxCzZ}3=6$7aax5WeAs?<S}(OdmhQMIk|AOd_5|WMS6YvyW>Szr+g-
znAg3uz8|KmO(~<qCdSJ?BhvSbq()%m*bZW(`+(7FB(tX2#kKWFYzMHjt&obvxj!c0
zdMMHhwKCrDtRBQ<=Yvk9rZ0M5U@MNG^1T^}Jvb}ZaJ>nWOg4g}c?cwuUA`I8yd{-~
zGdSX}q&VD_LPV$hN9%e&Idm9?*lNs&r#TG!V{_M5&X;h8#|lyDD8^aAz&ZAuSw||}
zMY+gspjToBR%P+U%bV4a<Zd8sDOjI5Smu)19wWZ5LL*xrOSWrA`z%9EQ;s#5*Vc@s
z?B+v#!O{IKnhLQ=_7RDEXepnx?b{I^g>>4BcHWNCzF-;L>uqk5<_~OrWS7y7(G==o
z*9j%(Tp}ux>sgSNepxgonJ~n-9_KB;(C<>2-g?YSGzb6evO-L}n+q~JETu1tviz{@
zX73dRsQ(Zs2j3m-XQc!j2P0Q$L{y@sJ0+1K-#aCVtC3lV2}r%61&nWzr+2Dla+!ou
zyNi9lA~KRowR!l;!13)B8tV1vHk&YdJY>U_RAFW(UO)lN=lS(2T5g7bnv)X60$ZK)
z!Vx3+eL~Kqs@4?UdC0(ffedcV@t|HhF=BHqgpmX<gmgdb6J^4uy%mIew&&8ElKfdV
z>xPUGiptx*lZz!Ps+1RCX$I99J`JWge+!%=B+Wvo7ER2<{3mM8JZ#}od8ff%qke1O
zx!yl-T?fh<%TO1$UtHibb4RcGCO?o@vL!X?2|kT8ZL<e@X|9)MI>m-n)xC6FHt+P4
z6hW&ZX?Q0A-oBwrX3Pn?Z0yk3tcpv=q<95IqJtEL+CgKj#Kkv1IeZ|PjuXM)U3v(J
z$)I}+4bNOc!^ZcqN!mo7<$iewHyk`<9h3bbX~ai2yiic>n3!+Thf3Sd<ytn<$SAP5
z#(hK!uok+uBR=N#NM6Y(Si1m+&UzhG9uSWBHyFOsve@4X2M4H^CNRv%d^|-__?ws=
zggtctIi~e289T)i9M`w~W2H4|-6O|JVBxOwa?f%x*zC%tn+l18*pT$HnMKBIcc+Xq
z#<CfCYNSz)mgZs5mHy2pa;BR~Y;3kkY}nPKkki_aURnEJ{*=KZ=@|>ED+867nH4U+
zz$@=ijCWMXUX4iUP>|gqsrv_uVBWY7?*bldQi&RZbs1l8DSlEGoX~F6yxrq?$sb@}
zP=Ge^HbvIMS6baeFiZb3qxkq&x3oKEsAG)UMVS7javNqy?*PlatwEId<`K~^?iwlT
z%WKRYEuFq4dxN6n<^QQVC;By8Ek*7A6EhU1SM+A6Lnh0L=n)uyFN=s{<Ss1lFhk$z
z72)~|p_&`S@ja6GGvC|#qnbmDzsjEisQ;P*E=Pb%djRTZ-jDyx!Asnjz2A<Iuum6Y
zp42}mzmb20L(0NxaM3enpS{A<+IGYw{xp*h&1jV#(Z)q^EibO5sq{){&M?1*gI^=d
zG_i{Qu==f9(*OlOebl;rzgwjsRMXn+uUQTzGI<@KxwuH%O>tRVZLa5yn%f0E8I7wA
zYa+1~GoB%G2i|9cF^~NqBR0hk(p*d@G6kWHGp)vm%If#d#W(U-9|jIFk44fIvuqy8
z8XC*_3N3SRj0Ls=*V{7h>cQi+B>r)Y`CU-LICw3*`@h(L$D^%m)(8;V_ofH`AM(DD
z99OT_6MXM)%=SK?UIr(7)<|JB_P2K)3~iz-Ba-xZ^{n>7(Ixq>$a@cpC5%#;tS&Kh
zj-mw;R6iUL8sADVd|sr6eRTIPR;?oS=jcx|cXTl&3sy&lZi)qtygi84(6G)gKr>k>
zndPISJ!|iEP0Xm*cqF66L2)bI^Ftd|L0Xmk&X>d;v!C}E5aF#u<3Yni>%ei#r^751
zcl%MJGy}hhQrUR&%A#}~WG0{fWJ50e_mI|j-cd^8q0f0qmSvcHQI5q@pyA=HQsXvB
z#+)3cC}KD3VViBRj1M9l@1uhF9g_+%_ZG8n_S~`Z60z@-zB2>O<r!s9q-P_N9<94F
z)Fq6yf;H=fK8Lc%>Ys4^eiYjWGzB)7+|VEWYL}?IWIkK}&d)NfLskp@oj+Q;1S}~5
z&n35z=%o`l;LXu#79^T!{&}SN#HV+lZlmP;&qtz@M>eow9Wqtu?`Wf3q}9H?CAUv8
zED)qA*WbjM+o(^d`6qW>zy9Mye|yrls-I;$Y~4Qidg-F!G>{S?X53}_b|)>@ZPePf
zhjMs0J340+6JRzjW&Tj0)vqb~D)l$)mG@wLbd<n%nvuRBvW9B4eppH|kvds@2D4RT
zTX+=ghS2Jdga=ijLAO6wcF7f{{O2GA0j!rpmEqSRSbv>E%o^CAD=n`X{1%so8vi(P
zrk5poI~qD5NA&}ZHA2_}TlkX-+kQE`yU!^O2?n7sbI-cc>5fc}e7jM9&GekehOLBE
z*rXNqEx0T4c#99BR*Jv{b7oslO{tQ3S2J!$-gd|N?H0jm>hoH>y2O$LY%m50*ED)?
z<C1=EJM*EHnYq|9zLM*;(Ed{>nVlJ~YXedyoxVg><I=*~JIu?S=RARS#_v@r6nQ-2
z(8uWS*KOI1mn)>-EabVYfK%DfP;EyE#ch;(a#A6<%cGg^t!ze-eH-`6bNd;jSd6cA
z)h!8%(%BxE<ubdhQrX_ucXA1>6oXreP64*nm&{I2xlB<DCgbx(azlXE<MIjZ>z6cm
zOa|MSJgc(V6|FJ%L7NON61Vl3OP`cfSnM{mcf}qPJ!O!ZXXfos5`#b~n0MlD&<(!_
z@3poRjVgQiqupQ^i+1AAa+TXKWsDdsN=)imzbb`S7JPq^n!X<uvSM4Db`Ts0oBS-b
z)@{GI7lMw3J?1Nr#j3rv_PKI+DfEqQ%A3ycmn#|f=<OL(vLM+j3Q>>PKa&t7xjL@=
zQDxrFOotxQPmh!Xh7q>;?NQ5OO-O1a99;40l)K)scFZmAg5!V8zW3#gATH9kMY4aa
zp$FKRrAtq{=a}Uw;E%7Urvk4O9<gp+L72o=rh~L?-X|(gA@@{9&p)6z#y_Z*_%$q1
z*?9HF64?u}xoZzjCkI6WX)@caRPBuPPbPGmiWNJ$G#E|JAI&+{aD`J-c&6#Z_M2c?
zUv_d0JHxA7B<bGyU(q6}N67Be@v}Bsa*CQdQ_#AyU`AQ4dlF>j&&WSp5jiOJVLXM|
z#%JH>%Myr0a`p_|2@ijSQ0tDRtV^9EEEs~0VfA@y-??z%Vl3~FHjn5YX{nO^N8XA}
zqoGy=4bqe<+GsLaOeM2fi0&@O#Y9?t%v54XUeJAaDCH?WO|mt%eT7HPSP=gWEKG#N
z6QA6sdtEKIIog^$MwvR;N#~q6U^q=V?u4p&<t3u*pU~1rl!_)$G>PmCYP_Z7NYW@r
zC=$?G*-+@jm+9Hqhov)G2UBqxl3A3Iv@*Uxh4O08*<elVwuo(Fx&76PV~e7%x0UMW
z3LNHq$9{ui!V>vp0E)NH<Q3bEAIO=q_P25{Tp@k3B7M!a8QJaoMPIN@>-Oj)ye3zA
z1ug6Qgq)kUO?v9pZEj4X>dGFntU%y<De_J<7lA;sT762ObjlxSsOEbJ`00$pMqmGM
z4Y%a?1s&K51PW}eu5?SS9Kvkx)bd?R+F;*?9)V?j>r^rY^BdcT#C$DZAm?)k`(K#B
zu0O`=$vfe{<&p{Oj)&Q;KF_cWoSq_ilXuTfPO(b>my@oi>-DZb;`}lXw)6IsR=#&^
z=bgVV1{}`*<NsEst-=Am?Dk`<nY=SB>-!-Fb*$2L^mL*b<y2igY+LqAi{R&e)s<Ql
z++1_oC8uBL_yPy|Us}jsNe!+&5P6;rC*xhYheiPuzy8qZ^*>>GfR`QMrGKE`9yD@~
zPd7DHm*UJF8tKOxidt4rO}l;i3)3L}OaZ-K__NghlM%2TI`Bw@DD!9fiG=%Es&?{$
z2+<!Ji3YfR;@^>nw*zjq3jh%NRNb?#H;?#K^*1c{nOkXiIDdBCFYUE!<7@Yvz-Qgh
ze0~aHmNgJ!1fRU6GmigLM^LZ&dHa~QL}*t`GA-I#zK4jS>3cj$StV!q=7C<<j~&-s
zG_$TBRzr%t3-Kgse*zHh?EzP_?}?Z|ejH|q;%(UiOAmqu5{_;o4+8hAZCh&7Z2~GL
z4nWT$44$rEy)6r+Q$tcS>(V$^$-to^<}eFv+Gf~1AB+cv>~vtrCYf>xf|C@%1!I@v
zv&?D)G1~pFX5#^Pd%(4Io5701%w*hwz-Wz#uG-wp8@tEtMf9W^?IczK?l)WJ6T<g&
z+HF1o%s1?<+hpl*ZTcWuJMn1vbZpCmRC!LAt%xFN4ir;Vvj<m+aNHrwIa!I!1;cU-
zxwiS8Yp~^Z`6Wd(;d%l3Lz>%;^)G=afqu`SbwAOlPV?X}1pCT>h5IV{C!ac$kZIC~
z)IyR!d#MUve@gd|!ydQZ^gupzK&(p?d`Ys`&+`a-KWd;8JQA^IaZz09hY}-$#6otd
z-~3e%ML_~V;7KyE-R;Z2ry8azRMJ?)8+9efhf=oEPAb8e)fAl6hvCbDis=_&hb&8K
zUN@09vlEO`WTeSgpg93<#+Ju#84=2YDKT^wuFp*>iz@rvQSn{;RkpB|IU!t=caJD0
z56tYr2&5~0@!u#5M%l85sLlhCNU9t+H(^KQva_v@Y&5)!FALzGC`BdAEx#zF8v#dk
zJyDe^_#_bPE2TaAX0*E<c9pIE{DhH=+K7pe&VUz64cFLAQqiWwi1aC?P$&9p)nnrs
z+?l#6cFbg3k1=8#$4Hol>$s0srbCg^gpt}<kn?A#{LbNQbFIJIKvRk=n(PJ|qP<AF
z+ba<sua>JCRRAz`Cp51_M&#cnNh}OWtwYa77grvP7!qSgz(huz&K`y64j9Qoi^4LS
zR%>Z)3|UzA{VY==GszmyQL}NgKZ6`o?ZurlxSUMFR^ukP_L|>acgD=C3QQ|d(Vma2
za+>@^Uf+3w82VcD+r;iyfGu`LKe=O<|2QLkmabBlm$!^(S<|dO=z?UCFj-8K1}uB@
z5|iA}(G=OtF1h%niVVtev+cdJL_M^yNNbw(;(&Ekawd?qtEx+KQ+T7ywtktE6#UVS
z*Q1HS28=YsDZi&0n9GfYk}FWBU7n^AN_2D?CM5fvid!S>n`W=H_sQiixf<2d9oe(M
zfvmx&4KTO>gzJlSFjSP|iYb+#a{LVKSvXOgClOAon*CzseG1O9d&3`)Hr^rY3bi2Q
zQFZfMm*to9nMp!Q7(U7VNHi$jL*q;TSkrfDHL8+EOOuLv_+`ZVGt$EB>mf<=XXU(j
zRGw*kaQ}%X%_8r~_bod97VdxHqj@157+o6_r(u~7c%0OlYdo0zcu>hQnO?95pPwoc
zN?-YNS&ZkCTST~{>GiM|w(^6b_tHXa>1C*L@7Is&o28``XV0G<3qe3i<_H0<fukGs
z$Y!C)UVj_Yi)NFzoya^VVp7@Sh+k6Z7#JXSr8-T9IzhFH)LTzdce?4nW*TTC470$y
zGy@jA@-J0PhZ~HkE@8_Gi&v95qFgMD=ps|T0|>Z>Gp8*+b;uPK=f(gz1%<i4wt|ej
zXyho%#R-~-90DSiZ$l@PofGoesNYi1+1wwt?V`;64z0W`<Sktuzon;{?ou*>2{wb8
zn&7d@?~=wYYfcC=C1_P!FN~Ml;$jFW_JgZ&-?ulRGolF<O%gj>U#Qpnv7L4?woQp(
zEI+Dcer#Xt-qKXLQp9rYwdo&-{jweL+X!!gfS?XV)bO;1Gf+n8$wP5WvdF?@{4t=n
znXWHFaj^)LdW{Q#S=@f0cIK}z`bq$rdndBouR>7X@upZu8{b~<4})^L*7Xp%TDGKZ
z$~8OBn1$xYCibZbWM)OA{k8Bhy3LMI1iGLmuLRt6%({OShi^JN{*25X=Psjy(^K-r
z%|W5YqB*IIxW>IiQAN){5Y&=*!`Uk2=%BEfp{niqiZh+9x_ZEIc>htb(axw`6OTpf
z)!7PWY$|(RGKjcM(lD1*D%6kj>cIPN6Z?9~CC(AiM=B2RN)+nE#`2S3RV1f$@6ZKN
zSq88hbX?v|osqQr!a2+?IJJP7nrmHzt*ri>n)7|o-MOXhOufSvI&coIvu}y;w3zZ>
zVlc{xK;+v}VmJTfl;+GkEBrZuTURwF+6d?--EXF16{8OTFRDklr?0!J#lLSv4XcS?
zQ;gdNy>CLTwB;>4(iXa@64U5zFYD+7eFoF&ohNKSH(h@Kqw6blnzL_RwfGHCRGO$J
zV!R0$2=L?{S6xYqAbgOG`}X=ah#qpKy_fc&Aem0T|FpvC$2qU}>3)-cx)#p!F)D3+
z*Q%%kOVDK50O~m9k?nw5L?MPBuV7J9LH+1v8I#fc(2L__H;Z$`UBvs7gsEZGb{1k<
zsD2fIa`p>}L_niv4gBOYRyns;+ze|(S=;c7pDq7Fu)85m=F_acyQVbbA|^Dwrc9HA
zlxeox@_X@Yaz3<oN>FEaq5?<-C9QAwL$$jZrubvEMSx|8+D}!o+<{T+KhbfrHK^!Q
zC0a;x{4ZLXRvtT}8dZF8%<Cve<9r8Y^Brt(HxT78Gr@MUdc0apP<jQqDw4L-JDpES
z8ahFvCd2lxAN+71jQCnphi$)XC&{Jxb&UXpDY9zOe5+R^D=C?V6UfnWDWM-m(+EzQ
zjrzB`Y^Bp0EMfN^y=r78(%esVZC}H<cnJ+*L5<_ush(<Y%2L(*dpaG3sfxf8WxhQy
ztzDS^ov`X(^0*@Ewy(oK>JTNC;~b<)_;at$<63Jr20Vr4-lWplaEpVODyA~h602Tq
zZ>#)GfgbYy{JcF`r9?Z#_s?L2mCsJa_|edrXU`8e@5uZqRrd+aMfGnP*#1!;^P>X3
zz5Qc_*qYuv9nLHzo8AL-%iV11$7dn9^HucSGBiqO5$*IJie5au+SHFawgm!^$lTv^
zx7r~Vaq#SzUtI60zIy_qIHK6BF$N0(c|eOo@&r#mp-nhDZ8OXZL>>615fEn$Suw^=
z>E3H~XI}b$X|+g&)F5c-F^2M=mA|gCUs+QU;-Y{VlO8M6%Muv~9wrbRn4xi^y&KVv
z6n)>K{7%pEh5ygF(C}_YzQr)YvUcPk)b;tV9{czKLlb0Q*b;xLTw0|(uRx5BfG~5l
zWWVo}^NMqGUh>9+8jHQIjYWGhTfgmWEoZ7Tiw_-0ehz|;P|C~?e3ET7yNtq%|85B_
z>yFeiD$xc#y^~X1L(0##AZ;m>H5IEHm?78{WTVmON*ur^q&Xms;nz}XH)>scYhST(
zX=9wBwJb#JQRWf;)7c|$@cZ<yT`s1)SAw3iI5NuqD)I^*x9sOm>q8pMyZQ;MSq7nO
zTUtLbe&I!(=E`3DA{D)AL|4N2_HNYw3nu=hg{|CD_E-aEOXNt6^$)t$C5^kQ%*0g~
z{t}x8Pe?z10=JEio0!9z5f+l`df+oO88v6g!S%qeA6ke}OuBv+5;?Q^4}1?S1QWHm
z&-G!N7r88`Z;->7gN+*&BLD^pRkKsn>)uI2T%)E&{>}3mG)|R@78)xzF?Z?Y)2~e%
zA6aDm_O-Im;?5V=f)3Z#vOjOGxxB)o!fj6_z-Y<PE;%)NGh|$%g?YjZ67U$u>F|u-
z;4of9Yk!gTBfNnv>$3B$m$B3*DLfvu9vu4nXXP;T7tYjApB<R8c5M)DPRRi-Prt?!
zkgo_521E_UBZln0J_RUQW5t+~!z?eu?c3kep_mC!AeJtoD%981m;aXC*vg(zyweT!
zt8bKd`Mg|XQRkm5weob|6lwKm_?)~d@-}~@^}vJohXU$rOQPdwADhonl#)(~G%a#h
z#><)$`3nQbZS^JJ*qnPO-7MwXj2FXVHu{wkSXLT)w%!($uQfgw{r`A-3!q4wCQNW}
zhrwZRrw4bJ!QFju9o(UDcXxLm+;yOF*TDyO26u<+@B8oeb|W@6_IB?sqC4K~%FHL<
zhVH8BswcBvaWt%Yv$u_$ziU~RzMdC=^+IE*9LB97Fq&2CeTd?mVG!;;Auw<U?Pe%#
zPYkE!ZsT7ZuD)ySlU9IP_(P@34Auj_NOaBdC_ny*Qc?o$z<WX#-cxnDwoQ=uqWET&
z%{ghf$rWhtgX^i-35d3VAx?!Rs@xG?pwXNoTDA;KLUarFLMQ^)?5*&&4oo7heg3{H
z#3!-gZ(BD6-6YB=>1X`2_26xl=S-;tuzK(xySD$>p&Pc)@FH^WKA^{bVsbAmiZ)Yl
z=-LI3pQCa|mtAWSsC)jq(2@fyIY-OCsA+gn5%Z3e5c9TxpmVX|b;pDMsAxaGUC(?Y
zuH&0^Y~9HIkFs<m0yX>FFhVRi>0`ElpLAS(;9LyONl!=?xCVyZcN6Trirg2I%=qoG
z#TBxz2^#m<vX8uKgX>~E3}B+ekMkN>@z@$48`^!3b#49}Sw(}+ht{<yf=9CjwrnmL
zvw{G>zAv5MLCLEOX^By5OPTceC&Q%2NmapF-ak!M`G6O#3YvTUDTQ?*M4WeyZm~YY
zguq@H4GGwBL#Kma<`Y(e?sY9i*DMA)e~ombtgM0nE3yi8SfC9FZz39+t%)Y3j!)fm
z1g_Kxj;`|Lxi|R4uz-mCVp*mo$On)9gUKsL-3Hp;d0&QbWF)!{EhUvZQjbJ+`*u9_
z3XQI0H1_vkvk`k<u80%`C#$e*t$#J}Ddc16%|CdNmlQ2v0;&dP=C9h6+`hA=oSI(7
z#}WKh(;=kN27h3qR$Nt7A4VP|L~lcBe72@*GrI!3R0p#4nC!P|mW+PigYer<%;;Ak
zc%j^XMT_%^SZvj#ar}VG{?`ojD~~M5ZD0fBqpA?)=063}V=|dVogo0bw0>M@A+O08
z{i}|laK&q)xQ9LOOc}~2s^@Z`W2*o5f=vQ@{=zT?ib?MOxA6pcDf0!a+_bSoUPb4F
z;&OU3nu%Q|X!Gf3hWoV_rWOTWZF{>ur?i+|!>TuUe%R`4?A$AcZr@XD{56kN-?`_4
zIni4X{zg@nIayr_e+IsumXx~Fr)8reGT;+i_>CTyk`8#uqdv+iaAbj>e`Mv+mi3)}
zuIO8N4m*unsvfDR4!kF-P9A8e`k#ZZ5=K!o`c54$H(d)@`8|700H;v|5*|hl0Ympu
zgcBECtH@;orw#(!|Fl$?dsQ40jZ>8c1y&wIxus=0coL>%lHaFgTmAE7ZOtTiNz1PL
zNGPempH^bx0R-4_z#K90Y`gF>a)_TY@hsRd{Ret*#<AiU;zd>g+qc0gT1CxrbiI<L
zF8k-fj=!dfQo)*MRM>b0%hnU$ZR)3AUsMy-ze7&x$0$esWO+ueWPmWxkAWcb7(s-)
zak7#lmaxC7^Wvc9s%+^pRyPSIw~_^c(LA)8skZhP(w(%y*S!V2Z7SvO8<!PB!gvyu
zL!b85zC(6*eWBPT8!s82;jA3mvs_5^4^uU{uKSOBjZwK3R(qV1a`6Wt*1E|tS-w;|
zUl%o)b{o(qa$h_n2L#cFk`W<KRu7fAk<H;uK*e<qoQzC_s<4$3x~{)`^RZI>f@D%C
zraSn=N;=5wT{f0s!GHP|TX1*my>mn+U`|5YS@zHBCi)AiiPUaK72q4fi};;WDRfCW
zz({q(<<dU~P_Sq!2Zy$tfnhbd=mMrDl|my((3A#gR+T~*5Zc;qB$Fmj;(*r>l~qL;
z7Lz|axRnO$O#Z6-l*B=`rsuti%1=L@fpI^Qbi74muPTyLRtprZS6krCuGIoaKFA-^
zZD3ttFYziKI{1%2MbZUd^H%vlaM{0AGT?7I46HmwTGI`2y+$rXwgZX{C9-pBwXA!C
z4hq-?tk}#(1YEj}&m{NT{i|!+T28$OWsJOB21da!#XtDG`_T=iG<CP}*0%{_fxHG+
z2c$LN!&yy=u&&Yg4G-xSbw)z_cingl>RZ4peXw(9PdiR6@cW1LE@jG>)XKhXdMs^>
zy9&-lZyuF-D4d*J`}Vcu5=kFJGq3(H(^jgqI}1=XT?l(nhB`>GKe1U_MJZe@zjLT)
zF5szRt<xDJhG|gpFUx;M!S;#20CH7Dg+}JQ`yXR|C$y{rL<ZgaPsaQF3QGxs*LT3j
zQf(9s*9=D3=K4Ua7=T~I_uIE%sao^9wEZl^xYRBCIsnIbW9>{*dB0@mmvgY>n_=M9
z(xdTGS*_mM{G~;sf6;1L2jzREku`^Hb!qiNQ*&mE#_vU|6&;4}m1fq>Hr1&W3k=s&
z2IDDbwF~d7XSJmoR2e$!<Bf04s|KBK3yWX>=$L)4w6RXHt!}7RuW$a^qA|Gmb6E%b
zd!?1Nx^4B(>XiL^<Mv-#c1)>%qW<^9+SEUl`}bDuzjW;W{}qKyN@dE=kmL#x(kM_v
z9oAPN2R@wQMJYZd$9ubEY(xI0g(gBumjgy`BcO)lQ}LT~J*0Gmwo&gt$N-U^P!3(~
znQ0ATR6v_m0W24u;xg?r2hqaM8&ad!YKKbjpJzTf%|K5Spp*JSNM;-;!8<(o83S#@
z0PK*Wrz%c0XOO7QKcGQ`9ND5|pGumip$?2fPr?bkek1b_a!?!m2vvo0RgSkTz={Y^
z$bC!_nR@WbkX(O-P~9nn0snx@H#=;-4{^+bqK@m@Vv6bOl7)_5w23b5XW<!j%HE!U
zhy8E^#v>71Q`Hw{h-h?P>=NzaM5bq7=U>e1184R@{E@RN<@%^-zM{WV6DWMsF4OsM
z=2gCM@3nUB$eJVz?JQ72^6>4D{eYWdid$hpyNRQSZJ^M{pE7ZqAfX?R1u|^2@EwpT
z$sC>^ct9Q^-yEV~vQ44EaGHJG!Ia?x(i!-6YAO3qnfVTw!r_$S$O_{bo-n~K_!OOq
z=<2e-iCB+EiIPt*HUU98Ro4;e0yk^1wKJ@lu{ryFFoc(l2$qh2sd&~<lJKCaz1Cot
z*q!IPW`TQc=MXnfi|d}Thh;GQVh=pt@f772=o^?f*j>AYj(8c6a7y3}aglT9@Ndq_
z6o`F@6%Z32DcOfJ5y@ZV?Pzp0cdCRQenwu^T$y6IWeor5>|xp57&ob_%FxZz^nN>V
za1p_mif9|(8DK2-!pls+gh;A>jVA~~b-2KQD8eN&!!+~3bBIq1#-*&hWUgO3ZYZS<
zq1@y81#u#vgbV)}JfRxfD2c@#cQnQcJ67s2JcVQDKLxvDzP-Z^YqbN8AbS9`TJMla
zotBv9B{r}SY*2D$t)YU>gbto1{d3VJWGYC{Gxjp6KR)nt4ro(u9{CNE0VAQwI2avy
z+5|$^$Vu>@$xIWOiOsJIMdPV*T_38xg!!YkC34tAJ<e)1$$&Y%Oo%!(3a!uqnTyZ-
zTdE+(@)<FD)`S?pWTzuj3|wZV%Zd(UGtzyCC>0f+1F}s+VT~Y5B9=&u-b?5wcQ=GM
z>A^k(F^Fku4?QK0K<S6bv^p-;sg^OF9YC0Q<wZntfL<Jya)S~>RQjs`*Hlk?`x;>?
zGelDVVZ3sZE<d=!h)Klzycy^CC0cH@J@A@~w6utR8O5ACv*zdk4!t|Y!EN~S=q~N^
zXV?b{H0-?_Myx+^2&;FM$OlKl0WJwx0rI)mSm-=7A*N?g<^}AOI9G+m-NjdZ261e0
zL-9&Qx@-mBBv@xK;6V)oiMmkCyS`(EFHA!Zw^p62vUjUn_{R(X7|9!j#V&YM%L9*U
zz1z?CyJ79h4x2A=Js&bK^rQH{9o}ALY>O@oEYmj^pS~*`+P9}~W<J^e`%3!IesI1d
zy#q@%&G@g1yxz|WSq|5VQpSb(l8g>^)im?Jb8>o_6|!8e$EA$x^CejwE~;rpe_7@9
zLMz6ZUGYm9f6tp`cF3uwS^i~}*GsJ!XLZ#sWgMS3%jhT`SEJS&d|y4S?SHrWnw(gn
z>_mSGTxO}?-!Wa`))rJqO-S0`Gu7tN)>lZ)NZLOzUE$I8RY)yJ+CMVY=GD$sNUccP
z|2x0t(%Re*okMRyGrl@{?ba}nL+?&AzA<|3-hiANnk3Sqkvg1Yc5T|uug$5LI-O*8
zYsw>_t)ZB@^xLU#Rz`CCY{ki|Wi6MX)#ASuM{Q`Da^~HP|BTxHw~GJ1`Tt%k?)cfD
zlUMzkK7DK2H~?CMqV6B@ziR!D=x7zWq-s;0UAm)&{eOG>7qd*&Je%tOj@!Su|HbNm
zV6foi)x4(9(5g9p_CGI{W$-Pm9Umz0xUaVVzchwv+u5i7$=bg+Z~yhbD7H_Q|A~1%
zE3Z!Z6R-2XiguCur*r?_uKm|{yZ?8@#vX2{=tdAXW^`k(*8e=FkCq)t>YuRvd!zRM
zFGMyT-mD@vUeC&+e`YlQgBW?Kf6DgnE!%x`?EW8$G{nO51|KK5R9L;bK0qhr3GuC2
zdYPvUtO?REMywIm&1Z@bUGqcL1QCVCi?=(e*;<n?4Vy@f9m<~Pc|oky7FD51NI^HZ
zy%}x(;}=M4=Rt+VMRX4jQt8boH+MOo_?=Qd5pxzs2Vg4Z5PgUiGtsB6kSyFX;OYwc
z3_l#whCP*HwOJ9f0O|L;U`RM#^_UdUBk+|4QUmgXh302MFOKw3hx+S7Wwa5u#X^SN
zA2j3w;M{q69x&Yzh_Hae9L{)lC8mOSrYviBBW$w?QF7;2PgZ@Nu*k~%zlY{==UKtD
zX}TWVdlbTyKKmK%{4C)VhdTfM`ng#cLQkrBq-T`KUFps_2Y!LjnUs;#k{KBHE}94f
z+6b#7mTYtIQ0$Es$DIbRHH16IsGQg<7URFmy5;B>dbg9LD+8kVNxXq+bx=`O8txO`
z`&TUWwhbw2k?PPQg$IMCpjM@HRuhu3hk#nz_Bxi;muYM)9QSeKs%~&QT=orG_m2SR
z$d+kfmR%zmbZr6wZQqRp@g*MiQ2UY#YHNTxvIIcEa?BA#ZU+->T=|o<Xyzs;gdCVP
zt5%Nr1)g|=P}-@ACiWO5jPPKu|Eoj6DavnPjv^Ln>p{JD5j$!^Sqd#~E)ufVmv4Ce
zc{ir}7!dtD8M{bCvGk>SVVYIdN{Fq$P2L0VlNSAX=f3eFyO|E{a7XJMa4AEELg6m)
z7Q1Gs08nS{BAc~kwtr6$pKvv}<;+7C>pwwPosmXM8)^M@029&WB;O=da0+y~jBUeI
z+DgD?O|?xpYgxpdSNZ;*lNw(d?#Y9{u@Ll9A|5W%i&K6D(~?KH9o{qhu=T2J<dVz%
z0@w_)G{-<3crlf8slvx8_J$|mbWLirfuDGI<^n2v6@m3Ua}?q|HHzYh%{#@yPFc4R
zcvCM|88jVqh-tP)wmaMKTArC#X(U3(ai5Ij9MUz5228UGQ(%ae$j;aqhydbRhN`Q>
z5ZoEx!|NRj%E1TDr5#1%214aF99hIJvNP<z<R8`bS}K~Vl?eN%b%${patnD~;V(on
z@*#QceZ%eDWNzwAr#bH~;QrLn0fb~n>PKiw%3y$z_>uXJH3lxK)Oanv3teiEsl{r?
zV4-XVd#6g*AUea^%FnY2$*EERLbfvfgGHr1HnF|QW{N1~*LpysS=kXtzmu&ITxdp0
zw!lttyoz9Z;qBzHW+gfL!?Dws#^x*dKhfAoyI@WBw4(l1U2SHA#kK!wV6x*4GyfD4
zkttk2wsrlZ=^3G|JhYp(T^)D(D-3-VdshgTmR_>;&n<%D0f40A-vs;3h~?T}_0MZc
zQg4J<_-H<gq)PM_q$7Qa$|b06@dv^Qr1>j-Wlh!acqaWN(;Mlxl)S8I@Q)o{(bG~z
zN2h7@arh=3J-c(qE*GV0T{$=o7}9Rm+n97zFJ(h14sB{1Fr1d5x4OGAyVQ@}Atp0V
znE5VPYlxt4jD03VW!?i{<6sd~k90Eux_!IFUP}^X9ehIsYbOQ+xC`;T#Ir|DuOQ*s
zMKePrsHrdor&;<$269U(2<zI&#knk-xHd7+O)jYo6ewIGYqWi`wyhra`ViL+t%Al8
zU4-E0EyGy4e<S=N!S2d_!izqUoicvCFVxkWm=l;l)<b8<_H6)?AWk-Q=sQ`@_m5b*
ziwsV2i$}F_;rwu=4MlO8ydFNCMm9S3y79`qaK7pCUPLrR<Y#15y@B60pSKX|fzk+J
zQF!on(GOWiI8Z%}zw5NCPSBz(g>FfCh7(aMW|s4k;sM48F5DRtoZ_eO?t>E_*EUAu
zOEUs+)i4lf>hi^jcn6F`RD_{NG2BS!_dEO0O4F{>j!gIvOxw+UFWK^=Rr==^7#mN~
zS~00f$yF=^^HN?#{xRx^J*y2X_At6Dq3~IB*^v9oa@zym{SED_$zH)ruh6>Uk|owU
zY85T*6NQZ5Dfj0pvK6WL^>I%MMPVgZBE&xUB;G|4ID+piOTp_hGKe^iJsc1lqNrbT
z`qXKp@f<W8(Q9dnqM*|-P+LV28UOOui@G)KNa)J*b&HG}LK^>g;fY(ci<GK%jrc+Y
zXllq!4sBV5dqu|_Sz?m%1w}jh5E|}RvxQBRgqrMigo}?uD956er+<TCFxE5pvJNhn
z4rvDNJ2}N?8npoHy1m#f({xoq=Ti2Ow_7&8wn~w9ymu8+MwQR<%A?E<ujHX8t0_2e
z^TUT2XJORx1HO)0OKXL%rO?RAFre7*Oo-@<1G1eBcls_5XJhv)%r-?2I|)cTU+0F*
z_2@2>m25(+<rwHAE}F`fNh#2}y@Cc;Cpuc#dUlnO8-=|RCruW}3w<eqyFYC++a_}A
zaGR4xCVmoOgI|D?0>ZtMC!o{j(42DX01U7?DK!Abjr<R;4Wg|CWR0D3!_W0-=(V>4
zF)sx$*w#yGYW}CU15?*d{D@_Hg?#5}aM%TK*ygN+@aahevXyL*a86c&f7WJpl{ptU
zMh{Pbbrv{=aSzXm+?1{FpqFzZV}{@!{2LE#j<`eL$hR4Whg;WA?CO8j<VsR&WVm3S
zlF-u6UH^ipM)v#@)nuTfBg~HoB69OjTDp>+kS54&RKH9uz{xGC8a3;`LO(HNlu^{|
zO_c7V5lk&~;iL7BJ4q_fYomREWq}aVJ9}i$Jd+Av@9Em@`(7(Q$~{W~TQAoT`SQv7
zYax|zEJS_-!gufLqTu0E0pjFm)ZF~XXj+wmDO74XM^u)>k+*h0iL!CK%ayq6@+8(#
zxj)SyW_}m6mMo#Owk~;%i;p&LnM(z_j0`aPTet&6ae{4|d%uj!j}baMtnI!0e0CrR
zm)m*f3w=svk9513_&vn$6l1N0kdou6yK-LHCr<|Yl;t<nxn4N6nIAt(CG>t@u3xmt
zO2P*i|B%dXPkb1nS8ZfvdZTP0ui>uwend5b{rg3`Z(D=*F&uso+WqHXrf|+l9kv7Q
zt;+5wd2Eb4dKR>v)2$LAey4YFxb<%S8n*kVqF9@yA^8Fa+|zO(2#Zu0yp`iB3eFHI
zoZE7r=%%LP^(IXQpVvEJ;l;T{O<Rxd!Mafo<m3z?!Uvc|Dq$e(3@=ZMMLx2e<|kNC
z?DvUCwK!!J%7^OW4{g=~8dCmXt#$}(Pj8H`-yO!SsjNe_W^@83dYe4FKv*&2oX%VU
zkcgKWrx3F4*XE4-)=UXn<c8)@D-$J6>FN&Hz>tQFKgp9)CbNJP;o0geL2N)rM(0VW
z5ufSJy+2%7`}Ujc7=R$*GmD>Sh|Cl{9XOROqzP|j+?LvyXb=11m+sdHzTinuxPTZS
z!c<kVCE!o$A%qY^=&xj&N`)>Zm@ZTEv7eCblC@5$b$G07Sg6y1Ek)2Cm~}>`BT?M0
zI|3}Hwvl-E_iUykULgKH<7HWoD;06`_VBXHOmA%C<r57=aJqJm8PmQ-GZpvQMxE9@
zX9&Fqx^q5N^QjR-?80RKsCCCR)$M>$Q7pF}ZFCrFTpgBe_C|f?{dxC*@O)V?7GlOV
zu|wI6s`08U9*XBhH+imvnWVnipu8+MKM*$35-mLshn#g^V9T>*m#ztUDahFDb11|m
zYdK*bDy9r2_qtKnV#OS?03brL)5xbz&iO=U(zkuVezxVX_>}cqA`X-EhcFg8jXvkM
zVCggcu6bW6EVwRUMSo<He;F>5E0}S1dA(D@NT<MWmxjwEqkL63UH31Kj2Fx!0|Kv9
zI>9_LE+&1e=AAw4N}w`gRFZ!dE|XG}XfBW&3^X2z8TV&@AgTc?DoL|zP&P-ui#B9X
zdH@{C5=?mOk4odM0u$1_{slt!y4ul^NV-(hrJL&eD=ukm1E393u>S`C`FW9%EyIFK
z{J?Guye`LOz&rubB2ll2n}?)Gs6i5B)OU)M-Wng>!|Z@C1y$;8Ki0Mk>!}J<u#eOd
z48QiLJIez^P<WSJ6NU~%gCrmtC9;>@b24rG_WJ@aJP2d-Y2N_`+MuJarr^3*$RaZj
zE`nfwgp-d5$yM+#{}FczaiQ1jxh)dE!x2J<gVRE(M>Ekj7-RTrKEmsi&8t;-Ok&@U
zaXCb@F_XjZl${V8NXzYLueC`9<|>bIU1xC!c<YEEAwfxIxcULgV<7)wG(1JAwe-gD
zwF{aklPs(W=B)wybPW2I`am$5qoxiZ&<$aY3NKPINN1N_WTyHR26Us<qf9wbxmc*w
zw%}hv6g-_Oix5{*d(TzORf1!$wR#0d(M?(#R8@}Gt^hy~b@kM;^a{l{eypUlCJRHp
zuN_Xtmtf{kkQzG0Ky6G_x`=@qlnHIN-Ij7W7l=A3)N@a1s*th7g}YCZ+}d|ABHI~i
zbCjA(EfyQ3Vl-wgU>zbOSmOcDN<_Y5bpig61*tV1-^6m@m8l@Y<_zKqHa+$(;rI@2
zN7Lw^_oVb?aw0b75}1udq+jnK4!tws6|2c|Bmc_zaz!l=aGahGo@CntrvU{HuS5R(
z1Xu`HRSSg}5VCx!f@BOS7!b~y3=zszIXo=1w@^4w6cBnT4b1V^4=hFGA?8H-Lnq*j
zqkFvA?W$zzdJ-};<&02PKp^jgEbU*TL!K3BukI7jMKF992^!yiuthjm?2m%fO#w=4
zRAfHAh?BVjn0^)s-4P5p>_SuxnW3YW&0#*LQrahC8blbxiQ(1-F)_z#`mV>T0b8rC
z`t3~tLM$;N?Eq+&eW|{H!71<l>Zl`}vHX!G2sGl<QOmE6`AVtu$gcPfhf3+u^|O?e
z;4S`k47%x|28k6*Qns$$Zj)0tjd@ZgHS3Y&<j)VjG7`(%^X)OJJHN((mym?af23on
zvag{psQ&D(RHVVeb-=Y;gnXS{1(yh|WZ>APV~;i`&C2kci@%avVQW>440;yMz(aX?
z0e)2hLHq!)qZ2cWJBCCw{;+cGe23!)La3sMSc9|bYqX8CPgJw!+8ec7;MUSJoYOkf
zV=@{IX?NV^s)h3WiTmOjD0nd3gvQwd`gXx3TH-}^xmKTCBgsFUl^7%J_-G#hW08Fd
zY(dsV^U!G{$`0|#(f|Qi{o|YTwUTI-QeJJMrr_ZSXtZMVgz~==MNvUvJ;n-)EdWeR
zUj8juyBq>%M6agCcvywr8mOsxO;Q{>Nh^{8v?9w3BUp572=t_cs(=ergW1u=#V=ul
ze*NlvinJll2*5Qh{SCQx?rfpl^Uw9?WG~1r%3EwaFYZW~Lt?``pmroieGW>ij{dqN
zgRUw^E0h8(`B8^aTPxK0a~7)3Q3tOwjHOv^s(Auhtghi}l$bq(+Fc7IF?}^WhS=3u
zAGJ~mTfYHy69=Rc?C&C%0{$rVsHP<zv%Jzt{zxmMt5Xc|+DR9Mq_mn3(y#kh3qPv&
zn*g#c(esy@T^NdX1(#~bKqV_D-BBElDD_E&c2RQ1c@{nAD9~|$&NK#Ukbvi`=U4`$
z7%dgzEm1wX3)UsSav_X9j~}g@0HAKb6vCj3>wxrx|Bdh93vjrOR_#X2Z1(uFi<SW@
zv+!}F>xV!06679ExXjny18_cz#{)ub8KRLd-6QYNbzJ^RV2-}?J5w!T_Jfa~>hpxj
zpA$FAAC&<^xxcs^^CKa9kHv3_gZ5+C)Vo0ISk!f)e+#<w)pegecMga@WJ|>5`i`2b
z>G|NhUstAa<1AhGHM^cH?DSTWKhtk6`%t9BZ`>^3^T)zwe;V57iCPf_9PeOJC%skD
zgs^Ltit!%{W13R+dsliiI2RiH7y}O4O6w%aqjOm3xpbcfkgp~RV!{7hoa~K~E<O^?
zSu;(@H(0bFrtMdL9z4aVgVwU#`vh7Q@dC1wmqyJ5_Vhg}vuB+yxPz%<n!lcFu+$g9
zGhO97JwR2B<mtl0{)9U?JGt9>Qq4y*GPXdl8L;y61cIivTQoCNRnKqmXE&WVo|&G4
zk7nQb;T{;q=59TPbePsS2uUCeVA2lrBCk51-+N4$s^!}T4`V23Xf6sTq+HWLZz8H>
z&WFz8C&t5<H3!rlqsp?<C9QWdnhC9M^$C*@=^y8)WUR*a9{7x#DT7Y66C3sEL?Au4
zxE{vcsUuNR7YVLNN#<J)g|Q$-fSVkm!Td^J2JU{y4bUbCqb7Knp4~_qA#SPVvtu|V
z{zRnbB%ht>CO>>oY~D(D@w%@xZk%jcGB|w%&KY0yNE(pNh6>O=#5A2k1&;A?FM!Wv
zFU8p@#NXPQ#AIrZUre{bf9(vCAMi|iRQk%vTC(ZgpOScIBO;2zurowwXK@_m?f)k_
z)&%Qn3%fOpg>q~q$!Fvi1Cgr11H?~uC|>q>Q4>UQ`O`w2eh6i@|2*@{<SE3>e0Da=
zo1H*4dyI;jprJm+a4`xv6($srEg3R7##)Pf&icl)e{cXfr%hZpBD`oBfAI{SL%Qg7
z-KDW8`;w$1+z~lz(4@18?(s9CFk6Od;l=-=ICpvf!i)7L&K2UmgV}nH*7lRtM_D}N
zpR!je?!QcC)(^A#0<8>(=G^I@$~eW#Ja-uWK#6NY`+QX?6;$^qA2IptxQi|7jml+~
zqaP7|{Bw@@Wx&0`4I&KA3kJvQr$c&h-Z?4|)ZptZ!zFY}E8^_R7$uJmCmsL_8Zv{B
zhDRk451ukpzIJ`4g_K(~Q+5*c!9wRv6A#!e42vS)`KybQMa~%YhTKj|KDB5D!Ly4-
zBJMxhL4U5m<AVjEaM;iWH*V9o;iziF91XTV*2Upg0y}PHXOHjLl{hMk>1K}`H)6Ka
zZd|!(uh}~?A{7%dMus;!YoA_inUQVn>Eghk@{%w{`WLt>q`@@2Z5M_EdDBAd@g{`@
z$6z%ILjecd#b!+ZtR5aU1@ex+Ii0rXm0qS)>{g6suH{Gna7Vx1wf6wJ_uCgS9jEbH
zFUTy5xAi3y=7qvLrs2}dD6^>i#HBC6m&V8kUkIdkwjBaX<S3*eZv#u{>7@8;{x#|a
zPt`~ffV{mbr3sY8s5DwKY>5N?e_><+8u4Am*z__+-!L5R0!!HGq#%j)>yj;Dq(S3I
zIA%0Bl(mna>CHTPRZ_7jArzUkT==!<q4~QE0qcl~{#lsxCEEXb4st}B=WAW7CgIZ(
zCnJ@q`l~r|2Z(y=m;6xlE~gRhwl6OWl-ZZ%l>@&~LBSv_^IUnr1hN?T6B$Joagywb
zEr<(?jK{oL5a=wMQd*MjF;=**-aXKG*PZ!mut1{)C7$Y;z!`g1>XcR0MW|%iH>@%2
z>G|~{A(r)9JOZi&|0hcLCm>S1-y2shp6)~VW>)UwbkBPj@s#D2a!>HA2EH%S1SA|t
zmQ3(u%XhKQ@BQrK;`_mj(bt$%%;gWP4mKrAbmK87>eP1XLsf+kAC@Hsy({xcx+$jz
zQCg@Kp`FOG2K$MqY54;A30FngHamP427B;EvcfI648eKRMlaWKpZT`QjP7&~h<=kR
z<oST_mS%lCojc7)w*9i33KPT`kN^dy6TzsAnHPfa+~t0rep(mp;bkguw}`LD;@q6i
zA^x3hhOB6ME(kz(DE*>|@7(>4$ajWl@*3K^xIBT0qzR_l#?ZQ861gyiJhSS>Fg^n1
zEE`}*c6-6uSgemzIVzVjX)u(+zxCLDvNDwbAT|k<EcX@Lh`OyM+|ZvVAv+qp6#F*k
z9qE&{DIARXjT3(yFJ`cD$j~~pe6nxBa?9^U<*QX32*GK8f%A~0LdZt^Vnv=>LvJ$@
z5L`Gyp+mlfz{PQ{b5)^g=4^A{|AFh}_hBfg(!}1YA+Y@m;obyu+Y9qPI^Kd@oH!5{
zEpyM|0hb985O6EkEfVC717L^V999j0<Yen`=mOvx^k1g4>&7#=s5Upyz!mF!Ky#1&
z6#r~r_u1m}_6zALF<#RNH*L;7xiYyOJt8lGus!0+rs07IhyIq0(_1h=a#QV^hF{5z
z1Wc<96umneMoqnLS}x3;p@`B})`lhpW5i4K^Z%TuNq|h-wuBr7=g?|sCyuvLhzq_S
z;*Lo&6X`XQ_N+%SAJ2*T2V;3}UHnZX-|5hLwnHTOD~Ek?XCksB!)mHpN{{}GmAAo5
zTgs`{E0X%t`l=+y`)c89DafR%uD9A5nS3v=kBdsdGFQqFTx)^y>h2qNzSedTH@d+9
zwF{1*8G40FB8{;T{b*A>w^wKC<zr&SL;|E8qGeOvCoC+{>BqtwiD67bVaW(wW*?|h
z=pmn39guOFAcPYgyi?=NQ)kEoa=vT)1E-@F8lHxY4Tv3eX|GN)OXMqi9P;vZZ=hd2
z9vAoYW=;mHGlS&~lHk`<+BnQg_?(N<O(N01?WqorIs+(M7Ww@$p!wzIBn;m!V<N(W
zQ$e@%o`fwi9bRjgH<|uJ=GLIAStkZ`<~#L5`IV*f^#Qmsa!zNsX|=uaX_}HFZ^+#<
z9zXJy8_V`5Oow#E-;*S9lIe>5lX<w_6J^^6iXbCFdA<NbU0*>4z5x1(v^>S9h8r4V
zp}ge68w81+Y$0ONDmbpZ)GQ(5Y397pEJb2>p*)qwn?vl2UQ4%k=(T?DFLv)h{(f&A
zyLa#*5=pnE6M5kz2bjasZBkh;Jb*5o!!f8|2r;4fx7KjM04il9YKw~E&E9U7t*K{#
z5wH+#0{~8pgj=_Vl+e2kE)NDpX!UIaRzohsRbZ(_9|boYZ~mqTqG`G0ji$vp*;i>}
z8o;czF(tD(r?`U`=8>kCdzA~ErqsU&QapyHu!TToFAG78g_1=Xj$u6rC>y7J`m?4h
zQ*HjI0L*UQfpOIO<>62|BJ$;tD;ilV9q=-T0vOU+O%|IQ740C&-Q#qavN2aA<e@Q)
zT&2dtPm#+7@1&o8gxIs6cMQprX>(H4SkQq_YFGM3U+7iekSj}F8GAG?v;3u!9}^Ik
zsK+GK$Q454bZlpy<|}6o_d3DYKegvymbYTInn8GZ&DKfJmn2Y=mbW4^n^8S|DHppu
zead<!hYEbm(Cf$<h2Roulx=2v!akY6K~ywD%gS3R$*MTrzWl!&vsUgJ*q%`G*gEBe
z8dF46d4z=;$D7!Awze(Y@ZG54*4`!<*QfTv-zMD73K6))&i29^fRa7e8gRY{kL3vK
zK^4E85ge?wNbPC5?GNp7Om8=++R&mWG0Pw{@3H$=XnEhNu&}webn3~aX!GM{4!(nV
z$`Mc-MrZNktT{t5Z6?c|$vid7>kjpa@x)l*<r$8Oug03-41Pw;HPN}j^ZHHg>qCer
zG9}Y20vpp$4sZoB)fr6Ng4{aOX=_lec(&@&4<?uTv+hgX-S6QvVPpcdiPh64hy@6l
zK65kBYJpa}j+hL3R34oJrsPzFrSSMw!u?RvZn&qLe*LmeOm>l!q^|4IdU6o#j$WC#
z;(mru?X0C>PW}*S5El$_d6Uh|0(2PDy?|7x=%v)X3CT`<Fzm9m7<P`T47B$)hsq<R
zbBE0nE&V=UF5#ZJD(!oCSdxfTsqDRrdUCz&Uqcpd?%8}dX}aQ*^lKj#?}ssw&n(}k
zRCc2pj&RPtQ%ceYss!`u&kM;w^AG0CJn8u6>@@vg4}<Fd@$7U+(N%(KiJo#HGp_&D
zuv-ARA-0SxBii-JMXOT-*N|J^F$bLP5k>MtYa4_*@ir%K|F|=A;dg|?rY#RJ*{3c~
zKHuYLW_B#U)e}@=oTTXjc(c<O?udQ<>_Pz-Ygg#w+Cad+b%wG(f<F$<njXtN$`*Re
zM>dg&Z8Kq3b#b37AAwEji|*d7C=38d!f_aF3eV~<g6p?Q{{4eSH0=C&7gr~jIXB2V
zs`0O9Hp>vc6K}*vZY#sjhiSTvpGT!LPIxRnP`0YK&`W{UvJjES;kK%Juk){+VU*Di
ze|Y9Xd_S<Qk<troZ`&GZ6!;=4^Vg5+iNcxKxQi`7TXlD$>~a2lt5K+($|Sn=Vtlz=
z-t6+UHop+ld+N^&RFJeIAXB$zo2zboNEo&q$v@7nV#ZhJ^{?!PU6<#dX~4|!SxsG}
zGx@kP;1*uYPRgxvl?u2#rVQ_}B8}@Gh@#>+mv{33%{i9dg@WXs?doDW@esW{eQDgW
zR8}zSOPR`tvNBonG{vQzjZu%JUUQBL7R0#ia3#~RH;+@oZ(Lj4*(-s-yAsz#geW6z
z<DZd%EBvDp24OnBn3DR!<Lc`)ox=eCwt7Os>6{Ar&d|8+;U^`NisxGoDDswMr|rMD
z{^E<Oz#(Mq)}aCj&k2ZAJNl{k(S)Mkg9-KRQOg2bpR6sH1|c#^AJ1^8jQj>wmvsR_
zi9vALEK$82#c1YzO)%tH{CoLa-`h~`KftAcpJv#30p)3jZYD}!+`{1O+hJ?%Wk?TE
z<XB?ekX9!?n(z0QQ>$cBp9uz2WP#(yM$iDwgU`m*c?RK1R_`K44Cxs!N!?iWXB{ME
zEB>yZh;{KV)i&|a9;mKx8`}AEr~BK*L_Pqp$%5M~wnZMLx)wqJ{}6pZ9d~#A8kZj>
zyR3xV10MfLawNYp8cn!_ToTHKM}OvT`+#EQ-TELqbvwVfWAY$Lh3<hDSSdCMpAP~W
zOT-iha}m(ZM1%_^y35MvGy?bSm;&Q{Lz~C~0L*Q0f5)Emh=mLur|b={jRhAkrSSDC
zj_=2GLN>=IC!r-^T7J)2szc!iL2lF{d!$k!Wr9E;9KD}$ccm!RUO}wGj*`Kuzqc;>
zOOOGxMcI!T7gT(zCU&uGM>GL*wrhgKX(=|Nft`f|>xP@`M3ezVXnK8{dUcxbwal>j
zpA8)9Rn;iVI#ab~zBwgByyej1dw*s)Pb_==N^U){rvDc|qaP?petxZ<;ZU}RJc<d?
z2xlGcECrxvTf(J|{B4Q6(_h^2)=p_`$lz$@*}D+gTjoKT2-kE(iJXp*Uja#Y3iuqi
z{x_|RC>MU2PS#p$pVn|g3ML6N$E_u`n05yGAtdg-8e;~Ne#;;Xi;wqBqMJzo$04s(
z+;QQFf19~=ZX27c=<~GbpU(N+oZoDio2oG1x3E1)rHL_wW__uaHsQKfWvSNSh`FRe
z@i34`pOS>_giswu@jnW0;3uGPP@^ZaEp6-hbm+J2s|Io5IG3hH5#O^Hk8MbuZ#;hJ
z5WBbVuf+6FY;SAi4#x^%AN~04zCp?VehDAKwngr;TRS2z&F`sSN8sma9w4~w=)PNf
zxkj~nhG`u}IBFw=>caJY`@-)@USs!aNi>a#ip%w0jPC)0N$-E8Q*_<6?{Ue8vwO|)
z6^Hfht^C!1Z;uYPDF4JCOjvIBy6pjT0D+W6<Oee+UVC+qrWLh$4uM-h<frn<RuFCX
z5h`e|4KXU1O&jBCS2tu|0c!o%YlLF+Ir~hapMIS)wiRGx1-HNzJ2lyU(=d2ZT}y?f
zrq>Uo6J)F#gl=*2b)NhOn`d@l<>ko0e{|uM&e*B*(bkuk2I|&B9N_brYD5@9<S-#<
z4!_bLgPr}qrEt~s?aXQST;cQmZiA)JpHeR`nOVH$hS4-ikZqn<Z=(YH{c}6tow9w2
z*J?yo#~A#aLG6gLnL`|p5ew=-%EG5z^e;o|<%x}Re=j5=+7Rnq(yT9G_%w|IvW6I!
zwvg^CFKWWIZJ`vV)WeCK+hGmB@8x;wAc@xI=oG%`o0A`Ta{07}pcK1{oAgZ2WuV>>
z@-$7Gh#Avz$drs7ql+8m>RWrqjP~eY@EG|Nr%Nc@7u|ved-?*l6kU{L-J??}1v(2{
zUOo(EO4}tP`_w(c9?8DgO$P36eK_KiM+Ogk$qOX6*iCXS!(&VczG3^(n@7(ce|nLx
zWMD;0>?S0jKCOsrXP>Z#is|ripPJmD7H;b5y9{UShCO}kCIy+K{lF-%uRG0pu0C3;
zqdifN*8cb`!IcBpwSD9tS39B}Nz&NO#4yL(Zo|XJ!J1COU+7@0{}LN=X-qG6!w;l~
zss@ZMdVt{@W<pIEpM43;*=^mkB<ca)4(}iN^n#<3%Dy<=`kFYt5+m?<QV>sFMd`VL
z1%0q;D|HYYmU*q?2VoBkhA$KNwgB9|vUg8EfH)&5emD+SPd_|4;SckCOhzR;Dd%a>
zJH4A!Y~Hm&3x`Fv5u-v;%lk#P0i!}MLy2*2(%df-Tr@d9wr^(DoEDYeN@x?j+37FA
zIQ8R_e;||oPdwiULG-$D$>04}+#ja|vVyA#hLAe`f+W>gSzrrr>{XXcFqrp^)B6gN
z+tZJd)z?Pc)9cwfpW4^Pa38_d)O2uz_hAuBvNt>LotfV5x=C7`M&zUrQrk25_H6&-
z7WOtLXYjaJl(KsI9;Onu{*fPO-NkNSwQSH^0KarPD~(-_eQsbU9*Un~f!<j8twxdF
zq1&8~B?))ps}!zklRyJWOdfnXZZpf#Cw~>`tl`4004h~Mku96ALO3IFeTnQBDkIP6
z%xN!G!r(c2aDO69k-n;>z*Qye#2K2ec4kSO*zGN~?{89%ONA~dK3obz_A6GxFzMam
zh?APcQetM3k8!+>EntZtI&<jz44u4%IA`p*pbP&j(!ok5(=Yx&1p?bk6pZ{~D&wiT
z?X2VaWI~PN99i@m58UYbp!BJ0F;D|#xT<m(@*2|34T9x2m))o#-R|{x<~>&12;5;)
z5CTQpu$|@c#ASY*&o&!<Z1DV0_+UTx^3(4<hX83_gMm|aHHC;YSz`FM4}oJOm+Q0^
z6x)tBxT@y(da}FQbU{as<VUCyDgjQt099MRF1R+K#oZGY(|H{<hwqEKFClTx=Taj}
z81)aIWC6=z1o=0g9!zz+A$ZXororl%5?JyCUfAqxIIYP1$-h^a0-&#||EdTau86nv
ztA`(u4Ad(ZcmH{52nZ>UfDqb%qQ|uc4-|?Q5O)2Z-a=PoD|N)1{$>9}a0zf;zJt4;
z1$My!`N20*zc%d54|==b=QZR9`E2+#g1r1+z}8IO{2&2Zb?}3nr?T<gF1Z}8P4VO^
zW*Mw*Al?lB1=q%Oa&-sf-+<yL{!hD}#RoNHIt~P6F!1*BkLz7E?QHA$CXP6;Ee0g1
z#H&Z{y%CXE1RuA(w)mCXOkXkhuj9gD&|X`0T=3dFx>xHR-l9BFz5DmL<Ml;~0hTSk
zMcc`=@Jd)>2WPvJ*{ZB(%*sDHl$ucL7cCm2miq_mi(k=Oo6mSp<)vZ^Vba`Ze(tGx
zXqcp~B~po@Bfyz%*3~$4MmAnr09vjC%MRG$S$U9N>VRLPwG@yly)Am@Z*8sx#l63{
z&T=`an(tsjjMqDO8~9{Mn-8HLM*A2G_8)uh8qXu{dgv9!e&N>(T9RQ`G`rsSHf9l*
zvnU|SvQD*m4Mcy*a2l(Jxegw7LENd|PBE})^fO+0>EdbMGo{GH)J$+uDO3S9Uyf24
zLy6YRpOK+xO=-@0R{MUeeByCZtZZ7QqgQ_%P@zi6Cf1+SdQXEE`7)o^3cdUg%0hR9
zzR4;@I|A8w$AxuKDT7h1gWlLI77O9Mo6RR_=AfmcGd#aDem#XrJZ=@goYYKN^tV8G
zf<WPfSoJGUbwvb}zEg88wSt2!RBBLG)4hw$rxYR`_AN;W{&zxL!gro6F&Z&y$Ip|l
zrD%1pJ<J-v*6nqjZyX}pzw*!py`M*kWrex3f^GvQ(d#Hn&W?k1Bx7qS!}JH<j*Qq9
z8nY!w6rsJ%t0baR_W1a}ll8GVg5*?4Sh|lMh12C8=QVj0m0+CUjeK%nzs?jP@2Aij
zQb`LDKtHeey)`ejbKcm^99mSacg`Rv@)0|bsbsor+~xI1h&<Bsa;3cUc7Oy1gL|$!
zfw@<IB;Q|p-jhfIf}$}A@3T+dC5eMJCmy~pSq`^-_)Tvju(tB$nSc@l-N!-iKO#T6
zq%=Gp1=&1K#1nCdnqvsgwuP5cj=M+wF>4YK>^O_mmLyL8zN>dg(;Kcrl0D+;<#ubH
z+yoC}AJ)F1v{O~jE@&f2N<BXf+~`6wC4R%bfSuU%Cqil7EXj0{H5$;3t7yfOk-r01
zlBhOMi_$6Kuo(VctzUO+xyr0?(=&fIolpfgPRydW^Jy>T&!n_sFOJ?NQQT+*Dc*@j
zh2kDU9H7J5Pqgh8c{TklpjHrEB);e-@R*>kKd5Cx8ek4)b49ijN7rVaU_z*V*V~N0
zPgU{WJ}H&H7T(SWQroecL#&@55(r_o0t@NVpnQXGfa8?sJ%jtA-`93qfVw$?S-Ob6
zAW^C5_yW{8wBtSn?3V#2k_MUlIw1%ZZkFD`6f}~r{><aQka4xz8th-=5x<7Poto>p
zuzk|&io*E&GyLj#FlOJ}ru)Lj9UJEeNrczmgV0Xp8G(6JYmaaJQgE7O`tiO^Sz=s3
zRF2J}YYQ%QBW8cdunhzuIF@GWC1r7S#!4kX96%*{UT+gLE^u_P8_t3exlr6#_hpcA
zI{h*oL%2qH;h5Rbhupa91NV@nBloFyd<MhjFp#gMr+$sBIx!;c@|WSc56=!h96ahi
z&m$MZqSXlYCt$gFpfO`R1+g8jEO*;gVhe7z<%+*vpE$37L=1^X*zxwdHTeiFyu%ju
z9)catJ{cU~+p!LTfc_6h-AcN)liIs`7)%pkq%GNTSNXD+T#9ZBuFT6HzljtA*|+Z`
zHMgEH4WZ_kw5PoEZaLRu@6jH&gPhbve!C2u#b@8UK5$NmkvK>u-BaHQ>)r5gvk-j*
zh{kY!cEz7cs)2nUun1K_Xd1WQjCUy=`BKbDul%4kx2NF&p4j)2g$3HUMEQqxk*-RU
z=zh!C<Uhyb?>cBzSenYF;jd{BywNLkf`!JxT>8btuLZ@MD1KrO!oKNtkh-4#=Ea4v
zrpWiAIM4*8a=E}j|KuaP$7z^C+4XP;^ZOcFgN4Xs32p=213JVV56oG^z{P!3Enz~K
zoa0R4x_p+(DSoEf>qVNXLUe1t*QfM~?4^5mpilYMuQ!z1TWEu;T^Rz;TLL{H(Vvk_
zUC9UT&ybjE<Q#aI-4UF9ZU2yz4lzv>1*2l3%iwm)KS+^khH^fuTCHXUZ#)zEhD}w_
zMrG#SmI<X5AD1jQ`R$534OMjAkslX6`CH?_5u+{m15mEMbR?m^EC%2@Tn{1T1v}<C
zq)-29L#FI5){`$+tU~OT8jwRu?{NeZNJ1{jxAtPBD=NSPd-DQ|Rtd*oam?~9JBxKa
zOSwe4%rgCDI#YQMGE&{yA&UaJLLZcNf_ZK$4<-wdmN)pDMOpILw<@Xgos*cN)SggO
zQHCr@1*99tRxSO{w|3>rjJ=d~<ke${J%tU`flS|vzELO36M|z0^a7V5uS3v0Q%7vh
zYp51$*N(u}Pge>U+Zq$ReoTmI6WXLjo-({4Aj|~~EMJ&ph}2Xz%knxV<#2mZ4*`|*
zX6Ep(-<Pz|VYnSmmbWtqeAX*h`<I?l+Vc<{Ku-a1y?f@JsC1hzN7UL1q?V*RYyi{l
z$_<w{`vNFV@Hd?5Mny519sUAcvblb)<l5zZ;B8`$nj3?6<Id_;U3*;s<Hfb(^jF9J
zv6KsoPCt|4*Mz~54^%xDMuzzPR`tSGpHhpB>f6A5E?@x@AxnI~b70P9xv<USwThTr
znR0ePY^!q;-KVg7n#BTNO17)XJ=7a67oB+(ka6fzkyqD%{lIw9;w`^XeG|6UELLOU
zA|(vJ@Hq-6&@boR=zH#qWT?k}ULD@_p@jXnQI#>5+cVq=UccX-C@p9E2yvG7e2Z+q
zxmL9gt_mOBfu3bK;=cNdwC8vW!V(kYW*s<p;kcDm;+tAk2Y)ef=#r4Uem60Es~D{G
z6lmEE<Ah0@u&UBk%KAyL@O3t!)?R#60Jl6^ZSbX4+=D+clDPaOtx#-Z2Wd^dYfFlf
zS4qYF3Nl64mB0>y2O|P^1beQKUz}gBOZdJjxBD8%gN^o(rhgR>o)m?<r7=P$co~6a
ztu8WVGcY=c)P%+A#GmS!T~EWYKm+M^1!*g<@oL}@j=MFbjme~hQ0am$#HjC&``zFw
zz+W}};Ws-NC@cz>knxKDBSev;A~<;k_jCtF2T>!PLZ4ATpCg5a-0dpx_l9nyqPN<D
z3bBS5iA|1>q?36J|H=pw2C!0FddD7yzOq_3I?F;OBsJFoc$uA))HSQklSadDXUxd4
zzCkY_?R<g@yO1!Ys61L>?TT0<Gxb{j@8`<ul+*tT**RobFMVR;5;84V7twaW#cfMK
zNWN%RqHA&u?vIvzPwIP_@6!+{ZZz9S0P9t^c$-L?TvK5iNy#2zUo}$b4CcmD2+_i-
zk1FeUE(X$Whdafi+65u|65LH_K*DGo5d^Jc7Q0J&x9b3?w5f>h$~Kqm*>6=O*RB>_
z=2IULPv6(BGQ+bRGhYk6CTqhL2Jj!)4dnq#mWm=(#IxR45t<2q`hL&G$$Ug`tD<cK
zi$oH}sBaP5>c^^~8C)C(J^FS7G|S3T#Cfo-0`Q@bCUGTLIjN66&lwwTqe-)d36*CN
zowpUiS?2v-7jLkEUej8i4S{2HV@#9AU|#<kwOPJaVY8#GL~VS9CqPJg#Zi<~y5K<|
zQ$5uA+0k($l!0X<1oyNHrPJx32B!_!uEE!9MsMRgPQnO<Uw2nY^-{4`|NKFD@t4@`
zE=0g(1qd!-pS-S7+O+KZahBV;w*GdZEX$|4Z^Q7}2VHosdfWm3=u;VwT5Ic5TK(zV
zEZD@s)fFWNueYo&%P%(52G|xgWhibSVxa!qz{vD4U=Guh++oAhF`{#wKF4hF1nL6D
zdLNen__8$(#DT}(B~`d@WfH?1kB08-H_WLe-UG?~Ov=4GH`~6@5{WNKD~OJNR~8|<
z=W`)*vwnCVW2k470Bsm(cibs<8wv%npX5a^ztG7xzK<$;o5vr#rIdL1mB`d++`Nxb
z%;Fbof0zzz7_?Kl4PCbJ`R(H@<5L)3)DGBnSVV`vA<q@{Gzi;VpjPba*I|mH)vb};
z%{3wvd_Wz<KPSXfVLCd38=?>jBz5(qh)!HWW+=`Xi@T|)gWqGQihZSN1JA!CuDZ2>
zjcLj5+zW$6|CYF8io~_G$9o3&KVpNWj`(LgHE<JmXFRW+Uzf<yrk2QGNfEN!@J6Hx
z3jCVSo&yUZ^UYW6U^wn#UrH<yzh1^-eNr4BaIhM1Fj*^Od8Xyic_iIjr;r(gI;0Ac
zh+yz`q8=C`3aNq)-6a)aIb=S;`^~p+cU$D|m<MWs-ws`|zQjW=VnVhf>(2+Z@IByH
zwZ7bl@Ly%d;lJ|s!94K?wP+gw@EXfS1>UG9b@%0!T68{P+<*Nr1*<K<Y6X1MHlX5Q
zxf=sgn}=e^y^t5R;MIOb`ign~PvHh5$FhZ#w=a%PD|IjzENwed5JHRuEzz!JJrX|}
zjU4HAJLv8s#FJDIN_$}2bU9B`v!S(+*xwme>dXWg3Ea36MtyyH83{C6P8^?4X!dND
zDL}VNpBl$Q*98n43@ChcIc@M4Dc%G1IBf!=_!XY5{rk=Oi6cz=cjz?lPmtVJ>OyJ>
zl!*pSy3uy$oVFBV=w9w%{@5%Bwu)t+F8P5P-hT!oH{+gyZ`5CRr54<Y5ww7siKz)%
z47;cP6B~zbtGLJa+i0jdL`e@Uw;m@w>QA~Cj;*IQn`J%Qq_<~q@TybDl+z{L(?%nt
zBV*33QVf*Z$pa`ma-OI_@Sr~H|L3$HdKr>faEmhxr4EMQ2V~1gV0Z%*5Zr>5{Yzx{
z(nphCgn?QI^ZMwYl`KMo7gvVX_V38+1CrNKWq%Gg0oj6$sWA}hJowYl+9u7QY#<a#
z9H7|Fz+P)$tM&ni7AEg!DJsIT$Yr>-Vl3V}4{#iLtDlO{r%-mQ|Ms&mYZ~rD9Nhm0
zac>=0*Yf0x1_Hq$SO`vljXS|DSa5f@;I?s>AVGq=69^LA-9314cX!`xg58yK&dj~@
z-n)PN=G{BP2Uy+J^{wjewV``eSJg6RvR>@5ia1g$Wqpk7Yg9)foPyD?*R8OMJn&EF
zD%WV}ckb*VoU_(60UjaI9Vl&dm%fN?5pX(bZ)t;yv5wBf!ruOA<y}9GJenzEB?e#h
zb8K6#0I)v7xfl#b!l`V{NbAH(pyi_frg%05z0qS!o8av2oCJA)o%DPPkN{(@L<bPC
z8+oJ#2&iH&-=GOt`ioAdv_;TAX)BAM+vdP1_Une;&|dfDogKh@5NW;9`gY0y%2s|f
zm4V<c6EVQGdC1?HINpl=e1hUivi=)q>mrhy592)PZS)znI>veIPxlH1N3&{a)g_+4
z)&(FZ3Za7o$vPvenM3c4r~i>j*=A_^)e93YJ(4xNWB$(eBO~%M@4BV1a|5g>Ac>{R
zd(5ZbsMr(0-(9yswk7#*OlG`|iUU^6N4#V52VD8YCV*s)w;_ZTcAo7<lS_KB1(3&z
z8*P61XYY_d+~8B?k~+9yK6zr1Iix=JV{KHpy`n^CiEfEJ*N_@g?e=KZ4eBTu5WA+3
zXX>t)-VA-BZYO`>0O4&&4B}2iLme=EPq6gKVUrTn^gbQ3%ZUkXZje84!<C2n_O6IS
zeMZ6DX4!f9almWRfeV(44+&BeFJPYZu?ur>`FI>(YgH|!g?Ud|#>iSerchcwPQl}H
zBc)Bp!`=v(DfTn6Y?Re|1*J-;(i3p26ef!YsZ7NIl>D<whxgXj@6v^k!)URi3R(*#
za;4oX^%#pEPm&hMz+a_m2Z-uDX%)td_27F|Kgz{Dfb;e&?U#2i&;(EQ{y7q)S`k<B
z*&6`Ji{2|f#!4Ely1kQ!2elkWQN-#-A!{^7xP@&yLV;BxYgVTm_9Dst^F@>de@271
zOoSW%=4tCrUG0(pNzP5uoN}bw18Jp2CY|uDyZ@-iaKkqDPvZSCop#Wej{flb)eB%9
z+o>yE5_m#d(D8-aC&2*o+TWeRY!OE{^4Z^&*EpEB8SXJw#1wffZ^69TV-&)=NZO)L
zc6$I;E}o>r%P5KE%m(kdW%mJt%A3DB^8C^)@VBHzxp&u?PSnfoe>gOzJ%-)3-kw2G
zTvr{B{kKS-12!2oV44PAmI7>n{|IWe3Mk;mth`Fv(slL#B;F>?@wTQqQ5sKAZ;xiA
zm1$vDaXDF4naOp|r1R8i)leDR?@rr|rum0(IjQEFMYZ<;O{0G|tsnl40AHHP`;=;3
zh0Tm$hNW=8P@C_5NM8A$BGykwiE@%sI1HeiPFA;O@+Y&UNR1xs63t@jzx+%7QMZuJ
z!vbelL$$s=N~FOKycuqqv81|KtS&F9ZKxP)rvAE&jEAm7T2nl7zNGY|iq5KYu%wjH
zD^U$p{OwRj;!+cLW~(`4NIO|gNvNv0l$-}mwNOJ#Ef=lKUOcS0v>c^K$2vFIeG~E7
ziBf}_^TNs#skKj!D(-U}9>bMgK{^{m)3DG}VurS}Cicz1d!ni!8OG-oVWhWcke?b-
zioszW>)533)lc8>%e04|8s%2$nh@U!VS|YGOcQ=0i^NNHipo2$$A|~_G?pWN>eUOS
zWp}gY7Xxer^cCopDO)I$7l8?x3jBB2=?rN{v@pjMv0#_rtqIu|Iv@@9H}=ORVzBdd
zc-WOujm<AyPiEjsDeRd1^}M)XjzU9F4Ce&pI)7tZD_%%So<z7ezNk+UX=YmAg`L+{
z@gX<F>ztj%LH<YtJKvJW<X?t`t|_ss_oBrL@~%Q1h6}H=+>sMFh;wj&Iqm@=Yx-@L
zM2913b^x&Qz20Iw>HNl~7xlBM*@*M-l?q-mwC(3ehI13G2qK_E`~4{|GSyrX#9O{b
z)sb16tXPy5vM-GsGvAWTKRi-26i7pQYrq!)gmAAAz8<xL2om|%=q@Afd6O(IC>!W}
zPsTyCtygVKqoMh@yz7t5^RXq!TS*z7+N_nh4h1iGP29I~u5hlALUMfQlB7|kSP-Pf
zdkFltBud}Mh8E!ihr+vw?Wf9JBe3jpomyBhy=3~HhqOY#(<E*R<F;_zEY2u{q1G45
zQy)rV>wW=e4<hoUJVfp_aw#7B8cIVn`XSUNlG~sjl@wGnykaAjUDNZ4W34R|1A)8}
z_~vekHzB^bxRTN^m`;e&uNaKvx-~|D2TMGyTe)kp9WT)xR%5;|;5S-vM6<sv0v*I}
z14FlOV~P4CR>QG;j@JC@s4tk+oZTLpD96cE+>VOE#-6yb#ySlLQTqAb-O|M<>DgeI
zA69x@6RI4q`@Up*yi(}B4C|IJQ$Z}2?o~$X?hx525+<3O-xIK`hk%nXWXSD^2p2Qw
zFGTg^$%K6l39}EsQs$InS9x!4+(@Coa5@wVVLEZVHJC9UJd+{MnAi=)>dD0?u;uwe
zf&`+mk;1a(mA)<u^0C>V{mM@Y`o;7%M`#T#u0)=F+Oc1|Kyg_2YUQGXIV|I5GR|8_
z8mpp<aZX}f!x4+o1^MQ67^MkEV~=kwSC?hB;?%YB)Fn#}>9mlW+}AuGMa>)d8guWe
z)mBh$q+uIHlA6(F^9u5rH@7MMLUKJN=bhO*Tg&9cNM`7Y02}$PH(Mk4?d(iaAARMy
z21S;m>r8G5J>hc9O7!+EXd-UsbeJygEAg-bNL=1wqlm%~;;~K_ksspv{VMpEC$v9R
zBZfliJs(1=ms#b^^Z{Y>tM}l{k2ZHOB?<LEwWL%pD+N6dE8;G}f`n4~EX(Y{Q9`X2
z@JJu%5nd^_UljTB(hoc!#Rw_pRn)<?+PIgx{4(vG$@uuoG3_}vG^^vj%koKr+_U|e
z_~9h&fnRmlDZbco{dGigv)$m$$hNy~3=yox;CI0|hA*9Y#l_p6RCk}(ks}f<)TUkE
z&$xlo+#57@Zqta|Tqq%ozd;V-7EZOhAzD{WWo2jvIyam9)033xyOPT8M@9o9vGbRP
z_+G#0rqRBe9w!EZ<1?A$q8!_^Hi~Ga$8KAwL_Ls-n`t@;b)fILJH@YUF)2^YeJJki
zPKDX`nbW!ub%}c_Qt2je9Y1xL6^m&|Htvj;|EVjlA!F&0&pe>PmdzmskuV35$nYQ7
zM3YLz8gV0Vm1xe=8C7(hUA@uXUy<w$x33u#E@q2vt}qEpx)me}8{?kxB8?K;`-a<w
z@p!QsQr~(joIT-48s<*Ac)5y@XhE21A9ma2mnpqnSCd7;)$2KA7iz2B@@`heO;i@N
z_)M&vnWYhinvxZcZ!7@f>-}AG{92{!ZsJ?gZ)xK`r;SQ=TjzD7aYqppDe^D$+Eg4g
zya)ASL?jmS-X^RSYOu}=y&hfHkvvp_Ow=?k(>&z6(kx%NiowCz=ZzOlX%8?wyZY_V
zpDPGL#SZsb{noAW>Gb+f_Nz|93<}(Sf?l*uap#K0g*Fu3z9)Z0U?qTo-XEQv{G5%f
zG>@LT@#2{hszM;RIO*eW(K|`JS-n7PMhR0Wa6Ehy{60GHRrq<Z!iAa$&pPH5Ub&f6
zfh9$~T=WXeVb+AQTDO-dgp59wa7*&j021)=viuce5%e1zA{L*YDrxYVE?W99R#C*e
z_W?fRrGq!l(Q0Ulb&h9o1)m(r@OYXyWa;QZ!>VJZD3s8vsW*Q19cGB=1a{gUan?}$
z3;u(n2R);BJxy6g=#we+M+S*%uGxdSBy)0?oBn#597Zdr=Aqb7v&o|^=R^w3(L8Gs
z;e=2#N8sU9Ne&{TuE7Iarh&x4$jnjJb3i9S-YjiDdO$~~q$j?nthXcSJUU0Xpvnw3
zcn-0KbsAo(v;;e{>7y!P7D$y_{kA5CJ&N$#al1(Cd|t2U^6_tiT=ix{yG@=Jmj{X;
zts8)(QWcM^ekTi0b&DN~$}T#^Mlu{WMPC?aD)R~IRi~1y7M106iY;Y0Y>Sc@XR7nH
z>s5!7tWuS2tskGPJ*pqA>-<h26$PrGROQ5k6N8dJGJ({7^{NX=bW6&nI>k0JYBojT
zjA~W+boHuzNyUrGYC6SMGNudq3`<{4y{c@OlTP}o+cfL(h9SoPGO^C4BI#tNx=p)Y
zV;Ew!pwGBeV(Rr@OB}6k)2inhhL|m^GAyN=dezw2C!PG)65WO&b_=VFOD(2e4K`;<
zCo9!$I`#jxL_vn75Yzig8`7kco@yV>dW>O+(Zb(EpKPzfNWSz?!`3IBfQWRbuFK5_
z25v95uE<0Zb4QD=rnvo{!OUCMO@|z4P>;6*iAgJUl1vwddnn%%1i=sLXm<Wi7zt&0
z=P``5>9-aolF1HCPg!l{28Mih{@1?Wfh@wF`7ep+0=J^s^^8+#Fy4&qGCDt6=FHPA
z4@T@@q`1EMkbAo=V`0fGrlXt7j2cyMx%!qSETu+f!@|UBQ?>~8HAV)QuyDXT^qq+f
z+#waP$6CCeBWrrEB)Y}a@rBEE?KvCgqeUFll@dGCy5m5P?mVd9v#WLmgPx|(>m0^T
zEgE}ggr%SA+uJ6<^nC&eR8VhEOy@l6k{iHh`u)(`im@xH9zb@4QqUf9h(^qa0?PE8
zGAbH~<E#E`S-FCdmWO7=zqlGA+kccVP(V!i>!aRcwpQl&%`wd8nL)HU4qT%}g8}p2
zZ|lVsggvo_>=)Q4HxxgUv$uje{cgeM*YEm1(^_mIR7vTd3lv>|Cblz=&<?Km;&4Vz
zo_)$ad}5E&&<U0<)nmXIYgpvBC}!xWO%GnoX0i~N8kyes0BA%7y``38B5wJ`sj8>P
zktB2ooFq0<gbA+WUNac+`n<u1eWv%+sd|4DSrW{x@F)(;D90uC$Lb{j;k$mfTFPBK
zG63Jt(0Gd+X_X`vF}>)dk?UoIeYauM*rj;a>$G83BBSU_^pnl>V)mLbCxSfH2$rc<
zYHvg-P(}C}$Twe&qMMtZ3HnNcteMkE3N7W72w=SAt0k|qF+ZJZhU`hAXI}&AoM@!0
z9S=W4ZX1W}Wu?Es`Z3PL;-&ec1iv3w=5TMw0XDw5nb?&ClN^;>u@|D+Bh*>(_9%Er
zwG{jKFx0#<XuF!)D6h=(x=>dS6?(lNxVBo%B`@!jaI)f6tIY=|eDztZ2~%(V%(%x1
z#^kYm=+;H9dM5_fuXnX7s9_7_+61mXGqgaQ-3er8S>nZHO9)D<yvxcZA#;T45#zBZ
zEE3wCc<WurAEc8N{gXpqSQ1RZn}NM$o=y!5Urrn1Z}`4G?I~L6oM3)n;d_#s6JNsp
z2x`t6Io5caxWD|v9)3{ENVS_@y4N>2HCj&zR^B%_HZBw3;a$8bqwqKm-@MTD4aOfX
zr^(jTcpIDXhG43Kg>K?TY%Ls1&q$Ya()6fR0@L{-l@?Jft^_YwQ5bd@@itYGN?M=A
zRv&%^E1EE9A8XV&u+%?v@X`>~{``xYPq&F(BIgaS&8lScUQ;$kr5NFx!J?hbvSKAi
zRuNxn=~u<pG_fu*vqAnISBF{@RQBqL_=4+9BMBVFj;dPO=P6tjo1B`(71s}xE05UB
zPp_7*moo(zVe1Mt8X!)cqf1jITK7D_8?F!3B4CKuZ51kPPWJ2>Ahpu-zJTG*%QJB}
zsQ#O$m-cCwAmsXR);DT?Y06sj{tmlDpbV=%`{n6amj3ACIA9=Bs4za+3vClXD}pl?
zO@F4gS11uXIY=yfB&w<@)Tjcq%`8nhDpmomHVuUv*YiuhPyM-~ML~aqzHb4-%2%_#
z)Y@As^zbw_`~|yMUo`pPC(LRn-ubFFWMOHFC70>tV$b2R<-DsK{x29$FHaY1Aqkt4
z1HY=57ah+>6+u}a1-o~~zg%^$`GKxWvO97O9)JJ67EV3X@$XiEmVh*k8al<sGHSL(
z#f)lo`Nj3BGfBk@${aeyW->E2MQMy`4f%)lsw+vwOaH>cyEBkLC-m2H?Ru}FQk)@M
z<TwNYay!;70qeI`z4<W2W+97lsm9c+-ex@MWT9F>=l?wMKf7H2|6J|=1N^^dwf_%$
zjsKq2{y*$B{(DyY|FGBikE{Lv=N91qI?-}Lka4Nd^uE?6JLzPq+DE%yVHoniAwCKD
z<&O-K;To5`rj>1qrAP#IM8nB{=vw(gdo_B)9GB5$>eqn_I>^CBzdlmRHF&-?xUX<V
z7s+7<;_l+d%FK{>^#=`f$w<q;<;9yn$1w~I`mba(E;&52dE_u74Y-c!fIp72bQ})_
zng-Qakfn9V+3;={35j>1Bz1aWh>xyc26cnj?3HYJsF6=UbZ%)z!Raol4vA~wgCTz9
zLd;N@n0=_s16h!`A>Y{#A?6f$OCwZ!Fc3An!AjbO%q3yC&edfEef`9c2|4uJR6n?W
zq9~Hg#RI%u_#9+&kcsO_DpdnnH2Bl0iOfDGu+h5KfD&5Zd{A0iDR$d`q>hE~Vex**
z_CmOnlrErmfX%{|cN6)zBfFEgjI&O_nKTd>b!8qADS@!Lk4?g52A9ck`!z*w^j;A#
z6&;YpI+wQ$Tt>3e4sRqFOXKk}+>m+C>1H9OEFm*_<O(LvW@wJ#+4N(GHL9HW$`*+Y
zsGhi@ire(7+5(s30o5{BRCwKol;Xaq9EDQ70xS|y%of)C;B`z)@Rdn1C*K#?Q(xH`
zy8*@CztA|>{Q_Tryfm^iW&?_yGtsn7>mu3b-1n?%@x-FpP-n$z6PoqofrO+#ebIeP
znM@nPhPh|WFB>$W+2k(JHl?fkxaUSBm8jMvusoHVrzD|(Xs**~FB*#HF$I01<&Jz!
zz5ruBR0J%AF=kEz8{mzFD%2rC>B#XVET&hwT2nu|u@XN`L|<phHfV}5q$%cOhq^V<
zOi85Rf;a0G?dm0b1GB-6O!y69W7zVESFzuy=0gmiU?&nL5e6Z{)zufvc}U386X;d^
zvR7tw^_)Abz_j*grJuu`0B?FAI)j~g>J}3rH#5txrsj=$jQfRy%S!i&dj{{6jO3F}
z-@YVe2sWsQ^<%ZNCvX(IVSea1*?2)CiX*KwJdRTCCg2;KmeV}1DZ`7*pZ7fLNq<hx
zLs#003u@S8L^#fVSB^#eOW^+9>J>*Z@wq5b{ll^-@A_egdxfhc!t%rGvr+T|{}$3s
zx`}t?XXi0d^B5QUCo$-a(08jf#FH@8LcRAUA=lKifE<#)syR4wDUeE_IUQ(r<LXUR
z=Fbzl;OO<b5q*%fkd!$7TeL19x(^UtL%J!j^p3cSbhF%y8&$$6^MzexAbSATb`*s$
zpNn&+h7`+JTbYzeozL*y9~nF)a^uq`B~Qcr*>|%p^+M14d!|qm9|?O>lc!p9rd|`}
zT2fOb%2rJPev0^!V^iIem?v2BD41>|w{VfK&iEG?JJXo3IgIa$6@7j>mnv}U(o{6Y
zG;HGCq(7K#_|~L&84Wq_{mz1RHYjZ7NAFwvue>NKq1^0;*y-_OqD~;)UL&boaWN&h
z_(=UE2~Qb&f^8F0vAvtrO-+0GhEaw3cA~F_T!CA5FSg1PjTzMrnQm8TUA*XCLPYM0
z?>#jKE9pKObr!CT5he}uO-ODYPO~${@K<)Re%ldDl{oUZtnPQSZz{ir?mhVPm;mWq
zMQ4<J$qh3i&f{gBtB`Ixem1#jqEx(~`|K407!MPb3pc*;vq8UDSt`E@x!V-$cdLlm
zwi_WyOUC;W+EfOCoB2_3r*4w^jbhhQr4ZVMP;!7xas{8|&O#EaOZ4Tw<X0W0(0fm6
zu2Io=;C(ZJ3IuON>DT*%lvHfrFT#C~j~JM&H&06o^NY_$bg!N|fVr#qdaQiJ9P$07
z#<o^pL)yW<N@9i<LECQ<5q6{7!z(3a!pvkhDJ;FTH!Lbun-8}rtA@b^>koGU9_rMn
z_U|d~e59Q76xs{!<8ZcYqqw&=c0tUu7=;8C`@bLi)plPczOGsSPJ0k{O!;eQUvaJ>
zAgJZgZJ$2_rm%71Cm%d<^S1SN1+shYSm>uhc*C)+ithfW?&9p?pqaYRJ3=*G7Hwo#
zA@PwLMT9p*M=8-VNAOd5rP==XWDb)%BHqSjU!)szVXmla^J`I;lSo=tp{Aap{j8Kk
zUju_ATswJcwsbROD*XbHsY23x*Ht)TE5Fhk-hJd59mrqD9W*HmDYpdgnKWgeyZ;(;
zYG-Y6Y4zFcskI}vhZ*LoEvv;@PJ>x`>J-!-E;+T<QWID|P`l+Q+a#{iSeXL@XPj!c
zGiAk3VQMZKVe+3#JZJPkyn9DFO1Z^+38(5a6p-TkG<CJ;c>t^pfOphx>q?7B0I=TL
zR{w~3wXxuNnUF-TZ}I~J9;{ke{qbEU4Q+6H5~-S^gO6X=2>*oO)s$9np#vnqqbV^q
zE!(Q~EwiRs;D|XMfAHR{TrU^d%LF5dvKg4W308NFWZ$G_W@FmM*Xycs*<eiq^Xf;Z
zG<z!FZlk5T#+pl`N8bttcaC#kscDRa)^+)C_yO~=ib?IONQIWLye+slRo)`qvW2f-
zBDnSHe(f^xLm3-Vz~Ek<r*{^di0Y3HhISVckjI7tZkE524$U_P3Q(b^D92f<nNc;M
zkA-24+{ETG5%O1&b!J6xGk4+ni1!i#-Y4K4J7;91O<3wz&Nvvx|0<jE-cpIQa|S$A
zW*p@4^B4ung$H=pCLAE<5%Sm<U|w_^_hy$gd+%b-$iM1iwD99zFdBth+o}MAgDbDR
zJZB>`QbE85%(@B4RzbFui?;sd;AqDr4W`7x{&_D>2%3+>etX_2j^sE-MF%*YC<UM%
zNNT8(Z64;r=@{q2VshbuxUs^pGTdnBfUt=K!{lKxc=9nO=}Mgepx~>UV8~S%hU~r7
zlWv*|3)90ToA5%$p&J&)3=h<q)c8jLA&5JH+<cr%P$^&~1<)*IK@c%7j#S_Kk08(=
z#g0m_hR?*f?p;jM>(*b2K`{(9+7UcV5|hE-Ql1dhUqry5V0k_pp7!BH2;|LI^!7!i
z46GMH+2nvT7e05k>=!RIghB_<2L|wFIkqJg&3(GMr=^qUY>@O~yR!QHQ4Hi%c`JDF
znf5vz?W9Nw7kC}JUqUdtlYG6KDhn1qFx~~JsnRCmI5&LExL8I>G5G;69l(45zKvlX
zYTNzVN7CngXn&r-Q#_f9?2$E+CJ;wXVvG}7or9&?2R2|)At^@)nIJl!UT9!-qXdQS
znTMc|PB@xDFGFkevd-PRcHTqLPBpk0t0!AEd<Bh0^GNlvGVly4DaSI|!sMl2av5js
z9B!~Hyi%KcE%>6MHY9y*3n8kkYavZz;N7YwTeP4<a+2a8*$nr(2g9k<V~<Ac!NW1j
zbSY7UE$jP*#4Ip3km@Dt1U0!YA>J9MDsvqiUQykBh*N=87g2&*L}U5GVHr!&_*UdR
zz)!5^5&nK+rzRyE642x^{URX4I_-zWL}bcKzO9X^0C}pnU-I?O9iApVv^Y3!zHI@n
z<f>fmu;m0fAlwIR72nIpFPvr<m`fCx)Z-rX(y#VJ%$w4bj}Jl-mfbzIwmHm2i$XJ(
z%-yzBsnGzdL%tf=(fgt@Y_3v)L53YX={45Ss~rpDHSSS9tMU}7W?lkZ0@~EH$_gLg
zy-KRJ6z))5)lF-%F6~QaEM`?ms;)A!*}yuUy5IL6eohzL{2|?D?3oGdtU*;rJ%=bD
zSyw8^`XvJ8t4{4+3;&C3jH%K>e&aJ9q5K%5U5D$8Jx<*ZN+5GA%cC&G?vTAZnppo$
zkg)Xue2c%aT@T!Az(I$`Y_vVz-x&SQ9ZHO?7!)sg`og$(^c7A+C*13fDma{IvF?zj
znNKgnCCE2={+zc%f4Pw?Qu}z`i-D}N*CFhzQVeg$1P@jgDKNe6^SG>|#g0$nS4#yh
z!(2Fdv8pA=ArLA1SrQ;^*L|LweYT=ZmDHwxjlyrXSA%$}fDoH#IQ~qZ00i-Dq=BB(
zzo1xP7YNe!!3spOvu}x-4)Z=w<1ew;`wdI~2>QFuJ^!0cvi;j4wS)+}NbjoPXI4kx
zF8%3-eYOP&{a<CcsGydUScOtZnDjgV_PmGlJg%33Jq5T;dhAVE*Ede$1xp36&Lbd$
zuPdZ>ycnXylFQyP<<a2(#H1)9^XQ95d(FGVeHFL(QwS2tr-MQF4(|jdi+i%9mJE@=
zJUsE~Dqukhgh?<O@@c@Nm;2}!OP<O%6t8w<^)vXdI(V$DN(b9wfGN>o%S_Nri>;aN
zpfdZddWh*N_an%|R4MnUsT~(YP!%j%ZW&pKXxqDN2vkfeE4({HYrNHVb$A~2vJo}w
zr5JgRHQx@i&rwrFU3E?7Uf~RRabu}reMt#Z%01x@-1zg|w;=0k>>ubN$4Y2k-@Y5#
zw!r;$5IwYUlJzGw86(1t^iRNvM!gIx>I(wH+AqoGqyR4_!=eyK8*mN`)?Adn14RzP
zUH^ix-S8U(byckkxv$rYU~q?stWf^`N`&{+Teu>o+{DbEWUs14{{xW-xBkNr6RR=5
z;4;6VQ4US8ELbJ3ZlU$Dx9~b`b@T=$r5#K_vsMK~l-p7X8DYUGBn_{*&-oF@es1<Q
zoE^2#bRa9lm!^CGy)E=nQFjo%4cI4!gB`C0t_7=H!=>H#;WGfb9Tpn&LR87RSfMee
zv0G8s^_YiyOHo(hZTJz@S9l{Dd9LgB^LJOyqT^e*UpAX1rqF7Sd2vAI%A}Pn3pt2V
zUv7Wh_ZH5@6MJH|<j{cD-=MOf_i?nED@Gl^u~+L{@p`4vkkzT+O*dOc&0>6pKdoG8
zzzke<r#xXPT(g8FD_aCUXG2v@v=j_Gr#xQOp-v`|MDOFPrh2}5_w@_{$E%w);PGlW
zK7#t3P-Z47$lDH6XqEj(e#}A7)`mbJSP*i8gxcsazFv(W=Djr~4)G5SO}|C8qRn#=
zAn9V)Boi0~LWbpLzZ**TuIx-FNw~VlQSZUGWGr63zZL6bDy-+PuJbp3xu)r86)k2H
z)JD>>J{0?t%^Nt79xUpc)Z?jTp5K{%BbnXeXkk#Plh)A7(1(eUtn&5IdFNNVVY156
zJqgiQFn{F@PRVvHVpjil4m5cDN{KvcQzjs518_C!(=q1nVV?I0mysS*@upmSK5)p|
zykywIk8;;mU?r;X_WIIM<sKd__Rwt}Djo))b%b+$jn+J-bB0gsm$7QHSvL<LTy|j#
z<4}wgmkF7Gs8YP+zX@+I9PbGmdXLRfxrJQ)w%(*XMm+m3XbWL2jP9pnr*oUPbX*`N
zsQ(sKBEKiBYMt}#_n)c;5S_>75$?^8k)Xj<cn@;JhK?%A345^U7Ing7q=ZO`N^j4<
zY2JZwWfjCfMkZ6fXU?x}16UpW29C|WyX^cZ>g}6>ZCvAHq>eF!y?x!wk3w_-2!V1r
z`CIrO>c`gQr~bHjpz8rEPyM2<<u}x`fLaZ=k&lBb#5Fl_*1b?h)+aYGi^v$B?Mmkj
z(pX5cYO*Y{Y;U!Ti6VFD2NF#_^Z`7ZIKyw4Nf~}(3SuL4u$l?b?rq8yTl==pRC<yz
zn}p~;?E|!v<!JM2h-MwF-K<9e4~Tr*-eItI^uue+<Qk{IUCYED{fgVVUubB5yjYFv
z1tGl+bVQo$wkQs8tD?jxGJ+Y7B@Nm@lcJ3WjL_fJSuiV=QJf3|pDqJD5Cw_i_~Uv9
z7oq4<WUcEt1$7|TSUgFHNQZZ>DV^b<m~>%u<J@+bzlV{ejc>MKZf%&ou2`_!Rz$yk
zbD8T~&#>rElv2GI!NR>G48QEy78KrE8fXrLNYflc0{Y09ZIngcS?pw9r^D2+i-qOm
zUp{>3{N)4<Zk1h9MeX+4Qu*o#!QD{s9LeTJ1DVDoU2`wke*DEJm}n&v5lCsAEv*(V
zm-)NjDhe;1_a-2-XFDNanV5N=M;4-LNJPmz&npY@iwN8%wB{(5%M72-SI+!v6*Q)s
zi4E)d<k!zD2@5Gw&0m}@0``DrDuv`gtq`Y_(^J=*Zsyc<i!5xuP&v_9rLg_NDD97g
zLgh^5pH_PgviWo~_99F(cDzyZ_9ClTN2j6le6ojs_UXh_0QIT=kflg?t5|qTIjns7
zw|c^lp1ei50cL=yc*Xf4pzW_J=Dpm{d4&dGBxfu|4%nATsc$}~`^DMEz9GT@Fe5ct
z;m7-fmogFxvupYpzCOORl6C@3E@%6eD}0{k49*xcW#7jo!gxKSf{6Gqy(AQlW~;EP
z+^!obyVjD$bQ=C}j`F&~mXA$L6}udJ8@pWp5L@9bbC-ygo-X?i90)jEH;(n7p9p$&
zIA^yRG>@+eVGRO5L$iK8&Bu=c>7}yuPk@u@eg2XS;0{=Q+tB;zsKYQBU>%(W90mbc
zdKusb=k+X!Ug!;JmmYIZY{(U(==e8&nTCbm%=6=b6W5Uh0LMt5FMsZ(_VPR8jGTo@
z!{;cn#7cyHb>yztRv9M23IvVH$cmM4EIyjQq}<aGzzeJhO(O6%E}Dq7KoCWq-XUlN
z$u(aky|`Ot`O-<acbo&4oco3H4uOG5JJDIYmHdq;awY=w6}8hv45H?uHUh3QMzi4!
zQnYEo+vBr<+J^4kC6b2<?lLdMqV3u}cIWJh_zx%=6bCdOUB|S6i(6n)$CT;>f%SnA
z>Lcz$@DrlDO3)tm<+~e?U5vN#q~{}4f{|^`*$`LC=J(fp(Y?}N-plXloEky=`$JO>
zB($kH(RF&+oMBHJIA7UQQbqG)o~Kr67ewtkzq#g?put8Mr&Kv+Y+i<?iWh#9yzH6-
z+eH2yb@1>Uw#h=&;39yXXV~q#n9xH-N4*)+tu<~Vwnw_3<q0Na?HRtMk~54%I_q;#
ztmFDw$I}2Z^sK~g8hQpsh(gqVdV(xG-*!0D)5D$L)!l1A$J8Y&3=uW<pdIp`pMMKI
z4;tKaCE%Y$_A5KWG2^yIKa7Js&S#I;YD<ul4)6xmE$MBeV;XWlZJx}~<Y<8yTNU|?
z^$p(ziFwV4m5pKOv6Ha02;gr;QEDFo^GQGI^V;tF{kqW{QmG`E{Nw#ykXJd;Fh54&
z`{?Y@9TZ2ohNO30Fm*T7#^vx^C9A*1I+vBTPSNM;8SrN}@oavlLMSdcUzRUr%dk}*
zV_v~@zm?3JrO(^^p!@1n6C*{yIHJmKJ79vEe^;fi!d`MAAIAWC4Y*eljzc}V9wPNR
z^ks{r8}hOKr-ks)TU1*``XV@=q_QuRKlHT=L&_Odz=8)ufOhy=@Z)gI&e?_2TZOrK
zw^b!(##4u_{lgja_`lAA3C-NUZGB-o=>7;q#bKDgFaG3a`HTdP^FjXHEMky?$R5f4
zQj=QJE3qJ=wch>QIZu!iKh?2FMMHe~S)O|z8$+_nR=Ee(r;B&A$MlIi<`a%t^Q1|G
zK&lp7wSZkIm9A6I`<gx!-*4|YNm_N_Ay-`z><|V2Oj!IPes7jAX*&Duc#*A7R{^x0
zY5wQp;m}fR8ut;_8upamqGq4@F)wD@*?i(%%lVJa0>0D3s64@Jm3nu;%yrae<Bepl
z27O{-0>cFc$N0j|T6GFDzMndK7xOIztjS?Zx$G(4&6=6RrO(2{H)ZE!EcRWrjYTZm
zw|(84TR{U31s(=H!hZv6m;%k){XqM*z^>u7mNMT_=A~G#Sn`8pYBSUJJPR{4YuX}<
zkj>_3tu{UmO&kjjkrPzQR<_~T%TMx4&99wxJ7J#7!ZoUqIF5OBhHK=3goUq}SsA0+
z3^;wI*0MU6TMVPWFEbQ>5xI|@9VP`hlXdurPI9Wbe!GH$?!|pjMzL2()S{FG|I8sH
zOe9}_C-hEQYEPhsx5;Cf_O%C9!|G3=QU!NiQ?0S;g<7y0GP9dOWA&yJWoFWf|Da2#
zXj~zBJ1zs-@ed#|yg!9ArPS%}@}o+8?1xs9r&dG##Cq>Z$skcVCN)|^*NBW@LZ+LP
z8&7h>A;ds_<`tJv-k)M5t%g}IZ<WXR!o{oWz67DXiU4J3%}rOCR$7e6Bw4%*kf()-
z=k$`3j;|&1>E056F`Krml?l3vA%#<W?tZlR=}6+`sW|oEM2V3{w2q45)z@DVv<8I2
zAxMCTmgLf^9_poC!>FRVv@~5{++a_~E;LtTk`joOC%Z7ce26$dtSlOI=EnXI6oekD
zPjm=X9d6NCa+@HOt|{ti$tYQ@BX}Qdy?3#Yy8#yXGDA1Elc2cSUVNqx2WXQtzIu<M
zX;`-kCVEyQ*?6+%m!FwFPR(pPZG95?nnJCXiAC-8XJdfC7xgVG^0#^QiG~v2V?d#s
z7@OrW+{oTn7z*WBwiUV$ovFJ)?D{!bEYTU%M7ygnpa9^-l*7SWfb*iSg~{79h#50n
z1npS4pf6J5zH}kr5ZmhV$Vn7^8*$&D<p`ACq>M7RNp3SP&u+J|(7PL%op+C{2Wxeq
z)CAy}@l?ok0;P;O&^kaHJHi5=cQYKh-USRT?6fk$ATW<O>L>dL{>9k4`WNHo{$Jq#
z1(I@;eANs`)XFmKp(l88K(Xf%Ht%JW^zSrsh<*wnEgR}?G}LopRN2k;yG@PU>7xgh
z_^LkTR?f|XB$e+G{IK@Y&o^sW_*<7jJ<%if#%;_F{tV^O0~wPT0xcGwWDlg$w1gb8
z6L_5{c}<uEPpGBGj%n=0k*t$xj2LZ_J-4$%lUcMf(7v+wy4Y2@Hz;<vNZF`NjsqX~
zJ6QE!#DphaajOM?Vy`gdua|K065DEg0o$hK(2ivSfwvSijh<6OpQQrAF+7{x)gkRE
z-+MKmpK$cd;2?DY#Q3Hln$d>y7KV%l1wfp7r5Lrmbq$4Q4sLH=;tRZh>7ll!61P;2
zztWe?vZ2VjMA2q+&=~}*vyn!Mazi0rhZ7NOb_VyInUSFs@5W7gBU=#OaIT7cJWPul
z-b!8Y%DvW2P%BX2Mz!U7B{zdZt7<Gq*~fKSOt(=$pUdEB`xFzzpnCA>YYveD)#MUW
zE(e9N!|R{LHBE!7Odj1P^EE%O*4E`s5nk}LlG~X_$<-bVsz=ltpjE|#Uj+`K<99W>
zN{pD}=TJlvG`VGZ<djgDi7>fZ;qjp90}gpv97&V#Dv7ChAzfUjkz9m7#59QCI-5}m
zVoe~A>nO3^Fy?S_!x@oA4n#`TS%h1-E~2Fn#fR(`EopJB3$v4I!qvVJA>~MtUG4jH
zQT6Tzk8Q&gXVs>xXW|c-3h^*3j`hd0U-n$)z6r~jcMg<`0>D;^=t|Vo%6Fgnz|oV^
z*e0VPcRPhNU$tWOhuCm0t-C#zn!RfGp=_^y+h+mH23~Bi<00B9L*sO+|CQt6XwqAk
zUBa)PPLzcb1*EEUJOV8b-;~49i(4aju`7v$%Max~i)NoW;D9d=<py2J;B{L)zqgGZ
zj!?Hx6H1PE8_01RJ@Le;Jm=PZjYC)t={N%{)3EFfa1C*qox+5TSaGh{kwsMM-5IVS
zcjuP<9p!AX+f1Nq&P1J6UM#I<Nh}AvsfwTIxlBw9+Y4L;o@@3WmJHuu+N_t}=;hj$
z+It{D)H-xjK{0#$t=*oKxmmN@xU*?x0R&YVn$}gwR-H5SrFB~H9L5!uvv#=C{vk@5
zxW(PY%#{HI;45TnTXkWyM$cee^pSR;F<wLS$OLy9h`t4U<b~0=J%Vw0kJS}lmg^gp
zjne&qajU4LtI`yH>`m_0Zqd*bcBKCS!&O*mm0a13557URW(1^hdj;b{{eTAQipu8j
ziFW@@+*$QfKpO;^J`Z;V*{WCHNT7)OA!s04LsNkco%TnzCaya0AEkKklTt3brX(}H
zn<svo%jBRWAPhga4%8C!DkHOdahVr*J2Eo;^+egXkH<Lbb0@Xm*Dr=rrE9wuuYrpy
zj|vjK38vRhsa#0}Jb$a>Y_nQFterlO^(dW5wq_!GVn(yN0$CzabM1$3ZxE+T+1`L}
zhqR8O*hw%dGU^T_w=OP+QX!o5CfQKsF|txGa}^x!Zb+U2oaU(w@-n}pse-r3U_m40
zzG-A*qfI!h@a?byp@Yi;j`$e$EH(crQ+n>tyWR|ei%3xVW}M<>khLU1bdRYDQP`z|
zAGI_$(A?EaL=f881b~}fYe2+$XG~Sr3v%ea$TyFxX~7D^iGPD7Y5u0fp#H;@(I0OU
zF4Mh$BO$VY%{*_af+Hykq%b2dXG%9tp8llJYM3tfnb5cVI1JdQ(?*E_!Wi@xurcwH
z<#NPgctFO<a-X-4Zm~%)lI0w@6&A49pr2F{F5L0@C0B#r#j!hXm(euoy*2S{h?0!L
zHm5wB#T;}vYFz7D%bM9;FaF>NZs^=z{-~>qewviR@HG@fP_&(XAm1GMYj-{AE+u2h
zuQT_t2rl04r7ROd!#Yn*hU?J>SDr@kcveb;h7l`AJA=yMt`#b1rt>}0(R+-Z`Gybt
znQ?(FORIp`3_bMI^0F{o;MpRuMdwPs`3B689Oy-v68Lr8fTsblM64UfmS-%5)(m$s
zf?3WIo$do{(d|A@rB?jW%yv@}q)YUNYqPP@(T-w_3BgTcdT0H#pY<Q`QFh)EGYwB8
z-M2g)jJ+*KFc3k=(|~CXs4KDkyKjB8`$J7WU4jS=rJKYbB*;&*cv@dt$RC}D&GY&1
zR-=<f&utNZpw|jf=v{@Wt#*OJ=|;Si%;ELFhIfU+WdOXOqjMza1^PFhvL5R74dM?q
zIw9lK>IgB?^BdUb=YP=$wr<=Jeo4=6V1ps(WS}>E-as(n3+)9yfAxCwZ2x$t7naHA
z#rWrdCMQ5s=M<m6|8v9N;>wMGIF+8R9Fg<9IUbA*#d0XfZU_)t0p6G%-TZR3t-aZ$
z5P`qdOK&*u)Ftr;yWSdaoZZR+4A+^y!D#c8P*wAsTJG4jTASCSWNl=+TgBJy#yPpO
zSg$rgjLZ!LdJXuN3(4)|Lkh2k+`KA5PfA=6v*zxSScvGfgl-J{`+P)&ESrG=kZJhy
z>9>Nu>QPNnBohr)vvvoHwhcsiMo=*+DEB5C0Iw%RU}^Dy3Bno~GJ7X}tj0O+U5jS~
zr}A5#L3Uus72F@ryA|m)G@6^J4!<!kL$N=+2_upg*^ia{ZSGSbgD4O;6(L9kBrSWb
z-9^-l_2H#_v<zaI;|TNk876h|Yi$)yq;J3n8z{7~e-O%{JRnA*P5(nEHjRlwnWwwa
zXaiy|^hEY8W!@QfzI#_&u!$uS9i+?%d@$ZQ%gDl7^bUf8X0KD={)Dh$i6|^I;bd#x
zOM()t?g9W9E&Kx6A4Q&4bie~W&~EKWD_AwX_4wm6@Q~#<TKKrm!`mq3XEW`*B=Asn
zko7R}xV9~@eEOVy_ip|`=<x2I^!7UCcCFx1n$xdj*M8-}cGXX3{IMZ%bWK((iFTOH
zR4STwghb;X_o_75lY@x|4%7QNtLMcN1KXl%Mz#8XcXh`7%h&54SLeTdz5a1^{@d59
zCf}-Fb@U%!FFTnT+oI-woUD^J29^1>qNrsqKWSw#jK=SHREsGj9SkZ9Xq8jTKtBEF
z+_^kTWabPizRQB$KBfv)Mq?Z{nZIQbZD^jmt*-Xlr8aJ~WO+wo(GzH3bXr%^6FaIi
zi263ZB7D=pPYzsojH^e9ncRWr%l_QPwm*lh@LVobxl(h2AV>zs`OB?1uFby;iTddC
zU{pRb*1QMQuu%iBNOD_*t_3_E-TS@F2xEK{L(O^*ohiG+py6v`8A>Yc*o*gt?H`_o
z6ZXor^L{!uy!RR>4>b~j1`EtWZ@)n>RY+gTtCG(hRUVc}?R+_@;@Hxrh?6&1JwhYO
z6e<mp4!mz}kSAavNoriEJ{br|>nVOH(V3A2e1>DvTV)vCJ0?;;0|_v|s3)_^e2b3X
zFv`0k0@D#S?vdV-OWe!R;NHec{xS>6nse)nTROpHCDKWYRcH(ZkE?rqI4*ueThJrt
z`+@$8l<*wjp3!E!^z(DL;M)W3)Ss^~XKhEGy^ZHT28ham;t{?N1oI(sCg*;~Z9eW2
z?hLwWL}S<y*OYwe_uGSf{pNPxzsSLl*veL*$;K3d&5keJXAs!pGtyxmGEDcz_VpK&
zo*&7?%RBNcVX8T8*FVeY>yrl7Nj}#bq1wVg6a*CDP|XX~9$saQAU~YxBGP>7O`IQ1
zgyI&%o3M7(@xKq|XUy^Z0t-d;ely(=p5ynn%SA??rP&vp)XyT~`E!X;+^=gNfj@B#
znbJp<1kBO}vwz+dz#xes{w^nmh1F-1cDOV4eWM_m2){O-U6L=$Q-jR;L+7h!m@#Jr
z7B^UeDh@idJ4&*=#fd$1<ny&wNkw@6)f!;}q1W~K7pYJ?YVLP0P_EI_Wv}UqD8m|a
z*D$D3!&3Qm0@_vaFECYHw^G^bgPITcH_r7*T|;_m6PmW(QH5Q-aaIjVZ6_NJlXiD}
zkn8Z@p~5BG49da#Vcx^f%78njJ6R9&U5febJ&GR29uSoUH%W#nv=7g{<0SOULiw&A
zjn=UZrZ9IKIClwq@%TDw+5OknbvlU?$8SRcQyFBq$@P!61fxj0kzoa&_G3a1e$b{I
z2I08hV}R2IFVRh5F}uixgWNq{l3>w(FBe^xHQNh4C|_sqIJ4Rs@yt3;sn!v;jbl^0
zR_`%N`kFRt#NPGT%@bW7^tm3M{8?#mqQ5>dyhb;nQ|DJmavsO2S~OnPT141~ME9!m
zG(1f+2VI>M3pbdaNB7*9<Tqy|xn3wA6+Yg$KW7%y^;4XpxEXPxlxtHpL;0nnI7@(7
z!bAdM$^;3NCPsMTJ{Xf)H1z4w_h$1tg;O%UDWAa#iU}ERRC)dvt!~^f!3b<_-tk7z
z&n@1@@gOD2mlaL@*I3eVl5}@vaV^68Wi&kYUG`I^y6)pV&zv&ySN1(o&|^>~zu>g!
zwKC4Svk4{l)NZ!_#01LpCd=a+93Y-)M+8BbTh_c9>B%L$FRtX<JR&aWVK$bsd0w27
znS1IwQz;)lOA+TyO&-m}C9%^^1=lwptg84i!DuX-U18#n_HDrN$l*+>#AQXt)0x3D
z>H5>4J+i6YCnsk|QzP3yC3|BlWNtPtG8VEwC4PQnW>pWcDH*e-g0YpUi8C^@ii@%H
zUzCsbj<(3me}4bP!HUeRs4A|>^wHABRNlzel#GUn8SG?aU}6cjFm*I=0e>=bHZ^cE
zb#O7YGcjcXe=?)}2cc+WZYu9$Yi#OB_HRO@?9A-NEKQurxY_@7MH!h{M8w{mOos)i
zaI>?Ky?@WHhs>;O>SXWYXkzL__NSkUj`k)hrp{zKWXy_UAIX4rad&446=y*0U+v0V
z0F?VLX@bBPGPA6yow>6G85ai^D+@3XOB-jP2h1OB0DzdOiTx*2WPt0RnQ_lZ@R5q!
z;VoThRd*O5$rD$$sf8VXHV_F;7jFN2^0~o2hx$bkoq?*@tU!!dESzLOB>L0s9+WQo
z<<rG;$MfBd!Ly0))86x=i}&b^3~Bbm*7L)-frgM^S;G^D&@&77utr&SNw&crEaF_b
z!_V=x4s|{ppO=RQZQ+J>#$hZLm&=j6ng(;c7s5d&M?{YlMI-Xb7sRl>&jGh6zn}U%
zuwg#wOy;az&Obw$6(3AshJ-4i#FuX13rtkHr@lU*rsuob_am8{;i>CSEd)fq9%FTs
z&6ECybUjmzNw5I6uXD495AMSSn(zgyJ-NS)3@_BHz76_4)5(8w3xh_mxUL$4`F`@r
z@Z|epd6RXOet3Ho+Ye}Dt)C`2>Y*8jQyK)b8p4A+LDb$ejd;e@ve6p$LN0JBXHEXz
zhv+dQ`{CtRjKiW*AK1Ldu0@F%J*PQiz3@tCsSi%2r6M^jXGy9|T{M`9R?yNf95Pq_
z(Y<2<ZBGu)f*=F^Nniec&t>`*C#m0u3#GE)y6A6l5Nc~uHMcUouQR{6)L-F}!rKre
zAO==zjp`1E`x&YiK@-9)(ASKtT4(LJGPp3mS%P`5mn@$de8w&Zff@Lg)xAjlVKKYZ
zM|Gtx<4qwsgP?Us93&Y;ZdjA%kqUufnh?w<PwR0@A*iTZ`uC2sXF!&;79D&pff=E@
zG(4f8$$RYkGaCJ`W^8Mk_^J;gi)&a$U>kLI<|#puf0w~*{-+bVI=pibWF}u?6QY}V
zKf?=Q0R-#p7nXii5G9wnomy@jqYJJ3;94O@OqleU(w^GrG^`U9x?CRbkRr@gd)FS|
zKBv7ZeA%&stNY;S7GnOqO{(avc;o@#2M{cuje%P;<iO2=4&?qJRDBAZ7GlJOO%O~U
z<&}Lz6n{(z{{c*hXD@2X4)|2;1%7hS{%yhY<!3*|S!1aYS89Vj0)s2gz-RQ^nXRj5
z-<-4SyXa@gK>G95#^J=_oK41bwojSk@|e`gZKc4sS$O>h?bC3o>;gzw@-R#oyFURx
zst8(K17)1rR}km}Y1@XC`W<5aC2eMlu;b2J1?G!HAynVzIR0=r6f!ARXw{y}+S-}!
zDpQ8)t4=SA!lA|=Z2g-<`^cwQiNj>-{lbaDSTqS#eczbN23n>I>%{!!w8`^dg1U$N
z=MX!GSV9v&d*C3w`4C4AewxQHv309M4Y0uvWHhNXl`UL##DC~--WW0*=4POUX;CVh
zVtDyZ=T#vELEl`8Co8s@YMexD%tnSWevkgu%Zi9PpJG$8<3I54HGkmMsK%z1rZGWi
zA#ujw(~ot{+ON8uq)cN>0fe;%vsrh9^d$`zTZRgQ$-K4i`uD1Og}>Ct|G_f=_%8cW
z!t#jzMBs%n^O05u-d}SxU*-Qlv^!TtSXSJ99_U}Rv%*JIsE-&-a;P?Cs93dpO&`d(
z^=Vi$2`8|gaE8DP|3%CH7XJJf9BzT_jZXhy66SOZ{tVYFn#L=g{-gx|l^;o?8%W`%
zioCf>-jPLk>_#6!z^vhqy&j$i25ui!r#HhU8EAw5mGOI(sjhxo51INaosTBNDS+x`
z!kKD(0g==Rr~fxv6Ou*>buB$9P7;n`+%g^}i%fEKzd;XN)8x{{x51x^!>R<(cLKsy
zsL~Se!z);CjHyO`P)3u#>q#}nPj2hK_t>FH8VS-!@Mzd~sB(i096jHG?_6o^qw^28
z)~S6XeK8Wyk{7LLHF&zLkM}NkqMdwKG@gW~%TXq{DBNtDtcUf|PZyo%zO-;I*PWKT
zxScr9$-9*`S&!<KoNBwwg}10L*Y)T*-6-p|scJCK%*eR>Yen5Q91Z5a85xHg<$s|l
zGNTM7P?OmJx~KD}dj)^Gw*hpoti`&p#kCpep7oP<x?2P5srB<+N%zBSGjh<Z2FtZZ
za!2#S%t3{`p9{34$Kd42>Q+O+@8((~y<_oV=CDHDuMS$$XCUyPW}q=Mr*`9_=A-v7
z7W?MZE?m^S^>7U|{*~hF`0MFc5#YO$VS~)4!)uL@4&H~E(+bx=om23uyDMSTUGdCx
zBJrvS{N+jf<>~Me7z^(sFc$PbV_5;la(GaY^<;Ggj79qq7|WYKV+rXvJSzU(T-;t>
zTv75b7NN~_?d9PWC7VaZ|3Y!dlQ>{80F%kj<*sDv&sffZu`E6UW6Ao{Lr%ZC;1Zn*
zr}0dPK0?k7FY4pWP6fdH8(=2>!`$+RdCEZGac1`q^Y4-w1I8z-3k?jv|Ktq;VE>sL
z(l?iQ!wXjjPoeu~t_%On^#(B4b@#wr1D%^Puzj*Z(P+@$V@?O(0A`;p-#EX`p=rIA
z%57)PYaWc>T}#nW!lZnQnuycSedInVFaj_g(OomlmEJd(6F5;($+Rx7ZoiNIdZgTw
zJT24VozcIDFRNcXTh1i@y3G1rb^B}h^1a@+ypY8JzMpXz1|93NqxotU2<%$?{r;A<
zB;oDGTU}%6jkoUj*n4Y=hN6mwLl`J5C2_KKTo0f4&~V*zqYkKximIacYQ<*W+7N9i
z%<G$>^$_QI`X+o{=w(&wfm33SdqIy7uP(m9H_FD%#Xz>BLigY`cSg!JqUeEk^HoS;
zQpx0TRhzD`7zG`9U4e$F<n}lZ-#5;etL}?QRXF0Pu(;`HoHmP=8fN>rY=BcYtTJD|
zNXK0Hf{<NE&LV+Tl5d=+{44{LX;HztB;r$0Ja(y;u5vZ?UBhBmRRInzrez|jS)yTe
zF^PA!*2}#h_&i7HV81i%$1NaPMQN`3g*io8R_RR3rZks;+!K<xX&EOkF1f<wSurPA
zH&;#UYwZw5jWnPiqg^3V*b&gr1L&{NEAd+%5=m5>rhB9;bDgD&YAz@o6xw)?V~zW<
z%2eUfz7B>M4L?@>&PW}Js^qZiwun_yUh@N8p(^yYd`8GlHD?If3fE74(#pJS_3(2f
z`9%CfP;Rw4edcu>^?{obAx(${uA1Aw3!pXOdNqiIBDs@*{Iq-RSB(}-NB=|Zx0E(<
z=?rpK(t+i<0{6yG?KVu>^sMbQtCu^k%dp7HE_+I`WYuQ^&s0oeGAduN4;G!D>6Of7
zPQ$mwK4}gd;<?JCM>2BDxXewMF3CS$JwJg5{4N(LepKCmQCr+A1?Sld_l+JMy(Me<
zA7uS?TvXrp2aHNHATdLCcStjY<Pbx*q;v=<-66;jLpKN_t#mg?cL|7ew=~iy`W!#s
z-|OD{y3apz_UygZ+I#JD_S&)D>l_+t;JqTYffMfU>7_0okKR6VE|i8A(Bnb31z%{7
z<X|8BSGMoCZtXrfD)S+m<|9d4+4B-^`5gbOf~STJ!-t1}JoWm|%ov&880(@tO6$9@
zmsjyRotV73Nc0<(XX8fI2Sd-551(5+H9eZ~tlRk`+e$b8qVMTC)8U6)#97mN6>7^{
zk}0<@5<ddCF+p?IgY)y^ngd;L8w-Q9li8zcW}nI29<1@UP-zUj%ah0J%xmg2UUunB
z(~?GU>m9n*A5D*QudHrQ0BO}v_;Qu3folvVR*5NzXF1QHn-wO5FKfG8Y@4lv(kj*d
zIw!}oCb>Pf#bDn(v{@*%zO*{>VX3-+`}ze+^Y_t!))kEh|KLwZ>~7J-yir5Ne|YIX
z_z>S-db8*5Mdk;zH)AMZ<UT&6vTBFMAUie2hkLihYt}kU4=K{+J&0Kfc^#atkq*q*
ztD@ZqCFjJ~515&5j)@sAp|l?(T@vjVvo~;)M|Ds{dP3r-=%20AqkX8Ab?mu{4*`e`
z0937DutVYt$HW&7A)q15MY%9l-$Bep#TKT`1$v&d4>2z)a%^w$_%^{*MZ52^b^8TH
zhDoy=djH2!y+FBhGL&3FvwcKeQ{;cR5SQ$dasVyYv_(pJeSW^f>sVA{%EbY%7e;;(
z(ph4l$!OXQ_!Q{0B;>N9tCGyK?kZEQ!%H=LC7r!vaIEkdb2z(=Wq-a+3bfv-le;mt
z5<N&dYx2l>fRaSRYFfy0>%JDv<E_-+To0x4R6=t)4BjFnIBZ&3k~%Zw?q+U|o4p?~
zTw^e>Yi&7k4PvawPJ6KWc8y(}g>&W9)$Cs!%xpc4-a%%bm%NN8R`w0A5}hTmt3ms%
zuPg;aO1S&Pqj~Qw^%?d2T$ne-%1(TUrLCKp4o~7&4|Ur9QH<w%5_4b~mRoGM@0z{0
z5(|5*!B<b-Tl5WFuvy-zj7PBPOinjZK}fI1+edNcZsthG?nf4yX%4Ih8Sb4WhYoz!
z8;g{}Z()JAUbspbbBlEu#=MI?Tva|1p8~d;Rs#GpYh&FuR%aw^d_U8QY{r}@{&HZa
z*v)4C_mE7=ok`}YCj|UfRDBn?#u7B-Gjfr*&APd0P@#EHA8|9>ESDFpbXdTX&z(Q$
zrHW&M9ebGgmcZpL+ML7$54lgayjT6AQlO^6D}h&d_WG{^J(c=J$Xe`U7w~%D>*=gK
z&H-N|PwU`LS<yEfW7}L#A44gYnkGO<j>x!KeT(s>w))5>s$MRZeC*}-a*F>XS)&vd
zNQL#CHCEQ}y};$CKhL*<=ckT;J#h<XVBTt{w)u%B4Q|hEF_X=TAUKv1l-f<hh>-V{
zWA+K-)#7zhZZ0$UWh1%B9~%8Bu&G-0@gTtUsc*Nt$lpJ4BFggE=5cql?|Ie!ekA4%
zlzSZ%0`HJ>rd(k9Vca|Lu@v4vL|(HXvQ&uvLDUdb`?+q1R-lY16~F#{>>2*0%us94
zCeBJGmWg@KCg=9`cell`^D`dn@Kwqb2b1~FdIGR|X84`Rw|EWi*9@y?Kg7wm$B${O
zH*c{Tf;B!eu!PRlNu{u42sPzNAE4}mzf2evG{1tBq6cuQjxPhy(d?|`hq&~nyYzIO
zWaqU#>X}xp!Y|)WUnZY(6c&zK?6uze-Nx?H#JE@{N8?Fvn@IaCLEZ5jY;<1?OnJm;
zsrCe~e>n8qyv9E3@;VuLW<<a9w8M($or*t-54&ZM(tdESKo1Fpo7RBK=Z_<kV;#T7
z%O1h0EE_C5cq;-GxL&gs)?Pttwdv|C%^tp*tB^ULmG5F)>2V%C+YY@t_%uk_fnP<^
zn<9%8vp%yEw&A9L^hlMKBJhz!LlrZbPBs`TC?r0;EryM|_;)?1NWVIOoQcJD1lc#o
z`(r`O_G#bjV=(pXT;ffzJx%AA*p`@P<-6dm4<eG=^I70aN`eYn!nfhPFbgW*As@Er
z>(>w-yYJpv%riZUx<&$1muSeUp#190bF=G)9sWgIbF&UGWiwHyePwYrnX5GavWR&r
zFu*?!%6>}<Xo}J-DZujfJR|4XzODXy5mry>ijBz`74Ou2=>1+k-l-vsmsC<hq02Aq
zWnRwmRQ9HF1S`7CTF+-u98a_Qu^(|qBK!wI*H@Tk#X)Z$ChSG8_@&x<MCW+o97q11
z?<jsLGkB6WKqAA9p|p#0@Q^KXg0aYf|Ah?S!9g6oOn)_Jb8M90{G&)*v69#wW5;&g
z4A+zgbw=u%PD%O=fu`GR@zM~QYlV=wID;eCewExp3t17H_|@F@Lb7blhs9a-TVG!i
zkIB-gy$zC21McD}`5nkSA$4@s4X?k=x-?#;r{LPj18BGdp2)I#Sk3!q%9_4WPf}S+
zr_NSw%E}0*M-)EeIcon}^1`lOs|f$ef;ukX)M<1mExC(wNx~~0j629#xJ^<Zv=AtY
z(Yx14|NMdhRR~uD<L%c~i=|fzSZMhL9ykTpjYkCLuZ{Nuk#m~rMIX{12sDFcOO2KK
zjX!Ub76>fFuFs0%{Qwby^Wd(WR{^5wcE(u!#{0yuBaeBy&ZUOQdq`z&7WSVj<G;%s
zgyey(2O+FZIj#JLws&!5r7n~+L=22FIc}VH0mp;xS#zP45si~YA_dp2N7b>b22gXx
z5N;1fU(SA~N0-lX7Ky0^XjYYiM407IyYxk_Un^@yMLqEv{HL>_#y4^LIdP(;sJWr4
zE&*?o%|PUngov8C_ToQ%x{Mod-KQ`5xaPz!U)GGCJ6Y?l^A)iv!a`VkN;l3rsZ>QP
z!w5!<_pO-<u4|7765=xF?iZpQf*cra4S_Bb?)BN%WjZ6H!;hWCJo*wO!H3F>_qySv
zKMKC3>u!TiI%W~j6CWGZA0OMzzm5ECzcW0{y2-?ZA*FxjZf7Ikp=F^toS&p#w`(me
zgnDDJ?`>B^Y&d(e3`*kOd`%=lpNvtgvUjhAHu>@Jj(J=)zorhPZ;i#Vq4u<b%U(^R
z)#7;>!#nH?3#<wl4cjSVrj}p<9{Lavk*EIvd5O+vayri@r`FNE0-ATbUu}Nq8l2T-
zLS;F6S6Sn&)NT5lkCM7YjDf_^zc^ae_uFya{g)3qi8_m=-~}4g?BPt2mt4@>7ArP;
z7DvmkU;B3RXeJYnz%y$X=^ZxNg6Glt{G6fRs=vjjvhVrGbm_SIs0g4OwmqNM>>ab_
zY5<lgdMRJzxsp9Dq8q8bEnrlIH~^;PM<Vxh6B~hTsEDH26n)$?V5Tpm&YBubb#;u*
za0#NF$;Wq!4cw78UKea=gP=5bVkb<IKU*gU))D+Fo5%mw5wSX<Gj{^P4zVvBV_!G~
zf`$ec0zG0}BL>;A_;>sfwfv4vENCtZ{v)SU=DkcJiX#Y-;wXFPSRSFTi0WDL>Z!Z6
z^EvX}L@aLU9{emCQZSN+wDv;(<0vFx6yMX8sPU3|$xflBSWstFiX@}P*8h`QOi}1%
zTQ06&qVxOo)l>h3z!UamI2fAseLk2nwCVi`EX-=nIuZ>Ji?$*|5aJLvpb^bpl^vJ<
zSQNDe=Fi=FBKUDA_!MoNbdsaPO213RuIHpV_6LofRWdGL@8xM7q{^;{Er(|_`H%*r
zYqsj~;`sY<N7NM~MT*pD2pXRue$o|M0Pi;~G59>_(l5y!pSv`NENShTrPMR4$Il-K
zrX^6*FB!FF;(<Rm?7sdrfiG+0o^Xfect|#a|DC7m3zdD5KhB8AL;UEDinDN+fw?GW
z#!=ijU~woL+w|cT$5w*0&F!!hN0Y@Os0qRF-i}EV0}?cItB=mu)py-y1t&;ZJV|TX
zt-(-<CT|P$RLlu!ODR6a1^n13W+0(+I%zleScD=Z$o_-t<w?1vm>Q!;rD5)`&?NU&
zG{4+sB=}H$-}~LBtlViPEqT7|m$!^NXiPgK8+#&jgbeL;0K~LA%0hy#zz4?t?TN4b
zB0(&1o?m;+O*GqaRO%yA;zamZ3uz@KphGGa=52!x<*II!0*@tud$NrU>-6_tv))4M
z;T8h1rLb`&MT@Q=Z}CuAip$Ll)Ey$G!{cET@Rwr-I<n9dY$vPj-E9Uw16h1Q*4NXr
zHqH>nR*z2O)%chxl+V{Anej0)8MP~J;6uF!wyn?|@YQmB%)$4l`xa#$q9GFrUesS%
z76dMaS%bk==pwiyg8HBqN^9pxURvhnwY*qwcLvq&i+B95Q=a4=u2R^jDJkYLwH@eD
z(1B5KBf(tOOT47cN{TQmKVf^7T!E3qIe0SSepva3`r0>J$(O0OqT|KQY$Xv9G~f|b
zx1U!@%+SV4u}2=CGT^0uV!io4qPiVrK8_?$?CK@8eaNa4PvF$X(#;(OGEyI1-qd>=
zBQU@}jlfym8w^q3B%hzpzpQ;A;e5X%Z>wgnV3CLTxHuUdwVuvL)+;G37M<_ItQINO
z<a6#uFfl;Y<Q}!d%K_y8T}tFtm3&S#Rkp=E(67xUO`06ii1~M;M^KO-4y;Fv2p;Ns
zH6meZ7|UNXLY#an9^k(4%dRi6a5hVJGJz;oZk!oQ!%52n8t^4N{)FZ`wZZs5@p>MH
zwMF1diKezKQ-{}z)K`FP4!(-K{X)pK$Iih}7<$WJ<eOBMM2Uk80Yy}BU>6NpXvaF{
z4Lma;2D@pS(O;>zgT7%wKUJRUI&b<O53Ny1zeS}YQ{UUS5cW${T?B;V7vyb-PWtum
zH*8o*!IdK}dQ?dsrVhH)2J045<4sF2?iDif9hy6E7T9Qk$iGpM*5CCQfgjvIL_NO~
zeZ6#KzoQHiO<gX`89Z_OEAl46`^^e1>H%ozgn_V&e2zG?I!s6O4Z%a6>B#e|7<aqd
zysyLW*TQ-d?w=p1x-b3BUmu^z&rL&nixu=DJ~G!>FqvSuBsoxq<H`-Q#Ok3k7XK+S
zM_$)r4_{@~Q0f59qxgR6+4%eYFe!ff0s>TN`v>|U$ak#2c9mnmt5SDm*Wah$XHN&o
zD5jl-O>Ej!Qmtb-xtGm}b`q$EHY$`-ZDR$wR;AKC42XFICu;NkzzU<Q4^EUq-h>4U
zo+(jKU0?+_O^7=yKB7?QpAv{*`G1fVl+Yf;is)a-=cs97_p*M{Lq>%WWupR>8D`H!
zM|6KRl8M%m`CZs$bmYN=$}#4-5Q~E@P-aT+jDOYgq@Kt&gmBpS7D1od#{Vw0kt)_s
z1u6@05*I<2kX^Y13_%7n;z_|ZbNh-<b>=?F7h;CSa*ASS%Uf4cNnktu)Twm&O`nD8
z6r&>=kyz&)HmwFy!luATK@i@FsVajF65d{kIt9IkG1$)MYlj1Rb0H@3>*nHk5W;??
zfZl}v)7x6v4YTk)WHPaig=J%?f}u#W01xPUDxEn+YMm<eNJSb{Kw(0W$Wdd_8^VXm
zD~5`Nn8s5O4A7Vm&^Y{`#xS7WF!Y`-3ot_vBn}(sbaSdC<>w+alxf&DdabYpYG1)p
zifrsh195O@g_kC~Tq#u{cIN`S0<&%}$2&1n9WbV}EeS`l;nH~cag@Rz&md`*cOL8y
zKP`pD;i{;n6#Y!uHESN?@UTaeG|7#a+>NszxZ`^l;};teYv(%&GwOAG))ZqBq_jAH
zzw90+1BTq4@DI&cypkEt+obBJ91odwX)8vuXe98#=9mWh^5)LkY@TyVv|!?z^MxCU
zrmdKw?OQg2%yqY!7t~pxJA<kZxv|Aph~}A;jb(I|8OF3E7Ah}QlxHYiXFZ3Eh<)Vw
z0^20I?7OGf1a~0_EiAJ1jvk-<k|rG4K}JM%cBG7?37!XK`>AC(LF6WG!@#;2G0<*`
zkj1`z8qME_PH(NW(gi=7Ux`8AV*A_6brN(Zv<i0an_oR=2vRl68yiS~iN9s@pC7BV
zXUEdigQQp2zImiu=%@UcfjSb}Bk|JB>}s_VjuV`k$Zv=lXyob8LrH>=mK<qGoc{5d
z%V(NDDq<DPN3AG}lVqap+muKD0vybTwvNsU1&(rl>$k#j3^znsWYEdjez0x*N;BlX
zOTS50D@db;o=jxM3}nW6-kiioxztzvuG~=gyg{WH-RB&Cc^S`j%-_OB3GtEKz}f9_
z0RmamOoW1;WNoZ^o|nfHQL&|GACcauzPGCl-W;-_F$o;>iS%+6?Wg&^Ln?B>Q|<fl
z>U9RZMBT3A?r70TS<|a$j_FF==k?Yt9&K0(<CF4ytFYNIP|CoD5`pRWlrtHom??3n
zVLB(<DMqjeYgLnl=)QHoi9LxKvRnF6{l~GM>281cUQnLculwCjv}gN%TDNw|gJzL6
zF8NAt4o(MG_KPtzYwuvqffj=n`=8IBL>!&4wt9t|Q;<aQDnGJ1a%{JYR;)~mN>SkB
z+RqC6NRm>YgJN={H<5!zX%dW8ySPsuKJxPThul}Q#`!&~2~%oZUmKQ<O4RN8wKrqx
zjsH7}*P7$W=9gi2rG6c_0=IT~t>-ALzX1C_YK<8y7zbIlsi-PRMM2<=f&Yj5ev<5c
z`PC>Wmk5jdXg+{tU*#;S<$M8!Dsds|VgttTO>$_Trrcjo;2t+S<eCOI&V4Mc;R?}8
zJ@-NeK0lYn9IMN6KCSurW6a<mM9^5zDQZ-_+xZYa;biSP%{l0vc2-ZoE(q_>&P_UX
z;1FVIyhVMpx?q%c=I<~bh>TfUmH_cmd%^8c=&sA^AT%OCP6D!^O1G`exX!htYs6^I
zx0ZYq<BOAc%U~VL{@T;R=iV>m(^mpPsn+6AtXRXLpe}~)OI0abmS(W05OknUiXc;n
z@9a<K6k7XStqBdZJsgeyN(@bc*LMm-CG8v}>`BVCcjD%4Z4uC|r#5(J7LgL@0)ZB(
ziy!V_I41`jpL%~qqlG4g7jiqnCn;4dR^Ws;u}Myd+x0h~uY0bDfiu>HU4i-o(?ZUW
zW<dp90mw>tbd%87PiBm&8ExG93wb%`&yeyWqY>wNn*e>)XJkmi<yDAF3n+}s`y^db
zf-G4oE4W+oBrTx~7d>FT<XGV4$K_Lz>YT|_lF^J!R$0Y%^bGr!Z?|L0iF_H|g8))x
z6<jl$oVaNC9P)V;&0Bo%4Y^31=$n?eA|SVCk`~aIU;H-_0+C*YxKa|)EfP;PKWxS$
zTA7-Bl-F3uTo#C#Ayx@vz?s&#MLMpP^k|DjM~3NXl;Pp%8bc#Tt8d?++Y5u;m--7Y
z)e0(|uYc}JMT;V}(iU`$dYzxK(tBrMb#&H9s@=HXdJSa|=7ruS@dvz>yRo{5)RCne
zJSo+DU-WZ9J~{S`x5|1#)xHhq7cT7dXZ-u)0d#}sN)`e9Nd0=rG#0s22uT#pX<Nzd
zi>1`M^b{LOzfWaxR_aFd`HJV!joKv$LpbgE-O?*{J|g*7I*?R3J|~q{e7CX-|97}6
z*F5*-=ce)Nf1?}GIT_MZfy0sBEUWh${;^Ppt>$m>HJ?^AM`Cj@6A`%C6?~y9g-1L3
zs5>}*Lk1#Agmm!1pZJzS)273Dgte)C5hPRRQnAdEz8pI1C`u9$wM8A)^#Vz*aH4b{
z2QxTtkqFVv!xNhCg%KE$?a$6}@o&5L$*8vk*Hh#7|Gcs6$(NIP)4ZXT04AkAeKYh7
zsu%ks9~WOHa)XSziiDKfREpg?V;!Lt>MXW`=C^<-DQ;7b#G)2qIIUWFE#6^m6fO#S
zEpB7l$BNk90_Fx@OCrY9oHFZhb?l&VJ^id@&*8hL*@PsM-Y(hrXA9A9|FIv7G6)fM
zd`@%&WfL0vF9Omj#&EI;YyE3RN7eM3`0^_U4U~<5CFJv6|G`uz0*-o%?ICIFQ3et<
z3Q||ms-?Fwy&kk5tl3KHXHw=eIH?CIM7{=f3(3y<xrBd35#`JU?lOKbo7;Nx0I6gY
z&0i8hw*(M(NcUqhp^gl*+z*@Nc&BL!0$K*lXY8wxDtt!U(Uwc&#wqbtl40)m?n=F;
zLA^(Mo7{**=yQ~O4=ab=u-(>6Z7UX1WGdfQZ~3Lc7Nh>x`?$M}T9|6=`h!6`leGy}
zuR?RQiBI?_DE7MAFs2G3ctbH4s#ai0aaGEl<duhm8!*EZTFMf5|1a&OYf4hH7d19%
zjubYX4;Hh?D-kR0(Qk?jTf*dH!f+McD~qETI;lq#W2PBm$6R8o;&IkyiEU@ShYOVq
z{FomWsIn~GG{`eC_U#4|B4*7Ei5KUpc-J3(E%kEEo`X1h8pF{e%^jz1RXw8-CWekv
z0!uU~^EI;;*TWaw0vf7#K2p6pVQ{EBY|yea|6_1I{WfVj<)IO92p?IDIo7_jg_r#<
z+QfLcB?9=1p;WHi5?+kSRk{LpBT&UN$WD$Cbq4C&F$-kDseB~#$>fmMw|dM3MhBI)
z!%1D3A1T~~IgUVamUj#*8zI59wB*-~+qCHxjw;>V+HP~v*z;FKOJzcL4yRpxzu^d_
zcb~k&QRbK|=qEFpG~+Luju!uD-!4wsQ#9_`Rbk~oobxAwgX$u`>%s(o;A7jUb*2md
zSYv<TFW>Jai?J+p_EFm9n|RAMo+yQ){yVzXK!Nm;xz*W3NI~yyV}qfbnRTyOo97SH
zUp8Th5|GY3Ch5>-(0%lHiMVj=i@>eA=UG9y$HY0xwRoRESY}fv^ad%hewfg^7DO3L
zJRK1*zshl#^)M3L1?aymT=|QpKjs}>s(C7Irl{?>eBTIjdZ*1SzU_Js^)Y{r63u2b
z{!L4Ve2$xEjr|3_*Wh%|$L|ue)rQp0Bo1uo&o1zrRAyK8K<ybII-n@hr-X_2g=fvs
z&;LkiJuXY>Lj2$Nef>Nb1yDBhb8bRdR|><PxA~M1Ndea^pAx}%d=clDr})=gO$GA@
z76}j<=QP8WddeKdw34vrWdPxuo}P%f+0}fF76~jWM_(X^cDm=EY_wtg8}TifatMuq
zeF7TK@v{>&r$M*8oW8gU@Fd^V<gVfzb~SWra*Ut?T+M{vz&Rc2{W92M0{XP!PJ36R
zhE=jp2A9f5iqy2*p4wqkusg^iXh3|b41qO=_zLiy0#~45e-~>mc3Y-gaRBXzYYlVB
zZ{YvL;5QUN;<U&vV$n{hgDuoshC)d@?^gdKK2lLcJ89c-V3_vLmXRoF+)=Ylc8IKm
z6kG&%OH})qrBI>VHi8JGUKf86=Kh-D)Xuaib8I&M>Wg5kO0{8tQ<|Zy$#JEAK~TL^
z8q1PNwJz%p^!qqDX~*GE)R!|#3tRWM+2^U&K{M9X-%SZ}&Ik4z!xxtI)M0C9nX4Jg
zrd6a(e(D7SU5X2P!pLK7VBYRs?qJP(y^3|*?04kV1|+DP{CLdkCY&JpEmF40dre+~
zRhHSe=`F8UeZ~RWnnMoD?0IH`31R2UESQK_A!=9B$BP<usimSe8?G2;if2tvku>_D
z#+glSBL(KQ{qX{zfoT8kjy$H?!Z)C1N>DDv1&h59OXoU+y$?&bU4Qr&awN_7_|g4K
zc7s`o^abr~MDvkVkPeOL%ixU#ZC1keIz%1JN@<nCd%8eC$`^e$FL_9IH3T#H`mU<M
z;})YPYh-awg7IVB%;0q4sX^Z<G$O`7-2MDJGcgaR^#&>@T?}pbV94wDR<a6#8PRxp
z1xiM%@T(H_-swWM8L_meP+aV6289I2Hoq}9UbIdwK}14t`u4k3#g2uv#B*(*&Bc_@
zuG$2Kd+yXyqs$Pg(IrTDjDL3u=@xU~Y)-YJ23rCtN^{>pf?WHu9RURs6QNDACN%Sl
zb$7{&l8eG6{$4F>2%d5b-OG3-<W<UzUi!I~H7cbsZ4I5{694Md&yYSX>-*&VLFTy?
zdveE9vi5wIZQ6(|ldXt!pK<v(P=&wMZ}t>J;ak4h%$=DVk)K++`1gu2Xv&Sf>l%hC
zoYRg|pX>Tjl}pv;!-ZMQHX9pQOjC<fnU~vKxtKm69E&C3gZ5C+cZ;t<68Bf}!st~h
z2Sw9pH*EQQMBY~%J)4?xjRLoYniLT!T9w>BKY!4efYK%IQ!k#f<#QA1B!Ck<A)_|#
zkg~KN8dA0$z3>vur*6w5pM9Kd+gC<D$G(7qidz$Fp_^b0x%`M`v#MAVpf(jRw%oPa
zw8FL&O^Rk$h>AykBgKU>TfVVbaKS6o*Rw6@dUPxT(?TG1Zn|@+X=kq%r0w8yH6fGd
ztNlMwB9V6G6YAXSwQ54@Rv49*1+O3{WY@r4gS7kRQvS;7{RIVUR;9OS?YJ)jApNG!
zE%*{3D*J@omH6`to#QE!6+;mpED{l%d`<%)!wCy;Am-Tdt7X^eJ!66}|4k|)G{j~^
zkV3HYVIevn>DyGC1t=X*#VmxT5Q*q+d7$AA%w*Ja7e=`DRJtQc?LbJf1ucXgM?T0w
zh{GnR)>WtXh6z%Hnp{M#SKjwrhENuVh;igxA#kMedmpV<^rg?M=Z4B0zaO7jsaS@9
zaXG`adS&6=U?fR6SV^sP0wW!=N0*ex$ijg-_FiZ8xQ9^{E>NHnI7VuM^RoscV~g9-
zlVi9Gk<nZCJLXP@Ty+pt4NM$EF4a%0)#&W_ns+#r4+V+t#R2Dc9kl5Q!~Up4!aGac
zX&WOP-UAaUB$rwu-ZQVT`rYoUYa7GRpDIV`7QGlCw4-OF(KvyT1F@q|N}P7pLH{Jk
zj?3DAGoZgIuQ_cZQf}D({1xeU&QIaFoR{kZxpL|zPdMLMk$j8HL*>jcYxE$HV^Nc3
zWGH-ZMZ$|u(%WPdu23*zGt2oYMj_m9p~C9HLC@A0$_XgGrJcrOL9C1a3dU)7JDsS<
zQZk284A}$f75{7)9;2#|Dxa-yXu}ErRH}cspf|9XVxwKCOQMRri~OSy$XQ{FtEHe-
zVRcWaFN4`oK8H~XVPyb#BMk>uw)Mam({?0J1~>ytIDtMZ|JP^bK%X^m?$ATZ4Ij-1
z%7K=5b0Q$M(Ti_|Y)BH(PRhJw%MnJ(%r-*u6}<zMatos6HN*NUT15t%)-M=j0eKk-
zFT+2;tVrg&qRkb4%Lo4DlAa#B9@m7$<bA#%%8v=y%1{}1u2+q^S7Ii(D_~=O7gK}V
z^MJW}5y65Ut-@)`Z5^z{M5?pRmRw*nzH9MYB0XrIt<Kf-Aro^Da!8kCqqZX3d}pmD
zpGb9gc!xo1DFyCvV@$e3lR8*tVtAT9-v{%i*-hamk*P^HK_69XP(bB^V6v&)+*v5E
zpwy!jOtASLp|PvSWnnYsFkA->LeWAG&(w(IOksDR-_O~;W)36KsU(ts9sDIx5Am^8
z&Nn}~l?!OqSFS1;f9G>;=sLyr3XxF|-)YD>m|>rX@F$yEBs@|3-Iy%8!gbyOSW!!l
zfRXTPropd`l(P{_iwi;eDNdVhlD;hg`xF*ePt2#xmRoG7_#PbOIXEeXG!#Th2@1am
zr5M|pEcVz?<(;m=MTj7><6!KwRQ}3_zA}mde(jMwR!d?93=QA>Xhzm(#>{2H$R;fa
z$}2(F9s6;XBgj3B9eErdg)G2c6U&s1p5&F4V(1^>Qe@4olLkiYESh38V;)MP4?UZ9
zEBk@WJD4{5>w9(y1#qkyaj_CR(jw<66e$QuK1ggCD!Ar97`tF`X)$0WdI4wZJc|8c
z!SY7XH9;X3RzojVL-v%MJQ|%`KFLfYQ~Z1Tv&xtsg(cuz;(Pk-%JOA+bkjkCnoh%j
z|4#ivd%twCkixQW-~auX*pCY-v?Cm%n?e$xVaxPjlGh1*+S4D0(^GOvunoRdiHj64
zT1+!WIORKp#?wV+BamTOlk_xLNgY$}w4O6E>pA?d_i#n*=-ZjBiXdgp1`=KGw#9xD
z-eFsMd4Hg)*6s<Px`q?#K5MCIyJSt%_<cg5i-K;F1e~apCi4~GcZHRK<;=8L8Cew!
z4@lFd+}O4`3hp$vQ}}6K7941d&Y@wB>D^EebtNQi;-V$4g55Y~zVR|@Tc<M|>`vwT
z^?jmApUOwK7SI_#dxGn9g+CeIbc-mZHc9B|fB{&Gu)th7ntJkk<k2GN!LGiR7+xW0
z&CyFPXpu@$*c75)4JHEBLqgFH1-2Edp~YqI(}v$DlM{S>M<+LX-b;f1QSzq$8TkjC
z2W(UH(d1{TFrxyY`z%KYyGy4Q1U@wqn^X{GrKMx^L)S3>%hycy=vZj37_x~9wO`$I
zA@oaTSfte7C!lyI3hV0^hsSS~(zq0~8LC{Y**U%PawIoW4pb{s`<0o&QgnRRFa;`t
zOR$leR+=7;zRgqMzK|nfKSPr84`_YP=A9<#iB$^oP$<4NqwYG-Eb=L7Z!*j&M~k!{
z=oLo;PudGB{wMKT#EU%RS`E^L`kj|Vuc-A&4Dt9Ww9}odUtN4rSI<<^Wu4GYQ3oPL
zxZ}$RFO{FRVySt&jFV&Akp?<zEK-NWn*sFkA%e#sRs|aDI5>u-mnK;flgpQ8mCfub
z)+~YgDXT8AOeX^(ca4&rELK!TxMirUpXS<~ixq3$Yc#H#zq=_T3c8`8BuIRjpw(^;
z|5#s1;oFn#ZP?qRBKXP2kXvO0fexE!k#G)gl3@JgxU}9wQrha<W1_5|-&EUT#W~Gx
z)q8eH4_qGfk_}Dy(_E=*v7Ra+xhpag!SKWytZ~|01W8J)ks*ItW*3j<YX~C~1U?AU
zu(2FKFe&#&eX+vhVui#ovYNsOASY`(`OH&%Rxd-xJx86nC<|3fqKZH;<$f4xp{hf8
z14f6X6PR)H;01wi;K^n^0;!DZY^!ElLul6ftI)?LcHg$ihp#!&ZVS(ZAJ)szDgdYu
z#XAx{Ya8;CNJ2O%`~WgT=k*T4x<rpF!O|}W$vng}ao|dGJui>N6=ebCvb0W#DfAc6
zXQ%P~NLU5)4~5kF@YN>n0RqJg3s}@M*J{6$?8`X`T2?3IWDTcNAhL!@Nf6l%8M6)J
zAw@Dx<McZ)kySEx#-ljI2ZxNSn(>fh*s=iHH=@^Ol;4O>ka}I?-5-RSuozHR-3YC+
z&2&~j_Mzbi5X$i~2jHI>24be2f0Q2-K9+Uh%~}Jyf&vKhk0qW@f8zEVPaPPSW*oU&
zxuHiGMv2m_<sHkGgxpfox-Ntz&X1+b4YC}|y0*S1kVDUYUr~bv=CWgBUE;#^i@Iqu
zX4n+~Hu-5enGUM&eWRLE;Wfp5Uu}@8?~zDmp*9Fn4=M>1fij}j@Y6AQiV&`J5#nax
zK!cnjT%-YQzxYPT9B-G^D}Yd2@(Nt5!9eOFHGYR%AIQ2-bEd=D*JK`TBz<L)Fqk(P
zk`LZe5Isv8ARwj%jIw2!G#-7Fr#ys*4=sjD*_De9`1Z4M6C|Zyg`EEaa>Bw&%Q)uJ
z->=$`mgyID6(8$&$Z&+-i?2seS0~y5L>3wt*fESkyr_g1nWu{BEE$sh+y^tvAHbxH
zg1`=ca|yMU@O1_ns{vzFpGLWlG7O=P#<h(0+rilQ=cGyz?o-aGUG#kVQAl})U`0}?
z3>i6sQ;CaplaiDi5wDbvMeAy4K{!g+&a|}&6zM9H60g<xwQ+7@gvUmjTO>*j|CAZz
z;pS8RH<+p{LuC(jNQr4(jV%Z%sZA`jKwl016CgnA{f)>uI8=5a_{tvvkp15%iZ;;#
zcK8^WBM5E+o0VSFu+*8;sFp|!%u3~n0o*m94e((rZQQ?!3TdPxBEgrsMs-64q@3i?
zBj#5zut|Arrlb_&rE^;XA!}xp5L=KAogm=|OwgLQNkcyzF?<@8X^3>*lrxNS82S__
z@G0TJfhoGh#&G7<=Ve2r#Vay=HED|#Z3#A)P27PvkzvH*^bF|)H_ThUzh4C=*pXw6
zZSPrfMb;rcnA*%Xb@IGQb5L@u%>-uoNQj$s6A$t^oo#$;OZx9V{?;SL&z4cPwPtx&
z$hZJ~S(CXnse%xCd|Wa_a?%yN?Z(3U>n<m!_by14-+-|%=e8P~iVIi>@Yg~%H}3g0
z7>Cg`(gi++ZWe&geK_YeR2szQ`{kHVJ!QDW=hbA3PGttCTkUWdzc6hdn0`IX`9anp
zHqXdEAAKKA%e?1U2QwQ(BpjFuVkL=3g9X{9_Z$VVl2(&kJ*$RRe*ZuhA@ES!Hx=xf
z3hP%HhwxbTJ{O-Km$d<okzyyW9oF7YLV^EJizcsd*J554dQ3cp8CmfbFlVFhnF^vM
zJw$<;H~uBwzwKWYn;(~HFvItS?Ncg8&F13MOU$cb)Z+mgb;~pg<cEHO3W~_kbc!g?
zOf}!Z&~$hduyg=6^a8j^_!VG5tZ9*{=zdINJBFE1;cdPtfq}UA6wp^7ft$2SctL?>
zyhl6}dX2X%GX|kCB$C>e8RLeDtFcP{m+)5Vb<4Bu0|+qML(^LWnnKf!qCA1a0sMvv
z2n{RIN1*iI?btd6<k0`C0Xh}oeo_PzP^RFTo>SoOn+n@;?AYLdOo@2QQqaws6Dd&E
z6TWiE=BtIgeiW|%H=Hkt^_AH7FlXF;V7NRsDmT4rS}?EgZ?lJsfGWD|@EKobt0$5p
zYufkfAZST9%^*#wuFua!1OZks5fk`o)Kgh`_Nn;$3GygLk+T7Iq_fWpmbMJ81}Or_
z>e%<s$^G6w`n~O~1Pf=UI9N$n69mxXQ<cGgR3e(GpGDvv?X48^HSJupGIiO%qP=`x
zFgImz5d+r0QNoWM<oRr#OY6WLe{JR41ji?OV6M2r<EOUR`xp+_JZJjFFLideVSU6&
zAt`R779-}GuCpeKE0=?BY#(^>O08EB&YT>JOvYA=ZhLB3%t4M@|MulYa^Dqel6sqA
zt^|vAE6!WHe8`ERP%(GDuyP@D!FBnckxX`^14itEZqz&F8#N|U6~<*R5*(nLtqPcX
zebRH1vBxR=qhC}+n(CwOV@6DqQn2bU{ywO1uNr>UHtY(lxEXu0t$6vpQq+$Bs-rH)
zq^k78RM4|y>IKKXvj}qhezz>U$y}HA{1biM5iNuPOiP+Gd&(y9QxayYM${UnaZbSi
zPVDNtS72ghB(1#m>sD4q&=HHtG173OD#|fZIUz!Zd6m=<Fuu8|d`y0C^6VbQwHl#>
zoRr}~%Cv)F#txwGX^gH)nQLnmStOezEu`nLK}oUH1khOFWPU0qy#l5fsYZANm5IQq
zWd-;RJ%!23+IV5c+9U;N6fLtr!+|{9)!2i|ufnpEE_mD_jGKnk*{d6vAfy^tD#m)V
z>Uht~ib`>IO1T%)!^5o<5~M+Y6FpJEA2;t(TtOobzq#hT-lUz66kr_#MURPUdV;h-
zQR3qQaN@bGDaUT}9#}N+r%Rjy+xnqgW-{Xplz89Ya0UP0@XX)_2^HV)ZOvX*=E&f+
z8X77c5FPjEzno-Tnkb@wg7^SI;AYp~@C5`n*)v}*C9k0zfj2<GPOqcjR#Ln)Xg_v>
zU*D<|KLz)>vS&O8<h`!cMo>HlI!r)*yd_fX6XCx{AGl7Tj(qruw@j_eVj}C5X&v3~
zKR}6JRxY!jDJR{ZGK&6{Z;1FOgT84m(>Q;4AYfyC!^J+8811FHEbL{zwPtdpDfzbi
zxKH<}ZYFR435Y}L^12J53x53beSV;;Yg07nfS|@a@;UF5-0pQOn%}<+d<o`u3puE1
zp6MPwJw@G)p$PsvqgIP>ABTfBl>UxNd#)2CO_wATu0L)RnCp3Nj2CDf4_AMm-&!}k
z3X2YwXAhT}+$dt(xaH>}%h@0|^#np2(xN-tP`TS=xy5axSyHVvqI)V#rvLVf^*>0$
zkFK&Cr3{a{Rla}zK?tweycIP-BYU(6zt~0{*N7KuJis<O`tZ*I|Kj^}%y$bRU2e<5
z%!+Hv>U)$S!lU}6xr^HoW4a122mhcq;;HL~o^ub2MwY*!VRqi`34}VHh?K_3|DXf<
zG+zwy6a@z$BGCW?5R>JKQ!7RFDkr#pj?L*2y|P+8GUe@CYhl-E0t0es-tOZa!!oaT
z6<!+ukPGF92Lq0LSsdv#+T3#w4fDT4<fE>Q;751uwE*{*&^aHP=p2h_qod0D-a9wU
z@5ehWdPmq~PC2?3ueA@$#Qke2W9_0@oQY!^JHPB<eUPpAs$%?kz2bVn*d_1U>D%VU
z`nn;W=~WoXU;-|mL}+0d(DMIx-KG`Swt(VFfZ~aB7e2O?&*uCwD$TR;CH@W;)XzED
z1KsvCdJ!(BcT@rZ2>xG+1GOIuOK+fC1(D8(KiX9aF5^3#(l&|Gc>j5f``)b}ZD{!$
zKux5$m&}3c=EN}ONQ<k=3dzcQ96lM!iR~4k9~=KA!qPe#n5lv$is9!;zg&lgEFI)v
zha{z?O>H^w;&oanSWSmpqR{aX!QT}|cP<lVIV?y&FdJg=b21^8Sq5p$3A75VpIOS$
z^kQ`IiHu2n9LD`3%?}*|;RcjU4J0uB&L?MJwcdP0DA;k<Pod*>bqoqvi3(bRPJOGM
ztw=flzBmOnV4_9;i8x~P4o)Fv=9y^O&bSzsoWQWQ(#!v(-l7AuWNM}v7^ob%qYvtx
zrPh>Nvm1w9VAVw^vCAr6C}YNfxKV;J9hs@mu?!Z+*erc*!Gn*g0`Q^+p;z$#uUlTT
z$fc*OKa8<N#zylQary?y3quxfO`%xZ`w%YvgJzbqji`P$_kK3R@KBQfT=F;li6$1_
zkd#iMd*6Pug0U;v3!&PF+A7R1yCh7{;sV|+*$m3n5C}=IHOk<qVH8!)-`SY9qgG%R
zG=Kl+ji)Ezd~v-aF*VHCfRCR+vN6@WvTgjn=v9|bc#A=E|3IyOH$#<vSoJraME!RI
zLyeC0r=b-PXCN<oVxV^P?x|a)8lzj~sl6$6Io9#Eu`m?b)ch9_li>7yaCghlwnNUe
z98>A432Ja=xMlnv@qbwoWW4eEy}H(@f)Y1oM7;6e(eT|W$4l7bze_Z=82E7ht5dVB
z8EQZP?Qhgc!=?)8W$ABpbRBnzu}<U5Y>IL6QvFvW^_KB{^7I2V*gj4ldznScFinfN
z%_R}LQPNwQBJ9g1QCL`M_vaB4VBMTRxYRr`wnb=l!PGfnFG6|R$_FVg^w16HQ`xA3
z7$XC^f8&GNomw|;&hpdc{0Vqi%@Y#KOKX7h3S~<tT0W<OVJPr=fJ-P4s_;#R&6E|Z
zILXq7<WR8qf-NxdmGLb<vVGzqBkJr^XVHgQtw=92zVS}0Zxc1AsHn8ek}Tf)%()~2
z+P6(~eC(f%cizka@d*+TyGJ#P-onGC1Bxjk`(sLi8(P;?q?{DZN<azh{$SohVl+7-
zevg-fOt=owy5AcoHGV>xj@ogKAXAc-?w>cJG!8#g&ip{PA{&Cm3(bw-iRjho*czNJ
zS1VBXg5x7+R8aKiK`%YEx5pqo;_c2$c1z?|kJ&FXls*&xevgx$@0%d}2>?{MVgv%-
z+9zO}V!Y;7sIk$M>7>o0>+(Q=ZR1KWIJO`+J>`lvgl+>Z^;PPo#>k|X<f}j%q=Gc%
zRW%U!!=d{cMA<I_X^$z&`%`@f5AZnot*2_H;RVxFRg>UDjwq+WJ}j><V_m}6M=2Lu
zM%kDyEs47J?F=$VW|l{?1La=Uu(6N)LzbQG)p7*K#*wvmlK$sNbw=8AKk6Pf;CtX$
z!QDM<QVDeuJs^WKqTFs>3k}zI_UA|!<YlPfX%CwS@~;0@@E_S4Tc^iv;6`luEm9K%
z|0L?WvH?xJMao*Y6a0?;&Sn7m)eSNSWC=6V#=$A(H;C4SHv>1Yr~|D8Ie&((*WUND
z5t>4C@6w@kcPLo7hWfp{W`n|a{rlP<2tHhZ1Gk9clV3}nqv1={KBH*tlas82Hb1wJ
zJ>^zq9b>;2K}Ph6<5m+hqws2NGC|ZNaWpFKPLh}tyCc}B%b7&!;YGUNf7>JX{_?VL
zm$&d)kROeQqv#@wnKf-kNHLF{`5hbK4eMq6j>4GjO954})|v)pnTP1|vyP@Zt8G=-
z*0YE85A5GT&E$<s%u6Zybj1%Sksm97EQ-jI@8m?zXCsh!0I3qW<X`2({ro+=WPcQ@
zSUFf?81OaCHP$$e$NsEUApZG#N|IaCYTu&~$5`VagMU(nKC0<4K5F#>RpVWn{6`$*
z7|3z@kJ?CGyZkGw6yL;dK24pf^t5WsxnzH}7z6fF&VdpBwe_2?`zRh~Odr32%x`XM
zSCjaHV~}UuSMj=g4+ouJtnmYEQBM#XEWFBDaAxK#xOmm9ovCfK(THj%3q+21S$0ss
zEvdx82jgdj?x}KSxn@B@jw`CNT;6jOP{g3t*gSOUI1Hv*0pYdmO_{H1?0>yfhx<lT
zQPLMzL3O2Vg8INhwO=HqWlCm=)Z({uu8*@q0?N==QndJN*d89>&>2?SN<SaOnxGaq
z4Q6#iwY??n7T#_hdOJY5X4Pri0j>FI!+T4#MQ^zrA_9359Lo_$5g>RsyhiYEQ*-^n
zEe|6&A?Uwd#=bj~6XFHA!>>)iO{q%l5O9I!)GPd-m$HdWy2g$gb1C>PRCwzW2kk`c
zu{-NL3hiX^vHKy~D^DLpPytGSPJR3aT+Q9`P6mLT(om>DTr}3)iw?YoFa4qa6M<!{
zjeME{mS6lW6TmACI6Svy0yO@~#xi~ZI6;&yv?bK@Xl9{uvl=P?+>_BW_aV0>Ird$q
zsgtoUqL%zjQeuEC`PoUL1C=KBoU?zfNe9`0gfERM4K8z^>tF#+(EKKaALG6eB{@EL
zE$lfI<_wPeV)$gmg4>V+@2oNom3;}jTa5AI$jnvN=`FNxO)-nFAt2~$O<T~=u?Wh*
zL2$Q}-K|(e%=BZ3{P>%(jQ(R0<l+N1f4ioI--4B=ePBf9D%<6SYV4`cIDfmk#djwA
zr*-{hMgWi;IYmPf71ZtQwrIil_`Aum8?_v<xTW{J=p9Gjr+A<37hb^u2%ff!qpLRo
zgVS;5eeEX{N}|E)XH8vJZrl2K;gK14FLha#l*$k}3y1*E?H9Li0($L%>*fC#ye?Ph
zLT=*GD+5{DE;wr;WM@rmfiTfvnzh#n<iqG4RMHtf%YyN5et%ed{dU0EGcB_=0m@eb
zqsj&Rw&Hx_z*iFxFI>0xcUNzs<~LXFynLIVZ$eh@^hLiu4>=w*$I6H@xc<Wr3iJ)I
zTu1q3q$Ox%C0zK!X5_%MuY0xQb-InIcxBToTeHSv%Q3o|r+r(NFF$*h1uFG_84cF!
z!-)XkX+l$?9de7jBJl9WS#&YK-!tA{6MPRr9-#60jDKJWRi2&;R?hlarr@{0en(@d
z=r)B-L;d%YG*5S0fvN`BeD$-UQ;F)mNgV(HV-$1A2|$%%c$t4nFrWPcN8mu<#cTAI
zevuy<YfPzyJ}b9~|NnuNbnvI9qmOpxN#;is{s)~{7Wb33%k0dCu^!QMI{AFNHQD-f
zL;zJ=|22Jc@Bi*|Zs%>`+2u95QfB8mMAYo7Z^VywxXr`brr^ozwm%_{SC5lv*;V#|
z4?ljH@w{pK=mz?Bi{I|D?D<GDcD2eZWcIZM@gqRG>>o`8kch~xlHTA85-lwF@gULk
zBOvnYmzAq8eWIHH2TJ6R_A-P-dhA!eptBmb7WH|+(ftsty7Ipw!1T)hIsZ<5jK98`
zrIfSr6yN*VnAj`<6uLn3G{B>T&egRhfM+s4c<9(7TSlBA5b05)&UpF>KKw<k#k8mA
zbk`jKJ8(f4d@#f#A5gHc+U2zZE=qGleBVE93>@}ym->f$NP;K^Vq*PDhenETlTshQ
zEc-vf9RCCxTtR@W_zjC}m?;bhN9*qa=BfP27Jsbvj6LeZ*srTSgOqDPBEYrAML1iN
zM%KM1;LHDj4@VSOOa2f4oleZ10)|A1+`+3bu^OvoOU5LF&XB0{KQf0+qR@X<=V^l%
zK)VUX{Eugo6l=-&|Hq;<L#KL4ucZJpu_c4M-hcKVnnJ&DEA*Pg1?{z&TV5rAr1)oN
z^ceeWdI3Pi6!I9bSpY<Wq2ylb|6^5_e;)0yPT`kL)M&hcoYd&c9c>Z#nzNm~Zt=Q^
z4KQRoJMjc^pcN^%b1Q9k5_4<DECy4Q{|w7|1rTC-GgsLP5Pq%E2%ZlyA^Yl!@cP*v
zz1rqG$W@V&UG~cCH_Z|7csUuei6Tk=9$V(DFxL$`0oJ5CB|BtpfUX9p%HHFDHJEhT
z0L5jlL8HvyD`V_Ud&Td0+>W-+GUrDCJK}-xatEC48UNa8M3R8hFSSAZ7tF+)uS3?p
z&OG8<XDd`Y?=d<=V>4ad@>A9`g_x3FU=M@lDXFTaYkB@IBG%SNos{{3V_$3+h${V6
zcP^0>Q_+{s<~^=_e&aV3Cr!7?{QJFAg=WPzuQ{j86Q2?*k`l95az>2yxMxr6O@b}v
zf#^b|IvbJ-d54HL=L*eCO^xj4C%-CBR)F2`u*x#ry!od7*(2!&t?wGW*sEWUcuEVg
zLq!QPnx1z2nvyaf9GWP`TFX-Akrk&J{6Q&sOpU7I#mVPxb<%D}(VUkve#B2lLC?I|
zJPoBYeob+1k5u(<5Rjhs*0V`Fd>93g4hLe}L<08%)w*5HO~NB2!@e_e)W;$oQdD9&
zlE%z|tv_Tlo>ktt_hJ~~YTkVaoF=k5LyOzOv%2ig|1`v7l;ZGrZacjK-jI9jraH$g
zFzeZc@e6=Ce0wB4MvIqMPcW%tt=*$-wh6d3si7F+Sv1*-On<@sU%{7u{D#8+eh;+1
zU8XyqWdzlP|KgOH?33y!DuR?pa9yWK0nx=(xK1i<y-u&p%P`>_@Efnq>GH{!q{Ttv
z@WHr9WuyAD!AP0Y?_BAPZ&LIeA1DYU+05?hna2A!kSh<&?BR)vys&pI&i>gO1!0xx
z9phFzk1h);^vUt-g|^&h2Q!)utVOg;H(7Tl4T1xqp;||cWz5?n>Uf<mi`on&9njjz
zS1uwdof$*L+<w_`pG_Gx?#L<50DxN&Qi7LFGXMg39Qe!+`?4C1J3vRxn3Sx@eOA+!
zJRnp$5%on%OUWYw`3a{%8%?Pz*P#r?mc_XV03hBJh_&Y$vIY(!S<#Ib*wQJ6kb4!u
zR`=0f1*H%!2PBbtnnPC!Fd#I9?5~N&5GEfSCckNN6P>yhh(!X7lG`v{{RyJ67vn?|
zbYQZ%<uTeIY#+<*1F#&?0)AU8wHs>YdyTv#zy*2_V&OplN%=_t{Sz7etrchAQ597b
zXMtXXXBzg|K{Fx6sK=<aGU|8-b6DO%m~<gO;;T&qW1`ke&aHyz5*@G^%H=FbNJT!0
z-Xx!Spqus!JtV>ay*GeSIQ=K(OC5q+)v8KbVv5qu;_Eyh8gNX%&zuAANFd;eFY-BI
zDBx>e+!iUeVvid;w&c&gOLeR%!sfPDxn3#T3{le+))G)Su{`k~kW8ImWRFo$w{lR?
zBXt44Eruez94m2R%^CFFwDqGD)T-z3C|C29wK9^4(d^Z{>ajztz^Q85DVgnW_z7$U
zaYn7Q%gM7Kk2eMvFGl4vH<k6Dm|Bs*_}G_V-mPYh-}0vEq7kunNPX@AJSx5A3e=OB
z@^>lP<p4hiLAJi@KQP26L|1lmbe9gj)rL_iP6)sb1=yPa_H0=SngZov;51?2hEk-Y
z$p}NH7Dq#|viC>&&l)2Pd+o|zor3i>&Oa(h?66in3`fn1ci7kp*~3!J<=*5%{;>bh
z5CaYK*zheol04~J92Ec#5o^|*841X;tu58(R!6c!zUco>V+0RcRQ^}FGEjMEuUX@2
z-ZV=zVpgo5GvbS)GLdNc6LtgH5uwKD&Lh&xDUtF#Zjr|5VvcDS7m~NdYUq(K%1}25
z%jw_AO|$+aJ1slGjFZy-4-R3q;IxqUU`MjS7NvhKO72J!G|%J4{>Gq(I@*yW1JJ%5
z&|a7Q=VLW-^s{-Ua7JHG>Ou_5lsk{!_l8she8JuQZ}G;?#_b2)csC?&f`bHDNfmk&
z3mtr5YOv^<<6-Jw@>b+p(AF2G9O(l$u%tk?@rr%Qod_fm$C}l>&3GX2rQ|$_<QbL@
z5%##9S~Ri1L?$tw$8Y-uXVw4)O4ywWZQVt*WoTmk2n714W>RwyR)jq*P-M}7#pZS{
zz&a=!Q^eMf1iZ39zRhVR-)l~cW|Rly8@1>NB((Nwbn{V9fSowZje`_gEI7z!xu=6r
zmZh!;Z6(5Wr~9rsXeux`Sp2WKrqSn<J$f0`n|`j6#iFsPVYY9rw4a<}nR1+eo${d%
zKsn!+_svExhYZu%?&~17<q6-+v=DC&gSFP##!aJZL}iW*)DYN533th&rsc3oLiqOo
z!`54XMG<|C|4J_@OQ*2Z(j|?6uyigB0@5L!QYxJb3M?fcu(TpwA`(k?3P?8+BB6kQ
z`k&SB_kG|0^ZcHNhq*iVoOAEonK?6a&u7lGJOKGxu$c15wUFq;v<a}x7P#!3t%wmC
zlLA~?-VsOHo|YrN>PeSdcVs}Gmdj(M&cagKw)fYlY<&nrP(5p*opPLIHC&IgQld2D
z2Dxz(fX(FZ*`mZ#j_(3EC|jR5FgqW@$p1=CoVlpJ^g0oiiheK|oE&EYsD#FWBhRQ@
zwRBR{h%vYDgWSXkV7RD_qhUi<F1o<^2|J^$PlAm)@t8zg{}$!SgT%iQk!QDKvvN`3
z`0{LT&|iB;1X*-c9GqpxTpGk<_<&NM&)2Ag&N#eZ<>WjXcP!by7QJ(1`z@-a<>wWe
zrqm^zUa)h2T?v~-b5D>2rB(7GYk<^dK68pM$qmN;758BrOUj615rFrTB8Uch!jMF+
ze{TCqH8DqNK7PWE@b@3T-}}@IT$r*!BWFFMN+<1@SbTRrSX*hrt{^f^Xp%?q787%L
zwhBBXENYM8@*SBCz4C!QgwtFZ>cS<b$f?YC`C02{+lIE1(ls&h0#fKHAE|Md4&NEn
zoa~O!8IQ+Pf-~p>6DUng$^Ly8y?!(G^(LZ`<Wpj-B<C2fuf|<;Dt{QGFS{eC=M7f1
zcUtF_G_enz!5>`L-n2kA{uXNKZ4gB@%6ikNK?dBnzQv5T7Pse%ckpt1C(*`^Q>NC0
z5=pepaO;|5&*Ka4g(uYX%O<Q%=|{7VbX65c(l9HF{)pQ<ix~Z$tvU%r6QKj0pLap!
z<@ujZ6UzLsH7cPW-;nd#j;I`ai_SU+CrK)0tC6!4nP5X+e@{rW`%ILAT7D^{S~@4G
zspU!VQ22{yyLFZ{Id=&G-xg&()G@v{H`Oq$GeS=|5ru;q54`OBjz*OW7lS#Cd-(~e
zCZQe@I0NfKVm);A&<LE57l_&`n@5j@NH(iZ^Nc1#?b717_$m{0HbU3&51-oEz>(hE
zoAjY}tojWy5V=TCKCOfeBB!ND&r0x*q-b^cKe58Sw5DwDAMLe5+zTYkMD-gx45EUl
zE41f)s9i?6VD2$hsGW^I68_he4PXjP+FnbWaf$W}yhw_EK7pwPK2CBQf7R3w(vF!N
z=|dL-r)H?+s%ao)FAXqNBaytl5KpxZW9%8bXRDk-TZ@YRVNcq_w}#8hrazME10Ow5
zGV8P|B<Ge>^J_tZ?c>us%c=MaD(-NbJL{*oai0K@Ui^DhIv?K27{muyX}$Zx-hMqK
z>F1<XQl1A#iv~E2lwz9fJwohJHeM%W4N^8AX|d1d3Fn~#9?``fA>Lm#Jkbb@!PI|^
zi5s8D14*I$9#xxu5KU3LNI#+bAX;iLGX`D%TL88(d6|wOBjAzXyuXu{VhixEtbEy|
zuU5t`-Ps9wj98|d=3ZbTf3ljV-lnzJE|R=#2AvzLf>MMym_&Kq^V;ua+cC!Z1Hx*h
zZ$@3p1N7M*;!+n4xGZ+WDngM`_jEFfhy0X4XNjQ+`kDvsq#p;q%T5!`Apwe}e3Osh
zjotn@Z$K@g96$a_c--k8`t3`gJ&?gKmnf4hEu>c!ovF1+gs~i_M(9h^crz4-R@MMj
zGgvemwIg8zF<H_Wu?O4^S~e%_8_^f0vc8)8LcmS9;1yjdg<?q-hjhq<eVRfUP=-#&
zB0l8n5Tv8%ebK%z>;(-I7PrIV%~KR9?pX32)=~2q;#>}vH*DpZdows2p}Khtc%|d-
znu?NQ^BZvQ3uPZu;hQ@e%*cQRfLN=vG7zJ!@-Co?Cusmi40!giDR8KgW8z}t4DNNu
z)PG>zAjdc7RGs<Xm@e}_MNZ6P&ahuXuquFm|4&R;ouD~9V~^7Re`309j{mj9wy_6T
zGMM>qRQE7}I?{pz2<jSbM8fP|Cc<o!<=5`xy`SKI?3r^+C_E6YGkK&Y*~3DUs>GCO
zbv*khv4?QTKEcd(xgLmY&pr~(hTt>ldd1LgDVCJ~az~rQJrFPi`U6Zhv(SiXj+{ui
ztt5K$qUk(LaU?vHAJS1hL*s*DTt3HB)NdUbI=tdeeXt9BCn$6<(uwvsM4r_E+5YqP
zChPBa-*yo3J$0?46x$WrijR)s*zK-T@u^L>?{if@796`G+CeW;7(OtJ_uF54fC}Iu
z<LFXPe75=^d?ak3GH!9`Hk{jo2%mj^KP-O`EMem0(K{N?C8F%Ti2Zmn-icFLYy(k5
zF|LK#<G^ne%zxq0@lH=-Pb*HTdg#k6&0(;=4aE^q#iRUn4J-%98vc`g<bSqEF(0fF
z_3)>L--dEsdP`v0{dG3!6Ri^GpCnlom_sTZg~0|kve)$T&T0N3CY<^sVAtSOH}HHx
zCoEyVfvYWoVjPz6c!V6gc4LK_^jia$1&V^qB4NK7|7BiaX<oP3$M+{Z8H(xde86!3
zK$AH<sF-RLTFf`rLif<9i7Dqs^+3x#Z2Ioq%CQ@)j0UclY9Ryx{&&PAry<~r#1p8B
z+jTDwT|??C;dU&GW2wFjF8?WtQhhfMxlCVxWqiXu|45cTJ!c<mmTlddTFV`T7$2*I
zDvLTQOOD;j`-830q+kkT-ntUaw=VJ80?jhfhZh0}m&9-Ops^;$HC)dHo55o3aUjn?
zz>1>CZNlzs82Xb9Zv#MN7)}2st-=5(vp%#H8%>I1lnIN3QkqRCIlznLPopj758XCA
zz}cll6{xh9_$%yliYKgaq|1{&r>qvD7pP_O69Qn3J~BSIPgHBk2=(vBUpbq-G`#GS
zJ+33gVrL1M1-i%5ncM;OJHdZL0GwS8JnHsX#!;3$8M!3JC}CVL#S>w^?DCHFryBy_
zBgMUGAj;Y0z^sWkP5MBC%qCzzS`D}|wY0{6n1Bw!fO(Vn5Wcywx6Wf?6x?+(Oq0Z8
zjWy5&nd7iXUw%H!xz_cbIu+(!x>_SO#{-|!fC6r4|8WA$VmK<>c+x_<5KgHoyh)Yo
zS_sE9KPFbkkszNJ9+U;lrfH>Ivebg>0W|4^?yta&%2I?c|2@pH1(@|w0?Zy;eFx{d
zvcgBe{^S6Yq_=CXM%k-6(h`g*jNY)xJ;4;3hi_l3S+Ko8T~3p;@0!maHia8=NLPvg
zBMQu(Vz7{S6loe}w)7OQ5E#$|Y<>#vePB8ja6T#X3d67jY0O-!x#Qlnw+JvZV$P}G
zzyR?8{D?V>$#k`bq=9b|m@=UT{DuCE4IqIjV7xpwKSKs-rQkeCgMV*$M*RQrGZYxN
z1W^Xqk!i99ts;ys^DZFSUI?OckN)dr)B!JJGN26M#Y~K_0z2ZXI|c9_utgl@*W{>f
z!uJyl`z_xintz+K1A+6y>i_jJNf5z!uD}>7A6EFxZ}D|<<AG=xu+IXcseIt|m2tqn
zjkZwx=?1jY$}BJvMFzGcn*%5j;{hWy(AIqQOQIwch7zfKso95-lGdF8C=q|&4Z6%4
zMS;VZItXw8MO&~pF$?e|{Ff5Bzr_2J?oSr(olr#~Dmx=e04a>bTK(odj&5^zm{J^)
z$*}wKUr6N6sp(%xq+N6*OZ*cK!&~4O7OLloQ1{O4>Ipt(BFy+sBKR|7hTTwNwL<QR
zajy^6?;%r;*;+LXGey^zeQ(qbOn#*S8dHR{a5%s!l6>DxJCPnGFL1o~Sw2$+!fC7=
z>h#%+sw=m!EU<T=&hnhAvnobdke<^@nHD)d^d3^S2k9OK_{WwloEGDilD_KH_+K6B
zVd<m>>REwQ>kJd0v&+v?vnll(@zfd;TI;y@5(1W$HVk{J2{;?CyOL$e;B?b4(#>hT
zx7O+<<AzBFDRByOySLfOAbu3X-aPx(DaYH6_#=honG~El%CxRuG|e!a$RxxH!-*Js
zGq?sXB~d*_<HslQ-9PF}uxD^>U48nr)24Fo*~O3B{k5h2%ckk`15=wGmB-Ni`BX1J
zJXne8;Yv-C7@$Cy1RNf*8O#B8M%H%P;~#1j%?4i3ofVdJM|>o$stI7w_XZu*)s$8e
zweh%=Vm;&0Ja@2hjNdeNMJ7xk*xU})x`OY+am9ZzgJ*Xi)mHhwwV%q2A)_UrvZ>kH
z!xM$>!^CWOy2U>^v?~I*nZ4}NYFEA1Xb;g!LRV^HyUK9Z%59_G`?$M`2O<h(@p<}i
z>AOXSGe=MxluQ&%$0s`bPRfQmU9@eFVNG5Xxl?z|_q5}!bFwp+(!@4r(%x=obR`Qz
zTz2IIaG(2y^x_F+PLZ8})v<9h%GZy_rRRI{$ErY9ZC6oS0PNKF&H=!XP^KN#(3kU!
zX&lmJBlDxe*-CJyI8eTK@*pF|BLK^h80oUmE`TKgP6^FiySkoWWdNdbOCBUn5UD`a
z^h$A_alP399|58_n1@5rF=4Y&jEZ>w4MX9EB+C_%*H0kTLakuSZE~VzgH488_~bWN
zzg(FjpFi*RT+qjDNp^WbRDgj$CQdu3RwDg>Iuok)4<n@`S3AD+5_ddz`42~MT=cv|
z4~7So<kwdImSrh$rL6poDPd)gh7$J7ZjzfoP~m?#k_V6Mo)IxdChBl^I<irJe1dE0
z7isD@M5zhw&!vnsYexNv7f<;Slsda7;hM+I^T0Rq-l+89%{9Z@@Wf{|0F80mk*nYE
z9fkcnU&2a$4ND_cL1Q3~Lv2)&ZQbk#0LHi%UpcN~-oFZP9QCuh6IWGAwG@2PuD=c|
zg`S1FwAylA5U?t%O8&)AT!TK5cw#sZ#Qloejvf4lIE*d^<mfV&e{kSCy*}8{QA^+Q
z1)mpjm&Q84hwqd0gIVda&IQzrk^gsFG1^f|&3P!b>r)^XvO?s*Rb{dN&9do1WaEkg
zpl!2>0a$_$fR=L~h{;F^e3C}@0=cM6A0k`dBwJMiNhEAR486AR$U;WRoXO1c(;IYv
z%ok}GZC8x;|Aj~}+W(KX1^)3XJ1>8jsR8^-9fn_tn4K%_9_pz5Qu$-yFFa!#fEAK#
z;b(aG|7g9}JRhKECg|(ri2l+uG#Gt=o=N}z(KE%2{||abFIfsmF+KYSW+$24JyrFR
zTi5Qg|9~NB9SUak6Mld5izoTY`$O%TSTe-h!)Pr(eD8=~rb+L6kzu@cr_DCL7O0>3
zx6Q3TNt>X%+em_2ok$X+fFDf!AWtr`&db1m`3D}SPduyP!wxb4;T~S&#n&8TyZ3R~
zp^#l!<g`y5XEw0%?D@!*qWYgBhZV)qOdyINay)zB)oyr(vR=zB$v4xMBW*?IKiE4@
z)S_&Maq*Pn^fbFzsVcKV?<-c7`dEJ_d8?Xmd=_R#v0c3OoKuQ^L^fcVapo<D){Gjh
z!X2rfDjYoQ@sO9oPdgpG2~=2l*gvw_pj1#kwsONYE!Y%(Co$R*kO#><x_t)dTt(hZ
zE$)+>D|QPG$<!!T1%F0&z@f~J<Dk{wco5yw9~;LGNW$OQE@G;EPyu5wlnKR7pd}bk
zifmQHP6+J9Gb-~`0KJ$m5Srba4YR7{(dJkR6G<k~@a@uubW$<QY(LbCDtzE_-v@h0
zQXHD@969CGa$A{Lkc4EPkOaCx#ejq{f0BV5)jsIrPX2iNBLGS4G3cT1--8ZBxhjxX
z&lFTmgn^Su-Y~V_cDR`+u&psoQ*)l5w5^$+4E37FXN>4g-a&P9(*AcD*}DR!VHDq_
z<(p*(^PNBI!;O8~DQ9}<EGOyK$NHb8@ZaU3OonwWXW<$!scl_b<6Mg$J1U8n$TW%%
zXt0`A(oq4b{nUH`4YYjc87*ryWRf_EM(JuDxn9K7ArDK5NOQb_f~Lj4Zd|3Nlm*V-
zv2o4iht2E9OXWHt{Aj1U8rIMJSNn`m{8x;%N%`H)dk8y**wOWOaMcz?hF!s`AFZ*!
z;@sQrwrg`)*fN;JH=R7Y6wmW^1_F+YerVo?6JOw`*9-R>*{3<rdKdb}r<?bpLfkgJ
zWNkdBLDlnp*Fc1<uQur|+#9HW$Pk+pxY`%K4ph?hiwp3iP`^4(aKFg~%*)y`$jAO&
z4FINJU%EyA(u2O;LEwEs@Q1OaH&!bR>z^ctadlv^$_kD6_cDM5C;`d_Rx$aZXC9qp
z{*AW$GmuFlq_Ar8Bozj615ye?gqu~k%vBJz{tOTM)TZOu)uYXCmU4?RT!++$s3o-Y
z(KX3!jT_yQo7PI~Tio+kver|b@8Zn9gj*gs6BNaiciK_X;7V??!EoC-1PG61GRiwS
z3!$B4k}zE6J3TguSh?OHczCV-L&`P8!#G0Ouy@ZBv2Kz%c#b*OsR~T<4f~f>amB+I
ziaC)SV5&gG4(gVZg_7ag!wpP9(a_pdYq{ta7qJDS0MD_zK?v=d2^1c#tq2bjZC5m0
zE1Z<&?(^&ugW)!{rj>W*L=|D>6#Md!OWdWReftDxy%xc}(EOr?Hlqf?1*W<bXaiag
zQ!=zpQ!})7)uhC|yd7KK`J~+f=-vS{7427#*{?o5PH}{8=gBr<j|x?AnU#V?;tAcr
zUr|oLhG;`r-M?1wtpi&Lr3I9)%R3{nrQ;+nF*b)YVYuS)Vi&x?U_3em`Y-#R4e78;
zCUnDk`<fhul>>Wg20V9YF6Nl91VoCe%rQ-?PLE3dTR!b?l@)n<4|qYi=)jhfFV`c2
zwe=`VAlD-Xvy^*vB+~@GbZ({V|I(TPs_2jN^|MS<_glW^rqPzzq_upabyxd>>EY+l
zd&>wrKg-c*gc=ACEnnw<<<TenUkg6}vG9uM-6&vT`8G^w%=OW7$R3?)^;7?EC0wC+
z)lbE~l{hheJU9B7`8(m0t4VyoGhUS;vG{Xo06!|9YkzYw1-ugO`lt+89!&z;@Ap6|
zf3=+$+XAZn4>bg@f*lr}+k_0qn#KpP-YNufYM#5J4^pdcUkI^mC!R$v5PC7kBELnI
zo?Oq##_1S6Uc3G1(MNYN$rqe#QmX)SBAfh|IXRcqOZt|jM3SRG_(IS-yh0mdQ?8Ar
zx%V}#R`R-&#d{-Uzd~pIzV~3uv7rS7zDhM<)wYx(WRed<wTp%E(%rL=y#-PjotV+q
zs?Y^<*Q%FC(dnMgmh?3DH07)jSfV4Z#kfyeT7R$vs-kC$EarQvrfuDo{#+-#`{Hy6
zuc8j2On3fMhzW{9=LQ9&E?7Vp6Gawvri1qt(bGY5b4vksz>5TlW$)7Ls+S+jmAi+T
z(B67>Um%ID?`4pd0Qo5IAAl{e_2X{{K~)C7bRIR8HWO)WDBlZSM9_?Lmeg@F{{F1e
zh0m8V7G&6V-{nMiFFDFJ{Wb|#LA{#u6UnPzLD3=&ImPH5yNF!bX9f+su^$toN^th`
zo$0<Nhm~a5TY3J7;~JGGo8P1TVMSOSB=K55J1TS+-@*k2UAf@<eNPqb^=!~xXWTAY
z2E5Z$^=+cfR{(JJY8+G{kwC_fIw|+}1tkRt!Ptw`GbWIx<(^D~xD-vb>CkQIeVbi}
z4DtXgL)%T`__yl9OtkY(_q)du)$Q{gGI$T$Mtt7qW#BUgSUKK5f0u!ixEhq*c=V7T
z)Kqikqq(G`+2=GLBpeUOEiCB_W1q_i)*ClZr+S|N1q+Wdj!h~+GuxwVn`s!Z>HKd6
zr@^x69IY3>&F*#;sCgQAV|y%-j_PYeo82N{JvuMbEN9UrsMBUw*$Bd<iRJ*T2e;&9
zL=9t%y~ngeDkF$Vp%6a3EHz&*whLDcRKaJEyFbsgk0^><F8!DBpr+*;knw;T{~_)I
zs7tdg@*UW}#t2R7k7kpecMpt}UT0=<V~NA)L`L3U-)g>`(N$>EiZO1dXLL(5jeqM~
zE-KLV4->c~AU&_l{KpeGSz>qs07G#$6Xv-IM3yIF0*I3H^#Z$kPN6~g*HyQGf<*v6
zgKHpQqN=OwwHKpR=srPR<kMuyi8rv=PxU?F=X{tX38W1pDy&KlQT)UWyL$jx5W?s@
zj>(9i$_UKmVe>Nz%>$VZfCLH;^v*HQ$9N0%!1MMxKn2`ka=dH$s1_iZ)-m`JfGwHb
zbiVRR{EIKW@@91YR2~Q<T3A#FIR_A?<^O{e@RK$uoYVnKQzlUHk7=4sN8l~21fAWA
zEq^W^9-#M2)<s!Hv!UBqy`L!sKUB{%DZ~Z%t|9cum7=Om_uWT-L4zl_CqS;98fm#7
z-N8<@=~lJpvpka#uTB0>K7}WrWAlN03N6I+uBGK~OpG}%nn4mbegOxy*PnrO3SRxX
zPPHag-=oTdCyGy~>aVeOe4_bP)0|IKNge`;zki7Ult$q2Bu+!`W!SHbO~%+o+t5y%
z;mK1Dpc)>1VBq*GbJ2DrFq*%=qCdhp@r3CtV{>Vo-22B!&9*bR{sUDLqc(&A0S}+Y
zN093@k4!GR0Dy{Dt3&d1o?}qIPirr`->dE0vD5s`J$a6UEkMDv?(03xKG9r{Y`gc<
zeBVrUn%%&1!{CFo{mav`hg#MdP3S%9w1K@0neHP%kPRc)GR;SK0a(SV?hkmyu}Q7d
zy!6gde(aQR+b>c53n0ax>+!&DUZ>t(7EpdGBeh(oehE}bmw`{dmp!ZrZvJNg_u&{u
zA87nN(KnrX*)=bqgFq)2z(8+1*Zqd0HaQl7Er`uw4qN_O9~)&NxomqbHvqLNc<qs0
z-&d%@vCuKf97~_>EMEZ}k;Gy=Ye4D)p_!4L*bKy`UeV7fjL6at?leRB26l@LJ<-Iw
z=2o?UT+P1JhF%f)?G6~w{-Q@g8Mn-G97Jir3ibEVY(hF(eE0-lXs;Khn*43l2WO+j
zzG{AA;pP}@7ifDdnJ#MLor-wj#j~5yVj%g=bnehdvCN9OMm}BitHP}@6Sm6VhGQ1)
z@-b;Pfb86!&U%|2Zx^rtULmVs9FCf?>k-Qv63)&YdY|u8<|QK6U6K2~RVMl@`JLNx
z9(wSSxXkAsjYuk|MRx_`%yIiL)kzz=B3CLCBhtvov!2Qs8f_r;_j2bdoi17}s&&t(
zAnEF{HxT2`bAA&Ag#ACn?->2+5m^Uwy_#G9hXJ(S^qf*1zzjIdCmJ_^#e(3zff<To
z)c<F^L(d#J*DI3~00?l+b+#G>fB?Dw3j)CJb?qXH$ZT95kEHQOseLUN9*AKJlM2M4
zw@g!e8LytI$Wm=HRqAu`$Q4Z2M^gR4BTU{>J?9G#{CeWs>IfJ6IJX@INa!q;I08lX
z8&Lyl7yXoQtECts@FtFjYLZHb?S%rHCm3`pqOMPT2uHMAQ-x2`96|UTyjqKyk1{PD
z-iL}@m1-V5FeqHjd>hk|D)GtT{MIozgyjwUB-`oMp#~6)9#CgbJfaSv1p?_Mt)II|
zhI>CL3{p16wjWTP>4_&6@KKA!S8>D5+LUk7M?i`M&PKN=6Iu4zC%57rFCzxy@?dr6
z#k0TZ#Y<bwa1?3@G)l|WC6`G(HB)<0#x~qZzc}PMo<z_k|BJ$xBVjoMMfGpb?>WPC
zfrJKTwp7bj-FTnG-zr>hyjcTM8jM*sBV$K-BoiM~DH)(wM<4b+8hq_lr2Yo0z!VqG
z3p}KoIGMPMI`?4IfqV#MA7e<~xEtTrtHkgF&i~5~#FWB1FcJJ45S}l94;WNNlxF~q
z*Vn&oqPquy{zCv<s>!9xM|rG!z;6reUzsZ}`X>fC=NRcx=a~1-AmfOKFwGZO6VJZE
zMEPelQQG#73q}t~=!KDLYI#bPsL!rZ%#Z6afB;g<;B7eue{in{@CSppS^vQwe4t)|
zB|NuCYY9=dV0VbYbk)M+i8vHYQAM<e=M|>+p2oMw-kRdpD_0oJST^@i10OlYly9D|
ztT1YaSgKNdALl^}Y|3tEy<_=R$&p)DS4G}opyS>Voqel#Q77ObxuBfJ#w{@R1FwUe
z<3H=~H~!o=qs;uHMg8OCTC)xscLdGVPsIvlk#ftSRUiJ0(n)x(F|GXhYip{&kjGHE
zA3USOY)Ux~IrcMY@0t1-jlW|1(hBo>6ns}R`Bg5cXzdkb;KCDBv?T)3)PN<sX}Z~G
ziF{R{r`D(ttVrFm%0LKyXs-nX8(?VU2xy9B`YB=R5vVDBow`uBvLYkBt}~!oUXZrK
zrdd#fpMBjIy+o=>$Issg2H8DIua#_W`Ce*K^E1L*b}bp&x}e5=hrD5oJYw-Bi~5s3
zd(I5G+LAxc3()t=P&*9<hYL3KS5W>Gp^~JC3{nlUZuNXZyzPv9-B85D%+k=y8)-l&
zn$>M4B$rFWLqa3#Oy%=0wN$Pl4R)=in=kwqTjU!S`y}691$RluetE4s%-}!5TR7jg
zVF8nV0ojR?*==j>mQ4uk59;O4u7m;8SG;3a#b;lL7Ry1(JMcblD{p=`V_4fXModF;
zjQ2=8PnE7eh=Vf6<P<Sd6ekrjBUODQ^a8TtZ8b>ZY7W^T-=*4pHWl<e`UUy^GiDCi
zjkXOxxHvCl#l>pbhM9wLm#QprDhPQp+?Fu6L8mOxmG&K;yiwH^()HV1R-LBgFx{(-
zT31BHEIw|tF)&p`qpE9I(kiix@*}mbzRI9jpy2$YM6RE4$PeJx7!5iHTuAcVhB_AX
zJ>EBpgT_F`6xU-B%$gynLsisY8^CZdR`pW!rMe!s9|!TjW;d^MJz;l1T0~w%bT<Zy
zu(!gv7^{2JkZ@y&?Q@_W0Z3YTwNMK-9gMIzT*RxjLqE{Lps{!h<C=LoLqYj*#Ya-5
z@Adukeet+ePo||eg+`_9kUCRQPjYv1?+t0-jF=TCyNsC?`I&QBY}}(s(DogpFZn0O
zkunCzW$omO4H3d*H|~8~);$n(n{Im|{|=bKf8{$1%_|0dlN^<DMP>|0>i9bH<;~um
z2Mjd&Y5m8F<Y<tZUn*zY=DpoYpwAn7Wm3C{DVIF&+?_&8RWLVPgFl|qYS2GDpQbXC
zLrmwZvNyLv_=h-AtMBn+CRCbJP~Mk9k7W7goYi=^=ATDs!rFzh@R5QF1i?jd_J|?M
zkNU9HR|LWRz>n0B7}3|iS8N7pIZUGLwdjfuQ^|Gc{3!`uddj3RxUt(&>aG2*r$H<~
z8jL;BWjqy)L@tLx>58IKPpCW;kc?tJo9hx840qDe63p#uUf3wW<Ta6~z&ajmkk)|%
z;sF%YA?y;&&ul;5o`h~tCj1I=d|3x5*z$3E4pF|p4Hr=vOp2wO`={%gCh}ihtQ}(g
z0Ki~aDg&8(?MhfVW&4THrp!_pRH|r8t{dUnavLtA>#1-r0a!)(9;l-RdQ=P##W#uQ
zUBz_r@CjKpV0J4Ju<*zW5a$lYMvbt)KRL#YWw^uf2w5cxnmYq}O5-4}y3|b)hdu;0
zhepm*0Z9x4n%4i`uB6`mU2*c7^hX7(_CH%`{Twif09*bwQeumd)3VGcBOMBmV0LUn
zlf<PCse8!Y^Z;$?9RddEekj8Cpky41&3gf)EKXcz>mm<;;TDCU1G5Y4pQjFE%hyV&
zWpv0M<6aNraM&RCe}Vde!u_;#HAxFjD0e|6`0k~1Ooyz{CZI8+crDWDmtBzh9WXOm
zEGn}OtlWB@%KN>&#u8nIRG<6qz$i$8G%tr~NLq11-(ybw6F~NledA@Ps?5!HI2~ZV
zgnBlIe0LZ}Ds!T+&bJS0G%1?QBjbe7Pm)<@HVhb}b-)ED^ITV1DgWs#tt0C4%V(;_
zrA*+LI-P|HrRPm6S0udlBI1z&&Uaz8Kv;U-sWKBT7J}!R*-Cj_vi$Jb!1#A~e;=De
zqVzdayjL9f8K=QgDQnq_)OW<%cX5O6vdq0wN|hzNB6E!9c#(SEVJ*Ap@r!E^RS81}
zHZe7T=-CEwas8tn+@J%hQToVic8VFIZBDU4=ogLEA6%P5u8X6h%5}<vN!fG;=g<$n
z26f72@lh3jzK>~Z5pvMDIa-^zgB$j`vkR=C3$}%7M53jK@LAhIYK|YHS#_#ri5w4+
z>1tUf6nds#7%V-hdK)jW^R>TuORZbLvu)qTwuzIwValzc?6PPd^m~+_lv<$F=qq1k
zCV70V_eIu=Tbv&Vrj*xbI;+lZy=WTNlJixqec)12#F9CBh&+u4D?22dC(0s0C8tvm
zP*Sm-NGVcn#vt%nd>UuG#5dgOq^f-~WRI3P#Af6WC)D5jit>F&#s*J&4Y#F6cEgV>
z;b&MgG0Od;Eu<R{wX+`DteCm%!XeiC+#-7wW#xi{Uj*d^=kbD0g>iI@*|qDp;3&xs
zYppog8;R|=QV^Ma-Kbn2^&jekgT)=H<<i(4R&V&JF45xBinps5>PGZq_86L^_|wB~
zW8-`EHFwWC16Lyd=@XJYwTfPv*#OfO=%Qx|AH2yILYcODYFL_k&7WG+fBp~w`M{eh
zF$7=wJw$X4tmD#fdyUYX_e?RwI4kP&hwLWE!)p7b?q`YmejUm_%7gzAj8o&XNB4ef
zR;z+O#D=WcbSR6+19e=pzo-iberxo}9R96h!robe_g@XY#~ccP5Uu99N&E5pRR~>%
z+kefGUh|8v*F8-21_2%5#dzfRMfQNbzik1PwU$o%P=hKd6J+`H?H}b9z9^_sl4$af
z7*|3a7^J%W>P(?R<X1S^wmGy^!<V|8CV_iS3+^DjPM7XFMp^R48_mWum&=X0v>;uz
z2sp0%@JemKvI{1WKJSo4y`Q+J=`sr}G)tjxJ$p>_syGZV&Kx?I+M$lz6AZm)37s__
zqe$m2g$%h;JV<vPq$rWLMK_yNap)q2eS5Zjd<!KVq&MjS+f;yU9JBX3QTJmDj1m%z
z#u&DtRzUC=hkrL-UpU(<F(ShNII!bXDI0QmHE><gqJ-v!Sq0k`a2^19iO8TJugKME
z!F@0c43|QW2_W@T9ru7n{J}6KRVBIaQMuBDPZg9Z4b%*E28IK0DTL;Zd{mWp=RxLU
zHGTx<V^k#(Vw+IsAT>iR&LtGaGO!yraQU4Q^t)bpQ#KT0#*$n=LuTI;B}oRHgr%Nz
zxGD^p!2F7NHFpZrZo<?jaho9~|H`>sU{|n@aK6!i0<S##>|x(MXw<7L%;n}Wa0|+q
z<BWI*j49#lZtF8}aT~nF!uKJ!F0!f_WUx|h*SjN&xjqju;Jy`+dhL*9qh(w#3n$Mx
zw~a4yD}r;kzJm^CT0vXimFsdOxZmT6mY{xAv+4|>x^?0mYc-Qls`@0AlB_(aE?snU
zN_6T8DMM0fr@A<`e67d5Dz@ObCMpj23{mf;$90kl$CoD5T?O^W_muP!*%QDTefM!1
z)gIG>Y=8EFXHb-+wn1I2<;q}Xbv2DXHlPXx<t0BMe88V7qZVN*SBuw3tE^~h`}}o$
z5ns77cT>$kj)-!EIXfJQQ)@5#*JkS14+vF)$0@MC=LAr9l7>?oY72b6g%H2ieo0X;
zu{a_1PCCMg;PK?xbOCjdnqHzFdmJ!-1jw2oFLxk}a+n@`{>FTMX9nVeVvpO#jV+)q
zan?&5VF&%|;1sN)MlDeKAZ!};d7S(kAU7iLfbY>I@#B;prPxaH1a<1M_V0?qgAiSg
zAy(HYNFB!}i>ss&awr2)RJoqORHp*vG~23()c@$F-U2i0rpq;K3bjcS(~@E*a!Lp;
zEO$<c1$WseF(_n+<)+8qt>4n=4>A6}d<uYFWK4qM%{6VGm(YqX;y5>efAFx;i7HBw
zOy$rh^^P)$>q$ZA?&tqO?^M$e;=gaRz8lY`j+)WaZi!K2R3EhG0Fwf;=Yu>a;V&Hh
zXoAwbiBcr>iM|fsaz*sOQ&l$9<Tx#p!AGoMRUbL^n?af;0_qYkgl6A;*oGRvA%fFF
zi9LDCt`2<LSEX!|A@@w(^(6Wolh$MgXK1V%V@322#~v}|4K>Gt?mo(dJ?UJm{b*Zp
zfX^x&ng5)X%c;TN6Q$Vzpt6{AVj(NHP2GKnEOb6gu{OphwOp&#2yT@_;ArQQ3KizT
z-a^7-lLom_erw>W$-XU0%wA=7*J5^T<d(1bob^(aQ1R#8*B@Ahm4ghiMx2fZPzPoA
zH6?2{^E+NA-<rSk`?UJZxaF++=1|aH{?apavE%nu{`2&M-9Nv@SOf_(BTTGzm7G*?
zDNld>JbCTK(Ul*GRmLu~@?}q7ZRA)nJiT<<Tj$w+^r_!L50pxB>fG<xpmcp10TRsR
zBYW+Wej&O@pV6{s`!#H@0il4nt!$D*9Y?!qTce-zjquryV!j^MK2ah4qf6nwC%(F}
z2|w*<*!fliY4<%%Dsbt<j`E}4QxU&#)C`X+De?;M>Ab%;gv)^b#kDRpLMcw@@g2o~
z?W<?rFJp*ZjASHHI`|UdJS2Up=h50KwWc~+v<^XVRR+qoz|bV=3!4l>Du(fb<wZr5
zlG7&7!Lx$0Z+DlR@~qp&q(K?RLUIfI9FW=9Q=ZNyKKydE4cIpi?-Wf52_UCX6i0b!
zg#ll`st^8TlMDQX8m*45g-$Kfo%yA%o2SdG%ZK265HgwmnFN;*3Ct6Cc!eI%s@!-T
zwxslnYcrl)j^v);(0xlm1sbh;fBqz?p5&8S_^}Q=t}`~Y4_f*h_)L*7zy|#Sgp=@O
zvBp>Vb+u|<=N09faW1@Y@i8uIl+Dh0*aw}SL_w+Ww38QRf@v}~1oBk}rp(lg?cdIz
z<U%kV{>#21bCTrzpsPkK+<u--p4FCZ582XNL}z&s=Drqw;Fxk-^K(3>vUhiU7X8ib
z+w4>JeX7R`N(?pFL+$kOZyeY2l2lju6oQ_i^OBy7B%Yn%Xnp*ZR&W~TwIr(UERvb*
zi7+*<eGpzm5YeF-ErBL}U__40PI@~Ny(h!gPCafoP|((LeNBQes-VknasPNLotuf9
zZuR-N>&u$$L5ck5TEUzaa3|4qLYt!jCw-O;0a?*veU|d7oCYlOLLJHCgod6j6n;_X
zSqqvVGC&S?i;ZJ5vGrAIk)0NH!0)x2uDi5#Z}~28_-E;O^F60Fm(BBq?FnSE>0iz0
zJ%wnXX*;LCL{h2XMcu0ErV&_rq-V^{p%;5os)O^<%Z@;Edi(eV+?u@e!^<t@Y=!Bs
ztjO)}35acy%B;gghJIIro*KU7&tsoRbnY_k>!CG!&w8KW^0^FXM|>md=Fy(>;4WE0
zo=L7fEtDtZVt+^fvL}+Af>gifdgIfJ6JZ|M<$Z$md-fci>%Hd`HspKXEA^Z!-3bQe
zw|voS8Q%NUj|+;iUXCQwPUjR5$99^Y64yYcQt-i6byp8|Z1yz^!!ik<x_<!Pyk{O4
z9kMaXiXC{oj%B8fwUTL0*hYPOGo`MZ0}_+ou)fc+Sx9k9ob9ghuO1_#t%vh;9=D#C
zB5Vn0`hQMLQv6ix<a*Z4U=3M$*%497+hGXWE+xg$#q!UBGs`g=m`Sdyx`it>-X`NS
z4gNOf87=%x53=T6X&`wbwDIQ^;69vE!y@mLQN41yussj|v2LbCvC=;jv!9|LcIJ_V
zb3THX{nA=lUh0iV&SNQ|Q;UqqsMvOeg=ntuWH7lrHra~NW3HMZ%jjhRi^2|XhaC~Z
ziYAZ*UA_~o2mM{+m@FF#W>gN*@ao%|x<L+byYMR}t_$st{JFT&+XmlsEo2_0cneNC
z^9~)$s}(vV_Dgm~+=fdg3N5}TC8!n#kxgdWr?-A6m$!hdN61Os;9XIN|8m)818%%^
zMn>OVay1e;+P?pSAmT9!WQx-_#G)Q3LeM*-I&+%J?je~4X)o-0NUwH-A}qA$75T`8
zaV3aixF$NKG}sX#!V{{dZ3V;4T`3)^o<IA>Z6)@9_Dt$6NCy^{r}eL-aa-m?xZENs
z0&4E&3LiD2=;LC#r$ar6y#xA~B;LAt$XaS0RAs~kq9pG0cJ<)fAG&C@dw<-{_@e*H
z5NYhe)=4EgKZ|9|CG*jmm(Rw<)oJoVuNdbUbhA#ESl8l9e?1sP^r4n)+iY1{m`GY%
zuJDo>;lrB9Rr%=7pP1Qj2j#vc!gTQk9sZOWS>fM(YT92lXH_26$cEQ#-(|Qf?iv&t
zHEbi#y`E4Q3-#PV1~U`7_EG+HINfoPVHRry-|ki~9OP%ZC&%z{8T#n;qxRaQmwNPP
zPkQ_gv4c=<6`$65N3+mOFQkm1+i~e?rlr`|nGF&TCO>@3rwP?zd1Y`R$3>v^=Ak2G
z;f^5froA4LnjZDxct0L3Za1{SMf=*cWz~TL?9ujnw!>vi+e{u#_Oq`sh4l^P!~4T=
z2Nim5KV~lM6ROH;de!B=61ol$^(ojM`p>k!COtlILQ8z0_y6MA5$Y)WTi^yORTtMN
zz!uK}0v30qGvt;(g{HV}3Ybg0t4U8jlDiW1)<dT|-91Fwb(oy$pIRwLMECxD`Kdua
zwAkH))?w&P7hNP%^qd5$Z7rw$?2D@QLG;3z;-6unzB@~?GCc2_YTSKOc}Cj2>dgz5
z;E5x)C2>9P370($c$f_3hqc!4gzO&%(kG4*^T{Zw)K;0_n4%b~S5ivSAu>wQ2K_@i
z6GT>(A~kz(7GW0&f2mDyQw$*^MW>ViFtKotrB%$3-hnFhU4duiaGn0ZVwUi8rKXq$
zFa!VvY&_K%-f&=LRO!<o0ywXoMb5F4hJA`|2Ad@8DfQ{WmF)Kocb$<cN{y*e)#Y<D
z52<ZlzXdI#v{v<0fIPYnn3zi}WHs3`1k0`1{H-5ZqNfOdoV&<0!g{6*u1LOWRP}N-
zeJq^%QlPNtI$82WWzuEVW3rwCSD>aX1)}RPq|Dp(K!HupjzHD&%iUig`ZSfL#JE4m
zUh21r-t<3Kjw*V^3H?D=G@>jT4;3`cYP(6gtyDq+S68R{gPu9w3@`F*J$6GW+$Ad>
zFvwQ4`;ntUmbobRv3ihT<6-a>M_>*DeN=Kx9ejfJrEYmN>CI%4AfmD=D<xVokQ42-
zzLlWozmOx4#G4oKA?4cx0Ku>*{kA#U>Yz9A8hGfvzOwE2q%+##B~10S2>dVrUC@&}
zST8BkLww$<pdqwpP>mo6wK5dtOdrnJX4S+OT%scyAD$ws@XQ27(jc4`7!K9-d>x8y
zOocl4s6?FB&?1h=D-AfEybAJ)jk^x`vs0;%&&WKbQ>~D1$~*<F!uQ9AHGf8FBCqO$
zx&Oo)RYIdnLeU&*Pb;E`EqbPi8G>EPfs<OfLNKp_nD%5u|G5=>pEnxzI0C-^ViC}M
zg1oW|;?DO*UJa>XZZEovC^O1H)zBX$q>y@w75Kg;uy;Ba{=0YNihomnNGhGkkE~1i
z^jckvoAnn_ud!gzezcEo4J;dpWBHR~og*2(E-ClS+9J<uYyb1F)XdsY15O=^euD8z
zK{sCms7MIgjxOWbBW3C8JLLTZqVDDC1X&-3W`*~(%=SbAu(cysgSP7ixhZY3qdu#;
zX{nlhN#bXFjmAUI`!=S1dQ{^Qc|%h1VP=D9krotfl74HOsP&c_lYP8epvJdB2;0{g
zFuA7gXNh9L_u#w7S-F}ktSLkelNIKLZEK=_g`M7np|_)XLhV47lF<2|f~K>9jM>WB
z^?rvU)OpG(cNhGk+8wmsH}U%wR_;Ymwb#M~X_X_WY;{r8nh(FrQ@0mTKJ3X55Q>M~
zCe}^Lq==-8C5Wk${ty`m*Jw#88_p1ubG7Aw2tagTDVDujEM7{_ZIY~o2$lKliB)U7
zGQ4rHMX(d32-OB!&T^ey_&B203%rOU;n2sdcG5W>aAGoCG_~6ihZa{)^5+k)^520>
zPQLk2Dw%D(;Vg6M+c?aC;uWb;V(XMPJ!5~&y4h#`8YT?o8feY;qWNXaj_<W9s|k~3
zMXdLuXx*6gX3!E%&=@S=aTy{cYC$SmzD<8-{!^KVaxSh4%dP^NLz*bSdnKH})r(r~
z-HcfQPTuz`1YF=7<A9_z(PeqOG=6)HG!e4kX?=hnHB{LW`^vDiyq*QYTorTCOKOqK
zDjWerP+Hp)<4Hpg8_JZ~H`T@4`d-RX2ERQV<Y?2fo|tNu@GQ`bk7NCVeZf|tc<soa
zVygmf7o-qw$YG^SVy$%&a%NW&PvnRx4)bW^do8!Qeb3}DUSm@bxM!$un9|8D|FFo+
z%%`7kYO97&6lMcHq;WT%wTt|N+k?SCP{?3JJ-23Ix*F}c+e6}bZ|Yt|s9h3kkQF3k
zmr*GK$@X{)*DjbX5i-e|A||)4?6X+h<49JJq1LkYsfu1%zsU`uH#0!gr1nCC>FDA4
z_1yDcM(Zskd1XJx|6Cpj%#l^Pdu<(?{a!z{(lAn^$(D;ik+gD%-JCuDEg`qK26-9n
zky-e~M9*gCM9x{|G7I|@iT&q?{BQZ+ogHJo$|V*Je3ALb=x>&Xx9o?AO1VEZOX3Jx
z33gTEI(?H9UNYLuH*I0cI_Y*IX|J`9kDS1p=w&(6c`GlNb<e7=B}FF}$^jM#H2nHg
zCH)SW#vkP$Juj2V+8j=Vh9aWBNPORA=hhRd)mIwdFAk)H5Ub@S=njU6Y)|sxkz4!O
zT>ZKHW0Qx)PV_@LlTns(Z#Yi<t}U@H-;oS=idV`0ipW};neB#ZhcL|dCzp6tJe?r(
zn3L(CAV~^%B4y2rNuFH85U0zIJ?=OJd>j^5#3!qpD@=ERO&iGu8#p0k_TVEw?$x+u
zS1E?O=^7u!u;P;x6#E5a#UlKX3>L+%C9~(%F=P1!RNBeR-t@y(N|Hy#(Sdl1DSzV0
zF)6*h*22Wc+pd3%;h%_PG#g>)npapm*rI3vz^{JEh1;7ov0dg)Z1K|u<u)afed>y|
zD?K*IM(K75NHJ}?W9w5+3B1?i5#c}dcv5#^1-(bx(QgnxMdMK+Nhoqg)Te1_(^zzQ
zdur@T@%2E~GC5*BUPl&<T#ZEKvA{w2CC7|x8htc^lm;WqLo0e&bEav6ZT1rC(AoRB
z^XEyn%Y3>Hgd}sG^a^+O94xoOXlH`G#Qm%|<4!~L=pRoy3+a#B6Mh?F(*3B%@{%ID
zI`qE5_k%x>9K4Q4-m|}@pvVMfZT#0yLnUm0Ml`pgTO8<6hO>0O_!Kc*;$P(-$H!$J
z|J(}SI?(m{**0PIwEvfx<j&7qOCRwS+3c=hWo}ZcC2Kna{(tO8My*Fks;i><b36!P
z;o4)AGaKIf-c<!rG>HfOD<$|@x0(x#>2ec-u}kP*1j0*q@Jw(#syKg&g-1N4I-$12
z6%Js=<pmn#62|$Wbck=0*PJ%@gW=$km`-8rEv4{ttka>d^*Sst=Udo2m}kj%9N^N|
zSY4k6M%LS-+!ubP73N6W*AthL@1p(a?dd^+TuZ{Zf~Vp^O_GHK6?j6ZyQbGVpzE9T
zTOS!)T5D?+^G#lBWzlK957xDcErFrgxxZ2*qJt~&suf(vaNNy%z8@8NUT!XgkYE44
zuv6S5wnM*uM)xyHB71$v?K&g)r0u42R*02vu!m0Qd6y$%=E063T0}^iSAs*h9!xHw
zzmx1~C{H9`D_(SEmgPn96fT``P;j5F_AU`)e#pwrRARp>v?ityrwzY4H~yFpZ5Kpn
z8G9U&Ufp?ja=WPIWxKUcX7<2)nPCUD*EeZ}+*Vu19Um%9vmCB)hZVhQ$<9h=YK$Q^
z(~aB~=R5N*EgZD-e~6w8DF?{f+z+Z<OT;nVrXG6!)U}i{;!u_eX|;`;rUK%YSNH$0
zr!Tghh`5kqTL%r@b>o1%c6L6^YyZROX5`HOvuBQ@(p0dvwv!i^J_la>^+&|lCW5<(
z7Z=b&R@$wikRe=)^9Z8LVK2pvm^CGv$c;%lp}Rrooi>HBDj(7q?hgFuSX%k|3-y-y
zFDi;*+kGR8TiFG*EuTxxayO2M47y)%g{2FAS6yA4m)9%sjHlYJ&?>xrrLA<H*gdeG
zo;T7bkB{r&Q@lH0`&1v##T>hyL%LH}=~+@lo@|hROyVoyGoMb);NrA!bHM<Vd3+e_
zuO0R>oL1reMo-H;Vd2o8LuDNKS!G=Uhq?&Qajl`5+*(?2QeP9ApQl+p1yNQ>bM*<X
zJBakA>HP^=HHnTiodR1olMU#rfof)EuemnI90S)I>E8<ZxvRarxa;R#;d7*{2_xRf
zk?XYcO;oPq-rK}?BrWcBSl-80lzO74mmb_j@e2`HdxM&^;m@Q7NKM_h)?0=do#qg0
zGgX(*{bOvA%spB^2W#^GK0!HIyU2d<xVdg<q)Y+T`Jii=>G4YZeo~$?>KQ(o5b@)h
zRi|r^CtO827>})gxiW4^QCSo8*U*S*wCSj&=5|}<E}R_WZw4)zrFE98TN?@r?XwEK
zp`jH6A?R^neQ@g;78a3YtRl{Ecu{9L93z0m_rQ8)1Gh(lI=qmQicI%oWT#L<9DWFo
zfuZ#bP59*F;|N;iHWsqpp!-(Gd$<+vB&++0NUdHj2<-k)Ygy?cI@Qaa+oU+qc!P5q
z+_tucJE>9AnCT6&y5r{T&w*9dMWp}G-|7X;;YSvgJAwqHed|94T5tr_+yR3k?GZG^
zvx`6hu%mzAbN)$U_QY(geJC(QFmCn%j#1APA%*`G@Z9Bf9O3*Zb&;)m3%9}@S5Pf_
znkjaUZIiBzrBQqL$7RpL6OH-ZYMclfn0&QtHXuFIlsC7D8v?Y`EF~uwHhU9b^#aj+
z5%HzJ@d9EsNMw8OB*IYghxfcG=wdkJ0ne&c(b8pfqm733Gu=x<t2^%^$Ix*mfF1EX
zpdE6c9e>Ozo2+|LFSNe?k;NSU>*qL=(}<b&NE#S7k6$flJBh{WWuzjFN4xblFKxkI
z8?&Hf-~*m4>Yeiep}+@^^T!TOA|h#u&)5IeJpKl(i2p=nOZjz>{+<eJ)=H`8C{oeu
zzvEkW_IEfdI*Tw{`t>7ApK;~U^NnsI5p%=G=_vOyg%`Kf6F;GuU+KG2>f4GYYkYOK
ziXWBaX)IDL3Fr~N%MWcVlI9mjgOTRe0|xQGdfv<s_8OWxPD&)aslnU`=`+L-r!Ul+
zowRyybP9PSbF*sn6{i;JM!jk=<qo#OO@8Ug$M=rXc7$f6Zvkv0E=jMz$O`f_-kwPp
zx$Jxe-1wf}ISwWz8&F{^EBM`)gQbX2ynmJxOc4@DO-fNXeD4n<<u-Q^5TKeN1jDTP
zDNRB3j>74Q<+H#CnykR;>>@r|Cq&-yQPmxjtI>=6$6+3G@HbbwZA8PkCC8&#Al=u~
z&Cb8<5~SGD2?7lQ#W(HrvQ9(v6~86i<+QW1$)_`XFCj%6P1A#Lh)I};`pxeYA6JI+
ziIOlg6nZFHX!bh-&Lf{Ue&06*sW6R)M?|7J)y!srGLLJOqwZCYQ&Tg&GKwDB8WGWl
z*bO;G>PNq}7SH5-Zj(#vMme&>&ZCt<&hbXiuW3LjzF<7pGeeRnq#h<sTN3}KSl1z;
zSJhBz#P)HvUW3M4yhbh1n+&?>nHrkVHx6$D#rQVMGu~}{ufZuYkKs-wE8)TX9)4>>
zr`qVYVnuR|F3sRpR+W)Hjq<7)$;<i@@c46U8-0ei;jr<^W79r3f0~jIKvz)Dh&b@R
z7RtZW8$R!K&6ch}`hao_prkz__XWLgjhmmKqQusUsjhmXKGV<mlNtC`6~WMG@@Oe*
z{-c&ekI<_=6frGs$ubf3^jmn%XQgb$PGwuRb^cK9XHAXoU;Bwz1(WP-G(LmSR<im_
z^O-aUT663CVECpe(M0bs`Ktk>^zfO`<0P5eI$~LV$zF*?=35&Z*q7!I+hv_<Bwclt
z%aQQJ5STjiit<ma{(vaKnFg_Ydx-4jI|lP~I<=eN;xdjl!Q^2oZO{0r5)Meaa6FC5
z>D1cFykjM<Gf#e&et52~8)Z32zfWFoqeQ161V`HI=itkL<XeQAXDi(q>V*BZ148pl
z*W^Xu7es9C5>+;*l&^k~_LqEQK`Lg}a>zP7KR`u-CCv}!*)#(;+2!YCb(U>7u-ZTK
zqFxQQ_R<Yn9$1^McnwA_x(`fr4SwG((2FT5llTUyE(~!O@z^r2th-#H5hPDK97UM@
zajCO;FZCb+IdF-_4mc*Eul-o2obo$V$>S}YP~#9sncIOZjj<*CHZF;X9W!Fe)FD!Z
zbXH$IC?*+#n}d8A_4cq&OuU=*7A{Rjj<}V)@YjlbUA{La=>4))q{8<K+;1Z%8&oIl
zo4-XHo{rSRIyW-&lR9cMX&qQNn6kk3ZBWZ%c+;WS7wi_Ml(h`CTc7KfoB3Q54`@!N
zqSMU%9@*YAh(}1V(CR4al~KLJp5I<Io%JnRf&wYHCN3b-e4=;glfF<V>5&fqcsPqM
zi-;Z(=B{fU3X;52b)19<>TUVX)S8#XyCG2}Z4f=B#;qP$NaJ+Rn}0pfM(^I<EXWsf
zuTNHb6Pn^xNMY;s@ZO8D9TV|aoaEiFX8qEO(mh|gI{GzbEcg$a4<uB<_e)#82W#Hg
zmm*bc1jY^O-qCXBQ73Hz69(LCmq?r%_5|mHsW{k#_{~9(2ARn^!7nN3#>iuOzf|a(
z^8*7xq~h@o^v)Zlh(r<>acuMV7Iy}SNF5b;quE%CVLeovs$O*c(=jBrEYz;Y<N0Jz
z8FH01ih9r)e&^Q?%k)6uk;{c$yx~bV-t}5Pq;zpH*Jqpbg1e8_j!Ji*5Dx#?WsM{s
z0Fj6XxLdq;d}R7zROe<=lAW*cCg&6Dn+LlST=>QNh}!Of2W7aje6-TVGW%rVy^}HI
z&v2!eY}0+aMM`Vfzta6~^0SPnnsZ^_Fm~sC<|@9~VzijB`s!ED|3}<g$JF_3|H8$J
z7AWq;H|}o5p|}()?i6<^?rz21iaW)fjk~+MyBE7pzvrCf_vXI2f86BeBqX!unYBLi
zY}m}KnPqbohAtd_RVt-f`;l|l1oh^cmzuvB7i?zh?N7$M-jz44r;c)2&K~{Ua>g|4
z#N*1BRG;T8!R(f^^+ydRfC4B3pH2zdY*Z<Ans6fBYE*ebs#peOtY_=D8caH>qoV(X
zU`|+TN(La5&ut7^vY&mR5fjZ4h=&UXO`B~E)^di+Pf=|()E2Vz@}-o|ZVY}6Q!U0k
zA7t}$WkEsE&|p+I?VfHswa*;JCg4j!*>%)5!2uYx#~dF0{6W{>>#nuhHvnKK-tk?K
zs(gW>W34H{>#xq4U!7koJ7<>N7<6qfj07TG{sO4rz`b$vCE=<8`1PcW8=M^SCKj}o
zO!#8UYiG0~D~k1CqNDfMLQNsVXvp{@vOkBfoG%dps@zKAk)MjkJ#k&n+A5QG2p+kk
z>lt+==!!G(gGv5@v%LlXUzGZ|(_$G#PhKS43M$V=;{DICVtz+i(Sc0vk`OsT-=RrH
z+Ha4*N37N)Bd<A)RevJf;ePjDS4*gS_K^iF;){V#PH`uV(UA4;<lD4>hwP2qnQM0X
zx40HYl*{1pbnfk=&p88Q&S_;HK{WagK8U~jX_Docy70g!)%bFVG@F~<Cka`uPj~2_
z00{XYrYC=41iilh%w_@i+nb7^Okf)ge8P+w);nv813ocqv3)P~s#k?Q==?s~fRTog
zjL+P+*t5ElSD6x}qF*+vlK^eYxE>8&Ig@;$rmKhIfQa0VdXw_JaosWrM@)5$hyyY~
z4=uMpQZP>e-|J1O8-9xB{PNllgb?IA&#!kc$?|S-JDLk&;-lqj0PS~NpUY-+0y3|C
zdFY>a!ifz`8$Hl*Do#8=ogqQ2sPtzwzh8*1iI;z*CVoL(Nm3S((yWhSyj<+h?t2Ql
z%#Rg{5Tyijy#G{|t=q*!9+G4qsQaifB6)Kc`}Q3DHWqylc~B>8`ySih<?gze%t;Y5
z^wDu;9mjK)vKT6|M#XsK(ic^4wCmnqRcj)3`1P?z1+5SlhH+ycrd<KF9$(^A1T~#&
zJQC>>&OhLSEQLsu7J05&oK2U#_RM#!z;Z^uv{6dnE*~`}(a~!}x4y8{i&2X`G>%wc
z!#A62t+(4DbW{)B1kc9u){_Hnj9wdb|Da~I!sSur*R3j+x9sd4&4OKcS&~uH=QHYi
z7@ZYtMq6+9>P|89<Tv&XA>)%<&VdNQJL^iT)_gmUl>4eO=WjvZY+DQLXg)tFWW=XT
zQ$a~=Sqc>_DATtu+!NhWmCiUhH&c#NB`7x;vN6@@=GM{>4xktdA3B!Gou=o({mB*S
zvF-6Vn54vmebtZiF-G5Gs-e7JQAynXM!G4iqr~?jtf<|Z@t*P|D5McZ>z-cUP*@|G
zlHKrCJR`kG*8)P>rXedJpD-di5x8e4t~@$$#8165$$x6rslqo6qhhEX?YDX|#Hf-)
z6nzr&hz){~COrL)Qm>sO@o7!6@%LLObA6<T6|n2Br8L-3G1}3$S4GAuVeP&1?BZ+L
zr=L913g-zgO)#*A-Ok$ul$j&ir=UB|`7Ly5UM8(%O1s`;j5nMdjLdK}GX&NTJ@Q~_
zSDhY2QIOwlz9H7-j$6JV$9wO1MA48O7QR{Tk+j4iVL(N})-`Zeuw@=~jj_od!X!sA
zj<JE+PlqDthbJPJp;3jEI8ht2e353Jr+Tp_DhmJ=)Ra3q5eGGesf7YnyRc0OIfg`~
z`qC51kjKQ!nZeBpq9dVSta5x>xTEs7VRW;v`IE0PRTp+zzV9~bi6O;&xZYPrlV^+{
zOtHTFs3CRsc<o1R0I{r*pGc)+Y%V(D%h<p3Z6{z74gT|b$&Kuk7_nfRKKu-2J2Cx~
z>0_PQcj;tqJ?ehN<XhIQ1f9d2S|JuKf${)+S6>$Ohdj9`bb{Yf9eOPCU4a7xLM*Lo
zGhv+2Kh00_Z1du;;QgivcP(PS+%pZ*1Up8!D#=`t=&Es3oFP)0xIIW5{Zb-q*@ekE
z#t$TS$?SM4;Ef~_Z~hARIX>cxEM|(pVxxbouk}k$_;ewD;M`F}Y1P9<)$rirdH@Of
zo+Vu0R9qPr?MLRqKHpIBNnK^iYjDC7{xPX>JiZ^Hmx$@r<pcNk`+%hG&#=ZDo`D_x
zX)J*S1WF~-%xGs<$dgJt!pIt#Xx13yMu;nACiQxuA>5zzDV)>NUl3{F!RP2exORl_
zA(+*xVBDlZpqwDC{N=~Cpz(_9OUtw%+V06nntds4&g2UUV>0wt+5~iAJ`RS0Ic(~5
zrY8p3uyHBOX<%^@L@&ch9=`d`r>O?hv;i}X2lphKY(Gy`S4D#0P)whC$<jc871<Kj
zh{X`2LSa}<V5AK>mIkQYATdaAJ3I=!1K$jRYCofv&2&=Ig~PVAV1&}8IW|(@e#WBA
zcaKdmk8#Gp*!7kB1zK<9p^al4nw@r7Ct_vG#34WvpdK3E6M<xrCksNIaLc+@{dqN5
zChaPLXkwSkM*s10$EGBKJjp49@HSLs7&~mi9R8YfWGU_&oGy85o)|U#EbswzQ)X$}
zsGY6)tbc|6c3qyNW6rO#in%x{3;@@ME{R={19~qp+V^UZsx)+~+c~&Br?sc<p@&C&
z>0A9QOMy*t9jGowg?f|z1$3NR`&F7;#?#5e-(A`KGEiPxMp#n+blG*!?3#oPXApne
z7fJ^MHX3gMMWQix`B(PpwO<QI<X5)AUquw8L?(1`b4|1Op)Nrl233w+RNtuTjT|pI
z#l!x%+|-3C+@$Cu6J30w<a6t;4ePCaw5Ctdf@f64DhxuJUNVP)+{>%=8BF(OM$=Fl
z9!E^X6k5sEU-1qE;vdRkRTb1QT>7<*7%pY4qKWlg3bAmfyhy$-{jRp|K%{NvKs_7A
zDADj!X9+_f`I7!1{E-A>y<0zfitvy1DRMjK!KA|7q7b8crXIw4#bLn>BC=fG`zA0l
zwpd^Kfnwo9_Zg@BkFrP59JO_PU|9@cKT8rRhoMVGP0YApEBq+NCMjJm+DS^eJLGUG
ztJ=c4cGdGIO@Jhzi*sj#%zu|VISqIE?5W#Wso#L+4iSr8S95kTGYPo$LhuPxU1Q@>
z3E=%94;Vn@FgK%=dAIv2?!e(tb6co;xbliBx1rQ&@Jgf`#^EA1EIc(x^>=aAS)U0^
zG~Eb)^@>1A8q3iN6}Ab)QTGdHlTV?HbB6bs#rI(&FDj>y%6GN6FMycBP7wI6`A^WP
zdcV!JEin0=p!2;odiq94EP%|6{}QGXN2$MZr_ny1SIJKhyDe2SUW7*KCkX$s0K5&+
z&FGDm$oc#e%m03%f;}NmW#?{nZI=L9pp!pfka~ge1dY;rifELc_{_4>F4zamg~RxT
zUf_aReDxHub)!l?yH1agdmHx-zBV7&9;)Q^Ug+x{zy%pw;Lzso(T09Jv7`u|o(k#s
zG|mqRki#^C0U;U_KWRVt(Qsd*L`b8jUG${ur!ezPs(%80acYwnj8WUgD&jvAXBm+~
z=MDk_mCDK~sOqGuXBF4esKv6jX3VRIgif5mvWXtf-k;yN*g3WZ<lo-k6;B(oX5thG
z+hsR8513sydKm1XAUqhs)UM^OP#ZhoK=2ezNEgTVT?(BDyLXYEa0UYf1rtQ*r5aN!
z<DovMSti(q22dCY8@)4nBR$5tJ&iy)rxB~BHJ+e9zZ(#ockCONaHn`*g0Zkz;owcV
zeY8SOAmMqkL9Rvp5s@RF)a{sK)a**9i+1f~NeSV+!q{W_U5;&DMI)WF-VBgI%wl;c
zyF9iymxA=nmF4a6y+uA)BeEjwrRSDI?2CbcKAFu%stE)o%Mb)75^{fn;rc#m=!|4z
zO+}u4;bq_%a6Aq_6Z1<^aaEuwB0Ns9#q?epZ6U2T#%R#=^WMzi@)qt(x@WBQ;`Rn3
zBEP~!Q1U;+<DPHmnpyFBgF&iqeu|Ep38*JBifszIX>iS`4X42PdRNDV!ZR4(uA|jE
z=XSWV1wLs*x09LY8J>~r0eh<vow3YpidGECwR{*+O!m(O5rPce81H-E&=X@+WcddJ
zSncgj#p+*!s=yK7ggOv2IfR+2?k7S39cx(GTrHi6WxMP*bqV%!%EXYyl#X~B_CI3m
zopBPlmTIVY!RL0_DTdWizwwrwK0b}T^?!h4#zd0jbsd2kTZ$UrhNTYWLC|)6qvcxy
zLt_zrbhdj4yXlG!x4jY!5;R`kK%WQh6}bZ1_aE<wj21y0ay&+h8p6!p-G72<a|m&&
z&pq&B2(7g9i;Q`V;H5FNtHrgz@!9of3v2bV4^j1Jjcr!=m#w+wyx|R2=oOQ58KcYf
zx(h*K)RxPXT6yKPb*Oui4`KBcwO<!$H_eWvY{IP4?CPCNBkL;^dctHHMKxWpY?diK
z#57%207zE}O*OYrzy~k7xT6i=taZxAGAI_OJ7v;T`&L4M7FA#IkCO7K{%nOr@Ym=r
zq%cdSsgGn@H%tIv;Y4LdP~qFgg%n*%ALiuW!h{s9(vT38>~n!bb)#Y+-ocml84%jE
zMO{xR3#*`o4#5#)=kQc6kn|Z4v4bGNJ+7~oS!~h<1b{KNg{98`I?-SB)qkT8nM6gn
z2E6-d6huZ$z74>a9g_?0WGncDpm7oJzy!aGEj-uympC7$)6yU!G6d-dG%g|t5=O4S
zvq6g5G7th2jiVChYGsqsZK4wUrE`v>K~w@0QuR9s4uAxJmp9kPU#DtKr&#Icconf*
zzQc{Kid>&_1c=JNg#Gf}x_V%+f@rG|LH%VN7MK?vV5t0O{ju^ml`Zdu6$lKjmrdXu
zjG-!30<#8m^I`1I54wu(8arXX{<K5fWU@Mp!YNkBTIiE>>5-I`ZVa@=DGwa;3z7Ir
zng4eULPgGNqo%RyBO&Oc%H?E~+mD4S@Hj3q2@BxoH|#(p^zltTjWlG$@Vu?4VS<J{
zcyIKT*7#$RF&*+mFRYr2VG7%z@YsUMN#ya-SuT}bXh?984%ZFZdq^e3#1Z*cZmn<B
zb7Q;R=<#}xI_p2F(Y1d`>emH<<iRhhg*37SgayK2f_}5O?`k>|z_DJ8pst}-^}QDZ
zUM^$nBR<OSl|f!F(D{Sh+9j`RH*3^C4f_Ay`_X^C@j;%;?SC}Uu7Dgek-vP|+9hG@
zCOpvlAC1I6J>7?!sC8flSQ}UH|6kL?3m~2lo~wNzQp_uQyC#|>E5W$*?z^98aYsdz
zitVk^?GA^bC{kxa2=&D#=n?KHK!;-F3JLV02fb%mD^x$2cQ)9-4_8+RtN*Q~Lq{bP
z=+j1_EK0|R0gUSi(cKKgBAN2}tGn_ng!)DRm>d`6@7t?G19iUHBIAiUM(dc{BGdFX
zSG(<Jf9&CYP)KKG+9pc(Z*$y78sR!}Xp;e2SD1Z0#$|3GFyts-oMe<8NO<P|4H35~
zAkXWcy$W_e`>w!NuWyk1VTO$hHUW$!(Z|XK>z*=(n|uj3)`h${g>0(VN6!Ttne+?m
z(*sW4Ub-(M7Z+?DmZh-?pPz$*Ch#ALJSKE(1Ni!LJXOpSAu9o{13W)6Hi-k3EI*W%
z6j6q$W1#eEgyA;maXZ5~aXV&4SnQm9du~p;z@+Qfu{NdlGQ@vb)(C?i=Cs5t`pY@r
zI3@YlHri!Bvlf5Lu<aPLRs8*;6DQD(aubb@39u??u~c+HUC*on#90@VVJkVXSN_$=
zGP`kMQ6lDq=RyN4E;`Nr0fEYED+VG~_K~b88qeKZ(pv;Je`K9KA@6i+zeV<X+F;=M
zM4WH5pWiy4{Rtqs8fiMO)(CD9*v4DAZ&TT?c<bA0|4emKcAqiW%mPirecz_&$UMzy
z9M*W=($hC!pJ)qz_Qc=@GPaX?KsbBSvDvQ}cLnfuk{sr}4ei$Pjju<-Tw(9|S-LkX
z<Z&9;o6gIRdpx}r20SaFo##6?fT=f(KCj&3>UMdqUmET^%5pWH^CtHOx4go@0<-ma
zMmrqZ&YOAw9eZE87hC|#ehu(=Sn+$(;m%yW&3dq1zo(QtiF$tC&kjjkvxdKmfNmUt
zmnHP1ROG7b{6gYAjJUT0rMIJyHJI{Y!3>%*!d055kdohac*YDIe_xG2EJUOPxvnW5
z09{x-5I)EEMUt7>`4C@uI2u&tq7Z6cazPp9T*DU+$E4JK+pLgz86S~;)WsV1aQuU@
z%YWY8iKqp*CUVujLalkD-zMU7CA602=W_;Z85cjY#tf4HyE$K873??>Nwjt!nd=3Q
zi5D9{@dMN^Jw85X+@y`J;}?6P78^PuzWl0whHW%HS1zMqfB?X>e})2<+`{_}YSZfe
zGxSeHtqct(C9stad!H{CjQRXv<%31%9s=AiHuzT#0kHXvu5Mgg*Ao_oE`MxI@!yww
zMZ#mP^TCaYTpgO9&}2j5H(BB>$<?U`HwK#a1gcF+SrK-ByLV;WdLWO^;MtC~MgWm3
z@ivXIslk;Z&BJLb#5-d?n?#=?h7wP_Jr9uHt!|=!Yl(kT?Dy)rf%#qb3psuJ0wzo3
zcH9LlIWT$e539l03R^<@t2D#wQLXWFkp6JT)$e4ctBy;n7~C4+IS1-X&}XLS%1y(D
zr#kF=3!B&ZO>gbj`Q;ZLkMf|(*^4^7cGd2A^FQBYbxRK|*geY&Drc|izO}0k&znDf
zqt`7xwW#wfudkfFt6OSUZK#|*wQzd+whEA?vw4P@9rdM;y1{QwkGk6B8-CH(^Ha~2
z-EYm$mF=pt^Cf@2spys-S*UoH^EGgepN=}XU$3nFKOyf|*7zG-#!pur-2WeuPbnXo
zuDv#4QtFuV6!!@zv9;bpQpBP5(kazWQ!V0<aUozB<VKStp!+VMLClkAA0569-l|{6
z3syPU$Cm0r`Z7M3J#wzE6k#-Si~n9fdl7as653u?zHLiUx}}ygv{&JCPhl=(Zz5_-
zt-w1;@7pmya2ZUVN@eO{$hWefMP({vhmdhWcLrGNq9R9<Ve#b3Z0)r<Z<6PXY?Hfg
z59;va6qt7p7rN$u4ec(7Zw6f67Od1GXH(os?hPh+2!|<qtQ)3BWkFNV1d^Dr{gN);
zy@#8W^2#<@qVT`TVQUR#(hoCtV><7`59Fio=;x*KH15MVxYCm|fuJE+&_W3;-PKRn
z&sW5l&FyespzecNUf{-M(oJc;<htSX$}GEe-AW<i%OTyv!A`d2oDZcl*sKcR?(21R
zw3P`@3`sWBsu*IR+ph3ixrp?AI#>$f;lkKy=Fw#zo@W-2A4G*65n{krcR9u(D*N*L
zl6l11s&63Q2+abxPZ)q{?`rZHL=8Z$*amHmF*B@0cq?^NF&b_<Wp|D|8wUKCtb<e;
zQ||l~n3jm%j-^&R?YVWmWw)Iw!N(Q$Z1%KgWA6*cJj>`|W51-LQ<}x2lgx1ol~nQl
zYoPsR<P5xx)UCU=CfcEO0D2MviuKZqPYcW8ni)6djY3iPKshpB;Hf+gVR>V!osPVY
zfpy6!D9GKkz}<j^Vw?1*nV$_ItZ_P`sE=*b;2e~tKve825sAq|?`{bCvaq-=hC@}N
zIG1tV$H^RwZ|L5KAJn&jP%^_6HCLv73jGWQokslmNqwFN5}YR=29qQ--0fI}XUbI`
zUPge0sxjMRd(^AcpG7deO^@iAKK=dlwhr6Uja+mcVM77OTJp|)&IMl|K_d(dIf2kf
zOcGk-?PcPtL}G!7M`tb~EILgk8w7*YmAlI5w^r)n%8KES>pQnK37%Jh@k*rIy)}YI
zY>!i93TfY7+`9I`eP6r~?FK$*Jxjm`A5nbaLx=gaG^=<gCX!lZMl6CBuM|Vbf+u$n
zU<dILN&bT37P$AD`lT?O6A%zr84)Z7Nx2GYPiW#c7+Y!<4G<m5={$00F=lVacDJ4@
zru?!PKz)TgoAzbe#LnH-4IyUh%+f6t!=$hSc0o*YY3eKPWAE<^#Pu5p$!Kb{A6qlx
zZ-4=sWmk<_LKpB)GLY9ll3n8RGwb?tjum$MtTQz3do|J$75aEnEE&7I_iIAw$<Iyb
z+fNaXN&bB*8Jb`Ck*=3!bYBoh*wKg1g{r+`3L}KEEfFZTyLk3~uQ(Fiv8&7Quj9r{
z+#-q`4`22yifCKLh*oDN7P172pKwN!tl0)|oO!?Y>mGbvbo8Fi>X;}5AKWuK7BAQg
zzc^=gB$TFqPW;azXmf92$4-;~?<LW*yrfd)wyxygYazRC>7K=`M|o<c%5~jQyXxwE
z$<sF{-O@7)_Wzr;ICDDO^mfaw&DDf4bGdZ??x?BlhjrzDopiId$y`p`zuRkS`|px1
z`*&weZSL0RnalrO($m%YQ|5B;{@rHNf0-=YzdLO5{9&Dyx%^)y-K=#pmy`DIcAGr^
zyJW-u-D#7jyY+hJ^8bN+@qTrZ59tijbRl-LeT2|G4Ahhmeq<k-PI8RCZJS?r7*Uhb
za3rkfPoSR9K0*C+D>GU7cI*~q?N^G39JQ)0kuySbUVvnSIYqL1x(}m!vKsu7V?X&)
z2qf~3=tt~hKtqzBIFtkK;EkKXG@AlyO$U%e%^Ou~508B>1ufzz2+qfddp3f<`cKVa
z<~^RtsmcWhMl1HuiR8k1G#r1t9~zfSLy;Hz^X%5ehio;;EuY877bH<@M^3}1Yz-$d
z_;45nugPev%r-8P<4TyVCn2^%{Vt5znLv#BduRx)1Jvp{v^>Vy(p)i??!tQss<>sM
zY7aw|1xp@_I^ze(L}ye1O$G|Iy>`D&GJ|)Aqk*>`UDjuvCOXt&CMY!wCw2-t4#s-{
zj3*LC)*izm%qG^?`}h`bxcP#v6TpkJ;gXfZRGa#N-A7jPoihn<+yknhyxKGTdv2bx
z)HR7Qz8m&D!yl6u`#Bo+co9EuOvG&8VOYH(ppzrPMi6W#bYU9KJ@?G9<uE;g=+=wo
zJhc!r4dA7D9e;xJ#ZLiGSs01V(zIW^GDD1(agM=XaH~DK|45mWv;lsLC<J6&4e}!b
zZV~ZH*3Dpej`!c0N8{TMBoh_;d=8(35?V4#z=~exNEPLbuD>PGK7M87V~rjSo+aMy
zieRR?*~kf5>8Xmurlalt_2CM#0dQdw?Zdc5tZP09m4zUx%8#7hK)g@Om5R*G7=-`6
zMuoULbbdL5n6D6)Rp?w6SN5elgGsEhqK>+D=MVzH_T&3O*Q{yuOyWTkzze%{$m`;#
zOsns5<M%1>RcJq3rq&4W{d1bS65P^{S}W4@ICtS;Q>l)F=NiRK6%1|${Rn~{_-4B)
zwJ0s93?Qc=(><2Hs{!xd-L1GbxiEr-`bQ)+Zg=^Ys`_lmYZU8IL+C!k%NOmwan6Fi
zEO~WUr!*vAgSNjOxKT4U1Uz5emi0`$3OXZ6m#7HG&9TO;?a-?B?d(DYZ~EkzX<+0@
z4M4iKGJM;8PUJ}PYzRuVXb|_}^IP>&ikc|9bF<Bcp+1MA=l){CRQX|tIpdw|!@K)1
z;jwntjT};{#Yz;LG>E}obu-FJ#vav5AJifyYJQ{<2=Dy?(<H@1BHYLaT)?DbNMl(S
zbys1Mf}7>V(4JCB%WFk@h{q41__)AwG4*+G9)<>jS_XL9{ca)r`7$%rXgw+r`NO^b
z-FQrlM(}C~Cx#IbLtE<7&~z4u*O5cooMwCSUo~`WKWkpfn`6s%rkTzQ%Hoq*i?R%e
z?j2hpOLgpM!d$7n6Ptmhovt@OkfC;c!tn~9TU^U^Jf4!v8)#T6z;KcGq}muB>dY4y
zZi8K}tJPkZBNCI4&&_k6oNPNd_~Lj&&hrBm6IWt#(!XecD=aEg^zSI>Z&woN5{dSL
zR3|6n{=<q!$Pe&{^=IdO$=!Zt4s&ySul;r{Tx~shZzQ$4(q>o<m9sTjk3C{lGKFr)
zQhB|VT3s|+!xw#qb%JeK0H4W6Ybz}msI^Q?qT^FB1Pw}sh9KZjxt`s?WY;fltQcGZ
zj8RpNQ6-5>o@E}CC&5_Q#t5G!Xt7!M;&Y~<sTp0TpcOzr+Y{;6ZORBi7>$<M&w!0v
zL0Z&;c@jUFnbV*6F0+ZaNU+o2INQ@ekDyIu3sI9b9{fQzxkF!@eH7L=Bjth{k4w-)
zvv<=fWz}5`&3bZ~CGEb#!@z3Ea;@d3-A%n2{ebRIy^H#ba-u)(0bR>1g}|_(RoBg0
zLV(0Yy&2{&e6q8}<y^Mg`jNvnTKLKXD_?vix$_}VeSy`v_7_(%oA5b5?6v^+oBEMG
zfMNc?Dy0kNPiQ$|7fh;c<Qi6a;EhQSzq_VtO`vM+-=Defuh6JgIhdAN0de%Tey4G^
zz(|!Rnq2*aRQ&`(y?oy!*0-*^FI<blv<m|8AWgIP%lqi~^RC;V&IHSx-N-Dsf6D=I
zRh|Nu`iSL5i1aqk<T(F3Doa%T#E<GgXH0g{yY+aMKyH_|gYM2ZB8)3**+tT&d6P-`
z*|FsPEcRz-?MuJj-NuF9Mr-FGS*7RpYDtv5?2<ozVmoWevBf?^k@c81`(mw(9Be_B
zBxm8Jk2mxh!83|b8l-+*c(X9UC2w8+@RmwBELV|fMG8`GT!$%AxZP7%{-!lWC>-g%
zb%R8k6nps<Se)mnSjUjT4X(YMgvy>&^^dU2HSmmcv9zVQQpA`@iCv>wZzD<YthAfu
z;f%N4Xqq~S`#zkXj(@{=>DDmQP>_m`vw8XV*Jrz=A$N6|d2D@2-4r5WW!*;Pf+&|P
z#$<FdN^jNEIcR2PuY}VM95DGf!HXi;Ghov=SM93h|HCxq`%P%!O`sAMbuYY41t@|(
za$+w7Q6m>BD3QH;0ejeO6`i5%$AR1-L+f($FK?*3Qi6)Bh7fh_-Gp4#%hfIMXeGxy
z3F_ABYd`O($V|<bm)hz$yOo2c()EQwF6*0>S(_6h0?r?2Tb#};QTY7#yPVDf)z&vu
zV!RIL2MEex&0;sj*kP78E4}|_Jo*=-%QZeP{C(AA-bxQ(Zu<mC5}pn|-Q5|2d6(ku
z@9wris`;Z-MwP|{r(eopGy>p%xYroqA+r;+-rSL=NAsTcd;2%Ri05#ac(}Pwl?bll
z*b%^e<}#319SF0x{nE$25NA7gUi+z|n!TL+iFq6E<Vz{cm!pt!LYm|A)6@O{wOY{m
z;c36Tr3^>gOY%h+kh4wLM7_tQ2DDlG%fSU-C=rE62sg*oyxgN8q-B|^?B0}MW%c&z
z>=gTN8+K-$H((IDZg+O}!|mR=uWR)~u&n(39VeDcgJPL~E+8>CJh^Ixac3Qz(|rPA
z9K0czCuzGOV%O!v_<)35X56ILiA~@KWs$;w!?gX;59(7G;``@5p20|AM2S8Ut_gD?
z3$uV>SXcwr<Hwd@UT9bW3~ZzaKM~t(MRG1wi7mMIKn}-^&fqOS2-ZvzuByaMfH?b0
z?5UR6So%+|NF~^zbor`=(|2QEAa(i9DFG2MaLBc5<e2v`g&UpUG!+<$!jwTQ6+&%A
zbv#a6e>H=^9+y6$wyJNa?vyw);Y%3;v3d%OM;AvuoO4)6m2%`O{y%b5Vyq(?DQ>}L
zB|0;kv!MZ|Um1y)cD{lHs@bjFoJcouXA#R`<f{V!{7eYvBhfyJBJ4UHFC{Mni~e1Z
zF&OBoA|8&0XsR-PtHq7XWoZ;ko1`*e#S66T;e0maFtl0|_vq>}DH~l5VdPqfsB^==
zgn><~=CC1a-_T>7+q3Giq2tI?tYx+ME8Z*?&ao|||Nj}sCa~-?#mR_FwyVO8OdAk?
z?lWN(1|wBo(Fkcq_s5ZbwUQk+4J&Dt(#Pc7F1o5;E^Wk>NNCVi+&%q%vrMS6R^Ju|
z6xX4#(bVY$e4wvrdU?#m6V#~t>}dg^j|uZAge9$QzfI=s(1ft!7<g~k%F!q>k=i_J
zvF`eYL@F0{vl`(o@B`!bB6^i+(U5bKi=clnv7VJhg{<G^T#)8dKoZs7PaCl~@^|^o
zKKHdvuPVXr9^y6AWy2ykUT*HRPL?Qy*(bD9D`#p%xyb7UD(Wc+%Jh|CN_xlyE(`DF
zj8U$*Dyj}H(%N81g$7)%J`4&Cem735&((azZ|KbxrY01jW~tz-3&w%fuEz?VA>FX<
z!d*c=<jYN8<yL~79$P_7luZjBBk1MpFE#9Akrs;)MoIcD+LK^!!_XWKzdY1p#x||X
zRFS{*0yj???Xg>G`;}T=y<s3rESzTG$(W7=EwMrc7b>Ys%QQ5=ZCErg!k+iJ#;cuq
z6a|AN#^64tI)=Dd6t@&3jnyT7c9XwjzvVVLxBZLA!pW-US1M2CT!MbY<HkI20Y>@s
zf}*~17>%WrKFlf18vz3Tjx9fCZA2dUeW;8)4E=UdmHyG9$m$Rmjiup_fBHf(GsVDW
zsIm}mkb%3c9cfU;ipCmQR26ynj~qv$+5}4!!t#QSkn{sGLYh7Lc#XUVm1UKpy!kup
zJs?=gRt?Q4+`EkF5|x;-L+>ZEg|uverJ_y5nrl}LgRLX1iE4f%7eg$Q&QtJuQF_bQ
zH4SF^b5IaL#TkTT(;))f9;Rk_O_NwOsUe?X3ikcvMVAHFV4~9?jlk>KXLzaf9x^vc
z6__MU=h1ASdUR1)Rxdu_CIT)&2|*ZQrP*Aet0&9k?K#r>9X+uaVO%3Z<UH0&`v>0T
zYmYz0U>=R-4`Hh4WXl1kKS-tV@Qk6EcoPO?g_f0^6{bDXoEJ^T4MmAsr20e~`}pzD
zKNN$E!mj-Ocx{fo5|bfKML}jpA6DZto;O^e+T%W=v#gC2il`#spc?%Ab1&-&5_=$n
z{|#kuL>na9>~r@9pERbHV~Z*Zj-$)alwl%Zh=68f%ONwtCNU&Rw@ZY>`B7ujnS?yn
z=fcp~xCIhYUr1$es(lW9u@9$#AQ7k~9y+RwUp<tQN17FSOrqY9$qxoX3E=Z4sS(^M
zm6u}j?-PAGL>1u+tOnwjG1BO-0u7GdaE!xX8W*dx;3(m5=@~I%Bi-XpdvckCG6QIE
z?@z&dI=1l<_r2AIz=v$cn({lMg(jp!Y<cTD>Q+V&yD_C(kC}d_il~D{Hs^c*E&)uR
z5YoEEvy>Tws@efw5wYF(qsOBd5FHI&a7G<p*n~XE0_(jEPdW204#eoz%?RSURk8)|
z-u*g5+kI6StGb6f4~JxMGCWEY={=Es>*F~Q-h6K&lT}63Jbn$0+q~BQvB`Ahp|NoN
zK+?4*GTQwiGD_a^1HM-t*>>ZloqWS|tlq+dkIY`boP?kL_V$`r-Zs7kV*OwCz(|zx
zzb7bG8xJa3PJy#iP9C)O?mpNxE_+Ky55w=Nig@e4wyQn!zTH1YMg{zxCK!-w?2nA*
zJrVaZz|XD1PqB^0|Mczes%g6P(Anae{<2<y)$>zPlxhjMf4l3Lnt7e)ET*tI$Ff*o
zi>C^HS(k#p>rkwf+eHAHo>xwU#V4DG{*yQ7)v-12uC7;as(-aMF=ty<_qw)KZ_9NV
zZEt@5FY9a!fhR9Ebby@YfP{fx(e{EeBgULv<`TF28w~8z+aZMMdB;ZfF57^z!@?6T
zw#^$pXKdSB<mju7@t+U)WM;?IW)y;p7FAa%r1%`-IUiDix&@Ya0Wk#lY>Zr%3$<H$
ziC!pSviZ0imc+96O+s;Y_xKzrT~<KRy~Qf#Fee2>K&)ElOuxI2sw@N8KQRlOU3_-N
zzvMtkf4IvXN0&hn8c}OJTlKf~E1unwqchg(hA#;IORRwZLv+Ja<_*A8x(CV8wQbn?
z9Tq3?R>uP&MzN}lE(X+__QB{f<pdgmF-`4NM=-ksG&5dkt$<9KzgQ(m9Sjes>D@C!
zjZf$@eR8!ZSCOaC%KqdmXV7tq7XwN`o6yrDcA!Kc$>6_<c0gj|`MPHc5gC+h&|(WI
zz?!nYJTPP}%bGq(4Dy(PwvqioH8SQHZ~(*UX+V-Tvz#>0xHT%Xq1#womkJ-cGYdMi
zY^aULFPu%r9i(bD`=>$YhNd#Otq_tH2FLyCUaGCWy?M7BGg5#np|R8&OuP-Q5bk^s
ztX2aP#^GKQTWTDFC(wB%EwS=5M4gGr#I6)*gnp{k&mHj!Dd`=N#p>aecyKD;biduI
zwRycVt~%FdY1o~={w9ir?8mW7c>Mf^c!uKDR}>j+diD8j-}_qSi|z5I)@S?Q$lba@
zd5ArZ)!HNi_}To&o8B+cZ*T3lmDfu<q@{nTTtl}$Nr?ohk)iFvOdqm0eu;NjV;+tU
z9wh2}?ZaM`aYMbhs)?{!YC6ttng&_3SZy}XBUH*H*IVKkIx|mg0wI%u9wD|J)ET=)
z9zk&>kMPn7J!(?8-rJZN?W~7N^^mbvP}U~9yo&)7ocv(M(2G4<FqISG$`AMQtal7E
z(N6`4N?8Kg^g-?U*kqKemBZyf^Xbmm{|5b*FyMY?3CTR_;_TRHY~JC(kV>g?HX0!c
zCrPRjDC^XQyVQ<hWZoEBMvNHOCmxy%wdJ+O&twst=+IMQm)I_S$vjuM=sdtqfNQKu
zOJ$x*cWwvry6)h2e$YsLZ*l3_jX2_mEpzmoomP1XUx3v95hWPOSzx1Yv*pdG_0nrS
z443<W(6Two*X5C-j9&)l_rb?)v(Ny2x4=Ye0S0;*#*BMpTHWaf#vvZqBPyLkZrfB#
zrPt&u3yc(+XGx!LME3G_8x&d;VQLKc#_#&=b=Y<~MYDw-_%jDFxM<zn5m>GeDcx~Z
z@mqzPCDp0lE7|g}2jd@_MliGER>LZLp&&T<_GBQ?wThqJp?6ZycJGNqMA`(OI^G|H
z_OL$5t5?pXeGS15bFKg^yrt4<&&j^T{mNi2ZS12MTkA|^Hm2SC?1_w9SIYEeGG!hs
zh)+NOFcy*TTV17Tm>1#LoqQrF+`;d&@aa~f?UZf)O`-041{EOH-+{6%j`hY#EcSY9
z5?|(~jjaLQR%k8}V?f~}oLVB${ZG@@feSn|=evQZYg1VDh=_g~?XQWPsQO-<T;PX5
z>h7M)0QRT7?ZXtvnoZ>RLeI}Os8AMcZ409isQyatp7H7W3lpX;(ioFT!GhKbED()k
z@daH4Qm#}l5vZ_!V9cBQcVb9Rw)KLKLcB&$3_`DN{*L+l-*2V3e#Al@v%)+%@k)sd
zA(||jmRs)_#r}|R&5*4iwK(jD`yPj%>M@C9dxKkRxAFaekuK5%%p7cu=9j`k9Lrk)
z^Cwm2aEUoVW!2PR)x&nt(4>h(WATg<90!sHk0@|VHq(Uy8&@L1w!!R9!Gd-Xv`mGM
zQU1nDW@(stq{C&jBF`ly!F!|6>ID&9;W2F>WuEczAM6zfP5Nj?YlPUav)bwML1};d
zcGJ+15XUTyh^RkSL(hMCKuv%71ur>ugFX*#sgv5|gM+^Y@$}XaB!IP|h#WUZjx8DA
zoFUKBywsXQQ=cmQbvs|qgX4l4S)&zyeL}Kh#qk|Dkh5P|TaY~SFgPa3!8p4K*~Q0x
zVr@h?nY$D`lEdK*jTfQcAjv1d+j-YDW_nsTQTy1V>X{=6g<c@9j$()T3z5vRO`Z%)
zVp38$117?s#fi_gh!;qp4$f2zpP)&F^hTCS`NhmX_o1>M7KZnu+63Igp|t$z6)x+9
z_9oVKfY@~V4cwlQp(Nl@I{=RyMDpo+2WPdby(5701qK`3E1?s5B?EQXMS;h9%4V#k
za>Fj5O=k|<&c01TmaU6vr647`V&>#Cn?0qdC}0auk89g=i%2U%ldoUq*%wKl!$1IE
z$CUGv7^GQijQ(RwOC5c!=jun1m_~{IRxYC?T?n1-Ub!mQszoKnS#HGO2jo3S7(r~M
z88MrYWWx&_veKW+%TmxQoa0v92Ji57Jd4{e{hk)1yp@J+(dOJ}c2FD<T>EILcIp@k
zeN0>Zg>{ZSUp@SsVFI6XxL}^~Eyw~5EaX>(NYuh;c3@%HE;tV`?0*p;JalxS@#bSF
zb?VwG415|Y_60Sz3P*_;;<*M1k$4B)&2+AB6vxnR9`q7n*yk4sTmPH&a>Rl6h;Y-1
zqbcJb)_$_>V8~aSDz;|v$@jeF^B#Fcf2=A8<0}ZK(;;8|fcLR*L3lt!MsO?drru!W
zqS|q_)Ks|$@DpBBjbE2i{J#1ve!ZNKl-Gx<V-wO>SqH?I`)u7kd>mjJzi#!zE#o5W
zN|TDRV;47e9#`UVH7IEw{+_Bs^ZJTs6K~grR!7I%AYolf-z~#7@+!@x)e!=vO5*VY
zzunMrfLhG@kP>-S#|BBqa>$h?HC-iZ)K$v|#!B=vMX&Btgu+(2MzKeFYsG({3BQRK
zZoCKbkE>GE3wKSftFBS`kNKv@OZmORyiIUG6RPhpeK-LBcx%;*l><}TuHkqlW5_=H
zjdJooI94aKHl~9lTdrx4eh@Za`<k*q#S_8_WT-!FMs}6w%8!7vCC+86TxuNx48{U=
za$9ne4y+Fn_}lq(S?U8*36L}VY#rB(2ndn2F(j!!G81azk&C@@bA@w1pd)&No4!QZ
z5bStAIw;gWLX9<xFJQR@CXQpsT)Cq$XdUV>^%iyUNc3NGc{81Ob6_xiT&`fKZb-*B
z9<uv66ZFHDW!_MAu%29zWeq3y{Zl<T%pa^r7`i+7oXy?@oAB9?b|WnEFq%(5L~SRN
z?0liHZ`V%T%!DJ`i-x?OuwRCpyKfQ54ziTXTpUKe_648LvOGSV0dXMt_DUL=_Jcqx
zJ*2>9mw8nQoULg5ik=dw-rNs{6gWev&k8$(oQbxUd4l85eHFjfR$F~#HZ8m(?5l7(
zK+5kmq&(Ua2&}h3?}maZGaI`=o0IbULP;TzH)oNQ2xGVC5ERJoW(%irN|k*yj?mZX
z;Nq21JV~wjJZWJQiv7)FIA5VfA_|6YpP<Ia%!{8SJtbqXCxbweRl~_?uA{@rptK{1
ziG*Fck9ON_Hw6+|v*!94r23Y1&Rlg*2D1(WQGMC$l=_n*K?GHhIV{KtwEBn2n1ofn
zE*XFsLwVS|p4LISw1bK1jd+n+GoDaNQD3N91ft~E1fWaSh``g)vLM$Oaxl`eMAaDH
zQSq8Y*FXtu8~2y#sFG{>oh0|dhcgz{h)~l|?_nATD}7Zu0J3M)bblbIw07X)hkNfJ
z#xF@F0g5P+54?YHDV6`WUM}$cDV3`6u0WLAV=4wV;~BjO`ZdRJd6fz%YnYxx9g+A=
zw&x^E{gffUs`RtrYac}lX)TuRBN(vhtRRCgM7Q5jP{%Ua$RB`sZ2m}7v{$i<P)$vQ
zJfhDjE5QQkM_$aHx5Y!SKH-pDB1ks(guoIGLK^#xy$&C0$694Aq*BI*vwjpES$}t|
z*<3jog}by5Kku}3J^(}7+9cY89jLv?xs!=h+zXm>rV7-=tM=GFC?$myRWf>i((f-<
zQ*RcJ&}(v60c0)>!_Ak{C%b{6b?Jf_--?`w$Wv?%=M-j*5<g@ZLy%>{$+z$De<spr
zlbSz`oUj=YFGelHpAQQ!Qm{Onoi_@@%YV8OH|v|E3Oq)TBV*e(i$6PxoCwfll1lik
z9{bP}toQ?jJ(!_I?qVOiGAL#bn>2tZ&~%B+5F0_pxz<JT({874`AHNFX~oq&OVTeE
z|9k`Ov2P@j+9&^PhxB6@yoIN10o8vvc^gGpqE=jClO(~D|6qYQtS#qv%gy<OEKMAJ
zFl!RrOaHXDVZKDxfvj!BObN=5p6*l~JLM_-RbCX*F*EEgRc}RXRc|`FELA>Xu;hxU
zP33H0m6_*LK>@xEV&&##6*yB6T4N<%Rk%~gGf&Q{w{0jQJU(VB78qojlk4gLYZYe3
zMbtmf|3H7RW@jp0`T<*h1XXY*!phUFr_yk2uX=+BFnGGt@@x{8n>R*m)#kD~tFjB#
zmFT<50S|e<&EB7uANZ8Z8`phTa{}0rRqL1=Zl<w0N}DlL$OxxZf%w%(HBFwtsOquX
ze*bW^B%y{aWOM&z=sr&m7X7(4<AbHT71cpR4w3++{T#UN?1v{#^)X_67)s-y+-<C|
z&)!ru_sA<}@3M?d;a$?bKK)8Hb5U8L4f9#78DbtM?Pr$E_S_CPtcagFJn`<sUYnS;
zv3iaiqy6SR_QrWiHGSnj+G_nc3b9%q&l-#kd+jWhmUbBvg0Ld!4+;uFwZx`FI0=L1
zgsa$xw^<D>AE9nlqa!6VkVA8Z%b-85j}J*c+rdjBKnVW*j6J_~_WAAo^)941HP@{!
z)9N6MN%c&a3qPXuPMhA^HC<mvnHfgPPwajN-<!OTe<g)S!@qG@Ub#FBVOuX@3+IHx
zu_U%FG8A$%ezMHEEZ}X55{tS%(+Kskspm8%=}pJxIuiLazg?9*N$LWdfq)!B_%{IL
z;H#_F(?rhe2a}8;s$U{)8`;WrHEqZV7lckF_U?o<1_Er>JSuIi$hVPVg(X6P2-;tY
z5zJ?b0}SxuTS3Y)g?>jRc)Nm4ZE`ASB869aSv)GV!!t#2esZ%zjyy9RU1iF+fsREH
zY7@oZG=lMVyG|WxP6?-qkqXYpC}_HhloOVZ6>x#~X{kx4Ak`5nG`H=$oXF9+C{||1
z$S4_1;O2=XTLT^&12415d-S!=l@N&ESEhDwDE)kyqg+SJg%NLG^+rg5Af*`Wr#Rqy
z5#&9RGjZgM9Dq$gfPm7=jjCg7OI6z}k0Knj1`P1<!{NRU7A~FUMt%LT*Zm^Q)eKbf
z^HZ8hF|HiMu%qHjaQK(#2S_IQ#RNNBDn6(K0yy}FVP1@g-^ot`mzxS^iVy6Jr=&9A
zN*Mk7$b8T@RA*d?&3V5nX)gE<tN`sEeuNI9fK^Vc&H20w3yp_c^5-9DUi|PKnE|?=
zcQc^q;X0g$cu`s}EDBo@i4g#ie|Y~T|F4l_oxf7eNzU-%e}RX&{&H!9zdY0tpRhQC
zE8YIbbimVF;As@N5?22{6lHV%@sFqj6;+_~x!&^*u~*(Lv0>EKURbzGVEv;`6~Qf9
zUhDBDC&R}}j5Bn_g+goatH--Va#pF$C~0-bgvXOa&o^)ft~4S8b8<^+39t)J!Z4)h
zykI%tnEpXbqzAGR!ND|ltg$c|3{?J!yDWIx+BlA<ExewJIu3*VY2dG#HzuKVzzO@H
zo_eNPzqTr{%UMryXr0Ak$o+@%De)W3?rTWWLIRJsXxNv~0M0DWSZ<nC&~Gk7PBq)t
z2;6<ZI`Z1d{pQeabh3vcnv`)(vCZY(+4Ff{8caX-={34wgm<D#31K`bV*7dWob?{W
zxAi<3!bAV@BI4Rq=CdwK)U^Z^hj-u2HO1z~eH2mU!}!bWmPghlW@El0yVr=V{b5i&
z3AI-{xz_e`EDhW}Xa#8JzJ~??%~{;zPrJ;|zguG7fPm+*<XX2tWe`d)a;hk*Tt=<N
z3UyqB1((y6!e2u3KZHA%Q!WO-Q||Z$bsRQ<Tn68*eW46+jWIJg&3hLA1-y-1D7UoG
z7tR%=yWr}8&p7uOcS$Ihp+}G0U>HD=&eN62C6{8f@=}a$NIk{Xk)6Tg*36R5!;Fx@
z;?@PAh}iub?jNEZT#UZ)avcwZK@`dv3<HM))_{$=rf#Bkr4gE+g)F;pT^1I7@D&&t
zW9hrIic#Ezg6SJEu6OAZ@b_F@Bu!h~Ip{=oewCXbM=-0LZO#I;ZnykF#5Qzrsni&J
zhHW^yhsx(1bOwNBSpGo13|)(w@1L#+eH1RCemFWo_jwe2#sw0(mPVM#4K^Po*Up#Q
zf4EqI$WDWI<NpF-2S6$SkRy;|pPgTD;wJeD-WN8i#UYW8>z_V2fK6qqqB+-jsGjO^
zIX(UC=g!c8+9`{Q!7HG}dV<xQX76p%r&3;%QZrhUQiZTblw1CksaOdgC8LfAj&Y!1
zK#@O-njy*;Rc3?fh&&0qVS_RXNb6P!o`)@Rg2G;2OU~%D{-12}SS?I<Jt(YPxa>{X
zZkS{QlR$AT7aA`^I~JP2j4)gY&^FOpaq>lkTpxd%GV>;8dW5@M;T9(rC{J-=u+h|>
z<&2jHsC~>weLjfcz#{B4TY1oR12Cg><id7y<GOr)4ucQ{ZDa99XN0Y*r$<QX7aD;1
zdHxw7lG!(!St9}Eb<KFz?tySJBHVuz8uU#L!fCtlU;@<)2OC>lXiQGhBcNyhAu0KC
z<Lpq*zsk6ZgSOXz_p)<jq4}%4U2Gc7Onl=;G{VsKId?Or0(qBt6kKQ!lT9pUVV{gc
zvbUncJYr+_VH1o&*0~4#7L=;~?s0F6RkS*q@iN%>=eHorCg1Zl{4QOL;?9nIi!>Ji
z#r<dqWKT(dzJ%&8UG@xSWk>1F$Qg76h*Q<HnB+b5(y3w$o{B5K?i9RIn2ZqM%P1q;
z!Qc|K2lK?r{z7wxG|HK1f)j|BdbvA3qfS`FNEVfM8I4cEt$gj#2S7Cj0c_@f+3E|}
zU4kgL@y2G%=oh#`)tB}6M%z|#QzO*4l&{Ok){^c*Bc}`Q^C?=vDR||9bgA&`hrnEC
z*|GP>&UmhUyk<KuOLAFWT|#8%^9VqE1fE+*!E|Rwwb_o;ButgAU9>KB^V%|?qOjSQ
zt>*XwSE;f07Q7#xVPGR$MIttHd;wqoNP_;u3E-qSF|fVRU9yBYjy1L${w&CoNq(>5
zX9RtgKcnWihnXnBB1FLUXH{kr<!xS9KCZt)&41@P`p?%hzXsHi79>frz?IkiN+%NX
zxVt28`UY^U_pa$>rf);^^S<}9ix)Hl4wdb_aCx@2ZS`mQY9|4w6=9zg13{2aDKpn2
z68Z+#XFiD;^$k-gck%SIqxeD{s_cXn(VPga7~{g#&$teAIq!pKsLMZ$$J}`|0UjqB
zuqH_IRTO1F(iUn9b@w@rcJ)lcu+wT%P8>|#MmpqKHG~D`Q;`1S`v8dq`?(S@!;8G%
z3WA@+Z@}rfIE|?TZ+|f-DgeW3{sC}$#ZjIjS$o|6t3Z9Q$hf4`mG=)Q{wf;<@@o&6
z(S^TeABw2fCtn7#srr+5UVhjl{abNjQW4>#xHb!0X1%jT_w2VSPL}hG6mx_B<)l4O
znc{X9s7xUX@FhA6mXO!@UV32?kdoA<?dxYvZDVftp%Z~mKbYW94(1TMA6^FVj#Cl-
zmJ80V6AZvv9gidUjW>w8<`_EwI<s9KeH3j|Y@`^WMrP_4C^Qk~GP~pMyaSQH<~l}a
zSf#7dt|qQ<2b<Hfsp5XVV>89igYiS35v0SP+egP1*rUUc1f$d&gFSW$0$A;jsGJQh
zFrurbi4P$smzxZXT=j)3njgIq3Z*}}Awd)5LnB%t3yMpOU6Wx{EnN60R@Mis04{5B
z7VlEkZHl*@meVDZe={wY9eIdk0*M~qJk|b~6h;xDC~xxNyMoTJ_YxjmA#1F2D>9j)
zU-L)$zQAn~fqs~Fu0&BLUFk8DLdHSX!@s{>1Jg=q;xdskCf^*sZ(z2;h1j!r9^kc%
zbf8Db;k37V`CRVFTff^Fm7kT@=#1M${>trF)3SzYP<~`8%Ej-U2eTz&Ehu%Y@eyBb
zYST0h8UodkiJlWIH3c$^iYU3)!GdD2lvqTxD86r+Y1b<lNwsd0sZXyA0{+@JeTR)b
zbMn9SHZkPxjZ1AlI?!&^wXfDEk5hkYY}D_#_`TV-@gb!IYHmgIFeRJ9FzOeX+PC*~
zIS6SBKZBe;Z&s6&=dAD4uBwQ$C9sz6AAUF{uY-|qv7M{_P5-EhwI;E`gZsJ&nTqg`
z>-sVg9uU0xlYD{^Qtr=(S%ngE;TYT@5uVhUsK-d8D*E#dGCJk?{UOfgGK-(8>;+}+
zpOVk`2KNzXyew3%Tq_W_=6rTSMW(a&XIvdlE=SR`H-1a2Up>V;D*lue2JQY0!R{^A
z`WYBo7ImtS0@+^LnuExtQ7OTl377nW!KP`eI=jnD*jmy6r0g(87_tAdkjTd>qcJ29
zna5r|x7;@yT1qpjqGoRFJ4W?!*tu)(7Y%6V6h1mjRa&~KT3{05B0l}x;-PbpZMVS4
zT6+80K{B&Mi*JscVmUlu{SRS#cZx50iPlWv=U^kcEyY~KrYc^kJJi_*9dhNFOv-*?
zr-=7-)GPPNRvB(2d1Kvs9Q5UT4oO@3v01<Q6^ExXYApWr6fCBRI-5WY+nlszU<t#2
zw7q_kD9`8r$iz9lmS-+<#K2*2V7M2r9(;E;OkVQ|t})R;<4^BmcHdfp=t?|#Gt&1c
zYIpE<R}Ol=joD%yhOX;<tdx;AR`su{I>O9E;lezhwE8SLvv11oKyJIoI~y|#bL#es
z>ZjacjwS-mRSsddv>tu&7TPH{sEYqZ+*=35wRCTz!9oZD4nqhbSa62`!7U-UyA7^E
z2X{#b2~6<8J&@q8gANb|2u^T!cO4w=&N=V-ec!#ezQ69RdaI_^+H^nbSxwEJ-Llu}
z_Ve+y^j|lSj3?4o?Jhk%2?`sFAm(YH*6>8`;6$CwQ&-haRqcmDTyFeVtUoTRWx+(j
zZrwjX^fMXe3s9IDWX<8XH^W&deL%2ulvR4lD+GFJHr@7vJ?@HqZ1QJaVy5$bs{C6*
z67rr%A!dunk7tJW;H_7XBC+3X;VR=VVX>iZ9qvTi@(;$2FZ+H?V=}}b=VVq?<}Q*j
z1O4OQE4I8!MkY`{{<V1k0w>LSj>Ge6paC;<-p6C*a-yGx<vDf1YC2wL{M&CLCdtCB
zq)#MUT`cD)w@;qo8Gk`B)-w0fk(^MQTt<kp+cLjjCKpFbaNu}hU9)%a$UQ3!o_kgx
z|6MZ07pb(6@Av6A;Sk?QD6hvw*;O4${y>%weLO3Vjsb=x{6_7_y*>}OuC)Gsf3Y8q
zRxEUUk~m4n2v$NI{^n%q7OBKQ2ogMW{<!fa*+ei(m*Zl(3TMp4rWO_4?mmcT|7PUN
zkC>!Dbfk0pRui57&kVtJx9?MQzQ`T0n#%whgZbLwO>IFKgH7+WTL82CDZ9K<+z?MW
z);9L9i9Hbvh6;&kFem8ji3sQrQ!*{xdNJk$<ICmc*NuK!K*4O9wTY#Vpa|N6E^{M&
zal157&??`y!q6HdU#q2Yzn^vTMEBj-g!`ao>sFV%B*zANk<Zcw|DiDx|1B<st?~xh
z?fsB1toqLlrHro9itCYq#`^jFFG7+H((;sPA~fN_R!1fF4wCr>8w7oXt8$V1ojp{E
z<Z_@P>jdPpBQ3YS@KrZ)f;mPQPKTZwu*687@LaF$^ozlTy^5FL7QX5G><|TCnCvCa
zNI(2Rip9ifigG3|RLSXDSWUgSgM$lO<YY)nPF)1y-at}xPK$QSyF9A=z0+1r)r6LV
zHO`5YOQ1dKOzgaeUzxjsiScV;y4=$S_Ilh@`^x#Z0kU71Mo9RZLn?m_GE_9if!6ty
zezm(fv@<b6>f)<!JP8D|(3qt~wtz46(RdlH*ls>KxjC#tGiRZTzq3+8Msa-@Il9F5
z4Ae^JS{yQAL!8C%{Pu7Rb5d|1sqhzCgXfHoDp=2O-Wk#HrG|d@ZJ4g(N)B2A9VZT}
zb(lJAX9F3R{@LLiw@kj*QsOGO%jWY#(H3f!&0LN3_%$NNk?@Q%Cbh)DMFItw7hhcn
zML>@;eFob_Q#LAu<0+bP_SB?0ZN*a*aQ{NCr?;F=x)~zp*a?f2n4mlDI^k6yC2N&m
zHbJ*9mzQ>Nk`wmY0}g}IMXB@fQJ+Fns~AN<<y3y=HH=9XgSFLj$V(l1FmCmMB(%T9
zCnR-}fM$OnBibe{{luXaV-F`G*h+ly&<zzlrWA6!h$ZYBbZ{jVVlcPwui#eZXz3lZ
zX*3rY(o!N_iwHg4h}JbHG3?0>9^gKKpOr9~dTvq22%ckAy^Ejz5PN207CPp*#b{Qa
zWpG$#$Q?s&Ifq#VuayjXDg|<0Xn2+RI~Ubp(Lowlxs0K(7saoQTSDb9v-uI-&f1qz
zzOE%8gmSfyWB%o(tkcg&lVo(RZ!uPJQADzDF)WbtFOzX!ylkmZdf5R~96gkaCHFgf
z*v(#n^Wz&Dw;3ebk50f8bN2}>>H%Z;hvv5~?jwSxlDmx2AUs&T(ST0I*%d>Kq=>Td
zr96}KMQ2OJRgV%)YGP=}N&E(PD?jCt8{(L)fO8L6CfQ&ebjj8BUs=%gTMKz3vND-a
zX*3axa3Qi+-VQOM+h!d+d${0*OgxFVZl0Fcl*aCrH1-D4Xd|&F)5}B>A0m!aiV?@`
zCIDvcvWJ8KAGjE~?D0&@FT05jE%Q^D<i867kY%GKA%tx!+<%PFN`H{-`mL$#wf$Y^
zr!cBBP+(XK5m{dHTkAwmwLtek9CtLf^HVyzAdW>J02C4ZIvF#2d!Rj(2UMupP=bDj
z!xU8UPI7k-<ep7Iv$(Ves`(D+bwGclUdBx^%zoHh_rHB~Pr~zo`u#o7*j5`F0VFY>
zXo4$hW^E5Ner*;4tVbGVyN5gTe(bChLl3oysH=ZIA%m`*9a<FT++ULRwuI0u+|H5I
zO#dFO=$R!b5<t`eh{|?-ihPdFvlx@`oe}B3My`UmI(gw}TqXA(v{clg$ZF|XL!buF
zTGj3YvAKcHU6R9f<WNUlX&Nv0<okisSAZM#-_IwCb#mkscW^zpN{duw6zz~>9d%+g
zUy{a2cFhcQdSYmE&xpX`JJfnJaeqoC9toQ1)0T2{@{SNY|Fx2$^LilC#=niD)BUU!
z-}W}>#fmLDzAfIX#^)2fxsgfZfBp&oLOiY#P9RLRw0koY0E=~w!9tS2{g~^LJBgk}
z1s0r-ug1fWv$nU={Q9lkjblC%fSv;MTR@Ki`W^o?BVSj995UjW)0rbL`{%xAlvW$s
zBevTMqNk3$4zgOywD^uSM$O=Uy5;i6bzX3N&P{1t0blqFdKJOB_h<|AC01<1>V8Xe
z!YqU#TFCj5+?*jf&c)q1+rRtl1MRBuQJ}iLgwL@hhmyoGOLU*8cGQ3I*%i@Df<Ar2
zXMC?KcK6J>&nPd000pHnA@~p)BY?z#4`u3}g|H8?^H%5B7sz;kZHevuz35tU_@E92
zGC$efTHy=oQDmqgN+U;wImX>AQStzVIbp}FmU4#zrI+B%4<QTc=TPwbsIE2m=s10C
z&OB&NJyo)Hi13=7*YK5>V-^PDCZR!PRzhYM{-;GkX8(}ekf#IIc?;^SxNb{dCm{t;
z&y8n7ivWo4fd%d@^gO}GXntFmv-;Ra@q8?6ERp6$nH7QriXQ5FW9$Q3NZ(t$LeF33
ze8#*-_S1}cyghptf{4CWl#-&P3Aj<uC@|pdXe!oc6psA6M@>y*o<{H2A|}E9h7+!i
zu>IQ$2CgzuEMO1mKnAB-?9JN?o=+?D?aMb8RY5CaZw|Whf{F4L#1{VsiX)n71Fk<5
zovaK#j`Sr612iU}AqQRJE2K91*FR^X0y}wzlOA870{rkQH97rSJFbtcrCR)3`>&58
zl$YW6$PlVPzJsnzyjv8S&Oz72-H;{q;xgd%JK$vX=7J{+&@<OZh8^0JVZB{O$;jLi
zm&-}k*rW(og~{B@p!A57m=8)kW>mgf9N{%zC%cT|af3?4vZe);D)V+p&B`>*G*EZS
zaZl~I{;3uPB~{a+Ds<L<>K29i?~d*J@5e)$9MV`7@ak6J$n8L1&zpq&6aN-s`t3-5
zsA4+jWc^C-=l%20X5o2xtNjc1DZlgm3zw{GQL}?c<0%OK`86XSU=w=YY%oC4f|cq$
zPtiiZ?RPHv>(agfcX1MgH{mtif#qZm{bF}<a0q8)ETBEv(aqHUNURPS^@*9ivWYcN
zI1X}ODoZ=8`2nsK8f@UBYLILi<miic+R`KR-Y8M=N;^0GTm$x@%N90LAinQ}C%u7N
zOw=^E@-j>Xj{qZQ*R4ki*@b=jb2Q2$)n9Ak{pdF8J0Gl_mJ|}I5cOWfw$T3YUDcJ_
zQrFshZ_BZr&DqzdJEHL7z3MDFFV(Z=Nf!CYhvWgue9#w9apO;3y_6P7e_Qbb=OOaL
z$=Z{z^b00$!UY6BnRSys30=@t5(WQ!hzyP8VbW**u_Dqm^zHrFsN?w%>C+PG2v0QM
zPiA`inIqro=<N%`E<7G~z#ssjpWvru4YxncX>XmYWaW>bC7y~ua~nu@pM2GRT=5>O
z`0Q0`(%5Lmqe;@Io_6xgVn=*T&zdK?2RtEA>GVXG#*;aQDWXKg8BNT|+~?(m$dg$@
z0#8KaCjI*!Q*1-^!t9UsSDx5K!V88jA5Uf%yrSgeH|x&o8cyacu_wA`7b^w{tZJ$m
z(LFXAOQ_u=!vxX}0_3;<&{uY>tPgmKg9HXCoIN)h6)2rDgqODlJP#`EfI<KMcbtuS
z<8t8zhn#Z3j+OlZPp}fu+s$3>&!y;p<@5{hA5N=id5@ruku*>?5A@#ld2!xS@#0#E
zhT<=0=gvDB^v>JRA|6zkEd_AV$b%9Gz1j~n=R#4TbM2Xfd&H*H3qvawFnvKI1kJLe
zlg9GcD*?!U(rX2qJa_Tdubp>!aw<CkAEtm3Ig{CYr0wnkI^VubT6#s`(c-IpnPMCQ
z_04y@C@K&a3W7s+Zd?xdP{RJlYofYSzVvSR?dRnXf|Wa5kIp-GHS_xyG9k|5%gf=n
zo#^Q(TA;9_(L-$M$f@%V=ppNXh`CAQO>Nfdr%A|a7X>vUdMlE0cs7y^i$$&X4RT)n
z4XLwA@0->s@ME^-IK9UbKMQWh6X>d+VEXwgpkeW3Bz)v-V#i`oYk$+6meY#am=1w3
zzk=#LHXtZXRxOj_PQ6XY|BO(rrk>oTdYB=7^(eg`G3xwc3nT4)RiIVJh%8lB)l{O#
zrwFm-ReKaToA3G-e`b>wF=TcBNSU@d#67$J&L$3knYi*@TVJ7*-7@k4oaF$1-5yo+
z9iPk}IWo1IsUHNC%uMa_r%y`XN5K0LyC#YiQ=HwV-=i*E_<VN=(&t2T8$R~mnbJ>g
z((b>nGOiZ4KPBY1t~w`PA>7o+v4`rdr>MkN(pwd|F6b@n``wOhM-u<k-$du+h~4c!
zC0r&ZyI10F(9J%bXHipAftD<yG{!On0}XOhvsk>qEvSuX&F*v6FE1Qls1%@yzx(p@
zuL=5|qK(slm|1No?K4r0SIyL<lDokCS<L8#d;BXTcjdA5*aaCQ^k@czuj$uzOy(Av
zosp9r!Q$`^L)+iGkS~|Fh7mmjRLP9?YdobP?qTt57EAWy_qGi%k0HXc7ZsGv-VcWw
zZd{3XlJ-PKb=}fgW!hSVnVu>at4D$D9W6GpORs-6nro_iW8v#|$!d&LCA>Ue`w^x4
zeUX%kw-(?g2Tf~v@~52VkVu8UvsQ{bd6sHr9M;N{mOIPM4qE_Mx<B`4mEUE*@`&fG
zA*Q|Fh+b8A);}dUb4Oiq(xrGDx+8BT8wMiV%FDo9$-jd1A!<${rpJT-D!-G~I7p2T
z+5uIJe>y5t^>vH^>4O($O4vhwNrEae@Uy^2?}sK7V%=+Ns4qJ8@7cTU8V`={B7W39
zW$kE|jt<ce19xU>1>gig+S-yp0-ER{+wlfrTF2xV;&8fN7Y$CO3nKdK65`p=p&qkA
z8JwE#uR2pLWOQBN?y=#C_hZNSHBG!TO~gZVDdYL`-aLJB#q(|{#u}l5(D*C-GgT-l
zO9tHS{wbYymGJ0UK!F{Imf&_;s!*?H<YZSXpshz*?T`}MS9V_LjTA~Xsx+7wof1a$
zCZuqd)X$Z63Jq&$bD?c|VkAWH8d4@s9BdNKRwG_i%>KocG+$S9RzeQ9R%?*Z<D94*
z<g8D&s5#}PFQ+r(b$UI;UF@-vY`%AZaE>8fjV_)NT+Xvj5Xz*tHNRz<@YGA9l@7Sk
zPphAkucS||88Y-I`c+fG7V2a;E#({9nKR65mdt;T2JY8VPrQ9?cKO+gqJ(}?UNUVC
zv|QBuMP)#FY5}CRXJ`A5zV*DA8B=*zZ_N1ps~)AK6o2<oxYas7tbaax$($jJg+r^w
z&_FAed{9&TvB5_j`pv&si?(~qjy1D4+Y%bPeYFVEl90_E#>1`hcKG$WcllreKEs_o
zJ20>9<a+$DMK5qJOSKx|!bO6Kw>D|f1d}Zg6=f)`6zUq5ckLY<L2^yntSuyuI^b`V
zYg2en%R5o1IuW0cb{>tD;_a<a=;7`R``+E;vdG%NvVd-Uy_cvIJ4quabK*4h8p;m4
zMfK*&*~e7FgDf~<4ZZ#`yV6gp9XYG_^&&DV2^T<foH~znjM<BPx7mOD!<#LAPuPFo
z`sTbut*OG;5%))0-=e?Oe8DW?rF&mO{kG_S;0krB9TKAb-o0GLqaY71G`dxS4>n_e
z-8_aCm{x+%o}abH;+RxZRBt-IS;_U>Dq^^;?G+F7Ea1B^qErVOk>ue{ZnanFn8Z6Q
zWtx<{dQm<x=_jSLcEFKaIWE{?-8lB@7c4Y0y_0-4zc=I(c+6LLJYCQ|p9H&b?l+lS
z;x&k6mGJkq*1JW8=1>N0MP$*z7)3JDWIXPrhwD6;f#bM*k|b@nD{ea-i?T!+OSZUB
zU7VY=wfL%3Hf+QS=(#2(?#;61UDgWcDT?D+ANkAesuyb>Er0Nf4VU6She~^~_bPmt
zrZt1xc#2}7!8ULa8MQfI0`7?*+BpsdS%p}A;-(SV^yS*8&u9G4uxtXpm83{E<qrxd
zDA6t`W)~>w9tTOqA{@uV$T|$2-!Hv5SrC8@G|)>4ELPk-H1w>JmX#2eL8=pI==<+Y
zJb_haip3f{L@@qbJD6_JLTc<9+G^M(mnp=Z^cWAZlm*%Cv4|>q@I=B`@g}*Y4XEw6
zCQ8>clnpy{%vXn=dkd9VDrm~s)C>Hrz2{x@dlT{_D;FMvM%1S9b8tXKdid`BobK%K
z5&c@pi5cx&K(E$XJLc8cLrd=?j(gJd!|sm)>u`8}i*01MdGopd;#v5MjX$+$tt_$a
z=6HhoFz|jy{F1lf7}j@-LS|k_bhI>3r5;YWv>PjQwrJnjb+ss8*mbCDv1$EB@Um&O
ztN$yy)ZN*%{v+_%##+_?6-ad@wz0oOu)1i~{pEz8<&9lOi^mOX+_swDVwvZE$ju5s
z2`r}nipNtKF?*!{zYC-2J*=t!nuysWo-+C`iTUU~ys7`1h}ol<x+`npn2sqeVakck
z`88|(;KpzQq2NL=ytIQNGTHEBawEoFV3UeDut+vatm?}o>HC-yG-253_oOxBP?sa#
zm<099zkAmt&;0guPepOR!l%huBVTFV?t5?LHyOEx>94)F{x`~Tn!XBsO*)2MleEvQ
zXT~`A$VEZ5vqR1{l{}bz-g}s(43=db0j;L>LaVke_Z+ESoR7Kk#W{5wF52Q1Fw+O%
zq&m!e-iqUU1>nj6t+FhNydUyb2|Gsonaw8nOU<P}#qO=CS`b%m?YeisQOsXUw3|3`
z4WG=aVD>GIP2|9{v<06#8=l+3Kd=hRmnzu%veYwnZQR#FW@Aq@q|<<fWzjwL+MXp?
zlw|Lk6O8jo(NqmN`!!C8&a!C%vvHC(UFUv-b|e&%R%qaC52N|iyTUB0x#zPLMxoGC
z`+?|sk>7YLdyQ9SlZcW8zY<ZH7BD%>5=OF+H2JII)1Zz8Lk~1JOq`9{PC&4$E|X$_
z+`?b&@wCh7Zx);yomSYb;^8tYw$=<0r7=)Ld=xo}H8c8?`4-cF?!Iz#MJJzh!Kx2F
z5c|F4P^z1TsVJ|To4(ZQ1#;!mu~jD#Ca<|e8<P=R>1)uz?=u=8%e;z4pu=H&)z&Gw
zDdZ~7evIZu{7TNKO_7jbVA<DF5aUSp8C&3j_{Dv9+mpDTmdBVcWsqe}xmjbn<hK&R
z`dS1@1e-&nou8_@Yj{Yo!M7NQe8NHgQhMmcIIr9Q51stApE4n3ulE<%p65kjC?d2n
zO@y6(;f-|OY_r`It%uj7MNdoxX9X)a&)xdO1iDwrnRu%^-JZ9hx-K2`Zc&i+R<f__
z`O`9K-55obBr>fdF#vXO>UVnNPUp}OlaLwM>UU_0`%6+h(5U?MuEgMb7MJijUm!62
z>a2qW?}`zx(IHlcmF+$D)2h$2KhSNbez0Vb1L-%W1RkaA9HE8vlhNdJ{}z}OgdXI`
zppQpyZ#3;5t<oWUt@2_Ow}wP$o*`bdYsCKA4Kq(RJ`^nL#+v8ne09EjnEB4kM>n?U
z-iYp8U01oAw@wE`+mh~Nt4k8+dnyx^og#MAI$_67&>rz<UFM-KZ&5GDWCAAcYZX-+
zF=uX{BINe8JI)d8U1~f$+X62Q$^Kfie%X@GL`)13N4_68;NQZ?6gBgeSD1mRffzwW
zq~0oZnrmGWvu$f_%>BIOkiF$CiR_M$65OX^<1@xvy~7zy8P{LJYG$0>{i6zF4B{(S
z<&Ql^deufqaOS{vI*R94EKAHAafb%iL6+(buzBVAFN%mARcB;6?LFqbkbEc1aJ-7R
z;dCjXnwP79&TRg8_GyFWg}#%VfJ#dhrB{gNIojX>in)Ov2R1iwr5#tif3<fFxip#3
zJ`cRRF7w@k0tqt{nb_-if#T)M#=>{*KaCH_?tHBO=`nVKTNv21eyY>|M|7%NvT6NC
z5VL8ussAhfzx7h|7QPa-jQ=HJZQ(0j``;2I7QSz5|64-G!dI&Hza{uBeBS|w#r}7M
zr-iRf?SD%USX{rU{eO#=yN0sbNUAy7g|zYQ%h}_R{MB>ndPb_SdQRo`W16ivv63`M
zv#iUyMm=gr&8+3_U_%t4yFuxunpezyoU9msGY@L0EOjYZD`BdD-ziB?T#0a>wZ}m-
zMXFZxLuhH0FAv6X_)(*xFk+bNh?c2}h9t15C-Df`+6~VG<+Z~_BnfyP#<Id}3jT5q
z9AY0}NUyyYH*s0PkK;YfD9=#;+{hW+;_CdM2X-n68&kXgKxC}wBRgJ(SX^`S+xEC;
z=Va5_QSwZ7rY29webyvoZiy?NahUYocXPjfZNg8;t3!I$jo%=T(dd=8z$Qoi^*Db*
zaEdE0<s5&jA_2(GBv#gv*6N^6>n?+p3zJ0jwrR2VfvDKyD7stMR(`3x;uPZ|jLb|U
z%BBIqJOtO6NE=yWhTqd8DT(uj?q6~6>>nz2>1|7Ruluy^F#Arwo5F)gH!<fPd+NRm
zktcf<tMKZKOn83}8me<Tc@>d*30Jl)mG~hA>?YcGWT!;`u273CC+*TzR(*-+i>K{Q
z@nV<-e-wh4zOijMuJUPyfQSW%0KdVvP(tu%Ulh05<W?y?hw0OJO6VC*RIEpL#}b+6
zx&>a?&$UYw<G!I4W^A>hwIFT6!lqlElc>U2@8iv{7wTU*{6_u6KkCjDCbmt<)^PbY
zub~B7b1Dp4<A14RhFC1STR3jE^;c1*N3Y>XwFtZzOf#OG?x#~4$BR1SXZk2m_PFTL
z;AGk*_Q&}2Bio8QevuE+$1#U_6LT#5b6QGw?#FLObZ?Q3Gg>sn;Yoo%^<~3eDm{N$
zEp{#&qh@KVl<+9BWIW%ZEDY!l(za!P=WY6^sei|pTeb*_;-jfLqt-*N*N>rjH`05I
zFMQ@)@|pH4Cgw6hywT)pZX?;EP!UMe3)~`~kboR^yx-ALxP#Ue5A~-85qQxh|FFfK
z79O0;I(p$;`Pq35$G<0M8Yc?z0kVg7t))S`h7+<De33$%gaGwO5L1us5uMjqr9=A0
z^axKJ+UyF=CDf@SJ38Ba>BU9IDQzF6I_{_-Ex7^=#)W&BzH&4MBDka|xYiV41<_h<
z;&~R9I$mvdSq)p`GYSnM=H-b#a&(7D2N1QU{2oGTV1&nsFP*(0JM6*gAYw<evVoOY
zMcE?JKmM{9=hQ<k#nH#7b!umi_j?AV(-Dv^xsi$Xx(q(?#pjB#Rz3x}o}u3~?+DUh
zg$JLV@`w8f%PEWAk`>J(=tZ(*c27Ozlijz0jNdZ2#(A2L57G!yhVwVBQBF~(BynO!
zsgmqMLR8c&4?cl=b{hH?!bt?E=6R!s+gq8FryjAoqHBxYVHT|E^!Zu9$1*#EvSMOp
z=kwoWc>>oODp8X=drun!nYPh{nwu?KG9b{>dH1WcrU7#t&(^Yyy`N{oi!)^#u*H3^
zpG&I~Ckals_yX5wvvjo?Gs2YtGP@He9xGQAhieljLe97NUUg@FQk+yf=Zv)grZNCq
z<i^K{k!=ybwzq79ed&tA$z!LUOMd)7r3o;+KJ!!Xx{aI!{B#0-0Lat%fYJrZiLJlc
z{#2A&*@+&&Rr_u2K;S#3QNe{Wn9-$n5IZUN8=5;kGQ5KQ(afAvFyXdDj--u7Uz%%4
zBxll~gX+oafVU{VN|;oi^(0DvQaZjy8HoOg;w(k2@#FX6_2W?uY5#n-D^Nm7Misp~
z)q*9gjO&rchg4_#5*m7L(EkP6iIb-o|8<g#q2Ybpm1L_M+Gs%-X^iCg6;fU`o7NcO
zPEb2?BS@!xE0gy)`YJtDA~P_iy3M-~znjJ7!_MqT%4TPZuy9_YQJ@|@f$rV|{uzb@
z8duo>D$vgMe6T8*#^ZgAWRv=ng{Q9ly>B=hKCq{+kn!_YCRy;SjK?g}%aHW~u^c@4
z^`+pd-nvUC&5hVsf!g^TzSz2;qYg$6n>K6SB!MQk+<;rdj!D$lR2N?b5c4xm-8lCi
z(b)^U-@WgX6N#}8*?qXoeO3~fdorAo;;F9WDDi0JG+wLqBb-#ohXZ9FZ@f9_?^f!Y
znjIH2s~tnKRBTNnp3>JGVJQ{0hV`03a4)P@qLOzWW_rBFqA?Mahim=y;$lrzkY=4S
zC(~deuB5<JiO{XO@z!re+cN8woOP;ptHwiqhsHWpZY%<J%w^|Z4!iff#e2Fgwd+GM
z_MqQ9Gzp#Av7r)7S!sQdggdW@uQzNLul;_S7UCQb6xq)=IJkJF{&jTr-D<`7h2`M(
zEo2{Icl=igcT}cVXb<-$liLQUkoUt_)rTAhc#sSVvExUxSTPE1?s+~_LyUM86;;y{
zzNJGNJBit)Y#r?Tb#%j+uC~V>hcle=O3O;oK#K-d)Yo*wVh#dpY<fDylVa$^e`o|-
zN_T0k5zVle!{$W#%eYyl9EyS7&_3ST5T4uW{b@jwk*jhdS+g>))!X-b)ir*=%#&%9
z1JC=^Rc(jK`LD3{Z=!2-&+&$u_*z}xv$D$}qd?A3vp&{|QPFXehCs8KoMg!xOu}Bs
z;h0)Wr25euKBw+>Thja@S<yKW+KE}Vc*Q_LNk<UwQAEuP@K55i$pABWT*BL#Ve{Px
zV`~Cvq{4<9GWaDd6q3AHAYd>=hm~q)df(Y-%VN4lZFU(^qm{Vcn|Iy6V#p5;vrb$y
z%sfoeoOQeD6y2G>_q1K)Y)aNXzsppl2Exj8!FtSYDul04T|!VFCHSW~5XIEi3rFlm
z`Uc>7z5=n7+5AaKM;u;E*g&yM`;lS?w-eAG0PP_>>Bc)*fiQss08w~xrmAN-I6JIc
z{sE@2ZtNtREkp{sXCkOI0I>Xx3Hiq;58Jfs#SxNXmti<ga2@x6!d^bn{(YToU@bED
zF3yp}-V&yydaWGil!lRhnp)VwNpXvXE2U|pa<01YP~|D%&YKu0%^V&Zl+#N^I_+|+
zR5)%CFJD~$Wl<`AwP=_X(-)Lh>pNnBJ%^I%fS*eRS0UW;sVagS6+6>obLRrhr#p2y
z?;Y5@+aj>DgpSXxElaME<4z2wUH+{oGQMkF=1Co@BLTzfqO;odHUfd!5Z%{%j92qa
zB@)0(_<NR^uhMKSrb_NqDP6XG9|q?ak0#S#@#+{kEX&(*#WLvfWBj%BvvkuTXu|Y%
zi4q(`UniOMnB7$ijmkADhu`FE6CKz-(X2$@&$rm)eh>DU4T4!#mRRI`l-Ft<Vb!~o
z01)6YMH>0|t}8Nd_pthAABmHz{P;-kH%%!6z}0KpG5Mp<o+Os4g)|(>-IeOPc0RM&
zu=vK4F$&O8-%&gSgMLPI<KxL#Noo(lf&p^ua{FTVtDo4ClPjXZ{b+6}HLOn9crGEo
z%(0~%Q4d6wxbI{vxAT)YJ0lw6crMmylsAjO=fzZrdPvh&ASC6-9T5;y(x4T(mxfy|
zU_56V`UfmyJZJSZstIC`XvkwuFWZma>}Q|^cpJo55Bq_ZmhH!UfN(4W?8w^@{&OIn
zWnjWSr!(u#t8p2Y1vhKZaB5OUPH4KV2-e%^sm7zerXBT3O*(CvFp7%sH$`>0?|j-C
zmKL9Wvn9+ZzVkOX6jS6*_<04qK;HBFK0^EZ+jGhnXpB=Q;f18+u}_a}rjk8V@en<~
z(6|bYJsfj*$NX1@<q*yqN<DP$Q~9(UaqW;xpC5$B-(T&u?Nc)bidf+m9`i;qiXhy+
z*urQ^4VDL(?Dz--ROX2DOHD!A9r?dU-zuFOCS;O`*rVdV)LHtQkjNpSJhsWP^u#CX
zz$#7HPKDug{a~@195aJ^7b6GE-c=z%|0-xIU0EKMAU`@h@QL3H>b9Rc&Q0w`mYZ0N
zCMrkZ)ue4V?{g9?3a4l+7Q1TIm@!k(6-3qPvibZjt|mb)OQj{qT})c2HSN@I;R_U@
zxai8LIttaxILq2>jYFJaE6DHtsa}d^jpj-(uW7i5qU4Z2fZf6HiB#B4MsS8wy=>pc
zDkBGw8n`KLG$@9Ql;1yyD)^67CD%<yE`zL=xuB$O+iOZ9EK?6DfVW$<&^)WxTavp<
zB2QbrDw)k7%LT+rLTLQf%Um>2xeX#J2Fk~e+u1D}opDJI*Wht+8Yi<70cInUiZqQi
zp|=Uc^3-HM0bNNyD<QpG8^^x#>=?MmEoLPirp+b{_k45MI--EbvCM#b5&#OPBXEzl
zGwvnSbBx828iON1p&(}{M`&>d!pzR0nCVof+>%p_0guj{+*ZQ|02u)aQyc)7Ul+UO
ziSi_Sh1`!%L<w2mf9+k8K!r>RaPV#(r4#Y-x-}q7HiDJrgiYZ{hQ9Um@`9`pUbBth
zoKv&Bku$O)A`b<R6EDVMIS(@agWx%kd;L`@I5l<&0|$=OUj18*zmNTuauYPj+wgAH
zBsd^q|GB_L(A<kTE~i7RYu*O)#YJ3{om<GSHkJ2wZlUxFbJ(C1i|gm7B}`LxZe6Wy
zB)b!vksm*CPL}<~z`&;U_!yijTgec(Y#u?`FO?w*3Vj_`*YK-K20g}VL6>$AAE)Su
zu<@V23HeF9QL-<G*_I<?tfL;#^dl;yGblh%9-vpI4FHVTr&byPEc@?YRa%R*0Pf2_
zIGR$9W3~u@k#kZiBPYvBGxGIy=L_#zdUBg*&TYS{UO$#hk(xDFopKb85D}&m+E=2{
zt_n3=ojMWz%LWw$T>RbXt}N3GQsPLaG%xZThi6G;l<W)9^#9@Bjd}A!4+%6shwJ6=
zE*8*)evgtflKB{Gn|U~SRg5ZqPdzX!)<ZrUs=lj|n~u2c`z!M}K{Ka1vbw;xoxROC
zPc4lzun-j;N+E81r@2Qv)#*o&W+`s$^_9;ou#oTnp*<8vD_a&!6@WMR3AcVr%+sN_
z1=E1mj~a2yv(1c@R=5LBviGN)7ScP$K;_x$P}eexzX>e#;6<8tM@^;|&V?@vZjz+}
z4ghD=dcMC&cG<2ke`-_{UTf6+tAQsH>^>;na$&+A@29Y^!)Mrh#<U!=+lDm?vpN=1
zJl#XB2OJ&aG2KIpwnw+TTOBWh4%B1S#LGOG?&jBaSc?vITuzNmtrK*xRB#KJHU0`3
z)7Jh-0D!{*qX&Rqt&aCw_?F&el2@{NjlQ=^R#aO_Uz{%K_r3P`(Hmi?fUtulJl&Qx
zM6x=bJtq03Szd`q3&uZQ|M^a4{%H=0pDin_Our_6%rL|Q<m~dl8s(=mq-<0^qRlr`
zGj8l<$0|q+&szYIQ8PD+-X?4UzZ@@u`!9j046!^n$7NbK-zyn(-wTp(-z&wff=JOD
zTo2!?G{?#I787{h;Fb{oQKstoDOla!{s}yfAG!rWX~#_hwq&S7&dI&4%&T_FJ1l^C
z<WqS_RNZ1m0Fm70IrKb3Y@=M>3eNJ7T)TT$yF<mk$ikz@3>gsL=cx5Wpcpn)@)ekq
zaW`rm0fVaKc9vvg?QQ`2KOey6!!1klT;X#kUHU38F)iv3!7^j*9~&-{mVdebF#yn^
z|DY?3|DZAO|8WO2!Qg-UyVdlM`|!!KKkhRxbm<keH@*a~B?W7LiVxyREM|S8@`6yo
z1C*i6JhTKmoK+0O*Nshv4zg+#78(J4!ni|yNy^%x0Ekz-qI1U)Cr{Y7t>G-uYtHa7
zib}fpOqIZ5o|^J1xV=#5HL0`IcYMn{s)|#o*t$G+<{v7u8}Ba^IK>IYCGFC!6WTI|
zc;Bq2e1PEFPF4|ro}9e|CQ-$XSZ6b9;Q<X0``g&xDkK#*UoQ8GpEf9B``I~lzP5VS
ztwXDVDMGgti|MCpC;y=f_sde%mpH5Isdqic_mk0uB=}jO&az7U!RYw!Z0o33oeAC*
zHd3E{K9AmZe1t{*Wz^~2uNBfSqi*khE&0?_TNcDxJd)ZC86DW9dsk>A5G=yM^Q2(w
zOLQ0QlY;#(ab5ic1wk_7h@*Wfk;-SzxPQo2j~>0VZJ>TyPNhDbA{0y$K&sw8;|-TA
zX^2yMve#5Yo@<ERl%7}`F1FWz#t+#TYlNH=;d??hN+^H=0>}n0bjo{=qGCsScdtoU
zhMb3WaeJ@nX@T3cH^#vGjeeh<hDrC9ifM0n@LmI<HDHJJq>)k^vXS#e;17ZI2Cp>K
z=n4u?hx0);=0M3A=qQi*>7i0Gr!$Xv{ojB-@-X^3Ck$Bo3YQg4O&i(ha|kPCfL)Zm
zV|Vw)l-JkjyKIhUImKJyk|C~k0UzKV;WpSe4<;I|-Mt=)+&su@dbjZbh>%2cO#Wu^
z#`h0W$qZw5J_e1Vf@(2tXN!CY%~QM;+>S=!<c`rqOg@x3`LIsT;tjUJ?SniCa@y(k
zeQd8(fp4O@bVjdQBh<LRi62oeI$WRuv-fYbD2%jyH!*Ct);WU1apyPKvw+92xWT{4
zORYp6?M0*d>wmez&8O|dpIk6?_ead8NZHh!1$Rx&zgJM$8WSaS($^956gyOeJmr<C
z#5*MN6znXg=fgQ$&7+UEx3l1!7qeMNwo9Rr(;6@N#KKv}PK!H*KN<HXrI5bp$MD15
zz1Zfr&(1=HGevcwnF-^Hx1;nf>BXdkMeBLeA`|Cf1h8||E4@fur8r8B#&6w~DzDW7
z%y{%1aUh?8!GprrRAHbdsyCIb>oY^o2Z(iL^{SRx_6^di^2t`IpQ{UzHKg)2lyC%?
zEm~EQ^QSOjAkw;F#nO4uVRKyiYN_u8uhpb?l@bikKmB9&8k)p}K{;SCg`L7A%D|77
z!d9}^XHidY3(yolA@q&SSu-Hg03+uum~&-)fhc9A1pjYPZnIZ<^0{w$^-8ZOfp+Ba
z>%oZDU#s~PJ2WP)#tcc4R`Bb+05(uV9GX^=w|5vpph}}B4d~UaroMMl*%cEZ!EWCk
z8Sb9Ze$?Fo!hy@G6rg9<(McorPe^=~;K+=MaYFv^=7H~Ti_iES`S@Rx_@>LaS4=Sc
zGy8izJncD`f^O}BtxkzU{st;gkHH*;iT};dd_+a*r?se2xo~u)0(C-O=-kIR5nS>&
z-fdnlKRX_Y5&&mZ7)CtCR;A(adTE&mOyX9^@qZ-s;r|d3#{fzl_uo98ll7x~a|z7f
zDDb~Y&dz>(%KEuf7R}o8<=U2|zz5LL9suUS(Vr7LD((8L4gUb~eAyvyTC(MgkFDMl
zpT2)5`$i{9Kya>E^{?qH?-rB1#>5>D70g|?a~H#JMS<pHb8zHnreM>)n7{qUW@7r>
z#<F3GhAUi;hU*dZZ$*C$Nbr(ofaSLIeZ<w)(3o-g$ejPey^-J0@1KdQz#)m6-{9-X
zZ_1`wb(G4`8_QLUq3FD8lLyk!+r#_2GtK%)x3$cj4Ihv4b3ZYZ_`OoMW~uuGS_xs`
zI2Y}wmisG`$EOEz(6{%9{o$u=y$cHgsQX*vo;j!A6m(b9m+=e76KQzs7dqbO1=E4I
zj4db#3lDLE0`s$2dFxR@aPXt|x}~qS4RpbwpdQ{pXMG~?9VwTEz`Sk{;w(rRQFBRD
zF&Xw^4Yd+ZP-&CH`tZu<rzy@Vi6Z1zbPc0O0&6YPwcnCG4k%rogc``%BjWt-Ex7Q~
z&PqibZ3hyK(==;c@awJ9Jtk9)iI*n$exI73i1a<thIGuA;u@F-DrgW$7Nm~lFH<i9
zQn^aiWke>wjWW^MI+b{}NH_>G*N1nR;Sx8oblQFtU8*2g5({`2R+@A1b6l9gJD_<D
zc-`Idmha^CpnA!t-!cVH6htwpc;Srb>$O4w@4y-gN1tmb<7R>hE{B}zv`GpUUvT3q
zj67@EDhVyB6#e}OoXjtv^`+LU6(n7CU3_R@PvBL@?f&a!qT*k(pUt&)$*kqf^I+~e
za<@={liYl<R5&v!JIlgaxir-SXTf4HPu+zXxG1)+WjY*A;O=BBb+hX*;l(NPB21UD
zo3Xa%1j=c9a}rTYN2pMGBY%k|co0rL2&3LNT~e;Z$zFBs3_Z*iyvWtWhr9KRfa!Fb
zpMEpglo;r?l5<E1mhi0`gDF$n4SToQ>wIH5mV3)G%6p#ls18`6b<-r4+k>cJ8r)?-
z^SJs&c)AOnG#-DN4!lDvOTP5`<T5e~yqx!GA)8`ZIC?kNzu>03^VZjME4{+yjgAnL
ze*Kw{@q1nt(d!^RVn*w4e+6mumf<Q~4PyVGUHeWMH6lQD#@MQP(GcmonMAvHFyCv|
z>Jl|>q^r<8n1jONu^ev}F<<}>=(IO2y85jAV37NAz=MlwfThePmLQ_&%%+t_=!Gi(
z&24;jDfY0bO~bwQsmwRYL_b=ckZv&(xnI>#r7;?k@4)wp>Ga!ah4x%a#?6@MoPS)-
z7FWCR2H&ARGEW^9pChEGhEjZ!yqYj=MfDX#=>e-*9sM`4(ZGX^CoW`g`)#df>H>@J
z#O}eP-qEvq+fLT*kBU+TJM$#_#Sa|X7T5R}>$4^Q&T4#DuqmGv6F`%otJ-FrSiWlC
zE%UbNo5Rd^2_s++`IBYI0SB>%`Wl9b6<g@!<+DCDBu+hwJUvH}t-Cl`Q$ZSE)!p!z
zX?HkYr8oll7>|4Y0?D5HvngdhB<wGIJ?gHSURM~I?v||mc+(A3u}f?(Q3%3wQ1LS0
zsLU?2YyI&qc-L*@sZyA6k_<NEswzWXj^mvmJ&E%z|Hi}?73^&M;4pn5ZTH=n`E{-Q
zuiREWdSsKr)tFMZAo@7u{kv@`+37|?-<&jq<-Etw%b94w%n+${S+$?y70hc4TXwmT
zy2O+kNi|Qap$&oPuj37@o|NR?Qe?dzX&`sC5txqVE|3yAi}(r0a>TKd8y3_$WlFK6
zNx&7)EQs4+#^aBMvb{-`c7I{7rO9yF_~|pGThBdiRIu{Et~fbhd5)8Y+M#JMGjuIL
zX*nqOK@htq(vSgzEMK#i*LRW#pEV@bQN5blrs2If+H#%VN_AL-QXj#f?zWlM>_eRR
z-FT&iuOQ!@8xK9Zwo8Wu@&!k4o70WNY{`Xei0_U9!FVENF{h}mu}?YT)Wm;lU>f99
zj&QSfz!A_jZm6ooBroP{*8?LCb9bG_pGElsb+6%Gn<bnS{p@HyI|`oT38A0Pa<Kot
z`T$%B+bOh~W*__y&n0qPcuo&YgBnlVFJ?#k2N>G?2iVIfR?PYCIA6o6th+l^(`=+8
zTG5LWmTZZmgTvJTJZXx1ccSOcqlKCCjW2LQiWK?a`xCtGp?@Ar?lekya#qihsY+8v
zKKq#rf8O^)IFD)_|B~*`c)r)D<}w3b_R3CXDr4iqCoz0ETKlG3lVj|xQw0grkUfl{
z{*`f9S5|lH4q@J49G};2A0v4d;KV`%t;})2C~^bCr1&#Pup6mB^#@U&jD$Vh3xz*K
zQ(;wa<A9?g9mOrhQl)Hq1J9#X8eq1_k-IodrRtTOb%MIRIhL75MfJqW)9VZAwdR1<
z!LkG(vrZ^}r`pRqY0W+Td)|xu)dT#V&rnUNZqREjqGje~B7!-#e97H7G!-$@rZ2i{
zEWd0-b2MA^PHkz|;`~@q!Cf`KEE_&=-q?*mQ6X_E8@RY=$#GiH1~#5RT^KR|DY{!e
zmn1@`69c5v5u=4+nQ-!L8`d(4Fl3f0`lh8OdMzAB>DSO8+-$XQV~a>P_T?^TsY~dX
zxt$Jb%w+l;yFLs43=*jpT3QE&Y7OSk$WZb&*$P`e=*}swoF(>jqj5ZY*}&l&-Aw&o
zVRH7B>Fp{lEK|1M{Q2bVuhLyvgW`Q2IwMvekSn#=HI?~EPt4oOu&v9C;p!mLj0UmE
zl||MF6HWze4(=81z1ybT)FRDYDF!W`J6;FKT2ui^cd@^$fTX+FJOjtxn1dMyK}9n|
z3y4&A#o8qIoXaj`N2r0mp=}Z<nRl^hUg<hbVV|<xRxX<YjoB&E`1Ij=`1I4Fi83s&
zpQZqlNONEzvCNz9TbG~Nh+VD41aIR<OW1eoFfv^*a9d!VCWRJ_*iqtaauM?9O{_M4
zq9i(U@`*UBJq2#a)0Frp7XCHG%qN4?6<3TUhH=G9b;fU*G7>d@e(k`0w(w*vFzyGr
znRC{+y;CA*EA#wC<3>dqLHT;$nfYnZ*<d-{G8pcs6ltw0L5TXsp5bp^dVBPRZ_sjv
z|3jnu*(KAG(G|s2#E2eU-gipSZ&_DcWtskhOnIANK-;9r+k7B$A5AOMV2&8t%4aS6
znH4LYmKNDSU-*6BQ<pK~LV|*K$6dDA(kF>wJ3pBtXd1BS-^v%%8j@?N*v@AlOn<$+
z?lwB67NY#($W3TlLt#jc7Lgul>jp|cC884AmVbdRv<)K{vOy+}sFjFIwm%V2%KI)>
zj0qU-yNz~SzhjK36QmfM2oG626tbnvk9|1X94Y_yU7qrbiV3wrlT_d)8QaRAlBi2i
zzrs?InFFN?u)DFzqN<4{x@wUL!#tYdZo?l^C)8ZurN3STIA_%u@w~h!;)S+G<!Dht
zg*z8gU(}n$tUz|vus>>~OEddQ2WdpbN_tlIA$FpxC*n${H4)ICuO>+5uae~WEUjMt
zKBcP!25B+*2Kj+le!l+2vw%)(64U11Hbx^Ui?V?f-JN|_@h>*wP^L-5aV8{;;!!qR
z8xmNiK~!|g+2fFD(NY3cu`0K(dZk4S(}L;8h8WQihQQX^AL~LPY|fyNH`z3P;8HF<
zA^`tUZAk1X{R_q;*_RwN%e@_Py7Po;Ao3p~4AyDLkssD3k{{+e<W`4Yax9Z6q#>U@
zAzh^OBw?)ZazaW;0`y2n{)kusIuN5N2pZ<q26)y8Z6hQhd?n@eCJosm;ewQEG9h6+
z8l_yOF*+n=tjOw=D}L+t$Jih(SnZ8YPAEV^GY6PByEucSJ)mJ1NMU6&`mi^jq#Wi=
zvS8*&O~@1Hg(XbFDKh6;NhQ7-Z`y%`e8MjOkQVl-L8hcAarU6*$k!1Ccpx7+u@YD<
z9jETOOb7l-uWCsz?|qQxgLg2D`{l7=Mv>Z3EQ&p)@W|IGP^C;SS&<w$55vY6rk^Z4
zQ~Vj_r>EuFp~@(cGc1u@dxRTHbrN1ipU7^d%tS#sFW0kQ3lzl-iFW#0dzadEVF;%U
zs&A4HZJ9yVx6ktJ#Ljoq&KLw=yh@5x%pSN>w2sE#@I#IX?zomMrbX2WTHk(u@X1wd
zc`5B|=he|t+C6ezdJg0<AS04iH7`$1v0?hoy7})+Zr5?}JC*|)6hK1i-KN(<zxyz%
zPT1OipCavqkbk3i(2eiV3D|)tttx=T5EzMi9^?nlEpko@?vy+&jKP`(_-t)~sYKdY
zBk!Nh1B7>~j0kCIH-Vq}ne{Jd1=Bx?N;ZB0FGo5k?Pbk6F%8_xa?@xbH?>c&k|=Uy
zf|3W?!GX#$Ptv7EnaViiNR2Aa8s*()AF{Pn$RM6cY<&4pm1$U=0HiWkiq?=SlBsXh
zg=R(7FVH9MQl>Hx)?yZ${_ccl$&ducpjod4yZCG-gZzK46n?S0#<Pq`SjIgNQ-_An
zhjvuktr#n0@kqA5z%+9W9|sbwbZgJA`K$jl{Nj1)2=>_q^z9AdJJmqS=g9jAhbp00
zq2h~MpRP`jFYiMARqqSO>jm*9vCqUovuOclbH&P3qX#oE9*VkeckJbI_E&(a=->Vi
znD*mbK?p~FW~F6XqXu>e!S*1=r;C;fM{VqfM>4ygu1E+5`fXap@&n<i4%&GH+x$>R
zWm;6~*q<g`f4dXm3cbg=?%!^Gc}Majb!_R=)x=97{ya(*s!_<(AwhAo7QOW6NU93J
zuySYp6qhP>Ot6W6gsu>lxZ^V4$8H*u)*R&I%cDdy-y7P@?}~qF^iU+7f279(sGOqp
z_kpaFZ#F-v^M$PMZZ_W_*ZVc0d@2}_+_y96QzvR>^NJIYv}h9n$T~IQ!kT>KgZaLA
zO4CM8TDSQ=m-rEXQWGhNRsHl9B7Df3r+2K)m-NU9U{-^y2ZS^y67ru~i3R<GT9@xG
zpG!nz*yv}Qz?<)d6wfQhhMsdTuQnwE`AG+s$T4poAU_Ex*>6ggW;`+qSZ+_f^y~2E
zNnAZN0yZDuAGvzRa2i^4Vg)=>0sNFV54%FB7bmUqK<bvAv>v}ebLUv5BLyo@$7D22
z%;0b$?XV2%e)_Ns<4&LB!cOjDA}FxqPk`Y6AvTa{tVPu%undI?BE9#?3^a89@_p0T
z+B!e5<YFQ_FrJQ)<(pC3#sZO{rt?kwaah`)^2osS{}mt4nowv`z>-jC_CLb3;6*~=
zAJGF}6Q>W(;x$a2<RxmeYbU=KdTJ|?bl*2&An}~5dbmSggo*yyQm(x*YtGkpP-;1P
zmw@OOBu%u1e9ALqQ{5vmb*D)pN(FoL&sAEoPb5r3+~Ri`a|OtNYm!r5S#u)#t%g;6
zHQ+r>{>N2zsC3<i%eFMzZybJ`zT}-=-y=8nGZC{$<-h7u;^s)N(L(5jKEApS!laE}
z<PhgfY7{ht8)S!5v_$5`vtR{2+Y8%Ji!EL-Y)`EzVrPaS&emO{IFm?@QxzrBA{P_N
z#Pp?%FY(9|Ui$>me{7@45+i)Ys^>;bnTgJ7_Mst@1F@}wjMrjeA@+pHxvckTU8gtE
zVA2c}TM%YBb_ccf^35rAues>%KPGId#I3Nh1lAPjNjb)<<pyZ8z<O#xD6;|CMQ8NV
z+EE;3iqEfztKF2J@GBx`GcASk)%$Oh6^tSr#kO;9DEVoyk3XA{pScz7#;=$Wwx<dP
zL_283`f7%M0-piM;9VFL;?JGP%d{M4Az=47l*Zc$*qnt^yJr8l;O+Da40cy$+bbLa
z1u>6;t}<1gfrZwOXXjNt=cyy+<tA?RaR$weuLT!aYl7N=*ynja=T6$CjFC#;Vx8~g
zHB{=4y<6Mk2}7-7n5UfF_5%X0HpsU1O+d#_(o~od=n9^ia9nzH1|^T`V>8V3<`Z7(
z>cm*&d$tJ71rAT5=`(9%VD^!@r!0DfY74$~(c$>b$RV_lO2;XOgcmdGsSv3({S;L5
zGN4mGNfKC%4g&Ub$-~M{eI0Vz*MlKhHD+M*^{<|OS~o$~C?ev+Czq+><zEeTi9?f0
z)HVAxYoZhTR{NfX(93F+ucA{|!Ndr;tg*5eR;zB~7K5H>JdMeuTj~%V|1QJeZIxtg
z<=rOnu`uqt8h4__FMdL>sE62(HocD-x6h+C^4tY*|4R3LUUVy(p!ZpQQ+p51^!zHu
zQ^5W)VOyMF*IVW1i0Y@L-k+)-6sQv(t`@%mvlo!4lwL_94HK}~HR4nG<TA7Ad6r$j
zt`xudY<Tp#N!!XQ);=e^c(|llE?=e;4aWT^__;aQX4K;A0CyoqLUJ%yGc`id_ow+-
z`PVfoQf@dgrEBISNGIPyr@C7mL=P^jIgpgA7nrdrd>7AV<cP695|`fAE*)t#L%voq
zi&MRk&tk+1*b9>QY!sf24RCTlZE=cU(A5Kb9sYKXj=#Q~8murirfY#)z(awsI@B|N
zFuH<z!-ae@`_vw1WC&AM#RL-ck~a#J;iinEQpc&Ao0DD8wTVw)B$HrAZHALdc(cPq
zsxVNw?=b|g{n0&&goV0e$Azt`*qViXUmz9FjNS<lQ`u{;cUpb!6-T~jpoNDA+Amwk
z!fxU267yX`^)-yyGsF*-q*`5pxlZI8Zx>FRYxM31{X$V&?)xqGM=I7AWOwo*E&V5u
zTe16bo|}@N3qm(|J>1{eF#bmn^>Amg{YSVMt0rCdTugio+`G_W8uEV!eQy=?Pxj9L
zJ;8>>yns95U-9_Qv+G~+KM%0S$^Nu8kX2N~Dk5f%fB0HDU_thfj5L6@1G0J%LDv$q
z#y@-`ov|Q$N|qczI|f<3im+&j*~6L2i2gr|Ej7HT7Rrae;vtMtneH3lyb-mX$~>8q
z_i?K?YLhg%bO+}uz&5o)k`kWAsyne3q92?-4_ka5TycY}R2gh7i2A+$eCE3L+d<A@
zCs}*!_+5<L%G5@nS%aNRy{o2#kU64Tep~}=`4yHxUpy&BgxNixwfcR<hE3>rZbJoG
zz4d=l_KiWB{7aY9nzn7*Hm7adwmoedPusR_+qOMzTRV66Zp0gL{}Fq)KK&x<Lq$|p
zoIEG%WM-}%AJx@({aT9Ab=gM&Gf%>}T<>`Ri^yW4Rnw-gYwef!N{J0rTTI*OskpQ*
zQu*(}`L04Y$8hb?1tIqO#P@uTlqTuaAm7)r_kx`HNmt2Mmdx?zFUVAu&=Wn$$@S!Z
z;gp$KHOeh34LO41kJn2JxuKq~e5v1IUVkNL?DQ(WN~!C*a@-j+(n9pZN%oywZ`%GQ
z-p2)8YpnD<sn@!$M)>Bq+@Ld|&|BVwP`ID6G!r_HijAgpDE()EY9)POzYo!F$y|1m
zg9=N{fj-K(gmHm>A<NkedU9?5XF%rsy}kW)V^dFQg?Qlxx`Ec`t$XFxkxlCQ+i{s-
z4#bPa{YeYfQDXPHrPUs)NzQMmzs0?99N*D2<F7nn-h>PLK%)W*V%+E2K)E`*bb)et
z-QR%`g0!d%V8+!3ld0(e7p_Aji2SIyCZD2ug7(5+%~btGQLU9wmb5;>o^t}3E9r3A
zu+~?N8;F^$q4=hJN9HU*Jb^7rV<57M)92S#U`kPhS;a1}?r8|FOJXNPqdADYPT;4P
z4^B2yY6Yj(IxA5R(I$87eavy^IQ)nUF1Rytn~kTMAnkhmC~7Xe*9YH}<2PlHLxxrE
zWbIWJGB)UP0*ktGjLAV-vj-9hYYj&E644{1q*$8BlZSU+`$-(@^88<SAHLEWet(h|
zOl<L;MV=dsnlbx~xN5TB7=OVq<tMxH>@jS4Z%w2JQ$4d@>QpzPah_#|A%Bam91V~#
zVSefE>;mpB@$HEVQ1-r_rDeuFs>lnYL5}B&Qs2tHbk_fN0P*D5l{{vwXy2a~4uvKI
zSVesMyHg!_<kaF9qHr0WxlLZslILFWs0Or0>UbBqCMhMya;2J(>*U0)b1S0EWpf!b
zENVHlP2fCCvG+iAA~?g}wWHxvt%v0$OeF?q?mXt~tGHIPH6FI#e)U>2Y@dzfHWfC0
z`i&&K3Y`TdhSTl09nYsPum53~($^NvUN9FeSzR8A8<YMrLR#qh<66jC=K<99i`QNJ
zrxY+<xlbHWV7d`nc0#zB70qvLk1zR;&fAAQ6w_*QU{e#zG7c&9?5q=J#Q^h3@BOk(
z)v@YwI$Yh_B(-<RL}%M)v3cb*!$<0ULrobS=RCh873?$vqVDC3wv*Dald4M~coDh$
zAE4D0PanGuFX1I${XO69^nCPlSg}_ocIwN@Ngr%uw(x&B%ahi_WxeDkRZCwE?c8t=
zeRtHSh&}It2TgeQ0V&rG4pN#0aq&cf1sNF#<CJ);ahscX6KNBdVYlS3TYBm=Nmq?F
z)H}eaR%js&d6A^<P5s33(P78RwLJ&XC*0IVj{CTT7^*#pgVPPEmK~rid2VM!OR&D3
zI!DG1@cnuI{qgt>WGG+z0cB!q?BwidVqo*HlbxX@6gwLe0RzFmPCPtN^vWLgCIs|y
zhL%dsHc<4k1dI#}Q1qe}j!w=5oJ@a@(k8ZM&gKM6%p42^|NHvaU2A6(M*@0LYXfH!
zVG|=eV-qMoKB#{`<?kpA&7D{jb|jyio_;$*@~pp}LaGgN6iWZVUr^&v?xVQ-1{$L1
zR{)(xZt+cDU%kgv4SkS<S|bs|)9fq9#}miTW@roXyg0D&04vDN4>wp1sA^jCC3%b)
z(CajzrVwgy$-&mY-VE7z5D9>a0T?wY50IP<K{86Iu{|=BveqyxxU4o>w)9Uv0EkpS
z#au7vJ2G_TQYZ+rPgTTXZxe?MbS_wCW&n-e42m&kOgzA8C>m7ZTXkCS!+Q*?5G`sR
z?T!hDd8+J4WelzU4ac7;;{Yg9JK-M4;a<)hN)nPKHKSfmjI;EGTsgq<NsY5q#kVL9
z`@Xys%;p%MwvU3-0d|-UpNG|gpczMcD94<^Daf>sO0^h6ly$_&PiQP$=M8FdXzwji
zhY0F5Y2W!Pr=j#v?q+4uf<^i6^zU>IZ?2-C^aSJ;`K6V1mP#9o3Pq(-RBBkfJhpGg
zquEhRRmf;qy=u<J3-?@HgxH??*@%O_53NViQr5<094W0vuyG&@1w(X@Y$bqkYlRPZ
zBI<l_7y-I($*yj~d0KhTef+u~4pD)zd`SAoG?-?BZ=R;6ihbdtfKFaE=y0pk774)Q
ztksC7C=%R_Pvy?6pRfM|4!OD(WD*^RiU!E-?9R$(WxQNSDfeNPG6m_1An*(gNG1ek
zEa#O;^$Af{X{cvTp9Ym84Ea#!HkA9G+beLa=n}18y0QJYTa(XI4|_)K*Vo5~VTUHa
z_q$`q$Jg!StFPKQJ{_H&4P6d7hMi~K*T~!4+qRRYPvx>4o7u(<4j|mNCzzssW=_%>
z^lu3h;D7aQ|7@$y4|^VpK10|4=F{r*_;iH&v!|OQmh-LEZoqA)>gF24zEH#lw2Mw5
zH@Ke`N!X@JbZI946-B-fGESNRlY=h?49ZNz$dU=pA|%l<0@KIeDiT=CLUOJ!$_N0N
zS}NcGr7G(O#usT7G#_I$J~E)}6x3!u(C+~;hP6ejHIC^2=NVDQi1XOfg?J(0F+j>B
zFBM^{(Xd|?JnEtq>l06QSh3CSjIBnKfF3J=Sug_?3xxkqJSS8pX}(ILLcs~AXpUB7
zc14)EauChnle!l62#cU>8%E>Lv1r5b?4n*ZB6O?~mcFxibU_ycKv6$3p`4?ch7FEV
zwjX5OuQ(0JP7<ctxRi4a5?(wKE5vbP2*W5aqbCGFyb4-t=Z={3)5K}U<?&rAf$O$B
zR8TaijA8^NXMysI1+Csg2-m>7xGmz?+;2UKWFmY=-XBb0Py@FHI>PxY97Jde2vL4%
z`r82g<xy@-e`H90Np$wA_}uOv>3d*p9Et6rhp#^Yvj*Z`)}*2~ND5e<tmuR_y{6*m
zkA6sUVSi{4I99sQoQ_vZ@l>-YfwB;@XqLK&nEM8!#Ac=CjqjQq)8Zyb<nJG({+c@!
zS;z~D%JoC82a<N7Sz8RmnS)47%Bb2+6o!*Vf>{U?2cCs%s-NT3!6PGZ3ky!Jqg}y7
z0@R)W_~i=l>g_l?%{*dHMETfUJo{!=Veq6x_~*BQk@uHOyFhuRBK?W|$lrOTTbkeg
zXWQwt{0x@fjvfwA&LAWP-j3gb>iip>8zJcUa#x2BI~hxFc&T>NEoylzIRnT!{Yyg|
z6Ae>K^Ew)MyxX0g-fsg#9ktS$28kD2+0tQtsncVpr0RYk*Q4llI(rA(pN`_&AL}|+
zJy-U>PpsUEe2#pQe5O9jKi6L^PD-+JTs+SomQSk|v`Si@A3ooUe0v_QQ@%duUz4V5
zoPCP!sk8J>KO|4oxO>)Lm!@l6eVXnovh*%LEKk(jK6G)^U?V-&i+`iTGxoMMBZ_41
zc0u*y8sz<52-2CCMzm}-sxpd$u9s>!F`5nG=pYU;n>@i#h$$q=S$qM9Duo8MX~m5B
zlchjJiB|C`x1i3m0JDOerQ6y=)CsmIUJb;1t<v2gE|l;TR9xP4$4&rl=*Bx_Q_#X|
z%Nm&Ik7Ke<ddjXYO@T8pUWjrGZW?TRW%rIElOpInE;I)z7eeNJkgV#x>@pvR7M7)P
znc5q2uX3({^Y80?)Fnl1VCI6d5cj=zC@G5{APYjH{WjuecR1)(y2P9$rA|6egG5DK
zQGfmn6$)8-gNWDqbR&kI<t*fdgvrigfAgKXxM6h5!`b!y$$XL)UBA?_{7oxMd0a?r
zUi`qL&^G4cHJao-6_O}Q-V~yeFXnO$^X|i-tq(8|U^YG!U)_jgaBx4!oN_A<A)GRY
zRubgYN?9y<#pAS;#I(jajnY(1_Th_=5Oxs?2JE4204cRV!itsBm$+_yeDsU%v&K+X
z$pyAdtULzMY^2+OPDO2#E3?(nrIm%{OfmeKQa819n$-6C26W*@l6b5^3h}Lu|9$a_
z0rUO&PpYIaq^8&*EPb=yYTBuvG_uBzrm&et*m|u6*zF~SX}B1QeHUT@y9%0o`e!CW
za?2_&ft!i2bPj`?6NzvRA?2gsxce}^tL~svpdwFvmH0$P8h4K(qGU#8`e}_z@yT1s
z-uZnb5ak15WKDA!^eQ#WWqo4J2Exo-gYtWa;g%_gsQmkka27(}ez_wP#c4>@un2oZ
z=dEO?QPbTyrR}x^2;+EVCK!Mz^GhidfJm9s-GMPCw8cQ&_$?tTip$`{8qSWDI9k&g
zL$2rFnJ`=5wY5k32YE(9zW(dqm|Namb6a+ItXrS-eP5RLmt?Ju(Du&*PW<m}5Z5QZ
zUsf7~1Es=sNodnMUvKA;Gjqv}vuG%>kd&JcRa7qp7r1$-B)r!62|l7=2rvFGU3`uD
z-Yo}8M+kA3OT#n3JCaHt=6B?gd*pg{O&C6zuI7y0{TM!9r$@e<7~YEoJEL->*AV!h
z$9D_#6Tr%;UtPbL2-^se^R-4n)pfggH?%{z;pKc_;C<U#*LAaWx_ug8Z{FW%`MldW
zUF;mbojV}iuD+v@RrnXBD<_{;3U>-0VE^Fhb#e*Z&2@f#*}mVLqJgNM=g8uLzu8BJ
zg~A>auXpvi>(BgZ?DmkC88PQosAW`C4hWQ9%cmZPsA`FyCs>Vop$(Jx)i|ay_|*y|
zfF<g=uxo(jqp2-=A^b7>RkayZh)ve_IKu=f0WPx-0w7Fi#l_=|68mlqcjUIt{|3jD
z9Nzd(^2WjPKgrv_$r&RvGvj|t&Mr01Z8z9ZzOGAV8T1=M!x77V2cX*9kn5z7rWLwE
z&I`$#aG_aBm6MQ9gmk@&$Jdi;bhC-B=RqLo3TL0Y!Np2Yh#$g3$%_djD+5tNn70$X
zEG(Cx&64Ucfo+E^5pJc_DBe{oN{ja*T!FrQSAuc6)Dh4p|LJko6f2oUFh(^m{t0F#
zTu9*E7}t*p)pFUr#OuO!owY(6jzne*KAq_pxak|$V|auHTp9o=4Qr9u10|D7pfoE}
z55e?gIh|hn!BSF;e90m+3k!llLGJRdixhIWVU^!%jn)6F+mVW*97b7$>@!?H<*>Y^
zjiR2)ym!$gFhcQWmLLvFVSmwSVRFK>EW<@u25^Uo^EPIb*+w~Sddn@5^rsMi&?vK2
zAqtruIzP^uz!CzYtXJ8@5Z(`g_)Y0c5NK9DXz0T0VCK~fQ4*;RW~~$%5`ErlFxHkU
zydJ<~9jL5#Dsz=jGCI6qNSQ{^FU0l|>f|40J%9eYf{R>uhQ#^0YYe6#O;6p)#7*a2
zriQ)t5;+7t_t;0A0#9Rw%Sy$Bo69gmF3^6|b1gN2bi593Def`A9))yalL1v2jis$X
z(sV4k0tgZ_BO0#*T2`C<hd^GWfjzCG%Q10ze5vFQLFHv?3>C1>sWAn2d%2^|LG+gz
z81g)JgN7Z4W^}vh8SbH&`dHO96iYwgmcCk@<<-?3(#_gH$n5<%YObew6<2)Ev=wvH
zVFOZxv-WU$Lp+2=_E_ZR7x4A00q?r8#{vdo5X&DS7N9P<SW6hYnZvqFUN=aY;KB^n
zVL-soAsT;YoVYk0X}5cyue5+n;A$Tp1mDW3n-gdNF$Ek=ecS&0dC!$y*a`{z+w(#0
z<A9g_MF(hwHnW8f%OEK<nv*x+pwoNTXa`!uEcq_Yu>anhC(kwt;4Sb=hq1O&YND&v
zSsbsey}dD0&^Pi=!c%z11tZ-{3h0ZC{Q(!d8b}Lwt=iBImV{%D%DmYdg7KGolK2E?
zst4p~A{7a_!(QdkWQ5nf_Z~&L=#J-k_u0BKbjx$ST3{a*7>nZ%D$}&;YgVI_`qS(j
zg}V`tAe!@TF8(-XlhjT0P~&8G1FVEUu&;z?o*XWp@LwU5y$$`2`qfcq#SQTX{$y}i
zOi84*9?=;;eGfcrSM6C?MxP1$wnx$xHpsbKcjEj_%~78Z?9~Z!!}g}cR|8TSaYu2^
za|xU(LHuc?vT=>&q8VR03AFz1+w{M9dwYu`AU;&{k5cyM#``s6{5iuihY;JjMp7~1
z-MKN=g6J1OF(E+64}3m^LOGXGp8Z)-N&Cd3&@{W#qsh>nX_@z(qzXM?x73eZ0?3N5
z6@ly)?%|;54p20BsZ!<u?T1sMdcdCU`$=%itb>rk@36P>!O^2rv5M{h^^Ff_uwU?o
zYofuXet)RzXy@^JHjZamPuuHhNC$&gxkk4>Nbk~E;S$Q!=RHBRAZk1Cwj;x0()LYN
zFV!|4^YbtsFy%`>b$!KFELcj_>v!BxB=~mt!@vBj;zoy7)eQ`)K^<9ryqQPiSj|xF
z_Xoj)2`qt%iIjD$XKYo%#JM;yJIfmiQ%}yx$ubR@X)kPIUf~ZVwn$nq8m>`uW^)|1
zU&$>^=!l5pWCY?#hyrix=<yLep&p2oJtDNcFlAf}vve~;7q8%S{NEH*v*Jp<EyUv?
z>sNCp*<p|G681as2H51*AKY1?B*Aij)Gam~_=bIMWC5r-U_?8o(M-#v{Yx%y@YCxc
z$Nz-E?EgbR|6hU3z|Q*LV(^lNjorp5;@6d4U%uWSqILV%YG}>gI`3}ng~22j5x6n`
z+_5C#AR<ghixstp9ye1n%6O#9(QatZ5FjU4SGVo#G!4r!Sm>|TK9CH~WV6-ksgGV(
zz~fvBF`BwRE9-+16V5(g)3{3E1|tm`mK4ah9*zU8_k4KH!(mT0e%D8KXvhJh@0pWP
z_YZ2n<`&gSrGo+wHtts+pO1-;5n^btz}5R#(Yvs%@1P#rBcPw|!-+E98)Bb8sh97f
z48g3Kjqjyv_Qgu34vEF7b`eJ0EG9a5a=U5G;gjP+X%NNUYvz}O!GzE@MRy1E$?^T0
zu?PfaSXeEVN9*>yp&r#B&bHc*7oi%*Kq?1uqibN8SMDJ*#s0|od(B`8d5ABW8d*mY
z8Z3?o><0&fEi?^NP?(~Y<2OQ^?0b{V7Atxv8zwx?(X{N;<*MBT1~AH+F!J>nq2K1~
zaM02$WZhH1JFH|t7!pG17ix&nnuUX6Z4}9lMUB12c1An;BL;N6B{ateWLB<g<6_vC
zppzr+IEE}^vG#ohiRyaDc5-RFyqmvpTjY{QVv`KM6)MO#AJfhq=8N6D(A*RfQWU|F
zRn?z>ZqzK1CBCV7F^p;&R}5As<}by;7C}zh{&w1FMS&q#wum#FrhmwMXhpP#IqiQ*
zRCqrxY_yDQ#rXGZnyJI^$~48<=m@hrY)ANCW<}IT^fU&LYBV9SR^&HJ8c{YECnl8|
z(Og!sA}S{Z0hv(dyiGobUfEEYK(G|OkZFV@bSdLzxVvWz`(h`l1@%njDZfp8zq@oo
zz{Il~!W4cA+#3}B?fRKdQ6rywwSMwJ>-x<fTkX@{>BXOslY<+_xop6>AV_&#F6$)s
zxHID$bIh-oEk^!VdA#1$x*i!ZP%LgplU2M=hTR`^d(}{X%P?cuUzNr32R2}XPn&*6
z_;9ody%#L3lz=?KbL|eS?aID8Cb;7$D?8mi0T21M46$=m#-(#eo@aznQ2<=DSyZ$m
zh0Zi14CjQ$Tml#aV(P}G#q@o3B46%f_KqvWf;gO0@!tXwB8e{ZKkkn5=J*6sTrlG9
z*B1N^!HGC?ys1e{K4IcFp`Wiq4nyJbyG<klUf%scA+p6Da&U;UF3QvgZMxrqO?{pd
z@qBzCcBkZe)UI$+ZfqOLk55nj0R4vZ=6xIYcXRb&eM^7njOl7P@w_PN*;_sMZt?VX
zZiRQ3*htuMIoQD*wsSl#nz^0ies?w7UK9U?4<v;zJ8WE-V|C6B^hZeiuo-^)WX+Dp
z@f%}A;su;T)>(-E1KBh1FkzDKhJ91qpYP+|;bC%3uFyN9qmXJ`i^#S~NMpw$ztC*M
znVDLK<w$5-$Sqf)x!SQVL>1Al`im`Fqo5~RY(q|QCvUSF%!Z!e?ecj05C84a;QDop
z(d+}P?<1?rtWdJ^oQr=-xqlyLhG%wkN<!{TQ`#k0<54F^Ge{>-)eWSBoApj7LU6Yg
zW@^0?KQsU*gVR<Va2ytm>o|!_BpXY<2};wZA>qPll|i0jXI>pBt+NH7+DC`H8rS;s
zG#GvgbRwu(9j*)THjx>SZ8f!GUKUuw)YaH4wLn&G%1^3G{>1dyuU=3t+-iaYtL&f|
zCm9{{xtx5!xfivO?hOjTmDB#KpGl@FjWXK{1T)!56{v!3W{Ocnr-uo1-{Jbwqx$o&
zS{-R6lLL!1v5d{7Ke7W$Tk~G?3*Di3yGMr3c>)7-)qy`$A*MaL!^4ZcoV@M}br+;*
z0gkYxMX=FFRLSCCpj`FkJjs#uy6l7CJWeb>Zb(EmAT-0KiHvlX(}~+7KV<0oot2th
zh|<v+_G2`b41uonPTU$v@$OAgS59do6k+=vv>W)yocrRCMp+$_+Fhf+YnEC-{K+^$
zIP7to{qRk%>2zml{3DcsZ^9DMrVM}__%)hI&sAqj12HXBtl+7Fx^T2$&p+yU(Hwi!
z3}koD^uc4&me*j%l^yjvmv;n&WuY10lqEPK`X2K$W-*(?kZGOsHo@}Y1ILYxEiu?S
zlDOK|uXK<rw4K|{^J)J$!BnZWs_GM`M&XsilW)ZAucLM9d2EH^UW_$HaDUEF!)4g=
zeR<VuOV!kQT6rA@ySA7z<y-Cx#d#pWFoWv}>|p?{T;~_X&AE_aw`c8~dT;JcHU!9m
zEQW)xg_jDPB2Z!JV30cq3ag}y_KYbr{s@fdgD%DJ%ZmgmrE`RZ-AmbtplBOsk)!gW
z8Yi&<K7x=gPaH?`RyKD6pYGpaMWcV91H<Am@|5=ka?so<n~rWg+k|`0b27rbbhFb2
z)u|?gQUu|~1H8Wu2I}(d8CDe_mZvu-lZ^YB;Hp*7<mrl^1DeqS=bt+g5p6VWEn`BT
zQ8=X^B5{lj<8yR%&X__ybdJqM)Q)?3GrGD7Eaxtz!4~JRWWz;;I+r$={d$9N))hD?
zZup2mb<Hh6{W!MpayUp3{932(GAUT#Dy+&Y5Y^8>1IVt@9Fl+4EM9oy2uU3X023S`
ztjnweQQKH?q1l%O1zAwT%qX`g8QZ~iX0sA@l}ER(%2{0$O{lXXo9A+7uM7_9ai3AT
z>;!e1n<p(+wV-inEHd$~@w2;i)L79G0)TNZ>`%xxJ^@|NZL822EC4Ytn&O$h&Xq_U
zw{aS7zof}$muySFE}L*5?-1{Sy~I3*FYr5BW);zj+V*3W;4#n|yfyL(hlJ{<#VdEh
za8PJB+;@D34N$Lt;2NwP|H(BN*_fFATdq;0er~tHhVY%;BQ)SAsB5H(^0>JSWO0B(
z`<8y`gE8MPZ{3b&Dpf7aIuY`D-Ep9>JW!rt4S|3c+qrUmB|g6CxErg*<D6#iHSws8
z7L?tzndQxAl!we!XA<Jz7UAfbQX)}f%0W}lr}6Uripjn{()8va^}X=Ac0i4%(QhV*
zV{g^{litr2oBo*keEqM<Q+rAb|Ac-9M;XSF{66p)sK+<3$Mb|2=cX!k$R9h`J7;9l
z$%s120Ga$gj}4ZLAHOjeK?gzI0Htnpsl1w>YZ+=;S7?_grc$fR$;_i$znk1|TeBfq
zZ=~2N3&>2?=FO1hN!!2|U`f*ukG)nt`b^B;cx`T=V<MGwj5&438ZCLf8avD&?)-I|
zWUjTJJz$t6U}LOD7O8S;Ldd-6)AGYAGDA5DTBIJAzU`VhHniyieB{K~IU!Np-8KD^
zTBOrkk%YU<SOLrJJ|HZpd0QDDhtSyHm4MNq7gQb7Y1(jy97LiSD;n%)Q@nU%5KD*j
zH{eA4=hQMuL6%2RBXz#32(dT-k8@#;Mk?tFiPVa<qmyVhx}EhFx-Ib(T{}06V0Byu
zv@JYnia;oK!!DYdNn?LLgoP&I@<|)~(z$?C?c)!{L8%Ho3nsb`#0|7v2dxF9kn-Si
zJP`OKLY_`&aNrkOSZ}w?QpgLKU+Q(3E-4kJ1NIy&PavIbyt)P=)?PDHGwUJ4G6EL=
z@}Nk=r8!81>WJE9t)^Y6dLKSJft$l1)rBKM!VQMSN|RnHE|)M#<9oVfG}4_GnpK<f
z2KW9F5cXVUv1J-rZZnw?$@0<4qkZp}O*|D?IXIG!Qb{tl1PR4R0b`4kA4dF99b0r{
zSU8<KoP_e=#!*oo3?IQV4$3I~eYv`10TE?X9u2#pw{e`B31#DGb#loq+Y%|*BAMXh
z;!jap*bN+y7UBfC%Os$9SV4vrzoGroNEWB01S<%y3&6<e3<(>)B2`Hd_PY7tydo;)
z58)1Nt>tXsT(0L{Ddqxy9{apT6&2&A{dO?~n@}qVd*o)Qmgqt9v@s$bzz<e}dKX5P
z^x#ihS4NcghJD-EFKEJxNH_Yp8*6WA6|REbVjQ44sju18d781a@jeL+)!$B3egQ%4
zlq*L-PE<6jEu;)75?v`*FgR0q@K^zsF(3~e(#fP%B^q`+d-kZXilHCvc$<--)G#fH
zr?x#Zx1IB$WE2$0yBH%ebnM1LY!N7T#{+ZSth%{+6wS;?RpN_ej8}(T1Lg%(CK~rq
zlxLutvQvNehNQE;qzynoV@?m}aM8z_I;X-b`zsNZ%*;H9VApb>AnGRj1=*`(jDU)S
zU(t1(VO%(4bh_gV@9~$P*9la)@WSDMJLYorheSU=E27U6v92P}y^*oEaA_~X=`2&+
zv7ZXIjIH;%h6WaU^a>$r9w6lBGj!{XxkT9K7qegM(QiwWr6f!Y9Zq?@J#Ae_me3zF
zYd*AXfY?E>1eMLfd27+C=)r7jlYkC3B73|a%?E~Z<3VRaXvVY^WBD$ko-yKis19tg
zV*xU%!Y?3UnK_W3kTtuRQtZObnT8Q&b53vjvmlTzf%h6#JGH3A)j?$~c$<PVEW472
zSS>liw}`R&$t+?m!uY<d`#-Q!Y0<yn(<gY8?&Ms8%EMBT+k&XB2hOx;pSo)*0<Ga6
zZ);rCy`P7*A<+5?+EvKjMbe8tU2ESx`t0IMgO!*UJc-EyTB}%f;8`&&FFQ72|43}X
z)aXWA#_LvO-TZ1v4WA|uW1ov-PB?wIY@};XCK&rv%ISrLu8?na!7SG%-2me?I66as
z>uS^-bGY)?8=1T$+ZwOQdzPu_$>fpoG}jz)a0~3TbKiof{kjdS9@m7Q`qG*+3}4n$
z{AJ>)EP3+lWbn02mA_igE9Ur|&`GBWqO|ULfI$8EA{U%R9(&>%CiR9&b8?&iH(S~i
z-Zn!P_bJdPk}H-?u7T-IV`nCxw-3z5m~~uRsBvx^AJ<dQ8cl3=CdK`N*Z>ID+j(4i
zBCOwf-QtI;)5AbG{{H(75P!y>94Sz{uBs@q88gAZ$ax#jix$7bQ{mrDv#X_J|AyxO
zYV}EKR71i?Nj#H%`KV3zc<^w;vJ4p0M1-7vG<rk#vb!Prhcv~;_Md5rnUUrHWGRCG
z_dnyL_zBqo1_Y7k*9Z-+NQ@r*2_edSB&4_tNpzL@d~urvQJ}#cW><hB9&{Y(jJu=v
zam;}K-hOXYF2DjoQr-wPvEwjReuCznA?V_qaWj$%Rf!c1!{r9Xphx0GU`Eu-b-0HH
z5Q*tVz{<L9Pr>#F*y;8(zf@naI5t5eo-Wd(9~h%<Whne3@)}&b;12#Li~CtLLtc-_
z#<1UG>7KV6I#=LBHWQwCoqLB|FtN@?A?EN|(Z!i5K5c%}LD_kjQw$fP7F{w7)d$-M
zIAFU^OZiH`LZS(fYDdU_&p(VWZG-rVZ-}Gn$grq&+Fz@<C*7Y9z#<v$ySkT1mna!i
zdH4B~&X?2tXhp@T(en99w}@G`Y%x5>wumwYkD;KrEGJ#=h>CCA+O_WN9Rb(#JpzB4
z7Vh~Eq2Tz33Nahoe;<lVwF$>{29&LPRLybd3Qwu47*GIT@q)#fPBAn*#V#erh%498
z_3vO|U|O4BLhNND%-zjmT+e?tLybcyv|$(r!gHY<#=_Z<WRe3nfEX8NVMG$Hdfq%T
z6ddm<TJS0A%tJmt9eas9+k@rYZf5TKDxgi{<%P}C^FDs6_cHtH$IH#J;_1NB-yKSQ
z*$VJ7^v2x(J_PCH?`y*Ku!GF?RMp4(C1pQIIhPGR%T$Y170(tRUI0>Y@1fvUEukn#
zd+fiRjjXQqvoWmBw1F)`@iNQU;44%G;22!u27SVa;-e+A^$fxhn)2fh7NbPaB2PYu
z6s?WGNf4<;vAcZ%yX`tJERaB6lyUkwhn{%8&EiM26%Q?;{hBAW1EMav$wqL=l1%N8
zA)+Wv7d5ilp#8h&%+9js{3HZDXC06GyE=M{+uRQLO7qYp*yx@PyPHZs?bW!%Tv7!U
z4A*ltO?E$n3>cY2IfZvTnfRZCrnI5TE?~qOC9=d}X`ICuU8^uEBN8P>v-?4)O%xR^
zbeY6Qi+pA%iSIiww$!u{$VwlX!<qA=c^4T@$nxxz$4ypw>2x!CP6N3j9y2k@?~O%1
zt)RxN7dt&8viGmXaBzDdJ#P-Y4f|FeDk^SokzEDOKwgN%>)q^d-KPc7VZJsc*o_=b
zm4@n$rAo@PHu`iIfFwuG1DBmM8u^)&FZveK6aN`?EZ02D$bbTZbH-fyZMWV>Agl(C
z8;U2yWFL}#;+pQGS+b<7vhc9ryQ#{^&x4KWq6%$f_*d0P-KP`Oa2{JX_v__b@XFHN
z%*KZ!gMK)|-)(Xl)Bt{32I7^(9i*b0=~#OOnFBmNt4-NiWiroO_=uV>iZ2fQj~}0E
zNc;cvq5mW1u>F5vj)Yx5148iiE2@(-oP$m53NdXFm10rzp(rN-uu5TVgza~?QRojH
zxGEZx;puz!Yf>aoTF80In0~+c2(1!>=E-JExBl=Sp^9Ex!@nhplqxzv`gnPMd2Jit
z3D9%>b=LOKG(`G8_=RlflO{qt3U+a|QBY$vd>PrvA164bhC`5DxOk9!@4x%2mV5*P
zf%t=0SZ7|3HaG18TNrceL~vj+5U5cV%a*vEcgkn0&`<HuBgAi2m%sjIk~nT2X~UiU
zeWilMl?_q)XDf~m@h7~UL>s709Cq{~I|G;0>=M580mNU_iHJm^frs;sisZ7-!=Y>=
zHI#JaKT{yGTV1*`YS3%(_EqaSrdab@xia!Xsm#9tu--~H%!N=%m_8;5@Mc_{KbCj!
z>RfCj<M@0h<Vfv@>;GpkI2l;}GXXF%u>AM`rBb9~|LPRK>n~I;N$|4#!O+DGwzWdq
z*<VUK0sZ=<>uBxCI2y7Y-`&hOn(#F^9RAU{z5Tt897Lha`z2`_$3r(pcuEq9!~Ih3
zND@O`hAl6RVak>Jn@+ztviA8pBDCUjP#h9Hu;IVE^%%@}dD7s;o_saweB4Kv=uzV*
zN$-=bZh#MsZwxg&@jqMe@wRCL`BQr63|U}I@l(2vFnfGMcPvc!MfFj;0`{<4<_D$r
z#q;TRlLO2P9||Rjt4TZ_O)H+WECLy#nfXbd$wCFJIa^W7q}Nsr=@Z?>ukz=!hNm{a
z3#?*A+^k_`gTJM8(tXV?rb2;B#A9zMj+h)u{8|8J&XQPl1d}3;Trp*PtpkTy0fc);
z3UtV)7lk~4w2r`>Xcu}JZyDg{j;e)3W30jf{dKz6lC$QA!<uF$tCmfih~{-S6(xM1
z%vOddch1Y<t@+Sr=%~0dlxxayBu5M1*^2tl&Uw+43ey^X+^O=6)q6!$6P#WXn(^R{
zmQaGjOl~y^x^ymark({Aoh9t~(-Lx|bk=A#ZItDac7YR%W_Y31b!FqeMsUTI;lyHR
zZfvZIt*^0*UZ{Hu)-wDU{d5$SJnmI6#@+W8UFf^FI=b}}Uff9f+Xqtv?kk!JsGL)B
z&$s5D_>d3gs^;sA#1W7;{a;0_FIVDU*i~s}>IA_z1q3J#Ug!SRe}+(fVKk@;XYQe;
zwT+20wHr7J4sJR((yFT>tS}IHi76*MMdh2LO8pTRHALkFMC}XZfP?%IGp85=&XE7!
zr6n$PipqScEqOrXkoys29}{1_*67*ObWW$&)#2*1x2`eyl6CbNGmsLGbSo22RsOl$
zsF&h6FAT%s@0IN+FUCO%um=X)1MP<(Po3HWJ;Nj4T$|<CE&Ny*TmB88B^qy`EL#G)
z4^PBw_Ou;74Tx<Wb9((AIOfhBwT;M^LZQ_riJDnCZf3#M2lW6ZuCFEJ1%eC!LlRZH
zOJIy+$N)iF<c(`>$g6XtU;^L5BGJh;FNSVv@J7pX>gH??Zu=;2pt%)sTwuQx*Gnp{
z;sck*wo&bBPc2nojHmDMaleWPe}5C)iwMs|L1xvHUMx)&SCdZcvDH-MIFUFfibL_|
z?sV09EM_&;)X_%5jzE$M^88%Bj>nnrAm~_V+I~>c54QNCvh<h?VZ+?yxAT`5vtgoX
zv|)-`BpXOj$bdO(W5ZnZ&WPg1Zb2*)5s{;n6%~{}f#IT(WL`QGvPvlZKpn6%RC*2A
zNu0`}>#p}l0*RvN5zoslK%p{}%<Jz9>!%2Y3Q$0dI!hEXK<_uFR*-PY5H)!9kb^7V
zx$xDoGk4rJ?`f8Mo`~CzMB$@D{{~_SQ(gZDgkfa;PlRD+`nN0bzoM99|Du>7*B%j^
z?V%VO2aoC$BFaL*0IgF(NloQ4tHk<F-h)C)6HY%GljM)D;~e3DTw+14Aq5P1O^0)q
z#B<{ud-6;OdzjM|rfn;gb{Ur)gv|lw!4nyx*oVfE60?s9o;D0Ac=J|RRiSPI^u!7|
zbPq5kHcy<G`#zc+5~2Xe-&r}MJug1F3)J8Gy#l*^RM;on^)|Gv0$6J@DO52(8v~>;
z9kNRDDSuKD)mN6mn>dx8)Gc1PDoyQZHW)klrtbuHo#-|VlrRIKc4f?#^zZI9sZ<MM
zABqwmQIAfuogTm!I|O~e*XdxBs^j6jwX&V{20IoWCWl>yJg>#E-G%5ZU3Zvn92I!J
zG6{?wyQu99b?c+j(yviHu}rw4NGQ_ffS%QxCvV93cBr%HNd6_7bMUl*QD*-X5YGP$
z2qP=UznSL$oAXbp+t_7tAbe%(^@*uc@nJ{VTxrp@sk$jT({I_yG!gAi<=599k#>E&
zXVk$$V*?r`oVi3Iru2`~F!{4F>F+5%7-Prcgjt@1@Q?`GQZ8q@vk@goWq8;@@5Mf*
zEB8&u!GTD}J05SoLz#~o!2{p)^S@Ib*W|9#?($Q^gc<C*z^L`{@T$~Lw#mQmuJ51E
zmrfq9%}`JS*Y#Ekj=?&<19}XOIFM!|RQqmtO-1t16^Uli7^DK&h1`WigQN_q+E<H0
zW!WnT^2bk>J24?%lKnJ<sVuw-bO{hh>UQ*&DhQ%JJLy@^!ak*_N8h@tRT)m_t4k}u
zh9>xcGH)=*5z+GkK^nl+&|>};B>)@`-yDT{zk`hDd**F2w%bGRyEh2yZ#sw?Rz-dM
zT_O2b8fe{r(D4q7BaMK#lk}=F24K6Vy`;2DMJk@;VkhdJu~|h7%qf)MJ`Cv!At6Qx
z;)0Nfg~7MaM>jA?3-MPuvOCa?hC@@-w7BAY4u$sVxzxWHqB7unC+|90nXIrBt5NXx
zm>W!2Hrhp=Efcnu?teg^Ek0i@(71To>Hlc+9z7o)MAm6=XsA8~jsjM6Kzy}`Bz89e
z|M3gjR&A2rA-~FfLoJOJuV-w&zR{88wc36sKv5V(S8iY&g*bChf^9XFZR>Dq%QVLn
z`+VkjSya=G>;2VQEj3ZU6^E}TgA{^;QIeLBBRHO1oQT*Y29ub{aA4nRyi7}&JQ6fq
zg`*M@jQ|7>WTP+>e3{d^B*XA`&mUPNfbgy0J%Vb(*0o=iLJ(g6sP`s>7hj>w%6eG=
zuq@-U=~^@01XkOPjn|4LL;m=~47qh|ei?`&B9>rxv=EbV<aylOf}QE`!9{qqwaW^A
z<wk73CN5AQBZ?i!2L4?<?@loG_qF|6L2FRlH&^yXKGpixodt@#rNG^x1&oCF+WlJ&
z2PqH*0acXg#Ru#ibtYFrnc*2embcoXx7N0n!$zNAUt%nM=vyFt_4KW~_G;*xKJsDQ
znu9};%l7(;j*W;B7OT+KMI=-+S19o~>SN@z;MH08BziYP_)6Hux}@#wPqS0UY@V?>
zXa^~~vtq67WR4IVZZe5_DA1#?_oRKk#lG%7?YzQUIz@Stt<`pi97EQQ7Win}_xc8>
zguvYa6epPFavD}bQOwGUcd~)~V5y4shCA#A`3-B(nT?<QR^{>xshl%u(Nmhgx+`QX
zjk=MaRjO+&2B`y~fzkiyL?D9wWHD}|<+4HLAZ0QgQ6+4w>R)g5sTFOJbHkU~5@MMP
zy96&te9Kz15o^-6oBO-e8AW~l@v?ZJ|C9|dLzPCt6A`-<E(*O-mHX|<2fKj=>@Slf
zns7#>2b>hZ@CZW|+U~-$m{Hj*6a7`f>>}k)*lI<|0+&ILq2%53cj5Cbs%)bo!nb?(
zb9Fc)w9acrsl>!ayT7VQ&#844HrQ~}scN4o#f|?I`_X1O4;y`H;YLwbMZ#8HW3g+m
zHX)-L23htYRDo4)#ry6|?1}27h?6hF33O13j6r`DxaBo`(Kfc~MyU*ntfl7}4bD1G
zVjD!2@*({#js=G3Y-Q`u4>|2@wo~0-^OkZo%z7i-;T={C;x&Y^H$r!(%#V)l;8R55
zNJrkx)X#V&laG2u&xlt%c9nsMRE8X7fZ9U|T$CDIDp#zFM~iVebL2fwup#g(P3?7a
zl%<aLmLrd2-at#t@|6B*W;+N<*y<$a&9z%~KX5I|heA7`8lqfprci$TKU)tPW(nU>
z&pS}oI}WCkLG3?EXlaM<_exu&GCnen65ur5(CUE`986PUl3W%aQzvk$dx^aKC*V(q
zbEV{7&MDrhaAWFQ{YLBrHK3fu0si%JvyUQi6V6$NvJE%L*4`iw{#8m3kG<?5cF4P~
zu4A00f>N`d%MdUY&VS&W2f&~-x}4lrgPp%P#C#X$LO+0E0g)>X4=P+VVyHow?I$NV
zdqR98b3u6>GfWRAevvR)1TiMxf2XK|)e@h8x)&bL1za2CdQZumuO~i}YiE<l@a>Vr
zHBn#03aygzj8Ee~JpeT%63o(dhGg(p?mdLg`vR#7ihch>0%H0n9|qHZ?}h8q)UvA>
zM)R4e*+rDvSZHJBIlkCZEmuBml*oCirZG$aU8?H>BA4;?UeWIT)vFJ4LZLWm(%EhB
zvYc*LWrC#tLJSm6VW<w8s6;}HSE*;)y^{+e#sRlEQtwgTV<zh0G+F_TQMOAt`|aCJ
zIQ>@7)bnuhee!i2niB?<D!`OX(&`(e(aXp?weN%M1>5uC^S<!8Kl83<TgwJx>f2dE
z>o)n${!$^T%K(HpNRg~;`2kT(Yl1Mu5Tfqf&&nc=R3IKe>vX&FX(*x6%4xeW1Ykt-
zsY72LNpWuR3uK~f_?(u;B75)376Z#gQCyVXKhNP<?d{UjA5*UkU}wG~-3=h@!^E)*
z<h~AP2zZ=3hsNiB<_RDPQ!puc|E-C4pOtlbE)>SFhPSYP0BAOYRLTu_oB}XJpp-n)
zm^BL`Bol?D3ZXn#qeUHyLz?9osSttE^M!Hzl5SObz23S!yNaF3@$Kxe>Y*SaA&Qvs
zmm!gd|Fig`hr4>kLLrxpY3OFZuSb-)Wd)B$fA^#CnSFaW7$zx#0GNH!(Owuq#JP?H
z<Dhnt?!kwFF3EOYOrNe~FHc+*jAOY@J!z-5*YmWO<vAr?B&?#;alsCQnSDIRFW_{+
zGOD?KOizt|%(ID~WGD9Y%sif5A`Oeg@Rs$sB72Q*!`Xm31R@1w6=x`7akb)cJ0$Yq
z`Yu5fkx-jb654%o*Ayk$QpI(b)`Es0OhB9%bVw-5f66tq04T^$-uPPpfq2hSPzZL?
z-Q2dO`ShyHi*4pwEJ7cW=cg>VlxUO{c1Fwc>VZQGTl~x_WlqApZcR2bGd|Z#Do}XW
z@6m-7YhRk?Yg<VZK+5TG%<H47?@>cngInQf0#tDD2+;=b+Q1;t2D(MfXHidfH$4h;
zRSWAY<V<7Xu0weQl&3p@oZcescz{vS5HemQD*TXn<FEZxnDHXBl3!CkoFnQM81)<i
zK$IMIyGke4{NBi)jC&hD7*<~4kO2gM8YC28^TY0*^RF>PsdLBkvM)>>CF>@Ba01wE
zH=>hyw9~M>=QHS-?JyizO*G|C##*iF;cnqQxA9WsC~@x&UYS5m`mCA`HITAbj8&2T
zwDojEUz+Ip^r~&)*@^f&l+2<gITuI4amcW#wOr=L2RYCy$8_LU$8j*f?%k1m%Opy;
zD6w7#eyJwl!n8g1wBG@K#Oy~k#T5v51V4`d6wMT^7IlqOy$-G_Zj#1}p=(6Gc=kM=
z5E;1G)>iR;8}5i)@>~9!##@X|DBFE6@FB*+D)(535q&J8KRYwXZ!nrE(!(yOx{OZP
z(FDamgf}p|sQ$b+?-A0f{pv@Gw+hsw_4AnTBk;n_cq>z<>-f`m_7?|@oP($l@3b)Y
z_MOqtNt~e%=nbQ4#}}PU<c#L#T|wchamVKBg-V>IbKy~*EbZHVZng2tz*+l({&@bn
zriZ}(vNKT5<CRouC(4{8PeSDm5<hsB$qRlY!#EO!Cm{pR!_8jksu%~OmV$Pa>~NO|
zF%;UOPX)6bJL<k518MuAT2uH|?NL4^@slRqg`S^(P8eip$^~KDI{&&Ic$K&vNL|?e
z;ikz1@sr2A>)tljNok{23l*jX&$b$U#70BUZncu>CvT2U%ai2^d_xHw4s;lqu_8jM
z>42@Mw81PW$Q}$4zM7*syCFgmW_(H!oZ7zYl?3c=-XdX4)D-89OP#3X^5C^3Zuu++
zW1#ub2rTIkuie~QC$bW2$JPgzh!(2+@A=SM=;i$iwmx%~@cRX8j%lfz42pC?KgLv4
zvugFtndb_Ij?=5a^xUmq_oub26W*)S7kihSRp#1ORVB_P1#V`%C$t;3mq*~|7%?{+
z##>^8b+L=b2<pA@>B9pOY&h_3U%(lpPf-40h6822NvT`H4}w+>j@gmS0xQN3dE|w_
zeEu3b^@j-Ek)o;6SzX2*E>qcsF@4c-HY}<KunO)QfF(z?{Gf?vexCJutW^Z!z}L|i
z6&oi^>9|z6`%nqCOnwA|bbO~55Rf#q3Mt@wm)tG5y@EH#_7O@`znZN6&>n9ZYE5ob
zxPaXR=ta64rk>sVJW-?baQe5Ndmyu^Hw3$Ow2FM!f%j>SpnWp`UVPWuWd2qM;!lHz
zfaW$BGWDKt178fggMQE~A+n0#)x=}Eq+UKja#rw?wOTwmFcF*v%=8XrVR2=w=ltU<
zm{k?079hUOP2A{B-QTqWw~faisBCn`6pXJ3_fp~?UXT)_QW+fpKwp1+E;?$AbP>f=
z!^m@c2<SaVDWO7TT-0D8SxsT}n3WV?VrsTD@!;c1sy=Qif!bo~hi82FeAg0Q)@2{H
zb(4p~A^Pv#NeeQLyGUO9^wn6=H>i`62UKc$TtDtALwN0mjL9({z{Y+wknE+u-i5!?
zOfggfc^35fCxqfneZ~4g`>gNf)0>r@Eq0JPl?+W)`{a6Ws4Vk&DaxtAHT2Lo`j)BA
z{DGzBI@44L?0N)Yu-TZV;mt~_t|~)2T$57qYi(ebDFUkcbO7D}I)TaU+{O@*eg)y&
zcatfKhBR!pJOA#g+pAQCZ6Yj6j3~WMWTU>|zJ<<-1R2dGX(v0Q*bJv3ML)XpWi{{x
zNoTBkwf<okA4usz8@wg6v*9^^{2rdgPYsS>^{h*4=rLXQ-_y(K<ugx<^%-HJz2rVJ
z;frOkQCv%jVfMd6Z~d^!c%;_qB4@u8VgqD6_pbwrQ|+Toe^QRpc$==W9R6+Qv$|>T
zm?ZDrCRvYn{i!de3GXhXQkIA3+`4_Da?^DFY>@VNov>6U>^v+|@$+Fc)aE$`lgM2Y
z)u%IDa@F|*4}y|w7+^xlK^Z|@97S@>*q{5}CZL$DD4=dn+CTI9-uJ+>`y!RyMTb#W
z1jDh?b7;!3nYtwx3X5Rt298U72HUa@Kh=^jGLP2}!$02S3q(TO4f_u~i1{CcI1>}|
ze=WqDG_{=eIsV0iZVJjQ8<%x_jOTfEc$;_|GK`N+JR=+fCA2|OpGem(YIX`D`-X@0
zCsoS>Xb$gjC32=kz%RgVLV0N*^MRfrh{eT^Y1!QPui{{g5j?Mq*1Z<5(-bCIG?owv
zj(C5+eV=e&6v|QGE~J0tWM6&VGOOYpi3b7ymZP2pUO&toT9|)d_<mt{f3>(<S)h0G
zM}sls=e;C#`}1k{FB+8l<5>s=iio8fv?=(;7{aJl#0)~NI8pJtMdzU)%I5vtIO3CI
zroe24kvcNPotto+9w4Gja;o~w{LPmo9sZEQ5Ct(=6x)^tIk`Kc+XkgVSr|5VG1CKV
z2f6bJd@la$s4FcVJJunBqhMC|cWjfzPY5)bzlD6StF)BfFeDT5Cj@kp=BBeAS&rud
z7tE89^UY->Wr9q&xx3-N&9b1+Bnn~BOXS2qR0)cMkmq#KV5nmp{z!--9@*-AJ#u95
zfBE=+pWfDWsR)Y;^gwdN*Fq?>_2uZ|<jvzUh`u^BlOsQ(pPIJBus%k(TXftx*8RY%
z9)En>dJ^6!D$-R5f8*+4-+-c$VH71iL9;?eg`QeXS?xj;ds?&j0bKtCWuJ=Hr&cMD
z0Y(rIVULp_I%Y2o#Q>1bPKywTnoY={Bn2J-MnW|N;DtS$?(MaNzNYAXr+(f~jJzJC
z%=AoW`}n>%r>nEin#fhQGZlmtm45fR`qD#h%wC-BE)r?dkGnLY-@C8@-MiW0Cx@SJ
z6$hJaW(R=h71vEDer{XUS3)Zi{2{>yr`OJqA_!n+jfovF(Khb@GZI%e1<phw3LA(4
z6Wm4jwAkM2raMT|8sJGk5m8Qj?R-JI5unEnGj(|vBP}HpKqY?ELXc-Kul|u)`$NsB
zana<7YezWJ!;)v8=gl^5p^`yhTE}u!tx6rLV;hJTOr6*3XL_DIZth9sV*Ba~KU(Qk
zMJFYxeGtSTB?|Vnp>Dc{jp~uB!_D}R)S<c8EUz0bD$v0S39Sw}jghLd>io3lTgx(u
zk6rx&ECb(87K3q<wRJroE2w%dRZ785OuacWx`XRBm{U<3-!xckf&nb~N$svS++#rF
zfW0F^+3rjFk$5w{Vl8u30bDf}q6@3-!Xt7F#-Kaw?#}_P8^N_73md!C5w%bmFEN$$
z3e8>%PxRya7FVl{;@x10v@}C^MAYaA-JDKsk_{n1CcnQ_6$GREbgX&rz(v+gHZB#y
zW8q~xc`On`>6J4|v<ZerFpsE>wapVXN;|MbH6Acbe99C|Uw{jw&0`gOVp=?<4gw{P
zhe<&CoQ&Rs^vIIWEp?qs1shRK_P~Co<G?uAZzT<ZQ}fAv{oS;oA5S=()cf=^XL9$I
zYnu<9{tXv1HC%n5JTU$l^6BJNlU>O?;J3d*z}xggzgihk!fGc*Rn7tpr7oK*j(^bc
z+8C=+Qc1C-gx{b6R*DSj@;aoQG|FTI!Ue~y?&Ko@`Y*wS!q}{KzwkXKoMW^muZ}2O
zUBrPyk^!3<ihy>tLxUsKydEY<eKoeWPp0}E9BFW#MrrUUsphK=8*6TY=Ea7s)lOk4
zCRhwW8YoLmuhGUv7(p!J1kW0unqj-OvZmBLH9YLx`F9^AbJzocFOEs-@K~*EDwRJ2
zZ$g;C&!0D$@Wq4-BqU3F7dO7SbVrAOXLr6s`<)<Eurg$Q{&DOi+|S$sRd)d8Q~+^P
zJ!0E6u*lTtQ5OMLsBg-wI3dS2%CUUr-({?dYL5*X>=@yM%a)GhLpes8cYu80z>Epd
zRCR~`DWr(N;0gp%BX~ikk9@Zq@2Sp#w;5j>(<L|CR8or~-Hcl1O!2=cd&d}0zUXhT
zZQGu<ZQC}!ZQHhOW17>pZF}0b&1r7$v&kk;_LtrNR;pgqn@Vm{=bm%V`9Nu?J$hAr
z`4_9YqL3g_Jl>t<Ied;#Hrp+gFmIe^kqPIqqeCm)PLLPKrpXvX!M0k$)@G&ga&Q*G
z^%l@pVl9Fn(N0H4mXwABdu`fngPpg=vG1|npJUsB05Aw0wkVgMPb@HLa*fZ<gg|?y
zxyFE|bp^Pt7`iRiAiyv=A#T_Oo}a2iZY|mpHsl+tO^-A8Zqgsv<PJ%I*>18C43|=9
zae0K<N(VyG4|8hACGA;2mqSwAW3(ik`;0C1cGw$HYwL%uO;2$D8MpNE@C4PAnB=xH
z$9sK7F&~w!OtN+-)$COG{iV~Ozj1x@yg#BhR#haH?~2D=#2zXbRC5(uxJQW{7lw6D
z<C$!M6kJ`Jen_ez<knahr*(A2C)x$vKx%~Vp-8LAFp5V<hQL~BaZp-tz#XV83ZfRf
zzW7b15iZ{`&60pLmKZrniJevnwwxDsiGjJw3PqG^j=4HTBh-1OEm3U%mRou$w~KFn
zaoVVcZ2sg__}odD1MkY7xZHSNMBRMG!131W{4JkV!fDN%uMW}d$l0L)tR$#2L+v+s
z+_rgYp}uGZcvyblbj0c@prf}&<~%H#8ANBM?>Zz$>R^%;|FjA@l_tG<vd=&%#yZRV
zS=RLsYET4@Yw#fgFY$s2%85TqP&?!3A;hXCk|?-ckifb!-}$SO5D+dw$YA1zH6lvT
z7ftZPJBRMiv3FS5S)eN2@bHWoPUVY!<;6X*oFOBhFQ<C!wy^{$6l*nR5gl6vF22#^
zsi$_lu1+aAaFm4&8;^wiU)_0M5BZ>Fqbjg<^_GXd+(>HGc{*xo2gv8B8WxL7Z`HIB
z+>sg+g!VfMngEO5L_kuKo?1Ha-ZY3R)FsAM$JBTSw3>qj&jdNv$|U*i;RN{{H+{CC
z#vug0GMI<Ol3W3UV}6Sr2)sjKjhWF9?MrtjWi*Y+%GiFFF6MLAdf+$=trvtrHV=GJ
zP1g9%hAPd=F)y>Gt6`N_s$b`Yy%~kE(?t)7%nl+ZnR4*8zD-*wU!bs*TK8?mq>Yii
zj}YeY=li9v`88C*CzFgm1=<EBNM7%`-z9@Fegx&Q!1a`~ntH9<Ko@p3%m&y|+{vRr
z%huX|(Ifx2Qt1Ch+k%sw<NwySVB%u^A8T7oYs=Z=jw5$JXgo5tvvyYWRsb0Xeg>d`
zLO0a;u8J~3Md5Kx)JTRF#ys`zXbd9DMZ0jKghwC>JDXKh8g$px`0<fOUIry&=}BAM
zQpjuK?e&m3(RySRMjNg4|Dv~up0s%xMsImPm!=|>T2mYN)ZO4uS}UhqKaJRxbz&Yh
zOT<4)xD&xgZ{`_RYQBRdzy_gON*rNK3ewkx$GHV_NhOJEUqy7y0U`Rk%PA3~W~f3f
zs1D%)5`}|rJ%Z$b91Ns0P0w7G*hfDC0%-2YKnqrPtQWngp;vc77rK=`1pJ1`o}-2U
zVWQGZNzx;EKwODri5Erjvv9-_r0LpCY*P)wu9QI+f;Ex{!BuhsfQZm^%0?BicHs4A
zS~ziGbG2p56ehZkE#X<YYQa+orUN(w%N@wzaPUZwK8Q4!B|gS72;qb*XjVxwmQ7x<
z1XyEIl4y=q%G-?gs4^-s@{$0`TwKFlYIWDU^~|s85LC!~?S-M<aQe2)Bnw0(%mXf}
z!L`ezq{C=-)VG6F9cYgluazi3;4BDag43rZV|X!oOOi1^Adn}tuV0clzlId*G$xe>
zcxilKlh;UO+Q5(^O%Q<KX~(R71~15HH0Cn$jp#Cx1wr<Qngrz~lok$YMoYKkleB{y
zGc333Q(9pa)fn)*RBIuojm_ggp~Fz&6yUOKZ9iDS5rK9YAwYk(<AK4~KL*8%5&%7_
zXZFkRpnY#Qq3_Gqchj%?7MQoy26FotKSS?&-Kwoh4LhGeD!PoFmX*+7V%NI5SbAN)
zK>$Ik7qIc-Y}i-a@B8@5Z`Q`x-j!Cm3*5n#*5g7ucz=C5bNlS(PM3px{|<)(_vst!
z*5SwNMZI9iMZ{@~57Jw<=qJ9?QLBaQ`BypTULVcrtoN43rq-|RDf?0ZT7UO+H&W|o
zo9OPNJ3jI3nq82Ua<&~qXqE=ka*N3%Fk@8(lQU>0hN#x-(QJj-*2n0V@+)HqvAa;0
zF}McpoWX<8R3Dr;;gtL`wBvgen9&^u3>l9un^uNklZ};9IlYaUX%$i1-uc(7!KIGw
zuZ`*bmHF53BdhJI^~AyVJA={MQ2~8rZ$r)c0Q$&=)&-q8^%NVFCt$e34DVx@&KsSX
zosK($w3{>pmglnfr*p%Wp3Z!E@`t6-aWLSjH1~Y+<fr`Dej!KG$ZcstmiNDQJcq{I
zF&BeY{~XLS?D*L$$4#1F8UHcLH9F)DO?0z6x$05Ro;-OiAC5WamHl%_s6JQQAP&SE
z7Zb!&WTFGP9GEq6Vy3f{b|$7yVVwbmu|jom+nOqGuNZ6F3vi|)aLK5+UxgzDx99OV
zK5tAh2hA@_DP5uUtk597O*yO}rVKci7G5sB1ZjQBzi8FLm08nS{gtbUD?`Azy(p6M
zc_lv(*<3kRs-6ljzc`wm*3nXF+x)+7Hh0^z_4Vf5-U^ZB9@%+{loi#bbQ9=&-vJOw
z5`IzsoYzy&M%~v#%Qo;faODby(q6*Azd<O<@j!blK;x_M`v|1qclS)<``7`+r<IqC
zNoy)xBa+;p2@%C7_~Od9vMykf{Gdp}<9~Q!>O5wSpc0%Qh<^WgYuW}X-Z9}B7b75o
zK^oVF3V=dO4!gu4bAcjB@rTUD?Dm~FdI*4s&H@z+dmYZkh(Z&D&lrQ#<p4_s7SG{J
zN4=7b2ITy1+DE&lx>8K~?a4_fGN3RVrT85@U1RHBSDs2#tHQ7mvmAHlD;n4x4HXZG
z<K5rDmAER#WZPSduTP8ljGmZN5pkHUEQ+(Rh;*g4#3KAxF^`($3@yebN|HycIG1EW
z9@(-iqDe(`ovM(Yj0eSbeJ0=TW6io%PDX^9jK*RdO!+Bs$q}jt%?ex@Ve`U-(YEwq
z+{BaP^G1Z_6#5RWIw@S$KAwyinz7{|!Zg~Fv0T}x*LmmhYw^mqQGaV{MrH}NNrXVz
zfL|HCVRj6Fkln?67BI0IU9mR3)qCaQFP^2}5Pw3vWG|s2O4o$hugV0?xwg(8w{Y+8
zP2oIHniu}}F#fR^PHJY1#OCVHcS}j-bJ58P#9u&0cD%}<J3$tfIg5>iP8JCa$Pp>;
z(Vi#FIh)3)<|iAfLt@!#e(A;;2<{;r^EoXm6MM3SQ&~|Y`Y_QMa@NEytD{)-RR-Ex
zj$#g2WzC^J@0R?mP8+tj)YlZ!GNI@Sa@aZQnN>dMyYvc!O}ylaNXt&Ki`s;Dhh6Y~
zdxsr`hxAU0%daiO`aGP%$JuPX4P#H|zGuKToZ;jWh2q92hV{0}>}m%3ukLgzDNBw!
z{T6IoS|^jSqle+vx>|qc_csk@UT7VbccNJeQ|cRE*CzXeGE?f8@AKEtt9n^J6IkfV
z@Y06>TcPe_&G$87R<QFE4iWZ^m1O=F==w~_bJNL7wLj^$oifZXjYmLx^YI1)b~fJ>
z^OI@yP4}>0I{=DU$ZwZo$6mBi6&Xh#ajLjk%3(+w*pD*mPn#nAerJY_s`H1%^=CF6
z+A!)*qegp*zo;T4fh5<MxaKyHzw_y+&e>mBh7J2vZ<e1CHLmR0|Dzwm#`GV+1m>S<
z(f_*szkvzW8G6ozl4xN!4>WB<70s=^xb%9-Ql?fcJe4!sQ?gpLC?a%zaKg%&2EAp!
ziHRtS6xB(L-h0Xr6$s@;XyF))kj0P(2MTjY%G-|Y?ff>0Lebsm9@uOA|MpIb-(4nP
zQZPDIHJ5zv>>w5K(;tqae+po5^!gLU4TB}skS*^+7X}!=5eyrd`Zn8}CnHABzYLG!
zR)q>Z+bL1E4t;WTMJ4tk1=Q&tN>exY2Gx}`rNA0XUdtD^gb^_*qck-n$9K+Wa6ePW
z2F+(Mne7}?e7K<6NH`>TNVRR435nDROmM=0jtU`62fe=G>(IPjlNQIc$311mZffc>
zl5qwfjAdz<g&-eFoM3KW&&mp+4E;$Cf7c2>9Ns3E40?6QnJ{w!$bs|V;;S%*q|d`w
z{S1Nzl&6Hy@~2T^j>nM2i6<c{O+jfno6*c8pp#?kjyl>vm;&~>N43A8$t9tbTQ?a7
zulVJ%dPHG>`tgUbphh*9V=1`uzDsu)jfJWN95;5b#RqNM^iD{V%th|WIb%kK_&uzh
zN!GAqV;r3C9hu?Pr_Z3O5@g1Y7A@~VVX&6186dnZu^_0#Y7#^kCGkZI?A(|=QjK|n
zU1f+Iu)#N6?|mSKfHz^0DzBr1YDHdI#+X9zu<8OTTScAA6mIfdTqL+cyvB=lQg%?I
z%ZqOoxLC)5!Cm!#XZPsigz;w}f4~b7{zgJSE4`r}b$hEw`#y`t>!L%Pzt+XZ>+3G4
zJ^zx=Z((4p#N<ac{Ia#4mq9eQ-Y%)<hy(@?%=P>Gv@lklJom+!<1!N>vlN=^g6^W+
zgxX0%r_)~P={5hxY8Tvwvu#!L%O21hJ$UH37^-%pK6&NR3A0ZL7YF5=V<B1=w&Poa
zoPWv+OUsaN985(=yl3>h*N`8!hf;t-k6VBv4Qa)qv8Abhv?_19<kY+A@r6wfSw~k_
zwN76_R-Qv<)*BN7rl{hq^SnHVNs#o>xpFeMGRKGO2OG%AS*)b&7SG0PFi2_Dzqw=k
zte;bq*B&Fe3?f+Td93f}NS$>U2;%&HW%g!?<@M`Q@E=kqHWm85-HY8Z_o$m!Wm=z|
zIU!ewd!WOT_Z)wND{|VQ9(OP~TY;cQFW(e8PVZ}ops@c$al7Gk5Ls-iDIby+->IK6
zk>S^0rF7m=EKO1aodL(hp~sKrLWgAML(9zoc;Nuusl9M=hWwM{qmM}!FOGZ;soy~4
zw_G7yYH&)W=f}S;BwpSca?Z;XhUBB3_Y&Ux95{JPlpf92<FC&DI1G;PbyguQWFW1Q
zM;cL)dH!aAaoO$0^osxj+fQo-Sqv(1@`S)avw)7%Vo3T~R}!F`s;o$_5XEsqUSC$F
zG}Nh4y$kHjj{V)b#pm^L_HZ_Q<LG1WYtiJ+)Xg2I3fPFMuL67#mNtB?7hNGW=>?%V
zlxipXgY{lIQ+uTzW_r!Go|Fce*UJ0lPX7D)m#$i<OQ&PfXf*1I2{c)V$ori~ySS1~
zwl<7jX^K0d1FlGoQJi?7Bc@>mfGnv%697%+8p0R5^St&98fSlSYdRE>%f}Eh`)0{8
z_)Hxv-0FtVdLkG{upj<2tn=$vc(%Tw8b>4^IM5mU=AqC`{ja_8zh>r)KlF|N;odl{
zrDK1<{(tt0=ZfHBw3NFfwb8&gWzE-(8aJ-6IuUaR6iv90tz-!Fn5Vzq_`)$W8%!0L
zq3c2eZ%OVqUvpuxF%)0x1BQ|JR3Q>0BBI0+Zff}T5;I0v;cZw55gqgOf4OM1K}#p?
z()ab=)Mk|MyC0qqeBPvM>~tAR_5D&RH|lo+RTdQBmaNx>><zW|*Xz=m@iX}H5lduD
z_%!5F%u9GTxOJw<CklX5PO6Y3{>B<or;bq39E5WhDqPEPCZIQmM$E3VdeKr*ZKQ<e
z`5+p|F0^gz9H`QM-0J?+KGxD$PStYJn>|*-t1-lu?6Vv*sz&*9Z<(-AukeF4(jMCJ
zE9=MU`GkWwvPAJ&rg0BU$dT;--3!m}@um#2EOH_8uuc63gd7T!`kqZSW-c+RJVtPs
zbBTIJ)1vvOSB2rNJ<w-a?n7s&Z(Xh^^W8Qg94PA8hb2|=7iAtWgN_%86G99(1T3|U
zp{H&a%{B*7XdlgPKhbS=tRlcI{8NRYavW}Bs?BpklVY1Kt-F;Xz#Lz|w|G=Ea>3@#
zFz&g;#k0dvY-HU@P@hfjcZ8;8X7<ok@+@A-1A!&`1A0B0-XEq=dcZpv<0lH$*G-ls
zFFJ(F7dUC96Ds=sP|T_`CuM_mTiw=5Yn^DAX{Q>mmZys95KFdzQWDlUZrbeUB9sfs
zgjE~2Ti2|%c&psBdblkXtFL2zN2{4z)G@_o)TwgexU%$zi;?X`&W@n$2a;IA<tHFf
zoDoe(Q2)^r>1K->BXhDoM$I`EW**r8K@@9e%TqonvK}2fD*uAWD^|XK<pjMj_BS>X
z+QQmlpkaY1)U)nDK$#P(yfDr7>a0eF$q%=;y(?#^=z85i-sgH*GE`2|Bm?@07%Fd;
z8#=usH}KhdU&w3`Te*pSHqXQrc80Jm)=zZrH9)lRLUI1LVlp$sOcC;7kg}1Ywzi#r
zw+OZ%>oTuEDz%WpmpC2*+bDW2`(Z>8hZec-sN1z$o8TrTeUO;^5mKL5#tjf|w2umJ
zxZb!b!fwUqtdbYt<x2lryfq8t+FOS^@0N!MPXTpSQ>xNgys}#Cn6o2~Hq%fKXk{CL
z7aCkpw!69T>&#m<92AgTGD@nD`^Gr(VEsH(lpjUD*<3SibzPK$?7mw|T+=Nk@d+;t
zl-=T>Of43dvsh`dwe6govx_&IL$mF@k~NT!v|xz|_+ycWJ(%t4x^u|gJy2J1MPQ8_
zlbS(%BHw~c#4cxuaLbCb!tQ9qTC+SXF(GEU3?qjtf5$J93_^}W8Bx{fSDuEPGIXyv
zAzGTEb>3LNYr&u)fmwkqhdfCtPL-jh<7|IfN6*e~?jo1(&VC@9S65@G?rE#2`vD#J
zb$>rZ7e9UPsLPAt<Y{lc_g<ytKO!e+x~+ZmfI=L-JY)NX%aXNWHRjXRKMb4G&W@V*
z_xMjt2N2&r%r6HQD12ijh_h+CO8ag{sy3VWKbeS`7b%^eEvsiqbBb6W*&;_jwy=sW
zP;i@RS%NMFK@l|U&A2#}gF(&owsfbL<htD8T((zWjA^e45i`QVtInZ-<)^EP!KhiU
zmRr8;c#>}k>3<>LWn|I^lfQQghSd>DAutLM8k%uSC%A8alc_6=L0?i*#2E9&8)1z(
zW_aV|C|o9@r1^{!Bq$?TKljK8QDR1gwMWiI;B?8kj9~d%W>73vX$fbbC;)uN253&$
zkRs_WT0Uy40e!zz;p&<2N5wl$o9QY#uk{I+#;TFc;5=k`THT9)VxQ%<mPl{c)LdCA
zoa&3gO)}(~_0~OR4t1G%;1K|IT$=ZYm+*J}@$kl8DtChB)EebH{SDVK@q|*>E<<Fn
zF9*R{1CxI@XaDZ*ugx6gFJxI2a46mAsPdmC*QYOb;AngoE!^zlVPOzG6^|cneqHU~
z+<gDrI@f9YUGvrb`cyV7khX(upWBDEfJP>Nx%LfdydbLe`;Li|fjNVkZZA#%fHP=|
zrlSLZyfX2E0=h~5JKny=Z-u)T?yGV=QNzma6+EKO{a1dIQbn}$;LMVjI8Qo4@>T1f
zw)du|B@3oJ|5S0vuD%%pea}axC7xh2uG6gzLCL`_>k&8>-3I??^$UBrX4}^(v3|%*
zXU)}Rf24vFga<I{GQ3~^uoftL_<AFspEi$Yypcm+(tY%e5{M&7_{$%S(!h8%6p$hk
zVSOLWqSs|`Rygp_FSa02ykw}VJ`!=X<{D*n`|}<i-&kXZhp41lQ=Xday#+Ef+z0%l
zXy|9?VAei^P+yR}{4(Qb*k0Wx^!VF>y%S{t6whH52*Vq)s5KG>E;P@c?9-Qd=ckRx
ziKM{Hf+W9|i82RJ7-Wyt=pVyr9E=7uBhu7bV66(M^zz_K@HRj6Nz1l3UPQJL&p$mN
z){tuX&7tSEh=2A&yGOamOif)s(jXW&jBps3yV_j2OTHud8l7DRSNr8qh1)_q+6xdd
z1zAov91&i&FE@P&xrl0QJo54&o}J-cV5AEK%e}Dc3`7TkaOpS7V+?>-5{j^m4Z@x@
zm~up$XB~Ax^Cg~X99sLH+YyIZm(LGYB6aj++(Wz53G6D|!ov+6`);*%`82*zr+|RF
zoO;0AW-0cfl2DbIN0Pp<zX@4xjrF^2sGy}%8ZZkD_yGk{CLUY7*REs%UmFn8atQUs
zOb56*<_@N#5s4AEgZlA$6V75e+nKi9i{N{4l~v!s2P)i9|50N67Z;R?i~WCm{JPTC
zvfmI#@_VV>B?TAF*1PUEMFw-oErQQtkKKAEh6d9vq$TMX7>s+r;PIX>mcnNZ<p&3u
zLT~3`;d!5);$V&p-xJ|Qfrv1=2B#GyG1+!;eZGPV<s3>hXE-?4XqKNf@*3NOk12LP
zDDSnOjY#Ep+aG27Ct#4v=Pyz$!G)4Yw7rB^72tRa7+#usKkR+;_&T<FJUZXPRu2-o
zyr`6R3g7Y{7@g)F0J;{VL<v-U6JgYWVu%4CFs(<bR`g582m?1fPQPT&b0&OM>5>;Q
zmHhQLwUeDxYar+^h=_J+Tow<m-=XHo0ijBSYeLTN0oX&#ZU;_UkahF$IUg~}Bb%d*
z$lNrvkjC^0O!PW<cACQm5#dN0Uyl}3Ha6Ekx(&4xGE9>BUoNzy0)+d{_-UZw6HJ6m
zk0MQxLcm{ysg(j=ykN~($l6oq_EM4h`@M;aBAhN#5z|kSCwuAX^$qk}5ThIdBTUNX
z<iG?GcmFE-X~~yK<rTFY0}b|z_&hCdKJ!WT1^g2_Suq$%ghEdu0zquz!GhTpkuVNo
zdWJ<8e$l~K9;eNWAEDj-Vvncb0#naah?>nXKH^52KCgkWrZS|L6)={)s_Fnnh5_La
zgU&T=O;+R0Mbqk<X>~Lc@leKrHFHd~h!tHU_NmT(y-j#EYhDuK3nX#KSU^UK1dAu2
zHJs7c&Hjayo=SCqph9edy^kCWCaySC-O62^E8GJu+$-6GnOwNYfjnU7(#HWOmZUnv
zBwT{=2In?QG;F)<`5UkQgP9G{w3Q!4I4=3~vE;(mk~P#X?<*T?JfS%hXiij)<8(aP
zw4sLz<IUq78eW%zIEeU3rH~~-->JC{+FQS-j9ZKb@qNQa#Rlh3V<USeHkzFtJnHet
z2>sYTq$6&?=q8+TXOE}mLG5|cW;WN&>{4qqy(hOopI?DZAd9V(7fTW#qF%uLc{mii
zr1FYc>laLp_(~CcTXoo1H*oz1-NVChsqV~F(?tjF@*Q>ki%RFP^tMl<u3buDr;D$#
zofg^lIUf#b-$Fjl=t0fwj-oy+)GAe|Fz&eTyq2tf&iC_ke0nnG%`5}Cf4=|6)5l9?
zI#SJ>>N=K+Fg8rdaGyXlS>vLGFHUiNLI^^%v`BarkYFfHUuk<3m{HenhzS)l6Q(&2
z?HY5bmadgJ<(-40X>yt9VQJDl5Y4~8`^Trbr(hXPV0DL8Y%lQ5V6d257N<7z-dR6m
zsIq?uWX!>|vG{h6?3V;asNpHX#PHdMn!yY#xA56}1t@0v@=HIR3(1^pieA>=_Q6-e
zTkxOJ;Td+SXt)R=YYwjkqC?moJ(3NBRbgU%F+_;ZyZRJqhMMrG0a66lwKsu+v<0qK
zLOd4m!O9b4&RTbCrL^2w@PQo^`Bkk_mLPFhidkX%;?1XX45Vlar>t+JaU>*JZ?o`T
z7>?|nDzAa6Ofz(NGzAyD8YV|*Sa)$`wG%>4*>)2?o&xd#j=BtsK0l{tk*ev*CqavJ
zkc9TLv9cP~>^Cj)#+Fu2BD{NFfAi*g7!uC886gisvcdgav8<J6<Aq#@6F6ug{LL4^
zPbuooMEw;@&k2H<e8Ku)554-(S666@QYo{!^Fn(06*cIZiAF;ZPl6pXZy;>@9~B_M
z>GKDxP(MVOHTaz#KMPVsGDT*%E)h}9OA!A6V=iEqzz~*!xPWUFRyWet^7}yMo4^}~
zBZO|(BlLgjQ`-eJdOWPu*Lq}Wm^R1p0Gs`4+<7(DOHsqwt0rVHkUFf0fiLDbn_?<J
zbV%{GWaCyW>*y%^0`(rDRdHs)sLMjdYt8Qnbz4@=->j8v_|q(r!lGQ*+q|ez0}1Sv
zkMy{DN)QM&$j|r?JlvL?Ws-P{YY;p<XN-(j&TW;x>Tsx#pB?6_X{lSMxm*&!zK7sP
zf#0ppZdiYwpyS(;qTk~3us2!59$qWNOKnR>Tc-s&j`{Q+c$dN(I<3uqUI_JA6oZkN
zs3B7O44L6jRRl`IbMP!8uv|j-kuXUejwINp6;wB*#?HMEpQjXO>p5fJpfDuY6?g11
z^`2DL*foL!;hTQ>h~=Qi^PEE5r&5=6VF1kqy0EUrqFq=`<RNtQUaYr)Bj+F%`45_C
zUb1j<?Sc(%APs<$wbcpeT!MckySN?n)Tkz>@&yP4YKOmctj|Ea$)~rN_4i6GQ{&=J
z@xMiW(d*IcJP`=?#+1DWth&qC!UcjwoiXAeBpEtFu?g&6qH%@{j5&C;;rnGx*kLWZ
z^3Uz^Y4Qfzg%5Yw4gQIAxMGZ9RS3CgHp?o-539|>8f<o;v3gx<Ws41+Cz;6wf}a|i
zh(_P|%Rs3qImnmXT>TeeAIv0T@6Wuhiz2x+aw+;J&uY}mvng&L5wJ5mE!5j2X9H$D
zz`F+Be_sbPfcw-R@^jHI0SfiN;Voo5xyuRoU)ZC^fl=FWI3_)TDxu#_VeNL>N@&Qn
z5CV7G7YSaHc46DwjW=OPHkq82?Jra0fw@-3xDcczWRSvNFANRu)nBn#Bee~WZlZx)
zX2+dgd{IXJrCPbvsY(CRby97A8ucD|`uMZ3EMTyNqoe-X6W2-qk^edVgO~mPXU2M^
z^}pr+?snQBpbFG7_;Z5#b$+ryL75aWRSbLrw=IL6wP=zbAu-xk!RWq#W-|Aab$hqC
zU%+7kC<zfHVPb+@V$A#fk8g*Q&`}N{2YsJ#o$+3|nZwfw@0dTZeCoOHom?ad-_vnK
zoyT7M{4QQnY5>T%W)grGk_sTZq8wx1KYBYIKELL1>-q5oW<4PIeAV`Qlk|n*_Qd>}
zH~`8BO@^B78)_(xIl?GIgw{Ro6flMbI|@2HK%$k(A(dDIp&FX{)i?OiM4MdscLrx^
zX~1{7R4Vm|hUbix5Y7^927n{k=OAfR^wVD`NnB{ufT6My{dmQOWO;oifSWKv-^|Qh
z0mg)bo&j{h(QCgMfh{jChv&QVprwHArG?#6K!^k}L6itSzvCjQgr3pnB8KVyxh<6?
zH%(P_<tpbl3~as>%xaZHEloH?8)8%yFr3<~Y5`)3sQ$o{b5-AzuSq^DKF@Nyhi2)S
zm>52E19Fpzw(+yqM3qB(P6mXqQ9=vVBjuI#by~<9as+6merd^7@S_)EInom-1r}*0
zii69jViz(1Y7aO=I7&vsk_>a#;w$nA6D1{^A%9{WGK!1e^jX8|3__%jJ&JU#IlQHx
zSx-+5*1ipbvQC&7#0w4^xQ?+C(B;6Gw^DhA)5RgCe}oTc)ABTgO#RVpo34>jXL)~9
zuVwSL$aj_~wcrKYp57vnXy|kw6o8BLK5-)bbXk{x!}bPTo$iVv?3=H<=Sr7ga+P0F
zcJ^qMt`q=4uh?xZj9U|izJQ{%!1WC}C9cSn9hhz~R~~Y^-msVtg>Ca1&^u3`((CB0
zX&_`Q%U(Z@Y3#VTO?~(98j~c{t;t%t0J>i&gBlIPWz>>2iU_wqAHD9+eO$Qz**@;Q
z&&MCEBzv0iO<hls-?Q4rksQt4y_3)>^TalnF-4J}c!pSs^EFZS!E@Lp_tQH_S1COT
z;!edmG2ValuXwS^L?3n6r~ApLX?P~8MO)v3&0qt>Z}4q)t0Z`%`X?O@OzB`BBd83=
z{;4y`w0<tilKNH{7_G7s4-}7~AQBdZEfPC^jgyEL)p)lkPSHgbwa7R)=cPWW&T4BG
zkd=Ji>#cz1;O3pTDtUA~Kg)AE=nJ(yMCG$Z76VOcSSs<y)ZrRRiGnc^xd>`{nc;9-
zL<%}U2by6*!<_-`OLN1J!?_V5_nQg+K|z9O2X$}pN?cholO-n;SLI8!hSUl9VHBLV
zthwz=Ai9IkV^5mz5e$Mj9I?M74o{O%nYrU|Ndd>1$PW<1N%J|>*#Ozcbyxf;Q`577
z2IU46w`%F9%eZfgoGYq+30{VFo0Vj?&KVqiQQGs!on$;YicOl0w+6+<i=Ejl)_}x-
z_wNB3?LcrS9UT4?<?K`9%uo@<G-h0@hYCuf#dCuPA0)}#p!4wVOVPgb6;3Y}bMol!
zVXt~=STwr!IB0>|X=-aSdY;G<DZc@>z?|II`KKtZ8;%xgdLCDo5na#l3+~d{ee~+<
z(96TEx+9qj1l?3T@X96T9VA1G)B8fq1*t>-vc)|Mo+oQQlQvH~=NjAuT(I0eJJ>$h
zDZA={YlfK8<VT*%c1!Ek08lS5?98Q7ZH`N`BT<nP%&51i_`H<KM+E1|yRAOVX_64x
z#>inJ8Ku^hB>8hj@|xM=1qBRr{3VHHYr0x5SRJ*>;>)yksY8fQFB9U*v4px?)%uGh
zH5Ha1`e?Z!I%ZVb11<%gEl-9mobE2p&NiZ>30i@t0xx(W?MbMN>X7k|V>cdC3l??L
zgVd~OpfB{ET(Z)Ry7b?4M~*P7gX9^4AA287YLX|8FD+G)Tv88FND-F$`laoz8ww<a
zh&|vG5y<PyNb58^Gpsl=50}YNjeo?53i-HMVVH!TEt!9@XHP{>Jf+3pb*@V)o#Jv;
zsf8?NxZ`qd!p7?~60K=+#D(!WA#$k$EVidTHqeFbaivaia(UaWmlkoONLRU*S8z#+
zw{S_CdO3>CGs(i+*0m6qM_Oia30Cz}SM%kGfj5^!LrS}v#lQ$>n{U`sM<6<DZ3{m)
zM8`|E8^3M5BeF=}tqo4|&ta87yeXEH&Q={+Z90UFAX2$~<3^AU8|!FXdS~WP|2?N+
z;*Z2Xg$ZiH8J=pr(m+^hY##Nl;Y)`f_0A)DC8S-=Lurqu;cw*)!Z!!1$OTcmp)KbN
z8qdZ=J8)WQZO*h6USX#fznkeQi^ZGil9;`l=<-h|P30JURlu1rX_(HpR5C|3n-h4j
zrB~ZoIa6WoU7KPLm%?uKCud$xcs7c&VtO)rU6LRUq^n-mMf2v@2+r)ia$&=Zyfo7!
zwAi3-e#m<4@!w!LNfs!lEAw`-Y>g&eFU&XNl3yQtpL~*pqlzg<&?2iEoVUG;t<;QZ
zH~`VzTX~y2cE{zWM{tLB?r?gy7?25XlMR1Uh+Ot=2%Q(S<iY0_ry8;!kpX1cQ+s+K
zF!wAS{XxsxuzRT*Hh@WgTh<RewEH2NI#pzsMulT?9Ir`W^|qUtGS^-rg?Rs2-0|pC
zRsN48&-ouoo|&2Tf2@Igm96u0$j2Dn`J{T41fEZECZvx7(JzzId2Fd~d7ncAp;2N&
z-je<q@hkM2+p$t9rBE@irH2AX7l)nrn;mncJCBSAfeCQ-B@yA=1uzDMnDiStKditf
zCC2Rc`O0RuzVWF<Wy%~Aib{eLf_%PT!MiP&ZGSYGedjl3*KPyQ72`x{9T;^2F&*Uc
zx-;m4cLrB(>~^Ne{ipoeBAW~u-><3~Huqn8cSqBG0zr8rlxQR7-cU9%ND`P*`qgtq
zwQ+J{63_sXydRbvnJDP=h!-x*B`IOGSHZ)E$#xVDO5~<38#rbCYrWJ0T>;9H$Ol6=
z{-XUTJ@3F-F(cHkCen5wBUJk_15ey-wM(b3i>g8Qf(4q&YPBJKl=sc6nBzW~0y7-r
zM*7F&Evpos9dsuKJ72HQ>GsD4-!9%9-&fCDFRcQzJ@fj6%`#}RR3ges)>i_EmU-(&
zP5Ln?Wc81+#d58yBrtnW@4{M4nan|h_r%SZ8zu)eZm4)QaXoxC>6Sfy6D@?7z71b>
zla2R=4=~r*@TeZ<Jem6rYx@L|VEc&`+;{CWbapUpCYM#&!`m(%9b?-PDRhs6ls-8Q
z1mvD+nh?5dy7(xA$a5sfi9lrHOefo@dSCKILj$=jw1cdzP?_d8qy*^Uq4ZCHKpB|#
zY4>J#%eKj@lUzUQK^_mpjl^Jp>X{NWp}oC}KS~%Qsrt8uEy?)rqe<2uzruCsZeiq8
z;WeoruTIvQQ~b3sa@+(=6fs@bwSWaUs%zTUdS%?(IqW$Y5HrXiJ!=!X1B?i<lw_J;
zxB#JQWC}+WXMx$4cab#`I9Ihfd1ELMQ{&+u=S_?Z0mJ|%IcL}<qZ9Ia8*A|_dc(05
z%*kR|n|h}c{T7k_?Y=+K>19s<rtp6nkF}#zT*7^=cZ_ckYYvZ&TP$~2kB%8#;J(1V
z8d5EbD}TYBk1t%_fBT#YI)J&x1N3~4$DI(cS{ka&VduQ47YF1VXu`KeHr|4n`bsLm
z|FHjw`vBk>3i)!0JbD_vtG}nP*8#!a5dp$89J-V>KRax@QZ&L0b59s{pQy*(^e?jB
z|4GD(z5NBgfLb6}?r{13cVDC**{|l@C<O?ePHLuEWDg{O$q<NLOEs9G(XrEVH}1C;
zx@Ym8hS}|rbCf33EC_-l^+<pZX9TWc#0NDbK?1F%C-q4+;Tdq1gS<VGatHIBb=3Q2
zk?$b9YU92C;qB+WY-5&g_N4Ncz|-#9!KO#zn+zhu5<?o_8_8uPU?zq}1PZqKV6R=U
zZe&(R3)d|HpJP?z{q3+4vqHacz2yH)fl@gsb;e!a*ihl^12Y6IDiC6)HR6SkJzy#%
zB7g-=uzc3DX5B~Xly6L}3p>@Ppqyc0533TXBGw^Z)?F6JWR-9RpIO|mqu-*Q9T0!~
zq|&LqIuNjhvbTS}FfmMb(cGjf;Nh4TmhF{{-sdgrw)P3aiYG-I9ULezWXCH_D$0l#
zDi0!$Ts`u<r5<(@zewT^b+cR|5L$QEPXCIDZozfWjdo+>o;g@=+%78)1Rf9XU*8aA
z;c{cAnW_&`NLMtC=!?&ibwm?0v|Qh&<DXRJ=<Xvw(@v4{q&zN}*=>g~d-5wlfz}c$
zyeW!kaS0aI9Z@rAE_IUoVDisdEkO$Z2Nu3|J`QDkg}@{w8lf7s;N?DcDPyJI!YOVM
zL)j$JY7B=pEV1`YlYVjtrgVmyYqz3h;$P-mJu6Cjb_+vrNBOwj-@3JJSW^J$?R8=-
zE+$evx*x_vFI&k42JWJxv4LQKLeN%=*-;WZTRNes2(=)_(z>CCeCjvh*y|-Y+UqnK
z{z5qN@1f~2=h2mG6Hq}iWJtkNQdhe_YMH)d*y$n9cJrXuZhd<x{SUzE_%O+yi-FjA
z@3XKzBe(=B@iW>|uj1!}Y+cfR%f2RuO4U%X?Wbpkw`*LTpxd{9#I2zYHE90fxSD2v
za&KX=<!9UfxF#&4<n$X>@6(1z6D&`rb(iv&JIpp-J(yf*TX%0;{#H;E?jwUXu?YX;
z3c~v-QB?MEG9MYo?-!X6qxL<R^RLKu=sW++r<?`<PJn;0UnBQS5rtH?BVA7OJA~*&
zW80AZl09+YnJCF9#Fu24i3DHDwc9lDQo6s$mP8!S?5<<~A1Hpm;Y5_gd@7h&-9^QP
zU;P7K$qS^0>Ol&QY~p!~LuS{{&*(|EY<}+qcTZxaekpURSGF3buhQ_qISR}f)&W^p
z!|#?*D9%0O*!NuX3~jR>L}Z0jH)z8NKxcF8cK}2xOD;@0AGt<V_py_8&N%Z{lS=Yv
z<1QE+@{Zc+XKkF)%)0On`(_`c2-XQg3iA$y7;93Bj&jZsCy|t{nugRO+fcOCc-(Q0
z8uRLItLUbG$2eaHEaJ^t&2r~EK|nAL4{H8|T>r%Had6xN#&8F49d<|Tl?$?sz-sH3
z{38$PQN^d6WwlYh$vdB?=jRjzMxmj)Q}YaX39QhO0b@~tkp4|th6mSF0FOS~u=5FL
zUM;dJpFZ1?)<x3!K{m^euhpKML)$zick)80w!x?Z6)-Gv+Mpz^$zY;5RMQdGJi`1q
z;eC+B$xrb7Jx|I#VIpWlZsK!ry_#*iM&M1j>wB(#rLqACMFrvxf3fR(kO!mxRcKdz
z?`+~dthuvYxAT=`DC?;+p&ZH80fm{i{CfMA1&7S614VgQ&7p@E{0lD$?|b;If3@<y
z@$a+u=DMf5*B+Zdmk7>#47sVEDB?!}uQqH{N%P=-kDJ0^IhfQPuZO#8g}z6+WwL0h
z!;fyfaUeSoYU)^Vky^}$6-_h*3+$tt#&dlVAms85y&<OPm3@2IlH+_{6i@IiWMuB3
z%cD_1D~`+xf3TbKCm=9Pjkjwu|JiIf<YLA1ne#U%D=_os#kc=&r8ZXEnqY(B0q;{|
zy&=<CUxn<S_O&HL|KP#hs{#GVD8_$OMO^=(g2v3m^*>f?9{xdB6pf+$Uy1}GgjqfP
zJ*F&~OI0rN4Uw~pGZQ2bqZW)FKor^ko^+PB0Jq>2j>T%lK)&S{D{4!o=dZUC_!S@n
zK6_xiM9PllJsq!(LMgQ$WA%vkuaWPM)HMd4JiEzro-ViF_LzT_U$pP_<G*SbqrZKA
z{~iQOOe~&p0aotwu1ht_;`HyxzoGAyrSO;Y@4fwjR&?jNr67)dLVh&U7!U_Ikf4kU
zlK6ug$(;RxT2>s)MP<LkGQOVX{;HRne*YXQx}FT_s6_86kxQMPo>FVkFI9sl^rQ6Q
zDA0C5dX=D%nIwag!m<$h`j~V_$#}<~8Y!IfT&B@Lz>I;K+2wP;_SXIfW)s35Hfpa9
zf2N3(I$2N~UOYrdi4qB@gi^cyoU~e!M$E5%^fgAz1g1DrlqMl&rP#U401KXogZ|wo
zE_Qv=6xqlt7vMy+SDB}=)-gU|B<MQ|EExwvVK%0R`EWjL6XbY30-jU^G6qk<ej3J2
zLojXr1GV40NhWexOkbZe3B~pun~cPybmtHB-<jTo2^Z#&vTiK3>BBOs&>C?&VDtEd
zY5%n1ApR$}rP+`rY*m`nP{(W{=I^*|a=|OcQqZ%WvFvlvW_7LrA%$CsAaaf29?cBd
z9yrpNYkbX-ABmFc@nt$%7xM%MyBopTmk%x~7Pi(J@YbpG)-z|%Xh>Fhpry<=eT+lQ
zV!W%B%bxvIg>8I^%}fwVL39erHQPWj=mjal8nQU4*7=>y@S!a7YbJI)$;Eb4l`I#V
z!%Xr3nzjcLQFEamlyX5Sm1+brCPUlupP{t<veafVp^?2;3LEjE!R-kNO@o)`Ts~5R
z)FDl@9`1AxJvl*m1p0wU#|5?T#DrXKZ^m9nU~))3q=4P-Sk2wo$Zg>P$c<61Cj%W(
z#cBu|nO3o-a`ss%>nvm}bZ4(rrJ8zx019VaPN>~-M(k6==Ha-TgoT?VE@G1hzEDOp
z$pP`oL}PA%Md4M(-F|q36+%AvFw~s29?xA$;dQ#ym~O;$Hq7u|;C%dGKjpN$ZGL52
zDk6DhQ`nd(Ib+@)%Z#%#<#ByIdrW_algczx#C}U*lXn%>?U3Q&LzM;S6NXv^Dnw38
z12ctExco;;Kh~^Opn1aGK-E#TK^jw@dY=%uAGxg$_+yArG!7X#xJi^*k)B@mjd?+C
z)(RHkW_Ncl>yAc-`NSx-K7(so$nVLG+T&k3LU;xx;M(Q&bMpsjHn;<U`ZnSO+TMF<
zH)d7QG-kiBrYbpbYOSj^EEB3)as3}z!kcrXkP|HCIn}<5upkHYM%3<O+#;L97z^oO
zX_BeE7uxFwVnAt-`Z$?Z+7S%;1m&7DIn0bljTK<AbTR`nSAS`#l>Hk(@zWP3o?Do4
zrpe|7@x+iSOj(V^#MqijBvYmxO4SXtZgtFicZ=Q8A&p$ExkIRXXe$VzW@|dR4JdgC
z9~_OAMiKA&)w_!391RjsK24b!C}DNiMM)RcS<K%WC|Tr#6k&xMDM7<ni#~9`uVkbX
z4ql3oUHD)Cm$HCbvL#7XN@Zj#;k)CG3olAzlXMP{ZLTD`XV3Op2CO$@9Qa1pBgN3Q
z%0H|DcZv@o8fbW(>cUNd=AN+SP114=ai+AS5g5Z|mX3NrK=yIo+#DxIYEQioH$(E6
z;!0XfPHE+)V@375A*bb4;4exL&&eEo)K@i_wOg&Yf_96QQ~8>kvdPHSZ`8;)P%klV
zREh}l*4ash=XEwU8zbg)!P7y>F9o48VRK+~rPi?IGpoSAM9=Z-H)GP)LGIoF>^6_I
z9x_Tw#15b)To1!G6tHl9**W^_4m;?qbr;}u=rVDl!oh6SPo~xu<m_%8od;X)PRnpk
zm4Qu^A*1l89sjNad(^W-%1a?}Fa;M*x}DpOXxvw6w|urwLyKx4@}XEU1i*srIXL6h
z;pc>dZVIUq?ms{}Ansvci~q#@2s!cD!f-)@*rjvY#+$wj^q(+lqM0cC$910wfOPk|
zc%5h1)6gdE)j?+&<Jw9_<(&4JEzXSyJd~pNZ19B^E1WJUR1%iw?5H)85SUTn@P%Vl
zPyCTk9fHU6!JT83ADBDrGVqHfEXVXVSog5}HerY;ZNH<#hTt4sKnsq3(-C8kSGl)*
zI84|9l5b<7_bZ5bqC?JrR7{@4pb=Uga4H4co^mc&IZDFK5{=*+e_puKy7{{47jlFj
z*bPRJ?>4@8t8f=YlsEE|$0s+)C<je*{I8)w&d5a%-srI5q6CllPbg05h}|nSSG2er
zBTuYY-#k52uAmV_z*bQG?3;C>$*SldTjo)uR@qkfF9h4pY8-f}PMVgvre^2f!~i`3
z77x5+do^1^dBMP_2c&;yDB*r^oVVHH0ZUa)65j|D&l5N|mLy;y0dig)6$l>*VDlEg
zMM#lE#YkcD#0K%WaQgL99vT~3Vj|E2E+|8MmuXvH(i`8u4fOPOc5VjAc8QUdZrzUg
zP!=eV(@zrW)J0*wI75^3IOD^fz(PVPQBFJtAO!HyJ(^sHp0>88w=VrTR2;^yuBNvh
z-yR}Vwy8&f%ewMKtrbHlRPs(zS{FS`f%@1Jp;UXbQSq*h8Oilmrj<e#Rpih)4QoHx
zMqQi}{*Bwoi>e}Z6=sXXyEq3#+dANc;ck?{c8VM1=a2d@rXvmZ%wDXTDLi9#bH8WK
zT-pLPO)u`(YY|xNJ8(k3qQV-B{@afsN62t(^-M<BN*?xnZcOKw!}Qp0a))d3HM6G?
z<5sxfuF=<CdDP~y?V$7SjUi-!7$1Kmap8G^?+wqEj(YCsPD8;Im0lZ0L87qX`FH%u
z^4x>HSxEixX@FOzND6=@KD_?a_HT_1T-Nk5@3NSpfoiQ>6aZtteEEMCI6v;tEdNhz
z{g2eZ|5$6_NN2~sNb;w`G3YNMjrBg=*?LdQUBkYTcF)Q_yf!sAWn!0_<K6}4UAr{!
zUvl|TUBcbmJX0@|WC}cfugI>gsGI<UB>vb1k_oaH108@uNdmtptF+gU3}gNq_^#>p
z&HAENr0F_#j!LZDF9PuM?;1ex)f!~bc@@~!>;4Q-6XZhC-rc<>s0uK?w;J9ee|5e4
zdYBIHyx6(+Ylnen?E7+AAwpdJM0_omh+_<Z#IY0#*-HnsAO-$qgwSylhGWCRCZPhV
z<o?%s=_U2osBvdxMMnB;zniaqTVVK%4KGD0)5Ox073;mazKC2AhDsUx?!w-%F3`HS
zFG;C7=)~$!rH@lAM~QPAqO}?upF<mfwyf@7^IBy4G5C}e?CTz1&vbkR>E%#X(3bbN
zCPMwf<OS=5h6kf@S+hU!u!-RP7hE~+UkFvn2D7P8em#xKx?*Lzq;nPeiP6=(R~K*N
z*{(?gH`C_?iOx|I+uALkw>5q57#QzT*2*^<Khx)-+3$vYHkm!Mtde@ti3-Tpp%_wG
zGCV*rS8EHpBXm)U(=jEyhy7(H<<=@_w8@Bx+t?tRejinr<N+`B*6<MUujlqruBx}^
zBkg(c4*e)a4H<)2kBG(dYhI9?h4~hY@c^`EmT5dIE4zplM<vmJ(R{A?NBE0EVV?I}
z38S8dLR)_auXB>iw%BW)EKMdcmd*zXwJ1635W#C!!;KW&>|%179sKZ1+-}Kv0+>{$
zvlDIV8Im6R15@K39(DxQqhB0VuOHe3mq(Fbdm{;N@9rk10s}}XO;2veSCNk9Rdln~
z2*5&n@<Z{M+Fnxfp`i<xV)LhC41JOyg~KD1d|^PvS&G|4{&aO+RH6u-f{?|vm0m}d
z+Bf*F#WQ1Bi~cQX!jB&TGecA=8SK=lW}$cy2s`axMq1Q5MHkaNqyLOWS5!KFZ&r#+
zRr-gODxW^nMk&?#W)`hS;IGi&Tkq?LRo`je+XzZf<nv%7hQSc6hrV>+djG4~=4!4I
z=`1eR+iZ76kTSjsq6~(KwzO7UArfM5s?<?_N*_snvQEM{_GGRhXhRb}cL9~VC&Ec{
z)OKbI2IR!?-%OwOWb5?#;kzqhVWGNIRrMOVD*GPVOsZ6q+!w2pH8=qGY30`?)Tk+k
zD~9j1WZ0u+$V11&fWyE6j-k-()DT(1Th%>Sa0a~u<qh+U;hC#sZ*7a?n<9VS+z#Gm
zGtkDSdvi_Hp#mmmZwRk!PDKxnT6c;gFhzZL&Q>pVL%z6?EHas<;Yv9IEpgqwoYktu
zcbg4`LQgGMO~4k5zWnGZIitj)D=^F;edRyALH6ZW){|(9&iGk#4v+>OyeO3s%gB@=
zisKVd!>uIiKw)~{0h6m#VsWre7zpP1r7MA*?)S52w?479fMMgsb{!;PVx(-u5FHVO
z_Q?H-6DHYkta9c9d2P;2CNRG!N*fYGto5k#VN=fRRgX3kHDpb}q+SN~5@;CERH9OV
zwB$^B&~K~swCoRWJ$<vz(+z(8E4qIWR^?G}I;e2A&5fqxW)a(HC%SpR!>`1<)myH7
znyDW$WVRLxo76}`X$_)-sU2^kxSOdV;Q~z)lH?jmrQE%(0~zOAE3Vba!Bc&d^mH;a
zbm0@sPnkko_)-ZcLgRqdgtT!13@vnw;lYP8LC{I7bm<v(K^vbHW!rJi{Ym|Czo2-L
zp&+`l?^>gd`a^bV(xG!(I+``Sx%{z@OuHO;a3zuNUwoU9WH{fpOz!Vw1XgBqDpxz6
z1r)28<&nY|Ie$~JvV_5(!ri0G%R`EiAO&B2$Yu>=1uAgWXm-cAF)p6p=259jLA^Ur
zo)l0d#3PAyKFW90)TGq9mR$Z#t<srMUODE{>g+jhQ#u#iD68BEjEQDkbuF9it>qIe
z0DC`MfgL=<%%fa1iQ^8;j3tc!gGzshr*5D9*A|<?g$LA`bd&wzkr|!+ek}C3ivAb%
z*_yz<i)~ia-SHK<o5bi6r>D9v6)@QRUxhe*EcH0m!5FOU-v+|XHFi9eBa@Vn!ybKF
zCy=90oS^P>qX;j8^XoL4@55FK0|^MKSyShJpT~;z5Y~Uj*jxv!!M*=7<OWbMh$whN
z5Swhu^!j1R_o7HcO`puw8YSddw9@5HfYTq~VK`(r&G0LXt>m{S+Gn>X-f*wm9r!@^
zZfS%mHHQ0dWs@~kFPX0{9)PlSVyjm8%C~F;N_K9DU!eB8-s8P@fPj^U=CgM*=CFf{
zC5>}6Q32$Hc}ZIIMY(9F+083oxqr+1-;3wk{yZWLv@z6rb0x+>*MheuC^kmnV!ML%
zV@$7b1oIRw%6T0`zSuBDOh*)^3~)bWI^qX4bJW{}oK$8-XvrgqkhN&e@a9c&KFWKA
z)3u!d@mX6?yX(ngnvN+SZ(Henj&P>N)Tw2Ba0;gl2@mF8JwSCf(2JXi#HU=}mC3Kc
zJO{;`=~HNx^oCj^!9LM<&jFX1#9Y}zLqAy$wy8*vEt$*3@~5D>Jb5x+Mqx9H3{+_7
z1~gQh<K*^tcxS{2FL>bo;sySAL*^mPOhY8blB+N-o^3`<FPlN1sZN!ki$!?nMLOx^
z{ra;s(C>D;c4qq(s#?2t)fRNR_~ycNQ4!|A&fm6HBI~JcH0kREtVIU32(AO@g;Dwo
z&;r|G<eEeX?(!ER8s2i<G@_($ZqMWN{<S^h_8l|i2mc3U?-*oRx2@}@ZQHhO+qP}n
zR;6uL+P0lpX`7X{adPc-BksO;e{s$_GsfQ;b4H9YI$Ce<^Ssf!<<?tjK=rCc;)lh?
zth%^h<Q6@~PztKV*zoF)ai>GLMu<P<p6u4%=fi#Lm%Q@$0=~TgLma<e{(ND<!NQJ!
zIk}kQP=HkI@HWj6Zn9O@t4EjV-;d<CQm4tkZ{@{W)YD+ydWa6d?0h7fJz|`th`tEN
z?@6|U-)fQkuC!BZkNPc&Os<?>Z_4rfo^D0m1e=p$P?7`Y7KsvZ1B%tB(HP*Qo258g
zgtuk2rkkbT{1?AubjQB9wJIvWeQ*r8L~@#+3kc+7q*SWNcLfM&3!>Ps=^0@cQW%gR
zZ`Xea!(TTm-`@cT&&S`=6fN+WUu@r>B7?)FUgl=j`ehxg*Ruy?l~wvmHCJ(0(%ukg
zc*{iJU@k+J{~#S@WcabEFc8=qSwZpe{5Ny~GxL9%+-cU@NZfBh^S%BT<p~RA%Qml7
zQl30Tg_OB0>podh5w9xO4V1w+>q@4FPn+Gi4<m+iNi~+?PD^`!-C7##|3|x|QFGt9
zQV1c=2Dvir_*UC7_i|h~`~nhlykY$p?UESI_iV3>_5<JCo&Q5*KLC;hSu$viSp?9w
zBibkx)IS6tZ|9pO>x1+C5zg8mz&D+B4A=1+{mW+-8VEr!2uZT!_!of<WiUk`-%x||
z5Sj9b#*1T;-v-r&U#5)Yi?7hYl2ogT?lJWHxNncAqA94o1C4`31|$y9*YeQ5<UYpm
zBFNon9>>^jqrTy~1`@b^=?T?;(Jq_P`jxF!F#2)+a)zbld4~}~8nLt-c&I$K=xh+^
zlM99Xb*iiwwB(IL68eE%ie`vV#7Q6@+7dzxD1jhGBMx^vgLZR9g$kdhCqeYjgCqVV
z9NEe9a<^ymzTEx4ZysE_WJDxHjQFxUK?#jXG<d)UW(f%l;;++9F<=}Erc7iI0^xl+
z2%<ntKu0*L$XVce?a7oq6f?Y9?lx5Zc2z8RX-}WeY8dc7159iG2@yre2vLAJGmptQ
zUxFhDOD602B{n^=@;YF$+r{vgOTHK5uCNLgy&lnGSshn9!Cd#EULbjn`2vU3alxEf
zAH_OWqq3J)k-HJd0F{E!KqMyJgn_-gb&kh=C7O#~#_6ukPtw}k7v1}auI-h2$y(2*
z^2q%i@3^5#)y%&2Aor`pSg|HJ2Wf+D(<-^VRD^A+J2Wh!3?+vANwctEo=LY{i+h7}
zG#+GV``n5F6=!lm3OCr`Q^+VR0>c8mYLJd(8Ou48Lcf=~#Wh^{XW#ZBwahDt2n8HG
z(J0<YUJd64fr{(~{e*$AZ<4oV`9MnB*a{gd0AZzN2`gHlb(qI^08QOhLDvfXo3TcO
z4_(gTF}eZQ%VZ;!LIMNoJXh)$IBlH>2NvI{akXI-lHkZ+SB{a;WhxGs#%5$d>y)x;
zR-`m7Ynd5sYmr%vN-ZBt9@fMWWmoYNo_j0JfRpvQ^_6W)w$*sc1V~6&pd@lPk-vA=
zipP(W6Pr{0j~}7#Z{4^>Kjf?HEHAy}dzrP;zp{fg^eK+YE7(qDP68X7rHVYY+{dAk
z@kqymGW`1XEq)>}6})lqVk$@9zuWJf7d+wAr*dy|x>xa03NT;-brBZr>W>YS$f&YR
zWdY(fj)8Fl&nOf@$OP<r!jmcTO5-mpt>||&UmU)RY<=bqbkRnb(bk2(8dlUp+qt=2
zVv<N@4scQ!8KSvX@+>wq&c#eCGAWJY-xlExp9|H#Gh{ed_D;yuI@oEj)aZxZGS=Mc
zTi8T}v_n$5yQ-7VZ@{9Os(qR@D^eOJEj}g+-YtO?(Vkp&+n}=={%q;rPXU(I1PAH3
z!O*{|kG1?&%E*b*dK1L-l;p1X_GUdv4gz?uij|BL8Is>Ppn%Yx<%~lhKLi8KL0-*~
z+Jp8I=NxvhKzfjx`1FE82qJsWwxzx>NJEOV8JAt%8=^Mo?H%R2AGbWMrsTmtw57f#
zP>&)D_eHBCgU-x8>g<eWPSI8uni#)9#5;#VpeXnOb3zS9C6O}pe|(UIOrB<QVP^MX
zB%CaHlA4$CJWKo_z_qg2_uTe35A258q4$wskI#W2bNQ~aQx9$gaV;f<>k{-h;RgRA
z4v`ccl6n2q3+WjqsVO^;R`+e#oO!LfK%3Q#qu<h8Q|afm+I6S1wl%tbcOWiP4mKt}
zfV+{)w(7dFbAYruUd|ov7T}&k5_s^)B^ncC6OjrkW#4;!p0aaRN@zThbPN&J9$ciF
z{49{(yiq)%&1%Qk8aJZ-*9OY7UI!ce+2W7SeLf!rvNW~Ic=66m${X;r(Nvd<M*0W2
zQjr847;B7v4LW#*7_*LEfNe;UK_KlTaq5Y#Rgd_}`4^re9>TVD<85qqP8XN5Gfl4O
znZ5lDah{FiHPasaLeXqXs`F25PpTSe7~Sq>C5RMBZwOxS_!SgBGg$uu5cou#jebJ`
zLvFxPh}>^aXaI)Qe`T}!>9RomLN#Lt+A8^ZABFe19k6!ZI=y-7o<Nu8Fdz2)6d6+U
zo`GIL_hDP#(~l;Adj)s_5o5D+choRw%|7WeXI(1{?ny%vHtk%dxQ`RMHv}n4(0_-v
zUyOAN<lG%quboLdv3$^g=eQlP5#2bv#RZKU-7uf&k~>Lvy9sxFh!`>ikB{ZXqXRNZ
z-sRb`it%ho2%i&gj0hwYB92!aW~}oflPku+HzDR*DMvcRcfGZi1OgP9xIl~(Zm66B
z6}7K8pAxx-qJ$V|e*@j4R>mVnR3Kcg4S+-g6*s01{PG(7e$<AF5x9Gt7kCcg6uiTF
zn%Df(XpOeJcYAwq@bUbMStCk5kB@H#kMDtI<PQf|>VX#of6g2C_gBv6D=B8&-u(jv
zGzsnkA^&W>YYfQS*vNjWsRIY9<XRQ%swmBXx9={M&AV_$uN(&CG#>EwcWG@BgR&Pn
z;{A=K@%B5t&Sw&sv-z9O1{sLE1<yB-lTw`TKNVJ({y}fS$j-?5pHA<?8vm_pHhDw$
z>W(T1pryE&a+j?c^nnl(LaUgF2&w$W;q2pW<^ql~s`OVeB^2;6USp%Pk8@SX@SeN|
zkweB|?h#emYhc6jd*iG*%`V_Cnm3LzWuCI~WV{Nyz{Wps7JJ_-=0R=TxZdV{-$t%a
z_tc15^TvLM(ALd>lm-`gB^o8m+}@6^UskN|b#Iq3#Ks1lI*-}phhNBFTodLHyPAm6
zJ}aZ|zz7@9)dWCThIa0#day!HXfJ)z^m?hxqp+7vTc*t7QkL{n107rD!!Tg7^M|Gd
zp<ssm&rUArA%xJnv_qZnn^K0?><k$(Lg&$?o7xjeQ_4sq+~;2Th~@_PP4qr`Nl-nc
zC`l9U;ao34w{nofi&K$2D|*vGV>O9|xsdPiDil@r?D@eE7ty#>h^yzAAMYm1$FGK2
zs^la5r~r2GG=v(5o^Nh;ob%wo@1MgmeM=7KMAnHuX(fFaS2`w-9TV`~DO^{?;RM`(
z?2?0anpKtD&SQ#FYmy0>{Y2bb7Ux|r7Gbaz(j8&Hsp<R%9NpBjej+w@Ziix<pC-#s
zhi5SslVGq$9QMduZQ1$=thqMU9Y<pL(^Dk0(N(>0grFUkg9+tRbGk|RFuzf_ewX_*
z0T72eKmetG%C-Xs?k%SIUGt{pYQCA8s8NEOfwqZ21qpW0L`*$i>-LX|hvoh$g8L5V
zid;Bj)3f#%5=Ult%wfGGw8QJ%V(h{J)CZXR)x$SqKmAEe(>`E|$3RMU-99P}n_*%e
zlV%2fP)BqLyPiopgqrzbhC?hcPYl8lCI0B9n^sOiF#U;N>FF(zMD|XYiVnX$i}Bve
z(>Wg9wJqm`mdF+DA>dJ({cHw&wHHr3b)sO}>bbVu$<17g9YL29+XimQsPaT055h$b
zgnGo!O9zRYGJfe*J=V~~HdxBC!*}{<q;`1^^pR+U18sLQ)V7^^8E4l!7e6sIR17IQ
z&kW*6!aCBktRL4<EZHxQ#n?_+X~xCXW>N#=Ek2vw=X$B$sIVU2vH|6cz8r<rOHrD!
z@~}ltLMm5L6((Xf!qqy!zUDg4I%l@xq7WKT3qWVvyo`yaf!?Mxkcx(!EuENiDxr3D
z;G%50p20vvja=y|=$usV%7TtjqJ$cz=32T#cIw<GE_&lvF+zC?)@AHyT2t;wZQ|_C
zAag!Cc}#37=RDLw$#G%;)<hFXKaH@g2k=t8&Kfihjqmoa^ZpK&;0yb)U$b0-FY&3f
zg#a?}L{t%sSD~X9<s6E)fGM+Gb?|29R4SwoY7^0N-JHocEP?%j@sSGISQgDCJ=R$&
zf6-aE#;z7kUR>iKg!pUAjdCka6du{LoJp<*aE^gBr-JHPL;%hw*wTTTcv3|0gS!OX
z7el&b)f?~E32IKv*b?pHuM4iOU0Gnb#~cmMIx&3P2r!;?5YE<0FG@w%FoINCwL{#v
zLW-3gRxDruclHosuLdn(cw))Ne#>f)!lJ3&bzwc>Fc}nJB<s_W-vB;$?2lU+C`eU@
z(RC7p)=IyfPJtxq;x}=oW?zdtAuu4u#`9o$2MW5S&5wlb;W>x;3@|9{#oghAF~+70
ztFLQh{QY&%5T(3;IGRi}-!-uuK~WfX&uZJ;ZiqUfJRj(Wv-lvl<Rdax^lTK>h=G+9
z^0ulqdb~nI1_3X*&-Lxq8yRFmozYjbuLq_8gygSXRel}52H0+_Nr@fsMSyw0<~Eg5
zVBK+mC2Yn~bM0j-{P4^yk<Scax9!c=x1Px~;XA^btcJf1tE(mX;&mnnFdKbL!u}9D
zev1fzr7pH){6joy?TE=F13qRSoF-axUt%hoX)))xtsp?yvC_wc&i_*;ACvTSg(03U
zldmDR$E*)We{8?~)zKB@&)=)l6Qi&5Rj<*LEr8XaN&^82=MS5>hAf}kUv6(D3+^O4
zb|4-D?hAABcv>C?hOZ8yW#Kv@-)QB&g6$JSaTy{QJ0OzAtbnndl<V8mh3CdMuSZjx
z=MxP=Q1|d9S{av{aYhVmv5eO=Sae+`30#gmeEqmfY%DP9$H+d)Wjv*>u0jZgw(cTJ
zlzc$522cCJqrojEKN=c<x)XY7snChnWfGR3Yw=77A2#v+%OT@I7Jf~XH-g7hpU~~(
z3~#m6@BR+RCbMS`o&Iwp6$Q9R8g#u4P=RTujOO*}4Tl7p*E{a0hUGvsWoL$jhmMN5
zcTt`ameKIQ8vpM45m4V`mG(@o9ypmV#|DcT1adU$6ZqKB{2xSej10{G;ICw2Wd4ui
zqt!q0(Sw$M6DojIx;7<sQ9zk8WY7)P+mZDj3Y0OTs!0YoTBs*8N_%_4i71s@Xy}=M
zh8je3V)1A1)<_0!#EA-jtPUbSRtMByWc2F(x`d&qa>UPxO*@$<XR2L2hhM-kE)OUf
z-~4)r<h-~0NdjM;b4&hw2)K-aCRCCvULe%FnRZnevPJy+&w2KIF*V;fpH88%1_<8l
zRwVALpZqWP)V~-6L@1?5Q^b0K8cSkSpsXX7W)OcC5yrQtT8(W}$CajP$M@D12NRpS
zx1H8VvuG=jK1_`G{>}J1Xp<*hA=X48F_bh&&Bz8H`mwrt1<Mi(>%aNGhUQSNK7j~L
z%Hw*LsP&2HFn$`b9%(w@d4?eNP4{8x`JdWIAdOVC^Y}2C8=1VvE4y@T!`)W66l6iq
zo8<<)N3hT7Xo3l7M2pkKP@csg)trk%lN7{*n+ppN00@+_3CVO=qF&vjU7I`ELy9BL
zoR?bI0u=%|2r5e4Idf@f;_iAo7t4?+h3E@%jiQ>CZ6DdumMbfC<SSe=v=`N8HBIe(
zsLhzYRkO<Xseob7oqOq8+4CBm-lq2{<<%zNFb<RUq0M}Z(&Rn_ZwjA0X)rFB$;!OD
zqS@jD_L|^@E(kE;>QR7Z9t7pvRKN+PS&8D^a80~-y>e&ly27N&L^I?oj2N%`&p=(+
z4PafrdGgSbswULY#D)*hpwQtwOx3V0(A$SIf^GQnlI^9#uR?)M%=Am!yIb*-$h}*j
zDG&rTxL}flO*j;c0NlJHX`~3sgeAFP#+_N*fSFX<ar{}wN&K<pnI+`j6*)D0gU1!R
zrSsvf$6Tk#IJQaJs?yQ#$vX=L|AHV<Mc!A1h-e)hzu7yR=DGB&rqBmGHjL>2)u6eJ
z0|)2~(<#@gzb*p$ZqE;1TK+~)Ts@uWkhcxKL_TPYma2-!gSa3hqNySMDXJzx18A2*
zm6UV9T->X;5p|X@4?TLQek5IkKZDBLoZ4kD+~rp<t<>Fdcrz?_x0}FNcy9)I2AK2+
z-s!#MT=c_v#DGA)vw;Mdk8w0SrUHE+*TnnI6s$No`gEfa&6u5kI6%{Jic3AWh}3y%
zCE$UFM>vqjlu9r%f>?irFlv<O%J6ON#9V*-dwaY4?*uv%A_6wbFXKkUV?qAj0v36}
z2m<Lp%(vyx97<q7o&eBbQ>G3IM27+x!Jvxatg8{tJa*9IoV#@bZ7-Rqc(l^-?FY(Q
z4Yt4|BVULVKCDZ512sNY3k55VaJX8*C||g9wdwqFT*^%!t?a@=uWc4Gnr5ij5|(3&
zCXp)mtZ_yz77sfb0lK;z>ZghfDfN?`H#8dH5WoOPLkLpZbK2x1{_F!*o@hIRf({QF
zhZ6}cQb{7C+N*lT<)ACJL{(FG=PbJIsAG3+<pMeb;TOW+I;Gaj!Ak0_UWLd6ieyl~
zr08>-x_ecA)VY>Sk0h}96C8{VS!~7J4W1Hs|KiA-*XD-3O*<*t{99&oJM*bXPqlS@
zljYp?*?0#4?gI2d5;Zw|KhK8vteK7=X@b9fVar+FHD=M^+F%mN!o4T6vg51oGu+lH
z3>?`~+AS9QrV|yX=+87FJ`CWYj^1lxTKiSChvv*(S^zrKIwO9@G^R_+qi22YkNXkU
zZmJP|W8?O6J5G?pd>66m)66d6rJPk`V@#8}Z|b|HWubRjcJ}xtU=)Tp<qR0Sjk9ZK
z=j-EdS?BD5zCGXeC&Sm*f&KNh-zh+Gg0-|9?X!D)YEi170faR!b+Xf5u9LyL5ahOB
zX^!{qL=j(I<se=LQB|h0c2$epILOv?*aqzMI*1qF^yHfM!s7MrgpE+2OL~(Ufdj{$
z&Jer%^JV+}=ho+p;|7#?VV{8mTc8<p$$pGSdd^=6kWj2Hez;{uQyk^(di3-2CT;=S
zs4{C5_~8D74foa>XO~}_aeVeca}{oiK-0*E6=0zKA2eTyj$oJ4{^sDINu}?VPXvf9
zo<=AQ9PL9MK!m~~cL%GJ_ls_E6tvyptI~C-!lb<+Ua(dLF0G6BM)bj)KFvvS_bW#A
zdefU#u$s2rHVGM4!e$+mTm&qd>;>%^$J}7JfcMQjyl9;aAw`w%q&Q)BKcmcK2odRD
z(mEM~W0Jd@-@dsMb~xc&vSo|FJJ1%7H?YmQGq|k2iGW)1TDrAOzbEi^bIyk8EChn$
zZ7^=Y#_Rfu7_cFoB5MOM!W<>f2K%_>P1$d>xO_K$(4c7wmviV9czu^FuQM$hm8FEg
zH)7QCrw`>MIT9|!Psekw@+Tz>K9S&v9$+xV;Z9Tn{9|DD11RJX(XAj}86-lu1OG%g
zR?+tXDy9nY<&!%Ike_cK1%O4|FoHlf=@0b(`$Z&{A|4kR1HA3VK}b5|fRi8u#r5ES
z2k_$LP6XD{rY_Y?@g|BGM?*Z!yC4dg!Wg9&fDklVbcu%gOC025--?Sz12Am`foYQM
zZi0|BlqhJ$k4X}*w9n!@?9={~iG#0FS;60`&mf?_hxU-92x*EDa__bq#|#XHY93z6
zYdo5}irq|j*@^o#C>YkwJ?&5KPd_aR2>_PMA_76~QYi(-qYj^Se_FN%Yg^a<+B1it
z1FrLG-?(uqt+fNe=khUR@x9tDlsi=j0~boX?u|inj9Ha=wrX0hF?Jm|9(eu%K@@%Y
z<v>ExkgLVd!kIKwsIYNph-BSeg*?lLRM`q5jJooWtZ%vYlmrsSC8;C8O_sF|{$-80
zlet4cbMg3&^hPSS@8!SuDSpoxS=Rn4r*Z${r`h|=-+UWUkvD}$?F~6%`~E<`NzK*r
zKlkjMEFAx>BLBaE4RbOu{=XG_Cbs_=HoT=VZimB;(EY4_1I<wtI!r|H5|7aV%7BBP
z2*Cw0LjYkQ5l8|&vvZ<K4JDR~7af}$oG_RlJv_Sp(k7dhDs|ROLItZYr^D5gh|#OZ
z>KLx)jYQf+Tdv~6s|x8OzeK4iJ>qH=Usa~2Oe{%DVo*gwpRAKe9fl<m4t=mlsw1!h
zq=uXzCN4dcQfdcRuyUvnAtE0Rz}-!#V+up$Gk1C;lY#;yEa1{DNkn~P2qg%M#bHq`
zzZbhnoF$So$cqzt8yDYB@Nfkx1Og9A_yWhF9CG~|L99rJ0udU=17g|$eHclMMGx6J
z89u=|7KAZ?Iz}{Mjitk2jfbaC6}e4-X;Uk}a1?USMdJ!)GC~E4xY7=RNW73l1PoAD
z0tKiv0y@z&Fdxtkfs5!OR|JGq0E9>)QGr`AHByQ)o@RfSBqa#^cP7SNNU>z5wuHk$
z1QL?a4H&N0yr){fRx9SQB=mF#T=}|4ezX|mEp<GLfdIuLCRn8DGUV^j34sBKB??9)
z6;V`(#$Q1*6=37$7(STqA{ZesM0$$?*a#{Nu<JA~5enT?co<5swN;YAgYh&=Muu>t
zf^T>sK>=&P1q3b}eK2Zqe}b+q8b37v(tQUsszNkF<&M@!T@;laK*(f_wgn&8RfLr!
z_|6ShM9ZS1E!{oc-_z;n=C6=EF{2dc-z^qRZr<#HLBfN}z`(fq2X{yNVlBEnnJ>4u
zc6>iPztd~xueLTOo8Ifb@6v0?T|z72{lA;VN2l@MEuV=uuk7*h>o6$7<U60=!#ii6
z@t@)EEAmwNFa5vokHb6Z|5gYndQb0it1+8iuiUsf!y}icaR!*v+b^ivP&@nde!OAt
zPr}6+P><Em*zx<nx%fhDOvKp6I!!G>EQdJvC-?Nlp*&u=+K9V?_%AQc9sZ7MDg4)k
zU4Nz-4R6?NNk;QPSmjZ}7C}o39Xm`Ag~6~wtnoBvO9O_Zoi3?4%X?uj_ShaMoNN=B
zf^jjM+&e^fCU4DZa7x+G#%p8Vu!flAm~Lm>u;fUFZ=`R0g4D9OsW^&Q6*wM4Y!9L>
zJ<DRIM%>J2#x_Q|FRZaC%S4~x3@D8V3|I7c$Wy$)PT_I<*@)X%V{59b-QUp?<SMNJ
zmb4mPx8zN?6;{{QZc=LtGfB#hJt?a-Z8}9GP4l~c(Sd%VIVL5hF8^)CX4?(_4NSL{
zdGQzKnKtGbHO3kAyZUJQvG8g|BJ6brVpYe{fU(<cj6kX@M6~;gBTS{e^$Fii2cE3W
zNi6b)sgDtSeXT98c70im9khn3PCeLxYU1W%SY1#p3*KN99bN~tf|<jz2}E?Oag8mF
z&QyCt&SRpxhd1_S@642ESKpEK{A}%=Y*pU3Fh<Fz^o{@MZ<Cr}gTah*=*BjP5pN#$
zXF-R08EE%0(K@0zIUX>yF6}6|AWYO>-}_;Gi?AiwF&R~dFZTPL>k*EoOU6p`71ikz
z$^!II0u4baEIosC!SY@FX#L9^$|r&jIz#IiEh8)7u<94v(rGKAbynlhzy6BS96VVq
z&Uy}WgHN~NEyS2IPiv_Exj^`!nq~`@$9a!77#0&^iC~>sUnfXM`=aLrO^rI}f(@eq
zRfj72-Xf&+kx`+{ilk}^`W?Qj-rfqprcjKREBy_SE`HecKL^(zclbYan*Cp41hj1J
zvn2klm!(O$>}kxdkg`mCs!_W3l9YQcC`V{^3_4q-8yP?H`<!lo1`Mue<SQ?$B*KhI
z^E3-H56f6X03XD6jFA6fxfWy-{dG3?@xQwSd0ib1G=|svtn8uJAHG-C)9I7oY>oT!
zaTls`sYSR}J?w4g^L$OE2!|vAmdrk<v;aJL(2PEhydUT7<?;3Aee?PJK?(E|JneTR
zZx%jZ->6q@3IpzeP{gZP`QR_6&ffxS2*YrtU|}T>jinJ#_r4f1-u-qWKiA~B`{}T6
zZ)eck8NEl$Hc?EaIc}fNzi3tZ1tdUOY*8~*HoKb9XMf#qN~17i+;g|R_b<C&_D|zT
zl;}oED#)JDIsf%OOU>)Wk@g4`J7OFV+?4^!Yhd@^Fr+R|c~lC1Y8{8C$<aJ|x<P$;
zew|ZqHkU-e0Y2(wGU|hp3p#gn_mjD9*G(g>_sI711o6#R5;=4E@sDMlcc#XxrJ7Hx
zn%E@LRf`$>x<1ILxv>MCwlZ{ewU*D<k9{b$csh3vJ_?u-FOV8Q!1woqLHiTixO~3C
zjZXuZ`({Hw!`1F1wa#FV>6>9DeeAL@J6Lmv=Zoo#_G*Wbwa24IW`y(#V^p|nIUIQf
zk@UQzAOz{CU+X7|Q1CR-3rl7gZ0WQmLLwl(>AohITu>pzoPt5+beO9JNRA#{Vj_4N
z%_rxBjR%VfLWESdOj5`6Xy;X!s~{1=OZ{!EGYC`&;Sx1~^n<qp#i=i~Xg*QEB6a>K
zK2jj717|N~VSMh2T%L<IvGc3iw9Zc>2ZvzHd~71xrhmP%tCc5rECss~`zBfZB+$;6
zF2+CVCJI@i$(!qzDba;lkWe77W3hGYJp>fuC^-87WxoO;mT8UH!@<YvaKKp0p*my(
zMc|q?L=D9dz$v8n;NI{+)@HV;j+tbRCtcC)!-3P9s)4lE{WO7vGbFR(g=|Sg$Gdz+
zlj-v%lSR!mTk6=c_cQ2keX{vzrF-bA#w2xgwxy<e(AYRZk#71HxkN%tNkK@D4>77p
zkP-wg`X_=3HZ(OyLFB?J53k#T(+BINjnwLEp?i*QIKvY?``Pn1l+kK0vO1Lj4?)GI
z(?Fm}a;0OW@@*~pL5Ui4)WL?-I-Z(4$60|!?I1f}xg^2}s~|uY+a54NhA}G4EO*3p
zP5TVfFJr2M=!63<Ws1cG=w7u%TOwU>rp+AB`pam?i<nTCoiB{H0~eLgZFyE|?VW+$
zt0`aQe~sHLC)%bpT5KjLdt+}9q^A-9u|*XBKwJ{3V4z<RC8(0G%9gIGyf93t#jVqi
z>#rm##R2Fow1B@?=FglrZGRI&5M^KFsC#2?7h_8p{19M%>IJC{LBs@oGg8<KImw{a
z9Pm%$mEeXg&Mi<{JUb3(v-XXhaNBU|`G>ZufeV&uERP4npH67!WGA7rC8l;&C^ao2
zw5PfH`a9?HSpo}Z9|0?C`ee&m0ZrlqV%Tm&5~t@AWYK|zfClhUAzw^q#!1z{oPdfl
zQGAC?VX3QcuZAQc*wf3mSB_DA2E7+H#K8EJc`g_nA|a73czp>lRx>um_W)7`J8y>v
zOO_swqibu!ORCaC&>H0){ufaY<#&pG0Eo-sJORYGcPL)ct4Su=fWFoIoI!0uMu&(o
z^;t)N_Tgkn8fAd`ZIh}fH4PNnwF5HpP_`KNRzW8DkOpfUJ^ks;Ae};dw8py9ImPe=
z8QUS6Skvm06wQq{3i9E{<7af?BwC0WzbM)58YvV!3j4x;f}1795q$8P_6+naBPps#
zkg7GeTFIay_*%93xf5(lQ;n5*@T&uej*V<P0-AlFx;=Xo3bQ@sa91v3@ILN2>C{v<
zz={qN!G0KIl-jo)Pmr#L)gH}QmEY?_j}#iC$yMIv@IAi1Y^9fRqnIvvD0m=%LXELn
zwjH^@q5)fS;prMgW4kYtM0n3;JWJeRu3F%SCWUIh+PZ7s5cqBLhV1j2Y84m@Lew(~
z-BiBZiqoxSDak(*Y#oq3l~y|OhPo;nVYQ(ueV-xQeu#OUm7T+0Y?goH9@wI~w<#cg
za`}b*>!VIXrmvsz8@9;+vi=pk<?Cvr&LM#%Fv683ZbRN^a!EY%`l?Uidf~MXS7YaB
zXqN3buTi)SwvWau6)o1J{uf%f9oC{iTgWih<zeFtp{X?*C}pFo%|w4tq065(nz;~K
zn`<iouiLF%VLl40EB3zC-KyWX^T+uS2w&?Yml-fq2fYNJS!`w{(GV4W1n<A<|MluT
zR0mz*wc-J`lh~oYcH*=?v9(At#P<aSM!LnrNGp{h9PDF|gifS__g^`l8^&MaR2yBf
z+VKK;NG?#lxbxdx+Il3}5d_{C3YQu((U?A3mv}2QpR}bYghqWkp2<~$3$`e?1hqfc
zJwm*YT2sG#4{BQ5%d=6!Ao-lZLkE8`MOAcjE<d<WEwGVhI1r?iraD^W3E<MjCpTnE
zp0!6h%s%uw(@ed3X7a>fFwSE3ocn*9aM-&=a5FonQd2xUAZe?jRm=LhvrJD>TC}Z2
ze*m+QpGExBEdP(JcE<l)B44epYrnyU;`?7bVi}rVNmNn5QO6F{vD6W~r#~oRR+F&`
z8&0I0nqQxEl5?p>q;V$%0<wyWd+p&TdfSNrgZPjUg%O5`3UUc5Jn3|^emOtI-nig5
zax4DK>kBHo@J)Gx;$Zy1*XISy@;PF7eAb)UQS)oMNVxwJ_+rckg2w!f8}>l+fu*;5
zOFP(Zy***J2>^8C*d}tn`2zCyJEDe&AP}oBp1-IKXh{x?GK6*PbRP0XG^W9MW`T}2
zQLRZL(tZ35M|~d@e!`1Hcc%x!tjzqmAPe8{sH@eN4nZgk6`c$VH1@rIcZY2i%hFuj
z<2Tq3v+WB8saX{a-syzt&>z1GGZJmE7=b|iXYv%5KTi)r@`u{)#<*3yRI1TlcjYY<
zGH#TVDo?s?4vF&HfWAHkbw0{QvWFH#P$No!F_ywlky>Lq0gY8CoD3=u7HAmLsBrnv
zYcVh83lAo&Xzq&<kq~k2<E0xLL5aBkff7MaSfJ0~NI7oLB0_y##wrM+>!v)IAi)c<
zA49lBz>cTJHn+IZWjneJZLj0Ma70;7N?S&Ou}=Wg*ndFAMg-8f7qw$FyDKCK#4-_j
zNAhQ)-p3b@cZ;pcE=gYPG!I2h*-63Rq(J%|ga%*~XhL>mcY!SyaKNaleuU69(Y;`l
z@OLK^%iLdZD%uLO4p~_WLl|N3ssO{orAeO_K4~4vx%O%cRFmp8aMjUW6WaSLm3ITM
zRNq^2XwTUz=g~t&{hONwe29c^mVWc%t*74NoY`+qZQwdYmHceYm=y-P?)0+l)xeaz
zbH!$<v@6jrkWG?pl|!)-$FD#XeFZ!wmH2jNoR|}xK8@*1U0L*MV7!41-7LXPdWqF=
z_NsYX-6=z!z(F26T*BY)S4cSIiZGa#Isim{a}^r+H}$u5_1EG3_$$5e_GJD~wPE<=
z_%&Z07=9NFX@N%)f7dC$0W{VNfmt*b8g|9tGWsYS%59|~{oW+GzYPvQHw>2g#YP~g
zk5|l0r4{jN5>3}xw1qEXd2cnfXz*ICuCrpBr_7i*geil(21Qr#<E$>;9)}&8(hTGm
zBTx`pLIIDb7U#Uuo&O>P4e&m6!O=080x9#=l|;KP)BcgxY@r8hqBsG5&OkS2=vj-L
zt9TJ4p&*jclt)k^|JyvrL%G{m(ZsPS;LxAo^Llmg2iA!uueU>P(18}joDpe%6)niM
z2_c`TY0$OBta9g0c4>|`!2b7F??wxbFhvMhwWamWvh7?wufuRi_xMw$AU;ZK>oxcF
zCh71+zXs}=vPw<0>w=|QG-e)GT8e6YhS16D6sSo}#RK0Y`%z(!cs?TqmA<F@GFY#W
zrd_8uy;WdIHIuk__ce!rfl&7G`T?Wfnqxi2zVbuyNbWF*W4@D+xF=G`q*N)%zD}>8
z@oYYHN;=-$Dt`B~pRqqs$O-}i#V>iTup+`P`lo!5s-n@4UyG=c^QUGlq}Y;_t!02u
zAtU|@JT;Y@vGh?FJ)`;KRGarH8RQO=v{TIR;@0mMm65%(7ir^NPQnDwi>Kd!9_4#c
z|2X3PgRPU1?T4rGU!VW8ouXUghn&KO@^1pW3QjE&D-3W$DXdzR#)`+Purf#m>F9vX
z_!8;Qh&Mx6o>k2utqcQ5q(n4(bl^_Ma!>KW_)9b!qJoEx6O#CEwVS#Atb_<LmiHB+
zOj+A(RiYV1Cwj8Q_443%n)#F@JlAc%#25W!BmOqiC8X#8hsm}RtXf|>yc&)2b&~(>
z?Z>6lt>^1iOrZh7yV;s_Zv8v_%emSYIB+t062~Fo*{{9}hKE9oWroTeYZX{AC8SV-
z$u1v#I-r`*rY*B*0f;^QRrE@?G*oB|7RjWvP)4kn&-INt%0HPFb}=sx8D5k=-r(_(
z8s5)lM>9!M2&AAft=mgu#8LqGL+E&EGogQs6Cp6~>fs5Ao1BG^njwsaKc6*q$y+U0
zqCcWP*ebKUfG$;d#^QKJB&w1VWV;1I0Q6U*Nnt?5>-`g0C3~io;-`eumnx}to-thJ
z;djLxVOSukub8MCCV;>Vr1&Y7a47gKvtkEX^<&YJt=~av(E#tO&0h-dr(|l%3&(e$
zL7gt5WtHq3u=JR@cM1-dBP=em=#N=)>Y8XaDcrrDB~3%AS5whjpJ-Ptz|WmJY0-J^
zu5Ym$z;Re9xHiu&tg}!nFGhhKLNEe>#j&Ibs&+}DE_<wJPWOI-s%DFhF8bu`magu>
z+uMtp3s?4;%5OlO+y*xxgZ>2rZh2&~PcX52MObS^SdfI@dE)0?V|#`?Tntc&P?460
zGZVv`wE}Vxk|el%PpWQdX|~<IeeHMWU=k+#pnPzKkjT<{+;q>Wk-8eYokWxK>u_1~
zQ0K2!dS**>^oe?H?`?FIQ#E3RSmb26(F`P7;*CArd7<cu97yZM84;^g28Jbx9ilEx
z6eLoOcCrjbEb&o@Xrgp{n}j(5So023Z#+IA@I`)cs|?4r6I*^+tZUTSRQ&cA=U&P!
z8;fz^s|NZ;<|W*y_n61<Zalv*PvV<WvWID2feOuh4Fn`gymZEh;)(8d=$dW_!&_3A
z$8hL=%Sk5*10f2Vo!CIB>aGJdNi*#6tV*UVUAEL4Piel$Fpy_p9i<ztq}VnO425H&
z=%bcwoYXO{!JeE`owuZ*@|n_ifH+Wb+eEW;mI|S{RZkZq3QZAQ66GR*q(rZmNyUaF
zR)$Fp+LmZyi9f4dArGI6)H5R0dofA@T01Ys$y&CwY%j_#)!^VIHR=Mc3HT;`E^IFT
z@?Cj)X92~_tlw;dGfGnV%L^r2LGwGu``E$>#AT_vg58Zp$uOa11jt)L-HCvjP`}j6
zYvIz(-1je!9UGa?$Ucs5hhUsyGjlSgJJ+#xCMQTB=u^>#4hP$VQaq!s7?uWj^D+xu
z9E%+?T@GQ4pc1g~!;8S{IPkD=(9lNHqinEkAhaAOoE)McJ{nwPY*Yrq@*kN7<&<SN
z^xw#jJW{!4BS3IyA~aqDK)*SJt+sw)nybijfO7=)*L#I{owsPXhC@uts<It{@U>P{
zy)~W>086EBsc;QEMQV)YDvuMoA|~WWLh3FFU!_;D_p!-dD$8lV%MQ4duH;xsGMAPs
zGMO3Kd!LXV%N+m0Nf8dkXvjCVY&cgkxbnF;YR{G5$hF6@bcaSpZ1JXzwwz`ED-_ld
zxfphcevTRR>GHL4bj`1wJADJxDura}KIZQ_=d5vwIrm4G>nnc@Q<H~C=YeGM95QTv
z*D;;1p#YBH2{oY8*CBok5!`EL8pJK%NN6t((V-2<GQ1xggrQu3^nv|x&-LasY`7rV
zz>33hFo-ch=8?VXng+O5f5O-i!gpR06Ghv%Ivd2fC<_PGMa#kRkt38C8u$5rUv-Ub
z^jX@5c30~z)~ZYwN?l|C)Tz)t(ZXyoxEf`B=(<1;dccK8)t|3svW9J3adGEl<FaWA
z@H?@{z_nQoz8Q_kg>_N$RU(J?PCcwoWlVhb={drhLQs(Z6RF29IHp}6*~|~Y5bEQ+
z#sZ)4UZrM#C&T)&WjZ%bf{Ycipq1MYH~2j%^&=#lK5>so2?9y!3(2k{!ld-m;kQp4
zS8w~<{o^^ix;nEX;0q&dZ@3+r6A=Lo`9$sd5>!q6p$2o=fW!V;=C68i$i%3$oSl19
z8O(LW3yFrPI(m<hYfHA-2E{p4q@WD(y2Ow@hYA6g>W`JB!EK!}10TgBcW6LZ2h)=m
z>-_wlYL9gPria=m56|;PsTH)0t?`a};W~%Xum0Ch=zJOW@_(A=*#7(Jh>WS7xr+q>
zBM19`oD{v(+OYe<fcyTOekcMJPV2Q#7E<gUgMrYlkI=ovg8&gLq5*0udDNf#`I^%g
zOWqPGs=O(HfYC&0&1B^8GIN`g#{9my;;GW#)<uLL#J`OwjxgL)luMv*Z*A*+^9m(N
z<+$0Ltol;pHy3ks9*@SxpfuJ~t(t|pZ;blPv#-_bA)PP=dJUBC+CcRHTzOcF-Y9u?
zyn7pb+}QYgvhl3mcKnvL!FT-~z+VNPcN}&Dgz~buq9@_7{mhHmhhgNqD<NYZQ$Jp-
zm>K4t;5SHKd(cTSt#p|+$|)?w*vAO}r_Te1&yRKwx>Jf!6!vL!c2#@8{Mt~CMq#@M
z)AQO9aHNf`<<{;&#0vTPX_Xv8T}O;z<8O>X4Eb7e#rT3BS8$pIX0-uOw)~SNhrHpB
zAE4}po_*#10vS!C6P}_gNGM%opsEY-C4|wrsG^5rXs;W)2rzYg&<D5l+|zC^%@7R}
zrZ5KqIaVzOn0|R3{4&nbj934nW&N4vjXTSnR!?yzVc-j~mIDffvbzGy*D%$71Vknd
zP!s|xr0&2#C3DSn*4RTpj%n#Ec-CP40tEfE5&G6G54f#9cjQ|@f~I`x^ObCU+teDF
zWYA~S<Ocp-LINL$tPjkrdaH)m+9JgsT@xmWx%4L-w6UbN9lK8YL`0oiNfX;$?+j0}
z*Vv9rGclnT=9a9d=3Rn*+mnecorG<df(@1c$+a8_(Y}lE?pD!<%pKU|z~BOnuyf5m
z=UdEan093VHmq}W2)S7$lO{j^NVh|CSx3LbVKewXw)JZZN7}n`%dBxh;MeWb%r;YT
zLK3(ydxKm+8UG^MZx7$sRLEKJKohB2-l=3m62jpu%iDuT`fI;;$c90Y-f`?t8gZre
z<}YhpQag-FIAA^sJ+j=EHKS-L5zP#6M=fX~c0k9;W-gO4H_M<r0T*_8Ix>Nf=`Fg*
z#z$Z2z$Y^z0S)Jrv-Q*CuTD6fbO0qZQcGG7+a)Cspkq9k@>KMe0_%#K5PX9DNj~h=
zBEJ1(PUKRVl~f6#2hPV3BnePE_vlu7H_zqGpDr>4Rr7;owVa>+n+s^xT`feLes#b^
znl>1|A$|fs-0uzw!tp!BGSzgEMwOH5Y?0^}WHX<=d3NbL(NuEWVd=E?Q^M_|zsHtf
zq~sqBkqfQ~E2Tp1TE<eH_H$W}urOCzRw2@FG;H+~{dUAEKv5Wrb$ba`NK5JnEUa-C
zMK&A_g8=~`pUQ*^9m9$>Sx5rVHP1I6G-Ga=>Wo`r8^Slx0O%hzK-_-*<AD=2QZ%a3
z$<PP3?bXSo%U5<sc<X{=4%fe-K|M8b)z`XmpO1iZ-JRSm5Hg#9p%Y`O7Jh!<j43pZ
zbkA}sG)%Ac?`VcMoDsL<dHk%e0lfEUF#2J2P#SE>l}vO`6G71xc_W3Z?4Dtf!9sP;
zA5$imJBMADOcWqsokT|#9J>RNz!B6yvEO8WJX!^i7onPHKuniwCzAbjQb3zjQ~u_-
zL35i?jsq-9F%b_nk!YjE=J^gqh<LRAK_6Yj96|zj>f##wBOTqrGkKZ2SujpOBNK1f
z_b0MBn(4h?XQ#q{y#cT8n`w9k@Jh`${~<oHLHO~}BCm9jdbv~j1hxCyJ>eNvWSfeu
z;G6F53^ffApOL4=6T^Iv4Iaf!RbN-+kP&8ZERyJ2W^<XW5X?v9P!T2(bTWEZ8E6CZ
zrZw!FRwTEwS2Nuthe{qs#d94wDKqSA3(MXkAB$&+tPQK|c4W;#Ck@BZ4Kh~TG(cpR
zN}YdpcEF~@6Siqpz#D@PubsdHwq5mzH}g!FzS@0GZQ&17%PQxk_^(^Dg@N%;GMxt;
zc9>knBvAvy)n|k>);*80f*&6OGgKH(QNb+Y0XalVBf^HHMrhST1TPOxtnPeW6t7UN
zYWe$Sw4<)Fb#Y8~w?eDT+YAxSxqY<`duM8Jh0gSH@Hk`;1if}zk&~mvPvYxnzNxgx
z$sidv4J3w$@-Jx=<7sZdTN%nhBg4jhK9pC!nU|Ac7qBUl3NA%bzsucgw;X`@e)0AT
z-eFi}Td0}^QU(LQ<hMeL>unnbdQAfm$22-Lg2Gk^9#$e5c7M=mt3&qOpl!AXfDn*X
zPb8z`D}vzQNyWsV3IqkMr;82^0;mvV%(I8M0Z`P!6=qzcp>yiXALyWJ#2-4EbTQhP
z9OstKto@hI<Jt7Itn?Wae&Bgp02!a?6gle!_N3fmYQvPzBR@tPre|H>J1vfW_a2+v
z5xJto68x#iGhoghZP(WDWZWR<=P)tvS2Sdp<oTM8#pE*G_;HGI>KQ!QR9z8&!k?u%
z{%>+5T5zS9b7y$S3Ve!94pzQrbBNjdPkQ;Xhm7g(Q<sWIZI`V=nDUdBUV@Z`>U{|9
zbRdOADhKJv@ybI>dly!nUb+2nN@BO#(C6N>_xy6=YDbj3&5P-Gp)Yi5>)eo>dA%U#
zaOXGlxC5xzf10D&|6wo6#_|8)stEqid(mnYYwHaLl+RrKf?rHincInmFdeS6$+5gx
ztKl^u>~2=VNM#LMHQ#>fiCagC9nHxCKD7Ed-Y!>jrV#_b2+cSURS4-g=fnzMt(=$%
z!>}?7_7bjo-h2tA!xZA6lQmpoKfeElz@Gkv$g|t?PnX-yWrz+T;#z=_MehSL`brya
z5<q`>8J!zvY0u7;{S6MbD!%}JDDL4OzLWln4}vlwQQH3W2>WLlD+9(!ql)e~JuC?&
zBUatOej1r%`><#)O_B;k;ID&$F8!2qkRZD2Gc#NX;I%ApJYzuX$fLlaVNy|0A8z1r
z5wkhnF&)Bk5Je?{E|C*$@^$|(VTe$c@tC@e@INtsZc(z>@=&kb)Q)Ufz1<&PAI{%3
z{g&EhlsAzB3soeHsv@-g)k>(1Ggsx1V>HUeM0pO0H8v6GR?}5l6{~BY8YH`B)Pn=2
zjZTvKK05*;4AU68x@uQe9L0OO>~ywND=i>^%x=wsNB@G9P!XeaBs=|?S=V^Tx)#66
zS5ohA+Ytw^p34Z?K0j$XPGR)f$j`%40r{KTm%r;pRE<X<MsBl)xtNAy34M7e483fh
z*~863W{kP_G;HdgInzdjl-;W9&YZ=5YnI%LPYtg^iCn9^4K-lXqWlH1IS5+gq`pbI
z8Gt|0v=zdwJ#((FGUhpD!M!rux$TMW6p0=ieLk0lV58%y&F<UT^$XKBt+R$k?4u=W
zG8UYjLyH3(KHL+5&sA2YC+cX>BanL(V>~&^<^H7_atz#v5+R@w-NMyEC4fO*_+#T@
zb`;}!2QZb10WB{Wg?F~4G%ub3xGhko5Rfr0z<I~N@<!af7xGTn=i+Qbgh8j{<;uJx
zpF=LEL_g^Tr{h!^Ec#FwdGN|-ZWsaMN<M|(fuL;QpPv1n8uS0i(=su!{l|IQrA%G>
zA~E#Q>wC(!p?R~3F8H*+cG~4jMNgLVm3F3xSwp}5wEM72@_Nkm`hxpcF{qlOP=N7f
zzNc;urlvT5=(Ya;UwZBH5!|?hnBy+rRaV&>-$GP|u$pc}Jd_^r=XW^wMb(b_@ip)J
z4&RpVJ+B(zk;D)XxIFzXC{9uly8Pts^UXpn{0{&0m&e;J-F#U8g}Z$75nS&#yua!s
zHO{VJjFDi-a@y_>#w4Zyw&e^aa*ely<-;@2hqL(U#nA27;J$C8<Rp*wsx|)ovv0fi
zbke7ln92)ZCwZbVo|26ZcwX<~l?vC-N;QVQ_ZtyZ`sGR-gA=QAce-g4Bu04%GxXqR
zqvc8?#3199zIOn=f{bVoMu9wZ9o0u+_3(52xQb3Q2;PhDuzeaH;P*njlME`0X%J&H
z6KjUDsSH>|ZN(WPs4%iu)+E#5+5rMt_ex2N=Gj8uxYc6#d1z_jjFJ4C^*P-Zecc={
z{AdD~Bx}pCGQ6|tq!azUU1p-#DzohxZCnli_l@&Vk**y*TIH5ucL?=rF8`phazSIR
z9l94o%*MKhtNc?(bq#Km&HI_pEjZH5_o83Pbtv!T<_Xt^$vV-4w)>x$T<lu&(b&@Q
zr}&16sBSG2{}TL*$3u`_vCge+H)8n*4D=_Wwu*Yzt4ucWTwe7(8)jl8t+b~L4kCw!
zP1`NSmS(@xuiCBVv_UsRyb4Zjl5^Jr)CAwLv_FQ3i60Vh^@lu`=G(6RCh2IO3{QQ=
zG*(zYgi(QLJWF<oNfqHikv957Pern$g7maZL|QPl40BZF$iBTXtWO-#Mb^6#R3nGo
zb&I0OkMob0u4A{u6D(rlkm|0~#p<oWbo6swPWnstuV(l#+|vjVC5LbX{tD9b72VvF
z%GmY{V5)O<*w}~x&^`mYyPNp6XEDLbI6o+eG!>mw3gP;JpI~fdu?8n0tQ9GI8Y^h!
zE7w*}YH6sSV^a@LEq+nNB=y6%qCPwYPdAS%u?VIZieAkK#8Pg?%J>#Q>sN_y6Fqu0
zmMgD+zU-~xfm3olu>oE?d_!(7g^>(fhOb4hYE_i^jQ8^h*^@9oz{W%f)s|WFr0%_}
z7Rq>KG?jgy_`$Mou5S(?n&cV`B(o^@j{c_~VtQtBL(f-X7P%)-M46`}mv*ZepIiX_
z>2*Mcy%DyT)*)bcT0|c#FB=hW<p6Oj+LVkmwl!E?pF|&{pv))}FV<QM@5zD0f`nbN
z%}t5EuiSoVDL&Eq8OUNuworCJBt}>_;g>S6u%&DCZZz<eEI2N5Y882vZ{m?{8K+^y
z?w(w$A|SLP&aXk+WY}oz;84<{LnHb0_%sh=Mjx>YCVO@(H=q@SP|G74bL9xNd{z;B
zIigl=7*%DxW{(OZlVhMmqt>-Sty9mfD1W;G(Z|f)wm-iS+4{Q~ze1dcEO|jcGJ5hr
z-Cro0elL(gloXBOnhz#GuNn@MK_tukEeY)a+RP&9Y=30E6guMRI54$#@?9%~YC53N
zy^3SW3%B^qe|bU=N+Yq#5hk|g0MoC>0!Bh+AR$1bc8dzLMY1*>Ut6A6pgo-fZrSAq
zn^^k^5v|-B>RrAZVkw?)1T}nT;<;U~QNp;ZTKkX(pGPdU(A7TP$h|Os*~>+VyS~O|
zXdpO{YK&6yvm}?w5D*%tq&UK$Ja(e*6kZGdE1S8M{#LlXeZW(C&}=Q^dufkN(p^1o
z)lg%;IYOd0y)^oJRf4Ch|3R;mSJBCWe*Gc<v~-c<>*ue2^rOYkQMQo8Kn)#Gw~(|-
zx*eQYvpucwg2biOLOvYX!zRbNAB#wwkdk2I(uO~^$!5x-{Bh*YbY#P+Mug$$t>X%m
zV@@}s+mi|q8>xXzYmIaRKCf(XW<4p$=?l-)+6m9w@@wayK`S56M#YzFp(6XqX<4qD
zcj}L4d0!C+#(p9|vq#Dzx5eD_yls>8UP$H&J=^+qA{KpyG*6cJ<~Ra+*9v>#J@gkX
zmZHcg%#0@RZHlP}mK3RofVwDjP+qGuySVMzu)&TTJ2AyLg&HJnoZ#97ra&s1b8$?B
z_$E;<P>v}ou6B>1098cjAbcI&8h*WOjQ-l;<#X%$qm$k}ZD2baqELscZY-l>41op_
zEzTR(PgXM&Ljmh>vBEU=suiZRvdm<JrB7o<F+z{d+>=?CXik6aDk)s<ObV;s`zQI2
znTX{w=M~|qdooLUg%s9}tLl6}^d~9ok9K+Jqa_gxVks0@;jYDBc&m;4k3Nxn1rjhc
zq+W)Q_|+>+xT$Jfr-n6vSUo|_VqXmvtBO3j8utZ9c`<n+`x21>8k4h*+7jvPQS@{8
zNwb}&*3E}G6beTiVb#O&6h+sB(AfQ)K{hOQ3L)3PA&2NTY$ZlyPnY%-Vra>w?f+uz
zoq|Ny!ZpCQZQHhObGPl?yKURHZQHhO+jjSEPoKK?;a1J5nNyXgR8}g<N>+Y+2q(9o
zhH2olmU><xuO$jKVhU^b@6F#YcGvUUA5}B6%HMCno=kx9av==pBLS5Sd8wX4QJ)1J
zRn(5I-)jwwitYUqE(MkhGuLgb3wmr7zh(TEo)r{{HA?x5n#gPETa2`T%;lD$u?`p+
zX5?TN*JL1XVvkZLZf5{zpF1z5uS>KRTTAaw8~5k1PRpSx`VGYqSFNjXY<u@8m7)5O
zE<apzWni#c9Pn)n<Y?|J^AO%UkX=TI-6fl%x84rPx(pt@`j$7v19m^xp&a_J8!Dg0
zNVqGj3<fATWTxnO#UGvN+CQrCa(<LyiXww1GB!$=!;2}GRo;uKas;{t=Mn4^__e$&
zJ<ihgR$X(PYT$Ks@j)ZBPVmmcT{gtPXn{CwbC@Or1|<uC#_>^b#S-JxY+US=&PFHF
zx^jdom$JKpL)kZdJ+-%rz}$@!R;xsx@9S~gxqEEo#)9uI21t}lBn_5*Lw>$}D;o=3
zV<Q|C;apbb%D*>1adz;0=K1FfSBu~GK78J|;8M;sa~f{#Y^E22G?ZwOQpOow$molB
zK~Cfv@O^-(A$2zYEl~PbQCsF8Ig<a_u)5Ovu?!wY{qgf7m_>)IEp|A$ox3wdmu$Xr
zzCxj>|1tDwr2U1|l#ep-`NZpx5JDsxM}%D1+us{bRQ8a?`7qTsnMsQHW9k!^`eW)N
z@?+|AJZI_j^aM4;F)Vq=M|M>6=5kDHP1n}r7Z;vQ^m!9Py<aHb`B#$QyW_p0r<<J0
z5NJ#!{`3p6(bwXwc<7Vo&E)a=Ve0+;uI7bb*MJsd(A&o+R=ePZe{ZH|O$ZQ?lp^le
zpAU@1WTtRr*AR6_F;*6eFhv@{<hIuqPoBI#EIafKcY%y-?q)WV&lQ%u!4W#`T89<|
zEEMlgxgp>`qHli^{~oE~Ozo}3=rbjko(^@kg}3TU*n+K0oYG++is|E9>HYmX%K##Y
zP%vKp&be{bVo`BsV?-!+W}kyPLRR$$l1ia3y^$nLATT~48F+#KLK<;MhA<qv3e?7-
zFfc*EC<&u)P@M5ceZ(wD-i3XkBge+3r>CPr4h0bjaVVsh45<{{k;-p}pZgdkqQnVm
z;Rg^nm(L-S5NNJBsi?wE1quY_v{J>zO#nDhe#$zqWzu+9`wIloRUc+JPDFp?E>J&G
zoV#mOm)&&E<lz!A60KscSfT`!rpt?Q>xaE#vEcU`PYx_14v4HZ=;MdIvkir+Kyf_Y
zQ&2SB(j&XD@6<HzyfI{%ZZlu=Zkb+Xwy`ob?Tc99AH2l>H%67gBMWT;CmS0bD4lw+
ziTDSg)*nUfd52|8G6_&TQR3OL%3HHLf?Nz?yEn$0eRR>kwMk#uqKLNtyAtKrHa-)R
zT0D$v)reWAlHH?5qVBKF@!izt8Iu<ORkn0^YMx?0f@&d8qv_S72*S1y=Y6qu99@;Q
zF~|i-qW#;@m;^u6Qi0j-51K~CiCM0D$L#{a3b$%N5cu7;JnERm_PN4eo<a_$sjABu
z9h(D#`<HO%Y>YVaEz_=DJ|yw*UAo?uddYpO-i(YkQ?=<!=Jlo5h|!6=(n)Ie!_{<m
z+juyUmp$ACsQQ_%qyIKqa97V7Kg}oWEH{{Y3@W~cysGYd?n9tZuJShd1*UWhW#~ln
z32~yrE|Pi)2Ujf&c3xoM-+Yk~ioQQYiM~8R4TG9SiV1=UFrBE6LZkNj{ftN~lt#f{
zrC_{(DKKjb2&a-Tz=S4`IlffMURc}OM={YRO@}}_PehJA<1K{DYlzHk_?Zcbbj?eM
zP~(V!<<r2G_fRDIr0;eODKI0l)+Vgcfl`5I8rI<$acqm75Ovw<fFvTlU_x-dXONis
z+nEIM52@2B^>c*U8#Ol7OUDj4hDU#ZS^Ea+_eEW1=$@#LSir9{Touw`Jre~0a^&k<
zD^$v1Kp>TdKh-y-gN+!2#u37Y0C{Kvr09xie|sVt^F|5Fq!_W<x&i3V93lKwZ~(c(
z`JIvy@4KLVUapb^PT)5%em+#B%Y>5x@gYDaY#RoVs<-SfjV`$CP!{=`49$k{2f$Ij
z6yX!@e#1U?dAjnvu2o1<Ci+igyA1lc$k>Mm{5ySW-DJ>XkTe^9WXfjSRfJ}~Gp<#V
zF@fLXqnnqAdb)j_K)fdz=-h_VA&)%c;YJ<D%mOsyMHrU<`uY`%C^+CV4y>Qfnb9n)
z-#sIy)zuM`SM8j$+m*!g>GrmbB~CCBMaG6lva1aXe3q#fUavSmPqLxsU+t7B@i<Rw
zc0}eZrrwiv<6ag@b0hqs=Yf;~7-1$Y6jtgOg{~u8b$6fd*MpICCva4CdslFcH8CfE
zmU4?p{omqJoI$e7urc;Vv5sfXydaBehrca)<wN9_PL@?`*1KP~x3fBO8=qBrBdUp&
zwPv|9j`@CI2}(h>wNTvVNg$O%3Dv5Aem5iIzc8H_0?x-7DbeqI<~G9F@%d%=2Tn?I
ztZznpLQ}WBzg|k-Eh>(==#}Gf**<%V+f(P9qiCOICFxhZ`hIyPqWOvTKo#Y{oSbrq
zV~hX~8cidI5)=mIbU@TEPbDz~=#+x#u>-U^IFa5;57fO(ietct1VGUi)U|yI>vSPW
zD=0PvaA(%i{8^zDOATe4cxGt7Fe3NEPX4vxR#pu*9ot{N6MjxQP(@+;UWY+6a3qtl
zfQsN|wX~nID4O~tO$GAAoeg_o4q)7qEp&JzmFVL({XsZo_xFWTsI2;4Zfm40q_)<_
zPojNdxuk5>NkRq74}|ayRqNB3g9^#j52jBfKQ^&5$fgIRE<1$KxVCFYVCZW#JB;wT
zDErgu2qzChA?1a(u^p~?oE{-pc|aHEigdspMOW<CJfTE5=Kj}c{hW?&u!j5s!sDs$
zDT_*oLazhsuU&kLoXKfZ4TI>j>X>qZgy9=Ct|A|XHtS=k`VYp+COGq;9l4_dmGhU6
zC$B8JlxBsN;<>(#17*8`xt0b%s?7x?+lIh~k1heRi30~ReNVgj3Q&=juG!-OuU+48
z>^ETdFx!g+NRdFCT);rPznF4dEWVDza3T^AIWkX(dsd^ZWeo2!!e)rH=3+*&yBwGE
zyFTS~QEtlx(!$;s^M99%6zf-RR*LSXkyuarcWrbqD!ZWrayTx)ysgof=Wgn68$VQT
z^grRMFi7MOuG}`a<b$J7MTBh4?0vPPM?sp-23uk3*b<-#H&_i}0I%y?5jxA@4?uRP
zrZA#DQL~<^<3UOEmv0h_b6~_d4v3ZjK2b$%OUE@cW%R%_W?B&%>IMuU6lNL`9=|(>
z@*6bDNkAa$PwHIxF{4Kli5N%gIPw_7H*g|;j+Q?}c(9BZLg>w&B(!yi2$~R)cPOh+
zRlz$YF3aYti-8y+NktY5S$!l1DGy@<Ur7;MW-g0dGo?3yaFj1W_?%hOpL1(eiS`58
z)!@&5j^BHCM&xzbU8o)aGL2DME4F$;8q~}Vjy+kY4)%2dfi>u1Rr9o{{ww_R@4?^D
zo^xwkbhIYkyh2z(Ur|wv)pxdcSeA^F5K_<|zudnCL7G*6_n|y8cu~H=44bRcHE!$j
zE@6kosKdU$)%g||R|jxVUZH*B<!fK)xV{~?1l$XlQECyGs#zGx>H>j{X@U6ypWBv>
z`Ip%0hvo49E<$m#{x3u9KNMi6)W)ng7!bPNsa+F&(~soNQ;VTB9VIPZ7SV$D8R``1
z!%5gBdb))b>uI&Ny(nO`5@otxI37$X6h(H05tm>bh!BxssA*?y=iM&#Wm&=$oKD%~
zx4e#M6yZd@{PY9xV&A=1@=)Ddf^VvKd(K^SyNkf=!c+<=&UXT!FdB-&zi{6WJHMQt
zn(@EReNGX;VQOvOpbycu^!Aizcm#Y!5Tj9)qxAwTi(;eo;hrvmDrzS<;kyg(4mRKJ
zR91@wzj)GCiKK(S)}5X+(HcT%<irV?`y5tHG?g%Ib^m}*#Xxhi#xSndDow=bfo%2p
z;1k&MFrAiVataFB(}0HDVLYj#i7^C@1!2P7I9G}&PNv;Sx7oGt(||3pO{@^Nm%){$
z9gdW~!!uHlNfAxKni`uG8Z`HcsX~~DxDn@L1-Qhb;W%iBvZPrbCnG_$8Ivoq#Y=<@
z$BW8N^WdQe)MfFZ6rkOQ8bV!ngSZv?C9;iqjO~<zn7&+7_!}B$MK<X}1`uC~B)Jp;
zldsEL*xo`Y$12EnWPOulZcHKzSW5eE)TcvbyieTRXq`6p|4JJ;{l!Z=rWH%k7f6TV
z_4RdU1Pyn<ksq<tb=yDBG1Fz}&yGx-)*FeJlQQ)O00b!NvND_tx}cn5*p_68lqwuk
z#z2@dfHMP~Tk4!-`Z->cR2EzyqnT;t$r13lJzF(RkCo<|r9Mq3S;g&Y8g6UY@aE%e
z@YwA`K~}0fox=3X71|>jvK%|7zL4V5u>&<mXTCTJK=4Lv)n=%Hfr?s4ZqEafS_!QD
z6maU3WZap&+TI->&VI$TCF2h0unALbOy25xVqe23E>{g_eXHf|adpYseNr?%^}*8}
zE%>F(e?*F~0Q&DQ!8a5W@W#mn4y~wlf~tn@7s*2;AgTs75YIGs;-iPX+4iiIW$e3r
zC%LSa<Am6=dgk-q4EbL_PD(LoLlkr$fs!BG+RpQC>i}qirV(yzRa*DWT?O|ybAYS2
z*~0oAh|g~?Ad$d&jER9y=0^?pRgsY~6FCaw1b8!7Uuv+VAZUSCO5knmCJSrLy$%HB
zZ^np!BXf+F+WFditrdq3i(Obxy?VO67cQC-!ve+Ch@($*{S?5Yt*8A;jUXT#+55Ly
za9|bR4S}Wld7L8+ygCBI1Fj(V>l#aA)yquSdb7n;Z!Ww)xTL=VGvB}fPjWV$pk{Q9
zT<H9DHM2JifILz$hDDh&mR*Klg7E!YoeI8zW%(vn|8*VsmqrW|6FbL$&9RO&wQMff
z{xJ@jEr7vsa7+1x0$oVX3r^uYXMHfl_lOd_PtmNfLp26DueXC4A5W=OZ!}>O0e~o}
z=x{KC2{%HMdpiPzW=B*C)p{r*&Xihp{nbf~81);eb)<D`=w_0}JiQ(-mjvz@@ax-s
z1n0?4*86hq+ra)MhMorQrzJB-liKNvGJEVnNjB4Gvo}!lqDNM+L(adYNCIQ*lgX0E
zefS0cvBb<z;0uKm|GPTQ2gJ|<R|Im>Ah{!U6f3ZhWL{tb=F5W_>w&{_o3>$29RiVW
z)o;x@sY-mdbe?LbGHRCKGA9a$HGqSRkzMHHnHx5HZ%baEDQ>VYBdrap5J^N5@XF-&
z)LaB|75oZ1rbZ4Fmq9XcadSnGS;&HvBuwl;<j$5UJib<9<tQ|0qfx-XN!<^Q2I^+w
zWr?aH+|%?uC*sAbDGmM1*{@++OL`U!*f<nuSRy|$&JWBeuWz#5Kpq1EpcB8IYAR)o
zxfUQDUW1eR-pZ&V{jIN_fD<e;kn|<B#_YFCQs7cQ>->_b8LiEG2Ku|FTt#Dcdb>-5
zV^kE!hZyP>igT^DrSpUthC%bUG1{Wy%rY}eFd}x?%Ff|~6K^y1!_(&2J~q;uPp<Zw
zhq*_a2i=28Gzy|lZf;$6!wRzZZS-iqobYcBs%GV5ACsKgvGq;36RT#`sQz6<P6rex
z7SlXb^mf$!K0iXH=M7~_E1RG$owMyL*&k1asr9D&rXn@NfFK9oRV3^*T<^6iGt<1O
zLydOr<UzVOP729Y_dhWt)^RL?<~xc#6qDl%yF7qo!iaNY6rdK^6Wj&7W)MV_{Z?sm
z(yQ|w_L_vIv6u=;cq(K>L<a9%;CE3<d#10QMnq+$Cj?6;`%dk8y=6Tp07sNSleHoW
zQsw~M0Zx^b+8vv88a!28BKw+1SQX4flJSF;h~}CF<Y;^3z*BXhEMbOM2<OXyckE6|
zAAU^6Hw#z^O4v*DN1n=uONJ^l0e~-W2UNM}h$-f^5)(lO2hwc<6ve)hz+Xd-X;mjG
zymJzWFOq<a0fIdGR>+<*SlWUBat1CH3`BVV%CUo%<d|&ASkUcmS^c#fgn#hE<RtpI
z3vK^ki@b7!If4L)cXqK~SJ8Y;CpF=-GEGNG`<ed1*Y_~e*<iLtI-z9?dN)o=GU1w`
zDPk88zj%O?CxQFGwj3t%!KE}=uD4I*S&U!Lvxg*H9_pe0J8Zs3vRx5Z(>!5mqFNM2
zU@D}_y!k6*+!Z@A-Q$E@XSQ~Mr-q{6seOFYb$fNH%VUiu1>5-1REGhkFIeEMMhuo3
zMB+_nql~pqu~Z;|1j+7dx|iSo;>>|+XXpFkV&<C#<5U338=jBBS^BF-RMpry{k8;<
z#&GQ~QsJs#L;y7^?B9oa6AAOk{n$HueIt}=IBe%7i<>z_BL6xmh#+2oTv96M^lyJt
zY3N-=6Hzx;T^=rf$ytiHw|L^!DD&M{8PIrhB=R{*ER-0R-BDUlheL}hSrF3{p4d#}
z^GxM!yJzD>L_onOuIQ>DQx>9da@yqgRlC77;1h~=P$RfVWXvWEZu+Ojcd?*Rs0h}E
zf?J&Inhc%etKTO=RP4K1X~wPodqnanBkmNpl)FlF%Lf=70)jckws@Wazd3IE`hR2Y
z0C}QV3cZ5Qx}Z*2Kfdy8A*Exi$Mo(^VuQR*l6&w!r#Lt-UqQPh*VNC$y=UL7PB4`V
zFz?}xTsm{b3PSXoJ1nzM%F(ORFa5<Z6A&CX#!v;Ht5rv3%ocvtkS&a!_ERB=q#&IM
zc#_J_`fbG+bh`{auf<TMxNhj)6Vr6e@Efr$rZMCszn(9%vN@KIk2WUSDoVKOL%S02
zjj_88$P?Nr@J8-b*E)oFlMoVAJcDo*S8TulJzHuN`>)32u%p)@C*)Rzx-;?0i8*qm
z_br^+hW?7#hO7F(7EvX~I3++>hL_S(Or>-X4;ZKdf)E_=G65Exx)d^;;WmIemUg2A
zA3){Lc;JbXFzAc<1#d^#ldar|lh4zB=d85R?7uWdqaAS9Snc}`Lh74^r(b=JIdIoA
zpj{MQzt)Tb0YS0gC+vdfY$=j%QCddr0v7{G=_+<E%aIwn!p+!ayo$F?r1)h*9<24x
zAHMQ}3fU9NTW-)a>$>3f=G}$@xWm~)-&CCYrFF}P7@bLYM0sF*ekSL`4wO7htB_Mj
zK|LA1kaMN(GB{_Z!AoQHXKpTk=H{}-DY1&zp;zL-BpT<E_MgXZE+9BGfRtsxf}=@^
zk(tez<vWkmdC%F(R9Q71(>igH>I}Sm;_msn3BQg#I-9$kvS*eOk<zh7!_2;TR1yF)
zyoq+DnmWR>#!~#7{IZJ2JBMt~DXz=C_MpS+vzyLKuw+!=)5(i)a~)dtY(~elD>^Ya
z(K6);_|uRYw*W;#<QJ^)+Yw8<)C%sBOSNF%+wqs05tjvrhZ%S?r%%TODtR3bW=DMJ
z;IQZu1xIM$)>v_IJj{K+HSs|W8q!hbEq%<(!pOJx*T=zu(MWLc16IV*Q711FSMVbR
zo=|=>p@M=W({D^VvOB?4#!jrf`5K^yFREGv{A!?v2NnIkBT$uHHD!I;d-O_v)+7Bq
zts{NA>hLkdL>X;Wj!O#gk=im9Jx&a^Qv*)*g=qU)J9~#0chhkDW;`g6=~6&4G)a3M
zS@nkGQr+>hZA}X-QM-vgvfpQJnk<PjbrU2P<?!+`Py<~m8>vX37U4s3dpZwyt6$sw
z>Px?@?FNTwESEz43z7#zO?QME_aUDgAaLZbO1oV806Se6A1pP{L(-`+a9nx<`%KRz
zS^%%M-JEnX8@G6AWx4aRp0vUIvcCBf9W;dYH5b0@uPdA&vOsm{dI`_9P#x)OPNdXk
zuBwl+AvU0RIC~By4CK2fnR8=f<!&KNk*b`K83g0i+j1J$o`KN-K^wq%PY-O~ZeL`;
zIHhqC_K35O^~WbK6E)7gK@Ga)^r$vKAmLHpvEQxBivKNcV*D47DHA)>e<o8@X<5Y_
zG$Vd__Xr8}toEj(>WQL>`c09!NVr>7x5z~hp<{4qbyy5G<7jjbJ+HV>#Mf`rXwa+c
zlS)7G4D1c;O~wvq!~3ib017Ui;2D5~`MO<vcJOcK^}>4|txe>ADEiP_4ApBL<NcLz
zpUM9E-otI4N0<A^|EWzMb@2C$%opH5lGe6(0@3bfYd5M}cj}q#_;ma9WPUe)oMqL3
z2CU*Iw;h6YeS`W`AHhP|$`g`?&i(}~r42-<_#FVtCEVvJNSQ@@5<eY(Ys(cZ>6nVl
zDg6Y^*1_L(^`e+=xl+6*eD5rCa6-b<eX45n0J^6=j(Ma(F7V24--VN#C=oAHrswm}
z1>5-!DI<~esN0b25n~t5QDEEifCtU{h`1`fflY_6*-pZcFOtsZHSZoI385)IR`zGT
z-5EfZ!)hVA8~_sWa9x%Lm{`x2J{JkGXGv-{op7uwa1yK0I0^s|u+vvjq^)WASpgq?
z2oW?MMwn&|{~g0FdLnjY>Bb!*zlDn_8N^P8%nwWzvTS_zCAd&;M$c2KU{Jvo7h5P~
zW8nGLQnQdgu8lLhXByqL+2O;v+zkJjP~kWB^*OGA5K-(_53$p=F9`neHN{s{yuqtD
zgp#&QA3qTy82<WLk6`H32er^Tp>|gDcZ4Pd2Vi@FKBCuIYEqvW2naTYrYRnCl-#l1
zhvObmsRkq2Gv~fYhX{MwWMKKJK;OgP`KI+i^HrhcZk=jmSQ3ycr1mi`sbJCy_&~KR
zTmyoFh{{x7)z*y40ECP&%|IBJ8CskyfJM7T2=^O|H&2KK2SanH^1(4SuQhJX;Ig)j
z>`5own;3)k&-MmA*Pvn49|Vphg9o?JFNDeb%ws2K;aOh}p1RJ@F7vuk^NkfKr}0<7
z_&+!nBcTk1s0gl-!Q{8KK)H$gS%tX4s}k!-hjvd$*}Bya&QRJD8%WmITFkBk)q`|P
zb7v@g8!I*RcVqQ6gLlwL3#*-9n#SiXmU|M-2t2jF9kOD(I@F93k_q$)Mi}ffVWcGq
zP}Cfur21#UX-<m|2?kB2&<I(HRXa{^Gn?=1fow-6i2fGnoR{e=tR=B#NfrWmYRqrZ
zlvkfY8Bl6B7&1s((ey#p4LYSiUs+`t68M$dwasy0CKm(UYq5!1gD`}aU2p!zFl3gE
z_?h`3LY<N`klpBF(c2p-neqAjT`A39b{W$;T=1`p_1Z7X-Ex?*zH6<CzkjZb8%<!B
zQB;bAV~#XZZW$KH(o_eK5r5JeoYM~|+6@#m_-$lfyKEOC=)*V4CEm+J+YAdC0Tb+C
zbzN^bs)!NLj(T`e{mcPmxN+>Xh4TdAKBwRs2~$nqVjb(lP@jS9uRHw67{f!HG*sO#
zhW+~4C~0Nwq^dqY?{*EIkDKe?y}LRCLt8)##tZ-~ixvn-bx4o3QyUGu;(h{1jKV9h
zB^6@-0)g@E@}&?k5D=&s?CmcmYZ3->Aj)s08ZrIhSD^Rqngm(%cv<yCwm4^6p{eK+
zTPLZ$)Do4qp_A?>+)55K76HL*PwzXg^<DkmsJqT6w06nvs{T%#ZmEf*dlg6Zi*;A9
z@F*%QyyP|IKYZCO#bw$>uu_6KBt(IIuwvm4sz(?~^}7^0OG@)=S*FpW<?<Dao9NJn
z&rR3z**6`|x4qrYKdhFHd5}$pqw;}7RI8Sd15T@1W)JI?Qf}JefJ2x=WJ@ceNRSd-
za@=)Df+FM3MDCyt8FoBvM___a4mH?pM@%qi{8y&a5ZoMPi!>;Ao{@%zYUPWUSC0El
zPgqN$L?X#E1U5`oOB-f3bTtT@J_;b4V_J%7XWnqqqLK%LEbD^+ts@=CF*&%4Wuc2l
z-Tgsp=A?y}&T14*&ZjI&SGDyt!}fT+iv0o4Q66%NZh~FlFvaICZv$4|rE;D31G;q!
zqm*4bZZOHr;o@n~0>iEtTDH!?ldWM?j|X%|XNZ@%Vw{Y_`|SNKx@CbHHw<fG2V^U3
zQh|k@#Na-i1_UT=V}T+(sZ)xlKGcZ{?~9rjeEyFQ_LFL?)m%~Ef+T0-?*}AO**>hu
zZsWFqMImfs#M>2?5>;I<w>q!|XG*YOQ04${cNnBv#?mz9bEU$`NJUNIPS6#>yxBu>
zZMY5iLU*g)`Wfq^K_;16VMsq$dD&P`1q=|$)2B<}6PR5SFd^0X7y!Hc@l-2pe<)%Y
zgAbHh1OnwzPpR1eHV~KTqRm#!(Y_{x%^rBCZC?<y$bxMQ#AG*y;7A$8l46Ycao?TZ
zPQlozNoqr9OHi(RS>NkXHIW==>R6dN)YH=SmJz3HKahF4yo`zhV~lzvNVS~C7Z4?g
z-}8d1`602P*7a}!mLwLC4Q|x4_Kr{r6LUzXpLv|=^?QCgF6Jx81QnKW^KZul)F&3N
z^?D~AdT^T9?BKL<9vMYqLPUG#3yLCm<O4_=B@dqASnPmRiTIlWhd<XNLT9)RQxi0a
z48YBV?&lDqB|)A_t9!yZ>O}Xn^wV>S?d8NCDN<yjNokF7eRs>%Y8&K4(%$MV`WdTD
zWu&V#hbHuMFAyp}8UwA<uX?hLoW|3RwsY%<O*S?cB*2i1=m()cD=#6HDpdC@VhDho
zZ%5j==ODwi>AAq9X*rsp?A0lkBsrin4J}Z|0T0$zV1h#yhgnO<EE<usOR_23B2QL~
zDQR>9%Q{NIyp&fyE0TT#enprErSQy(J+`%_VL=ov2+n?EwQSkr!MGh4Gqik3@oDNQ
zEIE70*XzVc%*r`JwXEpT`dCRmQ?;Q9H@;aggCxNtjAu~)(eI%s|F7xcP@e_UsF~w4
zvTDaql@#}Wr7}u7$5jef%sn_G3P``M^LntQKO1bL5R-ol?F=WXV?~w9$9dlqwkg}b
z{~A1DR_A<u-G+Wgy`Jwq`0&%-SaOonG2hv5gUOUva31Tc4|6y!bv@;fv+fj%>WhlK
zw%9RM`Xs;@unoOp(V+VGeuBNQLDbK6Br!mP-lCzi1GYZdlHT@Vk1i9k<JRuA&<(5|
z;AbEu3G~|2*#sa55&c#UkMW$eNo#hyxh|LMw@Fj-8Y$w#exxJDP9cj*FfdDul_;m2
zC)uUGPoqT|i8>3<PzqqkDEWoBc-7cASppfm<w-@9A`jGMiuyIIvLgys6j<&VT3^3(
z2L)}8g<Gv$XOnWy0t6{^XZH(-bU+Ca3xaLvj$pEnjJ@?)(07WblVE+T`x)sBWi~n#
z{WQ<|lgWw-1E<l%XrW@;tEvH-q&6<-!;XnYxGaz!M42IR?oxdXcG@1nlvy$&H_7S@
ztz0hGx8RSWUk*H7qD~EQ*Rf&C52k?`dVj_PcXlJ-NV2V450Xk7HEHTOZ>^kR#;I0Y
zN+JGoH`!r$MHO~rryH#Fhi@W4#u(l6X|m}`BvHbV8pAbLED-k${Lu@5*@)wcMcnrl
z9471;LC!Hn=4Ff0IbzV<Jqik0YiUm<E-~uE81eDES#AN~E^X^snxnJuKIG;4r;~&(
zv%NMRLtH4-lf*YUenU?t<NYS#s)ciCn7;SK=k&z2In4QuIfECkVP=l&9d?|nQ6=Rv
zV^8^ywO|`n-#0v{7U9gl#JvnG4F9KZ@c$(}$IAMDr03ZGJGfO{$3}}C<{w!F`dCq^
z4+Mlq1L}LW+|##O+Ed{<tN~vl%y^X3uTMBs@`$|)(U$32T3;jGZQ^huc*?QDWT|{5
zR@N{ZX)hj+{B<PEy#?VpWC!RxlI2+zxhO*!3rP;JKL658!P!DkjD$j@fOOI;qgZka
zVc{_z7A2(`12K+8197Uaw#^wCr&0#6V|}gM6UHnG5?nk0HS^P57i?mb@1Oj=QV=Hw
zu47!GO_1TYI}JVBoDmysZH?`KbgBNLNoqgG%>c^g>A*;8%YZl?Y>o#$Z2ZtZ!Y>eM
zVWHJ>{bc{MR_7s@P)hd7oCx7tUrh33E`8K^SX>xtU@_M+u3xD$6#A~l33&mCD~ODf
zvrCKt%H=^qW?+>5O0|Ebh=*_64WnaOmNfOVg?{fj`OUf=wl`y8h3p#PSVC&8hRFG2
zfl^k6&uL={iM0FjFG;lqpQ>U<jQsuMb-F8dBEbW+E@fM}D@u(P=P$6yAj~ciV7jGj
zgjEYC2_Os<d!R1@Nm(x+MDPR%OivhG?Y|fYc1XqwE04e_5eL@ap3#&yfP(kSFLiyC
z{)<4=J76o|F}FGrh9Fc30)_ZXh-+AIh-Fws!k-jDRHN4n47mvG3{ocHe1KJY{(M#t
z2?0z={M8o{Wf*aLmhf9&7y)3p69)Czey`!-p<(L6F-!$X>aW%M$KwP2n3S`vaQhKh
zftntlkGIeB`O;2+#SC0eNw3NsZ<tBbB+nTr`gC}ztY4X=Gl?y{r=6Em%Jj^_u|E$b
z8jF~Y0!v=Ehd^=`{!Zf};?$O~tm0Kih(EYHMgaSf0nCq_%`kBBR%ct=*WZI@I-TOF
zj1_eA2kZAII$rn3>zJJu*So!ytF>bf*OspKjwol=$SkXEYnz&$P0!8k?U#YPcZ2t{
z7Wf?<AK8?>2*<HV>)ojOmzUI=0oX_YpPLumOssEI@+)FFT?&_9%LWQL{w{(lDVrBK
zs;&ND3Behz(R>Wx!4ryK%KF9WZOt~jeY$czK`8XSz<Ho}j|pzKySFIt**}9=g~3{7
z{iS2Yj(fw8`<9M-r#RFy91D`NHN1EcpXa;81JUU{&O*-6xOum_$^O|&{4-8eJ>ep=
zSW--gaQ*EF{7kYzpiSZ>b1Jm1na&(gr|gQ;ftX)tc+As&IUGn%bksa;ii-->dGsP?
zJ-$A>HWFW}%|kCnycu+rR#%`e1h`|eXRo=tL3tZHjWxQ0XaW%5YZ%Yhqww~hgW3wy
zH!+=o!M(Ii(lN*xPMN^TaPSQ0Il)EJc`0a<JD;Hwq|>sPHY9|ZT3|KMCbAj;JM!Me
zz9RwNJ7W->Bmf^eiTY;y=WIpFf#Gkpq4k!>Ul^{@`B9rJje+i;r(6_HAX$Zx=~OdJ
zM!XD=G8lYkPC-Ir;a!lV(u|0Hfx1-tG%G&_37wXp3+X9Cc)_-$^oq-0dWBW%@9v{|
zLuw23F`2hf!D+HV4<{e;oq?%oLrtCZF4B(BhkaMkLca6@=MTZFk|RZpL*-xj;cMX*
zpx*ZMkP@aq1J*A9A6fu4?t43O{asCN1mSBZrS*@ol9b*x(wawVZpw~wgq!@US}(}}
z7a#R=<NF->^WUZ^VLBha8;#fd!ZhHU#i-~xytfUGMMV)Yrt}HPpzMxD>A)jfIoV&@
zpX3!4*Ej#N)G{*tTWjW@z5fyZR;6iSbHIl7!;vA>?^zX?jNcbtG^`UyKZ9AHwl*U_
zqeIK;pIwzQTuj!M%qDohc)2H4uK$Q71qn3{?>@P|-$Xb0AMY(85k`0+G$O=0{kpc-
z2QX2Nemi~ohGX$3Ufzf^tz$5T_&$f+FP~OI)wjv89Jl)(pU&57-nf6L0{$Q|^0}a!
zAs)1NDSb8xE;%>b{Bk}%A7^0HKT32VBbxRh+u#2D><>Vot_TI{fkJ!Yxy=ZIC<8c#
zvt<gixg=t702=PM_^*y=<74(MawW`CXNOss>X&ThY(W`RWvXt)Nnj@5l~1++N<^4{
zNWI^2!KGcFky9gwnOv8c*#Qqw?8NrGad}*+`ynn1E}>K4$&(2n`mJGML@7ipxri|i
zB#TfyH~s`In7n~dBitElkv$+SZYMpQLm#W3!R4osr_Vx&Zm#V@4=>8y-;pA9W)}p~
zMc6zPdTv<Gm#fnrtHc=}u~AlL9Zxtac3M%xN<~sZdB>TVnDAYznwDp(;Y#(TlR)()
zGYcue%$6h?Q6v|tT7QMaXLQSwW^I;xp(NNp^*HLLdAvJT4__KJWgCBHqF0=o931!g
zdR-<4Z!AcK5Q!y@n8~coJ11GWsDxy@dv?n;oSYx2CODyq5%819W^i1&x{7fNDw1gM
zAB`JVIUUUDvI8g$H2q<)pJouz4>VbX=iX6SW}<!clp^ES{}kb^d5K#&zR*{epo~w{
zoCy2+v%2($?VXW2l`%XNA^?+gw_|abZNM8@1j)%D;hvQKa+HjA;&5#^RgEAkEiTnB
znOcLesUody!|=%pN?MMJ8tgZ&`FsQ9yk#F1g%Af5R+rj#?F1T?cM{qOX<ffs#ue8V
zMFbl|1v<5d)}e|nr7t@}7cApbx${L)+OyNQuUx%x!n$2<aJJTj$N0*HHegqEy%{qI
zjp}`m`3Z}ZZ?TWn>bg#khrAns0*+$YGc=kMVYqNCFIwi8^UK`;y^jlHnbAZNL}>B6
z^^TA3JQ3?cDL-tpdOa5uRUU4=5X5-n@l3hpYP@+zYTieg$uWyoDKACuaBi^_OE4N8
z6Q&Uhk|@IgV}ER)?_Q|1g}?l`w<Ms1ie};!jz?^>E67FoKA*XTF(y^nov#C+Cod(i
zDR4<!QtpDWQ3w$OA2cwWIg@io+quLl2y*D+UQ%q-CmDwjjtC3Gi{vQ+7g?x45fhjr
zP9K#7^4m1m!8LR-3oT4Yqet1BNzxMCNn1-eX(ys|<29K&r5stW<kMoULsBLD$`IkY
zfc1G-r7)Erh+s&aT_}XKm{@P#D2A~ykZ7Wwz;FdY$JnXS8|n-sU$pP_-_rtqu5@$P
zDX|2EU;PTC7D>sbtMH*AeJT2I($HN@Gp=gV;1Z97$=1tEW$_2Ut~&OGf3h|xN@oPM
zA7wyeQf+iXay2BVz<~ziAe@oHR^LiBLFa^}kw8lq{{muPuIRU17Y&yrP|UW~62tSN
zeP>XWc8-oUp_so;TU6JbK)G`zOG&+iJ9Z6|-v!hu97Hdy6NHd{$9J>2+&_|iOc8wm
zfl-J~gxdOqGsv%8qt-<4sm%@Ca>tCmxM^OyT)Xa8V6$}W0lJ8rV@2DVxVHk5p#oEc
z+E`=*_L58_AozaLGQ$$_e}U+9K-b2K(2l!7c?C-mXKC}WPT|??I+BBM$7W@O<d^x@
zPXE-ZH0E1p>y=)640)N`CYE}sc}OtD_U>|pmIfHB=L=2szov1C;Qoq#kcq<ZSG@!(
z)(u&cRl#4(#LOZ%!|07J;;X&#U}>i$FDciWYq=QAmaVj*ow6*`xNasxJ`qi#`z&vC
zGPbKn(oewO=<+Nuw>h~l;#6IBqStQFHpdx;wVEs#)ZS#o8A`BHO4eDjqd**JdiZ=;
ziNWufCZia1W(UVy({uu0FQ=BVF{dr6?3XmfJ6b0w#tcNgM^K#S%5vNQL>o&UR<#-L
zew{8R&Pa}g{WVk=?H51Hn3$EXc8#C7q?#vQg%qID-&&(0kjqCu0qt>()j$4wlZW?X
zq9ml_b!!CvVaE3J@!=Erm3{Bwedhb~(bXcx{ho}}+zShYO{J@`-om)dg=O;TIb{F?
zlqhiqKHMR|c$Gt(BtJDeF4kZIBZdyb;pasV=fq#&2H;0L7XxsKn+ES;!|&+byiPR|
zA?abkz1YL=z)F@7&`e3`gS_!<tXL9Hy_N24*4?t=7TZ0*TXNBY%K{`pm<;AzB*0wG
zV-QV^QQ9kSv07zAa5G!k=Q*dEw2rwK+=@s>zGeZccOb`qeFr<xds_2he%;6(LxqUy
zF6Y~w;nwx<6vC^TzvMuDr#p)k;|MGP&ZrV(f<Y~dj2$!tp_=Ci%zMcD<QkMCdW(H_
z+Bs{OXRM_~^}4hGe&2S`B*0lT5yr0Cj^HIojVG{W`5&c6F~UV9dzkosR-!|HS2tW!
zc3H34<%lz6ZCpXX5fwc@JtnmYI<&I!_CeA;F6(nD?-oVWPc@zM_7%nJ!X6dX)`wqg
zYb3`-L6~Yw_6IOc5*0deZLXd)b{t>Nti6OUi#3sQ(i}58Urcl#vIs@B-J{Q1IZY;!
zI+M~}KN06QRH}a&2j7|r0C*uB*9h8=P~($4j&Kq-TweKud@5;eQ`nzHJnyca@4dae
z0a=d3s`#goXAy`njwE3b4s8Fx+s43#jajY01JMy~uf?0LM97rEcPlUx#(sms=#M~z
zCuabD(wxnTd@A;rn?>&5QZj+QGv_6)D8ffY`{SBXbz=cgzzimJ{vyL@VZ2duJ961n
z4$xT5YhOMj$|`LC7NRh-{hw^`f2B5<SQ-D9$NT?J<NXIca?pzUgC0ScMaN9FbweE*
zab#j%72Q~?Ubq6_h8C_%8dTpAizm<cddnV&pjo?D@upA!36%`zLBHol*HstUixHJ^
zASw-SJtUc9!kV$^-a?RNWsUo8vr@Cmydt$y3<i^$KjrNI&aqA{@x~tAVLSbP+B*)3
zp@|A43X@cSyaiDbNV6$)O%>@Gdg<Bp^2GS~x?O-3?H70+5SDEdzV_+YJ9YC1pkf*%
z;Sv188kCEdz&;(oagm(wt3n{^ez$drA;t93HQ529(LJH~MN&jSh1xs(jJ_TYMdV%4
z23~J2rDUz~{mdOjc6&vhN?|a6y7ZhWt^~*!HfTCmn+HzHK+REc`!EKbEh2+Nh`gQ1
zV-VOZ!X6Gjm)4xm-S!d-*3M-ZiBUwOgS8b7LPk?2i3BFn6n67Kl`(w}iEs?LIBv(N
zqq1<6FY0CCABO`h*B{rRrAGg1*t^i09^C*HCYd&fk9M#>HRs<Ru2-@Y@opdDMV>(E
zJz-jX#aF?!azm|x;uNHJteITVM;kdB0VAGhEkF>GbLF_Y%pdFcrP@ya0Jw73Ua5UG
zr)ZZnX1}M3msrPqbYdDlPla}1rsb+hKdcK`8r85C31i(PdEnF2J7_>1Q;}kR)`QMD
z>04ubePX90W6%F(uF=}>*qwglkjaLt=7uQtS1)z8{~@P9Ob)zI<pLnd{xd1un5Pxg
z-W%{EM1{@Tq6BN*9Czm7wcgdigd7RQw~X4gtXLG!J;mfXvj=;VifrHfNK;MpYiqjs
zLZ^LM(pqiHAE3foBTlw1vm<`RpxyQPup!JWk+ACqxX2K|<e6ha3s_**lh{1OSpz%N
zd2V)**4wc+#$o_eID|oWU+7m`g-Jx%yX6UxRwj@-6!DijjpE))P=%`Wi&jl!(E(|n
z1`e{B^a#x_rTnE~fi~t@aFY9DR0{Zw4?yfDl(|#PA{2d~{BF03^h0?9$NmGAw5V~a
zishqHAz~3z0Ts4VraZ}dy97N-)NZu|7pQ6$Sg+Xg!oPgu_m)id#a!cA7PXeCM$s^J
z73{l;oLc=ZFI8*L({wzgaY&J-vI|3dYnN^szGkT#bx^8AES&@GeowlIUkmQ%suV%p
zxaC-4NNG5VDo6?SnoDzrZ5Sun%AB9_c!jlB1sdJ1)w<6R@z=<Q$(XlW+AVe7={y=&
zCgKpr`n2Z4OvDFOc-WYAMzM1^88p@~24#FU^{Ne%)Y;#d%PI;4B(hp71T}@`n^=pn
zXt<w!<{;&R5Kh^l2WL<`bqO=~tD*TuC$7RFh~D*G@v{{cw5YbexjucG*2Z^#v<}R<
zKyC^B86-$Gi@zP}8iV=3=<zzWLsIPhurnUSc8A@$KiZp}%(vLv$1AUo`)i-#rVYW%
zLOVL~-O1@HQ*4P0Un)nB+hBvVH1_47$eKu?VD=+XF2`9I_?2h-5Fo@uek;h_C>>F*
zCdxP3tH=_hL>UuF5~<@By2Q(iVIm?>(HX7zqZVMXuv=xzqIXPWF$2>avbH)@ht5|{
zd4+0waX7nz5WfH*XQ<;S91%S-5ipW>AW_pnnw>y*Mj+?*I<3Q7bp3X%^plh(hPUW9
zFp&qykO_l(uMg1gh%{qgPnWsK^#u5%wyR@QHTF)JYu<pm8M-ij%D}4KF{v<|5m?Gv
zw46iE<a(A9;!@Dj<Avq*dS5h<M;@%8^Ag0v4!CSFldBzrxJ?iEpm9V*1WuwH*GxRD
z2ULI`LfoTvo)}FT3hp!s%*$P9h_!D>T-1Q6k#*yrhkDTo$C@SP{H%1P2?0h^@TQ?b
zkF`Cn4n!8OJy76~nusiONff+=*1UI$JO{kIlw)P3jotiRE2G1tz;XNW*J7i%SL<eE
zu1)Al2!KLijhXRObYLJ<$#7By2{;|0SWXg#&TtL3kZk67`UoKV&7tOQ@sKZ2WF7e2
zyn%7Y$#Hi#YI{4xsc7*O-a_vs^n{#<zO(0n95}|=LHl*enOtFJ$r;^PKrka)LzEs1
zu9QecWWc$CUm?hkGjE?mf!=5hauIDNYwFs&QCBd~cR3ki<0L(_c<MC{_N@7lD{JZ*
z7i%xO-Yfafd)4P`kaVKSYN23=7X`1@1a2T9=n_4}3(+1URN*2kLih^Od0?t1<bbs&
z8>cgVBMyMM9_61<wxZvhi#q&Jl)uIww;u|sFXM!OXk;*$bU^eE>W&D>-HW|DM*Z~!
zHTWH$^Y`}3Q1*P&sR3B>K=OAW0lGp>*hMmUTA~l(^c#8rSh+HQHeEQSJ;s}N46M1O
zG2!lpDEaQSMV$#jP)d<L^;aW;L-Gm(mE2%44C4zQAsIS<P5_g^(-G|ouV2@L!itum
zlzB#3HQV<G?)rU$&c1hl9PAS~`(7K?1&|Czvg{IkUY7+&!Yv%!KzveGFaSYZaXc>!
zi@j*VsR_Rro#|@WJi+2Y!keG3rmq|9cf#k1QxlZAfde`5R+RO{;iIFxhMqf;i~LvZ
zNqJM;u|4v&TV3FY*k&P}@=&mf>R+Vmz1tO?lnt~B;Ci5HeDJbHaPYrHd<hSSx?54L
z*xQs!A#hrn&hp?`_#oI2OzN6&4ByULQ<L}tW}>Yy(+25B`PqCvIZDU5#FKwkJb+3J
z!cx5b!6E-XFGcjI8TgUEl-SJL9oguiA&(@#Hzb19B_D6rZ1dUJ^WnK@1IFjJ>rGyW
z4|E{YLLRMzx@lwgKSDCzFePVo7Y;dWc8l}u%Dq7&bV^G5O3Q1m)7ie0q8+nV-q=m7
zQQi2<MmX$P>ZApOSN2DQT3DL85ryuN2lYg_IukdKH694P0sMJ~RxD_y95l<3PP(|m
z(9;pbda|BaNx@s4Z+|YSI^mrVLx2sv1mgp?*xP&*{?ZN2;pXqS1%Z+x|0M9{i>fA%
z!nI-K1pbWVCwnKYSq{?Ucv-b*o{rgha}WzN1)t$gGY<4~x?HJ6hcz3Vq=+Z!l7kOG
zRE`ag7*5*0)w|j8!GPng<ct$3zQ>xxoD_|(WqZkE&5d_VW4LrAIN`~7m_8&98bGHO
zU%Bx_A_q$BTb3Vhd{vMBj^Rmupr@*NQkVPW=S`M=<4v}ZcHXVimKJk+tji4k{Gd!2
zdg&Cg7(LRPB4x0)2y*Ffh=~+ejdvhY?@95z<`qt5*I(nCyMsT%%HkT7U^OU?!Fb0X
zg9LRh10do7+~|2s%4DCg=#1w^dllGD%t21lSsx`52tqR-n38<lll)W#9h6Y{z<W|}
zzxQJN<n#3^otn@4a<MearOEE;fA(yxfAZuR%ChZpXd-SX8AlatwaWT}9#Gv>__qj=
z<=@<8+1UPbgjkhs5tAW?65MlBBXEwcRbJv?5*)K(iA4G*gT=W*Ledy9L#JSU7h{#>
zhr<aBd~9k-r)iF!aObvzneA{a6dJS_qAsE|SX)a`GMc=(j&t3;MHoivO!Hu-_*vSM
z(!760I%A_>SV=DZ?d>Hl^C*hvtr-4&aekemCZZujuu&J*<PL&vD?3A{s&%n&xi|1x
zvGg%<euca2M|e4*g4j0nl5?BT(%I)*i*vZTxcr7>xzS9D`&*dFsko6Pbx>j*fx7F}
zgF{b&b%V^qrdvO93a=hJ<8T+$p*3`C6+U2*CG}JF?<i=ZP<SyJpI6^9+Se5=45mZk
z6R(w9?f-B$JuEcN5r5o>-97haE~4pHK^V)KI&PXsUk>p)SGh%>@+{kd&8gJ!U64lz
zAU68rfB2f*;*gp@e9f@fXt0XNV3FHi+A&PS{>b2+du@o|JtW6m<0C)>nz&p!l?VJ!
zkWT!I-}u9_PEt6ryUL}?RI#yz<=u<rlqJ}{@lw4D@E^OB9q2bOgTsYiy=Hc)TQWp7
z=ITGT0%tcZVUQxdKQ3Mh*r)@!Vgz});#s_TxB52vvg`wgV9UYg%>$}vPA~F%V=*ov
zaPwrdbPCiKHTJ33dfWWQBw1I+twEgOAx20Z8W}&{^H<Gmg(9}C$8Kw0J)L?x-_P!!
zcLyVtc0(~&1T+!NGY$p;j)oxl#sz2FN249)SpALwBu2&h{sg0lMDN$~ZL=9inlA_O
z+(Za~uC|PqwAG;^a7J#}p(0Gs-p2QriLPf`5t7UAimc2aLi$o8CTpb_8p&&LJaUpH
z6sH)(`8V3q^#<`*KlwXPbpXSvYYMX^&>m6Wc)w3!J*ChdrSR$0&eG&L)moPotH3N`
zAx;Yy2KqoR2`<SQN(Hc%Ahp}TxqhlKwG8SMO3~9cboRauxZ=T*Lq65H^mh+Vskm~2
zv#xa80n{j=8!0uZfNbDJx%#ipnlZD<R2L={`cahbbHfkf=lqG>A0!JhQz*e{Ytv9G
z2H39*VmOZwNP!^AX)xF704|Ao+{OB1yDRIK?(Ox~_owBkEjY~)EsEc?TCFRGC}d3O
zO5`VDyj|;Uiq3beTWM~(v0jeIqjjKZX<q3)c1AW9nq<cvg3a2;v%ekQ>=t2vTIekq
zvV#ObSJAe(3yO>|#hZRk!I?nH>P?JJ15mE1#@xjwQ&@#7)EBP!pcN+gN#pA@rI7@p
zhi$pdhpGiF3?9tn-{JU&p##~~9X~i617yZf-!iO_vr-Jq;(o<YZZ#yiURZTUy@N!~
zPzLv`1;6yG++@+1izuH>x02QOmIHNts8|1)`j3I5_OXp~(*o1}V>*VR28yKL-Mg7H
zx>G9MLMA7)`cf3FRhBK?0}!rB4Waf&vNt)@ors4gMiJ@EUf0P(_BoLwJa1^unvvid
zoHZSzClRCE?d0q`sc(RmN(DI<<fKQUusOJm&PYiy>c89vm6+F;OVEg8_Pp`W5q1_H
zFnBerB6vbnl&uQ6+GFUJ1HL3!<26EZr(4}Dv|*GHPy#Ho4Y!e?z>bm=G7RFYj&k$e
z=)lxUDj{hON%IWzP7+mU^_~iT`!PhSI@Gt<Ki+J$kf|X6KG-EJwPFOzY7vdt73(WA
ziGWN5Gs*13ae)7PA{uDC)iEAA3yyhb+110?6tgtgt|@~fo<X{_y)mym%8Bb$E1G{c
z>@F@^!k|QAw-Boj*r<a0WEDt;P#PgIkS1+P1BFpGG^nLjCA7rb$#jOT8iV|s>x1%2
zh{~RzLF?Rwcpr@mZ9+0i1px?0Ikd%x7+RS=_w~aM^z-!2q280vIV2jgR_lLPap~st
zjJ#9S(!RTznXXZ+S^5&HbF-n<#1Ur9^mC^1E~Awhl#M5=)za4R7j7$a@y^=dLFpQI
z-rTYP20_5Yc$_d23`f<Rv;lt-A4^;Wpp%n7Y-XPb71mT$_Y|Lu3ud~Y0rf)?W$Iq<
zwPI*sIgIT=7s$QIU^#fLYkGsXd|V7gq)eDdb6ps*50%W4F`zWdQteN$cn~cn_tXLn
z%lYgb&kBRg<L<p3T;LOvmqT`ll%t<(u#zRiA`>W|T@&!`#J$1#T5Sw*YY}LLtwDDY
zKsQ{3Bz*Ij87Iqm-)emOU<Dg26+<WUEvk4n^YrWeuD^RK?pj?d-f_l1xJ1HPemL||
z8>V9ZxBuC{*#<DN|98I3Ke*40R>ZHLrcAD$C4s4EI7(SQMeUTeKaP8f)$&<U7Y@wO
zvT0NUt$2LH*4Nwgt!S~OhId?@fQ;f|=Uv*K?dU8)AU~GEm;_3=ubr6TSisr+(u<nN
z&&ve#&isdO-^CqeMfRFYDBs@(@az2=wP{g2`eU@<`{k~Jzo&>Q6eKJm73@Gf7HHj)
z`o})tgRS+`^}(6v!|P+A0s#_ut;0^XP4uVek%RqH^dORuKx)8vl}6x>22Sh6_|xhT
z4<oLK0&9J3ZCy76evr2xK%|p&(KxCqOa_h`j&6&Gm`9{v+7pRH%kuwF_KwY>09&`-
zvTfV8ZQHhO+qU+yZCiWUwrv~PZ*r@Ws(UIq`2+o-yQ+Kim~%b@;<G1hh*2SmqBQjF
z`jsJLpewK6M6oc)ocCXF0N^kOk~Ro@t{5TUXTI<LX^tu(90fUId}f`njO3aE5#ki3
zASneQa?Nl8+{(Fw2smi7Le5&ba{zIDGGGY_qEHibup&yZ=wTLeK|gfFu9+&Az6tXl
zIE#Iglh)MgGLJrM`Rx=yQc*u8(~%w9GV(+**s@QSnnX;6g+p5w8hscVPtySN1b<!b
z)FNzL-t@^EpKb=d-69pMeP0NX2y;I@>+J*U4_qVBUwSF&g`{Y(RQ6?p@bfR=&Gl&9
zZV?2Vi3uKG)}yI@&E5$XE&*m+HtTZEh#64aJ?m|ct?E)SVxO$iXi&^JlR~gQzChH5
zblA!=Ps`nZKGzUm@yY3BX@=>`=V&)W?7LIXSQ=WX=6-K|pTYLvgMOiy7P#!>c>w(J
zi8RJvW!s|-sE@x~IczP+xo%2uY3oe%dNP|4Ag~5jSZbA?i5>H%nSPUc@Zv#Y40)yQ
zx+eV1Ez@TUPcuxgfFdD&OOI9SDDMl+)o_o??9zNWnqrg-pNuF*01&c$bd4k61QxBS
z&7xh+ky5;t7#J)G#lT7DLy$vvjMI)pl~X(=RhgbOwt>82fHocUKN`p7caIZ1Y8~%2
z=3<KtN%^Q{!yGG&?#G0QMwc~H9+w!A-5Q`1Hvn_{^;tw>09av!{U9Q~4L7Wlc!Cy*
zFe|29lvT|eDalYhh?#(@H;N^RBn=95DSnVcV{s3j)I>%%BLvHu_r^(P=QfRpP03Rr
zFw^iM(FY2nft2murXd?sv6#!nR*B(}2!-d2o&uhKtvt!t#9#=ax>p#0dJ!R!H)24J
zzx>xhO7<2)Q^$$4eXDZyiYy9NXmouhp&=xt*^#)etjj=LtVovxN!y8Z>bA(K8z$5j
zrylN)m%e2wV==U31%Rtfo6lLc8wY$IMY4&tw8Y;aKjPAYtOyz9WDOV>8!NX1dzWmi
zd0eMFpj?#72m)3hG>X$qUUnxQn#5QvA`B`{92aF`<9Rd*)m)$@Do6~6XBhWgdc)ps
zi-R4M<QW|{d$SGPokgI%|3a!C;Cy=E#N=*pevbjO9Y97B##(}8eiE$`nnGQMMwijv
z&mBRp<#@gW@v*D>EVfZT3k6n|J=Z^dj)-Z^W=3iwV}#SpL_DGCuc2;DsPLAg#-5qM
zis^JNFT&I}uZrp&r^5AT#M%P$;HSvHn=x8PepR`gH~*<~TS*%AX&6hKZ&HO!$G1)O
zBK%uIt^Zwud3u>bgCr<}gh`3MZ#W*X<-$Mn^L&DT%l9=Mx|#+#8qb+HF|$?2wL3RN
z<c~2`d%)_EU;#}_1{rPjG&LE9+R+-3(>96=Z14Qa71vswIv_zp5+dU^%#hgju~XEr
z02FcgWND7yn7$z{DI?@6XXdYql<^!*pmYb_dXbNKPzs2%qA-UYIg%n#&t@(_Nv2}E
z*x5r13riU|=0-R<0<x%pG>}9#d(G83nl%q{_Gn#iCWAm|nfx5<Du3<X0X-S|-0A~v
zA}90h202icF?3@rZvm(nJpX9A6CN3)5AoKMzY-nxSBs`OSRc@uKo#jPxxqD2+O@``
zC);8jT>tZ_KJd&bzncb=Wy}tLwa(qBikAKRliFbe{>O}}0Y0aIpo=m`T(2Gr%?E*V
zisV8KWHrtK$QvZ!K0ha*U;4exXx=P}S{dA&ZlHB6SKej2b*9Y~uOo6-1r1Z1c3T)@
zMF5F?7j2h+duG2E-}~3Q^JEg<VUTuwD6S_=H9Otwx(woyydIZnD|)~_f>W~C&KLRU
z+4s<Jn!8p>QP5ob3`_NZ`>9xvwAiMKnmy)a4rj=ZQSx$!Rh4%Ruj*%SAorf%&T??j
zGwocMk}HXn2*`_=xG!{b>OQ6Auqn@`@1%KUTQ%;ED`;<v`@4_-ypOD&m2&v&uT|%A
z=@gvsxlPAQAi%keP_m!Fh3L>ArHaV7^${ckmB|+fgYIAht`whi-^YAl`OcIz&-)a<
zjn!T&=awp^yUkzJt38XNghiwaA^|xKb=F>^0(K_M8#nz9SzfrHCmGe(eNYf1$xp#%
zbXZ`;G!YWB)iw485kyLP2#@pz8&J#OQ@Qm^2Dv(d0AMTOfNf)pkcHNXo|-tGS@h^M
zpwU@&4SLVRC>(uuw>PS~i^4eW)<$r^r4%zQLa){|?>8Z+?B`AU=ORN!D%8j$))#G!
zMHHFbfca>RR^z49b-k?X04sk^tMU&g79%Tf*Qg2L(9^X1EQX|VuBvA@heqz0+?pM}
z-T<J~ZhSHC`Ff04LjeyT(Y*#9s09r~gmaJty^$u|623(-$zI@W^*#Nf#Z&)HG?r(>
ztH6Fu@ad0?c{GbAP4NI8?JwUWfXH(5`zCzYXudJu429K*g#IXHH=wtFhFTnNp82Mu
z0yxO0v?B3b`a$(uxu{!hqp+^T+7!ukBBK0NXV76s=e002MM&W;UpYQ3uzZ$8&y$N4
zQ9dzOXN?)+@Wt8<%!8~eMm{=|t$6vYt9O(;M*6CO9`K_1kD+pnuF;vjUVDe_LU}^z
zr+eg-q5fmS++R7J&2fj}jycfAR%?PE+@j%a!2vY1C<1i04l1|m#lcpG#jw5;s`#6E
zE&}Sk5478~g0r{M+CfdH*^}0|_ioi<G+ei48+Pzovij!!q@Ws~2=G)h`^*jC;bsSP
zRVD^z{pFLUQ3q2nt{~OT8!k*(Y2T2kY!I8*`jy;arP1VdFKif{P3HOKse02^mjgs=
zi<zq{+$hr1Lq~c9g2;$x?aPn(`T>yuZW3`7z;sC>FPaPmQpk8YjVrpNbu4Kt8TT6;
z7myTci9H}G;h@P%>S>I2?ZXjn{`(42v~6BLr;?NFn(pr|{Z{A1lA8nA5*Pu(O{zn8
z_O|3M{T-jL*Kd!9{l&MRMURKOAAWc6i6fej9Esss%H%#fLS`cxG8^@LF2TEp%x&Bh
z0>&~w(B7fU*^$9sVj;aG65gB+blA%&9Je^04xs}nz<idN|1n4p)^8^H7JD{%ad)=#
zLpCyf|BVrUHEzk2ooTr!^zLYawt?5QpYh)46p!~j4fdHXI@OXO4{A7h2_Sd_?i2LR
zw#@Lc1O}me&-t=Nwnksjx?fvDZ2V<Ye9KV%GboqUk=wOqGJ3m3lJB#isZwMpQy#Yp
z{&Xoi$U#paaIe=wdD#^uOpvH|=lAw>GQB+{91TC}asE%)Y!nd~7ZNQ83w`^O5g0w{
zIXmz{f=BTxAw(~0s;VJNRJdPHD;?A$ae55u0I;QEbPuR7vtMr-{TM@NR_QJ5znfo`
zC6F20f+f9&xA@JJI#2z%<Wcv}<Wnn!9K0_4`h9me*8GoJ`9C!<F|+>n-jCM*rImaC
z*NhZ-Z={kUii115AY6|bz1v1}dT_zo##*^8r`P&F`-i<)BGaqEMpG<6gL;v97ADVg
zUt-O1AK$H>Afj`NFor;$!MvmE(=9xNdaHjPKlvi>!QBc~Ielu&A@SD7_2}3BwmyxI
z@qj$-t8e<&&nwtB-027u&+UXh0H}5x@vqPE7n|1?gD*4wFW>L`Olpwe)na$bR?w&V
zo4J}EKma!&6wiU=H;{pME-{csF!c3QY9(NCbO?Ck(zO1;eaKspYH#cavefxmLwm!N
z`@A0vx@Ly$K@SkDL0>9I4A8DPpCW<Z=eDcb-S+Gr6V}^|dyCU4gB+qcN^RTBRO6WF
z9{#!ho5!YMP<W#DMgWiq0;YWZWoMBL(3hh^K#}Sb5ZaxAi^Py9RQ;n%qOV&=BbErW
zG)pOv=N7x%+f}DZT_fOIg!fc+qLTXfB~i@aGLiJ4uNMUJb>UwsEi!(%%!P2k(9^i$
z6Vq<_CLopGz!IaB_vmU+_&{FA9%qk!kGvEQwBOXuB7Eb#xSQpfAibz90Vj~6fJY<4
z&UgRj1d0rd^E{f?`5)`n-t;*gQ_c2oEb>1#J<Qbm|417cfb6M=Ka#{5@flEM(Xnfz
zpQgpnYaGkpR1-j9OvwNR7TZ&HHubwPdO)y$Sof`35~twXqE$0OkwA^nBns645CcO!
zis_8n*CwM8==RJ{n4r;_I`^b);UK7bq-H#q!+Ci}E=l!t?cgpc#tVN<RhK};%cC>y
zS{}PU=xNG?na<2;$r2*#&kmP|*p^nTT$UavDXM+?5_VP4TLKVJK!F7;f>rl6GS?Gx
zg;gNh`x6Q+?l(_GPDd$Zp~v?1{7=@osJ2=(!!(<z>@JrGoXbDBSI(&*<6j?Kntrv`
zFw-Un?K|Yg)$)m3B5P%S65OCA?2pjj{V0zuW!AZt;I^;eHZ91<%bZg+^G)%SIHH*&
zKfoDOjTh<kN8i=7?~mU=aj%DR8tj_rSJEEz4zAhKqI#{9%Zocxek-df1OOKJ)w^x^
z{Jn%b4hsYn^zE=Qpj=QDWU@Hl=okC?e1FxGy|iC+eliI6FLOT88F;AD6umL8YG>Q`
z!%#Meq9H^qB=cpp?unG~=09JQobR42Kg!!yj@AYrq@JD0coYoz2o-32ZEu@g)G`9@
zXrvar4(H1M>I6^{ohe7#(+I0s-8kF;a&nvYTM;m<BB@;0*+c>OGaopVe+RDj%SxjM
z>Bdlyt5;UrFuH*r5EK?ZYM5eILc$5~b%k09aR7~~tIE3uRE|Z<4obOn|7Fd>%(&RZ
zEzUDRw)>OMc?28uX>9iZLgL|qu^bjLCu59J2)Y|&IVBwQ0G;8MI^kBj&Q(>T3BDb6
zNq=s3nTJg_E~PzZ(ZoKk-@2}ug4TvjSxf%<fi*`0Cy}r44VGx105i=81HA{HlO}My
zhdu{Ckxl;vedeAs<My*IRlwz%a08|#y|S)#s%zS4plQ<?u}wJ3!W=)^8O6*P&Ufo!
z;{C5ws4$D3$LDKBd7ewte!Q{D_$uIP=auI}DcRGyQE_kvh~s8i<NcGY_+;0b;Fc{E
z&N-;JZfOy|`YM(muwcwy6_?yNzc7$a>Z$TlS+l?FU6s`kc>Hc<fX^r)hNw>ip<=z8
zLrD=tys-Y}B$)0kNbFcL^YYf1T1k9;4$&35!!&5q^Q+($y`#bofBT~eTf-A8w@|@f
z3x-+@F;9CylM^;R=kkF0!1D_>4fF_Xkv9fv(<x<2ok_)Y{VoAs7G}+!QfZNQ4mXhP
z7Imo4ywCWLtJ2PNX*uqJGIp3&R7d}Ap1x2x&5K7Lk2@xr`_j@P$(YdJZK!FV0VAtS
zArrF|R1!3>(*UjE6+7aVv_WN!+zgisx1ztWw8EcSOv#8Mq9kBNoaCCJ7KW2(=k1@U
zoO~XP>FP87{NY<oPsDnqO=jhkQ~|kr!6N95wSI&KK`@lHBS^%;UGR7C0F9h(#PD?-
zl)Uy*rS)-fMf33V-GvKBd|Vk@oHVC(wk+;(IxWBQ90CIBtFf+S#^FE)?Alr{Sx+EW
z0H*ki05hv-?w4W379t$`$!2p5qxn-vr+>amrPX<9#S>@B{m!ZVCMmu3W^}P5iPh<t
zQ9kTbwSi=#YP`CmZe*!}?&_FOzHH~#jDxzY^<}*hhe@S)JyPeg=>*XVsV=t-W$2`Y
z)oNCVHx&-qcS(D|Gpf-SlE0>(0e-$vI3q;UWCMvKs`RyG-o3?jeLP@taVjftGQ5He
zZ*tyoTAHl<5+Kg`*^x0Ky=5e8W~n$U9Fg{<Xc04?J~3+^8VO=(h^e0dQxq(}H{QV^
zno1OyW3&;va><oSn^{2A{BVBjT*Ltwf(%iG;E76MIYu?FW9)QM?{{Nqvk|PSoL&I|
zrb>3m#KH`!lIoXJI)i*hN%?J0HmCZK=W_4FRcdqG(z=F6@|xfT_9=a;`MGblDcExI
z`e~9tpRA=aA0K4}*_M0P3)n6RRKy^FFTx?%#A0yZoeQGdPMIQmiIPv61492D<;jPx
zTh5$&*QR886_`uH9T<W1+y-GamLKH_*)kD2#L?j#LS#F)Zd&-vsz}jO!M?NA7A4Ew
zy#A8#9V~lW8|Cq`?ELWH{(OI^FYh$^75{V=|1^5N>z5}7!wh*<TxO1M=;{-V5m|_5
zSm$=?lEStz&>9c!O7i`Drj#E&s{w*Ygn=O!e0=Uc#+M|cUDR5*pOUV(*iWaVi8tG}
z#FqZR1?0&A<=@YSV&{^LWIA0MQ_mx1XVq%-KC|3s^s;2-ZBz}_svAL>HgQ?XHL2E@
z)|LsD#Nh<q*xDZxy>~$}KMY#lJP%$mjob@bZ#28A%;8kujqq-r*YYn6@zj_lFnA<I
zVWLAE4_o>1%De>6dtq`;qB%Z3UanbFTK!Z0<J~%Kit#xRyn4&53PEu>ElR;^_`|%m
z^WrN(pzEyg?5(~(W|$)FEpLIJJur$Tsy2O<A{s$Dga#zt^Mv?ZzfE2|p2;mH`fB|6
ziL1=LM5@P|c5kq(u7!f>O=7TBUaT4TTL|f7Y_?pAxX1J59Vs;(pdqi^55QMoUGRTW
zU~K=XKa27IN93QTru|kc+CPHoKe~^JMlI2E#&AU<5UA7Pxw10M5oR2%ORI%r*5{=+
zoTMd*G~TQc3K$QHXm0H8It7~In=#_zzra5tI!?*vn3Kz@TXhj-*+q&knUDDP*_tFf
zia(H2GEWHmznj!(<?>h$$#CEBi&gr5resJ_B$k7P=Sal?jJwi|x+4A~?Ek7kTs=S5
zADgKE)0wr{T*5>2`ny-B=@|k*B_)}42l8%>z%5CXGl+H4Aw78ZECPY(zoFxdtp3-{
zecJVFQGRD5mbQ^<*G^$jLP{_Nv47FtOwKOh)tg#sXb8ioJ^669&!RcNy)STC#HtYA
z?wBhH>R)<YYt#*wlp+wB5c1Hh?Ho~L28j?^ca_*6#Pww&)y>nKVEpj;z!NjCo&l(j
z%P@vys*{fe3nHWj^Li5jOvV{YZ-Z)D-4#$da5A>`OtjA{l&82n0$tZrdl|bc+pezs
z-e_95=~XU8lF6Nzi)3L!j1rc*M`2uL<n<t(;6}>dE~Y=Js%p!})gNN0qILpmZevUW
zij^A9GrJV1hN|hD+4U>`sxqAvxn?hzF&aFR?4HLOjPw9ZpamLNZF@-3@i{pJFE+i;
z$S?S7yhJ2t77|Go812m56jdY@me1?1mfRhkVDV%N2=xNH&3S^6Jle;<Z9B}3us;)P
zFC{PZ=%PO%7n?yI3%~>pE+mJN{sTFhi8Z#S(GQ*!814T!wF-9;$U2v?mifCC5|qH$
zaGe~n9zrDOfgz8k^U)GmUxDIKK*WbTSnns>t+io+p$#bx&TN}_SQzReLT6_W*MUYM
zyb)5F9@sBp2xbd-pRahF@tO^9fpg<f+?2us8K=AD3C{5CjZ_z&s_1~>v2&On>n8*B
z<7~JzZY@sskJC=t)xHca)O+*rmExC!Jl9<+y*o8mTmZiKBHky8I!H4!^)m=r0zoAY
zOdff1#x$2PM{<8*5@|?s>d<BgG49W`Dmb*4Um(E42xvq2NOUU+TN{C)^n?bx>SR#g
zk~w`;5?lw4^#&aeds2`ngJpZSdh)iv@9z)Gy1Ed_l^_B1b7#7Qi5Nv7ogpI)go_2>
zl|8O8<j5UKriujs%6h72^k*(4oov)r>rPy7aK_FvGVyI#yJoA9lG%#Q(&sbLhmK!n
z*nF*o%mHNaeUq4xKe+KvF1BVf6!kQ6h0aRq9`?NPURgs74Wr$64sn6!<nJ_(&9gw8
zkS0QIsF2lSvmuLthSm{-TvBMSwu}M;Px<Sa@TMeWi9txQzDm`Xwl)Yn(VV2|_xJ8Q
zk<igNNH17_`d-JNIgPuXw0ZG#xF}mMefb=N6CY;!DB4^Z+lt4z5=3Oi!t(@~?t<Fu
zRS{iidrZARLxz18fnIv`=z`zHt08*-YHW6IaWhioU%chxy>*RM!iaO71v<;Y<G@7m
zX4|-ASd<hbfXjY6;kJnb(=E8Da@@MVZSy}YPsBGa!>dDZEeKNafO*890G0)eg~wX4
zvx6g7d4TH#3@P{CiI-}z94I5HYx85rN&cP0!aS@(tC9R_7rl{#b2r<$6ZPoYNlV?e
z37;;6vPun1T0EpwaC$h>wA7t~IBK*80p$S?)YfGxw{IlSY28`L&GZ-3rW>tHF(j<@
zT25q!mN~}$z3iZzZ$WO3|KZu{9_`4}<8)3b@vp>dI#n6L6#)eg<b9RpSMgK=z!3H1
zv4x<)$_V%M7KB<mdI_-_f<$lwRd&5bJTRk9a09Xw*O&-!sqluI%f!Q>mAg?}$AOK2
zo)6$S?E!*ZrqD4K$sT7XuAKlSmx?|$oC;+y0WX-8WOmUZ10C4mzY<Yr#-cVm0tF4n
z_Yt9-Q{#6Ba64rZA`gLD2A}w(&ocx@&*@ZScdhvYPX}3~`qO58sK)>OxWGkx=WvrW
ziQ$#1tNSi#F7(PoKNRN0>`uOl1b=RDna3o5MCLzMMZ@r&Ws64l(Elc^_l~*`1Wfge
zcxJrN^Zv1qHpKUl7Dmx1*lxY80{zaTU4Zs>!$>_u)Mo-)6Fel@^McHqw}^-J#_hrw
zJHS}=)yhM&8<2|A%{n3s>;`F)LwTaj;H}38cHgf;(I^RAYRI2^7LkSz?Ov~7cGi$K
zJe?lD>D6*~7~u6=UvK)eXAHo@YBEP*ID(6*#_&&F2h9{*s-|{9N2fkpSNdEZ;Lt#X
zO#tJX1HV19g$c5&vsa6CRS){rJr<6)?L)ZexGq*>blD{oVX_zFIfU<o>XGmFUe|!A
zFQ77|H`}Jq-`T>RhTXNbC+{Iu(&gf~Q#zup&QnL?ZK~gpIMgWE59Clo=`J(h{Env%
zulWuQKtuV5JAS1OSBzj5CjFUI@O}9Su$X`d`O7}Ql9CVu#*7d4<S8>sxP9DdUj(=J
z4x7;yal-^3F;Z_I4f(a(sbrh0D!X-!Htht!v%iVh6@N;<4e;rt-70ATaw01mI{66v
z#=DLo3<3mMx;Uxeg9saMVul0+yJpEQXUt(n$<iRkwtrxXk@wdTWtcauN9@-WM}MYA
z&@ukA8SoGzKsR{VuVjr*9O_;LVM69r54h_D9nhl^4fu?qNP>!v8kVjIaj#4X0`x#t
zUdrQx3V<~~=#m)dJX2<raqZY^m~{@&q&HB7maR+ay1`Qfa8s>ht^bH{z3o*!H|Ek_
zy<pBY9mmXnoN$DD`ZVxGH6+g_mXI%%kh15h>MtfsT(_JU0~>zU%$LPLf1wIl`c|60
z$Y7TPlp?{h{oQnsA(wKQPZLM#^Ih`aca$K&zyLY=4+BT0P%xw+dIhXHEBS!R_!1f^
ziKy4P9DCd-63K;J5IwMR-zNA&>~2itsoj`?$6Jos{F2e!&9OJT)7(F~#g;f*Gd7y<
zgb=SdhrdAWInG1>N!$FZx&DV39nSxr!1F)u5*yObKX<9$H!)CyJPL)>SEk8w?gZ+{
z2%k<=8AB&?2bD@XPLHkapSdKg#AG_@)Xjz#K^m29&fycrj1$Je_k|cP5-9#X2dS}l
zAHjM4a<iF({+^h}abnKr^VhKwT{*tm`mSfq)8%d#-hEgi&;8&u?JF<M{r4+#7!H;<
z*WrMMJ^$Zb<xQJreG32j^SGIp-o&5YxARVcG2E;Fk|h50!~XRz)<ht1PO>`$9Os@`
z;g2)9R6hLt8I6F2!on*NT%*dN{jm++@J;9Rv5g$1>#eKshMg&6aJU$YrY1#+;JSSe
z9<Bh6w_|?F+oAlf=1`mdfC)=v&TZxCiXq{%kk~$_JK9Q&5Byc|OK2Xv8PpcxR8b80
z3l7Kqmmd-yVUs5k*p2u*5LWWow=BwmB9&{$Cd?Ff2*7)ya721YLDDU^^Ta@i5B-Ml
zzT&~oq?k#E4loczPr9p?Y1a-y&KvNbA|4<Gl}YbawbTZ~AExMvPq5<mrEhCA5jrY-
zlCABV)NsE}+Nx*!T-zov*Z%ZU7W_8u76H>`lfOlFpU~iw=*%?KQxW79_zOBwQi06w
zw3nq+4ZoA~4vV5w5zs^t)(OYI2#i?bB4PvGsj9KKi1?Ysca)}ByMLxJjc@$(NSf6<
z!{>Hm8Ma$dr8vJI@=L9THN4701Ie0EUbH90)HbW<t~ua7dSI6F*<hSw%Xy@kHL(rF
zZguIDn2Twi$`~=1Y91T!SqNwDV*+PG(WZf9n@SdxFNrQKFXR|xqeX6zc3%U<ECgkd
zJJPV{(wyDZqg7#dwpOZ6s_;J|z>G3U)B59(-kUeEdq4PCdu;A7*jn2!gOyg7A1k*a
z|E1PxUg=<JQ?eAg3h3a>`wBtVVtvcD5#H(r1XN+=?LA_PGG=I81*)>n5AwRf8_jA)
znt+E1xG@)kMSe9@H=bBlaV-pAV^_=N9I06b$=#PXYY!wR?yl^0nMr7&xvpkg+Q+F+
zM<jmllgMFYdP>T85!bC0BHF`THugP(1g5WbPnh1X@lX<Pf&eW9j%zR!PtbpYHu@yM
zRo7v0*?WvZDQ33HYTAaD^2iYz)Ib06^?Wb(VKlobrB!NCu542&2UqCYULU)YM9C=|
zl3r))YMs|*SM6A?X@}dm22T;f+V?S(hcsmVpkcQX4=iYxJ`lLBzpJN9buQs(3Qj0>
zWcMN<$~4V~drgWMvBJc793<KD2D$tiY4dWVj|r}w^)X>Rg-Icu2lOX5TiN_HpkAhS
zxKoWn5$BJ+Dg}ne*sPl3LNZ&qM}|X4T|0==!at!B-_QG7a4LM_Ecn*f05b(EbcQe#
zU?CND3$kSl$V#NrD+o@hd?YA!%rLekA@Hf;mhw(gAWnGgMS2u~K1{BMkwjS9!--df
zTq}GnyT^HjkOH@l4pBAshzrz`4HdB4#Iw4K?*g$%@2ae(OTzXE1m+gwYP*di`r-%g
zl^aTE^LO0~Uk^TmFO7i$o{i7QoOoos**c}=O6Yx#SVieUda(+l%c~DxxrtWBF1xi$
zrncwsFXTX~fq1u%ZCnnJNP;EeDeff|=12npX+BS8F4RDioYP8!2FPd;zC-n@U>tW^
zET_f?<ZLIX->D|s&*;3aCj0&fy~`2C8Xd?Vg_XZ)^3iQo@wfi^wEn+Oe$U5~>4^%-
z!+3at(*O>XaCFO+V>@LKMcF+bE2BQZh$dRYo-=x+Lk?&<&`OPe9MGJ|XNDfLeQ}RC
z%x$Omm~-|nY3sRrH`aLdU!`Q6Sc7!wA#7`VzgNSNS&k!5#jhet7g2gV3P+!S{?E0d
z{;j2eB7`Ec&8%#QcQ~&Zg#_34#UrW@&MBvet(+4?cIFAa6_?9)(>N(9lAE5P<D+gF
zIF7f`$-SEHV6d4jVJxR~ZB!C(8D#$OZ!ap`Qek9SvjV33V@^wv!p$?ms^Y<OnMJ&D
z_c&&0M0_Fmrkk|;-B_9o{H^*vQru9fIgT%pP1MS@*3P#)bTozQqFs57z@+YiFCT_3
zO)%X4^5Fy@V%JBH)YmNR@$~40a!Azy7OP5U60F1a!;XXPMPJ!l;+t!@XLHu024B%#
zG<C%pgF^sfG}9mO!o2-K-S&iKo*P-h5vTMzmx(_IMJhb&+~}t^iP5Ew*@{sBdz6+b
zebi*LRfUl&sNvE7&S$wxGGIau5D`S(mz%x&ceId_M}HL^V5zyuVJK`M$@+hQmD~UN
z@AP>0X~cAZg!E->17!!$a^Przokg?Bn(D@9Hv&gQHRS2U`Pld*^p}xl>-SHZei4WQ
z!yUzkv;OS4#O5vF*W53DfA5ZC@js6n#_o1<b5Y$4<vKOC_rb>!i&`NKZWx;`)hg}Y
zCd#4vi5M#NNL5BH3bO2^$Ezq}(0gS4bXpK^Z25?Kk4I*)LHksdPD>c=7G&N+q42xD
z1EOUS(-0XF+nv8vc?-V!VXaj@t58(l#M*XVsR)rM)y*=ys*`5Xuybg4&{7ivT-||P
zY79@aX(g;(KhU7Ucd+0`HD<)4j^-*R>M@XtEZ-31j1FSN-n9~>2UmL9cJe~1eh~L|
zp>A&j`XPLr7IZBzm9U(VGs2x8@Vh8j2i1sftC`t6lE~;Qx}ba9HC7!ttF?lyw>n&5
zSyEY0K`O<cTa|?)-$W(aDvqn*Vx>TugpOo&uJuzL{TKm{kvw#=9KT9sG=a6Cj5-zC
zgh0(_nb+u+pqmAB0M5N81Ur#9Q**SJ55j_#eeAI{vGwMe8K{%NTa`{F<i;iCY8K;n
z!3P9jjn;L-6Buwwks)g%2|HakEn;7|GP#J5_#J@qbP8%o-KDH18WPd^;vQINaRu-=
zWA_WikIu`^2}e|B!_KF#tdn8s_-txd-3K-(zzQ)M_Gt7Os|A4Mjjl3YI$`3j$D4#E
zc!Q)Lm1G$Xcd`}JD4x>m2+w?0V(LkR-E>`;mf154zxGb#nxn7<OZ6T4Zxrx(G<OoO
zqGv|q-uP_$CA_F-b7<LMeM4a3b>95~PIn~;|0gBI@t>3w3j_Oq3mWM8H^p}__CE~h
zdKP%-g}F_2{g+rm6FE1se|K?>7&rA%K=K=n!ASbFng4f1Zy+olvO{weij8|$<wsQ=
z-L?P@jQ=npo+u1-xKor)Jon@B-&g1(LwNAG_cK-dV{a=o_4F;i{xNqv-1px@P{svs
zHJ>_?-=U|2Q|be583J~PNM>IE>b<O+>I}N<UGDV5pXKJy(Wg~t8qnaieHZGEk(=Ma
zyqtF^;E;b)JSDYDw}I=mmmYvqgj(F<AuirA4KrnDqWW7Qmv@X>uHMDSHC;=$M+;ox
z&S4?50(pLklz#?RZnc@Keg4(xRN20Mz}?UoUZ@F1fOb9AnAPFX31XxTrOlPJ5X1oD
zL(uv7*sA+UBNX+unc^OZbgegkFQDcj(?wIRiM=dHGXy}b8<W65AP3vjdK+MZ>Zx(!
z-y;shnhn^*dl`_d6z&n;w(t9eWiV8BV#&VOkL(yQ<jBHviRi?)PVEb_0nq5?Dhho+
zP%OhuCPn5?PpL<w=o!%sJC7ISy~IRmMDYM@$V{}>cmVmla<=9kdi=2X&t?^1dtH2Y
z6p6bZQL@l)yLdeaqhO>9S*8j>xk5raP!RL7;U)>01%Sc=Z2s0Rnszh!>EsD)Me9Nd
zB=8aJF^(Wy11wL95w}K=v~OM8G&-am8|s-fePN@mdBmhg0#t|_?0#Hfk5rG;@g2l$
zaw=UA{gZd!HP57$e4ok}@p>s(g{jh^P8WF#0}LdRtdq|fnLE#!51suvL@Q5s=AN;s
zDgYpX-osLHKzVjG*|dW^K6Q--@f|Q7Kog(=Xb`}LXursm!2vo>H!^$-BrL|P9{T{E
zOZ?kO>r7hwC-P8vPHDh@Lc)FEF93<D=qu90xE*Bk&)}o88=2S&9P#UhmQaGiNpwRy
zppX;bOF$dB)}wEW$Jj+{O-aZQ9?RB-w}l&WPaPXq4j&zKA;o>0AekY=9?c5PrOZdE
zEnCew332H?4Kx~ZU^EG12YEJ507wZw^oA9nb;?0o!z_`zM6ALCe?=dAO3qVtCq)wk
z0!4g)ld41MKLWL|VytVReIId7<;f;hm556nrYCH|RVzSK(VWj70WQebl~{DJY2TBj
z3=Bjl^{B`)EH}jbq5DjTN^&?>k+1H!7~%1v8DLpu5XY2x$}$LMHxE63P)?K@o*YT&
zJ;*^tQ28_)rVgKr@X}b8)s-?obVRs3M;{&DrQ1fIgQoVZnqt(<gvv3A^Xi0BW1gmU
z;`m6jP%;(mn`sX0Ga4wixwQFYie#}&Cpf;_Ni>~Wn&HT#VE`?Qi?H!0V;(M~0gbER
zR)O5+jW}u`b88Q_M1*wk#nqYYNh>N+Ior8p&{_92B`4OsvCUZpA<Wi9$Cfk7*a&O|
zeI(K*MGoGxzm>)by<M@abovWwOmIAV$H{jo2E1=o)~V}gJgcC6G;0cZVoy_1%{D|Z
z;qSeAY0#oXE0M1!F@bsQ%qKI}!41N{?J710R1(iL<9DbD9>-*)UV1dB$jc!!a`jB(
z`^iyl13Pf!UeZmJc4|v)wDW0Z9;&k(egCLWA0P~)qj%BtKrV8y7Zf*jr`9LQN7K|v
zPCb&y+9vs+!q{nJls=Hf5~4p@Ay9&AWM99-I%Ep->4mp$Exoa=@+5dJ_NQy1TB6wU
zDh}{}rfUcY9(ydTqHoTXO}IN|ol9d9-I|!h6Eu=P6!L$vd~yBp!-X}!YwgB-t{Wv2
zDHn}Tn=1nASs)0Ps=pDv^!#X4d=8-^7;)vCJ6e+BOI4sFlIZubg?{&qv?-DYHofFl
zZabzLQQsT`doem#Z=CtZ?brz=ja5<}eLP$2!%pK{hD${MbKqCeh^CX?h_*$U9z*8s
zhq3MZ=EIvXYttH3krnRHK+2>us%fflSepy5(BlQ44b~U3(WC%<acD)Ffzst?QJe<J
zp<joO6zps&To9!mz)Jy9?~h&@5nIf5MnKReetsXzjtqFExixYKD3?Eu#=nErl3c*P
z6C+G`GB7WT=ic*hlD>S^jR~J%jU{nb4BxgnC&MT>tE#zeZwwEKrQ)&?;#iKs=7r*h
zYhSqbx)&O?GtR^a`Tj21Vp2IRFGJm7-7O8tT~Wc3>ZZ0#2iHQ)r&nmxRrhD`y?bq#
z3&f*EGZ}j%>$;bq{<`F}{Wu|kU=a11V_PhwfCY5d!0EtIj<(2jlza-2^eG)Sn@`%D
zw`5Z4S+6Z{!9IVLp|ko$xWFALZKb~KO)y&Hd`imK9Cs+M;5R71;$W|0lJf{&Vs9EL
z&bdAnMp&p`3F#140>V_s;1$*LnI`oahvsrC_n2kw4ps#lD~(mYcp;eW<t`%dlj2U|
z*{A$OBoH*>Z4){46KeGEd1s|OvZSo`CBcwEDl2{}zNtACW?BggfP_5HXSET<`7Ewm
zy?El$Wo5Csy4i{5&A75R)Ju4|@kP67cOvSYM`@G-92}(*nL@1*u}8f`3wNT}G^pvj
zrh{juGTX3P$Qy$^JbJpJc}w6hIgulu0G8k`ixj8i9+OGWvsb==m+U3xeCl?zJV0Py
z@30LXh&X;e47D}M5GWNAr5~DBLz+^M4?q@B*2tZ9T0emiC*auJf<6+Uh6Z9IqMjiL
zq)v0tQN20IP)E>kkox1O6a<J1NInWkfq}Zihy!mo&V1<4{L`h)!@JwYUb6CZ`Th7i
z5lt?EV1yf;CGnsK2=p1|2I~M!W8{}2&;Zr)mG{x)wF?_ooPBNC;=XCHvRq5?2<2&X
zeMAt*3eA4Iy4Lud9bw?q+;x`F*{~*oDCF7LwpN?Wjabp9W0AI8>(Lx7tq6uh35d^;
zInwCXf?SwmG&zD_a-J3fzA))Md^b~jPe;e66YrUPoqgX_?MGv1$Bz#?9-GIRN|6<h
zOD{xp?Wk&~&2fPmQ%rci<9(L%fi>3=Km?Kh0n*-Hzv%CIJiY&AeE43DaW3a_2G(pg
z{a_)LJXh%E40DYM#;gO}_`3CBCcsPFQm|y;$G}{#ap^a9IrFMM-wa*&;(k77O^%gp
zto01Kp&=+FOq=!OOoHMz@EY2WK;suB1n)7shgYyP4muXgNxB=dPC%awDAswMh=@5s
zAC1)0bIDgySYjNPV!$W%d$tSOywc9&j7iZ=QO8$W?(Fp|+Qsx8;cB{p&NMsR-uExC
zbg0$xe-dv0%&z~<0%K(T?}zJpG-RDO+5Uz2s5_LRTagI?01*uA;Edjo*p}56<1jgj
z2}>(XsUe~I4ZHgLx&tPVk%q<5%8G*r65PEQ-n*d_kOn^WdZ7IJaT?==;y-GjAjp-V
zM+Af<-l6?zsxv1kM2zKqWxwG&;9-`^C@trvPz2L!nHy#OY7hN2b9?!SqKubD8X<f%
zqc#A%-b?&zbME`FD>qYTRy5o6YThjT?Zh_xBmbs|^JUCZjGoK^BV>XI_|EWDh%v%2
zDF{IVph6ib)X$XDXI|u(|7F^;Qp9+=<!{Z6wk&2ZK1Y$vG~F7;mGHfBR}M=ds$wAF
z^C8ni+U*S=ec14DGd&hdPC~BaU{TjYSzCS>c&iMLSpe%khyfXa5sO)}M4z}mG{dkg
z-2-&N^x!VaL?2+UIyH$+MVSO<Ge2l{#yoPlysI#=UCss!>T^j5(K*#O{mj3jla~Id
z>)IuU{@9lo>c=pWQ4(P0DE3{cVSe1*e49@n)SHO(LwyF>p<kkXMU4u>c?2aLD}e((
zXF!tXl+Z}fU<7;m&P184?j{`lq;E^%uy6c|!`*rN@l_lFk@uh+KmV>}-<RS(LM(P8
z*Gr&25usAReo~*Dv?-Y$uh$ZT^l8p(Bgw75fv#!yJIP(9o-zAn#==9+s?usDcr$R7
zv;;VSmhroZ64)xqXY>=C(=hQMtAvEiigE~>a`VK&e4@E$uG&#0wJH`2(@_$7t*N>h
z3W@*NETMC_0=3F_l~gz<y-CL$9e^aoewH-`F(V1SeB8VO1Gc6^UIJW2YhoZ2_M`8$
z-=69oX}!Glv`Y2Omb4(hLbrge(YDumh4;PP#2odhOTW&k{#Lld05NsVG@kxa(Slis
zJ^i<;2iA_q#vP>9JeWIGVCXpubziLOSG85o{H)>g;4}_GU*B;DkuwsMM2SwKIGey8
zNbL2*g~VQ~<p>{r%*daKH(X5MvIVsj`}L~q^8Ed4bu#{Oee`njeV9)tukX(qB<tW0
zgU-qO*T)dH#)bXc-OOKtS0N;EolFc9M#xmJ7!}1+-VH2Np)=OzQQiU`G(m}=F<UPS
za6JNS6r3wb1gI|ZwfaQE&9m<n>2iW}<jv$u-CAf{=WJSHGk_6E@Y)rWR&3L~A*Edf
zx>gLlHxKI&qs?UMke>PoCWR$8^0?_{E7AVnBUW^(RWsJUi*WZ%RWYxqUdW`3K^C~w
zhTKqV=?9Y{=^S)i$d_eZO47){V})(hm=FN{)oo;B1J|@%lz@^0LYSz)(qdtT=Un#-
zUy(fuU<ty4!BE2u=K});fp!=@i^e8<4NX%7ciUELw|G}jQ)sIr%IYeJ5%*a6`SNkS
zS9i?<TO(}~Hb(vva~h4%$*fFj9a+Y}@D)l?`f&@IkN_=J`E>#r)f8T2+5G^*%nHtE
z(H3c0#SQxGGaRQg-0?jHtZoB)I8jIlL!a#0_&|q7xIF~=HA<7|{dU|gf^aRi{7dxp
zt5w&{a^4JBiVqOCoWf1BU6q8cju~s!%dLveiYr`0%(xt<9qPMJ9$G@YFp{^eW1I_c
zgkgrkMJyhup~!^&kUbP46Qo*}efXml^vtVOgH1E%dyIsANEvR-R$BRai%UL(XLBjf
zQDuky$f6S_W$~%pK!C0BKZ0$zp=ETz8^Tf*(S)&l?ls{bKp<$3hb&$wVaw$aq=rJ-
zLPaQX;tbd4BJWIpzKLwHueS{P=$Di;+=Xnle}{BMqOBU{K=EGTYlTiQ6m0MIysa;q
zM+`k*J2%hja=YENH%QoSH&&N#DvEgs4$Zv}1cHcK-Rq4_zJOxzzd%U$0;VqH6_9n+
zIyQ;j?Q5SF!CeW7gj89E<K`0>lD&J|28$SU@*e``_J@9yD_sMrJU}dmw(qBNTtD^?
z4xG5IAu|;a3WgtJ+XxE(wN`q8h+K=#08sMTk>|!MMjtYKi@lW`VdBf#UYOKCQ=u~!
zIQ*hG96{<1bg}IcraaL<gy(Py3x3+>`e8es{4oNZeOpggZr3+<(lEx?$z(+BPY{ht
zzX|QC-&`NBY?d`>r+@zi(8|{^`VVi-zozd0{jFhQ`tQSddoVTQH%H#L`-0>_K{b$P
z2C96W8r`x$0JA+l6@~-*QO!vQQzV=vHaGQmZ!wgL(;C?6lxXU|PCjm|#h4=Y<iVI!
zg~T26V~`}Rg1*n!Kh23^7bxJr%)4+7I5$ioSPn%<8ut+PesA+6<9)dccW3VWy+5!1
zs53#k&?NCB4qWp(0M>UpIBJ9Sg|hecdboDIf4_{HBNBl%)7z6zQTzM?`5(@ZGa!I>
zj3K8Ie50(%B@s*;#+zJ-Nwln6)ePlb0RywQR`J;!aL{~Iaz5%f(qVcyo>lX%PpgHU
z#!d|SHK}T1ofbq&g6(~O53fkjPl}XAl<oS(2O+KafxuqyK=UokC>t2j8WjQ72D38*
z5(8ccxelFr(<>rL5I0LM=@g4ZSx_qDQPU^Oh-W^LAWt>O0C;2y<boV!Y8y%7S(F8)
z5XBo8;(}^3*i}A-RwoE>Ob6=etF(v$1w4&(`l`2xc*Xrp@I=5b4X#DFB4^fjGl9>j
z{-X=eGtIfdVi9d=pQdMde~s)9<l2IZ&w}UjZ^pxP3qLX@a`2$?CQw@GVQn?{+@V~T
zO~gtZylW15k>t}*A32IFqG_X`9~;#)nCLn-3QY5Y9~WC{JR|#a0fuwAO*?Qr<oC<t
z?V#3fJWlm`TYR3(p<X*?cjC`@lU&|+7{+hmzFX{@Wf-(Nh&QZ{kiGT>N}KpSS#Wo<
z$f-{z+s;47AhC22Eu$J!DO#lL{3)rxoqZlHG%qi|1RM9oQMag9v|M{T6liEXtjr@Z
z!xS+$Nbws)C5M-N835##=haY1kV?L@yTfV6qs%{WblGJk51Y8KEpE9MbFG%xbXhJS
z61GOx9osi>AysISl<|n(+UMDe!A5}x9f>S_q^{*sb)7Hxj(IYKT>Lj0@caiI#z&mX
z><z34XxxqGCzDlIYj$z3x@&OgL(swnvyE)ichRx7i#SHs|A<fw#Sb%&tw_W|h>=JM
z>p^iOLcj$HaS;v}o!Z>ORHs9YO?EKF@Om&2x~X~O>hI2t-|N_@^U>iSb+24C6cSX^
z`T#`r8frJwSHssCzAK701wF&LhkH@ABugNo@q3P}Q%2a#XpR{(5*{L45+ZrmkqD96
z=k`-u6QVxKEL$m&Y}w{k>XcTpG@;V-1v6`;b$Q#xXKSRt4Gakryr>OAq{t)1`gIK|
zBJ0JlQY4l!c#*lVh;R26vpl10GUk}5;N*E6^Xh_PEh(-OOOY_!4VV{6hHmOK5RxdZ
zt_^K|1zeA9cjgzR=H>U$I%0cE4QEnPf=6{6L*uwF*`vbwYH`r)2cro(`Rl@VP1{*|
ztWT7hjTh0>c*#<UR_`G3ivBysxknU<h-CB5!j&+vl79=25V4g_BjtzJr!qLaDQntU
zuwc~Z3@j}?=hpqsW{8z)v6)j+fE`b|s<?oy>Ggj5Z<rps5SqDKSl!tZ^d$C78>M`)
zKRDp0FCyZO*CI%i;X$26eFK!{@a5y+U0%Kw9BYaFi=3@9Ao1khc0X-LyC^3|&YG|1
zxM_$y@qQfKdT1w(<BS8#_#I9Ij%H%8mIaYjtkscx^y_sjW_U``1dkz=k0{ZQtKHPK
zb1OQId7rQ&Yd~-4JL5P!^5w`D_8^zny!H}#nL_$eGB^TC0TOcismFW*!fkSlm-3>6
zcbDIa+-eINNnQhp5w>}k0+E$Zlo-%i?n}vW2NT!SwLvxp6_1EyijDP&5Gl-6QAhDB
z2mkd%maJ-30Y*kFrC-1_3$coUfDB9ZA6Ed38Tb2<N{*&MmaFTbP0*LfCw8DwF-t=y
zuY`5hX*FZ(unhKcDe@->|0*hqhL5L;oobPl=P>;->161unn3*_ynozIbSru#;|k>q
zSQ9kHw9F3(hIgG39H7xXfa&OrW8MOH3@c+;>J}(Q<+(DhJ@TBkQdFdB{Gvh?5Z6qw
z^19T<p@C%*q4(^yuse|jW#`^%Qn(pB&f2Uw!G+fa=KW3-Mr2z>m413XwzcYf35cVI
z#6ec1Q=#L(WQTh&{$z_PazFmIlj81oMG`b$h1uRYK;&1{T15s^{~o=$!SlM@tNt3r
zAf1aUmUmecXK{z7UlT=vb|6>X>pTZ~_9@$K&F9r8lcVRcTfO_PtDZnrJBF%zc<i3|
z1+TlXv{KD8SM}ws+S(!fvv{BS$wiX4WWFhla2Py(=#G@#ng>NQ>MyDjK!h(E{3czv
zf09S<UibTaEl>Y@4cXe|*4_nz4`0jji^8-OK^Td4<OFvLLF*Y5C0hN!nYE5r*m?(A
z*V;GDzKllo=4f;QeapQWSv*5nH>;N(a$ugTeU*x@b#u6NniuzTR}zkRFqs%5;O!#p
zW8pjA_Oo#QVYlW@p4Hs8-zpRauYfI(2;l~x2B9MbkrD4Z=Xc?Lg9vA^t!?-{{2*yF
z{&}rIcfuZC^N6*MOze@l{a7m+kwSeN!`#W-fe6i}H$*`o*|{+y2ZKmvf#+lEzUuDL
znJQRe^cOCNUo9rU{trDM&tYTp4$tYrOwndvQWkU?ULHWc@}qF4$bMLo9>_OnKYrnA
z(5Rjy)M>BL4c!I&c4+QSe>a>4-d5bfxH&zuy=_dGwv|tZuBaF3=rK`JJQr8%ft{tm
zjEIOF6Eez}y1AO2r<Cwm$-BDFBU<*LDJLpfyn3ytx?j%B*M}6PXV@OPi;;+*XOYEe
zLlAE6!CvQ5%T8aWQ^OxyOk;TZqbXRu{pPW0)m=6+mlZ-v55y#Gh7y@09)?|w+hpNO
z-G@lTH4pU*GiUcBV?KiKkKRuIjE|lQ>+Is*k97ktW@AM)4@X)0T7OW_Cut!V*_sdL
zKH@ogFs+$g6pZ9Z(WJM*>Dy?B#M~Wpz|vPy+IKxDV;}vcg+6*SGM~i-j3<G2+a<Id
znj3Ghzz*xoALzw*l7|1Fdl>&kI{n{&?EhEbJ>&lac+d2|l63#S5s1qg+g7;j2)+FB
z1>|#yEPX)9(QI$E2n#yRtQ`#J1t>wfHsA|wx9m<fard1oZpe!|YvwE;ELp!f+gjKq
zNmjPm8h6^P&kZjsU4i*Y<;_b=$oB?IB0Zq<NQ-+4M(}b?B-3tt5=sYajV4RMcP29x
zn$kO5eykma*QC!;tS_B$$O7p|;uu~ika+3}J-1oj)nL>&kA#?$V5oNN608(o##MrX
zf)&BxO@+bW^=W&Mwe?6ZP)DAKXLM_>Hq8tRT>${i&ToKYH$XsH=vb#gjd$4qnwxu+
z6tH+hjcVYt%EV-2>JerX!k{!a1su&*LWX|^7Y~BP?>t2cq5>NShEPuk<p!MNsS(mw
zh$T?PyT;=TXo<k&zEHCXLDDZ2gt;jqo!I~eg7X3(FjB0DKO&G2VKD-+)QPl)X?cnT
z*Y`AuXbZ9g>r)lb4VWU05sYw|AfY(3<@SYNB}gRBh|TcUO%8DuDw@IG>+_&#NIW7F
zRU0CoV8jEGhHFGH5{0&i7M5ul(L1Ig(hMoD3<66+#v0*-y+QvP3c~Nyqx_f`1qg1`
z*y|GK5RW7H+z@XoKq+x7z=BDh2d^f_xWKYYl|$ea0cq_9t|lpvhzU1Bgdc&Sie~*Q
z9*KbLNgbIu5U8>0ggdK^aDtK!Ko!EHEjiG2B`0tHxN-@1U{$`_Zu~x6+W({7oA5`P
zgyGZi`F_3my<RN$1zF$6#D?!JPDcN6aY}kATTWK%<aLE&RsBc@)j7HL1OL0Zu`MSX
z6%`43biJ#i>-YBVkUX>SGkv+(?C<{OlYCR>_4=w0Zj=4%xOVM7+!7xB=hA}YFl+ng
zdjI2LaXEbG+144eI}fh!*YjuS_|!$MKY`AZ1-W+p(|gO^50o%4J&@lG0O@N7a3dVJ
zduhvdTzhnneut^5gMj&@U$p>pI`FTzTCNJPDa80Mp#}WmKf-YxBFn<4ps@1}7E2PU
zAU7C4cJs8s%hZ{tvO#Fg{Z=+G`XpI0nA9VUE7BBhN3b0ms9i$$mK0jQ2bXCcEEL{7
zCjTWfMsI~v8w1UgsMDWgM>}TQ8QT-o4qq5QHeK}opkgbBomRbH)^1AIfj_=Y>?PHA
zCyZ~J_I6<W>y&8y^6pWjcgZ<MfHXQxo5eFalwC`l3<rT;rMG4IriOzF*T`YjnG7b=
zA%xasFq+JUGy(qyW$zpvS@(DQ#%3iQ+qRRAZQJbFwr$(#*d5#M*tTunJnwzaJ?D=5
zjB|dsMvYN_SM9w&wbq*RJLio}yvCO+N(h}aMw>%l?XbWcD@sT;CKg*@?m4#9HWlY4
z#_yg}+QeoFh6ioah3VP))+v7@m$Jdbp2{StY&aOT@%dAn7LD;)@=pJF9?y@M5cIoY
z6Qj0Ps|nSl=#>b`WjLRDE3}@7R@N@NN&m84PImLWG}8=a4bcT@7_#2`?^=Ks&Q-yD
ziCThduFxtsc-qg4Q=o6%W1gdm^yOmtnU-n*oob+2Ev%*tNiXqUYMZDval&6k%Es7H
zpQ(d`#&i&*#oS3ObHV++(wA7k0@Wk_a0T5orpx>A*z)^>1v3c;U-Ea4VN#W}q^Zfo
zN0alTCsICo#lGsXLd&k@&5+&T()x+rPar<E(Y0Q=pJypOH#GX+-#7>S=D`zT{q**1
z5YSTaR(ni>;Vlzu*5C^i#d3l4FVtjWWc**K`9FeT894sq8juZ5t=PgLfKRSoFLBDE
z_v_~5o+*2{Y!NYOI;UKFyoi-))b1L{rp)b`l6SxUHF&=g%PgHuM)~P!&Dkw*IKz8<
z7)1mI8u9_E#9-mU<H<ORqWTWW?bqZQ-=w1pT5~E7oPJSZ^T_+#9?H$^k-&Qg;a7X=
z@2_`$rvb2paFUsEYIWeHd*i`zs#jFs_lFNe`i3oCACEp!hOm#%;*@oxC;Dr2(@g`v
zFhG(xRkRPdsT5`z*dfyIY^g%5r~z?_I1|XP=G@7$7`0&;woK-s-B=ra_jS{DOl@WJ
z<SW<3Ukr~@)?)H`th4i2Hz({kRok0#+e|6P$C=r!(f@bsSLShR9Z^&d-%$7UR;*eI
z0kokqx1%o`S+Pjl<o7h-U!9dd2+B&mA?ob^$jGSi1po=r>d_wLiJc^O<VD=d1B77x
zVdBB>+^=@xt<E+4ipxW!1cGw>#kExkLGWF_{FL2(!&cYpk<arv#33f$cpvzwVzbvR
z?%L|P?^JiuAN)j_sgV5D5e+7vn9N-)%x>DMgZ3J@u(6l=&KXy?8=0BkU9;V*C=>PP
z8(vRs^i7vY%b3@5I?87gcocAE33<X$-Q;WiWbO8DU<V^K=Cz(}$1Kg5xS`hyOgw$P
z;L;6eQiM3b6t=)w;v{J>K;0mhp~{a&?PYhd3ui<d9XbLJU=g6DnGt%6c*S|%dix6=
zX9VgO8`oECOmCdSOj>_{MrjEyM(`m#)5Y$osBdeS33sv8aoS4hqWD2(yl_y(M(yN-
zP@|ysl=zWR_%piT2Zxm(h3d*0*6~wUh^&r8_+|5Xf$GaXi-9RrKu@V~2(zZdwR3<0
ziwZO!tOJVt#%=aWnltw}9Xx(&n?P6kkWPN&DE@$+9*k>Vg1sp$aTxX7JR3EiNrK!L
z<9&q3!?ca+V3H*$YVXN5VZy4BWbhc|9Yk^?D5ake<)3zvC4|aux$p1qJ~!`Qi1=N;
zK9`(iL!L;=5N9@Faag;Jc*I1{aS9Y^i3)2B>I2yfC}ThzHy0p8r~(y?nJ7{A+ABmS
z+f(mUo~+M_H~G@&q{^Jb4hr5wAlOHNR+~{Y(<OGtYF_;}m_~<YthCc%jDSOovWi_x
zD6dEtn7~=b21Wsr4fW!Ibi;W)w_0Rge%eS9NmMJc(qd@ipDmTqdj`-gjIa(YK$Cyd
zpVaw6!HIIhTu7HI<Iz=OEra~FMQq$c3Wald=8|3z(5h9uCJZ7C*~gCi=Bp%!;K>iD
z`A~9bFRbt4Jo%rnL@5OXXYy0Pqjh!Czp^=RrYkMNQTZI@`$d_TE=`!D{Pi%2;!uyG
zmhmRC9}I1!zcRkV95y2ubtwp5g60i@6`mr1DQGrL{I>2^DLZvISL))bH8rTbsq5SJ
zpYGlzD9;-xSYYC+1xGxlT**ikDG5nK(1Ij)L^2ni{h3kM#7+TqPL2`h<BaqHJj6RK
zWw-r9v03leQ!Ek^S!$Q99Zo3qe4V{gdsvRYHGe0!t5rGH96YpW<ybA3z*h*dPM?Pr
zZ5=u_KqG8rNEWb7l6`t*CZ|%Z04gsXkGa{?ilvBcFMPZ~eV;*AZSzjRG*r{F6%5QQ
z{<elF<YI|NUaR7c5LnI>#pqNqAH=P~R30f1^6>tSdw4KHg+QMdEoBTI<-nw~cPy35
z*GdoQ+a@EnbHNY3$=lpqZ7Y683y$wm7_<U>pc;*kN@#T#GuY)Z+=ur~%fJMZm86l`
z2M+n=lSLZ@er00Y%40rfjrEu*Lr6az!OQWRz_}`+7ZV5~u_Bxl8oL#t!2Oy*xsT1l
z0HkeR;^Ql=#NL!l+4P(aKf67!4rHEgy%oJ|#inL-Ci++9%sM*K@TO_kSXJxk3~kEa
zwbueeE0gWzu}g*o;z>!1q)7w+Tt+Newm$w@QjhN;lRfEi&2&pPtxH@}wsF_rjjsc|
zy}d;0+b+&SPo!p^tP8fOf5x512)O2WbV-6j<OaV~HU?Q{q|LKNb?vz%Ozy0;JmImV
ztR}GS00wra1+|!(D1WL!60~C;Z5`v`Zu0#O#iA#&DP7QM@dNwrg0pFf;>Ls;(x*@!
zLj>r+Wef&gGs2BiAb(0DLl+Ey38NRH8YI9Gv_YI*0(6Ll!SDmXC=W`lF=%#W(-aJV
zXtadUyQQ7%UD#)epJfUnw<H`}a}QNz9Q_H^e$g4UK8?A6y`|>|Z5z%EdkFLxI<cG#
zCV)xI?l@ID>S`1IvcA+$ITo23pAR-Q-wxjPcW9_VQ^~U)qgp@CPa@C(6i-o*a<?;F
zC{UAO1Hx}~N@f2p6KYX6reR_~Rh%Q~(s<79)k^fQ#d0loo3ty{?VQG_#HJjs0S=iZ
zCRNi_3i0szm}Fv=5Re4r1BN?cG0FRb<%wA4VXR=rdc9%-N4=x^11&r)6H7L^yV85?
zq{$U(Fi8T6ia)n*MhEP!obsWGu1B8c_l(`#93k@MrRAMbsxMr&D%<|K@aH8{rX!sJ
z=g^Ii`s{ylC2hh&5dyXrHD=K5VWED1{(MMg(5ikKj?P{57`Fy}F(ER%25D~zz!GHU
zM9AznS=V4ghC9Q4!NOXtF<#d?W(2$sOV%=FNXusk;Rdr}%cmnQtkX{5r^@>RB2cmS
zzVbmpu($$(zDH9adgj6TXDJjh<&a8XOjkt-t%BUYD0UGC^&sEsV6=T%g0YC}4g$8D
zUoMjk^aj$6YTVzgPT3UA`r~@e=T0mS=z9AcqrN~ly|HfpZPCH>FGtjj3~U_#sgJEH
zb<Jjt11aR{1GO#5KW+SOhe>7?M2BX&YNMhF2{ltT=%I|OG1L1MHz9#oBL+oG)GsXI
z#McLbFJ_3O?^=wgfWlB+I7x}*N9^I*%wJ?hbpw=zREeiW@4tU{eMT}NF;0$o9lrQt
z#H)DC_sMBLTpMQa@xx-$_-DldlPTLEL-(VDR><Cww%yvkY0<tDywSBN5Gzj&owvwa
zzWsX4cRwJ6jpO2#+n!;pq%bK#9mT_@kn{JTjc7jSctd)tCL8pO2zMJNnli6xHfZ{`
zUwNBdtcOtmwnNIp2X2CY0Az<_HNYKT>uVOf=Fuz<Ib9z;Ga$TgV3@|DV%;AT&I8~=
z0n8XR1?HCi7y@nDZ9BI&0}&(wEuAF7@j$T{Ms`qa_^wlCR_HF!XGk2IKg<=A%r$;U
zyx_u~PXw~rnxlvpZ^L-Gtz2O=c&M)Vi)zo9#wh9RcPIF2OTVSjaFt1)cTa^xG`pV^
z0*-<Q=zNlcolc8*41*2B8)xa&cSe5IHz!zCIH)D7(S?LXp7UWB6+#n3P!{-M1w<hk
z_@rgGxT_gd7#ugP;5iq;6Ag9rA^l`YsysjJ^12?kRYG)06O2+aLwd{%uJL{>n@C;r
z!nI09T!iNUGx18SwrD8c2%d4l<dyBW?)<?z<gY9K$6?=PWV33v^(U0QEjyc>RQs{{
zjT`*myUOrfR!CCqODelztC&6jH)_8HIjY@K+n+ubxg|8P$bQLbZW%=>@t>SWEIR7_
z*{sMCEdU=yP*cYuk*aMu`m-$E;5=Rb1mSre`(=6(Fq8o>Z=(r>L@;WS(h~^lWgfr^
zzi{dA)G#X`TY<Ltt%W=%%GV2oO(8Z{W1e|w8$^Z!_>yyu64`<wpI8f9_W%ds(U*!d
z6mT_APtLG00W8*JK?3V#(o&}@REjU3OnsxA&|4Y8SfQ1emGTktmJa^wka3r5js6tG
zD|^fBjywAKS+pI-c`dycZq6Wf-o(S&d%nM0trf=&#M+sIp*QT}g@>_Nzo4E^lI6o0
zyyN-k;+S4pRc>S$V?mb@Jg$d$fp@^+Sdg0Fz2J4U=7P``ylf(OsqEOdLSiT<*+h>1
zOd5Xq)GS`^wNF1CTx|9bSLSgfw8+?Z>-_58buaCR^v=H&ifzYT7@yD0Y~roU<4?vA
z{dmEuIUfUO316R%i>7a?y!9X!lIkcwAK!?X2D3j_k!t~UXe9beZx<)bu^=c}YUUxH
zTqXAhNJQW)%PU8he6EI_{p$A|ai|o3Y{|<@ofbfmxc43@oGdhtKQ9k)C8U8Ai|$pC
z;i{625LJW2euQFV7^OhonnXKe1BmBOnC<Owwr#V%*O^ZbBY+BO{p%nn(ak_dVVWoB
z^1U<L?DA-&<7M=`JDqNv0n9Np?+a0&z8&u0=)?RkTOQ_bB>kuKNmdw_?PoyhIHG<$
z#xb<2$sHD?R3s%KXidf|FA_<9RfXBT(%_b%j0GJ@aP7eRJ5@~zr3olf!U+a0{?RNe
z)H(Ht>Dm_#^jqHR=a6f7G0MERpdBJT(o?&1&U~b9SIcyFb$vzry<f<hKB+RSgMhks
zTPapr?arLO^1+-%Ryc)pee;6G3;I@UqsJjW90nARx`~muSW^`^dKhv0>FV&Tv7()s
z1U2bZvwJ>|WlV*;E&&m?OZaO`j;#a8MWv1n`zTBLMy~fgc*l`0DN16QU&!SU3lkjP
zCcqJXm4F=!x+bsVxHOiJC7O8ji=yOFA>g1lKlY*!L7PHM+D3x$&#OE_sfg|J<c{}}
z4L1)Djh<tY)wdpCk4K>{G#6*}!!aY7J3_cD^)HC?2K@fLN7FBE@$Zw1bI8QsF`WN)
zQCR-vqA)UW{KwYj4K*p-HBqFlH#MZ=V6d@;t`?H$Zy2qJMC6I%9?YXc$W+r5ppIT6
z6MuCz(1#bC4Ci0wBN4#6njK}PXTNX|;e{aHh)W~)$BS`_5FP6Jv^;zG8{+KEH}LJe
z6mtFk(}LEj)kAS}`Sao947_ep$c#5@`OCz!u8k~wn21DCpyL9e11LSGV;OBT_w&%y
zyA%F%_0z>a*?__G&reO=>o>$_j>$cGkcu(tXZL8WC=XQPd@tZ;!!S`OIX_nkk|?#S
zM-A=~Iw(xp_mLJ?2#~tsZM29)_2H0C`5x7b<<fdWrO?(d^Wz~e4DK>KV&6G1!svG|
zo)In}gOQN>GIXF6BT)4n<QNR}`ChWHi1{ATFfaowh3<=nwSqU7%+bmg>(%o!3R}o)
zzkx+U;;oVFbK~ss23VlD5h(?#(pn5@(ge&XXC#N5*G|^LeH@}Z=mEt=6K~ta`f^3V
zU3TsUhVx=%7o+U6yay%N7og%<^*9~d6iZ52jpfAXI%T|oxMyop=S%)Is~Rx|YqT*Q
z?Det=uB)zQ^1M)o<q8HBo}j#Wod?Zqng~U6(`{y>bsc;oAEWog?5^LNG%=kBbLSQ7
zST9$8LtXEi#NePRY*IwUVQU3n`IUDTG(`#|#swIRs6sys3ZLf!$}k3boME_zATHb9
z$+#Q!7}AR5Pu5SqI<&{@ek%b^3ScCJk-&)wrI7qh(^FV}d^%HB6!1}}E1fW~^@d2w
zxI3Y}qDx+%ms%`dZn|7d7QW6U-1(N(7Pp#HTx<NeE2CBj0OLE{fgPGC?*_`{KS?C+
z0QHo)=jR70=712mk-ImArr7sQ1A=wI>w|qr0_3S$oQ31IN;aruy<$VpE0hhX9Q=v*
z-b}s-N6#%H&B!D9?4D7)|IQjGE{M%t6g|m4L<Vj6eBPu<36)SLC%JrjGp&RvG-h6i
z`2lABci|(hS8MRKSg}g>M7biEu)U%(O(Rlc%|(VkiFMbNAW3qBpFy;hPcv^72Q0`2
zW34!E^NPmCI+o34=h&~^@=V`6yEM~)&`#t1SCdpbcl77fdf<jUuT+Ie{pkA^pYOAu
zZg1POy{G&fUWTo;ZRri6%bt)I8!yj7<X@I(2n8K+h9P>#vn&P05Tdji)2Le-Z<<Nc
z)YS1tm@Y#C1e(gZM-eAn68W=gjmb{a{zeRwX3I7qUzZd4MYXeN4F`SLszy77S5q(|
zuMFl_>8YvXXL!e^fq}cMI$vrtg!AyMNlm*muBu;+hei4-Qd;yah-nCQ=Q>7fFQ`rU
z%Alq$d%BA-@~cy8&XWd1)a@nZSkC*s0K!l(X5G>8l}KZEafyfS;DgkA$C~|xUZg=P
zJ@3mMl{zY8R|;xrRXgYW^l4SdA0OG5x*BjQ-2uq*Gr?G($(t5Tqu^Z4rWu|r#ywkw
zzCik%;n4pEq<>4~U}R$dk2BE@)HVJA(sv>U!8AHdsj6qZ6qX2Zb9o?`dHm{_5&(mx
zH7Q(?q`yDp%i9c5l7v=666LL!K_5P~!O@GEn^|gC|Cty88I|#zGf8P5_Hy7Kqn^0F
zztHgK#Bi)d?%{66{s)Mte}l{X7rWVjWbV`M5$H>I)f8GPiCtRg`!x9!6*#qD2{*NB
z_}!?Eu8wxKsh;Z9R4o9`@JrpA^s4U7_W6ucj-kg<5cPFl?G-%j;w=WsKNRBvFJ}@H
z0pyadkPRe*@u{t<z2(Bf953~IW)+nElC3@sct+G(6>Zh9_Wo=!OxFV`&(8w(I}l$M
z<Z2UGmj*5ia<bLFWjJmabGp^>ryV3QkeEL#pKawwmk@{H`fnjfuYl`CP+_yX=|Y<Y
zVRi{`Uli8Z%xJ4Knl8$UV@q;dO}ikdv()?=V=7CH0f(S>F#7WeLXRLV8FW9;WAjQ3
zk>TQC66$(G>%{^dcH#7Lz1=3)S(+jpWXtn=rD6kGW@3TGXbrj|X=B6VCYJ7%k}(s+
z?uGh?SxrSgRqNL3!qaL!s%Qv}Ge6cbr2_yV#XZlS;?l1Ml{9$Oh{H=h$#^fTxYdRh
zV-$G`{i({J+<Ky^c3~`8L5M6Q6JUkmkek$>^<V&=bId46q`q_A#bcY;9s=R6zn-6Z
zGRLBvpx8l1IP=iV<ah$8K@*$;R-XIP<w{$f6UI3#g*eLxAV#1YalwR7LtVZlU~-S;
zf$}vM;Vm8s3K^%k99gw8O>_j7<Yl9whfpOba}lpmj1A{vG*Ef6=QPt9vi82Rf&ne%
z3_*kwf#?w1y5#!V#j#@gP<i$GHyaG+_t{XQemnxY&~Ow=r@wH7K*nr(zOVttp+PDx
z060`walso&29nz!2DM{DF+6$}6va@X^C?(O7qVgezJUDpq-in-l~t7kjWM$728%Vx
zTyp`i@Gn=$)kmDI^A|gB1DE$|l?+^T{LPHP_%hYH!(W$UbaHTs&Yh>XrGFe{RavaT
zPy~#sBqr&ivo(JeuB|7;Cu69n=uCwrh^}LWNh2d8RXr3oM8Gs4v&>toMR(SVcgR%j
z_Fd9m^eqPPdMx%$XeuOK;QckZZE(+CX%>32mC-(jHEC?rhLAn{e7O1WbP^05l)KB$
z@LK9zAZs5Znu(1w<PgN;(GHdKU(A>N(TkBgFG4O7unV-K^KunA&_KI;ZRhUO^*dVd
zS2!Zb^T_SEM$h^MGD}_bs)6Vj7wwr0GYk(tE-Nl$@l;Ow4)hudeY8%PIs-^79=PqQ
z|8FD!M%2ePq@Y_KctzV-oCOn%SWDW6JOQL+H>9i!>XZUvt|2r6Od4&hk%a7kgB}Vb
z0VWH@Ww*HKBUU%^AYs@$MOY#9_MpHzJ4gpjSmzKZf$Z9L`4#NwaY*%8#VP+H#$~{%
zuKnV@_lR!r&O;y<XuNk_O7JX&b*}iC1G9OcdHPZD>a9LDJ7g{9--8$9m=#ZNL+R9@
zkHlR^#~nkX)m0*0FDrdz4U+mzV@@(ysJ-<GyvXR=Pt_-^^hWmvzwt5)o6~^uXS6`>
z63&;y9M1Rq+x@^0a(Vvl1ILh0yWX(9LitiuIou(kpfVuYmY$f9w4OD1Mt=Ha1GqMO
z>zps;GYo)`XZ~V~r%st1Ms*Z(uqVz6|JjDZDi(kyi|dhoY3k(h-$=^N{{NL27@1lB
z<9gf;buGEQZ|~0c)Y?3{n1$)lX`Px1X&dT*#hMM_1#D%UJ=uVTcoe<WNzK*wK;0U2
z_&5mS4?s?O7H6vM6zAQ_K>xKE4-uuIx?7SGs`w?TYvCJmg8J@=W2}U0`4c9kO-P4s
z55>LB&yO!B;jBlADxcZeuQ{jt%b*}U6pApAU74e8@Tila$difo``Ev+vL$=;bFsvg
zKLS^Ce@7qU`g|ey{@DkD3_{PR$n$Ta@4X<nHU?uF&_oZ5CXZs|quxE!__WI|S`j>0
z`i5N1ymOiF{-;Q~nuIy{-v#Xhi{#RqAf`S+J*2&#Zr)oQ%33f&sET`&2k7UM+s(0l
zxRHWa74aQ+|0Oo;6}!&Bz!L*Wg2Kltp-XLlFZd9Dai{qatcQ~Uoa9)9Z3_Hv$TA+G
z@9p~WgkvaRtCESsv?aSS<ihk0jds;Midat%j61RBrs?;blB;bVG>?bJi$CmtHp3nW
zt^~XPksL#9N;`nV%kP%0f=EVJ{Z*XQ#Gu5?O~0hd(>b1UDyv~`rURRimn~4Ccu?20
zd#@t0mo73y_r+Q=s}>7BtKPwF@DqwcNE!yV*Y$)-LzUTt6xv*(&s~y3&kEdkIbVus
zv`~{^6u-d%J~WxP6o=M@0*)9JtRv-X22YusTR-p~N+2GIjFn6nNmyVsNCc{WXi-CZ
z$nKEkT2Ap#){kt^EgT*r+POFzWb}>c8j9Yxguy5a+sJ$TY!_8+bWxu(s{MDTeVvSe
zStg;ZboEIT!Fae8lqoB%m7~o|CQ4-uljtRxxDNOzKUuN>&A&f}&cg{j4~2dy6*1b%
zz{BK-hY$f;uV2nWe6x9R!ub5?$O=-!@U7s%2!h7<Xs5dCe;T2so+81ZLQ`~_<=5I5
zSleNs5<)<YVDI<+F!f4Ci)=0nSzTp@*=4;W?5bN*)Wr)S1OePuF<70$g9QjBB5o02
zD?2y>0ps;-kac4MGt4`G_BfLh|2)xl<qt*zW+EZ}QU}J=u(-{$?KV;&anHb<t;@Ze
zh6+~a9dw7Ad-k=@;T?bRvNz_uf)rAuLFaw-GDYXknJ;M+u2WYVPcK|xYpc{eJv4o)
zieQ2m(pWAF5xZi#J`QH;(r7a{XBpB+sR6#17Av2Tdmsq$R~hqO5@an6QA)B$V7Fwa
zQo}M^%|j)qSnr`#N7R?cmpAxb=2^X%!7`qQ-8xGB`~U;1&9B<C+E+a=h;S=LSiyj=
z`Kz;tg#S@v{*)oW3$aPiuB?#_``n;%4GO2a_xolgo+3ewq{C4ovHRef*x31e9sVu%
z3#flU>yM~)6{gJz%%pK;t}+DWiG#7P&Q%$|k#H(YFUHb<!&b%G+mqHreT}2$QC2()
zR1saE&Ak9`%9u&sq+-+PtVq`1E{k*ywZuLZ?SxZmnmR2XP`=Yt;^vdU3dNt*o*}Pm
zoyKT~e=5fo5Z>XpXB%J8Fy{U3<AxsBSoZr6HtU<o`GRlg5MU+HdL!vO-d(48F+(S8
zJ#s~u>DIgj5AK|O)SU7TyIA!zMSlN*hls!hDJSgE5{DK(0m?gO$a^(L2kN{2tTDfk
zFXES)IZHG1UHxq%P-gj?8XUJN>`rWh1OjyM3FMDRRP%Jgv}r$jz!{}#B_n9pi{Pk9
zrMT~6w|q{zxgouu4%bJyN^7DNUm-){pRV%^-sSyuIxn`ZtER3X=y1VTy{^D?dfg~D
z;E1Bn>v^y1UAsqtX)=oZWh7J#{3Cf|I1d|}qwZtp$)XgGsgKBsi8E8&_R`5IH{Df2
zj-}WWJx@7R-G2czGsC~_y_q=~|I-7J3w15qO!0pJ&A*CHL%WA*+9FbsoWN10>8!Rf
z;B7$_*|RLr$FILm@!efMG3j@)tntTNql#!SkTYxCwac-0p!Zq~2k<>x+jEm1+ZV>U
z@_K#(_uXC|Zp7PhQ|u)x!RT!K2peT+b};gFH5E2<sqwJM|8?+g<soDk3PB+)xI2-$
z4W9L}8R>rMWpCDu&VDz#^b*QU^G)cp7u7r9?ymqo>K6z|5OM*D<Iq_jFq_bP6jB1A
z#)qC<H`HN9N3$~V9qBSp@>Ll!Hrl1s29MpBZv)g~M@El8Q9&v70i)Y%qjR4{tP$$l
zSRlP#U1EPHq93}9;gN<!H7=SwDg(^XY%6w9AhI8EZ*Z)u*gGP0-x?5-2-4I5F@{m|
z$*jnxkCw5>-N>5AMv)wLmpHyMm@_wFwK~)Z*Dq7hNs?X)kOg(>&fzqyviuJW1~S#d
zT1tDL&HKjziki3*65zkYkOX4DC7LsnBqf(6W2ogY_BUxT-lwe2k11m?j%N^;!gRK8
zR#7{kiFncSf**wPGYWZbk9HV2X?aM)d{B6`^^sC=n#S;Wy`(WTbaob~G#xsN7n(#U
z!<VciPcQ|J^nXS)=h%*30VGv`I~lUzWY^bMJV>_`RqD+gxekKsjk5}=D$TNpsPg3t
zyfc~fv(WO@Z@tQdgbkPd>8{`)okFh?snk8bcl;bFAc0`I*VM$Iyn^{fCk7z9A?J$z
znir6y>|-um6<pIKXBi(UcSVS02>$}NBfgfd<@{1w4xFNl7Mf4MY)APPoUi+PHK6N*
zCc5}=C_*hEgvz)@yXiqw%Gz6R(L`fhEGN>U_-eywOwxy!sP8^xmhcQi662l)W?u>}
z^2$5FH3!pPKAQ&ew<Y`-OQz4I+nS8yW_2VWk+ODfToZcRiMG&pdN3)nJ`*k3P_%Wl
zH7V1Alfd!Dx<EV>4>1Y*8Cf!x67+354D2WH{7;D7oA1zq0VzMtCN8)~TIB}(HhNfS
z`fzE;#Urh*ecBo(9~vu-GgOO>q^Uulq54&ps{$rYze~lG*St|S>E%-V6N?JiDqz3)
z*&j!(GHs?r&Q(#n#{i0CDux$zD%Ob5o#D&Ko3_nHOtH4!>1+x}<xg+`X`(R~GA2}?
zS9pST`|E{YIg|)Z9Y`SD+W93#&?joh#MqY)$5(tIwdPSS7}!hRKw;hxyNOK*&Hii2
zw#jC+gGT`zME;eEe@@TE*tZE|&zaF!Z@s@8$Rh2AV}IorQXJ5Wo2_h46TO*`t)7O5
z)HxooCUYs#ZvQc&kHtMT9U5Zru`B@)b23@4E3tl6G$^M4rMjQs#86T|P5_isGKIYv
z&RDxLDKuQ>4V`6Vi5{Y^Ew01q>sQrcoi&=N-1)HC+FzNp#G%JF%9mf=tT8rb-uO}t
zluEr-f3wB&*<EY=2xmiQag+)ftuvZJj<L9hVBO{CmMUGajY{jw#I@?or~S=8H))`q
z2lZC4tk|Lgg9p3OAVH2^YF=FoE)fc^&~e;_OhluU?v9RP@n^6#i8sk>YoIGL3JhvC
zTOr;?@#3E<aq|B#5uF(~espaDxmNJ@SlIJ*0_9pUTYzt#`8w$K>>1oXx(06Gs?XFR
ziD;tv{)S}d+)RympukF<%G@L-N%({&8J=`PmvPg22)qu>cdtzyYlh)x3hRcQxp-S#
z458zo&Uo~2@i)DUX=vyF>dyFTT<G{BHMx2UClIWS`HIvdpT9y%;vkeH!WtK+2wZaG
z1CdyU>EH1R5A^BkaVNtqoTk+B{s?`?t3a0s6Z9EgZx_9Mq5BIH?r92LoFkhmh~L}4
z(enw6hd0#sF92s^_+N7&{<qdg*8j))$i(uUCh=dd|FiXRLsKRery05Ps^-|p;e=2F
zp9UlV*tbW*4~)SIKMSg_AahbRXt{mtm&x)MZ|wTXf+SWn$Kr89|D~#<<#G*P<e=Kd
zUf^9Iw%7GDX&IIQ)Yw9vzc%)c|Mv+Sgrqe;glTyQf|Y7C2UPFYcRh(3M(wvJO(M|3
z8QLbSD@K2c!kPpw#f#NVT;j$&ipz!=WV})H`JgOXL|uW={a5M(IxuT67iMrT^TG=#
zfkUN{wvmOvg0HYJ1Z@7sR<beF)M^?+i_wD-*k3EPr1JP*;&ccCBS@TC1E=t5y+}4=
zQ@vqeph_ZoVgNX6Sq!F7!T}uVRV33|V>Rf0LRJvy&ru|GdCU<@9q0&9WcK-%D&-!3
zMl{P>e`-`3pvs_8E$LkdgtB^4JnBRcjs%9<AvVVWB9Rd0sQt46btGAJV~FrwpbUW)
zjxu6sQ7x0;17u4Rl^)EH0&FliT}B4UFl#7gB(%6ztksY{f~X>iH1!r*)=Sb|sxt*h
zg(@@-WGPm_x|+^7F>+CKNrWDxiS>+#vAhwiQkg;|3g^C8B!c-u0=xdKxV6a*qp|t{
zycDw0xG9a2^eheD1TmC48wO!7Mx+TUb_WZ_Qsbe8z9fV+N+^(je^C`ITYy9#(x<JY
zb*ZLmD1!<dD@akw;25_!qh$xN_XO1yzfqYro!1aT%k^kd4+vpR?LabOktmU#zkiNX
z_fjnYTEq2We{|t;Z7s8XXEf2^$$G<1oR!^6kDi~Hf=k;^0uG0cpA6!Xz7~{*$E#$p
zRc9XR!^OXNK=-HD5Mst9`SWgM#fIzK+PhFIb`C=ORo9El@`t)lJ9duFj^2;W*zRtc
z=i&Pf?Tapmc?ZX*^2H#wyM@cQ+tbGf-c+?GmHg<BLK^y#8XI5i995bG<4VdvR!rKT
z{U0Si$;yKBL>f1aGk46X4dD0WzTVLpVoIK~?u_~}Hak9Fj?D0#VyZcZkHtcjFCA2q
zXKFFuva+#}MN(@RqBotnm_I$1F!3YC)EyhgF~d0}PlNm=gAYzfh+7ye=&>p6jP_kY
z&PQLH9pCIBd^u+5<JX>^yttbK`KX&gr&3%UJ%zTC*J88zGS-H(Fg1cT7mm(<NmB&r
zOeFwJo9<HYF0k(1tm*51ITaBE-;YL$W`mbe=h7pQ;X@~Ws;9Nn+uGPLp3HgLs~E6a
zJ2MzFUm|ydR(d~LJoTTwRO@_w3{Lu1yXb9Prq<gwyZ&|Y-T1J6dQjS;quPy9M~OvF
zfH=Ctzy-?)nh_|p4=WV$UrUW1#1Glfv+?b~t%dUS=<4?VxPA4Ynse~>esg%eI&=8&
zlJt>0onNeEn#-t{%|R&|+qXU(@vX+u17lJi#fWdgHl;Xa6oAU<dq1`L;@ax;V%5>3
zf79Cn{+>JjDT8v8RX@&Hjig?NswDmg?qQoy;K1RUeF(SEV}L!%vuGI8D>TU{gIrFT
zgHE4YF!k+RZG?s${R{J%m%wNHEijC4%thmf#uBwTL+UO<Maoj6On5wzHqsNW%i5Dy
zEcBX_Yd@?(Sio@b@AgCiG5!xCu`I$4vD3k*l%kId$B-uR`Ebq_s8#~+sbi>N<HeH+
zB%)tT?OE|byFzO5!%2sDNo*M=b%kvo{i`J|kkVogKa*m(3;aK?feT(gfeYSGAjQ{X
zV7W0mqObeKxiBD47Cklsk$L+G3-J<~9v{l5dpW#>%DJDFXVxr+?oXfed?;Pt&@qeu
zu0`OYXB7j`NIqGLoqw3*!a1+gqtkdRh|yd_WMvuD<U)MvUU&w++k=zXpZ?Nd(p>Cm
zZDEp-<tpYRSHIjnisqW9v;uRwc-DIIFMxP%7?o=*s2a*otJ){^m|zskph0ILaBPB2
zuw_XY1$BU7;X3bD8sT1PW@=TZnJ9LHC)36VrI>P;tltLf<akSvKjq=-VNiqz2HA?5
zBHL1sHuyudOJ;Rk*|4PTR)RWt@DM;nx_vEy#kM`an(78{BYy%(7^PHYK^?L-<&#oh
zB+W=Mkx2dP6@EN}JSN&jl0`vcmdMwtO(C~j7R>xZjt=WUc`v?$${XSqafJO*j_}IZ
zH$5P?fX)!E8XYnE@>fQcK6qcj=g)&;hmc#3^LK><=K&4-vBWc{6ptvkQ%BRji4yOr
zpcKu(D<{=nb2P4Op`Wi@jF2RD-hFFFG=4iCW}=iPTbvE-c&({su`VH8qw?$tU!Z?!
z@giH~7OYd<VUYITh%T>L9+ZT$tmJ@=Jz)selz?U?myNTn>Sft9erHzB$t;>LM_C^}
z>tB=pz?Y9wS*7BFFGJiWe1O+UaOlhVQw@`%_r2#^>GpQXvpG5CxzDA`GR*{?`bjFn
z&oOv+pn|gNw^&ABEs6*prnT@{a&*qo<I5YL3F@R6lVer4vgq9RP(QSL3Y+>6a1_Fy
z3+NWeCK@y62yY8~_!VAgaoaOK*C-!y{^+PXPs<!S&WGJQ6gqqNK)a)^_iVn+$iW-=
zU_wb~>{6X{t|ACyx{^YH>Nt9tAQMoKHj6!v#C{Bzm6-q8YU5s<lv+P9DmP|DN~;`^
zdD}K|;^+irQ>kP4Q$q2q<zu8bcerh0S{N>#@UHQB-+NbhMJ^-<V)rbea>+;yPd>4R
zOGvihQr~-*h^4HOl(B|`6iRDeBQ6>3&jMYIENx7sEfrk(K`H8Aqm9YB>8OTghSnrY
z%kv0|S8Po)Ejm2|Jb8So3Celg${J=1;<JGfyn<J4hSsd?D#h*&I|=iTX_V{IMe&-g
zek7sZq&t`>D6Z|n+agikDbCbm_xL>fWcQp~6A3v{#Jt|t?4b3;qvJ*AWKxm)Ug@!T
zvu*&bi6qnT_>$8Mm7Bbd1%2YFqmuIY-7HUg{S;R!iSqPC2@~WW(jsskB&`;Ly%E@o
zt*vGLLS&;vr95s9*M`3+;Ei$AWtQ}kc7Q6I{C(B?uB!)Kg}=w0c-+2?Ph7i|VRc>F
zrw%EaRj=BZouWLis$XG_-iO(3*~Qh0<WX<G#j<w<XroHSvZo3P=VUSRB^#Dc&f!nf
zOXoCB(IL1P3pX%2uYweoNP@mXMWff_m;Rj0=`F1;2Ce+poAilOcS%q)Kq%|3uz=JU
zWN|JQCG{gx&ysU>i>HPj@lLSOGy}E<nCtgMk$ZYaCSc&kYgF>ox>9ds6{#UQD!>Eg
zrac+8^2%24b5pYPb|3vt_owl}F2O16Jwn89dPkPl4j!YC(MMXLKHbu-_5LA)+}E-k
zW`WTOxQj~?eOT%34N{p#tfW<;r>B3)M=t(lrO3?4`fq2k|M_t6hPt)wcM!!tt(f|H
z#`*;k@qjXYj5u1UnF8##fsc9A5Tdzo1`P*NPK~dR82Wn3m6(N+k<ea#L5X2c_e;)A
ziSNT$V!R!~0*+fjw1PBddaZ14P9Yq}EVoC!>2Bq>M$|c}#f=_ux2K%fx5Fs)3xVIf
zcK2Uw+?l$_J2Oy&64D(jfDS+BmOI0yYu=aCC3Llh(W8}i=1SDSRX$U#Nyzt4Y@h6X
zC`clD0STO;F<!{#z2!aV5hSCZf-@v}Nv~&Q+4QHwFMNse&$nk@glF&e01=<nLlsWj
z=y@3}Tc-A|6e*2yro==7u(djTnJ_tL5~SYLD#!2Q%Q&b%X1TmZw!nWkfn!*ZHxpB|
z-D$qPWT=b5u6se@$bKdKp}w|O+I3<W1vCg7J%#~x^z|e#8zU_!m=ALj{O@R4Q`CQ`
z3|QHlK_pvZe%PGYh1>NxJF@a)cmhZF%4Dv=1}Zm*M89aLPz9~A(BIu|^2kN@(Ucb>
zTi_S9)~zR{_iY_Q#i98mW5d_mL^)9&2+~D~Ypq19SfjC7I2s7W$|z1=Ha2R_y=jgm
zvy8<@ICzLa_68&2?2)zP-ZD|M!J3mm+mjH+;@n0=Z_`6M*$-&ULK{CUIco_d+=^)w
zhJwO;3nyvLx7``2_v*mdEn-lT1>#CX1jqt}6wrA@!iEy|=}mFYSVNyGbde%+;|FxV
zlen7v&7dQ#&ijsA;i2))Rg`P4Xpd^1((=`GfXE}N;xA0$N!bao9J3<~2ZYxtI|kD<
zZ%}-oILJp95sfV1VC)7MvK##5QDI)OIE+;kihAxEIe;O4Ly7Ia^(=GlEn|m@3nIby
zF9{E5my7*Aj?Y6n-7UUfUcnwkMyN!s2@iW$%Z^yDIei2pna08J=9GvM$cK9@<g&*h
zg&VYUdW<1HRtV!y-3|Ap%qK;C#R#1{QDoD|u6dyJF4*wn+TQ-k->|}t`f1F!zU=3-
z^wE3X{d~Q+KB0DI*sh0N`^k#9P@;Y>sBWvQv*v9wS28`6NsQ5WqGOO+wvbl6<P2We
zqbURV2Mc4KC^%SQ>^+)Q*#%SFl0ywq^ufg(KGnt6#P-~z*CWlfMeV|WM1?HutHIll
zR2%BD(M;93Fvw(0Zc`6`t6Pj%ld5Td!=9aGeW7z6&^)`4X5Hw!ZhH74$T{%q6hnbj
zkYQ*zCcv%R8o^R8dtTlvaMkzmoSP9bHy7U`r+msl*<bsquO$QO^vR;aTU;x(pgshk
z$@-IwVGHX@MX9lZY~*Mv5U-p|jRBS1re3*iXq&^T9h5<6LP0PASwCb8<S_mac2FqK
zLy!qi0jL-g^+AFlbP=(TQk&(3gT)&5KxcfjkW9$UH_nriHI~JOA0_Z8;0wcN({OC8
z5hL7wZtUTg(+Y=Ewv88<E`i)_|LCbS?sw5&?(ly5wY4gJU-MaS`_!1XrSY0GZbyc|
z+KJ|qe-7)JF<SEG1<qADv`yxl3*0aKTT@>QcSYo)$KFnw{Pk6v1og!Q3yx@h8C8q%
zL|h#>f?yu}31LXRB?=*AshFs|zwlXe$tRU_R<CvbWo9tyHMby%lnlfSSLJib5udV-
z{B)}Y>3!q1r&XuH>Z3B*uA15GZ@Onb`zvq40Q<a&W-o%7TtSK(!z4QlYgau%b+D`P
zI&RVMU+kj2uZk}s256;|54oqjz?zix(1%-<4}T^cz}*+?q_3n?t26=}`_n!_p&X8%
z|BbmU4FAg9|2Y48Lw(I=oejzRNe${a60NkQNIX30yIt*!OFRy(tkYdGAehG9I=`*b
zIef4C>bgKj!gI8(PA>vnHHighDvL7<GlB!dXMk{B3>7lwuNSJrA<5uMKjv=Q-bfv~
ztyjgNIb}&`rLSMS-6hV$*FVVBt=Ysr{<5}b>n7^U2Zkw(<B0sB4s7IWIY{Kp+xic3
zBUe%f{~Nhz*pr^;-^lIUhlT)?4Jw#MTzJL#Zlw$rBM_Q61<rIwh3#D*Z;3YeK3<($
z)R}ep!_u6(FmV^0=@d+3#_(&8twPe8QT?@+v0#Y~4A9lIJ%@f?bbX1tEkeA*V=>xi
z04xGr$S{?i>CcS;%mJg_(oy#qieL~{KaJ0Y1PEfs%d<Na@xQ9hbW2~<OZ}Sgx*Yp$
z!gv>koqCf!AL7`o)3lAevnasal|ucE_4q<0X}|s$F`?SAkn=vExqAx=$HXzi#AFS3
zv&~_58;FH5s6S6=vnpz2Si;`Ti_fa*GX!Tt;;D)yOsquKCgiGrFxAN?W$GRPsA*<8
zh3i|(idB1|vNne>X=?-rx9<_MJP*A}L(#waOiU77%UBYE;7ABVa18&!t>-_uorfiP
zm}{#d;9pVGD17?~BNEgX_wbEdw<ru?lolbVhyeb%USePYUWyyP2cr6*TH!~bC#ppE
z)hLj5c!uJ@KmJC@u$5PR$1mq7Jn0p`bhk9R^sc6bV?7`}xUlw9H4OT-o29UU^7eup
zt$r!``R{kAJz*MI40am@`$_Y&sluW2f<wm!<@xm`6X{K(2NNaNnou3Q&xK?7eg9DD
zM+UVzJ}uYg81f+DWNtr@_M49Y{y-lF&xOJmG+tOxUHsC*H3)re?UN1r!Za8{z{Pyh
zVH*#_vfktucFC*n_N)F}K~Ty>-^+HuDSx#iyK%nM3W;;mCh8<HE5!WE=U2^;Re8i@
zCB99iYxh}!zI5w1Y<Yr$lE)Ql45F<sE9m6JJ}cXKY%UTsRvH;mZx4Y8ti3YV46Im(
zm<w2X@r@z5D-Gf_iYG441x@f{T5Q@MzHiy;^S<J2trbXa!a6ilZ=`aU*dwNom5!<N
zwfwi{RjLYAF@dH%ivKnczz?PjY60Ft2HM;-Au15!o^T29UHl+jCwML9dWkG*kfLsS
zxu6XgFcWO+`&clcN>{tm$N~#B?AC}+jg_Qd`|s|$^l!6ypx<}{q>sgnY^zN{T>9*4
z{yf=p8<$lYNd1@$gR9&k%p9?GXxNZ)IR!dJ9^kT@MiA>CDO--_|EX^8dP}wcYMsFg
zQtS(oR1nIvFtM)Zsq%zIgn+v>-p^V2WJ;Y8mjm=0qfdg|E~CEpZPhz1orYiiI@R=0
z{{@$VvOur{B&ol8Cw&4(U^Ir`oSMPzfJ4F^Y*_qpmL%C?$Cm5^-v%1UsCPl)lh0rs
z6(!0u74pxmamVjqvzet-CnrTUcdU+6TBEhT%}ujO8_%24iLi@EZjJIEZ=3omYJ-j4
zrMKF)bz*Bk3}H|vtvtC-oSul9sIMGoxW|;S&T)5r12#Dmd~DOh6G|HB8Zo0dh8O8d
zhaK{pTN$*uP43L0MwJouTw_$NFWW5Tz0KsaJLGBEh}giPwR}enA)kH%;V1=RO8Gqb
zG=j@V1khp|cFS<#`fG5#&x)9$gszK+pK=d4Lb`LhrDhYI8Wr>y)zVDCo`5y}vz422
zR-szE)8+04r9tt3rS89US~9Y7{Kw<olmD-kZl0+~JfPSRBaT&SCV!)C=xrX=-(s$g
zVOa4Yf$i;~eNUmDWV|kQu^)+mEBm`;@H)m7)s^RY4?&F=MR)so)+|3^>izQk4pS-T
z)^M1&<U>u{tf+|4r2krdf1T_3YXP%)^>_5Ex!Bj=hK8e59tYu`K92n<D`;Jy3){{#
z+APG&!MD5dmHoZ*C1%8LSxe8f>JYj6%dcDX7V2BpGPOSr{iWx>W^i1JVa%a{n3f?O
zjAWxr#vZx*c}SPOW$b?2y2$?H!+|y3p*h2@x%5aF>(R4wK6rED0W8X+&oQt^7<kjy
z2G^2C6gkpsZy_``r@?Q_2OLfWhf^<VKbsh|7lhJJms>3x=_iCA;r6wgi4hDgU3y&p
z7ChDd#F@ws$j`3Q7Ka)tsNvZ)`L;C%pudg;R%in*Yg2^h91c<y5GU?U>Cf?6q$gw>
z>i~L<n)t8{D~TwJ;&AoFO!wqIz+Fl|u|q==%W(n8qv%<%?s78b&$)K5sw)<8swGVy
z&zN!DSt-#rr}#XNic&hQR4B-TuRiD3d}EB4J1It}Wpruih^J5|X1yg?nSd-;FoPr1
z^CGbTzL-))>CqPCG;~Dw<ld&Dr#Afx<Y0w~K6$oVzM1O#TOc%wP)9UKe~AD}M2<Uw
zQRRV&YiV;*6%g+8&`Xo@rO5i`&NXYa0wZiD>J$O`d&^wUSd)-^EZgyW+X+U%Fo43w
znzqB&`Ou4@*a!g5Cg)paBmarfU1Dr9=3QE(A8XW(hVSTH#38A(;C|+VU3CtO%2d3%
z(fY_!N51NR0VP{nWzFQQyw3xdMqZ#atgEy^lOT!D4+P*v-I+t$)&k>#i0v1!M;p8;
zvu}9}S}!^{?Uo1}T18<J$ieaVbmT!hx!nQ6fO*xz@nL7+3W@C}RfTKY4M!n<5tb=0
zMJNt2%%ShXjIQb|Oze-HFH>k)z_zLioeG-<g_~#3Mb>{FX&^NG9E}YrJOgGTfa&@P
zI(^@z$iaXp{9U!+g0~zK9M!L1YWO7BpVl-q12Y^5t1}hJ!oIick31bHh$4prY!IRg
zc;U+dS!?|p@OXKe1@W0`Y9plCc66nS@-0q^TFc}Mw~n1Y^lj2oRCeeZRWQ?l`Vl6`
zS;|NyB&bW|plj$BRn=N2g#o%!R1|y8r=L=?yy2fCmLV0iu^gFQhy%}o3xPXGd@OP^
zD+{(fTQc5(4*#ILk*@prH517y#zeL98jE4zd%M8ZM^g9l>u50p`?94=(mTyXcs0fu
z&iABFB*q=3-4W8}@68%Q>?MOQ+pO67cDXY{tbkAKC>!cWBLerJ3fnYfi=WA8pl2Lg
zBrC%g<A-1oEq(s70D@jeq?Qpj<9mI*1V~C*;zzMj*B30rqsa&>zoX7lQKISD*()BK
zxeZ2c7zb*Nf?D$1nd6G$6=6$m{f3o^3c?%5+7K<DSY%D6tR8S;(A}1MwG6n?<UVmI
z?Wnx#SR01mBo^*5E)_l874Q(p_%!w`(sYbYm+j1dJ7X$jL6&6fefv&xqcB#O$5qUH
zaoR@IZfUXN{;?A|sHM<W<*c|0S7az`$Z1HQAU!5KtW`3}!C_h(KOTXsGX4H;^G2Y;
z{$%}x;ey>^7GX13XLOm-_nY=?gSD>td0uP6WR4Aurz)AdCNn_N#bY9-PK+ytF@QG8
zGiOPg^~tBp{ieWNtPp)N|5n411Y4pZyzHkvUw%rc<XXc9PWgsVhnC&ktV@o2#NK&U
z$~ywDz+1%)XhIIi16o;$LHc9;!-5OaoZ3y%$_C0_JIMVW9YYuR;Z5X)ovOct!9Ls5
zu{s;f<8m?@B(gk_GXCkf1ei|M$vc>dqH|_3-L_vVwI_#EDx5s+!|U4&Quqhb#k#Mn
zUqo8e!V{3i)+D+uQ~pcZz0Nk1X;OQSvJ}A))wnN_ivyp_2lw3xlhu9Gdk{&c*>b~b
zfDNoWT>6FDN%mD6aMa6Z_e;5D*Os6Vj7H@)UiXI=H7G|!|K$KC_*yv1FXj>`n;}#$
z-$<`ZIu@5>@iw(qcU#%)fp7CG*?5GwoejnuUn4WL>%aZ`d`El!&oGkz9;@g0A6X*=
z|7XSRPqK{M9>YHqZa;WSLb*OAckPT$(4e8sT~Bg=R8|IxXATQV=)!!vjkqbz&GW@8
zsaTCXd3-)5mP^8VVu`RACnWsR^f{uyB*$m=pu|Xs7*BZ<H%ijYI)hk6wghU05l7zj
zVt%1}&xYp0?fPcMzGEhbL2^V1MI1`W1G9OmF#escV*haF&5XS|QX@755n8^wv)%`7
z^X;p7;t}BYGsFp{VL1~c;D%E`{mv(<fZTEG3s36HB;x|kbi5K}&s4U>I>?yw;4zq$
zVlOTq(mxhHayI!9I6GVw#@m*p&Q!7en3D%LRPBczOX|^-Lka*M_TSb=KQ^t!4FHbu
zhs_;#y$?lAynwI^!bJEkV}`m}w5}h?_$`uN6zP%8V>7=SW2bO%VR2(TP(h~GMboH&
z*gHtTQHUcZ048X)&MoM6#F|6^%zWmJP+9VKYB4lrU4o$~oKYHtf=kw*VLdoAn)HcH
z#o|Wu-Xr;!S+R2~U6N|LIZVy?{6nk8cHhH-<%km4IH@<#&d(!{1MPN9P?1GK){Er&
z+-})@Spff4kQ5McXiNWIOCq1D$i{JCQdyDu*f!YMJ@J?esk!QEpp;QS8Jt|`8&(-^
z4`8!RLC(F?-1%nrRV$lC2ccz;wz)&j1RdAxDUS+82A2#SmVmswfH%KWFE+^NHQeF6
zxvMg>{sJ<&kd0!DJ<dvR^M{#^GrM#K>fq@6zP%5AmK~Kp??=Ka^F?83=8zrV%r)P%
zbou4`72e(x!yR73vLTx`CMt^K*kJ`7{K}LFey<2$$>y03$f<|5`&usKouZRkbbOK%
zs5hyrn90g~@!jl);dmQ`1@i%C4c>ZMD;unHlh9nQJ+E|rPo1Axj1bx0C3uTb()r|y
zMCqT`px0v0{`dK>jq;KQ=7l78fl|b>oTABb%_Sdmm#a(0<dcGjJF4LFy9k+*sNAdf
zJf>SZWVb(G0p0HCfg?y?0~Nov_+%Br_QIqZQ0NS$)xmN&g2G&c_-v;9bKp8)D@Iq8
zh@+H{4p)~-a^2GF+Znw3+Wiw4>CA0fetYjMuZ${kqo7{ep5qfF=<NL4Q^>&bzdVKi
zJ6)WG?SJaxtp7ipshTpjIP8GVGqrpBr`dk01Q9fSuo1|P_8vNY63+8#WGJfyYYYjJ
z8XCya?kzRiKQvm*igHYCVBr@QQ`jyyb>+|Ho?#2{HUw90c{D=e=K6A=_A#L3aK>0X
z{}*fT7%NH`YzuDNwr$(CZJce}wym>m+qP}nwl(Lyxo_@!nVZS|F-a%Ay7HxyPIsy+
z^{usv9+=5JfiMai2$3&bINV78S=gB^PZ-7#4P`Z*)f{U`+&ch#+_s;j#frb^2#l2d
zPh`5L%a|e~a!3G9IqW*FE*o^L$Fo`8mjEL<HZUD28}zQaJE$~R$=Or`DTtjK9*1K?
z#=V7+laZ!c6Ja0Idi+56JxwCM0Jzu{F)TC$GX)y5ARt-?3?+>={K`Ru4Fs|=7q$|y
z6(-ZhkQ(G*r+X;9r$+zEIbh>vAomoZJu=$av`75{f=-J`kbj>=y)(rAhz$cZW4cLJ
zn2AfYs(U{#P(S31@Y5QI96>+0xA|o_-#+|U9M}Nvoq7{L^jPR}Xk7#&jW8e@P9%WH
z{f;TPULvev#SpZVf#e96L#7Pd5#ZST7nBErxG5ktO^Xp+P_X$WhzrpUQ8*~#zzIJa
zHK$pl0b)ezG<f+qIkeJkD2hovf;0w8R9KO9qrv!^yzxjFA-&)M?T-*qBaQR$KHi(w
z%npx0TN!gpumO#=Xaj9yKE&W!;HqUl#(n$4fZ8985wr%;G=)bD^{ZV>4h)tz6N)}5
zXw0CIkZSYPwd#61sy~yBUiAIeUWJ&-Vt*2;HW83yR2lyC-{Rb_N1>Z_-uij1hHa;z
zqo=L@yWo>qoqXos)%$X9`Mh|jc&=PcUA_t1-gWz3^ZEXp8r8Vn+N}p)%h|?gz&Li0
zQ12&E&!}C&92bDnMjwVwAG+-}cw?8gs}I*{7uws^+w-ANyW35FdU}14_W0=Q;N$Xs
z)B5;$`M4kiVIl^Fnw@nh<Z(fQ^qH)?MCXUw^L7C9n|ZnmQ;Rrtvei0xv-|sgOTcAX
zNfj$5%cbM}c3z4P7nr2oM>&6nAimj`ATFJ2V*q6wiQS*b>%Ms=Hf7jk*$kWYM@7Y7
z)<7kQkpPT6p!)<dzZY_HJ*EhIbyQGX`ozW{k#TV(gYtZ=0TrjNr`mx8F7tamwX3VE
zO|RgWG}1pWhgRP+;xAoz)Fw0uTf^hYKt*h4kfD-*9lzl9ey9AE0JNJr2UbA$Fk-{r
z36R{Cp04i7E!TtdTKC7vaouOnuP5);yIayn?L?+;%O_S35#sJ9WZl*h)7STLSmj0<
zqaX82?aoeW?Z0PEEkIz6b*(!UFmCzdr&_}hv8>tCPw#Tfd((?Ec(URMwTtD;I$$}p
z9KS44nSg%CeClVnt#m|IK|GU?uq8W0$$^$zm-lUQIlX)w=BC!L^RrNUXBVbev#Y0<
z)k~?GXr)|jQIO+R<&mS1^2ibrec15wX>tjVwpC^<0<!B7O9HYT=lSE&|6Tw467j3%
z?zJB+Og<x{Y{9#iN6p)u<0wr?k!uS|{T!SGL^w@kJd{9jC5|I6uFU_Asl1+$KoOEd
ziM~p{ETkMxx`eD0Cnfb$c!~g*_vJ9#s&H#omvh0wdIoH}KFvkhe3Y4-$da4&Q5K$W
z;OL5y#VJ&#dlYA?S2{rH0-jr3PA_-5;1faTe6sQlnSsvj_I<%IrKkXc@8k`Azh#x}
z7+N5U{F=z^hAcM*4Bn2jaUL<t#I!^+%5Y+hoiJk0bFXYxogqwH?0O0WT6V?Ncnhf{
zxj-2KZ%oqegwqr~!+-IHcEIWkfyYk{^aui|8xM%-QKdX;I|rO1z7LV&hW}MGu?dW}
zC1_t^3smTWIegE?FhqMGz!o?Tw;W^ZzElGKaY(Rc%>FHQL9?E<E0IlVS=5C%#iiBR
z4jD~>xv0iQF~TThXT535-Z7i<N_PCx`Ls?Bb&GuM26T+JC47AHh_7n<VqiFL@S?N7
z^6!nR3){guRti@3&sJ=GDdop1*h-6jwCnhH=hmB|sK6Dgg+lG`d~5*+YiH`xZ&+3{
z<vx%^`HHmvi1f7QjZU_D{b-Adc3b-9C?W2a@+~7Z&+wg0kiKhOJdU%ciJ_lkyuZZ%
zatb}x!P_W_BMy7cBoO+?iz+|vCw~=cCwt3#6M4piiA%T5p2@@Msaqm1!B59$)6Edh
z25^J0u>M*j%_J*Cj!LwJU5TII{mmpPn`-~K(NcP#k{YVcRuW7Ki-pDqrO<MV9ldOu
zU2`L3sllsGmG5>`-91hG8zVu1k|RG#XvO+T?7SuX!d>JfS4<50QH8l)iK8?vi%YIA
zcg9nKYvR%5Nqw@0_kvS>%m@Fy0(8VY!P~siWc9kF=;a8bJkG~A=cpGq=lI$$Z`sbf
zH>hO`|5lf}3Cve@{1O2FA0hm=ywpu_zOv&Ne|W2QpS_^}SoJ?cHm|u7ljp*;=nMEO
zj;+wzJK0-Ul^utw+xHbW?y7EG72Li5^O&uypSfDi_~vTVH+wlxR*F~X)39yApP?Q?
zeOTQ=1`V&U345O{&dJs9q5l1xv&$K-8{(8RI<~G+FeOsiz5+3!E4hQ=iX1f8jp&vz
z^vXR}Om_0UqS4%D-Q7i@uoLH?E6KQw_G98!F?PT!eOpqI_wdcr691hyDRMCITskg&
zqci^@uj+J~W=-D0nbqQEOujstc!KFj5i3f~4x!706CVrTm3!rxMZ#uD#29sYv8jN-
zc)-QPmZM6|i$w}qHonEk7It4cEM3dVWb(|4V46O%T#i<rdZj=<oy*xLv=i|nM&cK1
z6^3{xF7R@dEA!vb++v{~JB`R!F?)i(kd(vUcB8AE{|=v&zt4Vr2(C}zo7HS@Qqw6`
zO0OeuJjV>Sz;UX}C6Atjc9q~37Z+jw$R{ul4^;L_$IdW^G6%AxUEC^Fj-0nnq_4vB
z@<OAH^ZG*BM3&A5R%z_!L3?7TvLS0SH8&a<^7L#$K0?_RY3&ASeQj`-xfbh|$S7vq
zKy%1<N#!e*tVBg|PAsJ%vn7$(<W57}mij20lwYw;9dO9G)KL^!^9@vJiYS1mbDEgF
z+Y!1VeK43+5MpYVBgX2wc2;)PGE<+c5KmP(JqbbW@^a4AoS@9j^qRxH<x$g=%N*tL
zjl9;9sgTukgraq#s<sN?f#gfgk;kN_-sB+qeqhV7)$1AJ5v$!imur-hwWKyAn@`q_
zK|PhDOX?t_%x3FA6>@gL1PA`e8rAiUv=h2l_yRYnX6jUca>+^{ZHK(JIRy8y854hM
z{`cX&G<)?WUNzV5g2nPhJ5aBUI_K?ffS<5zz?ZNEXu^ND{lUl34#U}o2*r+I|B$&5
z`)uA|vtLqlIfO&n<x$-NQ4?EC{Xwa&xEoYc-MY0@y-gx>77^M8=g(01>;w1PXoi=;
zdp_Bj`UR)SXs7xw3Qm^)TE+g~pYyP+p&gebfZ}^wyN8G*crtQa-*G7x!)Up?gpeAW
z+*S<X-1xl8t&?VJaVkS=E0YxBy8qeZbh2d{ZyE)^5FbTr#0;x!%}KXh@O-s8<!H0|
z()?m{<5#^?nOpEod+l3CD<9Q-aXSsud}a!62Y07WYf8UMAWuBy=nZZWg)bD+HX28T
zCVgG$`|R;!YUr)smAQ^u=ijaOG)COPA0hvG)W3{$mcr!#IQ|IQaO`PIJBzBu8QZ1+
zt+-X@l}YzLnA34XwPX6%?j6pxBF$#HsOOk)p^LpYM<0`nP~<l~q_^cuG)nP&{7`M}
zpYZ-gl}E(o;KspR0stCYCYV-xZYf?95p42{55l7jhK<#-?ntp`aw3l>LLTnUhLc5p
zHi&JsiNC|x&|PG9uxV@{s}$_zN$CXpH`p!<5qQGKJuj(D&ZaFX$FZ-=#a!l=Hkx+V
zCZj+$XaavCPr~={A|;8i9<I=K{m<kuhCrXoV6I)mMF+FxIXlm>hXz@uijW{8Px?Eb
zGQuNMo9x5@Ljqm%F=Ybmp~M0R0?b)*?na&0tedQg{yk4SJI12bFH3L8c|&`~DCg;=
zR7j<?tdafhch%HBH{!1F1Hs1Dc1W>C1$R3zZai=t5^rdEg|4N{^y-B^a^?^|(;&)Z
z(>NgF!4Ir*|D;XHRm=RrhWLIM1FW%qk)eALtq0*k>3GfzUbz<o4X0I{SM#XhoDi2{
z=uAtio20WvXv+!NC9`#(Ki5|PdWgn+%LoZ$?WK{XL|r|&{)VbXRp4FAD*a-NPrR9>
zhI>FB_+R;b-$qDTWCth7`nq71gm#+(Bg)8nrW^B43$gK*a+J>JziA#wtlRG{tiIL<
zJX2~eITIypA$YhiDig-!RbV(s{$aCDkdY*E$7g3UPbKQd<8j$cqvj#_bYFR73O+rw
z>euc`B0=ki&n1w&bcW&}cwj+<%K3T(8i)A)L5<k+jrsl1BC`e&nSvSed)OKYLL#W@
z#VY08B80dI$}(Z}@)HJ$)$VjQ@leb36^OIp-Z0uBKHhlSa=<XR8SYPQg=T{wnsmfi
zkKv-Y-jT{8R`FYtnBo&O4c;RpYw@l=a7{|Pd|V@hQSG#o1ePzY4@#5^+dNZzDUX1s
z8bELk;F&VzqT*}<N`xRJMYy7HsvM(nEk%v(@DCS;yJ;JLfNd^XI%jXTe0RxR>`VW2
zw?e|gknrvqqmYOtk4T%rha#4W3q^ms5uQA;@!rJzsz$Gu&X-1I1{nj?4JTP#bkws{
z=5*sSka~d?<}8h;sn6r%O_t^6KuD{j1|?eB!##Zws%1O=8jC+|8Ceu3_`GKn31w0I
z7y$kCa63S}<!DXU&MnT8*~F*QC#z`0_h8PoY{R~y6Jys}jatWV#z7+eFY*p6<Nr<o
z|BrSPBNOX?TfsB^SJ$qP110qKk=i>$0vpYkZ_1?PT!p*xW=77bUdat*evix?NhrXX
z{PS{^4IePk046_zsyX=JaI`jVmebW=pqL*)Kw3H85<qqpWpSb3h}j*RBGs~-P2x9t
z5?_=1CwYec`6{%+pbq5fbr7IrWi;d6q5r3JeQ$LZ0r(F^iH#70S24<y7PrEb&K*yd
zZ>D!nOwVi&jEZUc-|pPwRC)VfQNIRqYygZtHEU&N&0n-(Hd%x9C(QIGTZ0wWIo6aN
zqrww6zfWV&e{%Q&8aoemO|NLws(Zei-pan>-%lY_K{l}82Xb}+_IRVSaJ|}oWx%)e
zaW&M*k`mdnGE5Z&PA7KnT>35p(Sdh1`yJOmc)y7iLka^X6HnKM06C)&`T2m-R15mX
zWt8zVCgW!#nk+5m$+WSA$0d(xYs2N+@1GKb!bqOAUNt7?`BJBHO}o|-IG)p(OI)E9
z9tUk1hG{edJ_xgi#%0Ogj{F(1?&N+CWX&WW2%5B#;eM$@Hvu5I<cJZ~n<j(g;^~ys
z7L^yV88nHeL&h<}qj5mwBz%vPZ8M0mN4YT!SgD)PCqij2vsAg!USp4hl;5$br5asB
z#>icgJHA8Qy~Z}JlXH-2(Ju7qRz>6H9z$BhBt5JvW7;41Bve;N01fx;(qm;CmY7U4
z8RN)k$i37Pgy*^}0l4RWXQx45SS^DoaUJAF>n36bEl%$5ZCjfV(UVjC?F2zyBdhd5
z^18cHmr@*EBP?e~u_`so*=h6XFLkh)rZc5bl&xrx0IVd0&Y1BudNtx|)Z6@23qJH(
z&yl6gXmmvPTV8e;QJek!boQNj>iY(l9x2;BIdmj&(3OX_>D2%Ukg^Kme`+>RN$<;{
zHP%6CV~&J3Ky~z2BP7{##y;g&0)q?D8N75OX%9qLqgbUt&6L+lpHtcO>%90Az1#{J
zaUNzw-j1CDFZA;S%M4(F7u8VBv139T*FI=yM~_ZXM;3_))!(s;(sK5uZ+b{%_;~ZN
z(FJQ|Wm_*912v3yqaWxZ4(unXH{aoVY^pYyf8<^urwR|br5gyxJJ4`P$3=!z!tAk0
z6r?YD==E@x$K3U86G1M)50d60x~t7sYbKM)Rk>zg52zC$osqNeRiRTBN1rl2Xe)EN
zW(>F_H_Gs@X9;HGS#7P{9JMpPB@ijrx~tAtp15>S^VQ&FwV#hgxDv&YL{W$U|9VOz
z)%z1?c}}Mm?=J(OsRG+L)D0CmWPy!;4;FD|-r2_$WC2;E_VO9UHmDvY&UxWuj>L=0
zU5H$=hCpY#Bt5gzvdZ0X_GIR~(FiZNUyq~wF`Kvg#(y2LbvBddYw+8SznbPDi<nC_
zP+kV^T-J3})M=A7Lp1eXI(j;(TOggr%~r<AQdhwyoadY)+-wa_<PH#|B{Oy^qg;y>
z(SW~@z33ls6<p9mhb5IM9#)r*dgtht)o$Bpr|c3Z_Sw*vX!)>jh*CeF@{AhL>Xm+p
zsX4=d#X<sX7NGT*^VK{_l{%eTt`&`<kHhV*Gtq!r`J=abP-{U5Av4^9VEPYitEo&E
z$WxIukG=Qs$)1(fC-~MT>&R>B2*o#$=HjpWq)-h^l(Tl0!snI=H;AL*VawOx+g*2!
zjFXa9!Cm=@xRdw)7fF+u?Z4R_WMp9cPsea3PR9SXH*UAKtQ~GUV%MemUAoTOm?`@@
zNHpjRupAIcpV752Qa|`8HAoaqQ3${Pbgw+>Zd20?5i&96Y(Ep}wABhr=Jv2@IU9C4
zNhWc5@y665O?lb`<L|Uex51n=Qop>4w59ADvbVbQDTIEJY%Ew0Ond*Ba<dRJZtvOj
zJ2VDXP|3Rqnl3y!rHxM&X}Nb1tn32RDMqRYdi;D62Dzm%$@wDV=pD(<3b|?G`a7h*
zjmd+Vo-(op4kQ6~wY#)zwuX-KWkXJ5u*ZrMFYD_w&Xyw8Y2Tn$%HxL&RgfLzV@1j>
zBlT8^cO0eU=blp|>2pKQVv%x$rB(xzxyQ>NrEmbc))G`F8Tk@p&5Uu+0QM#WMKJFe
zMcEU3II+N#{L$v7C2HOpdn0rXL}KY|eTIv2Y~C7%Wv^Uz437)F)b5NAYk}J4BE=3z
zmBq58M>Wa9`BE)ytPM`PWfp74SWAm&RIujK{T4pPh4dND3i8?pn%N_xFA$w8XGSsB
zc2!>?5)by7faCl9OHNt7OV1gEK&hvN#VR>3CL{v%DMAPZT{}AFf1FRaHm54~Q7c(}
zyI6$mr2R73T7?On-jPnUglA=MeT*B7fkIL8Q$qr@U{JDy4#ROOotfP@$zG>}gGlk!
z%w$R{UyX7f-n{gx4g~zcf*HBSEiI)~a7?L&>!N-e<C$>-!5RdV+!Q(;)DDReM<#m}
zhf>`R)Xt#UnzHK2*^xU$eSG6AhX95@0)K1b9O7KkGR<af>2`~>y_M@9d!^I(e~)X!
zgRa(e-+a)555L3k{k&ZshtWUbttOGF-z?zOHAY%Kio$IAn27Ed@zgX%W<JmMPvKv0
z7aPsaA8-UCsvW<VoIo_hr8ax!hn_oqgDCEi;s~SLvcAAx=yrR2+#e5ad^%*)?0P+N
z=;&{KeRJ_jJ>O?@Z|<U2{dzmwy<;qHZ+3eRx#)`6({68ec)i^}Pj0qZy;o*`oL|4;
zYkNK4IJZ+%yluJx4yZo8L*DgzLlA39b#i|netrPO>}oaB>eLpt!HB`|g4$ulA_QXs
zhVq65j1f}BHSi2Qf{zhXd1<^fUh1w4*9RNIOyDQ+{%0V^&?EF1Gu2Gve+Ray8A`4H
z>kbBtXN(w(cNoFPSgBSTHHPh>|0hVTqcPMRXb3ieoJ2|`rIFV7AA$CeW3*Il4cq?*
zs89a3K&$2L=;(RBZGJv~<NLM!j!qv}hPCeQcI(#b>FN6Vy$>E=Zg%wSzqkj*fa<gp
zBzG)NHCL6i8@%k0s^7ZbOg3lg7fs&c>G6?}1nqtW<ECxC(YBru5`ZK@TbVubAo49}
z*NmZ2sJ6#?GC`bU7GFVv2&i(8BR2zsusPSJVoSq6Fj6f8h3stsGQvNBJa~!2or^w*
z6a(jNVN*w#s*L@@2u<D-Sf}!2@&^EvY0W-}IH;KTGfX0@2p0VT^s3|Ai@-%N6(0%y
zBOchW@<6mG%skF>MsH+f$9WNu6Ca_0Q8ahyCpa#WT^G7+{!9X6aulFtrGeVuRn81w
zWM%{e%L6Gg9Q8PNf?F974qym0y%-TbhYJA?7VJF9;YitzMNt-=(7)+FhLGG6l#ic5
zEAFabDLU}i1{da0pr5>~d)uQ7KfWFuK00zu#Km+3tel7>i)-cqn9Q1ZRtSG>B5g?7
z+w6z9675vT6bKYBq!|A0Ay0Eir6ao$fdj(C-XdqUvCd(hbrY=O$}pZd37Co`c4;r2
zBa4BPBMFFs72)rq00hwjvIMIuI1vyWCPy5CN&+s-wE&Ec2LmS#QA3cXSTKU}x^4`y
zpud_cgI?BOh0Z;QIVodybAO#_Cp6$@L`6;IK?_ayD)w1xOjf0>jzfrhVqzds?BfE~
ztPBUPc+o3=3v#SKcse!lrPwV&hw($6$772z&s*}&LM9MKaShqR<SHcPY6%>plCf(H
z{xgPAE95XClAko<OM$!`=oz@Uu?SUgNy{Wr9FV|jzN~)S@ai4uI)g6+`#C<~BHW3h
z9@AH20Wv|8FUJ5c&_fc}u1F$Dvj7E{YK43O0te}`@<0JFoKo7@P6#jyuIzzI2v;5p
zjxackTst`HMl9|FsOwOSL>z#rjYdM8m}K;8Bv(KL^4w>r>@lCQ<QMtNP6Z0jD!2iX
z414L7h5QNpqp{=_xX=al#C!rz-Sh|pXe={0wq7}N#Ku6KK{lRs7kn7Vw6&e+IQ+WL
zBnW>}y`9_*t|NzONUNFar;^fuf8DC(Ck-K{x`lW110sro368o!(pB{{8XAO`vcPMT
zQiY}UUa={1vaNw88|iRBL$>8Na9tYEM><JSWOqc+^n?Gog}&m-kL8a~IK<*u5b?&#
z=B3woQ7^e{QXherR)8@v#@BzOlJt?93PR<Q3;Lr6zw!`gF2^V>u^=QioQ42jmKLbE
z%we$ANe}O1&(E8Dy@I_Y%;#wYMWEkmBnD=cLqt(_V68Q*;&G#ZR06|!yL&Ncdjd`F
zwP39=eMn9Qgr^^j_Z7orDsxA%-#XTF+SD3*7Lmu7Ky5Y=xa;mgA_E}h@VWv#5d+F}
z(RLXaAi_+*>4kV(;L;e;Q&i(Z3dJL+ZLUQr&;{6ARod{3>fsyUwKFR8mKXL3hQT7<
zsOjY(FX;&nP25NIqtR-o#6>Bd*j7HwHTPw8%__#128tSHHl<k2y3WFSe$A**ua2y>
zFuUk-UZcPy4H_%;qr0!7F^=1sU_Wl9cezqu8p||jmwTC9I)Ru7x7&VTBw3?q*_?uz
z2zQsL5CkS>3o-Lk(g1@9369bW+$9QsZ*}+6W!Fb^UB{I0z<;)@Mpbvf>5Wzlvu)dR
zo)$0y)QPT~g5_b%bejQ|{b5*DL)ko|>Y;OAE6dQ8lTy?cc<4L+!|*>&s;-#PzF_io
zfQx?n5hb5o{>J~RNW2S@N?dBZwdi$|rqP8m*gl4?XH)<$0@<0rzkkuzeBy_3YAgb_
z!FgjQZ87>TGI>&Laz3wVAXc@8mH9z!6sz1X*qa;IuF#;1tI>ucLngF~J(L_b%z@)J
zi|DYe1io*)rjCsl1Sm;Ew&Ii~_|lRW6kku%dslRQpX@2PxWgx_a!WdkA}9Q42fp-|
zQ(XUfmK4=ARp#9MDyl1ud!@8mNbIqY*kd7az(Qt)w#ni1qaJWUJ7kBn%?Rn38LkgB
zgqT22qNUQ(XlvXUwuc?#rF#7XoI?dzMvAcYWuY1>!Za0xXv+vumf@nT|G$PqG?s*D
zED6z?5u&uhMQMi$(2NwJ>&yOM;g$$deO#AacBV*mtSexOWg!knqKvqk&opkeIP`iz
zft%zDYoZpzJq&V-wKWdBwQ6C@l9ALHV*>M~m?kGV9h!|0zf?x>$WU5~<DnZod-=`F
zFr3QUErEEIhd2^81l;AK8{Bp{(15?9jAG;|d&gG&ObUM@q12y>lsQ61%XT5nx_HhY
zE12&1p;U6bjxHMg&3PM{_yQH;tGj_m^9iyBjP?D>_Ls`1QmI|WXkU3VCK4<+`wV6p
z&ER3cPIg~Vu)-p31ertpGC@5Dd!_P{Woa<Sdvl#J@ez{IF&`lMCw|@^8x6`(O3sME
z^y;q@u7zt4imN{Th}Xe75lJorxI!N!5MLxAy*9JDWHdWYZJe+cQ{Ki21U^MSi6I#B
zeex%e!~Fp9Q8tqQi<+L5?Z5JxV))0v|8FYYmo;tvS(zaG-00Wi*Q>Po93LBRG^u)B
zJlEWZB`rWXq;r(j%la2Re}81^_VxcuMiPrTG{gR8W;tf2uC8PV!TZ7p_ho~10?Epw
z&m57fjhh*VhVbBJKMnA9$6Tbt%cORA2BYHCB)>h`30j@oWv$vD`gEqf-GqEb0}jAx
zdBdoA{#GCUM)e|TEAOR^>{0J&!=IR`k%HHk!+K8OH@$m{5?BBT6!t)A9Sc3+b-L&t
zfMf9!AD#R&`oFZ*#4{Ph-e4a~@I(sf0F&1{GL1X0xVco=Y5ELW19rFl#58yF?4<2t
zI{r*_DcgBbXnV>sfUaEtDxE|9uw`+Y&R%I#HY4fJgp`ry#kOrOuIhT^nViqnOfiK_
z+qP8s>YMGb@M+^w8wp4@Jr#z2p4`G|Qn7cy;z7Fr5FkTjAOOpN<B=3PC$IbewrHw_
zkZKZT6U9xCQYTcwD~IAnXz;??B_=wnpc#JW{nrr;=Aqk`&QQf;&xla%sQ1QSnP?XL
z!tx)GQ{KiZ4WHr;x~7}=wrpi#x9^xuy_3*Zi6wIgET4j36U`G#)jP{c2*H%s#~HAI
zE>>H>i<I0d3U3;ybPYFSRZKbtwa|Q}4Bh`QdWA2_m%|zTaiMrLSN@}@hizjs4)_+;
zK3g>y0+1AmhOXt1u{p%G58R7+pPwTdn4rjUQYe+Go>KKg!$h7eA*KxBfed*~y`&s$
z#)R!>)X{udUAoOSD`9Q9^ZWw-+Z+A)d}tVN{&(>ReUlSRk&(+RCk}p?7)S*_<(z91
zpG_Y%n~<)Tyz`?knhn4wTO~x-iNJ9qC`t+3OR!k$rJ<X<84$O0-6avbb#bWA*3I4E
zS+icdHi=38u!7b-<+j1GbE5D{OX^%pVC1>mTbOzylS{JR1WCG62|YRmrd@82Q9ot_
z(21jXn&lJINk@7=H5nTDR&S&RbYrnx)*EK$j{46)HA!=iiEWzQ_WW1k^y33^$=A^0
z9rePpX`hC+)uGo&?#R=i10Q)RCD?pW0B9_IxTFd2X?IsSl^RX1Pj#o6=GM~7vU?7k
zP1cPk!;-*dmB*m)N?m@?j4Mg4Ln@w@+%%00YtU64rg_G|lb)T3%)ZjA2^V(Km&=^h
z8Idtl-80$e;!JGLdwD)Ku1g6J@vkL#heLF1FQUoNJqXGV05=H+bIlpjSzGsDn2GC?
z1WSd#EBmCl5ZGW;tg+iW6Jwq#E|1o8`t&L~so{q2q!VcvGF=L~x_$j(8roJylCB+4
z@Tq_w;{mV#$1gu|HCpk?P{?72%gwik1DH!cx{I==Ztm&%cNU^V>%~uyw_Kj-)|i*A
z?w<?32<42N&x-;zF?ACc$i3LzrY~@w+)C^JD#QFE@%<;W@Bf2S^sj61zmbaA82{UL
zcmKKu|6#VV$JlN^_CW**0cH&?1w`U+aK0xpCzya9fGBKr25kT1vvUYzb`|91b7mtj
z=jggVygF>OTxlfBdRty($)}_`OdyqL4`;bB&k=t#!I@8a2M8=}GsT$`>I_G;97xVE
zK<sjcEA|#7b?0{25Xd@qFNg`7l!+n!wwC>f1rW`5s+mZYyvh^tmW3|agsf;K*#%cM
z&owXSK`eQhwR#U$h@>}4jdF;ro47KQcJ^0=dKV>WIr`F7{vzgfp4g&N2OZjieGsc#
z8BuvcLJj&pCQ&B(GWM?w_Uf=z2Ko&4-#p?PHX1<MV?lj)%bBPn(bKNfu9iSnvC`Pm
zu7oX=v+m?0Ia1H^aqOQ#2(S5Nj)kM330H_1t+KTP%HYm3QYCX4N?OpNUBjh%AFk6F
z6k3kjRFrJ(bN6$#wlqD`=810SvT{hbNov=vHf;qj%bUjt3EGp6e#Kf1V9Q%23e3z^
z)gWR?AFQCL61+!Vf{NC6yg>2~5h&&JAhgqkg)(GH0N4zTKSlY#pMu&rS%HeO#DR}0
z3+Bj_dVVnZJdyOn?F`SFRJ4<j<z-W01ce5Z978lR*}_v)b%0evv^3e9S70zEa{}49
zR>x{ag$&8>siCu~7U#AaHnymtZ^|+61x<q+Ml-{f0>Xbn!Sfi_{E@?#+G%5#MZiuM
z+6*m{FW-{hmcZbHhw^l8LY~Uu@rW?_P7fMW8Bb@ND1x2%j%(azbGEbfes51doj*PX
z!@_3WO4ap$zCC<@KI8Czyxcxc_7CA-@pn<)LLXk9Ru^~Wc6-Vn2e;2VKVNefv1xK0
zR1D5&)h(60)biV3b-E09R?pWPojp_J{5;&h<K<=-bA5eZb3d<+XU{8ZZ|>~C5h^k^
z&2K!gYCS^5_G24RIKhI}#()}GtJ{sl4Qeo7%+wywUOq9JZo&yYOW^B~Jm%zI5@E&u
zG#{g3XXe-QLtH0f)7S*e1;{?Y!u)_>beZ8TQHNq^x(pI6<p2b4@F1xp)X8y#1_>;U
zf$FJSjo+C;6mX>3PuTll)||cyhTp&ob)3Szb_(=0A9G*<&zSgI=`ga4=doZD96<`0
z2T{Jk20zoZ7$Pa<0*I)ZznLNtiQRg@gmYnS7bYiS7Zjqn%Oil5+o!o$w_WivQt+T;
zXx(y>AvaF-@rd0t;{^-up<;e(|4GcO$RRg7vtQ4wmwr(NVfM#LCC?m&Z`cK+5suq{
zK?r9a7M96U!PG;VA~P>`%o3Fm)yOz;Uk*;=k-`B55{z_)A9YmXMt~#}e`~e|z1L;j
z!wDRZZw|x}AY@R!PO`x(4L>dm{X?;TQEHjMQ-ya_zn>1J!GCrwAV&z137iS!8dc>2
zEVKz9*pGp|%2EdGk+vVqQiM1S>}v@e#0v;k-j3dG*cY(wjEM9Z1Th3B-rx(W81K|n
zeReJnP_Qo|(is?TTeskQ<qDF0B#XFzn2=OoN)*{Y#R~eb^bXx`imcn)<G{uyGvvmT
zue6_&h!5fk{Oj+>6ujvF`#{TY;^K!8i@~>83k@L-leQBFm>-mb8ATL|9*;Gce^#|l
z7{2NY6Q@A-eKL;N@F4?e7*}OW7@DRA5411Agwq+|z8-JA7e8R);$IMf6J(eTTbmQM
z`E1QWQ)qMVz4$G-R@Pq6)gVCN`++vQiyRF1Z_2r;&sd1d;uIFjq;SV^*$A=#gZtG3
zHB4+$17_z3vVYkga<ndVFu}UHLlv1bhPQBU07Z^5vny`^SraOa=Wrfw^gq48bvPiT
zU+jsbV0m;sv>a1W{TDm~cGt`Sq(C@9^9wdaNb6R#ZVx{MU@6wWyMYXVcb(S%^=}<0
zc!m<{EBBr>)Aj;F*i(VfU`J4F=)i5lbq1eej)z4j@u9(Q#fw7^_m<DyMx;!*swZF>
z*rWUBlDcZ!kM%1^0OUR5@f~I!D;((0s6pUaCDBX|HfNPSP@yz0PDq@iN`=r>C_oV1
z2<A|(M5$pqTvI1g><R<+H~*gPTB(>xoZ?vayik>DGf6kF^-k+Xr+7hbh1M@m%H&gf
zs6vT0${?jeg&Qmwb^7t(>)-mismW>@SJK#xn8Z_)lVX|SOT1jsio+)c3_N%FDC7eP
zAE>IN6y~!+>$i!EPh<Z{8iol_LzIqtScqQ5!N(^suT_G#PUnxG++V4>20XxgR(Oct
zyW`T_otklaJU;InA^oLT9`#xIZh!!R55M<3R3anaKIPIheEgl>4)6_U&-X7;uI`@S
zV<*o~ZO|@|s?Nn$1mEBNNAjH$c^>asd3b%kp5ENv$H&_rhu^`t+a8ZMQrYD<dlD>v
zE1A!`1^Qi|V1ya`(|6_0+`1oYSc0l`Onb~RtTU`NEFJPutR~hoD+W4XTB|yee_j^S
z4Rqrj{|Pn|t)&}i$6HALPe4E3L-Lt;CEf6UfYC%8X-AszdXiDiht2LAZp4au#c8il
zb%4yqErV{_kC$w@?dOGOAR$^}p&bE?wkeJgaves7W{c-gK}))NL9@$P!c6A?9}1dO
zxE;Qr!Lqtea6C`zgf?8(`Ww0eFT7I<N{+=lS&vG(7V6+hQvAziW7o=QX+ENgdeMEO
zU#nt&LzJBgotl(z$w=HHh&eJNdl4$O=w_!PsF!jaP{F#}CdrVnJyLRC*S22)*Tq(%
zmzqq#R~E2j`YF>sL%}~_UF>bFl-vDiiu)y|n|s4V@jFkhOXocLEMkZn`)ztGfy#fb
zJz+wRsd3+R8J0WVq;7$s8jOR$glLg;djlYf&>RtxP>PUZu5&q{BpAa^06+nb1zZ~q
z5nQg|0C8FxTU`aqV6_|fYpgc016}m)W2r#~XIo5QeB3}{87SES?j_{Mel`svX-vPM
z0_#1b;I>1xW}o9g0YOZy@g}yL^SXqAt@IHzc<D059o>}Y_PYD8B`goS`_;yMXIIqF
zcu6RASu<xfpUnIGDfC)rimo@BR}6G!$ULq2u^C55-n0+}+1m$mrU~{SV%gK+W{%h<
z8>ZkvA>HePIw&hy%v1Hb0mAN_<YOC3?faO%(tkFn!9KuU-}M>#cv)hMKdh(|Azl;$
zDc7u3jpRwA8d3F_;5MR|L!k=#>?mkptZA;a0iD!ge6l9}x~R((B+46&%U{OSp3+Sb
z4DFD5t^2O1#`M5g0Tk{~H{vXm64yWN%LUQiAc}GywORAjT2MP)S3oZH9wqJufc`>c
z>SqVU;4Bsm`5NJVae*&D<{-LTKReYNx+)|ss3KOur1>g?IO6eFm_^fg`T~X=TN?jz
zqnSw)BHeAoDg{r;I4!Ni2up<QCJRm=`=X=~rGP|PI;-&H+#%j!79Oop1zt@Qo5R~D
zS`QcikfXRqj&@+YE(PxUXe!(8tN}Tl3%vsm_fzM7@-qgFZ~s@->c0UR|5>g6-^2h$
z0!EhqEKQjR*ce!u{ulfG-(05u1qs+0{`)m+j2pO0(&hr&LU5jvD3@Y@Frvg+_bU}{
zaVP>oG6_inQY1mQ<gIEsRd<j?0u_M-VsQ`(C6yFCkiNof_v_ZL{^h6IiquYqhw01I
z&TQi<_DrT*%p2-;f-3_n3D6`w8h|8Vii-<tKLG&*2@L=cBp?T8%)W;D+O97^DJ4uy
z05PJ{Z-9c>Ac01gJZRuBuuB3&-U_fffd&QyS`tu{bbx>WA%et%9RU(8s7io)-*rF-
zkN_<SP$-~16|v%ud0QbeTJOJ29RXVkcmx_sO5am;E`@p6&`@DQh&(!wOAx2QT8NM~
zpqO|C4w%dDIHWBmISm>qDTTSkMP-14P(*<O+++6}0N#BK@;pKqU}3Mms{nLj;AaBc
zI{rdP0FHnWIs2(wf5ZjAOGv>%fA=tI94KLfJ4$$j7X}uDUamO_W$?1NKtkUj7hm8T
zfM07k1R8)J^>+Ss^pL%9{c!{el=IL)g06iC@jT!yRInxWMZ`W&!&?ACh)-yOA=IFu
zQ(+zgd-ZT!yt_&l2nE@B0EmA1H#0sM6j*UXMj(u~%i-uibd$Tys>nKZv5xkB1Pz$I
z0)A8uEU@9*&epx$K^H*+UPL}WZ8-bj?!jS<7kGt0GKjWM;PjFSe3%{3x7Jz2P|(Og
zlA#b%kpKoaf+^?=68C!ldUmK6YKR{DL$kX_K|)0V@GlGo{x)EkU*Nlb0UiSZnh(IK
z*;9Vt-zES9hB-XAVW4Y+SbLDY-Q|1R^g%mpzaR59^f{p5QhW@Ej<>JNaj01aFOq@f
z&)qwHaT;@H`RkfQ%H7<AUsM$(Ax}V`w~!G3FQEbg0t^x&K$KDbx9`RoU5GDv{NIGi
z2zvn_`bgcUsNJ$&ua`Grpc{UueZZf_bUY+^U5xn8U71#ph`_uz`n%tZ+g_y~KbC(I
z=U%4oUT!6?y^9a(nQ!d7-yuR<d-Yp>2p$)FgL|eq(Su?CH@h;-t5#PR!<Rd7+h5$}
zA)z}*1rd$|%4v8sM1Y8|mqA8Ld;0WmT@JL1r%blqZ!+{irx0QTw*-v0Vbq{mpnxCh
zP<6~DP`?<1yR9$WK!dx)!5^+MXzWn*W&TeEQGtXP^b2GpRA8Yw^Kf<mzc+Vjlr!Lw
z$tAp#=csJ~K|m0sD0#pGvln14f_eX_AT(qkC@#G%lQ)|_aNkb>0m0QMGCG`J4cHHW
zn32}UD6%)TpB6tze6YtrLBJ$ri8ALpCl~uk!(yUF^52Pgm~pj@{C0$2g#cE}7HyX$
zQ^tM@ZY!zJ_KiR28q*u?vhw5K3}!cjv9pe_Ue&E*eEgjoe~CMFw}#$-itj~ofm5}S
zlVd>Sr<9V{iX!K?LEJP8%QnW3uW>tLI4FI7|EZAD&&Ea73&?6v7YbH4^fVKTg=dK@
zK8}+JTgGc<-9??#_G`D~ZR-W4=Ti~OJuzFGOtj(vAahVvpu4|)n3r^`a1{fz@Z!{Z
zoPv$YRf|70R7B|1(`R_PUzl6hjG2Q*M&+{A3>SMohk4{D44Zda79U<pmSt~>Tph?a
zNy5zU(6<n&SuI25C}FeHda*3{vyn&SmgcC_-2EA^Wx}kwa;QItE(%c53a)uscQ_mF
z9s^t}N`~#_8D4R>LDm}=j_G|}vTBWZaD*T;e=B72_0*0FXAjozoFF_m2KWE+HqPQQ
z*^>PsOgLFGqETld#@xa&kfWvXUIxxlvvriMyK%Zb9`O3)<49;M<*u%l(ow!aRSd`Y
zYrZ8k9c?GppL9rDx0k79?y1_uG_z>qu-iIdH7`}V3afdh9%|)){M~UE@ZrFs1T~iP
zXkAFl#1Sf($9bT({-mV-hNn$wn8hm?p|=xtxGnI}$~%SzWauw0Y4CJUcH^AH09*zx
zuzVnqv)fH)!?kfjvGUoJ8K_|UF!K)IexmXXK#RyOI=5GzZ~rZVOs|_OPra-Babkic
zc`=Oe7L;PRU1Z_|Dn-ukyJ2xNs*XR8`2<=`J|xykL3hP=EOsBQ${6R@y`V&dEkQ=`
ze&w`sQd39FyeOA?#p)WRhW+By=~OiRd@Ds$0{S@08wW<WYL~ff^gAKZrjwif?g`k?
z9otnKIv;lmDMz)p)quWX`w+e2rO8%8*jjqf`kHOc#ohC%_t2bL+pKDE`gtrEOS&qt
z+2>j<tEn|h*wa!i$2jZ?@4>}$3u+@s+a@q0xm!66In)i03)o~K7cB-$DBmuD_c5P0
z^Cr%YLsk_Kp9G05z}{F1G2`rG25Z>XI5%R646IyMwof|rUNS_U*$;|E0`7tLT4F{O
zg2nrf>jghL(s8t1AKM~5_7;n6P86g76CA!qkw9nj&%=8v>j?%osP#>(q->N<(U-BZ
z6752quu(;>K~Dss*>n7v+k38zv&Ep5Np1Vqeum*H>IwabJ6}VuWEa4+NO8JDiso?2
z3`t?Rvpr)Si(MAp6zKZWZUtOoGm2-LovtVgC8eX$`AX0Yy8?HTo0)Jr47<m7ou?xZ
z%xxLey|B-~dZ$qv?qJ85yagzBp2rqzq2vH6A*|cW4}l)LXMawG{&8FL^YoArE=_Fp
zn^P`RmmQ9}!g-wZrzWo}1)B~bJ0MJkS=?e|(5;{E7RVyw48a32ZuhiI_I(Yr7t7j#
z0QUQdwRVbJ$jmv3x~m)a9}AzheM!H`-utfFR!@#E-qo^wh2z#3{~<HqY-Ftfg&>+1
zd8G*yVT&xzT+i6#+#v6j?|s94nx2CmrjyI$ho$U2)xEEUo6Ws{f2}s#)P*FXlu0FU
zZOnd(XZ;f_Mh2}!ZH!ZMx5I?7EF-e<TdGRZ)oCm+Zp%H|K+j^B*@XS*3(7paap@M)
z@+0)y44>Q+v0dWt*yKtMmFO<20a)kDYDYL5f&Hf!@d`AQjmyKIGHQE6i_{B&;u|ti
zwY70b?SHfd)Pe+Ula0A&RcrtQ^_$bo+>tTFbs#;ojS+U>(H&60q*leIBAjzFVVd{?
z{|kR>Md19;0VSAq*eM^T*Clc9zOYjTW!VuaB1T*6rkm<P2<vbk0fD(Ir|xM5LTU<}
zhBo>JC%Vqz547x`g+Z^5f$_hs!opq+6RVD|huskJ8(d`D)86~sT`sx_cm=*dv(Thb
zwkjt(NI^|YO8P<D+Ov02#7JIbN2RzRAEw4ylKf9h9}iD?2K5@9zXBlUo1&D2U8hse
znOSB7S?{4!<S|~1DZE2^cr3N%-$1F$Z=6haCL8nHM>T`(Wf&M6hQ(H%wbk6{EUqS<
z3N)9DH&Mwk36VI(w==6#S=`hQrW;(bp_n|i6=bJ$A2hrO8W#4;!MqxnCao`Of**Ct
z83ITxGsUL;xS;MI%tsVAWfH#OgkZ7=@2u6u>!z(dM@-LUL3|nOTigT1iCc-_;(6;q
zZy4zP!HzXh^WD^TV$!h}JANeaRR_7N?Pi|8?c3;xk2q0+b3uY;o}9}LX&3$%nJ3%V
zTn^RGVe+1bvP#si%xV4|hBc!jSTsK2^USwXbm@}vv+wdU;Y9Z`Y9ve|={{qtk+>R$
zDLq{i(N<7d%hab*rcz3Nc0g)n(5MK>B*{0p^Ic7hRiV-c6qc|I?-XUS5=S5Xf>V<|
zgmEcb*b3L@>dz9w!gZl(kM0|E>!kGur`=R`MXQ~jrw?}Jdhg3(wF}`i-IwkN>_?eS
zGOKtN%ghb92@mzJjGY2P4>V^E%t3G#s(>uz_&6*cX0$jMCXg-`XCb5R9NNA-)TL6+
zetLSfv$6}O<9@%UEX3L~C2HgXL1Caab@=L|mINKSzjNvRa-;GJwh~JrC(wfdRRO2U
z-^>o4^SS%28O4eGTOO81!nIE7d_6U-zo9vf?-dC*KVEMupOwmv<Ev#}q3{FhHC0~-
zC*OPCn^nx(Cc;Lvk;YzAZrrD)L0U)NzXpE}F&96Q<qDdnh5fq)BU8!5eVn9DyZLV7
zV4iG4Z>*ZY-?h+SAb;SHRYVfql=Q-vy*mtn`DXARUqO_*w!BA-oWn%$aH#P`#Oj&z
zId*t&uP46EB~O(W8D32AxaU(Pai&}8t&Xmv>9<hCJkI40qR&YVOH?x<pr@a3-%FLq
zxC$t#SyvP*VO9ySimY45XdFOGYs*2zN7n*Xvt=c{8~PEs_xcGAEB+{FFDfe9G27_t
z^qtKpUAXO*dtMy_nUQ`z|08lZZWZ0BblwN2`b}1dx>#+mdl_yj$8|BI0O9^|6kT1q
z@;K?~Gu!a`T5Eo4dY)*oB-DBN#J}$k0Wk!?Bxa;(n`yRMc`4Q%u_O_+WezwY`-Z55
zm4Equ%67oUNV#AozFHPSE;~zWorr=`jEmncQ0dm=qO#jWStPo|&vCs(t?ywb0lpCN
znRYz8*Fsg=m-Ao=AFIsyJN7qpc8CWb&jT%{eS>oy3Hj+<1AtdtO>(HE(DFVyx9q8D
ze{!d}IWJLQt1>x7!<iHEcw~S=Jb%Fn3RkFqtZh~)M(W9{FQOe@2k>Hwvru>s+=zfW
z+J=C@kbRxKkTan(Qjf%~C*AA2Q|XzKzgc>6vLq`9C2e4MJ1K3$`q);n5z2`TG}5oy
z*SvR^XGKofHEa+;?1rtzNKgfB5ijTg|4r|QH!yI?n@sUuWk42@z5SIlYOP0A{$s_l
zgCF=@LP(O@vd4t~*^{`i!E?UZU!>cuJteO5#HTo5Bds?=v6*@XKl*iJgRYfJ8d3>i
zhoDU#8Qb31RB343i)O_7-Jw*^!iCX+O0UGv_}G>OJaVj^Ca>FUyAc_C0GvJ}C=K15
z7k}2`jT6q>L}`up4!6;@mUEMH=$5kYfmKb|<M2W47g4)|K)}QS^sOOx3mooJt0PfP
zh3c^=u-(P@ZRxeyU!JOoY3do_iGx3@Gu`(hpGgyIx3!ffh9>D1dsYEQpax$h-e^J#
zZuu0_5{uCmgy)g{1S(iks{S#Q`c6h24xuz{a$5P=xg22pd6rH1i~d{Z%S8-@&yUu}
z$3;N5W%46raTFFWEpm#Cqdj<A<0~I%<YOd1?W0}5n*#HgEa*qjeB`^#ZU$A_(s_iL
z_O@nc-`^UP5mQbb&lo4s@)4R(s{>R(w{MK9XF2STVNm7c5Fl;^wxO%GqFeIhwi{Qw
zko>d-JL@B}*T`b{d@W7sr9Qu>)6e-3LTJ;ogod@)=B~iFA0{4s?U<u`Est|{)5W?-
z66QD`m9zI~$dkpKLaq@WH|lFq$_>*YxTTaMRmXP*$7Nqb!t2MlYE9$dZI_9rt8|q^
zLB)JPG)HWsIPhGpQyw6Cp@hm6_3&-5+^{)}=vbw_Hd1wKgc+S8t!&Umh1{Wz)x&C#
zkpFuV^zl^7__{Pyq9XfZd@2-I1j3;TwJ^;vx|ELgu)a(eE;!jj{#OOD3^ifISlWnd
zuIZ*o8a392Zx51`Ws29m=;owuTciDc3~Wn!GmR7PP4;d0I{1ve!cX2+g=LqJs8eEJ
zYWy=$M~MPeTBfRS4N41}i<^CmsZPhip7CuMdB3l%spjPu|AjL;YM4ESc67GBj@;9c
z1$l{LzziAUB9TP;-^L=e9W<Hp+`Nwu(TdB~GEQ=77wt~zPXxAzz-TbIoAzryD`dkB
zsMqL?`|j#uT$4m?`WfDh0<71p*)m9@qeaI!GcXj*Q7ko4P$>qbYPIgE1uUUs!rF>s
z-A&8Nd}o$PGY~gucvriDv4>LjxB9(Ne9#OKufyv<LP^MGa=LOL>fR@ktKy0A8Nwb-
z{q=TU;i)|+Qe{p`;(4K3JJv5OXFu^+(tKiBJtzKHpw>)LJKj0*i!f5LUo6E4j?Be7
zewrcPS1rL$DPi(0R<mvlLsji7*eMOM6T7)1t6(z|_|-PPeY&Z!_4QKLf}e-KfR-d`
zA`nJ?O3pV`5tRJM>Tcd!$*xbKnvo9@l4^;@w-0eUvS6_?J7D#1-G_YSEXO<31dgs6
z<xd-Z&HjpwwgE_9zrfGT@s=A02%LibSwQaXJq#nzdYBd;Ti;S&2FAltMNActOJ<`$
z-O@QbYLCdNn#>r4Zmo7^51c^w(9M@|uf;wuFVUGIc#0t{r#-Q>D_$L}a?Ju87Y*%m
zCcS&h`R7Gco7gHidgdtxAz)bKO`p0pKPB&HM^+_sG{*1Ol_7>h=VsX3Xh$jK{;!a8
z;H5jVWT63c&>{|R?1>#e5GUw%z?(urKH5{av8Ne57bkk7(=pa<@9tfmTjgQL)3{#=
zfW<@#lC@ZWr1I(#MmnNr@6Al@!s{H-&{vbnQgCdFne{lczO|;EBP100(>i%j9!K&c
zle|tqSc{md9i+pfNMi6&CG)$F^)U@wo2b2&Uji;-`#qJYFked|qn%@%Ow|1b@4t#p
zCK3=rW1lU)zaosPjmta_w0R46B+TRH-eynW&9MUJ)=BSQC*rD8QXbF>SE$ba5$PR>
zTPQc3HEV86wuICgZO%Ra38k-_Nfcl&(ccdgQ8<qGz(ZVQHeOgeE|*%|zGG(AO`6SS
zk5%K;nlqT0+b!Q*i5})tafFU=(C`aDyU7#=szEYyZ!&l&UEqnz4@v+1zJYUbDU^~)
z|4KYPxe_0`E2dM^h^wnYzv}8nUZWs@d2<IXgx=4GX9YtL-tNyqee8{U^0%Z}ZCv6v
z%f<xR_Qo4%MbAizl}j~yzL=dx&s7RpP#`&ROLLpBzOE2QHhbFi_DV9HGCpnmmDY$O
zzIY%)$3;wcq-vL4sVeAiOW=mQAP!!6cVn5iLe<lRve|;7Np>VJxjlD!Sjnm8RZdE6
zcgy*tJ1X@ny?u!a^>}cw+|V@^bl$W;^cqezO4}Bbw)4FnZ?K{)rM5*+2D~5jmQ!i3
ztRgS4(d6&!rmFS)3?nppB6wdJDVV%o-`WNNE$lMZr-jOS)P<EcGF9U0<(4eOBYU7?
z;sFGv)K&w{C<Wb3)c2LA_-1LX`Kd|kAWjJWzbHGW?o6Xb%f7Mgid9j?wrwXB+qTV$
zZKGn_wrx9kW2>t#PLI>0zl+ls`wu)fd+cYfxmF(WK$?-PvYX!=cO;Q;pst8Q>QYO6
z{*`NWWfitE5)82<&lB}kT(C4h?#J1WvZyUZM>X38@?Ir6VGhE~#>*uc!^g8QBnMQL
zeKB)%b#qqn;EC-!tq}71_JT&ra9e?wizHm<miG#SZVHPISB%`%d8%rCmwqy_a)GkX
zz3u@c+^RQgo_pZ6+TX>5x<jhBw&2%#-KCJJEiy%Ab$-mXO4o@T3Z?A3VzsDq>FQwW
zHv}f0x+0B-=8{g*3lp@h+y3A~6YKX6G)A9#2D9Qaa+p`-*WDQ!YBG8w=zYy!1lOJw
zWU|dVuFN#`ZQ1%*5S;S2kB9lojXHV1E`o)Ly5k5YX?#Jdtc@0F_xMC1s#Wbm)b-Bz
zqj^!u$PtLG<pp7ZBZlH>l%13bZci`&+SrCJT3AAD5D|=Bae4``KmALH4y0KZ=&nVT
zucjDBsD8v&1YYV)D(uq$w?hk=x~%``qStqPXcFuV@-Ky*eNbPs`V0szjJVN+zIyBi
z^KZ&f9JfikFe#->;uYrTa0w%g!Kx`XI|M96eX3OXHbV2K)3fax@6Fph#EkWnYR8G#
zx-~9ppbv;wpL*zU6WZUvjw)g1issZ%H&32hh9V{sV{mdWUbPt1Ga<@9f747A20n^x
z_u}q$BHz)K>NB1hK#6A1`;n`JMRK^eET^S$J>yRI#AakLTx4mUq*1AOch<^eU;q0(
zR;}c`<ZZkWYE6nmzoMU4_W}p=9cJLrvLJ@#xvrh4Cta&oV^#z7T{<mtnO9hhAGu4~
z;5^>64N28q#=@QQhT_VAE;xg1W3yIW?j9OVWAj2ydI}UzM9itZuOBIAgtRHWOLdl8
z!BgZPBo+;NgEiA#Tunt)EaQ{mIXgKo@_LAGEN$Jr$(Kv?=lScJ^8GoV6km0R5h%V7
zWH^WdeKW-A5Q0UA)!JfU{~f`~w$OrLg7Zm7l6O6{m%RI!{x)(Td@nZKIS(QZW8=b=
zX_uFg8GtsbqaCj~``ic8szP6;3Ae-MQ0^)#y)gr0WH>W3!vHiGF0PV`9h_Ch-QbGQ
zRx*7i>G(Z=5Fi~h19$Fxc~n5!58Xs>rmM<<;%oOhB_S`hFUj|*7c+PvdT;#m&WUH@
zAk;OBltOv*G}OP5wN0X~LRzQmi^t;d4aOg9#&e2SbO(0(hsJ}8B>i3}qa!raq(zsx
zYN@%lgz?4J#i#+u8IahHJ6|kng|nkso$eO**kJ<W4iP^wHpTl44Hd!7Qgg%dX$c+K
zXV$>Vp8Z>YA0_rG)~pN?vg`3;lb@b2oGg-wY()bLY6^nCU?ICkAhaPNqWpe+yoXg~
zfwrxE7RUa{ch=$T7P5THz%mC}&{=GjdL68!k)GB(^1FPiNzy1E?8eraqDIxS=Hyi6
z<qu=0p7m$R+A*j;B~ath(<jz+A!T(h8%_2AF{U=Hf%tlItky0fl|@P6rew)U`LA*e
zMi9-)!v|W^v}Re!ipm?r1zyWL$(U`qL^867B3iKh9kOmo5W_E%b5HV|r^oI3IZ56W
zGY=d20k2;eY#{5X^{CJLU-Q2L3n+VN=K3c{1TKlkGlFnx6W6@7jf#zsVb}M0D_6cU
zJ_2e41rdMt@`rfyVRpEdOlnL^NM_v?QS>(DT2`11&gag>U2}zrQ!t4ZGx&@%I_F$Y
za^IMf+9C84_#QPx5`cCMcd)kV#Z1t+alvQsG(sOzpC7|o@$2D#pV280EcuPDv%Oa{
zT#BtI?3vbBC6uM!<TyOt)4XSKxpMqe;wIhHsDf9b26oNS1pD0}w3c4$fNVWeD6S-@
z6PcuI+wHj!id78o&|SQ~SUbwyYKhPv-IU%QvCTmfVQ7>{XC)bwD-yPWR_p0(k0#h(
zI0y(Fx?mNCs$zsz;upo$TZONZMv<j21?!h;Ja@j7ffz~Kqd0qdoJA!;q@WzVzz9kT
zy-zngGqdeOg5eOgde@7dX?-@_0B5rK@?C*PS#_VR;v%#Fer=U;m*!5`-(=}yB)MA-
zj+yIVC$YcYI4orbC-AC*@2ZDFq;a^VP#T%+vmCctI>O3YwQ-z$tBO}AP|M&Ae23=h
z$+*gl<Yc5klj2hb;4B+rUHshBW%x>(V5a^w?B{wQUro)>@+HMvmYog-c-Z276(RN(
z8S(AmdnkooYUC+MSiBe$Bw>18pdE_;fhW%$YR7x2oVrrPiF5ZPf_ik2#v1Q>ss1c>
z3rl$)$pv5LR^x;4ZV-!)-+f#21jEr6FRK2AHpr<7X>E<wZa8(X{(GF<ZxeA^eLEq^
zMt9@*-v0uKcRhWC39<4VU|)+m*rJpid;Nl1r_B6M^L?xw|8LXjKgP$*$^Ks`kBNwt
zllea~J~j?cmj7uqHrg3NCF%N!jw&3KM2Bf`mQmO($hq{80iIzHo{=S-Xe$sEltjW!
zN+OH}nxrZ?IH^eDp70>+{yW=irQL1n_l~#Mwb`}XwHyBol=0%+NqmFodT&xZG&)im
z78#<#?4k+=h`#`6ClN9~2(mdqoO9r-9mZdb!3~K6mH4X%01IS*hP_e_&YR_sB?HYn
zK7$9q0ebuQ^-&y<p?i@)BR=86ow1-Og*tbe0kXRO{}jV}A^<g!j?dQK6C&jU<F_Y7
ztuQA*pOFy-xN`>J#7g7FgB1j@5K}^>!M%x44&vm+2KO6K?)W9?r#cJdYY)A?bar)l
z5YrKKO1ODhAlmw~;~fEJgFJdSyY!p=^}xUyiRfzi6K_!gAdramvHZS1Mfl^m`-ot9
z_|x{3@OuH%HzKS3n;@qHAaCVA05<B_`$!rGNdCAt&$a-4-J70?&#5m}=$Mym_yD1J
zx@zQLdOQQ9+92)$!20-)PD(;_c0ge5CqyuZ7t!1+GClMrj$shw2M`ZbA!PwVU>58P
ze+KLv(M{Cj#<MruFM9O30{$%}8Mzr&0t*Wp^hofgf?u?i8$PnzRj->r(?y7=3+2lX
zft#a$8MuPnoKx)`3f-DXA)|Ur4}L}R5<5c>3JM({A_^|@3c|n+n1nj-eXi&XsG+%Z
zL;jeE&LNuJ!8n7h6-EMq3*P9P^#lJRK&HnA906hA9=>-1{C<P$GxTC2ih@|{KiPx#
z`IQ%LF?8^=dA<Ve3H@=Pr+66v4;RnZ>~Jhy*74A0JKw#2*QqlS>U{z`X%{nt-!Wqo
zq&|Qz9(@2(4>B|W@{d0V$!Th@pW0kN@3$++n|wKSKOzhu=*#&}cZr|N<zp(~(r>5_
z<i(7UmMo)*0r2i8VT*_gDmaI9^Uc2GSNgGo{Z%pk{pav|E3Uq@;r^Q8{rcq_CA76S
z+vgi}w&+nLA0jV8WCC!zqhPd3IA_^!y_ZAxjjt*yI4cw<yjnOm35IzH0rPb`z?-zk
z$DoDJ0egNE#^m=A+Ea84FW&1MM{uLJgXxS3{h-I#*qtYLdL0Ipk?JRejMTWQ(6jO~
z5t@JWFvFLGtWb1CzjX@-14aY{BI|)ZoX@2o_Yy{7{-vEfVQ&EO?t~_T%?1^i!Go?9
zZb$q0-H?aukCYwq;3`0p{q+kOpW<Z%M?v1r%^9tyEWmbG@5wHIK%b9+vhNZdl^W$-
z18v>$H@W!5R0A7zL`SNtW&aFwhFL`HxoSr3Z@KxI@hoL}#hfb;8ZEA7tFeyk?l&f%
z!=B$03MVw~{R4R)Q#pM<9nO!zotW0XDexE29Z1Du93nr!ZiSw8;ql+nyzpC0tgpNt
z0|r5?S+|(SwkwTA$4M*=Xn))M`&#Kg(47s%xM@89{>=0ZV$C<AZob4w4KCF)nkrOk
z(q$@>Zq7y_^HAT`I>)`#BRb2!j)GCUht=FLgAtFXlzdpAg56jBL3@a*V~X|fLDG3`
zcOR#s8!})WNZLl}KwG%tj!QvV;5ci-YrAzHEwX|(a+NS4(>9au^3Xq6oxa>YaJ|yK
zqDBZo{}-Qm6JE&xYR6LYFY;=t&!axYwL&q3i2B*4vJ^Ojc7EbKzqtQUtloBx=?(K?
ztl6(jf=V(CT-$={fyo_W6x~&$Emng@A6vCMj*<<&SEr>xO<(8o&!<8wFfFO{b^*C^
z%2(;qSkX^`Gl~OP;n`Y)9Emn<*{Sqno;fWw2V+@pLqo1sO-}@Pw=AT~ZIyexjo-n@
zTXY@2f2lKF7I&T3{V4UeeoiO0%DmsarO<p`WA0y3jIGLC%g*r_^)(vtOE)jSd(v|7
zG0yxpt#b|=Ih0Y<ZPvI-%{3}(x1I^m@kpt28;-mvTphozG3e-GBI@BSyA}SzVW@<q
zNA=ael<8if?)&7E|K~!FzzQ%@iQ;|cF?k<eVo1Ofpv-E0R4s@E3yRarXI&W~oguaz
z8mg-#s7P_g*H3}WIi~Bg`G%_H_MAgNqU#%rF}~=`d{h$^TUdvj3&E?iY6A91{PBMg
z7FLWz{<4BcsHdf2l=u7Hb6T@{x(C(kohbbRk>T|YM566btJ)mEeCmv27dCvkSWU%a
z8}^kUNR5pdq<$Ag)$}{x?;<ZX7;4ugyf5JHI&6?S9=YquLre2g>g0ZCBc{#@POaMD
zf}#4sDD>jo@;RI(e5e2F>nsq_n@<wcx*Itss@lRn(W#Xp*9_H|Z{@^HQ^0`xS4G8A
zz7+pvD|Y9TxeK^>F8*qJ+UBz!yjW3$Yq?f){Csdl3&LLLEEOn@jWqOk`BiV)fR1V0
zCyTo*sH{Xk9NW+nj&l~l0q3_B?YuTRA(<4P{e7;ckKfZ_Ed!r>Dm{4ukndj|73CV-
z<DUwfIf9+ODx8wG=TOd-mNuq0-N}g5mQcu}jQBBq?F3^;_*MxCI?KB$*)`#ut4kCT
zd?uLrq3EvA3rNf~+i}ZqPP_%jpUzrr2XucZx-RsN8TvB{49P5SO_N+kgH<hAZuhkb
z_?X&I79RWST{^ar6&YwSFK4_>toxFz65(T}gDrK$Ds*o_Ji2=dv<6$_ewN#e>*I5I
zY|Lj_uqAj0R4KYg>X>mc&GxOzRrYO&6*a;)jH|jYT_f@;nPeDYI=Ud55nF0rMd`D3
zUzUWgc5~$bt43M($%@As4?T+Z_2b=LG0N6#xQBlq*@Stw|Nj2FJWlah<!bvmvJfUw
zcxXc8{d;ld4I|xH&t00M><iUor<=dy0K29=$Ko>fN!rnL=H{9{qrIDtUPAOV+Bd_K
zV670u>!M-n%YyX%2S3Y64kMTiO^@12c8C~OB(DGWxU#bEbCrR*$!CmIM}LO~zZ1n;
z1T4*;U~BLJvX@LSO~g~mvUUmRT8z;x%28VW-$vg3tmXH0`<l>wnldh|*Vz+25r6oR
z-fQhBHowQpP{Ljcm0YrJ?>5=g44B;)%}%f#LM8Zn+0MKUutiCfA(C_HwS2Rm3O$fA
zE%g*8xO2))G{MP75AL<Kc>PmLq-Du5I1=b4FJ72sAYzmqn{r97tiQ7#J(oMm_34?c
znTWI{`qENJ+1Xgh_+LI49F2c-Y|-4LRSLxE@hN3MSG1TLzKmAEyWhN27<;tMgy%ix
z;njPwjI`B%hHOVISDpQmI=6e=qE^>N&lboDJiJ+SqY%?X1Bx&XaSmrSbA%hJ9GBi5
zx%{9O9bvdZ<#iRiXntp1@{UIjtZnDPzYRz&(r9RdK>HRYm+s8)^>ipm5eD9wkneeI
ztaYbqlu>;Cgxys1{#6765C1NwQsp)>m=q%B<=^ONg)dF4N3tFy0-Fhy@)NgQCt}&y
zDMgx8f!(e3=K<V7p%h^YA&O5EI+^!~Y&zRG`gm5Tex==KJiqa7$$Cj|zb35|nd6b~
zIK!gIf&j4$hG`PT2KHZ%Gth+1lAU?TzXQvwuzN=Vj9x6351?G@RO>Z|5OIf^*DX;t
zo3^dN;of{kuRoL~JtZdMX)W&!*E(&Y63iNx$gXWw)pLiZ4JsEhxtM3VMx02RW#fqj
z3Dy3!?MMq;ZlR-=fjCztX*Un#*bC0tm&!`dUQL9ZN+4kJ;N_qvf%y<epepzz*-Auy
zo~f9g>;=*mV?E({L1j-Bc?~9J+;dHE%$wIOh-ri$BZ`yVKPm~mepWAy4bWCAVa2-K
zCOj(qnw1t7mbzT-X5iW`DLVD{;G8f87sW0?E_hl~h!y_}YdrVhLlS^wu8e9X!)r%U
z=@zDn4<^WEyu{$Hs>*}avo3@qw6jFiv~kd%$6BEmL$PfhMYG0BMIiethDRQB2Q@lp
zUdGD@#4Pcfc$PZKGZpQA&a-T9K0<j|X-BLag(iZ;jr<!I#^$TTiozCgZu1?U@Ewu@
zXuIg4Ma8nKWJMk>Uzy1l1G)~%uzDyTE)NWusWM3jw919O##haXM7U7(NgCUHJv=)0
z2>T^aZO}ee(<X1FQx_={p0%7%dAe^b(nJM*v3HS*>r@Lu{Q+z*E?uTdUa&Ay(Y)Sc
zpCjIXeHf{__w8Su6S|sNG5T{WF2%<pL14g%Vk&=u@_ha0x?B1SQqd{N5*l|ZLy^b<
zr?hDbTWzi{*ZTt0=ePdDz0~uCU^qBl130jE>%bQ&d5x)u(t>Ebjx#|iQqyCf_|uc6
z?Y`)gF^SI91^2<+Ec7*7)^oDWs)@U)OW^MTSk)qwb)Rv<6)F{^rV|bCSfjk&ZB!<D
zUUgte5{}WpI>Rxvu`SY3#w~Lv(&7GG+kpM8k(0QQu8hZLpVuV@cj3$}|NT1n4iX+L
zs7&BGS_OwCKc4;G+Wjv4loG;}nv+=DFQ|G798~gcOI+qF4^#7ho9D8<OYt>N0&8sP
zmhh`;xH?k&oy2rY-&4Ah%%&KH>-S>pV@s52{mH6>GLtqrB3NZ_pXc@4ln@kxi94Y4
ziT04E#v}TaJ=(sG7z#G*6D<W<ySk2{-&q<nqZfDSN4F@`zC$*XiF^JzhB+tI%zQ|0
zHBYtD5eM}*fyS#hY=)N`pQe;qR*?y$a?dTTdNp$~%S`N;oz@9n6?xh@IfmzV)RTA9
zG1kB6E&8HHRGjv6SgP;~A+{zPe~ev3#KJxk=&E`svD*307l-HGs7jcZF+8Oezeug>
zH1+>bMXR(FkS^f46R~MQU~?Avpp8i`g&a0~@SKE^&~)lB3ov9Knn-^QmVF^Qkdvu8
zwQz*bA2-a@9*vS1#{EP6;!G9+m_+xRHZym3p-q@cU7t40)t7!lUzl>7;yPn^=`4W@
zGX7-LvQZ;yevI#Bl{-1!BYS_NZgsZI*>hMa*(u5?%z7>}gAhr=DQ49;N@)n=mQ%q_
z7;!|ppZHU1JoC`R%x|7}Vmro1V;5WIC*E-`Ep&~vtqP>YAC^Az9Y?V#t0ed!Q;2?k
z2>SJzmq&QJkJozjsxAtG`HR95s6Xoq;$bG%MQtpFPVsM;?5#2(2B_IuF>R*v>={Dm
zuIc$5l^BxwVFbDSQED8Ip<a`d$$pBBoe5RX3Ww6Q(++i-sXY2LA>}U#tYi22dEHxl
zZ$Ccu9?H{Ofo25HoBeNI5e8pgN3q;b*RN)?62HNV{A@|GFoWd+RXNFfw9kgx=XB!i
z)aV>4C_qpsvd@YxGL(uIF){O8P+u0Y^!c6n1&@p3MSy_MECH~{W^1(0+V~jAMCq}%
zTb(RCQXtHFESR-mU@77?(a-$Wf&vEnxHRp5Kn{%;wiJP|*q*AE+wR0}P%}Qkf_g?a
z%*8=!uOzKTJjib}PjT+ciP~sE+zE25QZOjh=Zj{rkM8-r=AC;*Yej%`P~$RF$?h;o
zVYs@jXNP#z%v4Re;`2kkr2;eAE~`Eh;X;$r_@wu5m5kYZv=-=k)P&Mwy92rAIScfJ
zkH(`h<r$22Kg<$}-)KzG#f!6Ch%zm5zi|~iyG63jzsC7f8{cpTnN&^xo~xQR%JIBW
z&B76%cGyFzu4<yW%r_<sW7d?4gOv*I%f{yL16M1h!~tk>So4O>ywx{J4I^M>P8@!i
zDnTHsL9@ozG;P~;;iJ&BgyIMaM!pukda{5a0}U6<TC6u`q`U@+d@;)sdb24+RqxWD
zp47hUVwdl(hPzaFVaVoT)gAvwLGmbeilPS4#?*(UlJU`%WgX0F0`R$DMS6eQ5il#?
z`^aFM{xlR1!U@QE*OVOo{&R-s8jEeULx&}TxF|w9M7Vdnv@gMIV2NJp(v9u5r62zg
zZFh%kE}8eeZfDy$PT1TFl~vIzXfC1Mpyg%un!5RvN!LVar@*dK`~iAnxpFpxT~l%n
zzPx7BpF}ZK-p0z~UY$9LHv07)rkC)xR=MebLQm<0l78<<rclqV4+N`u?Z|HR`!Uuy
zHC|OW8qW}f+OMB~e_Th3Dg25lepJS5gYDi2j4rMO1o_wt@At}(6jN4}S$;Ss7!Ras
zS)A=!pC!(TUWfTM<xv*I=XQy^pH!^#z-im7ooM}qvR46}keNDlS+)6Hju$Bj9PND!
z`Y~4Q)KI62srS}>*=AUcjrc^SO~@Yi7Q3`Nl~WONd#0x1v1p|t=4dDgx4_G%LYZr7
z@A$g-Nqp_*#6JzK5B5N!-OS-U3?J*{w^|Dq`zSg-DO4qf?=%DR>sTwAk5l6IFtk?h
z_oHUYAXB*3d+aFs=4cD9?yl@X-7$;N_HQi?zVyy+UYe5m1JhAI_u+;J5V;Uc9*epy
zb#E_<*xv?K!q+OJ(mpz8c(xBAx1A0Lm1Whx`>!Az=D`d<TvYap*%Ss>>0c>bR&E_!
zR&w&Y%Cw|U*MVX}oxT)0Qd|4ox6tWDTcrrCt`j%a&fO87ox=qD$~BD|<kBjbT`wn}
zjuAD2E%PAD5pv*CLc!yz*=f!ycQMmAWFV1!3nvNWIW9KmPK{oR+%ih3X$1w^|Mr&D
zuQO=PB-~pd_&<sor;Bv`s&`W#+<7dIFlGM%>$Oe+tY-cRK$*e)!Jh)>mvstV!Q=Rw
zuI{;(N+lM$h?Ws}OW$dy1KZ1y80lzdjDI1fnmAE|^p1TA_qy()PD4GX*;6|%_hW6O
z%)9-2UFR!==kGfHb{pO&x*Hv_j64C}AV)LV7Qj0hBKrenx>~YDqsq_sXmn#eSK`j;
zr_Vf89euGZxg@$$0*Z+Tvc}7LC)<>`B578`V>)?5`QgMZ((GG<pW5ikrH9T>a7{mV
zuyC(EXjvDarz=lrVku0}y6yXH?kp`fw})0aUkg~MU9EX!$|IZv4AeZR51~G_Z;?>T
zfF)S0$j=~StcKm-S^V}+Pt!AqJ@I)Q4~Kh@G2WxY#r7p8^P-O6PAl2Y3@OP+ettpm
zoPL>yz~u3Xm;4e^om+OWn$t0$FPN;4ox%sGuBIZ^_0T~=yD@)G#3n53t4C~YWA*Rd
z3;0-0?eMX-ymBa}Y(hA*`-RK#xV0gEr*l>)5A$uLJaPAtNkm!dvC*vMKW`Mq_P&T0
zF>J(@W7I^_KHYL)h<my!7hJz$7Wq~xXt*P-M(wD;Fyg$C`HM&kxX>vqy%1`rH#(2P
zEy!+IPpZl$KpH5Vlp8}Ig@V{j^R*)$7-h2jeMP3v#H<wJ9G`9KmZ69ER2$G#Hm+Dw
zsJKLun&Xm%U2JJ2*~%_mtoZ`qI#lA*^YXNW<2DMRa)PXg@M*fu8bUUhoMdvwWIGJ(
zwC>4_jV=Jmg}J874TZ`DY1YAOP5XABHqjb;6pa%s0&;l@RBO1l+fC7VX$8cEWJOz&
z*h%UnHTMJ0!>8QNam?LmQtJBOVsTD$7n!dcSvfK)83TxB{T7=QsSu5d#{FG-cP_>F
zS22$guzs`H&b}+Ft5>vHq~)a94<pY+hNnZ+&N99F*V^=SvL)UVNSm8rkD)h8{0(Bu
zZ&o3@_E`!8PrO%>JHCYy5-Da{`8+KK@JDenFwy!+S10ITStnDDrKrgF(Am=as&8R$
zZEl^bwFR&yW>;>#-ut|u!^zsssah}F>U<3JZ`0!vWNlG~$ir<z-rhILW;;!rq2lCg
z)NHFK_J6CdGGtiD9CI@{2R?2LhHl_B!ifxR1S8YK%nM11GK2h{43L1Pr1_knl`jud
zGboZ39{d>+=0PJ;LW6%&SMX#s4<MFMQ4g&sipD@dSID{YJ7eU}m;C}id-Te?LF2Lp
zJD3*8(S(clxbD|EN`6q0rBt)lMt0U~;ok9~xzu-W1{PvZW@XWGm3*{FtJTlbyyZsa
zyi~8wU`wPD<kn|pB$sZoOFpTC+ZBvHn=I0FRs)uVzgF57rqE*am=<c-$4Jv4!2`Zv
zH@-B)pSsAoRAg_cBHkf6Gi1~fG&-q&hmKn?kD)*r#q;vU(_;$!KKr5VJuUm(bB=hG
z)X|h4CyTatY2r>88>{id&g)qln0iY6TfxMcKLx{Q@+<4?ZEi5x0JBZuMB3%&B+Ngk
zctHy4Zka(5&27}$z|?ZkZEO+;lU$u0+rN^6^>g1XhADtBJGT?t{e*3i!;7~&XtXU=
zMxbM9c@>c}snO=T4sXN3sITy+t*vt&+eNgzG@1vBzh8{t95xcm)F<1!F{j_gGcf+i
zWCx8@sd8=rIWt1(2KcKvL}NGe5A<eG9{1h{1$ts}1f*lpk=>n^7}N}qZ**AjWz4*2
z_e?5m$LE2iURck`sTlw6^FgLDwK{c-YD-tph$&$AU=l)kPUG$(7|Lkccrsn9&D{`v
z>`tBqUrRQSJFpr2=lDtan|w2h)Z&!jGUNt<sOh7fr1)_?|Loq1xhkEnR0wDF4Ye<B
z`?aQodzhXUyED2_w$CN>l6->+T{*XKhUO)c3(yYg=Mt0~{{Y4g;>N*dF;T@c1d447
zl&}28c9)AzrFmcUwDoIyl4TiLcg2}u0lm;lSb)LkZ$a_)ry>S0FY(rGgU7}RpoQV0
zCQWpuv|Sa&WMz3KB`n^cm6AmdCRN9`=YdvyV)b}1W|`td4A8^t*P#Ba7`l^eL!CD5
zZ1Ohi-|OuT8#=mnZ>g7(FUyYZgSN_5mG)ONuX@t>SCyvGd)_mu@znW7jlEcC`cR_C
z2n#RfrN_kEdS7M^9NWYXLeuGTBjt4p<)M#gUoMwBt@|wa<@TrisP~>UA#b^QCGG4B
ztPu_8RUnIo$r|GvT9n+!s=9eQtF9afymWPZdu0bfVa)V(WXBdpdlFNr>p_X027ehg
z>!}(VR_W5-0y+_LscN>Agwx8@*p11Z1>@04e<FQojYKIy`$>!0-k|;>VzVquiwwM$
zZ}fYPnygAyA<Rf`w|vXg**tgc`3<S!{{Bbni->9T_lfd&OeFp5A(rbt2lfN3KwdOn
zYt>~R;&_3065HZa(3vYty!Ht5fYw?v`(Z7;lqoqHq>lpAm%NjN-I%YO^1OXTQ-hKn
z&N9nJEb0-!<R`oymHN$mLUZBY`mWCvgI(f6!9s%jE}jEATv1@r!_W{^A_UWz(sfdU
zp`9&(PuzFgxCUArOQCv`_VB{os_|#KT=<g9cT-54>nkbhr<&bV!!%N`>&jKb<yA$X
zfd<%^2s-?vGdJTxoL!djIBGO&Lk(vx?V-kH)W;37PwDc|v0Xsh2Y*efHtl~>>HfV9
z|AR`$%<+F(9{#sV$ISU((CxpgbZnfQ|KkRlXm=<T<&Ab$(D@=#33j5cpF~}5aod8H
z5}@Ehfn?5cy2b2g&{9w!XF6q|^AI2yMU*<8ih{Zi?!c~-uW#(@=&1P1N1uButEskU
zf<0qq227Q}0zCb5N-{BIGVmnGzo$R60{sC*3M$ah=)`-6ECEKywLMp4S*8p~EO;SF
zUr51`Q1DTG>neTNzZ9@Sz&Gzj00ISoxK<Vkp&!uT;eY@oKQKjtd4Osy79Q*@2I!_R
zv4J_N97a+{4b<isPEghTGr2!hKO8_(QWE+D5sI>{k7pN|0W}Y9m}6kG7K2zHycZiH
zV1S|fTcVHjBC4-d8V=6O%L^`GYgUL7iNZq{<R54|fM*EIHz3eupxj*<1@PA5Ue1^c
zk!1nU%sAfY!x+a=4iKLFL24nv@j!(O>WFhBC?~=Es}LEM=Rr<82IBkzT)se|0bkaL
z05b45^>+Tb9@M`0o}fNt=<zB1sD}{JY`{MY4L+}?nl$*f4;s)baY|2w9Ux|K(5I`<
z0ea~V@nMS(ub|EZ?q7%Ym5zjP>)&BCD`d{GzY^8oGq2yGi2$Q2*w)q;hs`op^QE#!
zzyR&K;}i0YS51R@6#ek+bp$Oggzpy(^5~4kCfZNv-ruP5tzY{y!EYl=AKM>WK}uU2
z9^9W7(CbY!-QNS7_R>D!%k7t0#|-|~QMd^bv&yI+U@wmS6gEhR@DvEbK#)@_@cr%l
z;Uo$Q3X*3J4Y><&3M7^M%Eq?}<@{<I&gp^Lgwlr?oJRr&e7${Kj6+T^P{Kyse6oK$
zqrhdBTWqzkoP0Ci^<<5YQxf|3<b|UPC`jQ!|1-Py0WdI(0=xY8*#3KdZ!fVLv_+(_
zM33qnt3GcXCN=zcyRW3ky1o2PXZf|0At3Hwvd&g{*vNsOpr5&CU)+b^BX@e5U+M+l
zZsO-T(1UjTGkX5tBS@}6q~6~|wUdv7`l@+<`Yl0TcNCmf_2!pC1ov`mzps}1{p&0h
zgt!cFXrbF_z&qbl@nh7&-h1;P?coPs>6brD*guQe!SP_21@iZLfDEgYL^nO&8u5bK
zb#5puDH%OF43(i@n(7EJf`Wb#vLZ5gfTtV4dxHMVj}BC@m!R76;C^r4L>!`D!6F8=
z#DL4F0DyQB)L2ar1_X4_+-mxsx%wq1$G2m`M<HNvVF0Y6c}J#K?c3{9Yn>qt30{ba
z|4-m(a7QQfHAjuA;T`4&k5p~rCPt$18X;}yp6B!6j%FBxmeF}YJ#S-%?_ph^w#VV2
zH2`gA<(`r7LcNXn4^9RIHeS=0>XA=hf4-e~O_qM80(#*>>)=6}YI&EjFea=QjW-QY
z<$moCbOgcN<B495j%)tPwX_Y`CV;#&$r?u{&As@e+GbNc#TsuS%|O~}9NZGALPj2q
zcHvffQ~V~F`6z}X)ULZi4MuZ-kiUBx|J3i7r$*717O5`2<beIcHG$Tb#5fU{jU%wj
zlm#)hezi=>!xNQTxK4{~g(RnIa6k5}AmHgxP;o|#f;Tx1_YG->#bdc}(Ddle3lk~*
zYS~ey8zynCrD%`?ZjtX;;kYtjKMT<exD-wT>v?;o0RsN0b6w+Hs#t7dmcrEvC+iT5
zG$3NrBQu-3F=9p$Bw{^(gq#qRn?wBvmq=qv9B&GX&UgWYB`S*r^0&LEHQhuGsT+8(
zT+Y(~4Xte{Ni6$sT{rk=k*h+E?)q7|5Hd|?Q@dvya(1hT?CxTw17)<4MT;I`myO$>
z#}sl<I2eZqxQ%WWqnqkU8JYU>ENI1)Ecu>h1r0HYW#ZOU`1$BOvXXKKZ%tW8uR_T$
znG}xsw2o&9eZ67V6i+o}KY(OP%T?P9m#?l{Y-4>!dK$r_Y8`nO-3>lv1kb#aTV(DF
zuJc2o^+zhB-Gi5g0eA8XMBEwmVapIPxBRGb%dxo6|3Z=Hh1aBp^X;X9YF9bk24|i8
zalKiuj)tWziQGP0;tjX&R9}421GS+KL|*QU1@%;lm9j?%0Gp_?C4ffhL2Jlp;Yqa7
z!Y#W}+*11FRui(@MzmNL?=v9=Qj#jjBKoEiic&$vQhT4a($`DToT*^BF-5|n@ovPh
zLcC@Xa!i8}+Sm^vL9c*n^Nq*@Md@FvpKb`xp9{Lju`D(&ll{+-pG5!WDf7=0_&ec6
z_`Ok^XR-XQDuU0e-{0)LwuV1I5-tDQ(g-#lZ57WKj$)RRObn*8i(*1rzH_CLRJf8<
zv6pL2C}x~}k>zReDZ{geHMe$f^WcE4D;l4a?o2(}Hej1n6yv8{nl}BEJ0SSpmC~9L
z*;MN(Xh59L?`L&{<TX>BapRyYBS1Qg6^bj%+5kvJ?mXWhhcJ6_PUrQ%;E$X+xwN?1
ztw7}vqo)yj|CzhgtFQ@*D(_xZX%($j><&o{wNgJtk|nRT*b4Vz{M;Ym`iwwXlINam
zY?D!Y&J3Cqlo!q6#=!1oFJ@U_m&rYRgR0EQ!iEeK<*!I3zM1ccA@jMZNQ2ImHBe%i
zN*?ztS2sRi!<@vV@J%RdMA(667GC1_y<SS`Ni3LE&UMxLN!uc4dl=Ly@X~8(VUo(~
zb<|SwaH*9j*0ItRr80jKdFzCrnk|VvT8eQ6eg}0X=19e*Q+BqGkB4$0_4@>}xfSD4
zbNhacg<PSESe9R%U^Lx4Z6=m%c{M){|G+>Qtjbf|@2c)jk;Mr7Y(;S*Bc@+x55Gn|
z;y^8=ivL(c%bDX54x^=kWq?Gv%mfRe6%ELX??HH&%tOl1JJ$=e{#{;SuiaBsn{__T
zj!U;E`UOnc^a4ZXvR4fvQN2yqjZC}hHusDgJMokpX_f#K))+{tXjJgoxr1q9C>Xv?
zpi_8&JG4TcHC$7P`N~_w#Ne@i7XGv@Q_1GXo2bTkH8ZKAERD6Eg7o#{WXO%hbU0Mw
zywlMxYr^&B`_!I;?59ru9cG;5-itqcbCluwFr=gI)27wIPlI753qoZ=hzv@IpkNt`
zY3JiG<dZohPAB*Pn6V6q)<3!Qx?kNKZe%UzU3|h9XI9@lDHO(~mK5>a|IOT<OvCe$
zY(GC9No&WJId;;m&#;C9bX;0_jd(L@kCQWc5=tM8et?tL!aKl5C9fO!<zT{D{w%6H
z`mFi0LS#uZ!sP(}5+%{>h=r{myf9EO;A<`sOgIu^0p}w&tzqwQg>Hg)m(lHT_I)Yz
zOrH4*!`SmEpTlc9>(mY-^ZgZ&wd^+GIddws!l#~2TN#ZI>Jl{3U=zcRZVE2p;D&_H
z5E8y9V<vTbNb_l4L(riFS~$i2s3bWI(BcWwVH194-dC5DF{>ijH^Z+nj=Z=wvvx+R
z^q8uXYD;)iBA;coEO}|4U?@lI(t;>zXSfV>q$qlh?zbuDJLY(?_)A&q6bjkPhw0T|
zvuF|(ITDMGi(_r?ZDE_-eeONMy_lZoYGzxAJ+8C#-j*p@+Z6H81RcYm%<q3sM9g5>
zok?X29H3Qdi4V_s$BOb1<vL6_ppQK{ASM-$KKPq?->O>2$(1o=x6#OtN630~Z<>S5
zH+tgtOkjAHxy`?>s~zVQ9Xu@eEW26Um1oFH9Jd~|n-KBN;nr!p--u_V&GrxlT7FYE
z9f+A5N-@dwtKfQ4b*6Lf?x^}L>oU|)-)FeQ>hoQ<pS(~fCnViLE1pwMil};i=qN_Z
zom*}bd*~-gFD*Rlr)TL0UC`bM+xq#9&<;<A|KcD-&BmhF2U21VM(tB^8LJTLc6Zu{
z^c?=GFNL<xxKK-U`k&s8*<cg#Y23do)}CiRI%X@#NMy8Y#P3oXadr#P)GF=C4@`8?
z{Q6xfW>rhp$NE%ig_W?xDCJk9#=Z-7bA`RO>cB9_4t}?xt#}DI9RV15b{{)WokN14
z+?%ks5|19L?CtkGkSfOV6%8mLtdh4DWcgJ)`w-JM``5N(5lbtcswle7w`aORwWtMc
z)uSo}<eVydiHD|nh!N_35WxbiVFW|?o|QXjP%=ddM~d^Fdk3A!TtkjkpgVc^IO^Wz
zEn1gXKAu2ITP`s|a+fLWjjiQ5c2A+pSiqM*(9q*F`A?0ctG9$*Vfw~y>c|8<lGF}I
z89Xx?A^G)Gm-R&V&m*_4&j!iHal<%!!eaw1M?cfUM<sN)9iUNJD@g1uPL+5FW$KRw
zoh#)ZgsJ^(#D*Y&b56cc3RjnZz~*(U@Pf;ybM}0A=HeQDf(eqHw;t3cYPt5;J4FC~
zwt}JZQN+^3K}Y<%WIOJ$f4JPhC&%sC6)F+W+@i^6ug*l+kYrp_l_QwFwM$=W33d?@
zcN7j4F8viA8}zlY6E2Ot1-5w;Y5llU$X{DM?X1hW;!?tINDCXOsiB+R8nq?qH8N()
zVs{H(mA*_|pSa4wWgAEj!d}_b%Xy-xMMOg_P_`fP4*AuOdYe`%mU~a&{V$(EwK+t^
z84}nC7pYA{voqN44PX9?#83$I(^l1-$4s;Plc<E#0ax4Bwsq_bi%-_?TJ$1oh<Uhx
zKrt$XzP9F~4EgIJJI%LZk$Xm?U*-C57lN#VTaDsL#V_tMt;vV=``O&k7-I4`_8djo
zJx-~R+a-o84T)UmstF`lW9j>7y7O9&{g~l}C#hol0A+3C7tIfgjR3{LPBb_vD!Hzv
zb#E<V%yr(@>#2;^&*N*tE=5DlU2-vBUi==#e_$qFY$-GOLD$SW;$!=1d#|L5y7O|r
z+*t1iZRT^nXi?bJ?s0*|;<G<qRunh*&fsK!3qFOcQ40ZfFnErR48*9;kcrWbndjgG
z7`!J8+w7VWRB<ItfK{&YtAxf&_GWS*ge8RT7(}Z|WVm7(e2COx)?{4CrO6@-Uye};
zJnA~S8oiO>4@-OyOcVVm$J7l&hmh6uE`y@!DEO^I$Ub>}s|H(OnBKK${ttAk3pFO8
z>dU8=q>?}pX?1uD_KsxDsTe}XOX)I<raAJq(RiMEMSzO!;j5QkO<f@}8ZV97_c_a!
zjvu=`r<D<{nRr=cf@j-(-=Eu0l*kQfdMt`-Hq_yIF<$A67g$f*U5W3M)^iE{<<=g7
z5BH`6u6wjtvtqR|LOqW)Kawl+%6AmMi&pN@6Pcica(}8$cPnkm+FF;(;mpS4dM(1?
zjz#f?d7>tlwXuB1hou_4HCvsIDfW3yViBTFpzJJ`5!u>sAqW3A<wh+0{CwGJ#Ypkd
z6UX;~vIkuAitSl#kiifmIDXqJ#(PqF<ngda&Y{+d7W3GOiO-DFBhOf`MX=V8N%p4@
zIha=~c30?rw|Vd=+&HE>Ic+B8wpRNIx}fZ^s9yCi=HvM2sQg=SaLov2Z4>Wim|sC-
zn^?%Ac##-yaMj28fVJYfFSFR0b`1&~H><Lm=3|<d1){^HKH2&ZB%ih|*V%f_l1ySH
zptY+`YjG$(9EH^;xhLlj1h0t|=A$u(_X#n*_Ei=I(pVAN!)uH;s>uo<<iuIFxb}s!
zKtkQ%JAdnu{ut>DAN^R%?O!YN#imL12fQX!ub6ufWN-Aswsql@zvo@^p0@YD(i#(~
zB3yCb2K8t|Tw7b8<K0Gi1{^Vyk)f*A?%J72e?BkHBo8bl4;%ws5oo{o2J4D%ybw$}
zV7om+_xDEUkmfoUMu06Sp{(*s2tCF_yWGE0=U_Vsb*y+i`>hk+@}zx~P<MbQQK+g?
z?2ehkH?(`I@tLlH{HeK7mojdAg5eu`<rv!gQye-2uD}H_TfX)QD9pZ}D{*1inkDHR
zE5ZgOA&w~QklP>e4kHK48CwrW$pub3+&mSmPg!tZ7&1x4*7%{7ZT$jt4+-)YbqDQ^
z<bF$0BZa(8#k@3=hk=RRY)+kf$}!h?^oO=gzOX*26}1qm=pi>s>)~n)rg3&t3^Tj-
zcW026OwUZFHkc<9e+6>s%ybFw?5~agLTov={Zc43EV_&d70J_NIP3VaX+}f6jAH}r
zd|B!&1?P9VvNco2xLuyQY4n|;vhB>T*btl7Ae4L3@BLFzX8Iyya@O#dKrV6G$GNK|
zBB0cd3BSG2rt@i&=o_U+U)RMW|EzGt<(#7A1oHA~-6%f(BN<;gMTY_A2ZTPk{2LVt
z-uPfr)dJDMp%mp~WX6b+Gy@f)!S}~uMbsz!)f-kZ42kSn=!tv^EvqJ;Kv^`+RYuSk
z?Y2RXSaV9^8vG$BnLNkh#I~t<`7~h$BXuhw>YE&&ZI?yuXc^rK!8$WX9-gQ@m*4Nd
z`MhSk+TRK_edQ2(R;#u&TpA(fJHgX-4&(9e*&41~q_jYi!;DXzOJz+27O&Wj1IJg=
zFrPdWMi5cTJ)t-kO@^h&obU=Glo#kD4|yRL`f$gJy;&=digyl)_pUa-YT!e`-~Nul
z7soB(OuPAGcqaC;PFo651ykJ?jrcZ#YH#ikj*`W|pNgaUn$lwV{!@pVECQ!u%o(;&
z*Ncm$R~{OXn?<6RGq|Z#h6waVLA-%3jCb9RtnuCz#E8`HI!HEST#TPGQUop`(7=-W
zuY`v`g;vWWW=;^olU&5D8wMeeW!k9N@DRYV($L(f=7p`0!ZCNXbW?fVrzy|$Yr?1n
zX3tJ8@h5sY6@q0N=N&jJEICCpEOv}?i18Y<U4nbRS+*=hD5hE@d3CvQn=rgQb}Y96
zZ-r;;lpWRDuG?<pm2XP)7fOEYhJR|6Sd*S{Gn10;jGn0Krnc(mU7#pQ^ENtu#;13)
zcdy&$y}cfFzNBDQ<Z4K0*g_<gAYt(;Zp`4{5eIFMrikdRIuWD=eoK|gDam90Z4#PF
z;@QWy&cOpmIOQMB?chY**z`gKm&gBV*B@~AyBSMkXLF@Zqg+X`BE2#cy5y~mmt3q!
z(26N898cip<bkt~-G~aTQ+Th^>Af51?<mXdf*x_21ZSKYhS~iVB8SvdpOqbz>vM97
zFGruaGoIrsROaXhj<V(R0OrkIW!GttD}a~qRj<5gjXDyqDyfsQ(I{AKYasnQS#dC(
zne@gAK6Y0U@rR)0)(32nup#-JHguWMA2qO7n4$&7x|Fx}Mj@o1Hgplat15o*OaefX
zf_+ofk1{1aA-=(-j}9vbMGp#KxF~|#>Ytil<j!sAjlA_G#q`@}U8#$Lf;!uUJMn*%
z#Ksa$w+sw<M$-oEwTgr-ieHw<&YvEap~LI*91^}h*}@!bt33J@;n^V(DepIS$Y(Ky
zak{VxH21|&HB7U<{#D>RmU3=S8crx(FpnlGs0+-+KDS{jNL1meHJo%hN~y+7{lUG+
zWq--A|5a#hmG)OJhx)B5Q~ov7+$W8q9zV9wL(<CM`=Y#8E*J2$@I^azB@>e>{gfXN
zsMHwR?=zI^a$(T-3hPt@8P;54iCa^r1mvjMTN_N_xO79)vu(ChUAKuCmCK1Wg}*sa
z2I{AIQCn6GJ6#mu05QIPt*Cnsmt|IBw6{uzQdwl(lR*E;sx!65aMj4Z<XvP{F2#q8
z)QP_Bu=K%XOigf`g#Kj*sUVm2%!>cVupooFW*t_Cnnc<YY*iY!8_!QRgPaN*uf8CA
zIl_gmSGKmOr0OJFI6|^@p6*koYXC>&Z@OVLslpL6rhQbk;QJ+})$v66ztQ4q(J39m
zEf>13IZr+BKt9kBS$&83HI3O1J{J<s?Nwe+;PHBcL0f$j(za*r{dr$F>=|~9lTRIa
zP?P<&Zbt+*tNyRdrvmfILFkUFlQBCvBws0z3%n&rcjL{qBVR;rp>3F>R?9p$GZnFB
zVKt+O#~ys^4P_*><n~hIx0YYY77;s2W3$~VeP~bBQ%)U{8m|VcFSH|01B8`{)LbK?
z;$yVVeCgYRx$ROKB#T;@PSsBFyv9g+%F@Y%(eUO8bt9#x6pwFx9==}r!-JMsOw#%d
zSg-@pCM)jN<EN-SDw4=R+>Y4WyY%>{;2%F1Jhq>kI$rz1$8&z)E(Z90Ci@mm;S~&@
zptZC<@0GU>!C{Qss@kae2!*OE#&Gh;MQ*djkeh0f@~UYGBDEX{obRw{+E68lbd`rg
zsXsV%mRP1`id1{VC%pK4ThG_O_<(bK-<AwyFJxJ%ar$;2P%-1ZFeof}t>Dy+D3BK8
zd*ysVi++=}U34GcZN1M~-R&e=E&E{fJm@uL(D_lkeWnW4luQ!+i}L6#tFH+b;Pnk3
zC9XF6>D2L@U+Hqi6Ez}#`;?xnr?AS+Py(@@Ci9qWXKDsO8m;fHMg0J{`*x46JWbgi
zIbt*1iR7m{mAR|GEBN1ag6IEMmIm~nJPxzXU6~K~78u!?ltvsT$4DPcJbmCjxnYFk
zg?%dX|BKPf(C*+^HMy<mMOzQGdL^};C$Q0=Qa<&z>hht;&WJo9j_60tbU!%M2VdUV
zLU-UI<j_y|RO**vSv-)9sRR{=XWu_htrSRK6FM@ZZdF>*@{WBp0+DTA0&m@WmazqO
zcIW+IB@Fc+NFNM)^R?l1Jw~ZS3a`wn+!`3zygv;eqvUM<DClFD{$vs*FZF^G9q>|S
zI3zHhy<A{EqY_*2h#$jzC02OoSSh<i-wHjpk?((?m;ae~eRuZ$X^s}yh}R}CPfgoK
zm%=wW6}><Pv>vmORw&h+H)GAp>Dk^vRX`O+w4yB=DS<no*6xg$`u(#3q%h>i!^^T>
zTH_Mf&*Fq?u}t(s8I4kG{yMu>S`dwjtZLrdzZ?&NzKi#L4^_7uaDVBJk2WvsXfD=n
zNN^r`^-DCT8&7t!*wqF0giQiza+%p3jt)AjRmK<2o7{@ax%tK3Jl_u)yb&(0kuQLM
z=+iO1xg+xWDjuia(_gb6Hq+j?20raFso;X3MV!81crT@C9}Tw88vkk!nW^6fi|!F%
z!SO6jY|Yt$vBXf!3A$Vez~)Y3sJdwt6vvP&)h$pTv~UgIn!+2D;D#0YV{O(6u#CS-
zR4f-isXjIRB~6iU$Xs(}rG_dio<>jPM<$y#Uv}=IenTy&|1gRu$nTslc|izY)&geB
zYuzSZ$sW{j({rta2hhi?M#7>aeNIFNfYKN=o+sjnCC`mVLw?wBBwTc|x^e7cBI4Z`
zEB8QK$eOA=UFi_7NY-Qrpq*&2WoDfZOP%&FxRZWBVIX#3iM)-gi)UHd$*?IqIboTS
zDwCukwZfL6#>B%YMSF3H6gX%;8h<3~6)d3rn5W$MU;tIWP`O-W3qDd=c1;&7Ydv3u
zGHAUdjh19x7I~UwgeH*aEYh<XkAX@Rj2aHxt<AOC3BYqZ3y#+4`yn!5rt`o*BK;@!
zKVrOpV2;Sn&=Qu1=f6<h|F-4W{~N|*<>dH3gKz&g#$#ss|Fz||D5D?p{Dc2la?TQN
zr1*#f0O84A24^=?VjU6_|01G5|HglFIz(IefzYrYBOE6meka>aK%ItV_MMLBhUbpl
zXP=zdM4g#9y=_DbIAuYS*$*NRK}r9D=KOSQ0R;t(e<wURaREBUHQ*B=(f-GP0)ai5
z(48L$x*`Mg4>aY#JVp+if4<z_87Ke-OrRivh*45d&_6COZ?MN-B8f}@W*?#j%p4BD
z5(k|I1yf2gKZOP1W-nsY{JKKpk2?+qkdz4Dde=dWa|_AeRe%P~LlETd*Jk7vBBlcf
zlc6IDzkd}%v^0|bxcUhL?)eYn325_z$5BFQ=6C_@IMz}00r&p-o%*i+dch!E$m*+v
zrl9{Y9;tZiNNy|fJi!%$U>_jOAMRfrrn^2h4~i=TI-r5GS3w6Z?*dZz1H|eRWE1Rz
z7Z)G_c(``;tMFqDB=yA-&QmC=zy;rf6XyV2?$I&$S4XA*)}efm0D`NZphDU_acQ36
zSl~d=x*>qCJR->7(F-sl>_ERW4*^Ac_Qo)OsLdlR(cK!hG-WlhRVor49Rujbe_-e}
zX_pck-RZKsm!JJ2O2Cu!<D2es51RX3kL;3X%O45Z-c3HOeO?dxr^sDy8W=nR08T1A
zGBO-Y9|%Z8T10uN=!&nwy>vr;poua-KD`cg23s|f=mp(-Vwfb1=z$u9gA^#_F$nnj
z=DwZ5fPn_D4HBLMXr+PS3Et%b(-<bdW_~!mQnn)X3LzKrA`9HCT<_SaVSB6*qtJDK
z2Yh$y<)t@A9D^Zr^GAJWD=P@R0X|*@^#MKL*x&#d0|LW+A^%>#=DDEW?-=5j+}|$2
zyr@LCX1^yHKdlUFdO&x-tPlx$`Mu7F7|TOITE9shr3Gt=(C-1Ce$t<AW8boSJ?$So
zB40aTW$x{*A97CL)8B*^;WV2=&-4J&-|{TOfOUx|1mtf7)__mODz-^P;Mv=brV9(W
z5x7S%nAqe85emrvV(XlObKwDXU3b;CZQHBuSKGF2+qP}nwr$(1wzdC#F3#1S$whLT
z%w#5cUI-=#IJAdBZ$p}vL5d0E{feK;eGM>Fb@U@K@)bjVt+jzGkx{<saYgs#&!+$9
zmlI9vQ(}zv`RS-*28nF`JYgZKrvwTV67-e;V{$|W2?G8hj3&C)=kH5_1%f7wH<yM2
z8e&4!j{_upb*dT=0U;{=XOj!qDDo>2|5?Dlh!8Tce$fI?@A+-{xwgQZhJ+x?$OQ<M
z5NBJGX!fd2v3NYz!6DJowv3Wzxs3TQXe-Hm;kEp6QXbnz!{1cd#U5Y&{NlBAX7-P8
z`~9qsJNfLMe}`=mVoh~?jT|KMTL^osyT#M5b`=*5Lu!~_N1F^n^-0Y_pu3~JDb0}n
ziAKFd+;wl!b=<gUFraS$wFgi3Dbk<Q7owQNXujDW&T4R?E%=<FrAjQ9N7u*|y+9D9
zcQ`zdFoULpf<5b{L6_M0c5?FZ;M>U<9Ft??sRGaxm1CKIv97~FD0*R;D?PAc^VPSb
z_V1zQl~L@OQo6((W{$bk<Nz_TIFY(A{pkdm%*cT_K44m}pxnvACV8HrD+&_Q_F23V
z`1Xd%wV#CDF&D%txfHS|^fA1XwEdTA=iw)L>3OM8ZTY=9sNA_`KMp?}O(HN`|9ZFD
zuM62`c+hRp{aLUHhqn{eJ`(e~F=0Eyd}lzz{;j58qVR|{q*0^U2;{TCr7ko<F;;h(
z8VMU$UT#aZ>&nHflQ*frx4F>|pQC&SEYDAFyvsB(Qr8(((rwUCY~xf=>VwNNPxX<F
zAlYNgbEI0YZ@ZQMmC#7XN${)RkNqxU+~RB1{tKlMXxVa5xQ{VKW3``FM-Zoyj+tk9
z0!|bVte_|)J>S;IWC(KU1>IT$0maGo^Jv8&l-yt?0cX((c0u;<KCt5B%s(P{*Df~0
zP+6=5>z36T4Tx^ENrayxjpx1R(Mb>2q(`hwHePp=5s_U<`m9aoq{&$%+9qq{S6J*C
z3C#yv=l4Icg?6lBLK|zYAwA~h*)a>J?6>hpPgU2}O0LFO$C~5GHqS_}@-mg(1^Vb*
z0IqFU!aM$so;(SYb!g<7cr8cs5ufl1^eJdHp9Gjg6gC}=^k_*LhsQGivX6jESTT#q
zM9Yz@xC~Mg8Ce=v&p?Hb<^(-{mdwV2d)gKP8BI96VRUa?5h1&)hP>VevDQx9sGrB1
zW&g62X(N{(;!GAendOyX3GaoDE^)bCkLQKET>&$**Dyy(*kkGS(j)n8$t{6R0g=!E
z>BBz~`}@txu1h=}2{?+tj^(d^^#3Z}#}4*GGf?1>TG09G42ge)jbLm;Wx~~OdDrn%
z3)m7kwU%g&kB;hrV;X%+pQ-eBL)E2$J3r}Bm7C{X)}DFKR{`p;6o+cG<fI}l;(x<y
zN_Dp$H9mb+J$4wV5Kes3?}EQZA+^VM{g8Yf$Ob9?Q@6?34a`pKLo81j4sl;lD(=6r
z&%UFf&cS?y8vWP1>vD4(pbQ_JDExM~W8v|aI7Pg4?(lq&r|}ZF8iVu%DS57A3b_ei
z_(u2@7Qzgv&^9*DX&US5`z!Y3ko7Y|+@chVp3`u87Kb&ypY!$TM=-K=3{t@z>QWdm
z_6edV_#$RwW=AsqsKjQDN;%eZ8`<rFN9`toRPGEreF{w;^^YZuX?9wiK?~orfq1nX
zmlp03q23+lzi4!zk5pl2vFEh2DP67J@CagYn%PPv&?x7baO(#JP~`6_iZYg+eNF#G
zLg3V^q{3TzG%kqZ%=yNPA!{9^8=;5Y8b~{x`=l)X`&~p5$2Bn59`R&izG0gDW7&hU
z2xN@ZVf2(#2vKJfxAX?IY`xy3>XNalEd`<M%6zih{Z}y;Db^FG77S+UXi48YauOzL
z+ej9PO{1#;KVR8$So9@LXU*9LJTF7MdXTgxf}KO}X<aC6z3*Oq*H`(9;8?m4L0iLj
zQP8&*MS;dMBh-U9D+F5%gYWiz6`?#)B`>Do=|ao(KU?uQGl<k6V3};C<!E`aPBVJu
z80l?)lKHiex=8aZWR;2cS28hRnCb5+X{}Simw79G;?w2PFq!xA#D1@v7H8HGyh8Ta
z?-tCY*QyG77+g&wh}$|hA>1}7WXJ$1w~}@ZrFL%Z$PV{c6c){juvnf;5%n+#YqvKl
zv~WEpz8&iF9MK${iWpca7Te7=2@R*d47}%pB_3wO*&?;0Wo{ptu)|Q`-I^JPDpLtA
zM<cMW;3!orALf4AGt=CN5Kk&q%e<_bnoj)UWxmNo$teP<Tf8ajC_d^Q6tOn(Y`;UP
zaW=0*_D%Dj!wdqbgz-P%C`ZnGRq-r!1f_S!nc`-#U;LGpoJ75_2Rb8TQUZ5R$*;V&
zr%p%{yBc!~_^fC(%J{}*(h5AlC^imMf8Tpy7`^=A+xJSDSBEjh<Igh$ShVHkFjL})
zMyyne`1T`SUVAt?HM5*9r($X#BC6G9DyBP*=5pg~_@SmYd55v(pqVm@ifW%Ihm-69
zoh)Z%Si(27zy9<6RHdF=iFJ$T4qOuYH`i|N8sr-xwWk1GLoCy}o!a~tre%J5CA@kg
zYJMoMISiH+$D?~39?<}RpmJ^NJzWTvm``6^4X2`E*`=3y=@4vJd!3Dnk(aPO@i<K0
zlCT_nl}C4QS4#Z^B$7UJU0R5JBV@REK{n=;?B)eK)`IZTo#01_aSGq;J{C{w%yuU<
z+DpPG3}ke0K)~GLcFMUeJX49<+h!_2P#S&X0K*r*CUegd)nA3z^GR)H+K0&5W4m5=
zri?@-C{06{7OT|!=dV$$%z-G~ULsalquf#H$XWaCsD;QWxtM(ACHg%JB#mB>bnFMk
zIA%l0bukZ>t_Tg<(D_0tyTVGzn&5#=|5=CwRgj6qCkOPDV_*p3c1SSfs1OSsH$Y#b
z1f}NI^$9eWi`y{4Jy9^bCk_NqYa9;ipNB4e=D}Idu_9nX|CmI4KBJTq^uU!ep+xEj
zJE0`MGe)I_cVK+BNrziA87_^{iouZW+_ByW^IKsPKh@_Vch@n=1rip*j&NDK!J%@y
zfH(Io3xcydY_+Ab%B}RJwwuEIV0zP-mZ}Inva}O~`aE&mP2!1<lW4Xze9MBZrT4*2
zVaLnlqaM4Kgk?6lsHin~ly`1>Y2g+--9zq-SOSMtq;(N{%!HGQ_C4NfB-v|;roVmr
z5reqbI*4IRMe4-j(R64MrsX~<Hk$S-M{ZX`Ls(>-thK%!z0t47iDo73xXCTB%UQ_i
z85>^lJ9#NfPP$k<l7g+C2*-{OrtP@z@A;oBU-`a4!$PjwZJL7lre-zmliVw}rPx;B
zO_jT#yimCl-KPlaA`lO;=txXEpRHpG`*wIzZ;k7GhrFxc^X_HmCVk8Hj5(w@Vwt8&
zrq}mMZZxWX!k8z6BVl$gJ4XLOIQ8oj5}`ctA5@^g{O&`sGU`mDOr4FUA&)(lbssp_
z&}f{i*Oa`-Zfm;4<e;t<np>s{=ogfo<F4zid%Oo-vnID<^J{6%)VB<QinL1iMN_@?
ziYg;`Z?pH(`E2rs6yDl9VbW$weOc;3n><9D#&MLcPK{Q=l8X8dV44kPfO4ZF_LIHB
z&=uQ|OF(llC6ht8ca#9md+M1$%%PeBf3G?_W)3uLbR16Fmf14hg!ov>{v;g#KES8r
z&m~Ig-7-MXj_XhQckZYj&^KvL)?43BB~cklN(%>Yc^x!XAPlj{9+MtMJWpG2aW!=V
zUX-tICW&yEBE&?2fU~t6RPLrZ((o?o#Mo)cewX1wT<Y519=b8|AYA&4xTUG*f_{mt
zStly{r{j?l?}j%%!~Kyh4sTG%x*>~fwkO_Q*opbVjziYYD)XoFcBFYScu-aW_P;6k
zy}NzNh6b^fsrcH&m!?S>ZXf+NhG{x);!rzW{U0){Y)bRpc1%~|)_(`m@}g1K2$kS+
zqtnHS8^!Gg&&wDecqn}ZZrl8ZzN;m|sv7a4J*<+u=ez~!Y-5@Q4l~+KB9g5YC;i>!
zEX7_GJvLOzYl(AzyRZ7W`zdm;*U8!rQRPKRTe8b8$40kx?Y`F=y39KG_`6t5#NV7)
z!pu|MvnAt$vf*mp+F*W@l;p<d__K|OsiuI5Y=Wzyoh}zBz@#4TUS;h@xt>SpIvEaY
zaYBd3u@7-wqrb-bp=<@?vKJ~@n|4u{mdAuT8A2lBup~LI?MgD4yM1eXI_vL(2t_p7
zz`BTona?%wES|grcWHe$r|R9=thFk-^i$=+%2e#eDqhLQ`|%z&)!eu-_z#tRSclo2
zuhb{0Yh`MH+($UN9%+a~(`TYeRxeDkg;aavy61m_$FLV4hL=wh3srrZTb0-7%22m;
z!8}CqOX`O<9yJa(;tZ>7oL)RO=U5bh>ZbN7z?0oq3Nr7BVLfYuTa7pg&N<DdI=`XZ
z)x-HNSkiW~mhshc4@WU1LU{OIuzQ{d{C=(72K-!;1U56|WYP|S`aBO7jmxjNZ`9r7
z6;;A-`Z)w&QoO)9ezv~~z>59=|6szjInneEu0?TPiWU#7xAnXW!syGxH5t~=<7!<0
zm+_8Y#?s&_{8s3v7^L-PR;@LSgq9b`(f?|&8v`}%ct%TS*0IzHY-d@bDy+q_=~aa8
zqhjjTCK$#rj^N_2Bs~^uQYve}Lm#_q5iPn2Hx+}o+D!Yt@x9uk7pG&uX(_kaWY69}
zl#qAZ#oNv|X#3MK*TEu`nkO3?aToCcX&LihNri`Q&u7e4u1!N2oEPtRQ%;huyJ~&&
z;aXZ6uCIVKanoj^o<znMt%%C8j>wvXUm2b}Imu1xa^ijQmKw3H+JBdowM-q<cSp(i
zYEs(;$I@2oyQ8A@F(;=%snWdFi2uT&ffAq9;9OINZ7!hKbizMMYz}F<0L#2klRS=e
z4@q0zBc4LS-#}2IT7v-T>tMB+K(b_MPeNs56F~P9qE6`+A*|o{vi<~?!{ld!cKhnY
z<Cb}V9d+F<dx`XrUV$08f=;{N%)sZP2K|1eQ?!ij-qO6m0ygg%dVU}e+N3!Ah}YX2
z3+j^hFKUj)qN1S&YP%B>2De?}L7^0zSQN*!gTdAbiZQGy{oT(=OoXea3R@++Bk0i5
zNV``7|6LWPqeypPxv)6L4a9i<rS;fPIFQc|TJ2tH)w|CeF5s_RuP|-(_JU^T0aSz{
zE1_xO^_3cPA_yw2nf4~+AKWK^7T^k%_$xzQ+tBJuE}$vPq?%XV*_XW|q0P5D&F7_7
z_MyzK5}nK&r}QV&LH1;GOy-yMTNhMY>uh6T6zxd@e&!x1DM(@my2Z4T^%8Alp{s0d
z3!#(RMS(WU>dWD44<WZu0y>{BJ5ET(9`1Pf>8WB+YZXA>q=&OVhGLZ$6`InWWtww0
z6xofY%V7{RM)&Ib-U1&4k-f=tv2Uibh<Vp?@Nqs^$>+<zaF06Dq(<76EO<#(<_2Q{
zf{wG~(%)8r5IFt;Bm~=BQ5Ux&RAlZ^HW#IuxEk(nEZA?gg`WYhk5z;s&K@56cfugq
zi|}Q&Ki}nCc)cJE5{m{8@<UwIgZB6Qd^-b`*3eZbf9!$6Pe3*1Vjd~OiHC=Qem%<Y
z(Fz!8X6u~YGA9wa$M#WE<}7b@w|y`Ft-pgT<XiM5>d|7;!yKPE&X{^kLqSNntLVYV
z=lD}tew;=CA|N(4>Mg7+5+g(nZ*%tL0~r=orZqrQyOGS`EdUC#fd621ozA78btS$S
zA<sdq3EVBlWrg$zrv@dPHF9?>p(TPV&a=!IfE9K<PdOo-o7R+Il;={8(EaBhe(b+O
z^DjoUf_XH1U)1jxF%H*rqe#|=*`&rw>Gjspv>0;!k1srkhGE7u<45A_hPo0K7sChQ
z+nB|thwaKo=;p9I0Y>w>*?+{a4SO*}*(X-AauzZ`H6?A&5A0qDeXuxpJxs@ZCVr50
z-L9OGW)ZaWe-fT6{e`ETOVk)JyH;r7+WuzKY0s}*koe)^riJ07+fXL^)6Us2J9%VY
zS|HgABhF1UK1Vs5T*Q50T107jS6}UX9`BCv>Kx`2gpGH%G9(iXv)F9&dRg+qGiTj?
zWAw)L(pxtsD#0^D+m`S1_i$&j#}ssG5xma-E41;b5O~zMzm`4ZfB%F<yhjv<ABrLS
zNr5Dz%gH9?X|R7;d5JRYu{YY2cEZM<r1OrGxKNgp3@UkP@1F{Kw6L{AcYe?cy=Lx+
z#%!NC#rPwvqw-f9Kz2?s2Jtbj@taYqR))>dyZYc)yXBL9s$^9C)D#Fq@ma71OvSRN
z*1v|M!!{Ky+xf-4AL-<6eT0p+vYPVcc5c(9c5?2}J&@TX&>2}o=ar)dUim6Jk*2OK
zDSZiBKm%M}C5EnwDy;D-@YGRAbGTtfDEBF?S3vV9yN9Qd@5q_~CzNFkz%K2A8x{YK
zT3X-WcZ61&S%8`kgQSm_zNdM56oGY}HPfr({aFCb>wq<ZyMg^c-6gG|d*L?buADn@
z7~35VFRUM<P7OQO*B9LHqCXJC*8>|MDZ)4;o>^{3s}daC5iLZWo1C)i^q#`$BMP=Q
zH)J@jB0g_$klQc3vR*E+AIH1!73eI%(2?^VnFat<$1C-<6JB)<7pPKhMnyFLXh+|_
z<EN|e29sly)NiKP^3z;v>Fsr+<;ap{`JQls{n=gP-QDkbh5M(jR(96Bd(rn1&y?LP
zBXK{x6}p-5a|~C%DT7%Gp*)x5cOL-hyMEw(HkJihtlEx1(-GeW-vOBuvNwVJmt0#D
z`L0RbtuJnJIMm{>heQMD24>GL{ufg|tZ0(Mt{AZ|#jf6$6HS)Bn#Y5*ukdcP#Aw-X
zXXu3e`3~uyG;BTd)waN>c@l^g-bq>Kf8y!I3i*XOxc6cI9H|F)fg{EQjNMJLrj>A%
z9}yAnw6@l8(*z~auEYs6iprfr@A7eIv1$c6THJQFU9r1Fte1A=^xZ!)5=y#)2kMde
zDJEs+D<PR9XBW}q*8+0BF{{LUO43~{7wN)>HFqihOkbtCte3~n{BNIs-qn3Xt@eq1
zj<e-2buVRmvvuD?X=qQ400Y%Pzy0DPnJH2>a$8|XlJ|vH3AnVHnKb7HaM^giD-R2`
zpS}PaF}fj8w6L;OB60J9?-NF2%#wEpAD?fGVH>^W)lZo)gY_px2eFWA&N0YbN9uyW
zNX2ir!>0FYi0FGONWIVGD^!^=M~MrS&bF1W(A=fuD+XjZv^qpl$h^(5W%~<@e@d#;
zp)6&5hPP~aBe8rGW~jzjFQ3GAL+-HSgfBmlE{~uj5l|&xImBHNG1yZoRvXCW#%5BH
z2NPflA;9pjt1C#myQ+iyXky6RcjB2T0JvWeL?w3V{Vj8HD~5Q7b*Ti;r|o<<uExMq
zx~wIq!+wlrZ`29Ty4dVw@JQjwi%E*!tX>0mMW%hi+6qadCI<B}eC`O|dm0v~-w7JS
zlcj;it!G2fPanMd+2;Do1)ha6Goa;CC50vV)zGpv7!3?Mlv_npKD^g2wv~5)Tmi~q
z)!65nt)kO}?|-ekF0mzK%v~4P*e=Diq)vKpzNal`HCcyCk8F$!1}A-o(#6W>nXEuL
zZz}PKh%r>p5{L5)Jj<g5pK4inkkDZ|N)x(QQTWp~@d+>HruY{;xt;MTemA|cG)6OR
zly*0fhT%K3sP(O(5R1$(?#X?$CK}DT(@H5lsXSF3n*@vtnA%)yAvy7}rqKsvZ;$x5
zgr45!V_z?M9xZ0`Yp`_!Xy=bPJ`t;s^!R$8yxVq8=pM}hEIM}sQ#wngTz%i#nSKq9
ztM4&>>z?8b%71=kF>E)SJ~OV)6Y(2L#&20gCC!@iR?){5mJj7hcRvd1PnLuy@_2`C
zvmL4EOHN?b??Owj@&>qTu&a$v;Z%bt-qg@+ADV9)Q-sXWn;Q(D5nd0ek!#a?k|I55
zR!u9pfry8#g}__{&1${5N9&Xd&#J+m%7;XTNU{Cs!_7y_#09AO6B|p!mdU$Y%3JOl
zti56J92prK&+au(lABYp&8d=03bMUb{1(O$E=@gaN^Hp9UtAtv`v=^6iSR0Hwx$Cw
zk~p7{!OnlAtN0B@Htz)`0!#!YTNlh!Z7%+{NS#{3Y1RKEW~bHCfvHUT!{MmWr0Ubo
zC1;~{VmTK4yy!2fOwpwcMDLQ7uMPdeXPwYDaA(SM?fU^)f7plrpD>Q?|A28E%>SRh
zF%vQ~vi#rCmCTG>Oq~CZ#z8ZPT39=qI1)05S{pc<08EVRj7^~V`JtVh9Zd{upxrmE
zJ&mGkXIgEx{&)0j-uV9SWYp5B<-g_i%FSm^&+RS;MTf_abaV!`)3WqQMe%q9+10i7
zGA|y`^wTt~G%uhMnfgIGTUr_*4O`84d|W6CM1mpZ#lu8`0fdkM(Vr}iw*Pl{T4;E1
zco<e#melfg|J>NZ_CN?=BJ^EHn9v!MP*GA-f|AhL6VsDb5&@2smz9+jpVdSYlvD*Y
zBp^}=1e6d3?ms@g2=SM+vb>nAhEM`PR&f_4j;s%9&)i6)=*ZUEz)F<Z#0tF51zH|4
zeU%e#{d0|&vA&g|`GY`V7V3vo?*z)(@g+PxJ+YfAuB$DhE~FqBBd(pSAd@^kKAS8q
zdy(hJgJG8IHxGnDvGsc%8#{i|mm0I+M|bqA`8&hy@wH{>Z}1;|Z((&HVunc9+8ki~
ziL+gFHGKi#{&%9C++P&W2t;RoZ%7K?MMP`~RQ*>3%~dfmfeCc};gZX{s{<?G`v6iq
zJ81hx62*o#w#H9{$??_2(Z}DY&;LL%Mv<R0Vk^t97+0xZ7;O$2Egw*+WGelyxQ(gt
zV;tZ&(hBIOhv5N8NlI<YZw>Tk;V2J}t);E${;N;wXKAz#-550~9!(*!`1=;<>p!!Q
znW3Gfg_&&e#Y0@GsBGyk+!sxavGM!u`8z_!uQUqM<L~21jCM9HU$}ER=8qX~`p?;C
zT*>RNJTdVL{_Yd4bT#0qnpPSxjZ3Qy*tVwa{f(-Ps7gZVpFPnF{9T&z`|^WB2HFQ^
z4A9VP;5dM5khFuUx<g^etpY2{$zu8v=^BLX=H79t3bN)hHn6mJj(N-vRoaIS6TmT_
z?sIFQ`JR_HL`CrD$;gf*ik;UQ@Sr2BVSTOI@l~VuwhEu`16CSqWm5p^is^Qn*j7hS
zEX**Rn(Zo2aiBdCOEr#VqP_hGDYhx0uI1gBRJ>XQm{|M?1;w3TC7jU+M&H4N>Ak57
z3dR7t9oR`U!cj+60prFEvEpk~YH_%wZ~5;vlt31?7-5s~4~9_wm)PHU+S9-Dh9AnC
zQjyrg4URB}tHH^7vKypk&(et_P93kW0+VJ1O|jN077DK1_eP+F8l?_h<oUU71G^pD
z+1J6=PX@HL_9(CXo_IWeVv-GU?y}?o!VRhd0u3}&8P6Uoni<lo1r}Z2mswo<Q!(pV
zt^98%tqekK^Es8wk;*&<{6NIHQ)-6vV>b|*D!f~{M#(zeUTJykE{;@cbPrT{vb`4<
z`k1p}6u&oV(e1O_L+i%S^#!20H6!fh)zPj&Be7#F1mQLF8zwoJt*>dJ(jhYMwq;)8
znF}!Ov{<Swl-7+dSZjh9X=>%NX9a9$R8syW=E@^4(-<m93wZzL_ZemV(hw{GH^$qt
zd~*<Jb)TRusGS{gZT?L77|pgVGhr|{Bj)r9{-`J8No*-)X^3!?7%)0EOHn276Wber
zZ<iC+UV#(nhl2AZL!Un3Db`nm(q1ihi6bJRccs9RRJ#^V^1FeNI}aXn6mUGkdu;=6
zKa5d)YntpXB1gk!)_4Z;{CDiqyXuK4$UR9hCwQ?^5)9j;E`IQ&-pcG<3?$$Rws|Hc
zvbkHFed=qtX(oSqR1IR`b@t?5S`FE9Q5UpOE@A=B?0;2?x?ALMb4=Nf^*$8Q0@m2t
zz-^{Q^(_0h-J->@DoL-Q9of~dz}!xJJLzj-Sq&x_RRhK=Xw&L8<Alme)o5g7p-$_&
zUPru4%6gM&Ga#cBi)ZVwspvE?2`8S*Wn>w4z!9BZk@fW?IP)^Nr3E~FU-${CSwy{A
z@A$_($jtR1InQf#0uShDQ+fy~8S1O}dfq!coxAFz=DzEcCtTM&t~t8XwA>|YC0dyl
z=`3nGB<3eLKzdE!3(%VAuWL-(fjNl`JM26%4tGNa2v<tuSVZ!;ZOBw(voRGOPG`3S
zV-IGNs0vI-vyk;gC$b0xNfvcjY+1)HREH+=+=Yxplzi_!9G3&1J;bh_yrGNAF=u?m
z-w>Fi9rrhhdrgjnhHKf->}hwbUU%=nak@*cfM=2~4`gSs_SG#o>lJRy$&^*LxSxwu
zHssySIO3Z}m8(??wlpM=j>T&0)9Km0vX0cCY`@-N<FNE2A-k5IWo}Nj+rETPt{4>+
zU94~Cc6&`vv+?Qcv=?Ah#I)6JDV}n6QC2xjV-37^E2DePEd>oo6fU>F>luiQQ?qD@
zv(y>rDr<hr({B8`1j>Bs@X2U(?VDS#^^@gj4IK;g20XZZ3x?K{`gUcq&>nQQU$EFV
zY1hGZBdgH3Ot=Oa?}|qM6Ra7sOJ6c|ot0HZ8SLT;w7Xr4QX#1;cSM=`@SobI2>FBO
z#SYCfh;)2Cx2pSl-yUKOIOL3s^^&BRzdfY@yco|e#>1doR#KxX*56_zO6g1bl=@hz
zfQRW@qp)hDG1lQ<(JMWmAH{8D77v_Lj4mRV*@KHBt2KTGDm*Fo5JG>Wbr+5rG6&rR
z>(ru8fvYcRl`o>+gljnYdVy*rf<YW|SNy@n9<TEaKVJP)pAVN(-WP3cc3`3XQ4<45
znN-EP)th@!Bvvu&QQy>(>8RO^E_h_&!e`l++@}u^1c4b}rzJTyS#Oc8D9qQ(<l25*
z1?7s0z%_ZYMmM(O@4<|lde`5Q<vd>`1L%GqsJK3|Z+RK8>}ArJ8QGT|oQ<7sZ16cM
zyn=N5tB%H^5R}fg9a!C}M=9#WgnLgjXDtpR05LKnWqS6^I6?k0$8DQ{!Z}@Awx_a_
zX&p?)(|YY(vXK33H5J;{SPlr5{Kw=jHo+_=;ch~j8zd!n|7S8NX>S7wV(3_o!Ah^~
zb}(6KL8Fq=undW;RON!jOfDinWz<&Xx_+_+-}kw_kz~ph671^yk~Ff^y|{-^UBwy+
z=i8F0{fLZvW$EI|<h&05+RSyxvIrs!W|S?6hCA}q`+E4JDO-MS)h+uTgq|^?4j6sr
zuge<$P-O5R60iUz&22Y$0LR0#j^^JQKwS*k&f9g~Gm|@*A_rTEAV8J)+0qdvJWtUC
zmuk`sw!NqacY4td&`&)jt5&q-%a9DRz&X)Vn;O?Uv>CnxQ^!r<dS#FU8cP(>gx%P9
zYRt4#nyFd{tqu75yl;8g|AQH2+GvQGMp`~w2I?@*N5_G>FJUArC}GSk(dv13Itk5e
zY+`qzVoe`huyS*;L9~PE=28AzetIyQ#k|%Q7zxAnfuflPpU<VqA0Nori6RV3U5;9E
z@uQD9A`v*1gC34Fg>q}Jv>egms$rgLrcyDI19o4}Z~Ts#M5udb_dKB^z?>gL@NQT(
zk)9}Nb$SU~f*BLs>oj`KSqT1X&+}~iPKSeammc~hE})q-d^i_TE4Ti4X_16MRnT|)
z_8?O9u^5M(ci7sc@Z#2%Z(g?m{t26E{~-&rtF}m{L}_CC^xpCaYcv@$%J0>T&~qMD
zG~}!Nwk%0EVQf%!^_e=?rduu4ku?7eHe=P>-N~3O0J2D~>#SzM_JJ355bOQt%o9li
zQ)i|1FQLAF1)@Zt>A&clq&+F5p=w0g=#e)Fq?nCB6=w0{nmG>-T&-w5`VHwC`tzU-
z`_8dLO|_rS5a;##q^r&j@5JH{@MO^2>BSBi6V^Xc7Zs0AB2?A7+#nPmf5bsm^8%DI
zet7s_WL$K9%>OE7seiiJYnQH(1}9ve*s8$_2VunYye6*Z_20l)mrAg5|H-?~a=?<&
z>N@}yHHyvZQ?XV1TDUbwKwI&+#jKU?FQ|{=Tp+$ffT|FlzXp!V%qpQw#;7k8Y6-!c
zWJNJfp9@W~@~a~A8eS)-p3m9g3ZwbkbKFq&Pn$k}xcXj?2E8sqa1FZTF#v?vG~@E?
zwvP8)JZY0;LP(n+=(jt|&pPx5Bv!3>gA2iRw973gmd==ux$0`T8h|;_OrS#GUvn%F
zOXE}IuD`HVrGtS|M%xa8a-fJe5J8{wZt5PLo{b^2U`E?u%FTG<qTtaU@HcI#zUv8?
zd%-&ZFtXdYTLHr8i`6P$RY?V!h~d?ZrErgvDOIX>1c_i0CV?i*Mt|;?MW7oS3Tmk;
zBqkdo0e~yEk$?Cgss1Q=k~X`e{0ku+HFw-~q#OF2;69>)29~qV%A_3b&N*%n`D7HZ
zE+j3$?S9AZv@opO$zLw)=`DtV3GlAO3$#XSq2-f5TFtUWHk5WrBG)))V1VSgDMM%C
zXK1(E!ChihG)qhX%)7iCz;{8J#TO=NwrE4ei^>$h@OR6V#?FXSyx6j+XB=m)I|uFA
zr98B*wAu$rk`BDZq5{QH|GVE426iv-dFOegyaw@$bK?T)3pX9RyyhbN_XauAs!`V8
z<$t1>b3L;A+n$JDvOm;4T<@)o|DV4)>MU!wDH6;0>(Jh!?o2l_fykkIq6I+6WUtNN
zdpdjIYBYOcEtTC?dS%emwD>ho+++m=eUhWCDf^Hy^@yUceUP7#&^kYY%*}8`mm`l&
z^90PcYtlw7u9k?mW~NIK&Ceo1FkOGm+a)h2q?2ISQclSBfQ-phi|YNMMb}-46f-Uw
zYh_*|`OkUW+>oa6enhjzo4ZF-%?g$vYmKwRg=cUqw|<%u9tDx$uHxn<8SotXN}eqo
z9l^CkG=NMJIP+#vf3Svm{1+_aYHXlgVo_KoUC00Akt25cf)8`Shwxqc?{By(O$*`q
z=CZDR_-i|(PCk{mv9Y5oi*NRtEvLlGC1r>&&I&iP#Sg5w1%CEEZ!*q$?hLswPsMnV
zRW}+DYicW@=a+=1JIoVp3o>rhb}|Vp+WK~mLt$0$s_xsN)j5h&e$=ap=SLg##Uyay
zNFM8$=2Hu3bXoRvbLJ%pu*9uD@~2263xRUayPkJ~z#ow&WoV;w@c2%;CqXjD5gh8N
zNC&PMmMJl)GOIAFLz>4mHyxk294j^!eDJ<a?Ef}UbXA?NK|QGXW)SfcXp5NPI|(Is
z+CwI$-NsvYc;hC<y12udbfO~;?_rhbj4xo0(4MPRA$KKF=Nl`=amejxux@R6L*?b$
zdGR$y7l>7?ZTlTaq2{#<{<m3ZwCK-k2?V?y>D#TdBUr85CvO>WZKEw%P{`xRsi0b{
z{DTWD;*iZYH*xwGlpF7|i%onc7>gSx1k_MvpV-2KoZ>-Te6(+?XeGnHfD`mHxo?$_
zQ`#lFXLUO?5{mRIQ6Caoff!~U88tWmK?ll?Xqbo`LC%ZGAFQyIOeW^<RY|^(yPTme
zuHriqH2o~xiT7b4K=BR=nHrtDIXhCCXJk`A;HQuilL$O}U>LI`N_34DTd-QFUX?tO
zn=4e2v7V)2!kq3TPq=5-S$8dzR)E8nMwZThO@n|ZDB+~koH`pEiscMZh%1L5V2-DI
zQ5G=tb1ng=T}!W;uyu3jZ+pG3DaMwt3(SBlZFE<;j|>t_c{t|raVp6)LU1Y1!gK=O
zZvw{|)8)h|ArP$6Mzw&}F`T>Ul3aOd<^M7)rhKeVOT#XSi{lP?`p?He7<DYojjQ6n
z-Kl;^DkXX31rv_Dccp;^8N?oB6`t_zjl~kM-E-mgo+c47CjToRT{OF^9xi7X&L2fq
zQydymtrm?Efxr{%p-=MaPL6@h&T1Oc4|2ra7^$)o0YUL7$CJ7)qao4pff1p$j^Cyg
zvBS;tl5WCag9b-wAtz$ic2{BTi6E_kL}bn`^=HvJIhQmVlbOHT5z_*@BaeuIQU%J>
zYVGn5DJrHW7FjLd?82f-eSun3mm~`0qr;$pC~wiIklC6@zmws9c+9c<ij$o8YS74@
z<YS?kRTGr<6Ne!bM*4>~R?=D;Odvs^iYR(|nm=Z8mbSa0ho};`xOcZUV?^+foz68_
zzD_X!Z2mBHIs9np5!koMdCvsvM}r{GAXIeA1_t-iOsNEdpB)STdCnYPQ`u?6?gN{|
zZszS+D*~XpkHXyt(&zMqwdRsRJuFV?c|SQdwK~g@(Tt0I_=1U;dxTl8&`Z;sNz3>+
zmGXarix30GsAv1~NZ@8^hJt>(jWBM8Z3Fou?I(%3aY6sEv!&Spw&o*+R6wts*d!Xm
z)lKNmu))><=LV(sYb=km<%A0H6u=<9&N3&!)g^}5BN*$6NAOH|c|E!<=n*2_SU~2U
zyu)Ea#<U`{lIpk07Ev!1G_7%hf`RV6+!75Txo|DDwj@ydN6Qcni)nUyo#=`jf_t`L
zn9OC>D9G=?#foxkb9l!tlap0*$wk9-(tN$DEGHw6@+8<uQi+vn*V_tRkj&WwM_##!
z4L+b-XAfFL%Q&kcxlpG+LVFHlN}>2%Rh8wA$SfuOvZivHS#Gh9zkQ*#C{q0CP5I{=
zj={#MR4kMBW|c-aH0Qv3B$MEqZisLZ+JZg%RB2s9y{*YDTjq7`ClQUbxy7&DSJkz!
zIoth3%GXfPAH9}A^sC@WmJ5t7U2H(Xv@g=y9(`|CJVQ_-kHMvq*qAS4JI`a;L+qvr
zCW)3{s_08Mx2+u5H3qK}nLNfp(Tv<g;H}bSr?13neW!E66ZhG6fWxDyk(EwTKhe2Y
z_s)v3%^mGZrDrnXNZ4VdHu$sO$AkH#BF0`+uHax4OX>jz_tf^NLUM)_%c>(Tp<~`W
zqpE>&`Qpo;vMxXPW;Rqju>?z8J}&>NhZW#OBB0OeGW1HK^{EqI?=c#p(mpFRHyA4P
zh?{90KK?gV59MqeG1LW3v}`r?p9bBt9k^{DIMYyIHL+Dyp21v^bo`J|)(c|VS{uux
ztkj09re$AAs`1UAcZiZHV{zgjFvdq7go8(hV2A1JB%LIXXcXQiYVQ;JxwB|6Xd>hL
z%+~^M_>pGjC$~9Vl*Ta8s;;&3!h(P)>}jNo!*F#!%!M7wbF?7DQEqWUypZ)7Eoflt
zb0sU&%I7+lywRPJhm3QM7L=BO6`J&C7d!Xt7w!{W8L!KV0N!_v)1G3wrW3ZRGM@cI
z&N0|k_BK<TqMH}4*UyzSjZXwfyHpD!H12LFMUvs2Dbu!Mc0{t!Q1w}AvEaX1Njb(p
zaVCbSA-e;iWdwN1m~3gvwKac78N|Z97-ixb9(p<M&h6-`X&#|u$aR>uw{wbH)>ZV1
z5F;fiwjC@b?+@S&2Yuei0e`NT|6q1V_a^Hc7{^LBy$K42y*@GE5Q~cgwRr6EJt*2N
z7ocQQU_hiw7%8I+i%t3zoby1#v7*vLsRoQaPXPhhwm+2^_&VZTVYqMSky%_+M30jG
z6ZU~Be7~}YQ5Esv!a-#z5mONK^i^6&nJMd4FvI_Zxdu|{URi$-(wjT~ApUIB|2ihh
zgZP&9#d{OHHON)W-I(Xcv>iK;3}enqmMso`#G#?Q+Ae9#F=x=-9P8wMg;<%`@7or$
zL*OYDMIen!u)+29Ar+s74sM|9-K}qcGIfYT-C4f)r&XUh<a{o=;^=EeyBFq6y8F$}
zsx_JJcFa-RR{Z6+@PvS-Hb6&&w>JD@ye}9nI53AR*R|qrlq)JL8AA%h-YNWItrk$#
z`T;7P%_rI5gT~Dpdr{Z`ytRE~ucGBf3%`)D&;MKsd0d<ywH29{SE1NFlT@;Gn9)PV
z*9oQ{5Q@o2T(;`99Mq8sMau9ahQ{-$x%x8S6g1RgKo&)iq{>t=r(^g;v7^GcA~M;l
zVd7Gc4mef+x6Fc#05d2mx0-3&t*3N~FJa?v1IHgKZv!Sg!F^QCPT2zx5i)|)ZekJz
zetvOXqKM|ih1Pg2F+vRq6&k3_7RJe0fj9-}JE;v!Kz*em<3h|uytWwQ(R_k-KYl8S
zCJo54?w8IJ$AUnzzBARpX#yA(YG<6@As{V1Fg3Ddc>H@mvy;~7(rq!usC4%opg>A3
z<X(H#%6v_P<z3tYzDnVaN`ahN_uBL@PJ|6qRXE^Vc7nmxA^?4j=Y!;vH_xXLuhq_U
zt$B2~ALN{7rYwU*7FJ%yc8gX-t8Zcquae2^Yv9iu4!zoXns+FZ{%~X{iwJK{tC%2;
zlqp%Lm{!_<g9SENYV7No-I9#y|L^A@1?`^>#jt}4(>jeARnW%zzKmxgN^#+T;nVWH
zFm-19TfDnTsZC?FcEnFi?3jPn0?BjZP?z1TU`;qBY}5V_2(YP&bIpq{g9+T`2)>gz
zXBP$!FF<zQUj)eufe;(FuC*@*Nko{(ij~{@6U__;_LwBXR9WKWkN41r<`TV7o)}<X
z{h2CfR{!M<w<AD{t#0Y<RPa42B8dLbrQ!;`Oajzjt4wP(rW@x{<uS5EQoYgl_6*=Y
z8r`~Nn_P!EH=Pw#8Q}R>v#4<FpA<LUayA<qINGV)Ae|b8UBQI}G)Y?*=>K@y$BwS^
zV!nYYyByFLB2uSGK-TfV!jZ(mm;ksC&GQctBJ_c291rRKBLsyn3x2&m2V@FSu7Qpm
z2IPaFqp>M--Ac268G4Ip;ORF1;NW?Ig_>?cc)CaUIg+AMkZ=P{=u(A8`{_j<ke+J0
zt(#c*7&TWOOFYt6AI<Gza>YK9<<)z7(f&wW#374Q1f{{oR8@ahborW-(>?vT#Is-1
zu=+4EigPg4n?dyBp^7B=MI}t|pVKRyFz$WA_I&gtVne2E`S??h(>KdWUKRohDg9Zb
zU>AHx7{NAO<rfZck3s3J!LFSJ47dFj;HD9WhpPF}RQ$yg`jFP4Nr~Bn9EkZD*5=hs
zXxiko>H4R*-~IvxBm+;mSb2eD$|(d|+Vcn{-Hc_O!L9Ju?)-;iW8K|XQ^bvj@rZO7
z<fNUYTf7dY1~@|8467hj^G86xmF_^WU(J>f0)hA1uBs!mi8zsIGcQs`4X!wT48W^c
z>JI=KT|@aEZ-CbSIPy(Bi`6AsFfsBX>Q6$u1J(3vSih?CDcOD!{4Sg&(=Ea^luQ);
zgtt|@uQzm$MbbUB$NErAB7HS1!4Ss*7an(N3muok*#7GXCkoWgIBJnUHUGQdH+RR0
zk}KdpL6`@kv3B!inZol|t}z^NO<^cX9nrdC^n(WI4+39I-n@pdqAs6Sjp%=Zrdj8`
zf*mV=ymG$6$f29yHDN-w{^pLzMyD@lm&8|LB`7^(6_*|mN+|7gvDCJ)>1!8n<Kn3T
z^KPd-_V|JUarMP|T&;L4R4q`>KgX5KnwUfAc8!8G(x`?#lXll8d{B`^--ODeLL(0<
zZ_3ppOq2=E7?c1%C_zz+Tz*?qqF6oB!Vx0Rnv{}5?*_$G8d*G3bH%*E(vC`|F3A&S
zStCq-53;eyB>M&O{U(a`5Z}tWO0@Go1P%Zc)D7eo;g3R2=sAh=bYYaFzm&ZuqK4F}
z9CK$LvX5_yk6+y128+^M{Cu|RWnGylYU=EDCA3?V*YXnFxmrqJIaH#m0(@zraISU;
zAXX5O57pYh*0})2MDW<YrbfEspQ^Nv9iU^ydh4sK<!8v@j^t+NzaZ(uEAVdZKf8Y1
z2)-NLY`*?uFAg`$90Ll2mK^W-b8^~uVxK68$xgx@OJE9~;)-A_t;Uaq74zS(rr+RJ
zNESe~(pNE<93<5YtcuQA=ZVV1vf%B7ZOq3<Ve=nb!9gSBWb+lArETgT`fs;i85s_B
zP{~O%L<YE+u$@CVzIMF%j6eJW_T%+>^RXhlmQKiPUqLGVfd%wmb@PMxnPOlC8>y>1
zZ7IN1sE)+kc=j9gK@;Zh`+8j$Ed@@B-9<*n4tyFY5$2r7Rs(cD%SiRWQNoPh4wK!E
z{w5Y%OS$7;+b=p2x^?_ismJ8DSDtzn2roRyw!>V<maQ=7R8gfu-HT}p*O?$Kf1Dq@
z`|-|uA;9}_AJf(v!6E|?9ypYaVi3Ab&2^QSE#=x(?2`Id=}m+WZ$)<0o@-qBn8E+p
zLbN`C{!)(146S<4<$`t~-OOHQz-Mt5am-Cyo=25CF-q<qfWwaa&Ppy->Z%AQO9cL>
zq{)30ZI%)+H(peQ!3n3V+DfF0l0UCo3EzVG1yFw%v1v-0AGeea>$pXOHRX|*%Fx-^
zJ-E+PT*;axBPI~>^jQ?M*#-|U-qn2Nr{bG$U<Wibii8&4&DlOmd(7Zk{_AU(o~Yx_
z5N(}e64J79M%*?i-i>kd^(xsf7eY%`y}i&Ski6m<Ud7MRaW1Bvk|4IAk7GZlx9+uu
zZ@jr(bmk$ycQxjz6jC)Et=;f<RNmqILb72nFRiDh<0}419Vo{}E@?7&ZQ9IT6KKm2
zIoSHUMM8xcsbnEX$5Br3q2(>RpgE9_k{*RWLRe_TB!ewg1hwO7rqYOzT=_&jv(g0w
zPqxM4p!b!LzFYkl_k}#pm|mqj3iouZo#5!nBvYt|oSwJubXZQyG(i(Fr_%9i9*h)j
zQNcP%Oe$4ZY`~;kiS`8aP~2SpK7AII3T&Oe`(wjK;g;vqoQAz1JzV5HaWfpNS+Co`
zxo0yTd1v>0WA9#M%vuoJr3rtAEx&?j?*~sAx}AnCB$MUC`ub0GLSHY@Xki=4Jm^}p
z1=Ty*ONx)zArAJg^gWyk9;Zz5Q`sw3(X{z$qvVRx{;4}`?yj*ox3+bdRB*;j5^vLX
zxb@V9b)w(iF6C4x7s#Pht})^tspA!LiAS_P4HXbxXK~CYS<57ei`zCl8l1^<jR<JQ
zD>-hYj@5>Cv<Pxu<7=Y_{hXg+3HfoqE#YIcq3xEhz^u4JJvhUV4@uU2rNNqEFK0^=
zzqJd++hv?oyn)?H+Fcz;8iwj4t?fc9aLuUVVy}1->U07lqg<)@p-g$E6wnwdK8&lP
zoQppjSu0pDdDv=*fN2JPAUMmH`IfpFM@6Z<X;CcT#fk2(NRbdEfg(p%A>j}I)Gvqb
zsQSH}aN}5HQ=8YbTL)iTm)v)&qe-GJ&BXHkrqSehrudAqzvsHLS#T^g0`nO3Q#bRs
zfcEV<{^Hv`7k0`eY~ZNXiw2v9NAOfg!}=+WWM>cr$66T^e0rSCgibj}XmDoIaxA3-
z@srN+J#n52;Ay<%0g<V@IRwde;30U7tX#$4F;k&qZWCmU*%kg|##-Kzzn=@zCEYcy
zEUiUfe_=~`=XTl=`C*1ksR<*uTV@2(BSruENVD4gs(E1HXH=<xw7f8U2~O0Oc80$X
zB)d8!i$w=U<VBFuGZ|>Ofd77TAYz6(VsQDC$l}Wy>KG|UX5aPwtpZo8jPOol_0HDZ
zWd*j)-OK>C-xcR2ur+bbdkaQytTaJ4_R9J283z9Lj}B)SgLkPKKPCq=^UNKc2fNM$
zj5WEft@mN9D<u&*K599$Py5v~#)0pWtUy@7uWy?t9n6--2%lgL3mB6PWHNRsjyrfP
zP>vEL;kPaadOKS7;v)f|+?n@V0{Pyz;w%)==+W#K%0w8{H|JFqlE7!+<TPq_Q2#Tz
ze2|QTpR#ZM#*UpY@pV!x_z2Pz@Gj!z`^RzQP-K+5c#5xWLlWgg>oT1cVZ0L%(7Ogz
zCmXH}lv$9}CLyy@ElF&oCC4F=_R&mgK)R`B^m>uK%TCSSKsGQD+?$Hq&Eo^P-n0e}
z4t7(r+(M$6cp;07f=}QP(~_X5jxvg%CVAElFHgs_iAetVXS2r~Ckvw%zl192PEm4B
zk-A@_?~Ywvy``-kk`^88L5HKL6e6xJybOxeI5jI|2<#{t@}V0PQIdg|{2+l`iiUiU
z)o^jhReAo5H#Cn>58kRG@jhKc!_7iR4(Av!<xV*R!NxT;L{0Pm8NE4p*T-Z*7AI`f
zU6$&WR6b&7BazY4G!6l?JGEoVNAKcRVGKWS5iEGba1~V(AM~2fc0?AbrW;L#fmka>
zUX*jXBwDeiz7pO{LDV8IdL^VfiOb5N7Hy}PB%V$c3J);QXYpGM{9WxrkX`iGpV3+6
zD8Zks+V~goUz$b%JW_F*SkyK3qqh|J>rYrbejPLowpet!u|#=$6qc{${Jq-HOPxYZ
zrTi(%e(G)paGt3^eO8Bc#k<8-F?KPEL}`vr#St1Q&kd0E;PixcgOp#^S~WnO7VOhH
z9~Q*Q!GM2+cur{sl5lJY`35bf<JZSq^;6<j5E|(Y1jSBH_}s&ON@CcLJ}_FoVQ=Y+
zP484zn6c#e0hmBUA*b+&HM5Mr0O~MN;oLW&TKBCxVMGxz6}u4<3wR5SM<K4uO}_pe
zF7DhBRnMq~7Og7ZZj2fjj73#DDN4jQVhQ8Dr@tvs%5KT9X_4k^daymgrbB<F9iW}J
z^AaGHb=CH%sCg$6_N)_zbzc0**Cb(2Lq0-G0KZALU72aa`}1c5^9_dT{gtdp#+Aa4
zk${oM>D}`!F_+|$D&};z%`7i&j~L(;&2jrw)mQMj8UIIM(Q3h&I|c*Kp$!-^7qIS?
zQYOTK1_%>SG^GB?As8o>xS$m|V8jm&`6G33i$upycj9q}*21lRcpVY$2|TU6KOm4#
zQec{I9oB6T{&}536GM)4nB2jyil`5#9N2oIZPcM37ajL6)X~fWutoO-B%XApRpV5C
zZ|0V&6LAGY0>ebNw2+9yFn~7oJ|xYY`8q>+g;Zo#E8piN=lF!eM3z=QHL~1SkQ9ys
zEotT2WAdiZfOWl~hU84!C+&&lnT{`$`lemMJ96npdbY>9h^f$igSTGsC$Fw<F(J>k
z@^ynVTD1+y=T_-)qfvqTBq3Mq@1((AC~-4*s{_-N++>xoa15Ok*tJJ59QZ&}Kz-{8
z+`qaNPEsiU0YYq9{=tZW5BXi~M$Jaz`hPjlFyJ^O)E}<A`%ytfXFWdo_kgVuc#Fr4
zsfj`S_TPtz=e6-$XgCN&@FAwi+(9?g(xGKE@oKZomUh);LQG_SH;sZvSOP`h;z=Fm
zOA}Q-YPoXK58rya!pbViY9{G=%%YkPxdf{iRfcR%hsuKTR0%_IMc@_eD1`(^Qi3rt
zp)cC+=*V4{3D6c#jWre_VnU69KlI-g{S`kPxwf;{+jdhC*q3_1Zr-XKWM=6BV+fxk
z2qNY+Ba&SA9B(~S$ERs4+Rd&&bwGYj?k6j2^W+vaKBCoG3zWflC7s!EKh9DC-ICK(
z9EZj72?#$S+#p>?40W8Yv8iREi0dn=@93ElxhKN2GEhtscugS2XlW1oMXCMzn-oDA
z2J2&JdaYl!kof9|hji!t1z?2v0fW;cxSe!sCv^#_c8SlUju1iC$)<)fMt~EW3VP<y
zvq<WMf;5S6_I+4dsjq6H+Y?X`)tstpf#`uCGm05!C^<%;z|-_+#lQ@SV(oviDcTXI
zp7xLSw{GjGE4gHdsLf%uR$iGVzgq#d-o#6&t`aN2{3!Dmh<i8ypxOyy5eWRX<ttO=
zktaKoOTj59=N(uobrKD_A}HyH>NDFCbMt8BRGKfT9el6zzjwj~fOO;m#JnGLHrA>*
z0~wuDxSOubGd*(`cXBhn=~p>%IGLP-sCH}Z?#$tg(9qkj1+ot-poJu=)M8k4_*Yoo
zH`&FLG_DSx-GGqgbo?7!M%}X4E_^G*>|;_4j_0HwqbkFuI`o&+o$pv&^#PaSmspBi
zX?V27{KWMnEySQ0oSGm0)o%nLjNZM?o_x-nbDa1BWbH+XaE<t{v?P%GmB#;J?4Ftg
zftmvhk8RtwZQHgzvt!$~ZDYr_ZQHh;{Vr0Ki&P~)qtEGnpZXi*E{krOiLVdPWwcP>
ztQo`F4g=F2<t9{$2S(D;r?X~J80){TA*PO+>voDudDfQ~T>eDM#$O~^ik+p(ri87F
zP?-RVmJ%7OZtnB4J9+VX)};7$)6XX4oM#!*HNE-t9^O;m{PuhzL=>$TdI<KNFy$?4
zd3oj2FYo>=_{UjphiWBI@=shf_7h?Taj>F$PShfUY^Z326Y!WDuwklu-r-Y|3Nz0E
zXhX<M(e1-TUEJ-;mkohI7+TEWJ0Wd67P-JAz)pA_YYCB}JyfH>(q(}Ur~5qOwC%*J
zf*|ZD&FJr!c@G8fm9IQ#!?553E?*#aRE^HMRhD<$mP%<=f@{n9(}7jE#3KA4*|Qt$
zvCe$YX3dW0Zj?qXB1vyb3dEIVv5R!3IfrfJz17PffXEK%$7bs1mX4aL7R|;NGk8ew
zRu@Q(2}Z?*>%6A#_nVHY1Dog<7?PEiZDEjQAExiXA&vfn(q|V?l;$Nqb#oi23G}9{
znz$?Hnw0`?vzeqQU|k4b8;UE!qP>D-pi$o-x_HZyt1$7<+Eb^&!&XRF0f=E;dt8<0
zZNvs5zQIq%^X3It#h~TjL<m<O6vkf%7bRceIJydm!}Y=aQXBi*bw7xU>v+FyDYFd^
z{7)!sBpMG!5>&6Oo<iV^B@Z>alRuOqBZ)&>`|x|xw+@?`&42<w@TgMBBIw!9W3GV%
zk(miF-YUvo4c_`Za!H$EDGy7ZWaE3FkB;IDSgzP<y;JIzuQ9w>$=g@<j3r~akMwr>
zl%cY=HLl*TkxBOfmf&XZp#|*p#mk{>*5KY{7_SRprBR%?M*%BGJzhpPQ`L&IiQ5iA
z_P!ZoW^&dXKS)NA%$$+uH;&Y<?+=f`Uu+flqVG2^3+h@*j_NlwGh^dRdsGV^RfI^8
zl}@t~_|5`klIHIvkjMi5&9_`X59i8)t@XOsc_L4~VH-=z$Pb^V*B)HtbYCZBp6701
zUcMGcC)G>vIw6c7{iLK8Jxk(?5Zy9(D8MY`@<}Ypo`k~x{@l-~l6oE@=gK+gR6(CE
zHRuk*ZKdt}VYjWH8Th(6xCapzU^v{V-qyax-z(Ph)j0J&;60+Wwh^%qrU&4yVHtR2
z7qQ}_?wyKV0T*TZLxD-c+V-(A82+xi9|A;3erRu1Y`UE8WiM08trW?9BcR{sSWrcu
zvp6Hqc|HQ((a^f<Tdj}cx$wVi13y_&fg4AS9WRd?e`id4LTquiX{Zr}*1Nw8QjHcY
zBR1HZ<vtnbb=vxqwSC6L+#~lKN=YRm{OI}M>~?u+;EZ|L(VXR)^(zS<S)U%~W3yE0
zpXWt~NeME}=doAs8{@5PnG-3zkUg>)7sSI-s-#`pm=hT|Vp%055H<%;g9Yfx8H6JB
z&@XP+fiD34#;LI+37b&+bLAo1<a>n;gLkFpqc|D7D6^PkU!yj(TtT$o;!wf(O)-Nr
z_N`Soh;Fz{I?AwWj9+5Q(>z?t4&1R8vk--?b`OZBwxHmuboLzcS__X1T+5SrQ*clZ
zcioS47t9EIGEBOGMncL#MrS@QzPxU5KhthF$F(|^sS7lDpu;+9yJ;^#IMW4^L*E^-
zq8B@{-jb+0!#$OX)M|3Z&OitrSnFdY-+`f~sz{j6JMq}E`$YkiKWv60V+p5u_{*KZ
z%c|tWo5WAAbxFNyGo3cXFm3O4AQ+ELZ0hf5u8By+v+~k_M>02-LA4Ylu|Trd%mO|J
zH58pd^pgnn4ThAeNuoLuH_Vrra6BT9f6`2<D~aADs2pIu%h4Pt;ypRVUgxj^>Vp%^
z=4=GH_lmmIG32=t=nnEsewt~4A08iaGHA;tQ4l_WOu1?3<ZRRH8P)NtRgPcxl70N!
zeL6U1l7@vGqIO`rb4Sx6uf+QUr=)&LdRY~e93bqbgOUowwvkFQc+iN|27hgL(#Tx~
z#fIv;SRBilv;|2^^SpEn=A-l!bx;qjaw<n+UY~lGJuR?Zh^)qA5=&^eHAyPoP;B{c
zn|=nZMkgXXpwjb5KkZ3t<xO0uT)Soi`E(IV2unItdPMz^)7rO8lg~<hQGONu^%Ftj
zQ8uSMXFiEcJ(qZC)(Y)PI+9Sc+imxAO)or6dOY2ng89c#8}F_S`WX0ytEZ|OJ<#2A
z@s{F|KJn)>sd2y<hy!Poh$g!_DMVe_UbG=Wb6M_EUFM&m0rn1b-txztb+~M1Wz9|<
zm0;Q@`pa4r{ZS@KAy8g^SwoMmZy?gJhw^$4(Pn^8614k1RHT*$H|i=#FFPfuF4^x@
zEC_(A|At(~i2aQ%wQ=c<YuFT~ADp}Fm>)6_)Y+l4RHW4N1GM7ANt!%ZojRjO)1w|S
zz<zopM{r+hHR+ezDBEsm7AGKwMM}UBHi)3W))^Nf>lSMTj`$E)G^!~hU>?Iga@tgG
zgV$q2-9nCNRxz(|1twCBMMlhWp8nuEx2*s0>tHydD60jL=YwtF^AcU?9$J0UOy$C*
z5UcixHoX2xo}q)dVYZ1}6kIx=52N_B2uR18zTd|jBH0P+2Mma!g0HAgAFJjQpJ88H
zY~k=O!to*%DUxl*IJcYsLuIau(G8l*p2h1z<-S)TPyn-&^XeYrw7=lwiqghP(v&0<
z(%87|x%UQZ*D&$^<U0_z%S_NZIzEn}_A4hr>{t(YM=drWc<p+**Bd)*?Om`@7VICK
z$%`u8UCJs=@UmJNL^drMz=1zgLB)V8l|h~=92sM=O3lgs#6|;3xyzNDsj?7~O3%aR
z`+QyoO?_%1D=6<#E^N$}s(AL$iW6*OjWp*mEU6QG=*HXBYz?BKDxQX^N-j1t&q~0Y
z>G)`QyC>zOBU=0{5D6MlZEsNK6x_@gALssV409>q4w(?CEPHe}2%e6k$?&LDGGIyz
zYRSz8UG%!@C>{P-VG>1VBgO#M?^~{A-J)@G0rm)X`wnz^oHV(#lksbt&K;xT@g5oD
zjh@xL|H=@Kgt0r})xKK?>Bvn*OUhrQ#ND1&(v+dM%`ZZ8-mO*AJEJnAuIxQm4c}gT
zUs~&G@G*^7GljcpFQUVNg26#20bdO#_-(CAm-xhv%k?DH!vL{)_HtW)Cq~{4fvXzr
zvLO&r(!@wtZ#2UdIn~;q3T8(hfgci<J#R*LIxm?WJr=WiAbvt!#EJ+1)PXIbL%d7U
z(TIaqzVFD0<bbcSx$6fqHlrXaT3Y|)?r&#rb~6e}|Ej$yDPdnud`ZE-Mhe^&L$8h|
zTMY{tfhb#KkhDyIv!z!ADh8=$<JL-EhXy^n>jU&ho367+4~l8~Zl$>th^YwVhfO7g
z(@25peAV{+XB!4(k6{m!kwofRV{>HF*jC1xPxQ@y&Z&A``3i!3Z4Pjz%yC4#ZoX$U
zgz0Z4)cv|WeTRcuNGl>KV}cIQyRihFgCR`wy{^*$iuN%~mlV{(3z^Xb&Td(MxRw@1
zQ;+f6rf9&MD1^Ob`9mxld<Lse0vuy2aurbWuD4h21~Rh#0>1pdRRIM?>>iOyap2!s
zS#{|cH^<7tcD)Q!qN+w}<Utj!oa@t|=B;;KKEx}n)xYmFn>tU}Fu+xfQ@_eSuS&5W
zv6Gd(RU4D+FYX35yVnn{Ay}@dPMjq<Gs_q&nmrbFw_gg5s%7A_S{UWi^bh16cxf|w
zV}%+cZ&Q}mWWTf&)VRT7=~Tl!=ku{!eq)eQkPt6m`T%G1RWdwf{3Y2)z|T=&cx9k&
zULW><#Rrh<;@BG=EaPi<S$J?XqL)YdF*Si<fdn_VaE$wi=d=J3)y+gG%!CA?Bdi7x
z@*Z2<fYnptCTLOlzX<%bHak+WEs-!R!3t=4b8sT{3t6lmC@&B{96{rDmmj0O>Gx1x
zpgGOJQ4=00k9GHd?zK`7A%{Q3p89hk=k3ZuMLZa#i$c=1(yt#wrO~0^X^+Y|?+d1N
zmCdti7vz9RW#*6mg#|qwodG_T2j#G$pK7*xqhW5tAcDIs5WjB~2N)M@FaqDk2>gr~
z#1GSV9r`91Z?W0C)0dQDwiI^BNm}FZ!otfzHf?3*w2p2=5Z|J!dFU<yXPX|vRaGqr
zBuv4FruXPR_1oru1T+dKf2^?(Z(sVllc$fh2#ReSz|JMzk7P`;a^(dkopr%b3B0)H
zYE}lxjLC+nX`AMO$4!G~%gPe+$D-!>mupU#A(!TO)>(lLReE#qE(1i~w~-0xWW#Ec
z5`y5^;(@o{l*B!4s1T@XeqO6cvDlj>;2lEP5R~CL%Aq`*g620_@mi)PX&t%E@N8|A
zezc-76Ds^a^p|e8!V5F1chzhYh~zpZV&Mjh!LfMBj^t)y3LnGMfgGJv3<F_@@DQGP
z9&iz2&_$Vi$Ld-?`;>c=88~LK*(|VKFYnuv&v6=yo#IKtQ1e5&Bf%W7U`n{CzA_ig
zwfz$Fwz^iS7|UO<Y&bu*h<mY@>sLeUdCJy5*9m)g;6T=>C46!-=b+G@OhJ_7I2ZsR
zKSA~=7p+0FBg%14y!}4KB7pHjh9a0>r@Hk9{AU6tT&)(`5Mxzi{JaXLUKg!?6S24r
z#zF@P5e5{}`-Q6-uwAs%3ZeBxXF*}H&F6Bd@;FDB<SJP^@A0F1LGvgj$hcNBO~373
z?-T#H9@#_eS!$t%RgF`;+oX^*+9IFyaHw*D5TAjfUyi<8<V5n1>aB>Yu8d*hb^SXK
zw&AzzsLBV{nhx9)s@Dk#uuBz`w|p|>awEX^8{@v1a3fg76G^=3G*3ObYLc>d11##m
z{LIGr{aa0$yDC6g5Dl0ra#MT%j0+N1KDK(Oq5#_0OpECz9uOL80BW%R40!mY$hV#N
z#1Y7w>adR~a4H$$fVtv39cIf$64D&l4tE<zulY6^jno8dFUU_;pe;qpZt3|`|D1}S
zQ2377e`McMbs5kWMY={=85%vp1%~L7jJ~)(1m@-3CME*(+ed)}3<XyLDjLvR_XM;w
zhLtSMb&pkHWn*yoiN_<YDb5MHbiWTay&qEA`?8QLafVp2+X^_+|0{QX9q0XShS~aN
zX9V`aEa*E#{d4rEiqx<e9A1!;^;k0}9jDBg6(2mY1}W>;pYXZ8N&q{PcHXNM*HDWA
zr<^I%!l6gy%*bnhzxBB_ojEm~sIp}mGl{dg=%8Em$xAthJCmB&;En9hU1S$qK)_Id
z<Hsk`P-JugX!ZN`-0r&7t72h6A!~@*>|oTgUyfB=%hU&ximSt)Csaw6LOJu(xcTu0
zo0P%2Q}G`$?lM>i$O3sLz9lNu-ENs_nH+)Tit4Mm8E=<B3IhRuz+KmDP$Vcn;qCx0
ztI|X-guZ1nLyiO{Zf~lxXo`&T;J<?D)|`PTJ{`Hw`uFHy_h6&)8nLl|y*OQNddRke
zPtTjffkJ*!t@H>oy-mJ0o5jS#N5`xXI^=n}JSImvFzWD|y1jc9n;npby5#)f)Y_%U
z6h2iO0j=X#jH5H+%0$BFb6ma%2m6uiBZC#)SZH-aPYFnF9_%~|9;1Y@w!&+vZHQLJ
z8SE(>sON-_lv^}0)2q~meb%`nv<<alvT(Rb!R{q+!QE>xQJ~?)_Ow*uK={pQg+GJ#
zSQ;1*-TAigdb_^2VPj05>71L_&9cFUGPz&I{yA4c*H3h3GI>+Z<u97SE;!=%$2~e{
zU~0%IZYl^GcYkiRmV_-d|F9^CGN=>JVUkV1Ob1T|pG1bQvx!O+HKw6P&EzzM3ALu`
z=EraPoF>DDOjI@T(_S8CUY(hmQcqvpL=YeZ-8>^bMQNejFCLEsq2{juZfHP3^;EU)
zw?O2&;`~FT#*Va1tvc~Ha9z=*OEvwQm{C>riE{1N$b|TikG<oz1{_^H5(VyeG8yDD
zYR2fLu*cc17@AKom<;=NvJ-^fUp++M;qQy;9ocEIJ9q%K2J&#YRjR0P848})dUTp1
zV;j!r!d2*&T<C3ORhh6NSx`raZDmZb!YTaZfd5Kt6&&P7^}#c!+g2^V8I^~*W-_&e
z4rw1S)+-!Z=YN9`CezuF-SDR*zb(?nkqa$Lr=|OcL-$fk(xh=ey)1>OdB^Jk+lr*|
zB~Le^{e8sE5*J)fwgNO6mm_@#8rUKNTO>mkUPb^G3_WWK;YdiPJ{#f(xnG)FPC*!j
z{9#<TklIEUKBj#x`{seMVM;c|ct*n%#5MoySv5ic+q1-F6|m%#q;{p)&<wpFdDO71
z$J-;7N=P``%-+%0LI&5}$J}mA#UTs&CetVvn*vU8hZg+e{CihSbK%$fBD7Z<2u0>Y
zx|2V?(Hr~#s_C;PJRIzLq5=A|=P^z~IpE3Te(m~7n_QTLfxV7r`oT{Xr>aX_@N36a
zI}-nnf_N(VPn3@H_cG!x%j;H&OH1$S(S@MYhC>;#5XX%4lOOG_+jjq%sfCuf7XNAw
zv*;Fsf>^6AdD;yyLWY^9nAiIN{T>g}f7Zz3caiN!P_eql67lW$SWq~fPDuavtSo4z
zI>c?OzY5_7VoUgMB#@iaf(DK6{=wkrs;ZC9`vu;T)JmWSiNP8l&%VZvEAxS%wKWHR
zKj@==6?uEa_Mld9bYzu`(TzVmKjYH5RI`4aZPZP4=42yG$VTJX9!&joyOJKtf%@|T
zLA`GGC9iUrN0Xn^6~+gvC%4_pWs^g#sPS|)n=`851Jo2s-y>ffcEON$6K(F2vy`b>
z_vUu7ZP>+q6eA92$2q;iUkKLN&%5{HC#XhAp?o4QKUR2+W^kMrS(6QNbFN8rI>Z^!
z&KVk?hT6C#eE-}byq1rd!WpfSuG}8zODi=^Fq^{3al8uznsOhccg5VJT~+^N(YAVh
zlnD3Yj_4nRfK2nC@9@zBxj1jvq4w&n(pAOvT(%N<^znop$ST^Ph#td6R6P*1igpb{
zIn^p5qjk9vqL+<go^j&M_O#t4Fut0-)S3F_`cRFg#V1jdGnGrn5W*p(2!3LwCLj=?
z)gbo9LYD^-lq0^uN+G6#u@`};9}ZL3KD1wtSb8&e@{aHb(sGIg3bpl6ZHxaDIEKf7
zP!?H)x^(u4Uh|!CeGj$W2JYxlAmCxXv-pc0&^{IJ<9v3+^EV5CINF$$?y_+B*<8{g
zL_$o{=2uY-DkgHdgZ8SvnXcv`<2D@7c(HnPO%)S1?5T8qYJ%<_0dp2MJ9#m-^_a_G
z=PTt)-b=!e(R+d^bV@0Et+9xTPAC(r$mfXj0*5vjVyFmTe1xqY^kqLirRIu7jM0e2
zCU?0)wCWryVY6+9T$;TdZ~Bioraz(W1&ys{^^p^KwWNRN84`o+r$32n?bS(EK(Qgj
zZ726i$JD^0eGtCp5B(mk;8;Fa)N0P-ha>UL0vqSHcsy^*m<r~`PDJ+_L82)3xM9ST
zOcE#x@mHjAhSbXUC5zz8Jyw@3u5L`x<s{}R74c8m(#KsMj~*B9L3+b$Kp=HOKn_lP
zLk8nz9Eh!zvB`ZO%2eqdaCNtlFS1`X=I}|?-}eIN0q*l5(&4n&Z(fLf0nJ!9C(_<r
zv6k{o3?*zacG{MN0CFPH2mXpQyq$F6D=a_g3hYHKa%1#Am(g+QX}q=a(L`81ifaTz
zEHhV1p~|Tb)T$_E8IDqc-nBL{=}?-U&Lg-(gU?g1nIA*+LLlGd#=X!O;*{a_^SeVv
zLn{xOk+my4q-1wl%au7Wg(toD20MH@4BUQ66p+o^C;)H_nc=;-OqOuEBv5jxSbnra
zGkN_aY)1$aS&94mhy~N3B%~SnLC2K*G2{+GkkgWv)v-Kj+VmW@x|v-e7!M|EnJ82p
zGq<9#Z~7LnUg~jwhu<w-VtEu*gx%A8J&m6@zP>8RHfUtX_kI?5G3P3FGcRF~(C`WJ
zMR1VzQUG=pLPe(~sWr7>0%QW`xHZpAB4PqluHc|}OW}vG*Uy?mx-~D-QtRMF^&8qm
z<2GNe{Qlx2atY@H0HER$#tr)Ss3gMsj0K_)p_uCQX34@#959=&9^W|gi4#7(S?+sD
zH57oll~tjKUl9#dTuph8ds#@&zjsEnO$8nD!Qq|iYr?Hi$5T!DtVd>-xP13V*K+S7
zGF7=7o>1Efc)sTtV9fyP&*<YQlpK-V5BpkF(^?wt-W!|%90{1OR@@LSxG>Ko#w~n&
z7PeX51brWDkhNt0gAQ&nGaH<g?NT$6h860N>)$Omy*KY?X-!Rds|!~l&<_MjK(r&r
zg@ql}XsD;=U6`iieSVChWubI2$pIZ?1y%z8RK%ZFqa<U#Bt`;yfJiUUk^j?6ak7Fm
zFs^wO#QC3tkQe)C{^mSWggX<4KRH}rpu++!%W!Y&VK=FBPqppxyM?v<BBLN)-W<Lb
z?Gcfh`<WiWk(WBn{;r0gkppyPV#$udceh7;d{Eje)8tLKUMQ!)v^|93E!wD7u&}Z+
zTdd(|BfZ8co->_0Qn(1#5G9EqaKIK88b}Qhjyb3QNx)h|%5cBL%4x%G6G~q4dA`-b
zhE5$LWLiNK@L>TM*@}*aW5+yLi9z-G!5FxqM(1Eetk-lGq-s$X@3Bf9g3vR>wS~Uk
z?wAVW)$UHN^uUf-+a7PkG42XH{xj^ZOK7qkPmlY(+4!raz~;DP_&{(Itv|MkUxegs
zFq=BTy;9nz!(yi#07OU`cwCK<@H0B8bYUVjf&G+4!D+`0%p8L~2Gz?&z`M2IZc3-c
z(T-zi-};wb1SmdM5pWIH{EJr4m4jh=Z&bOmLP;}72%+0Kbln)sAv{J2!0{k)87Q)I
z@t)#kIJAE7{;M9h_JeJdW>U)5j!`o&g;KE<YZBqT;-KFnv3C5=tora959VZF>SV(D
z;EoV-&NQM;o;;O;OCJ2jE#QSt(f5sti`!*_;`41Wj7t?-3KaSHChu!eWvej9HtLg~
z-wPksO=KvbKK5jGDv>YPLn4n)Sh4Jf^2&jO$9*p9F%`UqwqRH1Tuhosv9pVqdU~(=
z>c<R125s-b)cYOLX&BPs^_`kMIQ$+bWDWJ=D%w!x8XcgD7q8+6Fi>8sIh&1DayRY)
z2xes2UeV)fDg-S?6MNt}&?$m<bfcnsO@+5nW*B9-AT6ndFFHRv4da>#u)9~jnv0}0
zc!g@E5>PP4+#Pb9@zL8iEZ#D4>`yVj!k39ULG1~N!6K>?tExfmUr~<2)}d}{l2Uzj
zW!vz#<}maNv8@t6Ma=l);MVYqZVK)daV_Tg`3O1OJrvS}f87;5E_Gb=py~7#`4;l9
zuixKfb-?3*p*S+V_rv>AB7s;W(-Fu(b>sIR@^#vG=5-oqnjbR6WWwp@C6*^7AWUq^
zXt04B?MpL^XKS!L{xL@XkFHXrl^$v&d}2z6e!7PVbx8DN7BPmQ8y7Bt*q2t~fGC}h
z_)%dVAW?<e)uEc6QCGf=E^^@Pz)GpG(oS7@P*imfscj|*DCez4r@Ov%IQ*8BsxgGL
z{18Ec!}>jz)gmrSbqv6uk&#XqK~w0|z!cA`Y*4L#`*t2c+X$HT^B#OQ#DzHDD-8ri
z=2(wATxis@c(;+<fJ^4Fv&O%<6R9Zhk2NCi09H`@lhge>!nGQm!Df6Zy77Lau%gYl
zfqsg@*cR4#x5+R+eJQ1n=Us{pS=GOXVkMwOat=BJ6<O3$(Xa!pvw575g8|wSQkhPt
z^4@1Mrq2FLGEDeIxErbWgE1%$#)DG%zN$uE{n!Y-SYoMUX#4UMiMKAtcwDaEO#Io}
z-t3a+gX_#mo&}<f#Uxc3r4aUaL@spBKelo!BJ3>l3B%cZJ#292oXm)%Iyam7WLZzj
z{o$b`PqrP%w7TKk%oBMQs2RI0k>ZQ9EW2d6b!%kG*Y)2fj6qK}^uJ3a9$0bQc9Q+Y
zIHYsJ)tf0HswC1+5FSoGt#p}mYj2q1|3F44ue;z>vfQwgE+%}4b0j=+jkq)srkhj6
zZCW3URTk&@=CHD_(3KV7_Do_5;GTI1r7?!*&+WQAcc-w{N#?DX;Eq<t1R^NRn1cl|
z{k49>ABQP0zYi@*wb2(}${UU3wYk@A%%Ni1l7`dC?KWn{SeApLzqAh7fO_~Z3-Kl(
z9?vOT<nsC<+FX*GD{W<-Y_B2u{Ux$UHb6(kzfTJOyHf`6;joxxn-pwTojgc<jdd4!
zILpkLKXGUTmNI!5IF_?#_0R%1gxl^C6J%4`mZrA@3{IYdOO@?d-xYrh7k~Hjncl{s
z&Chi0N}C^l1pSjduv#A^N~e8N((6*`^eaD7btJW_)vI{9!E0;zy+W2Yl$mBpAXH6|
z^79r23a(jeT+1r=J`~quKr^Sm#B~$Dc%iLPkJ|JgA959F5t?V5y=y-X61K%rHytV9
zT{q=n)iJg2o5gm<nBW9RSfff@^V-3?Js9F_u{?(fTwPR>8VbFjt%oN+b*(8%s5nR_
zor``ZWp!?#BRhUfYtaV))r@~pUWRBQ<cG`^d+Y*))K<!oB>+<ACJX+aJ@u6Duv0E|
zIsMEkQot1S{6(bs>K_waU=uwXw_k#^WO`wO9Myysd+n#9p}lj-UDhEpD_G-rJe#g`
z0^o&K?VUnteiGW>QXDti^P;B`1K*cD1f3PLu@QmBmVsRKWkM03Vn$3d=1;6b+K+sY
zFFzT@1v#rt|Kg|t-t^!7ca>h9_!%FJ`-c8_k7`A|W)Yz2_cRlwdejjG(YxPb3LQn!
zZ{Hgs5wo}TtTYafX=y^#7C}|(l(H~?|I`sB>6#WM?-{B?EoQU=wg+;&apA@voX8lQ
zv#N2jf#I0P=#IqR+29s)Q{B(NfpV<AkqL!Io~E@~AkB=OR<!Aud4&=%8@i|F{_6L3
z3Df}c$XR{tcMQ13!!b;L6g(!YVNF0hT=r~bX516$M>wzHVoz*>Ar_z>NvCD8=bryz
z_-i9cqBGW?xP2X120BL`O{npiiJFR~_L^js!CZf?OLUC<i|5XNWVM|}WQJu54B<K9
z>Y?~-YcDYptBY1z!?K<W2F$*%#=^mJH#IE?7>xq}hf=|Ls}MAl$e(eR1tv3*yGXOx
zw=NK;UtTg&zTK3-hKx`o3U_i!{4<~g+3vaBIPhRBoF^rlJ<n^x{4P3Lp_XTpHa6(@
zZO4CdTDNk5dUy1Vmn=IkwWtFgR)pxBids&ezI=gfJD3ofg+9|_%a?7Ici;bY8T&VO
z^7Zq3{MKffbu7$RC{S`Dqs^m%99FV&7Zcw08I*}{owJnr5Rff{)^4JvRpir9oRv;R
zlnlp7O6cDeKWr17o7<A&+rmp!tjgTx2@>2)FH!#bAPa~V1mRt02z0b?lel8Pip$pM
zZ*ZtE<;YeJgmuVJ^eVk#3ZJDzvu+7c^n(8g4m~)7>x?|$7GJ)nMw@FXKTT@eSM@)6
zK2KeQNk~Na%b@C*NFQ94270~d8D1kCr}IF*B}*sves<MC`eV^AHe$Y4BaT%-ZmsfW
z?ywfE{R~ne$F%DtBWcv^^pi1#KJ+FI|8wo>sZMx)gbnPP=K+<~+x<-~cYN-CK*7E2
z*2v^Uzn@Ma#c7<v7aYE(E>}8+MkV-ud`x+y7(QI~Fm`U3U(OivEO}=N$)l>kX#l-g
zqN(+<DV#+C2>pJIT_p)DU(i|GWnFiP_55^XXA!Gy1V+Hv_C?lHOJ*pQ5EeE2Mmg(B
zp}4VD&SWh?XFF0%8d&2`@|xg=5xk0#n4*?AhFOt5oAe2{>(zwK@t{(UvUqvW#zxOD
z(XqV<BB+Nz;XV4|xV9?pt5w9*pg}k;oXZKcL{hwb8)q$JnxBXMKmj>}?5*@+!6cjz
zc$Y=S>O&il-%bhn`8QT)x^Fc|Tv%<?pV$GvFUO^45gqa6rD=h#exK`nC(n>QMcir+
zISvIgFn+T$YhjDqOnC{Qz|~!IC<7*%j^SPSazFRkimmm5)ku4AByxR{Sp^JXpglPv
zdgRj@a;JmQ)GCN^Q>*tBCjx;~xFBguFLRzuFpw&P#Ts#Z4yh(PqcL!zB5RM2%eMyQ
z$#IbqKiSah2(q?u#Xc^(z0`dEbxqG%Xs!f*c9O?)UW{=DC{$p^ptDDMxAl~*O)Ojw
z{!Y^KUmaUy+KMd_OQ}FA5>aUfpKDPa8A?dumoVbp#@vcF_t&pM?dF4&nw;iGd-f}k
zGK%EaPED<)+)93Rjv3fF|LNs}G7k6^YrE!=V*>H|2mhBq);!cRj44U>tbqs#b-Iy~
zwdub#C}y|QufN}wdNW6_?9?rws25;Kb7Yi0tBme%S2I=toU58<3xiY?a{~8N0kp!x
zUt;pgQ2!bRql4iNjL6wDbZc#$9IO74o3MGLyE;{&T{~IfXzLVtXI|tqtFj=KAJ|~8
zv|@`_gvCoryOKEF7PKhN^#NlX{U0Ci6?-bHvT@k9eE$kydAQu0d${+E9dm1v+?TH1
z%L2UezrAobn~QJ~UkB4uBur?&Z@cda%at}N{L4+ZcKBpFf|&N39+3`QFDeb7A(=eP
zf5!77Lz!JXWKQ3>jS5^o_nW*<mDNU6ejvj3+LEPeOdvm7dw5eKfW%bj_8MJ=0=28b
zRa3<C%of|Zz%0;xAGa5s&;Byc{5dFNLoKr&Cl8B$Ou;2_a3wFrZESvcblE1i7LX;v
zxEul~AS}Nar=THu#>lCdVnPJB<4zS=sb6J_Y$0-QF{z`x8~PkrP_8OK{F6I?Anux<
zOi$284D42++hxv4S*2dAzo5Qd(+R4GBI;*yu#AnwC??xbsoF;*W%v^s|GDTpGMh)w
zN+fjy*;pW-yvw0j@mIa^uOilA)rP_PR(XiPNXfnG42s4?ovQR?ij6~#F!|DSFMhxa
z<A>V#hJL3$>myOB8G^iyu&Nps%}R494M?U7)|;#~<J59unK9xuKmDqM&1&3=H3%V<
z253mV6^G}q(pMA=oO>8^XdTL3Le9euNLbg_tq_e3<T)qxGHfoXpQn(q>MXkRD+(ut
zaM(wG4zBHrymSU{FQ-_+aur6X!w+efXwujyMidgb7|>b$t{lHeue;lO3MkLWTIWKU
z;K89gM_&(#RLO?VI>ooUO1r(mvsuB2{&i7<S!WYwY#LnpE_Fj-c!ZV)IZWq0Ho2H_
zk8@wRzS@ot-q#78(-i~7=uCXvg(QPyN$a6LDdA2;#u{$%_2+x965N0=A#7n;bGTYm
z{@LC=dy)ROA(h?Qg(^9foCdW>6|v6E-gd{nIA8)j1>cD*^kH`KBqazkJJpH^h<D=3
zkD!m((@q+>g`MP+^2=x8@4}c6j{db_PoUhaxmlj{A*p&Fp?EXehIwfHm735zEvhSx
zJ&nAV$Z%uk>v`ocR4TXNf)zn_Um@Z=3Z^0#e7P9UOImR;vz7un)psi9{(`#v&6#g8
z?q3luB`kh8ypx=i%&4;q7E{xfW>#6H?KOZ8jL=I}Tm18vPL&G?34JQrNni73JHOLp
znG#6dN~`*P=T4S?v@<~x`7$&`bb{`k<C;{33aAMX+#YM*CB6wipf}Mnp$hGC61(c?
zlu&IC!Og2IlGOFCkkx_K;48tMVv&b?fu3H+-<o_~c{C89f)w~K?t^_t&1+F}(-~E}
z#29)G4ekoL&Oc$u?(Y#5&Qt3>vTz&QEmWQV@_%fgiS=ooIz@ar$slRAPTUr@QnxG)
zVVu&PL?6dm98^K|HR3&f(62rqHU-mNcufKacoW_+eC&Q~AB`wnb)fue-MKlj^V&BX
zkP_aR+tfr*F6{9<Q!+Nj7SG5~_gQ~!9~7=HIC|q{u6x;?^hTVz_S_~WmbTp#bwo;n
z3_Yrh1Z29G?5A{y%D$HmUpS_s<#$(}WZT!s2bV83L0bzv3v<miP-^A*oNwY<FBD4K
zqUEE2wuxW1c3Ai+eTj_Q*oloR_dV8I$v)oItiF3-Q|kFKK1B7I;M9;vb-n!>dt0;P
z={WXh`8V2@)y@aAVOF4z*z+EtI_e8|MokKN*Nz+I&L7;AoNvxUOH$zCbscwg$2ZHD
z@)su?2US`@YL(?l1VFBwI}q8<avPe##20m(N@Rl`ex0^jycZf9gz7PhZ|Iig6(uca
ziw80}c+o~>i42#H@9)~3poB5&J9q3Vea7T^oDLI~krvpU4-TdH<8BVUfF*YK@%9pW
ztQ12CVOPR7|JPh3`~R7XWMSsu{BPIof7)$KES&8B?_6ZNlYQwd8ZC~T&1Xyud-ht3
zEjRMNQlyN{f4Y$~BuTe!Gwr8a9jf}gzc$sn-7goq^6D;0$WiN?oK@}|=|JZJFfuv-
zri`ST1jxw9{t*G7so6Sf^GkE<3p;W{bL+{_`F2)73T!R_02zQ&GBN@hj{bkUgTjhR
z+C!NAC(=K51^qK)3L^dmBZ&p3cSd%W7uJCK4lgdK_AZVF_Ra=I@8lC2Dk%Hb2T%;m
zERCTMQq|{@laav{A|@+<hGeg0aA9o$py<TdQbzzVrHz%j$(61AGrEcUPWa*a)^=uw
z9`v)bF@9wGW|o)c-|>yiVqaPSG!;<=89g{r{mU7OA{qMTW<Ust@8#Qb8j)A|EtHML
zH~n11!R>$YOpV|8C(ry=ej8$Me(Ny|0tEacO6r;W#+J4g;8O4PJ0v$U)`8c4k=Yy^
z-u_(R3(5W70W16`7uh$o^e-0~6%&(PP($f2we~L;IlR7vNMQZP=)wYAp`n$v>63n9
z?q4qQ@E85n4<T_T^!JRw!u%)BQRbfj#TB91k(EiI!SzeroKY~%kMzx5Yxj}olfcSa
z?_B>a-+j*S`PEoN_TtKh_iH}xxAFEG7(I~bsCCiM^o#B9S0;KLeJx9KJq0*1^J`&w
zX7SM5*SiQ6n);iO`<wWF%L3^CyPC%8?AqiEZo$m>W&JM~`TV`Q@ZC#6Na*E8@3|*0
z_itEYMgTA|H3qkDuz&mFcaG7;!Iizv{-u56@BUi-eI>}q?8w3ztgTzab^_NfX%0^P
zj6|DO6<C;=#wcH?1rSs(^RjDJqzR*ud5Wubz*n(<+}?vU1CDlot#u{E&y<8Yl-ZXj
zD=Ul`bWyk8jg+LG^098=M}gkC9DKGTShBZ?IVP|pzR6)`TLDJ3DAj0mq_-;eO?fB`
z2QGr0;QAm;a64E<%exw?aG_LWZvGj_!kbegp4ALS*}=H)y{-!iIR?M(-%UI`(?&@J
z=fDZE<V*iG4N%@?ZMbyNvY$+DKr7<p9N~nE+WW%&xkKk{UrO}Ov@w><v35v(4j&-=
zn3-vPZ9LUf2E|&B<v4)!+Ht~s*V>e#WCN-Wl*T{LII%B7ihQ5hcq6E!jrWwlI_FND
z?(ibFPXil`3orsQ(NxavA}FUx(j90u>V=X>OYe4p5q&T$vJ@7ixa?t4dcP=R4x$Ke
zqe4mj1&EAANxIO{Dk+#;Jmy#yd+Fg{gw<^vf5uiR`#4{<KK9(!tx?7-`ARfEmve_y
z6ARC20}gH2i!7WT5||cSZuyG($Jt4G2LYFMctdAD9^Jez8p7E>Fyf0<sLY>J?pi}a
z83dX^bQIN#B=J~@0Bu6N&S@xG_?!m?IE1I#$gD01luLaSgsmwz*Fb`A{#h?7>!OBj
z*myNlOEMpVjV3fSamAnP+k=bywP?vh@L#uy4j*WgHJCe@I=X%%X6QA=7r~W!V?!GL
z!NoiEbHKCG^v8GODd@3}vrIvq&Po~ttBKj|MRCx?6$5_0%qb{sce}F^(hHe~2_y%!
zoK3I<ywaKB+_0<tG3lcAh6UcF8T~XR{g8i2o`|QVs=0>vCgsmJj~vNn513)5>e~^H
zD}p-cB-Tn;C@Q7U==@>oLkkSgK7avZxj4mOT{Fc%>_4^XPp`3p`D{u+(rxh~7%_JR
zA+SaX(?fg`o&(AxsAw6>f%-84gh+*1XmoEMK<$feQBVxRD02F!(qUCimI@B%Tw}&!
z8a-TdxctlBSD2=>M?G5xWIS3OS0$5tM|oi8a{q@FDKi3)$LV3$US;Al%sb|)1>idN
zZyJwNT}Z{z0y{%}Sp~x?i+_Or+N6m(rHpED5J5gAsB)ZQ^!Z=%$gQUAtOg1fmig;9
z|JL?nO^o8>B{QbX4J)EqmEp$&otx(RazjF@<+YT<O!7Y}j8c+g?s&`~!*L>D8I24L
zG2oHSpvR@;qMgy<&bQy!_n&Knl=xs`t=Hj=&da7)NgD&C2{b=$abjo;IUhrU%B6HY
z9&Yhl)bPXHOUnwS96GgNFM|$co6o@0uG@g`q%9B6!Tkw6sh1XrObcW1;nVsB_B7^C
z%+pOkimq*0&d2Rxx<vAkZY}^{=1^I;RI}3BVdJ_X)tTL~Or-h?xz8eWQ}Kst2t>$e
zW)Qm2*))g?)kh|B%3aG&TLSyrI7i|=-B6-Y)OMDERiLvRMrJ`we3l=7Ul+rK&_4e}
z$?Y^4iz<?Jud~$#X(`*t3%P>5tjD%!(=*NRebQF!&^i^;xq9NBesvArNL|X3HH!PD
zY7}p}_r}!HxVgU;!`c<Jl0p2{u!rNvAFvlK{ovSqa(CLzU}#S3qA*@!;_;Rdc`67_
zu2$$sk_gDWfIq&Y{S230rB_p)zp$xPhLP--b|dbk670-jfO5j)(Q0V8^rhUhrLt`_
zV}bjGTOH^`T?lLFMK5C{4jhY<AZ{!$t#?hr*8`6yka;NA0pNr67Y@D=mGfcZIMA|-
zwFMko%H)YD_Gz-=gX<{MpYmO3X$aM^Fy{;w&v!nzr@;84u^aFQ-eF7Xsr+oS_`<;K
z%`7plL1{hOr-#L2?(#wiFYr2tVG?wtw|C7f61xcvn%zx6HCIJj=irz}54C=)FU&bP
zxsXMUQp0kNaA*RuzMVwYj``EL9gG(>`(UzfTK~$Y7S7sZoLk_>_iFU{jw*9RHvECy
zRHK8nf2;3PyeKrHqmQq|Kcm>Qtn+SV33Np`B)`)!RLNZbcTBUHWQJFb=YHiErovVX
z#W3yRBiuYT9T+v2l!*5nvHpxG3}71~1V~@@8IzNpMUfoW#$<O0%Y@!x=`5_h$kav?
z6^t6>d{(48@y=(?qb_ynzSp69TiRe<*W5W!*toZym?{@cb5nR=KwwxDSvz5w1Uxwj
z#Ludb)78c|X(SJ&6mo&R-N4sC0pKE<{W2GrZ$fBd;FWYu39C@=Nj`p0;&<!R`C-)l
z>9nv*CdURH48Hh#o4he=GfyKup|d--@~}I3w>3Wf7+<ef_X@R369JGGJw}l3CWvHp
zkRon>H!o|c1YYi#J~c9bB36z?NC6`e7Xy0Vj_0g^7>rtN$_$pO+ZM@w!Ysoce|&wA
z?V9M_*he~)*(~8#fw178{y?8(FjguQLWcl!4Ye>xx!>vPXhW+$^`?YFa=}mu(lmh?
zpw>4otGcmQ`20bqtH+(G;oE7uwAE{Uyb{<16EotVYxO$v2|!^^KfuWeZs8~sSa%Z6
zneH)tT9-AsVDXqi$d`EN0O4aFNd0=LzUBpq$$M?>q97x#9zWLC2`(TGU%?S+1MPJx
zv-eOSKU^nedi>-svlZ)ic1ha$2ZHf-KMAND^YWuZVK6LAMViCd`^j+W8Ea5oqK*IQ
zL*6G{S^<*DnJ;GFaUMo0$lCBXdQ8H@D3e`^Km@bkP}tVzEkEpF2*_dE)pMua(E4$B
zg;{3z!}k?22jcFq5-G#gFQX~ZY7L9^4$FLIBr_8v_^;z_YAjbKA}q@^ixY^O{&pDk
znYLVhT-HR0*kw6m`W<vl!RbpD_IJF`9DU)EMZ4HI)V}&7dM-DW`y8qGtPx3PkJf?(
z1y^i9BaP~Hf7IbIUDybwXZfA~yzLm7Fd%b%_q0(j7^-v>CQN06OWPU9SMjQ~6zgI~
zvCjI>c>D80jj;TRh=c}-Gg`P~a?Jd?#5i8Iun&I-j}RC7FQ>J2GpG-c{Vvg)<1t}o
zLOElXS~<(m^DaojIKqdtpJ6-p*fSX?+=1#c@);bVex%fn!YHn3hT=fT9?#x7!;q{8
z0?2$@7gh-mVz;8kWybiqGcD`i$}%?~CCYd%gj{B1CAm|X9`0DY6K>dz^ffE%nPN)#
zn<AZ0N*jCEWDzTXDlG2?i;9T9dVZxRExBAT%EjSDsYHi9e@k)~6_Ff%Iw5f47K7MW
z8c|yx?C0VQUn}2_C0H}KHd&Un?+eSiA6?sZbhi~2;7rw?G@BEDDY8sNVEg6+q!tV&
z>7xT|ec2YQZo9~km8uPJC4V;jVdj+3W09qG#ahRdQx(|v&-GVG*PlBh<8_vhi30~?
zV~xpiuh=_A3D~c^=40NTx@^NVg^LlxxT=NiXw3YKm8s0Rel}LwPa-wcJpf54`BUC<
z=NH-$#Nl}1YR8p4fV(2~m_NG3@bPJnegk&|j-OIbM~rU?rW{@YM|$v!BhY+<kR^|d
z!xrwYJS@E^@f)%HTP|%yxCw~9K`(h8{;c~_5&^La0;Nym+L_+PvQft>?9A6DFVs2F
zJ!98<TsBT*gkc=0NKEj#GJtTCeTn!$2_}te+O~`LEAVo`8z{y@Q*;woTQgjv5N;gu
zHzCMr4G>DTo&%n6&UT^W64Gm?f=Q!SG0^KL6IdS(CE%Ka5qOc(4@ryp$ha-P{!wd9
z|CstJuvef#+_z-KG_;uX>j-8sXSd28@j&IH44kuicnjRK2h3KdL=Pprug_8KP-Uf&
zf{jKwg3+538dcKbSYdd8+X<q)tKRef5<#C94#ZVh_=Zh2>kP9ryp*}E^4#4dAGrB+
z@j=E;W&~C99B-Q}S`J?qY$=dC%|kAbo5`VmeT)~BD#!C#1A&qP;4_Al7njQC7}BR&
zz+P6Gg#{R{aU3;g9&@DS(<xO;0N)htvvCnN=3aFQzo89YMn(yh{Z^I(&)uhKK2PBJ
z_-rUA23ZfP7<Q#-GWcbEne(pvgqj#Xhd1}TPQL*?5J$cl_pulDZ@-~`CnNf_T#BpH
zN90M&grIKLb6<!3_(*u?mS->@G&L#`e&FsX?8ZvHX+E(}CnLFE8sXx9?|32awk#;7
zV$5^o&`rHon!wcLxe+hWi&kQ{WlaK#5{z|^Z>S+eM^?D5*zHpz3pZ~^x<R+qW2#o_
zec$&jr|Ta{bTZw9Y0OJ%xwG)Qo(;Q{E$Vaoj+bGUN&Vyy7<?`JCx`pxJ*wm9B~Q%k
zm+~B7Md9AQk?yjwtetCvJ6ak#)ubND5TGf|F)=F8YZv2on!D~`XwC|UM^$WMoct34
zvziNbc+M?%&w{2_=kHkdhpsvogollGP40r^&wS~C9#XOvuFXaY=wnY#>Qp9nVmNX{
za9R{y&(#+x2f<u3;i-J<TBb~&P-UpLoi5T$uysX?308L0l-gsfHIN(dknbVPye5%i
zu^X1SW40}oNIvaDlBag^w;x8!hA=e@Q3KS=&s~m|ySsF`1R?Z1-z5Le7LoCSubb!L
zF(?!E2YVxU#@ac-dRqyiqH$9s0pxJ!^?|GX`;Udo<2&j?=aG;4wNcM1jKE_Df9=su
z&G)>e+#GfGo}|Ll&+s~{j#CuW*LG3wv?9&HwMi;7fD7h1yndC2#6uyxQ#UTTr2C*Z
z^vkTIsF>m64ADyXOqHHLwt4p~i(2Z1?=Oi#Fon+sfz5Me9}O8+Xl5M-0`6bLxU@JV
zZja@NZ9LcABsVX2=sQE-mc~08J1*TD(7;m81uIsGnaa#|@5wWQ<b*N=V)J9*@U<dN
zx^ds2Rw2*L-wfxid`9zZv>h7#r@_qmP>z+nLSKJ<VZx@wskO;gYeDFlhpW5ZU5#Gx
z{O0r0yz&4Zu(nG^Th||lf|WS!pqY2$74`q!&maPgbJn&boU!8LqIb2d7KWmh6zwVQ
zUd(U{rg>zY2am@{8v|C?c~7?<Qd3X?n=1RWLNeq>!JkV%%WVI#x51OcHC)%<zdJ<X
zl8sbieom;F7gBn89sc@pmoMLD#$r(V$na%I)9io9pb2_OsG--B&ox^r76&(Avmnac
zpYGKoC-n#24hffo<$(mTg#N3(OPr}^(Mq_$?Zky0i}hA^0^1MRRVHKN6A&L6Ua-EO
zIWovbVMxpMJzQLDtujh!5+VG~t5>ky5NWC_H4aX$UWrOT+~K18E||hv5^Re`;~G_j
z3NU_pP$5%xH>De}JAU7t3=crBc~~vJ;*{YM7Z)k*rvU48WI$><MQ>N6VTNBTFQT!7
zpFb)4_x+JB;L%FbPFjrZ7}twgm782kUxLNM>PWx@g#LK;C`FnVe}AR_J=35tkxmYC
z<9sOq5J3<Dx+6W!yUJX>ro4bVm`1*5r=a2(lT(cm<emCFOWYD!7;AAnAGq2p2!~d9
zYa$isMLd*^ckE4CGrlbUsFb6$1kC#clH6R+x7p7wfxGU7Q!NM1=}i3xnW9Z){t2v!
zOq@TgZ%r6|1f9vP`~*a&JD7m{T<$JB_c<02W;wg^XUZr6H|#Q3d$ZHU+lHjvo;0u*
zFl!!`?*SK-rsqdOl_Xe+3s<RtnbOmj!lD%8<VPbnLA_7^j}6FY_;w_XM(B@FF?fXb
z4;2@~Iqo;^SgtQJ3SHKTbaUIy+wd0=lm|G3bpjQEPj(N{ZdCrnY|`j^lFubh`ki`V
zQ=K>Vm9!z2>|>d@JaA<f$F6yhReQ@k&(CNj%>Z&nF<r-z6g?2m3dDM6&*RNtg)#F&
zME9mM8d(OJ8m=EVjoxzYOPBR}2#7}wmiA`qlC`(Wn-~Q^gjx~S^@2ZYN&CEn478gs
zoJr{WR(}>uQja412NYZYk(|N(#&I*Y=rsGf^)X3KNWs9xHsPBG2w+hly-q}HG{PwM
zIxVx0haE5cjsw7vG0fFm7?>e);W*#sZ5r`(V!TE+?rPfVxe9UYeDF#LQ@=RgnAr=v
z<SnF{y3=s!(UQx-ea)l9=cl$~AgAYZ`#K-I6DPb-#DV+e=D|ry?fJKxXD=)wetLSD
za-GECpq}~bKzOt*XhlsgJQOIams~X#(Rg^S)OrCsbOmzYiH@NxAAy$fw>%^RsW>E|
za71r9`9#Ta#lX3a!2NWGgTy%Qt)5m<9=W*ai80GFF^7%2W{N7E$ma8SlyKwR$-jLZ
zl~828bpUv_momvsK1xhmi;gZYaj4bCcPXvF^oi*}9_FV=ca5E`B@>zFHq`x<iYRl(
zco^(ZWpoo_I#jyCq*N@}VWO|)mu^KOmO;n2Kv#~tMmn?iSF`QZDN2=<yAIxlo*fq1
zX&=3ho{aVEGNzG*$XPZ-5eXxrcxz7nUxO`L;9>;|{a|%WE9|GFsVdon{#_E()(dH>
zBO+=Db*_Q}=oHxT7mK9BKMfZrE1Mz|H_E>LfefKRSpv7xe9w1o)Mb_&KT_?LuA2(#
zeh+0Z<tNIDgpWLYmc_-Y;FcK2MRejmDJ`KX_5ru16p9*PbZ}K{y#e?_i?xJ&IVQ~A
zVVSdLzh7Eoc?%pf?r4QIa99P+P`4xW7gR_!G3}DJdp<woCR_NF-2$Kks4Gg2pQo>M
zQMjBAJyPrs2kvLe+#b6Ii4iYC=aRO>-onD5Fn2#e!Rm=`Ht$j^48Ztz7*{92C*RT$
zu6n(=EVAzvL3vYg2*j^QxF1mrcAUS7zFLXiy?mQLB?Jw{rR9w=<k`x=KEq1g8;5y=
zq4B{Q9mD#>p?Ik?n7&3UmF~MI?Deb3d6FYf>3RPm;o_wks46K^-6|%T^xNyZipv>w
zl?isHpn&YqdUOl#AIfhUGd5XyEJZm<2fKL<fHV!YO(ch4$sXNU{vD~UDPMQRa*ERl
zRI)u4M|dT?Mnmuv6Q*SWMQDDcyPu|NmJ(V-bCohMjwN9+4O&uvlvDo;H$ce0b$Hw5
z$Pe-2jN8rxixP|CkyEY9{+>7n3JBH>e$FvWu$cDstr~U@j059Q4OMF7>AOWN`|+vr
zpV0fpm<T~dW+@<DLTwhsv81XjD9h`yg=+0<+lbtHl6p)Ie|H?a!6n8LjU9-ENqGnE
zQX>9V3wagnAySic^m`ElF`3z8U@E9O9uKg|$V#1qX1>l>%kp>A+3w#w!Z}7TFHAcS
zK8Q5M!kD=+Q45Dz9#M5wu~Q#<*9XpE6QVt93I6>0=2vS5H5g9{_m{X$3J56>2FML(
zY3AvPC$M^?Xm+9BB*Edr#04W=Q$W6f!7ml!p;5Nx`1ceW8Ni0<5ZQJe+8Lt_(#SYQ
zjmc9My>3y2uzV}%&#ErLu;~Oz`Q)LJaxb3>-y|$ErUlUu<5>;9qsP&>W16Ro0T^U?
zstYiQ2$^n9Hp3|WYgBxS6Rkj1K5z?w1<w=4@cFfoHN%*2H^rnOXZg#BlD4leHyaCT
zOkY75Buh{#`}+#o9rRd6O@8_@xf#Y=?~r+pxzYTZsJ-pQguk3XtKC4Na6q!SB1aV#
zvnyJ!j$PN^5{?XhBhuD0&OaN71O-Au+_`#**3nA0z=teSOo9)$w#2R<`m}$l&TF9n
z_fwxedy=HQ@tXncoZ#zjL^;@?Mq>3jR(4qK!FM-6hTWwR6sx8&d>l5yv7YgzgZzon
zN4+gxa2cV+`;us@1-1S^@Gm^u`X>$nFD*jKP9{1W+6zI|OS0Y(?hH$I(`RTl@|yVE
zN-<z<F1QIy2vj)w1v_z`_rRDxA2zAiWnNsVoFs+0AU#2>mHU>o`yf4JYT+)`DA_EZ
z$GxsDJRj_ZpAD(LP;wugWCTyJ60=oDF6~WcHof;6p&14q{6J)JNb&9x@QVp*onRx!
z`#)a`)($$k>bw2o1}$L9y0~GlsWs(b;#hnSks`EfZ6Zz$^VOYgu;^zILd_-X{ZkE4
zsa>rgEjkChXyvY9Ggj7hOb)3Sw%~t0dfvwfvb*ti>KX-p-|B-;LJ1g?P3?lf@O8Nw
zQw!V?R2vQC_&Cp5575&v>?j);lHzemgvRPE+9mN3-`&0c<vDr{5s(^QK#D*mu~o;L
zpb~VmxFN@dzw=b#tDF<0ZwvA<NopOb&U=9{_aAiS&7lL0cLWh0TX%EKcGs=OrN$B>
z7SkE$^{%FAmNHT_@A$p?7%V#CWYLiFLmO6Jn7I<VEo%31b#aqv7Q6H^T^)-C_A0<D
z6Ax|6K}BO6ADl*kf32$i;AraN#Lvyya_IYkFqt`l<hcHzT(+qt2)l88spqJVZC+va
zN`us4#Y}+kJn#|S@R$WkE!h<)uA{13zf`H@Wc^1uAYth6ZbYHZTepDvZ-9XcBd+UV
z4U!+wD*0lS5-4L7Gq2}8k6izOt>j|-pZl8V*0U{v3v~FM{*-VrH;KsV0ZCF0%EG&8
zWCI*^f>|CfG20wfHVxPJHukgM5rY^yDp(Rwu(J50ZzzMlrt|Xb@CJ1?*YG+F7-w?o
z$qmur+hSGog$!8%7!TbrY4PR|N7*UNFK{eMY*~ip^xsZlRh(Oo8o;+>{Bh$P8b;g(
zlJ!Jk(9Nb1E7RZl`LzJBMG_dKw)2^2S`9sO)-!A3Sh$r~)fLN-qB-`jb|PByW2dn*
zkDJRDn2X-HQ0k`GKY7?YM6Y#uZlul2=xTw-TrAQse(T%;Et^q412X%an~!jcT}U?!
z&b8GWy>Htn-e+dDu1x)&1RFPdoVu1`s$C^OS(BVJN0TJImF=q!tYm1?lAuWhORMm<
z!}GdkK|ZkI$U2+I9(hH4Hr$YYWPe1yGKEE^MK%Qy5#GfG=$3y5Y%;~V-|2SnDhI;!
zUC~F%(8%j`LSZLfmbeo2tk$j#vWEG#6KLtnXmT}BpWzOen8($KrKB~F<U~=nL%3D-
zQKUPI$*K3?dHun>DaQisFy5<A^4zX4`EgCZ4St{ws2k=B&L1!oDOp!$VNa$?9!JtT
z;Ij_{35(P23QT~W@_EO7w7qXWSSDgzD8G4F%lxYwD}F4|ABBUpx^6BSJRyU%;czc{
zxx-amKdNTvm8U}1w896;`+#RVds2Ge7B#2T-e7KEXDg|G7k7DCTl52)ZNxB^DAxay
z>QfxQLVBYAuKdO}SI2PnV@o+mMbPFYg3Q~&TGmXdJDGd)#Re`0dxNcLAbmX91tND5
zYLuxM^_Wc4{$2c~l_`zMSb{${#4v7`2WH)rnWD}gfO!kqN>-MEdmFaS=17f$g*c}y
zSW=%SAc6Ijbf#{JN<i4$)IEg}$YXHDHF?rTq-q^^FL>-fK2$c1@W<o68Qbf}^ElAe
zzbM6|lM$(K)M}mEVdJeOG!*YAlfr`u801bi?}sLBz}xhtDWUBm#e77e4VDs24ZW{I
zOyC0T_uJ10OpxU&N*&7dDhaE~`s?k2@bP;ts`!RjX41c}Xt%D7E18!|ba{`c_cukK
zi;9oJ6mNG%vUMfaVK(vS!?KDUJ4B8<3Pk8I9>sN?p^h0?Dx&nIkjdQ{jpV;;_-PiI
z672yX4w_xiu+3zCd(iNVcKlp)1}lTDtrsmQtbN(hbv|L+roWLHz_0|xFv$|4l3^>P
zi|qMF?8);iOAwM%B!Rl~x*iroi<r}Qfng16tW(@BC^6o-x;3Sx6PT+&SDY;!o6UPG
z2SUmI4m$Xwej~#b+GnZEDeoan#i`EmDa!xz8+gw`uNv2Es1MRn1$Qf9eX#<m8imJ<
zqXJpD2xHUjK2c@NmqRQu7dEZ5`f9q=c)1*`2d7tQ>GYTo@`kw`k6V>Y<7W<v{T}92
z*6NL;Eb#81%Q4XXT8f$eyys);vpU@Odw@eZrk<!zuRxl9{@U{evM|}FmoC_)tEjnZ
zF>r=@duuyef+D`PRgvBur|98^wOSBWv)3-0FUI#~I=EFDGaiSc#)@db1$i~nxf;En
zK9!^K*CBY>98NtFuw4~0<eneku05Ah2v{HS2U{6pL3F_utmvaIPJS6vc{QVOQ{@IU
z+Fi@uta^<?2@k?O=Wgg3{rKZV$KWK1lNWABd6O0Wf=hHr^s!c~oxzM`JE-BG9;2J#
zxAIH+eJrNI7%!><(ZysFH2DBoGU`372kk<q4*ZlVc_~YltHX$TPG;4N8sA65gy1Iu
zhwd?FX6q#)chjgjRM??Ve+?c+X%Y&`#(n0<HPi6ZCwE8mZdyUscZcxZ)ht>whelBk
zPCLoGmASeUKcofaLN!`WC`T&V-H2M;w`BWlUg&ivdV2wDdNf~%-$WThirp)?0)J3q
z%95(~iFuqY^^;Jyi;JHWj(4%3E<P2juT*3tXqE)#O#%=0?ArogmR7eht7Q5)?s&f&
zW*mgCCX;Pb5e1^EJP5R>wuBgB2MUYS^)c9^V^gMOmUU(~7I%u^<GqwJVz&W5Wws{e
z5}^(*Q{k!{mL~B-x%bh@omMMpLF4^$T9ZnYYrR|=O-Cc1w~6P*ptnh=j7>17x6BfY
zudUe^NMOX<O_a0=w}0NO6cP)6gV2;Py6fQObr>T?{ty}8gxG*fX<5MjUc4Y0&j@90
zVv;%>Z|hBzddNq<L3YYF(@f*G*?^3)P=(es@?Ri}=i4KjZxtE3p+1A3k}8W1Iy_nw
zIX9$)0f-HgeoiVHQU@+1YT#>2_6vf~OQW&*?<hx^XAyk~&Q_Rc$WXU_EOWg;5y_{R
zYYqzvZMRNrp(Q^iF>QgSd~x{$&RI7eO?YZZB4u%j%t6b`8i&BKpKybL^jm^^q^lx}
z<n!XEXyp~Q6TeQ>uh*P9s{0nPC7{C`x>w`k(Jxpab)(uN4lVpPq&wWv-ebDg1%U8B
z{5uPu<6hc3!$pQ5iidv~4nZ(_!4|oFPI2u%$=<TTY5>blri68Bq8Aha-#|&x_?fY<
zUTQ-B8UY8Uwfvew^r^v(Ar9Fn=uFLe#_0{)sg3&>&0b7V;a`pVnqI{~2E~+0&Wo5@
z8rS4dX>+_^z>?P_Xg<DY48ZPQz`GtiX3`u34>KmrG+2oh``*nDIbLj7hIorMI%!vw
zfdndkt`gzRR{wn`Rx;cn1js;rrHRWhN!-tnP6S_%g7+g{ws!fgo%tARpXuw?A38KM
z7d-*ugh+xg=r^%zK;d>#rMvw0g~DJbC7jvSGtHE3@)w$H*&mSK9NwD6q4O?Ia!YJK
zUh{AA_iWS?kTSsY!*nO(z={An_@wj)1Q30(75BjoPGKN}mY^ugd=DQiHE#Y23%=dj
z)??*?O7T0IHT8wTkw2;rOwWJ*TpXwMRTSE9-QYb<QhQNNN-a&;Rpj236_*NzlL&Uc
zICVz7;UQk)tm~tFdoa+#ut&~zZi(3Hm=l3m>{TZ_hxyjKl#2jE$k^Mk^%rVwJ`|&k
z7MmK-yt(QcWZ(RGglJ;Drt5`oXNh;kP(r53iyGy3tCGQK@g?Xuo)aPMaoY+_NK9CN
zOSE2iVL%9FEDRLvqugCBWJFytag;!*5myQO>f<6-ZaOTQ_x3-h-_k=+LRS}t0C&mk
zrW9|V>D8R``FdSj@GP}%3%QCL!t4|#a0U5<OG22HNL%}ZCPl0)Kd${el(3smHGV&7
z&bBzP(H#$|h;*=Uf3S5kWY_om%O~v#BNe-4X4>3Nr^kjSVVDYi{|8w&RwenB6E0#n
z|60D7L2s=NrZZ~KYGgT%K5v8KAphuZj9EudQk;4f2l)ik`dbu{dJ_5zO>0$6{~*Tg
z%d$eztm}*b68uB>tsc>=nd=z;!a+L?;Orlkg^Tx$JLWg-$B?3-UFk$^DXVzXAM03z
zY=_*-;5>&uW|PyvN&kzi%CH*}WO@L9M^}kd4};oMSOyw^V7X?UO+O@>hr;Z%2oz6w
zGIZ5kQGeHQY`p(r5u^Y5(O+?;W~Ke4g>shxB8OCJEj`m36xFWDA@vTcG9S=0PIp2z
zsiM?zGS|}|LnalSCo0Q<P<H3X+iuQx*5eH>g9$j_aS`ymJotOcBc<G*RJ8AyK|C6d
z<%h4h5|&VAq7m22X^^MS^!IeF<^R2X!+4k6psQL1QDfkiOTxL(a4d0U@Zm#^n5EOw
zd1)z8-Rg-zdda0}i+?`>)}Wn~4K@WY%v@Ir*j6KfNWF1fc>fqa5qOl6c*E$#AV)lY
zulp1v@swnI7@1x!ALRy14<C!y=}Sk<a{t!gW*fUpTie>O!)j|(NzeLl5L@%tq@zKo
zRLB%Ys^DHbHWD^FQ9(LO-NUy#YxQw%n38dz&7W#DWxfw_lQ{Rk{VOS<@bf$6PY6as
zl1>s9x4djUVc`|)fH+(_O8zreFi?Tm@U3qE72<;TYIrun*aoh!8exLlv-0<GD74~*
z=#xu+l)*)~2YymDF~N3y0;JD%e<(y0A5L$;3xjyYRwDxxhgR&Rm{x%s>?hYWWA!Y?
z;)Q(SfHC5h#^bB~A(7uH7P4H4J=J6Z!b8WQ$**7Evbdjf5eR)MF?fPap~Ff3`<$Fu
z87UDja&u#tX09V1ML&PB{_$l-RGHB+_5-dgT|b{xk4~~20&Qt?e)(<L6%h6=IByqy
z)^Ox?Z2yqlSTgc8niFvxW54#>=RVFdj5q2#q;3|vHw~bqS|#X2(PMqg;bv?yUzK4i
zPX#o%AjS@BdK;L)WN+jseLpWXDgI#Wtq(2~e0RTx#7e;8TvxhQbY<qS02@8w^TV>_
zF)|5s&SVwt%ycN>^88auD=0u5jjUw+ZtmGDWmnF~8buPpOGCFZdTg>X&C7fwCI^-?
zK?qj$d0m!rh?GBzwfE&uDnlD0K-m&V4@*`#@sSafN~c!eQ0Z!`_qyq<^WaDdkI#<I
zJlslT4Eu~1%tG#b-OIpWZRhKqC0T#1E)tR|S|HrMn%$oy0UgDYTqns(=(l~9SZz9l
z9m~=|Ajz^it?{tkQf4DTHi^O0@r&&{0wwjm*m$v=8iGc~a}z&TEF83{_31EE{lP@|
zGD#Pra{?=g&p#%egQM~GSIY-cT>h=i5S#lb!o|FxL-eA$7=bI}WWK^RlFfl{8H8Xh
z$)8B<;$MxA9;5KFf;?7zZ^_E#qL1rJc{@S}*yX}n+TQ!S(xyneRdcWa$wV2tSYNs<
zzi|dHp*mO!hfaRMP6>`5uHRaYsI@g24V>|!rB(`=Mgbb~U<wm0-f{6p1EoSgJ`>w|
z(JlaKdsfm6f|vtm1a7xSmmHne89DbQ@w)?JyW4^=P|V1ii7S{f`|E>1w(PznaY*v7
zR{LXoD`e|<iit&6WPqAX7Wqg(=p-Dzj1Qsrbe`=^ouB+QzJe=<48D*Ir`9hk3l2(*
zi`6w19h5sm5nYVhlh-H+FAp_XmKn8f2AyC`ffEf#0h3116{&Pw`505F!RevQvUZ|;
zCNAyIrOsU)?jnWK5x6KRdr^pwyr|jSrugJ~m=Yg&$}myY=g&9JhD*2b?IV8p@g0qY
z+uK;)fDkSw=2NQM79o?a^FqMx-OIQ>yFbZ|{&*sp_3P7pR;Zp?OLjL+;VZHwDnshq
z>+dyx@4V#D%%>)_X}K+$>5>HPau9Q(jWvKIUr@jauwGv_bvpk?|N5gdt^I?g?uN^0
z!Yyx<KofUt=C+#Veu{D`n}m~&#N=f@bRLIA^Ubd!$A!)a5iwMN{Cjxp%*Y~(Zs(xp
zp#%w&`1)UdIMu&;vaqnGVa>D~#B?bNNj6)4=pvx}E+u}SN%rT>hfNO&a5)Mbl_POm
z9s;M5wA6Wm>P^ZwvX+uz>t)|ZWo$oN9U}FCS@W3~Y{!Pg^`|6LPC(qwShCD`!{Oz~
z7*H>BmX~U9`{T=X)$<t|3gToIq{x|_U(g#+u*2`=<td874c_i{qQcb&)EiU$FWYVO
zCJd?)u}Tl$X*H5t8HH4;w@$t7_kIKv!tlK&5KOlbMCN?XjP`MpGL~&{*|xaU4q8L#
zny`x75?y2r&*hauLobs*+Q1#)pax8(Y0Q2R#r2fB5uxU$nv1=#6R)M9&JUC$y;MRU
zi4^x?KTjtAzP?$f{Iis3h3G{l9DZrozwh;C=V%9IL8l>kO!^q44=c{^HmRoC>Q@pB
zZf9`zI8PSs5>*?WGB_8qK`8$~f9VHJ!N2@x`nDk=huzbv`%aSVEKlJlZZz>9eK_07
z0!z?L!>U=Sn^n9Fj)D-yvRPCZ-y&DyIsf?@E@%{ls}OY#ia5<I#dth7cU(Elk3g!E
zGdC^t7504H*V_KcUjuPLs+%;-5(dD9W})23m(xm*__}r2EE*Aym?~}0Hr4{1X596x
z$Fw-GaSAGqE#11v?XHrg%{3+Sj?QmqV7fylD~=uoOC6Ovm<B;{@@U9;zvEJCz1oj!
zU?$7GiKDCAQ+l|R|46+hGtbbpV16oAF~nx8cu4&dz{feurb@W(jUP_jClEN)sK2;a
z*MA8)P@lpVb}CL)Ajm?VjV*)&duu7gLc)Bqq%&^vM2nA3qKkB^)>y1{gzmD${wx{h
z2W^*)+S)*f$n>CT_Q)~Wxy(ly2tOY5UcEh7EF9H)R;}z=Ta-+C4~F8&k+zTBCVhFR
zTLoX6yN!~7q<?)Ih+^OxnJK`_+{cwb3wDXiC)hnmRS{Q#ObKuByJ~rYDaJ3oVURe=
z2{hf`oJTdOXk;CXWQtDmJ9uhwhA2Rybeo#swXm|7-1TyqetYAiG{&88CXxJORg({^
ziu}B9RhCjlG{(*zt!%XINfvMF*;88G4u_fWLQ<@`Yxt<afyuzAXr&{-UU>5CXb2Y)
zPptieG4WaG^1as4U?9*J7Dc6OO=uRnFq(?fj}#!);xrT|B*l5(Byx>$gNCxZHa`@_
zK7?zV<zV^c^dr)vFGEWkZ(%iWg}hSquR;6vlV!|I9jiUCp()KQTr@PUIBC`2X?};A
zJm<p#!~|sK>xHxX+WbzG3jv>8imn=G6)2+1V;ll{Q1r5T={?^yv;&6CDLKcN)-CdQ
zAp<&Eu#jSQ8wUhxeMacN7nmRMuIL{X&?*d%zQ6vBZG7y~328BgZqL@*{uBN(5ZpQB
zCiiwoCKIMrT{y&4IpgHFukzP<Y5}siGDG0mmXT}DBtFWbigaka9N=;OBO?TUv^*yF
zp5tJ&1}#N!VhMS5ZsWFo%M&}VgFrJAQhZ9JZgAAb_fPsy&r@g7@pOJ$`ydwkXR@Pz
zj^)@#3~Pw@784g4h0Rriu8E){1#;!}zdA490nLW5hK+rGR6eW)79^0tTnkWIBbGbg
zg@Db8PKB;Eh32iwuP#?|qfQJq@Rh?Og}8kf(dAj0wH(8h>gOZ9*7Qk)!4TqKrM9Mh
zXp>nEPQigLn`QWjg;&Q8`O1HqPte&Ro@b>y?_BKPh=AgtnA-$1zT~B2^~0oB9l0F%
zG)izPOFwO=%m1c0I!H)+r<WGZMjcT@4pcIA)=a=*oN!<cQ1Bs!21IxG<Z3KmTxDh`
zm$kb4m~ee$mGTw>J*zY2#61?3HX;KA`_`Q|1O`WEt`%2u43)-=fm|1(&&sJXNP6K6
zfOvNzsz!P_%&Js?kH*J_S5k2BXsoWW+jsN~|DaFEJC^U~Y1%W&x5E)N@x53O@xe9=
zl?)P`VAQxO8Dnp<CuI&=vo*WW$_)-cS8FjqPEqlo5~NOw5K;FOn%8zBePeq56p*Qy
z%0(JG1|$LWc2Hd_u^^}aU4qLtPIrZwN>dzWzJc_1h8age1@#t%Fn14^E)ecV9n&64
z->+@IhnRDO6UzzQ&<MS25~fRNoLzWK-^G@Xn;2wrMnuscn=P;R7q=DzV^*Pq&yYwL
zRh8o#mdGx2Qz@`PqY`Htf;FXzKR{ny)#OH}GpF`NA%#H<cu4f~t@Ky6*k`<TTz*r)
zzLZ0)e|h{l6dHo4J*D23_0tE3d17dv`7hj;sv*pq%~DA*X>D-bK5IWVzTZ>wMkcPZ
zWryrgEe!c>QQ6!&3VPoFP^6T@#q%gWJP-vk6R!`|e>O?M$g|{AA1!rdzC5!{F=Qo9
z0UfI1NwnD`2Q0@<!t0m3-$9Z*>|=Oa!t;ye(~AmQ#N^7b;s`!7wlddxVBZ!!hONQ(
zl}b_-Q3u*qVRLH)=+<|dA*LBqM&GGp80qDA;u9K|XDI}HbOe^?_bk!%x?w0)%_r5u
z@rl-tNMkVbf)kQt^3(M{wh{cb<;+K>5JT7Q1B#5bvq~VxwI0fVvQ!%GrpWW{^FV3;
z)5U#*eJqk?z}2sw2<iSL@?E@#clRxB%dCq)-s}7KM--$f-^RCv^Cb>NI6ARYfjJ3g
zBm8EZKebLu#3X{J`&-q3BJ`K{pw^j69jhk->la<l%M5beCD!pCs6|FTfyB;!cDtcI
zihQd*Z%xk(TWuxWl$lOMX1f06!j+!ULyg2<HYUyU=?23owd89s5Buo1t^E`OcR3+M
zJtFzYyDkSGmh$MBaF-}T*P@w7Vu&^l#)nWc^5W(LnX@+N>ow{cY;Mni6JD&b3yNmq
zs@<&*je%$p@%W;wRb+N!4z!Fy#`AjP&Fw{Ho7v}4q2(u+!ztryt{pqBePaiDITZum
z>9E-?y1_cELT@JQ1GFfP@EA-vm4MkA=j^|wPTDsa%F`VU5mMN*sikLVTpPc}k?)76
z)2ujJrMW%6B6J(;v;Rtne(oqz2$Ei!59<y-CVp+)q0gxy{&H*MddK=!@K~GrHXU0)
zGofp+DPib`HEwBjDWehKO;yobw<mqQC}?9-RD`#5m!E+{K!vR;Q%`a-G-sU0Qeri$
zYJkwFLT9KoxVR%Iol7Zm&C}4v@A8-kdlq}Rh|zinX%>Zf<~dHdH)G*o*lo;2c`G4H
zbvEHsT9@l<%+E1k=3l!JWzmuY4u1v4;iwTCU{&vl{Fcs3H_AI!iwIIbgcLmxO75T(
z(`ao0TyoUzJ}S{p`*_KdVGfWR(s2f6PTMe)*|^uagMT$!n6qL#w}TT~FN-K4MJg;1
zVY$scy-?<JG^TA_zf=Z}6KXpOoc?g-U0jM3?1yRx0Sm-c1V3gp2NAk6eNZVq`C@jh
z$2h9WevUI^Q0k~Tu=tB7VnN>O^gfU+^zhwPzF~Vu_^=Q6u*7np3wiAQGv3v#Os2aW
zd;&k_>|WAmbD4KZGKVp;C8i~jYq_faDA@~!;P@bJUO#*W=bbW~z;huM(|<jxNwf8w
z+x*vaZu-M}=TX%Pp;OxgaPiZ3;bZ$b68sgd&BL|^`wz6nhucGU-g`5X<^d7=q36Pm
zar&QOP5nbV5OC(n+agB=p<5%Aiu)DgtIi7XkS}ky@N6vWb!<^)X~(Modo+Q}#w{{_
zV`qPtY5t=VDqZT!9FQ~)u=q;0V1`xV)eo-|^Q<d)@=kRFJQShlXx5)(?;g1;^7Jqz
z2eYqFtW_E~777qrVk#C_<LDSMuN*!3Rx|PL6c0#~kX0TMGTsLT4ttdL+uhH<kQ6EW
zIw-u+hZEw5@qy6Mq#o|3a1|Yeu96Zxt^D{A^0PX(e`*tRr-qWK)kLdptH`i5OjG*c
z9i+J$RdOywzRBvd#2z1lwa;gp?-I>aKHtuMUp_~91Vc3-<X*B<bKdEgxAJ@m1e8cx
zbzHldXh2J~&2AI#YG}+&LK2CF)kbZ4G^S+uPA*Kb)6k*EbdUwWQi)*2p#^b+HPps^
z@~{-6b%X`Cfq8-X67&a>QVPT*gv2ryndL7@*Q=TD%*)(qMj)tb@!Q=S97O$Y?u-AR
zkUg5sHz_>Df^I%Kiqr{w3D=#qPfmj}3|aE=oS#5U`mF+t_zI07mIFVi%V!oOd~mUk
z{f&wN?4w$Yi!T%|gVirnb6Hp)@Z#nSEO>*YUR-k0)X6)S8t$q(r0ZkE_JHl)-lFs)
zM8D!YzvIfJO6%2b*S#b?$P@^g60#j+Uyw%+xUg2rvfsG+RHaPgD}u^Qbx%`w>`4?1
ze=|466tCVyCmBYL<r+F=s^Xnda^{k&-K#*w_=ELe_!1kaM(GBVT;%*sQpGk_ckw{9
zuw9b)3Jub6)uh0RD_o&fL(mXqyk@BOl0QM4n>Z{g5G_*~n2~^U)UeV7W&1l8p2sV!
zk+UhvvFZ~s+UOTJdkNFl<a2;Qog+$$B`RVl2T_XmIHM(3U~iGn=7j;9U4p**&e!Hf
z=nJMNw20EVW3jF(`P#md+X!(Uk1N{z02TjOOplPcpQGd3o$g#EtUbed<zkrD08E4_
zO)V{6mE(-x8xgzOkp=eZMa~kwz3u3j`&3I=rE2L_XmX`8$L)RM8PvGxG(ibX_+t@v
zqw@n1ZLTiRt^{=JDQt!E@vE+Bio;5<8;jKPMSy8!3#jY`#(69oc<wQHyd}>#vm^%W
z*~tFwanBMZvvzPK5v(6_nvC%MP^G<hABUR}^wv-4VcZ6%{HhEva!@XI?iKR6Su<s7
z)z3SDwiUtmgj2)X*(*YPiQAwV&?m*Y?M>mY1>RBPW24)QR@a;W##J^xF_C3ViA?NS
zeIrXei`*i!$BqJ4M1mPdUyH@)K}vR?>&R2<DmVi62E&FnGjFEim<7*xb3p^t`tPrm
zrDyQMVpZo&R^Fp9Z_c9zXX=u@Xq*x1q_J<*kPU<T2tX5UFHpZ@0`8-fB~8JRlW%Ew
z??niL8i<siy@~}^G@;Mp(IiM0Qgzy!2|MX`)p*tqxXTk54B43s-z10MuPDfmJmT{k
z@E)zWu;9<BhZ(i0Tq`#EFW7grorcox^M+S~bXT<p!}xbxx3LA<6<<SNG`5F*6;SUP
z#9N&ktM~v?_$JpI`MqEoMk*GaT~IhrlSa2LL$$H!)I({0r=ZoM4pOa*WAplFHvP`F
zzg@*&tH1#5#7)9By71A!g~Nv4Moc3@B`4qY6Maw33XXIjUU$-mj9b3@ACn!$CprTs
zVcIRCD06*AQ?F3uc{?fHj8I&JL=*n;uHofy?IGaQ0v|G^5;?DLti<+i)Q?i47)l_n
z8tWCExK;Gj37OQXWY%sp$uDE{mI9yQUOi*Si(#v(;Kq2Vcr;y+s@BYYN>qBC`Os(P
z3?vr*xM{Sx=-hYTK$8I__&U+^a4)RgRiq3eyA0=k1K|xG*_Xa^kpceD=0;n})GuRx
zQX%lfMr;CE$Mx{#Oi1LE$@*Ve0jb%#b05iR&daA6#9~v~vyIvzkX=u@WGDa_h5P-V
zZGvDE4FOLF(dgh<NT*uF37CTT!c6O1DQ%mxc1s;cfKfyXM?JYi>4zU}&!RaOA!Zu>
z{6VQ5c?F%4%_{4P22Peoj&8En)p;+14A6(qc7>f{l;X1T5Qu*B_|o{q*j;sKjAA|4
z52iIMDZg=;oMpASILz^mV=;?q7p3z7BRVu>_(YZ^T0cuHguU|EsFDzUV3Ybjg4$X;
zHCdl`Q{LnEIaascmHI4PWU#Bwdo3OO*$zB4cQysKjg{FM#;A6c{CQu#9Ay$)G`hPH
z00_PD6^KdU7ik{reSPR$VJ1D<f2{GZ)X7I`)Ootqg&=JpwlMXamCMIUCu(WiqLT_H
zNb|5@6fi^Y{G*B*+^Ri*6jv^*$V}^s0ru;Ma$t(q_{h$|{3yA)R1^@d_y-7Fo!P|q
zjW=OUR8<qak0HNy-QAK7Fb<m8E>H*>v_F@}doXr|BuxCP{W}?m-pH<DAhb2Fso?xW
zCOx)(&FSY7Jx?4Gn}CUNe|2N!zj6t;vMxnI)5vX|^67uqiQn})Y!(`C>-?>-*rRHm
z$0V7=Q^UmGed2~={8ROyUTFx-T}9}@x2xpZl8p{zPsHeVa?HAL`i5a|VOI;ZT~L48
zj?aXIiR15eCjxf7DJV3)g2!8aM$}q?t-5EEvmVdTXNeFYqC~35&h8a?QBeAmpW^MU
z@m@HN+jU~lOryn5`M~9bcQP-=qn!CnlmEVI`{`o{bC|xEsH(($h(_@w`5SQ{p0D}Y
z+M?{d<|Q41x2{O6(1CX7#1hI8WSBYB?A7m8usW#~0)Z|c@qu_DgP<-3Js~|!IqlVQ
z+|6_ASk`hRF}zHuStyIvJq|O#hG#yDeM`g!WZt;Gd$+61tFlJNsQKlHC?o9)yx93C
zijn_gx#Uot?B$Yi&jh$ncUEx`o5#;St=PE$1&Pi|6vTFm7MvLr=&Xe^sW@d7h*WH&
zAobs7KW?VyWba$DmJq-O*|dI?{wB*9WH`sh<3OL|BK0-_@B4ys5o*(gmGJ2Y$s+@e
z@UqcW7<(b1zSMdJnyYwVf}R`FhbJ|ilOBFhSQMGm`qllEhGTH<;3<q0BXTCXIy4N+
zd!E`J_#M8<O!dGntS6d!y}6i@i2_lDB|qc&z_<ilLgonKA+^_;?V5Q%XL^UA*L!D(
z##$`DC5;!Xc4Hl$nNFN;m!#9ru20$_Q>qA(TmY|w@Ei=G1vb=mC<o={l4a0+tRq;m
zbD{;9aR9aT)0!6WpBu{v5({MzB6g#HeZm?}Cc%!?Q{KIjQniBR>t%{Xq9X;Sl(lX*
zAT2a&v4l^C^2bmm!;U0AQQ5oy0#WA!)3Dzo66$ICwd%6$6OC6q=c7cpMW0O>b?=g_
z7YBM;q2b2wd>#u2sK*rOAdf{ZVBbY7JM+h(LO7EROpnDGyaRjM8QXQSS{TB6&06yM
z+Y@)8*lo}U2aIcscLSRxQwxF`%AD?MK0CP3a=^-6bZecht`-W2<XeV5#ZI52tv_O|
zwx9N5xaoQ-lag#J1Tat4U4`1%4xFrQJrzuaQpGNiZKgIK&8<1yox2Bi8m?6wQR>W;
zx_>LTM+sM#TdI1u>7-<*4ihm<|LaK~Rn{ce5O%V%@AB`bz*v+{_i~T4?jVG=ytF+E
zq%33+b#SwGvLcPp)9O)N_Q=PeOWyocAzrr+i;m2UaZGnRu#<xNt@R$6{IVY>HQ#jl
z&uPKREM<%@`2>QJ*jYN(i*#ocbD+>qg4W^z=}mJn-MI^0GBy;0n5JPxLAY|x(B__e
zBc~m3<X`daPMHnu3qmxPn`H?kbEgZ(X7T%TJ1c*5uSaEONNKO!RP#z}$zC*n%NSXD
zkG7w4LpkRT{H<S0hWI54)4oAJtWzu=MLcR16n1SsM$>;p&H_nR+@J3EJ3yGgH(oQ+
zVC9xSJ5GQ2Jb9*#x^6VKD5$`5E+HwJ48VgX9hLcA$gC+viSdRXIa1by+s|{*ueug<
zkYzzlQu+?>i3~@GQkLCnD+S$Y;C19mZ1|TiYTb_SYr9Z3EB=W`9YgE?3+x~h-+$(6
z&K0E#B)BYS@%VwXvnoM0M~qpTy>1l-blyN3RvsuDNtd4zn5d*|HfK{>_l_9_(VO;-
zp<M8f0+MwBiV=P1(?LDOato{m@INN}Zycr^kDaOHroB8~TNs9oeo!CT=%BimKCR9Q
zo9~Li-h>4xgRhGYQE_I)?WE=a@Obv*vc$&E42dOie;}kdv#EpS?KZ_2gB=mX&X`2^
zH)|TAC_ZgB8`Pb5wcA?#Q2q(mT}E2|xu)tT|0M>XqoUazy}Mak{e>E0pN2zBG;8<~
zQn<a8(o;3*$NFz++^De%nE>BrZ|cPWamafX4+SM01a*!=<-pm^Na8J*e8CZ+G%3=9
zm`$Se>UU8@EtC9`z#R$$ahb5o9^WHwXB*gpJN85b=cRPu?FUQko>`_Py7;?fpJY}w
zww9NeUFK+_)66OU(+Dosx(g6e*54Z|4uFPwd!BCnAvJ+!tr`-TtWnORtbMBUQ3qXv
zJWPgj4XDwpsfFM6^LmSrxaX_-_;nyPN_*@xSWhjqY$78khoHB^mzCVN$WA$=3-7Yx
zdMor|bQ0!mY)&$0FP2bHNBG!_nA-u-ZN*IVFsf66tlaK>181s>!rBJuGmsq3TNC00
zD!xP#wEZDd(s)m*DahisyY?vjv1SiFC;*iKfEIoAK)6(7$v~0=i7uTSSdO)$sYXjb
z26XGjC+uRYH1{qzZEY4!cTQ_}$YTp)@0o&UptqxdlK@IGOM_xf89m<8!VQbl<Y$_$
z9IWkFAtUcD=}}AUWogwPvvjlejkfa|G%cdu0qMAb*`z(|N&n@+uJIam_{RH__W8%S
z61E@0iz-J!?tjY*P@e*mvo}@b9c~Uuo#vY2CXeYUux2%`-w82`!Ub5nrp&S%WgrNr
zI0<)Jmpw5S<A2+K1TzNU*uI3_B=xXs;RJSiqSdS@Dlj(j(h}Xui7|@okZ9Jx!7)%4
z#N?HVYbs@eI8|Z`Vo{87X#zC(ZQ!Gn@feD3Xi#wIAv3CtLSwR#l7e)0`3%!2dH+BS
zF@xKJ9|G?QGi%MHKLECs6Tf(04+XyX){KP{ePk8j?}J@6CbBR)BjGFU-JO<P*bbTB
zQRDvvKot2|bF`E?S`oa@QfpdwY<ZcB0iTihOrEkYFi#+bq{WIVj<;fgZ3lUicUX4U
zr(^b!KIqDm)jU%=L{L$tbI8rhzO#4~f#F5Vbsj$PW7%zF=MA&~yy4r3&aM9}jD{?0
z{-W)_Tu9PUn!~!HW3v;bZr$Gf722l#AZ0Kn;xqn96vZ&U;Uq^In&*)$4&UE<<UEd+
zMoEsJciElQu3NJ@CE@UAclR}c@wf1;-ZM;o7NMTq3oDueSswwgL_x7yMc(a>QHWJY
z6b?dq=8>NdgG-9omTvA-6H5d`D}f*f7s|h!UdgXybvytooCc^HtfxJ7m94h29P++6
zA}QNCfLT$8EXu}BwPxszh!PgVVD4HkRcT8bZS}iz1Vr)Ett*5b8GLGpE4CtG-seC?
zWr&QYmxw{cbx`>3{|K|=X#|ac-=M`M*Bc{a)cq4Qq1@VxJ*qmxzlh~zvXO*<(D&Gu
zUuY;bS}F&PFD(9wpkDYCCj%4LABX3!7EGdLv`xv4urIas>uzqrJc~UEz_@RAe?yTl
z6-o5YW2Kuqqovj#Il2datWdv$wNakh+x1g^K8uVbRx?e^Sl1z$qI^J%^78&FsfzE;
zmN)u}-?9W7e{(%J9=c>n=)4cv6?CC|XRBAH8TuoF=gL;t?F8&<=+7v1yUl;O6tVc-
z=GQqTyLRqGhmpb4YS82Vhj<A^tEqx0Y#~GJwW7S+#p#3(vY>+g>Jw9ZZ#Nm>*+Spg
z${hfg8gm_)nF}#gMssY56JD~?ZWNN|F2<GI#C0_owB{kgksfr=c?Y2yuBX8j^HG8&
zI_PHzgZuf#VUkI1D(<70nn1bCL*f})e+S0-xj$W`F6n&RP&(jcbO!1$T|#|qi4_HT
z(A;d1RnO_+#1pAC4V6wePZ8Q~DQb>iYe;f}kRRSUsDSKHWK=1v7ipk~#p=teC>78M
zZCm2xVIe9}3|?jW!gcZhzme}>zUzL;vx)pdN%@d=&R2NYh9N9VatCJU2=hr;S4Byq
z$Ss|d54KABO?X#uN!{2Mv&K};_aDZoQVDfv--rasM%U@)Vp5o8`tl=)G$#tyIzbw}
zb#gPzQyq}Bwc2q>nfPd`zudJb&mGo~Mgy5}Te4{4fpF*9+E69%Qr|4#T%ihzzmpIy
z6x^6su3+EAc}V9S6T^i}XPb;FPIJi?>&NN_rAd^{jt(+Do6V5@F&1Cb&pn1yNhvKF
zDT5{>y?DTEC`e=zpDpHL!rE0*R!_RNoS3k}YfFQ-4yIW9Gp%!0eJLUg&h4NDTnNTr
z0-YqsEYZ=(8uk$hwBv7h82S=h>waXLx(|K)40+*m!D|{QzhNY;qaa}NvKdoUQHr+3
z>KD^xLV~>HfE)p3hEr6HCJU?0`V>n$FAq25(*Hg2E3lD}OJzn)AclgQOCip)EJH;;
zJczg+wFEQ~ZV&Ju<l!GoC1OCY(o+kicFT!aP}k3tLWCAmUTNP5uO#OXnN+KYn*u()
z7FHe&90IC3v_Obw1*9yA!X6m%XCG5(2shPC;O>d`D<^m*CR-&^G4xu~&A4-c64W`h
zou#0En}wN@YRL?4t1r@>+DeIMYDXn=q_=i#Yt6i`jX>C=eX$Jd!n!_{`wh|GN%8&F
zf05m<{{@{41D^o(R`oX+`kw)0NtBt?>Ef)3Yj0x*S=VONv=*HH)V<WG=V%(BlZ6E<
zbnb_DC!3Ddo2nZ?d{jzY;shkS_rqC6k;$L#l?@&qO<-9Wgh@bdWGbRf&y-i?x((=#
z{>p*S*^gFFok8diEiCEHIJH;Y*Ivzw7w_1+{!3mmEtH0c^v&&&I(n$WhvbkN%POga
zoyDrY+=NB;@m|g}Fj$KXjX{H>8uAUQHj9Ui=p5X?S<nv?RMDp=0o8jN-4B(BEHB<S
z-->o7AnZmIg3e-vGApCENi(pPAEq_9iwbaE1LeXk-P+w5t;NC5N7fb=NQwiM<AoXS
zj^f~>%DhadoKb#>N3;BEMujEfRo^VqrKbHtu(E&c?~(=fKRE&GDtGY7!iq8+_`*vX
z<C!=RTZ00yAjpdz%qFb^GXYUS-+LzIUu>H|uSrj^bLT`&(w}gOKJAxInMmx<_m+20
z@g)1;^C;wYX>0I0UL@EUcUt82AlI6|h&1vPDlC;`39ye!4#&k|opvcC8<aTog`#9l
zBA-+4XCL>f_rf*Dgt?)h@iWJ6Oq~5j>Mg7=d<D5T{YCxaaO#5IOfsrxgy!xWj9+%y
zZ0G9cY5w*;daEktEpu5Ls|xK+uj)a}?7CVTJ_Re8dCi$?B+KOt?=JumP_|g;tB0&b
zHa4iDcSfqK*-W8=(sy~>`HL3Ug|9J54jibJbrXM@2Tt^l9(^51-pZ|s0C1&ftTlh(
zu}<8&;toI_I{`^jM<%0~hB?^mVqh&~evwv~Ud)KVkE{krz8gJm5&f~voaVuL{7eig
za^OB0w(e_n44o^d*B60hBajg$Cd=`mb;!oF>Y;I((%gG@_8pdys>y4Zln*=*z{XHN
z*lL)Y{QpIBFk8wP#6}ZqOX^8O=N?ROgCg@91gDYHlNbzFM%U#Y=foq?bid?sUhFUn
z<yxIp>ZyrC@eygc%`d`JNx4<;rVX*{(mZZ&r99t}>%>;Ut@yZNpNeAN8MP>*s&R!n
zTq6!&itEZOn%#vv32$0O#lfY|O7NpCDz!sC#y&*j<7NHkc;U{=S)k~B5==~ExLma_
zYTwe4MjO7tAXC~ttpxxSzb0<3CC<UdZR9La#qd1V<-fX+qQgYtx(N#6XeRUjoIW3F
zP^P~>`<2)=1($O~H`-9*@vF}^I_oKSq4a+b=&zI)aNf3VI$295&Mn=-8|^w9WhYaa
zFlpEi;})=zvZ=nH6)^?>1Y)M8IS-Afm5JDJ{s=uaO}u;$k{__YLpw?85D$MO(Zqvo
zR5}&Gr)a8+XfB(#`u~m-1M)FjCS23nv0N8sVZ9tr5jANoP6YGwT1dFb*f95q_e!3d
zPVg5*OLP`%Tn@W#`lx&tPF!LSeQ}PuhZrgZ{?sO=wOdWM^ck%Quz91W7dBr@{PFOc
zcGES{2kcDKrF(-5sg&ejcn?DRH~>rx>gJ@>xss=kI9b9@j}KF>DXE<%#roX7gm;vL
zCkBn@e5Ve=_*1<<#@+ZD|D8D>V4$ROCRCGG%hN^bJXIe?<_ph&zaN!$89oWa#3m}z
zr=@scyno;v#)6sx?9N9i{3@63Gu~>z{55ce`(JpIdE`@f|4c4kB&*RjV%E^;UbY5X
z7~EawZ89F)W&<KQ7A=FTH0uKQS6Bj;Xr{DhPb|OIV>jJ|?Tp%w<Y*tYbryH5q|vd4
zjrY<GYb@)Axrs#nqU-Uc9X2Q2LoG9EY;NbYDg`50^FlQgHw0eH@+Cye;J-~`!`sy{
z;)DNcdgtS74HGY|)aX>y9!<JyaY*Q9PHE~9j!&n(&YCvXq{dqHx(ZJ-8<D?K0id%R
znJ`IP==b2vrY#yvhq$Gc-fDoBo_|;dIbv)b?#M8H5$;ZetJzVVSwy>FB*<B*DB_(&
z9-RchHdW3vDGwz>dhZG^Uw#j^AKmzCn_Gw7F;iNNbsy6UKbn2<dJ*&vXa})6uq*y3
z0lrq?g!C$nQL*K3eibxgf!o5bunSHef&;kgtu|^Uw(t3`Br8jnK5=TMP+*C+rIVvO
z<7)Pp8C{e%I<k^LIo@u*^ghO$N?&YnvwG2g(vi}l=*gz%TzwYw6OZXKEF6n`z+Uv1
zOs(kgZyQ#HY&o$@Ti2;F^Ga#Vgo30y&`WblFR7{P7f$<lLjCHcU_#^wi8AWKrSg5`
z1|KYZ?1u%qh|TnX{MY_0q$ngqHJ)PBzWqHZTQvB}upS20Q!>GNx;jwp{<qPhJ0-T2
z`I=~Ex|lckf8VUhZ_|B!K#8yDIwj?{=CtWmNy<5m69V`5Fn~B7GZv^>IxSF@^uT@@
zVNZ@Tw77A;t81Ole6WKqbL>Fw%m6T@ap(EIivErOm_ftPfS*@QRB&op?B7vfX%TlY
zIR3x&nUbh=+?+34i2RLmS^d-e8_dJLLZVJ4rf5r$pKgc$@AYYB`Wi6?(Usk{Z04A&
zd{;X&jofr{ner_pdZ*^>_1WI<WAjzhA2tTq8f*UA<J65ytmJN*j_vA_v}DB{BhyW0
zcDch*AIHcZ=-k>_BX-vWuPi%S63gUO1Z@eEe+gg|_lOD8P$TFT)FGYHt6$Z%2kWFE
z`@|PAZ{eSp3w1OD6rBHOc#6)kac}&DL`Cc+R7m(9AufkornwxINKy!T#;nq_JP#}j
zp;0_Dz|sxyeNs!nA5@`i-Gq3xRjnRqH8muEhnue8S$BBPyT(M6>QP@UuJy)`h&aNo
zhFZ=iuuWu|`OFYCWNzogf9<gw@5T8WmKyA0#`ZC8Dp4#j3$^22W)|tkaq5N)qstv5
znklvQLf6@z?X{BcR9JOo=?lk0IOcYyNK_s{Wp?$0MS9IeLiI>qR{^Mq$o3ecKCuQS
zKO^t5iX%do7>4ck4hPzC$HOHmvJ&102P}*;exVi*`l;jcM&F$33eqXyh?_9;?4(8d
z1`{oei1tW)FT6pJCKrS+T0Ar{wTmG@`NF)${Io768)yrYz%gH0I?m$yy8X3@q@gN3
zB7}d<G<CtkV)(UI&zH#8;QeuK@jgQpQ02upZCYDBKg@QQ-H<gH5B&a)O(y{8&L_t^
zQ=$hhR+l3RH(Xd_`UMAohtx9s^zRFjQ7M*&s~L9=HR(fgHg}=7Vo=<j#}S&gIAkJ#
z7c~m(3f2b&*37AH0Ark|cueiJCtjv=PgzS&E)E=^+(pmm^&=8js&bv;Nr=vKGlhWj
z!F38+B{~;d5;EsD;YclS;^t43@%u1-b1H$KQm%(bE~3VOn`nc7Vq>7GK{7Z4Cua|9
z1PJ>XCv6quvo1kztQ~*Glv#n(Qa-4i6R<c<*IAab;i99LBMIen;0D^JTQ*ec%M?+w
z@;JX^o$&BaPVi@oB@)(@I%_ADI&=*cOw|+$FT%IF!BuaAkLJUulk^@=4(x3OYNqdm
z=08MuU3np0XxrOVZe46co8Z41E@$M>v1Mz!*^m?QuB%HDbBBlS6H^;r^9<p+4gzVs
z@)6Afy7pbZd?frK;$yogLCk6(6u7<MSu%`Q27vNy040WqQTD<9bK$kl)aw_josJ7Y
zoa}(eo~uA!p=C@`>Udgw8j_P55k&rR9|&(O!02S=bMIilyHW_%8~F=I`_xzvMb=Am
z(J`GFMoTD<p&df4HYF+ocNU-lWpFgo^%?>okQKP>4dR>`FYcG1IxE)InFnc%PBwFv
zJukPoZ+}9M9(PyEdm3sdPUh9ofyfW~1h0b>!k++dsEyU%B!S&m5~ENgOwU`?*C-+f
zk@te3|8;{>vZT(;XZq&*r0~8ELYFsJK{pK$dz*$9hc*CBD|T;z5A=l!Nahxn?)yq1
z`ZzMj@T2v?sV+X{i^{<!IML%V`uwO@e?~+`jrtC?c(XP~3F2@hMI?J;UtZtT0!=~g
zM7|{<7cI5@Rs`QDk&}0xY1imwKI%ZH_`p3}YphhBE>1rlF{+EuR@qJjh7}N8M^fwH
z{eGRgV|^$t>beUINO+J|%{5(8rlg^@7EM#3qA{w85ooWL<p|29{8z$U&e&F9H$Td#
zvi#3%XK8tKR#nMc%Ec#2ctoq%cG6tFxBzHvdNNdE&;@RL43ZL=55+spgg}~mbQ7v@
zPbZ!4Mz-qRie=Px<^6-q90%kvQq2TqAwAfIeR9bO?!T#ie4+W+Z((R8!(R9`2vy-&
zqw|!wM4lhQ=5Gs;mcAJd34_akO<8>!=Gv!$(gj(<cHTsI8Y?=ps*wn@3(|aq@Z5r6
z=)D0%jLF!uKRIo~T{U|S8k~2vk68LKvhn_}*Mvasvwo@q1tfBRzt1Y{z`w|cM4p%~
zM}HzN7PDVbOgOH1@PeM}X>mPr-ku>XE&P4^(Ntj3?ZHew2|V38=Qq#!goi(*TZpw1
znue!hJH!mxdxR#xLHK-Bz-MRy6+eas%<F4x^6G4UY5Q|aI`Uj#BVoB|Q(oFn7p-5!
z<Q9&hWC_r_<Eu$vSvO4H(PVzg8@a)-s7i6B!vfi^S!gRl*qbuAOo1xUiLTn;vU(S4
za*8?BC)+B&h7;&Up@!_CJ4(XEUBJn_bk@(49q$ip@{njT^jx>^09U@LA<JDZL(px#
zf0FU-NucdmIb5SdrCJdJf|qD!#ufiePCxhIC@roe(MNXl7OJo5ajuU`M{$QDB&+Lx
zVn@EUlZ7v!7Yn((w;_Vc8c-A6*2Na+gV};xa<9OS^4RB^hD^ddE#-&1jNij29dvu5
zPTn|#-BXh;Ivb$jwr#JrZQJ&0+qP}n)@r<M+qP}n_U!Lq&ZcVeBT|**$$eE||99jn
z4*gP@CZosh)_slR)>rxAvaFI;))KHWlonm%bUR)KNJpVlcDw)R(JI-cn&}}Ec%I(k
zTw&OdlNTw@KN@;eRvB&1#<gt!S4Qs&^s6uNDNgP)9-bf6%$daQ(`2<Dl(A6!ZKPG@
zov&7+Frp1PnINw|>il779o60IuFOMPRGH8vIBE6?7)g&hpG<f?h6@@$8O|0skZ#hx
z7n(l7+2c`=k@LHkni=ZJKiHQ?uCaJ9v$|kxUk#tOmT#7aFck&AA80Am!ovj|%c{y<
z>$pT<<<yjFR3p?{QIa~#J#LT?-6X&J3E~O)H=YX4{TDc}Jkl}NfJ+rUpZQS~JvqTn
z<9QA(Nip=W9p{l{JZmMah_#>qAdg{TubsLJ{9VJ4&;RR25qLkd5?61Lgy(^MyVNF)
zs(+q${cZm1))n}l9Jm^>KFe3@@T=6dBBH{0mgNdZEMp_gtZ4M^E$uI7YqSP-Ev8&B
zR^8LNr-m1!$n~`1rX5btpDNY*=i&LPN_N)HWUK=H+b1rR`@rekB!-?}@_18-M$xbc
z7#|Cx(6&H2`nTBv|GF^HLy%*kZ<=sC*2^{;i?M$A!!Xd!)n#Fa0_3Pt3s$!P$z<LA
z!~-b(-k-znA3f)wfG8hx=LES??r6c6I;>iF?vUg+9Ykn<cNV6ibU0~icr_hztZgDU
z!^oLpP}a|Kom2C57VRB`u*dRRNX)6BFfFeiSBUq=Vr~COFsDZPWnG7074^_BG(?E>
zg*Wf4n8dr*&ve((^?A(FKaOhF62$=KwTka}OI;LE9Gb#OpXku<Q<Lg4I=yu>-OM($
zKA@73QY70Ew49VB#uCp`3CzdaZ^(^X@;`m0ggR7QAZeL2A;MY^_djkzQxg?Z^n~$w
zO`k8R1!~4QEiFThIT<M2m}sN=HZ&puBr$dDz^)c1mjd8+hW5+HCKV}E1Sj!&MaIS_
z<xr^VZ{`{cqG;yXG^+tfr0p--bL^#stoYn}Ux-n1F+^~k#qGp8&sTxoulJFaxZGX+
z(W<sXJ{z)<Ht#7OulSN2>2fgWEij5VPlk3ND)^3KG@UOnvQ&BJ(joQ)(j@bx6Xo$U
zggbqLs)w`aIlGCp4duarz38o&qq}m0#c&o;+ZFcv+G*kGlbfdc?jZ~`VbIpT<Wm$D
zwRzKx%w(cM7#(MIO<cbEvbeXy;nd-hrC4tQb)T214D>V@#sJ~IjEBuOy4mo0p#>3d
zYrK@;&eKkP*|Ry|k=m}o>S|i_u`>uJ?<{&&lD98^)^b|o23UzKqU?H?x*o~=I~`at
z-!JkAvbGb=HK_Jdek=$1EHp(d(3nd_1YS#{d%1fX(#t=48U`L^E=@COtJqW!L$$zE
z^lD+DyyviyYu$WAEDV@h=0)+#sgSIH;KwT^p1mhH6=O_+Eq{pO*iX`8Adf~N>R8T!
zJfOWu;4<A}CuJWG?!YIEEfgLmFDdfxDwng(Kh`jdb4vFizj{hN@(aw*1sn#&!+sTI
z31Hxg&$J>dJB5fe>fpVD=TNZcHzh!5P(Fl4^ZaRn#)HtHrpZ<}jUcW#^79pv1G_Rk
z_*AO|WL8QOJ;9d7Y}=noG5MM7$E^u8wl9~5V>$|3!7R}DW--tQd8f9h-kUCdIJq8{
zaI&hT+VJ^P71fJQU85vfA%ls*1D!a4%^H^P`fplwmf9v8Q)O8GRyM>?Lk4i>{#HN7
zZu6gu4u3b1R92nQn=CnwAkW0=?Lmt+g~M?V<Gah3ge?h}IgFhvitC>DKVJeGaSAaO
zR^2pfm$li82;Cz=1PD{8v({pO0%^(7=#)qoy!VQWJi1xKqNxT(xF$V2$Y_3f4whAm
zd(+Q^m53#?vMc{B^8BJZSKct$?7iL{ER>~b2p#0Q5q;z5spj75&!Y8<ogNGHzZ!Ip
z6T;-S3RFY#FYKv6^l{Y0XpN9hUkXfAb+%qUCNU!pr?!Rs3hGmfB$jBW5#W`QNu&K0
zKXnYyt{xtsvXA$dbaCl|LsgXT5kA@hi5}Hdo2BN2y{XxtESY69Dj%t3vDgR<5~^<M
z&s^Xk^(+@)iop8!8tRA#R-4=Mmqwtq?kDC~&iQc@cnZ7L{ZbP01!i(ex6-y#%IpRA
zFsvJMMAev!&`#EwNdLb$f`$j@c)-hmK6tkoPy1EIZ*mKM)0Kj=OzTVK!C8lw69rLW
zO5Tt4Mly4tAVU^aAMx*3AQ@fq0K31K%-=IVHD9WMN*Z@a&l_P|zi(0Ha+P<b5{T>G
z*hRtP-H0s8&-ur9PSd|@Xe)`0qr?eLX>MN{TruwN^Wfl6k*<gG+ta%^J~2QHVR@NF
z2Z1Cp?cWOpcnO~4lj2DZfcFx#Al>4yrM??DvCd7jS7fX(k&-cUJ$Rxs44-Qm#Lo6u
zbO{G0M+}UCp`j%Eb{0wpYj%kXDd?O&YFTZi5S3GWPt6kCF@bmXNy(-nFOJ02o(;DL
zHWp5hf2OlI_!V*`q)2A&bCY_1A=_`>Ot9T1(Kn@OP+yDTBmb7v_(c@1yAxVm_@dvO
z*R_S;h4Z;%=0pc4M~q=SX)=QcX`q&jGIta&#OgdI@;5ioXyys@seJxULFiuBj~SQX
zV|yj4J%hxnNw6`}_I=YHIxxTFXle7;pOrB4svpm4KqR@lK;6pbE2yA|RLe=#(F;o*
zW?_er{#+`^1r4GH^fio!x|l3YV%<Z|FI(Dia)A0&=5-5U6@GY_<xm?vU-9w}mN2-X
z&s4uUwuOH|*Fx+wBq@Ez^q+zP*PsdKW9HD8%JU2g9;z!N!8&xVo}?ITzBY|G>{jUA
zHbZW(dK4Lme(j_#?U`}l|Ai(-|K`oY%7aqA5F}SVfFv^s>J)R#*`fqHe<8|I)ofl4
zcP@a}z}WH+drLTH-3Rd->X~3Rxp;UK;)>xTWJWM2UT9wK6aAAwszpXd<g!HDh&}Mm
z4%IuOJtOxc$Kz13Aq3zk=uuW6Sss0prpoZ)jz={+gx6YkOE)fM3B9}esxrb|>SaZL
z4(pJ{fJ<57{8fh#p51HHaoq&wN@*>ToM_?`Id;=`zZg5T4_g&)i3F?-$>K<{{E-&k
zKYPS@Fe$RpJD#Y!LrwCle>%PD4&$83f8=>@sn()7I6FS}!09{%Z{C=T>B{&)_?xwT
z$+lvQN_0FvaE1oIXvZu{-vMUmOUDFQuK6okHSQ;e-L8xy2IZCz3|AZ-pSWUr{#+d2
zQeP32NmL{>Oea=1g{}eTk&h`V|9EB|T1~~MOoeZU0p_k(q(|1BS+RywXUxlaF1s`(
zCQMIHLko9FGmhsRGD-Hs^Kf^L5^_W){5Cl~0cx1BV~B&`L<vqgiT%jv=vmR3&&SRi
zg7ob#n>|@$4UD<b%2=klC%9)}jVJSqVeMv`*zmBomia(Mv}Fq42~&EyGbmxNiXeGM
zc}Qf0vbEU}EO=j)(t|>n%na_iAOpsETrbB<TieaFC;6EH*Up-Mkbp3jbf5w6&=NPm
zip*C$I!F-pDYT{CdJi;8)Y9pFxtmQQx}%Makod=7oF0in7nonIOzJmdg!QX)-|(e2
zlV+}X7oK@0tK})fQQ6`~@Xfp;M)%#Y(;Ne;HTU0C7o8AKOJZ<LuIl!0hO|f6yx08y
zlY-#-|4|T3>}*_||1S!HiGzuYiSU05hC$rY#>Lc$kU`wW(8W~L)Y#s{6o#K4#@WTm
z)X)~jW5cEm)PX@CgDwYm^Ms+r(fEG=#QzM4SlivTmg}R>*{N*LXF$&dpeDBYvZ{Ng
zhJRa5n$pVrvg*pven4_ka<mUx5k)P<(8S09h;fcdBsmF&D+`NLdu<&CmowV|WJxv#
zSepC=NSwS+07=|JIUpgoJG?kFvz;YiAmZUa2LjL>SRWc2N+P&CvoW(gFoxH6eQ_~y
zdvPRudNv^Qs*soz3Ej881!iDnXbXarl)RddfDWn{F%AG4lC_b;gRcU9pbuNY5C^h^
zB|+7uK$Q-t$R+9f_|JhDn^{>q_|Jhj`_F+`SswbI15q01#twvyYznNzrD+-vfz;iA
z)YrFyMM(Ff&|ck$dMaRnN+OZ{p92B<KL^70PGIux|2hz71=!fYBN*Z{Kq9Ctu-X<M
z{^#U|)>e=Pp9*Vh!#}+h{!m=sgNTCn@nI=I#;A+_bMz}K4G`?)Krlo+xZarNs1gA&
zx%H97bb|9UBYiKul%Tk<*73jkTfah*oVZ`b!2#9l0uxMM6ejzmR{M5FwD$X7@k^x;
zE5DLYw{2PD{x4!9Lu&)WCj!spzi0QeaX6dnTHaszWWSb&yRZwBR5X;5lPbUVKtH({
z^=u6+Ep=?5lw7~X{{oBee?flbCvi2t%)NeOPI?!?48D4MVgehBLwN+F18?*X`|oNm
zd(&oq#h_s}+P&wQ8yZ0@GBdG&VrYN2I5jeSe*Scb)5pb;x6J%veC6x?T>g3|$jWZX
z#T2ZjUB|Qq(Jg9;(D;Z&oly6epPD_Xm8WC-SIfR`SrBQ$W#V4q>lyCS7@v0bA524F
zJzVMCNN%+vVGm{Y5h%!up@v=38uz9l{mpt`vFoNm>tYMJ)C&d}tz(S`?TBu1nOD_<
zPpHV%n;hq@N^_^&6Gk$LU#7c11ryng*3$ECL@8Y)keFNf4Q5@btP;*-hNJ1>K6Kwy
z1Bd_TKn(087@cQgs)Mcl3A5y_Q~ugt)3hn;PHk&FckqU6qP|nKzz-dja9-9p*djrC
z0DKm5c8v4yWwQU&%)1vX-+Cb`|2KXY+l1n3+I&@%dyx=<>Vnot=%%oo0cGC#3rH}e
zprFi&aMBKx23;)cMG9DAakZ-q!A1B}n{^>CxJZ%llkpOB{1Y?a9-+pf>esPcNxV&Z
zY{%4Q0_rM{2GDhijliGX=$os}cgU<b=J{!FlwkCOIhSIsyjc-hG$wT-R@iE!=r|=t
z`u+h@;KQ+qUPqq{wo(JCYe5VRR>m!*ktSH$(BP0FD{?tJ-|v}dSj#)iuN_e{U(Dgn
z0o89X8#A^DYbQkx1cchyh&y*U<Z@|=bO9nSed!%TuG&4{@*IV`_(y3u9$?5_tXQ!0
z7Cygok$X_C@a#7LQl46)CSyXDFK&QT`ROl$xR9-OMuzxTF@(aVh~$>yBgUY^`Xaan
zNoBGo*{7L*Ew|$ySTpNs*AzX?TA&Qd+<U}_U_zfx*$_oT?^*n<d&)1j<rsj04zfKy
z(32As;YCd?DRY|)8$>A++xoL?Qa`<dl|g$8ptfYK&|Ntu;?H)8D7(^$<M;axAZIeM
zml-bgCRU@Tct2Q8gu|#J)49J(O^_bkuYQd(eliW8sihh#RK9Kfx&LT&=W70tboIGO
zT=Cs}7+Q4<DxMQ7YGdq=h)48$RHEO;{Pr_b+MP052L$G(5wfmdiny*nv1J9Y^5P)C
z<<)I{wV0%W`1?T{@6e9@$fb@<rR|xV$%Vy6QHV-EBtM5;V?`YRj?}R5%%j~cC$hGB
zTPu}L)Qoe@Cy;GIw4IIxt}QZ41OlnaeZabR5;A^eR(d%YZi9Rb)S&m}&7m+OV6R|E
zCtOUzx(CYajz=Q9)KFmw#<y2c6^de0?iB}p@;7T}pxx&0^RAje(VtB1y?z>`>~4fJ
zr9h^IzT6SBT2}(nd;z2hr0aaFCE?69QGIx3l(yFmI;D2jh1XB01hU&zue&r|O4TwN
zryw2Xw-f^lnWMW?Kal=9v*rN5JNOdx*=;r|&$m<3MAf;k1bi5J`fxI0TBb1=B`Z};
z4)AA|LTVebyya<Le?vTDadal7iTQA~7EVJw^bNx?%%7Qa;NJ(Y{t;4buV|kCD0>+V
zA1rB?=A_Ki(XFSRqYV5EvCld0A@3{q7=CYxkloc~<DKlwX$x8|5E8?@jjLAWw%`w*
zn1A(|PRjb=1!2wB*XnvzLW%zNE_IvLz9)ZLE8P$P3ONbtlVAM()-=$XKW)YST#1P^
z$e_)SYU8DY4}TImYAInm&WWBZI=z(HqF<X1tjA5YPc#~6s|+#U(0`DlgAx}52j>=)
zP)E)Y6Neq$vr@z_<<U1rZ&_#a*lvM=8r7fYwzoiua_Fo~d%T~ae))p@>=uAu<qL?&
z7u|=q5;*5SxjV&~J7KsN(a-3lU04*kmt!fL+1c=kO45th*bCnqFVq>Xh+aZv-b=}S
zQ!Zhby$3q!b_G4C(qpHO7uelkVz&7$I3?%hcxv3mn*Cq`2`?uyBE{l`cw%R6`PswG
z#a8;P4)6T_v!?<;KFBeQvdDH~jM=}@U0G52Z%L*jL?R6Epp#4B>~24BhIyg}ce79j
z8Ig>)XWq)Ua_^&A%NYCW<`vk{`B%K~e1~9gN#mKJ=2Z?6F-;Z5zT&8-_&sBui7_vS
z^*}2NEF%%~As*TU6>1{v3KNJ|rS>*?li0|>vcp6uW)h8XJJb}$!n3x)26BS0A!iTv
z)^C>{AMM4)AZD03?;U#J;01$<-1~covruXSU0kP`1a6BA;$st?S-Zn7PXGgDur739
zk!;rmmCRubgpjkQkhCWKQle6=420JruvV;doSImO^tba7>HV-gR-sR8vo+IbB93n9
zoSS^SM#laqK{{kAf<@z(D8yulunxe+?T5c7d0>2)W9eIz%Y}xQm^zs&2wb2&cICV(
ztBV8hzx@;UuA}RFer`WkV=HpoP#CV~L<Z!Agb!*f?q}3jFH>m9^EyZn$IursBVG^}
z*-9#C6=pSFYd83x+Jf7&lo7^(`qfFFS%(-y#woTlELXPkyh-4jodBbAXlf6jKfuka
z`ZwvL&F(@%It95gDdw`BaoiLNl%5y9Y;VGBl*`!2Guj(6Wnrc8%@kfoVmNNwJm>q%
z#6|7ZD_)Bfl$~8A*?Ic~P#Q0|OU=JfZ7*x7k~q8L=VVFZ^9}E8Bt%f)6~gBHOX|kv
zSYxLLFN0<s6`Z>>xIs5JDGnAMJ}kBu0XdLIf9}83-MSKbSzptiMq@4*zp=!L7LtxN
zFiNtXtr{zszVg}mE=EL1ju9$Z3$yEmPCY2@MSP62A$SRKBD(EQ149X~?IF}=1))XY
zR&3pV(6~mUaJGx8h#D&P@`vt6LoGp?rs>aaEldJN=06X`jDc!4_Qte5VGGg2v3O-M
z?Y^(l5>~5qQ^=z4R4>B4Bi&9!<XH^glffCZmJh=~^_&!V9G@t8O39VF;IL=xLu#rJ
zHMkOt^d}G#ba=O3OUMqie<>1@F_@y`lG=+?$%iP~`+|yk%bSlLm})G6e0%Fo$7`6&
zFQB~dffgVRP@D!5NdGuyxaZ`=OdQ>wB#wol!u1|$VMjLw(Q>mj3vXBOyj(O|sK{U!
zK7e5(_~pAR0o%*4WU)lwQ#Qc&j~Ht52*r}ebnP@8q;71b<UN0j^=1oPtDY&W`xkpk
zEJ6SRO<AC{le2=X(}aWebisB5nRLuIS-)Xrr|rPY+y!_e?#y<1s~O82IRTPe6MsK1
zU0))n>;`<|3BY=4r%GF}gjG0$!gsxf5SF3FL+5GMr#yJDcTX&AFWvQ!{91HH7)P4S
zJOPSZW!c>k_*QJM>@<tyO0^Af_fgu-A@dNE6}?$v5|s4m_XWykQ(RUUDw+vzn^=M-
z)Fr(`9|dt`H=jgTk!1!-XZi~BF`AV9B$SEP&re0UgN3<D^0BOhr!#-A@W`)|8~390
z6nlMo(FQ)QmU+kxdIyT}ne?%qYFW1SxnZ1Sc^g2aO5os2lwFpuUu#~JaKr|FQ<h1I
zm+Oo0+KYB%pCEpv{LW^fiA=83nZUKL?RJV{9o{rqrv!435*&Tzap0Fr_x65!(uhqA
z(z|Oa&yN?~`9D>WmfHVD5fcC7$G6+{WPlytM>I0xhdiZ6`!2<=f)cUtfoTGiA+Iqe
zNm&GE;&>e=pIn%j;_w)l<&LDd$Jym;7ad*rkGjYqIf2^$nb{dCK%2@8v61|3Y2*+t
z%>pH~TxINfdvtD{)HVYl4rceT`~pPC?J#|8s`-Fw*@S6SvVKMXU=07(KuN@#x`Z`+
zX<G5BgZmTYT<B0?LUwv*Zuj^XmHgKS)*3Sa<>E)wzVThdG8Z$Ca~vMsI})j-GQJfU
z-h;8OIR`#mY8*k;qrwQwns1NrzJu?5rH8;!40?3UbMN#mk14Zsdeip6UwIdEdUq$c
z9D#grNf_f3i<n;t)uB*EAQ9U=f)kpqpy!Ak)2ov@VNHpi>r>5Ag^w?xlYBeg2usND
z+czNN6gB<!Mh>+M7<cgE7Q?~}IWrVi1Mvl23Fohw)3l@zT7%5rN*OFl>4=!CIUYGQ
z!#Ik8=&4JHO+x~%9a2}?dHTLM<HsWoB^5dIAxBG^x;4|9umxq=T!e{|^)dFlOPPFJ
zmTw`20wh5KCyOQTcd*Kw=3+=z`6si-1X%`6HUi!#(UkXd1dM3c$L|~Ft^2%_HzmeR
zPN0>9)MP;fbk+xyK82Q3f6|TR!ls5qicN&GXAjWkkw5O%M%nz-lZtK4e6XQt%9sb5
zk$<$cKwEJ7GyE~$><W}%26iMvXKer&`SXv*O66qeV9C7BW$3z}i}agEgq{7hge(~Q
z^hFYW^VlDSyfh*ZWq|N4iiTIYhgTQv?S6<j|D8_Km_}9q-sjMuMR@K7;~+NtqFm@W
z*>Xb4{@E?RQ?nqs2^PW_qndtRw*Gi~qXdpgVG$h>=+&xhZ;Fyne`WOdsG9qR)I{xE
zvhy02b<6-PiIUu`3KgOmLtY9{S48#%<Ft~&nJx-9So;mA2B!55xRdA~py~lfvaHl|
zsWn<x`Xg$-!w@V4+Xvafm7`LK9x1&Or&cP~+0a@`AJtv^C?8Ye{=C}g5_WaH?Cqq}
zfmF9}kV<Y{3L(nV;Q%9+gpqS5x4n0L?%H|7vros-SOio&j}g&{d|M0U)RjY<5Bllu
zw-NWQi%J}Fz+~&6-~c|gJt3(yh3JnHE1!2)5jx0HPOgwLDc{$P)e<Q5WtT@GM&34q
zkYfiyrnP_MVH~oo1ZTZL_+W-X@Ir%D3^l1><4au5(vlv2*DN?1_l;6Fesx71)77nZ
z$3O7DxqQk+w@>Z!g~SEyXK?jIk&T)vi7h^2-=t*W7<o+4ma)pr6Ur=E&0$T_w_BI@
zXWv|%^dW&?*+3K?U#I8X{$kgncE1S$9HIJL=?rNTo%o4yNB`cgDqS3{-oXQ3q8mO;
z^P5fTk?TuoFsfqcc}R2mlvBAk0+$30x7((Mrt(Sgx#93C9%qr>J%WS3#DO1!{ZMwy
zL!-9g!AnoQg8mV^L!~?H?Ol*&kxNF_s9VH0D2?boz`igPw?-VG3;3YC4&bxsoQlJ?
zQhFQy#f%H|`6bO0&n1ZR^hKi-gMbl@ojY*W(1jy*W5b6E)JCG`PKVBpL6}#fZ7wfd
z^GKekTa-7yp;QqB?-|h#+8_O=|6gnT%;=cRlDDNFK5RaaO-}5|Ad*EpG^=vx^v`h%
z)?+VslwYU@lrHIcfSbGl>HWuO$*<YP)78wGtyY83{_2XI(kSQ#xafxr(&^yM;GJ%*
z%b@Me<g=|L@aMm>C19zv>GznSkZ0So=yrgIM(>;7$I^TXy6FvcWCIcYn6zqm8I7zU
zSRPo#UJXKp50n4c2R5OWMfOGHTAfaJJlt;)pQkI%%8amKrPw8Ej&j%Q8$aUTi4=63
z!zq{}KhsqLQ7Am1s}`-KKwheTh+P)L1gX5K-V~VZ!ac)7VEUD|&IcI&Qb=DNK}+>g
zO{}e&th+a@FE<&H`KCiw5{;sNhPtX<V?wS;lm7Xq8Zgcm?NCD|#ikvJ3|N|-ewx=L
zMj?D}M-b_f_-)N&Ej6x(z+QsgH)X|$mnE*qxp+`iw+DOS*c#;?$O(zcCk)3I)GP)B
z6}Z(FV8?BWywg9-HBZN;Tu@Q^8FFq^&qPmL53_>A$d(zq3juU6D}LMZ&g3B*Dw!%9
zW@m-#k-#$M(B6DwF=RGn*KMZ~Cj0R{X+->92M|>Kp^v~8&5DkgHh|3@&p;ars<SOd
zRLkV)@g{D3t;e2}lHVG}D(40h9h;;LW+y8n<i{oAQBp)tjx)Chi+*@7c;_^S8Hl0%
z+^o%d&){a;zzK5B5cW!;+f=JAd&}cX;7`#CP!Z74ehm7&G6nL-{qjG(S3^YiS4cP+
zeTTh4YF1%EwutE+O4ulfXw-6UEhKnkuCEq)r#+$XrBHAK5U~9iPuzbCqQFGsYlo;9
zFGn`*Q&%F7;#r!nFjoWqU~H!z5ORGmAG8ajmTVyEr}Y>tIh8qQbX&AMwJ{e%6S^|{
zzx4+vMMMwZ)u`r8@^}l^AQgFqm7CGN!Paaz*m~cAFzsMCuq%cl6^a_^Aa~7CHLW;{
zhE-V4j{R^?86>^}pLZ5xO!IgC!71hn9A@nISe0vZws!f_>lWm@&&)W%E96-2_b{1r
zj1#WY|FHzL0!xM%{uWB2byf`oi3Hx30^A6?XmR&H-)L&HF8N_9wIf$!sh-E>$*UD$
z!{b>_&Yy9~Hc{dn*iMjzSYlsT-Qg|wHCuc_8#=0hzNV-D<nwt}D0w{}4#GrHjQf~*
zYy4)-rxASIEvB^M`ddl*-5O}E;I?ZQmyB)aYUa7;A@?Q^`08Z=XLsHkQ~ovfq7ngd
zlg2qfgc{RRiBGtk*B44GDyM1RP;Y<~b_H^R&CiBrKCW*L)3_6NTnFN&t|0WyizN~S
zD-E8%ntVb-r~;r29eC=Gp==lh@w<)-IcRY^@RWO(AZZ3;F=yobvX8U2Hu4-7r}%@B
zm_of%q{^S|cdvlm7=TR^yD5fiD)@tB4RjAQbt4UxABmW&it-+gGvAuK|AfvpVx2*i
zR;K*AHAwg4<X%xfPh8888C8(gMm@+!|JtWq*+UJrABf)E@KGBIISa+n@Y|b%(pb0l
z>6K`n<cE@TMhvUs{VrOPV=d61DQ?g_ED}Gd>cV<@?TX^ieb?J#-AuR&jhomK-ZQ8!
z%fEnM*MK<n&YHy?I{K3*lft?!9roR6{xn&bOJ6^FZ(pfjnPLbT3lUupp;Xf^5ODLN
z4X7AdhB}10p8x65_ok7tgPPmBPJk=i9fX?kjivVYM7e=lcBZ8oNE@O~<lK%J#0B!L
z%^N*503#bw%uNL(1|*Px|3mm;mkzS}@GWT_vQqeCq4VG7`qitbYv~7!k{RiC+;UJl
zagQxUtYAtI9{ngi)G<*LuaGb}yf0b%I!2|3nt2^n51f8ZlQ1jfOH)riz<AIVCi)Sc
z^$11*$j~=<c(&TCvubMH+$Zg)M--B~HT#20#6vEjJ%n8(^#fJb-2v84arD9QDoP&P
zYHQ)Q?u~)6iw3LxpRjF5v44IlGvDi`%CJ`)rZ}~$RJOx{UGYGhV3h7iU~yQ2WT*dW
zJJ*6Xy0GKS4O{d{eKvPIqRdVvN{}f#r*imWs&`7M-+{bd#613jQT99}+=LB;3~e29
zm~Ecu=FU;#;oM~9ob1S~E_UEf_cQ4a;3Zwcvx3W!sOKkiVx@<GS@(7EiGhM>M}FQk
znT*w81|7w`;hilNasqt#zES^-k>meuKyT$*OpF~17n<O6y$;9lfB5B&Lp;055x<TI
zMqA+BuGrQL2f|Fb(ve^)h`ri4TA8CQDxq8imSyE9Mz9v)8MxA(&;9FSte2#c!pb}P
zv8a<-&%ruKwJlg;-t6letY(M3-V&W+4TTxmdhA+<Lfl*Ukl^fK(=OCrEp|!}1$R2P
zjvP|UpJ`2lhTl+DCcjIkR5k2Q?=o@{2<U&9ey6jNv%VRxSBEbpC7tJOj;R52ik?I6
zRH=`X05tooMf?CWIq-!c*juN(Wap)EQ<?!{4SGA$<WWbw{uq`AfEZoO^5TpRgf?o@
zrjqSZ?1*1UvADSC1(_{X7*s`kSRkK2PcV9a*_vFsW04~C%||Mj=+rjRPu3EM{^IlE
zm%0JZ@t)?6+d#ulpQD2sbIaq2x>V||c@K_07KBE+x^<E+Y0KO5==A~Y%h~00vO#)f
z*0Ctu)N}Z>{=0^a&V?cEI7v|WqAz#W$&T8+5YGVHA<uzK^OU|5yy#qF7ZHr&F>Z->
zYG9LndymBVUEoD9eemEbJ}37UTo=^Se`gK~pOe;ttSf@nri5mlARn89u?I_2r3%Bl
z9nmJ}HXf%Myt>VxBpL&UZ;*9s;qO#;b5L<SxceFpT|+NXNZmmJlA%c4541cO1?<B^
zbp-Hwyav^R!RrBq6(D{_XR!~v3dp49DTM@gzGEzRu-sp|!`=$SyP}s^MMi(W-s82Z
zcQNjWJXQ6sB6ZNBuM0n(puDyRWoGIr8maKreD3^>=Vp4La~Eag1aN(X)qtR0TEd`G
z3*(+j^U;!zQmSQmH*&||a(04nTC4O15ijq5Wa{ptO8^h{8Sja2XO$;NNe3a2cAR%*
zN`|pgF~@^bo%bpND(}jF&}7XdhUsJ@x-O3EI9m)rqaxsuW3DJR!SyAV#&0eX;Nz2&
zAPgo$cA*>>L_URyLt3zE$OZ%3CzSW({dg|Ga1k1vRjxu<Bx^Q&CkMCYf*Xv|FaAED
ztFVBYqZBW{4ZdFe_cBu(4J~XhJc9UEoRY8W6(kqfZnHxdJ4AuDW){TPS>@b;{9}ny
zlI`aM&&UXgi(=0|R;lL-6{VIsMa7JXU&wScDmo3-unO&|d@^v!_s<Wx{8I0eMp{`s
z_Vi*avD5kwjiDfNq%w7hZ{&U3w@lj*M-oab*0tqGnw&Ufqwn4whB)vl)`$TQwbI69
z=q$TMulf<*INM9f8WY>u(E@D%+vJM5P(eoFm&k&F^Sr(YL~g{-p+vC=`=;V7y=s}0
zC>JMjN&~KIOi`2?+LOiL<81@bS_+cqQyJXghr+2IzTbpVRPsE;&o0XCVCdhgv+6X5
zHH29QHky!7$VVmLg0?w$Eyk142GfN))50Ql8Jlt%NI2V6lQm~(WV(N?2)^DoXI5hF
z?imi)u$3XC)Nj5gljA3G2)w4+4$s6!oG4_D?zZ-K$Ddd+L-X+ZK`Zt|iqNb`Pq1zJ
z5{C~*H3JEDe<>v<%=cirAQ`VA@_l)r<+wP?E!p`6Ke#@#ow6;sKe@9wgm^)J@c#=b
zY(xtn&90Zm+?eU8Of9g#*bz|n5*i9e{yKE`(R+y1^aU<s*v)R>5WXcQS1#J3kkxSu
z^zf-dNd6#9yQmPP+W%d2u}|`LPTZO|Bs{QLD=O!}E)WT~M?Jur=0vQs*OJZ{8?8v_
zAd=9>*1D$$QEG!WM6W6!4V=w45;d3ot7M!!SsrN7n0Ba_g6TfH5svUJlu+e>|HvW3
z7jRV~JPGuv>UH&$4wiNHsY*>)=fBGK)E&y5E3zZ+S+F=9j+K6z#5MF6qO>rD9NU+f
zIEjkuIp?1aI$lIL7`YRX&daP{vQL@EIhT7^*PPkaS;7Ios3yG04=(PZO-;X`;Q{c+
z$4!JvU-3n4Qa<P8PboqNKc)R0DW|tU5!JJ*IhvV`xf<Ns^<VEev9t$6Z<}bTfYF7l
zYK2%RWSE2b?rxxQOqf<QxGBx^CCq)hP!};{?;<NLiq@xn<9E(ieF0-Emv|pyW%<9n
zuqr>XUt{XcXJdu?y?UVmfhn?E`t8Naq_6GwWMph{<C6V)t9L#j;@g~a+Lr3IS!~0(
zpN6XA$lUJRS~c?SAx1&fpyZy;oe_FdC5uWqOafcblN!TiMvH9@<BSeLoPl__sor1=
zU^yPd(h|lbL%ok=AJ&1N@rjNp^4V)6jbL|Ydzxu&lmzD)dc9NjcbvAWNeja|kw=gm
z+svk8q|l<G*BQ3tcsX{-#W}p%J;=4Tdq;0Vr2j+`z77ytdxPP;z)mOULOjS`uwKMY
z;$N*{Ol7N^B6~&GL1dnN_D0W1ZxsS1C(CU=@48(~X_0*B>Pi*wwuP13ZEME<s>9*s
zPXFVj<x;EZ0{sc_<%$LhXGa4N7m22%Hz@qgCT;&y+`5&<k!VbM>t>NT4-E!|?M5-c
z$-5H@Mh^|gnY?W4VPP6<NOf4``(`*4x78@9e)5~qUeWuQUOK=hF(_RBe6X=Uht3#W
zS;!pcqQb~zsAw)uZey12_4FqJB3Z`j^zz)x-+p9YyX^-b^Uz*Yt8Q9?KfyVN7BE8Q
zfMEqe-qZT-3x|?y*6qT)G8<sS5*A<``54WL&zA1H&88iD7ghElfdju;M7C<=sS#|_
zkJ4(3;S(8P2y&M`@z>#PV*^!G0*U#GDs)=-mJ_UdSSSrp<L=-U`vt+kj%G}|9^YF(
zfxdb^y~}|>nlVJqot-&ufYkc;3DGWj|4*$z4^`9`Yt@%bk`@se)dr?7E}Nd!^-rg_
z#1CQPbX~(2VfB7qh>R4BR1Nj`=AitSOq5YKbhA8nlt}`XsGb|o>RYf2XmHF?)s4dD
z?MO3ZYzYgTY<rA}+h)kMq<~^e;sy5OT)nQfn=jbIAUFS97TcArM__IZXT!`ob(0#X
z*8|uEn8)%u1!cZab9GA6!byqS0Np=aNgF0X=d~;+nldOzcItMgWrDu3%SrGY9L5q}
z<@U|=dzf)gWd<=erWo~d7)WF!I;Jy3!*_o{!mo-?KO8z0aOmad$6+WIw`tydk-(XN
zi56>RPp}vvOcD3kJ<kw9fgBtNw-kPwPxz}ih8bo8PjH+L;kue)OPt-nWjw68{nDFr
zX9mw1b0bh&*VZ=Wm62vM#o)ej152a+xBbugUHAwC&7QecC9M@><I__{>0-XeC73!m
zMDp#y+1_uZqv8*f+KZ=p!_o9%vS~Bl)a>>jadq#xxyU|~Z6_5)!VtkuY5La>>_rlK
z5$40jaw3>`^BYGmd@$`lq1Qh8ARNm~x%B$ravx>qAgn#Z;G6QrykzR~C9k>WxWaTc
zS#RG%(u?*=t8^qrEZ~=Mu$dcp$EJsaIl@Q*3Mzv9rcI!xz1}Mp70iW2HK!mt0tEws
z@C4uLZ8aX40I!EJlRSRIL#&!CnRPzY+J0>~4>L{kF6)VHXgpo?qxrBz$$dX7|0j`Q
z=qFxet6AOEG__>|L9<~eR@5X%(!W7li}k!Ld{<v|<BS7`jhCoI%;`HvCZh8;&U2w~
zaXV;S*)x?Zl^4MTQvnr|8P-S()qnereZMs^d&f)(U}t-pZ*OrCLV7RZ+FqWbT%|1x
z((Yx!=deoHg=l(noRh0S4P=6E4}|vlRnc|+c&W_~`YXY$x{2e+z0yZuYh)KDeynS7
zM_pcRMNrtw-pzw6OvC@fwWX5+h0Jra8~z)rH(mA`IPtI1J7JK455r{Zo(@94pb@nf
z(^_*b#GPZEzlD&~wIdDxkcfo*!Wpz|sF>$SzG}me$sZ@e!-ZnB)Fob1RX<pwLp}%9
z3%wX<x(a3_LDZ1(*)v;;Wu?&PH59r(;?Po#g-+GL{N<`C2mY7XI4{Zq^Lzg~3@3#p
z3YyfV*i7Mo5b}Hi7Z&Zrgypgs4<?y3n>VvcxV(P6-h)?+G~1rTj$z^()S{Wk-<zDx
z#OTA84#4&EE{L!nmLSHB|45_gt$fsj;~J(ky`VthAldsqW}?E-2OfaoQ+M^brzShq
z-zs1Vs#xIKly(&8m|wD-GlkgiUK5413G9xEirq6b14loBcy@uXl_<58)s{H<1E{cS
zf{EjVlPxc4{}h}}-Liu=F2Putk$T%nV2<)~5@%^*;c=y(_b5nKk{Ys5hE;pi)mR81
z95z)S5`0V6k~HAc+I!G#Ms=-b(on*_W!u^aTj;;XFFEX$Z(1fZij5eo5i|d2gA*7;
zdzrBA?;4bn^k}%qs~fwCPlC-?!3>~B&BRHC18=ViM}zxB=Zb*Q%I;s$X^;7*0dL-)
zqn*bI=3M4Z@x#M`VANxI;M=jbtR7s>-&>M$+R5Ux)#V3neEQPa=~JWH;czP!;P7V<
zWKw~FqZc)rSXJdz5H-b$9}4?B`1Qolh?15}gmFN!TCXCe+<wLGH^;>c(v`&F?PXKy
zMFI4f#-|6)ijMYOE3H{XA-!M43?3(hl1ffvHQXQaD<Yob6xL`+;hOY$TbPSo?o9*j
zzd|L!QXJxYnr3|E)cqev)W=w4MXZba2?1j*3YoCV9dA-(^TAYs9|<S}FI0Y`Y)su7
z!0bnuju-l9AL~vpKh8AUMf`G-<C}kjT$O_EGjC{rHHPLs0}pHEVYT~5M(@CPLXT~h
zrw&gt-VPMDUtf9>I`m-RSb1!`h<2Ak?3eTSjL_(v)r8=*HP!BxTIdo4bVEH!?C2rD
z#fkiPH=gZl?-0)qB7qfTrpST)2f$79S%*Ei+gEHjncr|69>+7mJ>=epZNW;^s|`xB
zU*lVjw$Jp!8IXZQG8d$a9RLe-WD`0knt9b<pR8;g;tYGbGo=?!NxL8m6x!g)yK+Ms
zBK<(W5WImKQY?xYEu{zVBxX=H#YTHVv`d4B@;9;aBRlhG!RoSV@x5kDL_*Z@^S=a;
z?x#<A7{q8ou{{j=(+OQ2>X4XA(1o{o8z*bozKNUjLs!%}I$-^be6?AT>|F`gPNxH<
zTK-9fQ|PrUlmiySnyP6sRL4f0L@c4G>+k3b&PAqIUU<Fj3Iz$7Bm-)jZb?}?EJ}|k
zYRW{A$^O_Ay)6@tSJYs6==K*X(T@SO#Ao3=&HY(2RI?*r1sqZt-|h9|V9QcKE$a_G
zZgs-Gh!!`<E(%WtQRH()oE~|^>j+Xjdz`F40}X)l>If#tU0p<NVJd;sn`V-@<R6P6
zy_{N-9MhSuM%%v*qFe{Y3JVk$^)+_PaECI9`e{!s^W)Z<D<2yzK2FAd-aQs9=P}>?
zpAfy^LO}Lz3G3Scz6(1N>uA)ie%OAO3O>HAuiAdJ;Ba#{%jWdFE**Ti_j1c{L=THg
zKIW_e92FC2Un&4wZO;DUJcmSTR4gJZ5rmJLw|6Xca)E$LzUMqIn`N3Yyd}8DKL|_h
zOhg9ntNnxr?Ht3`n5n`;t@oGpwvoW*#N3|3wK|zG^MGDgeu~12Y&ZTf5u0*I^{->e
zDO4OqdYe~3!sFwrs`{UYDT&*WR4BcV6Z^m-Q_cY0CmP3zBL7<v$@^msD#L$iUgI>R
zylnzfkZK&4%H>G^K5s7uv%`~O8^RYHamZ1aDTvetzc1r)r`^%L+k_M)h#03ndc><(
z8e*Iz;(t~gy;PD4QF-v_X4(^|tU!ep7{#CPSEC#OQ&wMsFhnmI^ni!#E|Fd3KNU^h
zGX-jVYwfR?voym@rD~fsnq3nvpobv)+;Pn6VO4B!7TBy7mdoJ0LNkB<CNq-6C<2i~
zo%5qfdtZaI@=*VGa-7@Qf~2er=7d59r|_CPl8K)X3f;ii*a!5N29EV5)>=RYwmgxh
z&d^W13Nv|m&`nPArkl5GM0GM=l%+^xO1?z$L`};OR5}%Qc*OuSI1cMh2yLHmqm77P
zE|D7_aXl;Rm}+DQb4cyg8X_mizi}La#@9&c+ph%F({#dmDYtcaj(gC*!jtuC*crYU
z3lzkY<3A15*;rB@vOg~-T^-F(%0vjKs@sInz`kPbaCwP}$XC5HrgAZ9|7st~LKWYg
zz<6qxGt%)=eooA%c`3S;=z-^{{a97W@c`zxF+;KemV|cbK)Q0y8prQuPGHC5oti-y
zSIrSvjMm{I+y#*himrA8MK?dNm8|66LDXy|6~nWqIBe3)ZQ$`FVDWh}uJgV&93Pfr
zmEkMo;g+v&I=X9~?j?gZ+I<7}V6ohS8v%0_4`<}mE<VfOE964xCNWV4FuP7lVvR3h
z`WWb&m*q=}z2^OJg8bV1w%zGu_DrVlc6b&sT4LrXR=dvW`Zu#DOba%tOjD$V{~6}s
zI*~8fhDQmok*+wEDs?we=MVDMk&HxJmSMKf7Fu{KZlP4Dw+>R)if93?icL3(SCQSo
z6X~B8=l7kHZ|&B(5}u!a79z_>Cp~-Sa5R$La~gS}jQl1bPa!p{$*`gc)_oJZPhZdU
z7bz>d%wnV_vKKPYran&<qu=ybjKGEDeI1M)iFAw^y51roZL~c4VGN)p91NuF_O?hR
zm@TZrrA`mxPGVq|kuz73zV}6$8yH*Dl5vV7dq7fipJaJXHefu@RJ}Ce4JmX2>7YAY
zR^kR;cm$n4SmNthAhASWQ|0Dt3mG7dNN#jX=-~JS+;J#Xku!wnwqP69#}?{F7PsSF
zw5j7x9?h7A$nNDYP(x=D!x~|$R1^AFPf+GiuK2tC>bY{?iUx<BZbgfxYkCh2qxc+n
z333Nzm`20zR&;euvh32h9pk|h2GB3M=ZF;@1MVC~#PY`R1Qr_s|IO;>No94~)|yey
zf4xGd+`n^~uXa{;2;)++jlaIU7|?xvZov0r=0Em0v04<`v!z(q)c4ksxaAu)tlz0T
zh6laPzT6q@DB6UNuWHnOTR8g+q&c|;q>zf2qk2>&Jg&Bh*IOjkDVX@%%TeANW4Lcv
z`niEN|4U899>%Xvt2*w9KWq&!y5nR<K|4<slxXac=qd;GP6!5y)mXi<zoba3tuil(
zf-@f_K<H@YG4`imv*(kOA&#A2)L!(#ekdre>SDr3y(eoLbqh4XOQW(;c!QVoh5)UL
z?Ru}ZFQxH{53=Wd>(&VleQTv&WPjbWDz0C!&_C)BlE^sa4*$S17<vXqa}*H6+(kMw
z{!Fp#A-*z0Gy(le>IDcR>nFTNn-IVX)Wdxad|2#qQm<P9z8CkyKr`@v-q=`pA;_Z}
zl5HRF+7eL&lXNN|?xgw<CkrDi%4V5f4uE5v$!hiI`64|ysNGV1w|%Sjs7Tw3P%k4q
zSRi}3L%d5_QNfxG$Wf}PbKl*us$83M&$18+4i}6jK%?2IG`YnHCC!?L!!(9PU&%O+
z=F5`Swu!kku+&B7mw)G^Y|Eg~z7e`k`#(W8YZV1=RWvNkIv6;w5m^R)(beYza?z1N
zaQ2iT%?P(Ty|A6j@_0`A1CtOypQfBSAR(rRQ|o*Sb2?_I#GapZ5N(~KI4%JNq3%*3
z^JrP}dN^0&ks`5n6t7d0u!Uoij3`3>b;cu&9TkpCjy8F?th6E>vouy&l}6_JE23tW
z5d+D*x+{m+C>BHEy1{jSc8W~y`Dm<UGUs}6*J1eidVfH{$r;h8ujuimWM;+qI<L9U
zBgrF0=TZ$wJA8Ry7zh9{CwXdq2FP^5pfe{|VyPZYBCDH{wNe!eeQ!ghM)}ovka`|2
zdNGv$xQw0t0sg{W0z`AJmW{OZ2W0$+sV10kY_~|;5rVb@F>^hOFfSEDLEZ%E;_CEe
z$rSStbBt3yu0siCqF2yGP*BZZsH_C*Y+K=mz&*^v6x3WU|Gi$x(k-d20diuXvd)@`
zXi`MuLc14T`M}NV4%!yed38*fp*;42Aw+%*IY>D4zZPlS#|U$|Lp|H-eu{Pzg`-<6
z4Y5-On?}1^I6aHb!A^Kx3p)y^A3?I74>-1A@dqlg;Yp!Yr|NYd7A9}9tP#uW>6K!o
zBPO7Mj|qbmsx|Hmw<5;JMKNS^ktRprWtC=LXG!_In~Z-!gd57Jy-v<qudMQX1!0`$
z4b=KR+`6`;gH!zExID0(AYYanGD63Mvu%QV`sQv^1<b@fVp7HJU+Qgg5=5d`E5srp
z56eVOp0RXm@0Ico=gv><r3WXDszKZ~^+EbYz*f1ZzD}~O(x)RF4M0W`QV+1uz4UGy
z+SX^!5htMF;Fohfibv6JhdTH}R2~J^>kY&7o7oR$y-aP`ZIf1DjX%&`;ynxo$#5y+
zit<2OVt7&%7CS5yt%{YU%O7;S;RM%-vAKXKO@g*q#ju=~<RRT{*t8eMwDn8=yllBw
z>s@WIlPhiz#0{k3n`lt{Ljf`T?+4FG7MlpOtDo>}AnU*=**{5m_w9d1u^>Yn=5u_3
zWTprEHrH{@kx@+WPSw&|;bP}L(VYvoX3|=-8vhzWD==CW{*4K~4XCaxlTW_^WVRXC
z6G^$*E_*FVhH1SF3sq*86CU(Zfc^leopl+}P*s(ADOH;fZtKsAt4i7-dYb$LgBTyH
zZ3*4hvrZSo%+%}1XjGCpN-wpW1}d_`ra6V55mBqNN_3lX^oP!x#^<Yy(3WK0R|RDb
z@nU#m`z{A0f0j6L=J+?H>XPEyIK4Cr|HW|E4;_Y4;6vz}WhC06o^}_$XFyVNBe)ll
zxl<pal0lSPCJD`TWkN*g-xWszC}Yayx}<i@t~`#I1Tr^IpRAGtAh8ezcL3y^w)7RR
zF{TJUiA9VKJuGrjjNLb;dwj}`dTKXUDlgH{Q!deoX*oUXiqVY@cG1AhHv_hRgS-dS
zAmX!?-PRut1nct6$NDTO)`JBWY7f=qgcee{bYfD_ReP_y-ko9SN9q3K4ioRf9=4AP
zd}T}m`H(|O$qeOReW~R^Se7{aGKhlIi0q7x^~TM@-4(f2*!HRwRMw8E=5tq}j=vAz
z9g;S5?z(8-o?LZ@j^ICZlsxMEEBY9e8q}|w;uVeY7N(>XYWKHOHyI+%m70}UhF(8m
zLHPLlsXir^mXspDU$DQxi2aq3$1J0_3SnDgk_+JT1q6k0E6~!N`NRk)%+uAIL8!tw
z8^aeTmnm-2dT${vg^WDM?f=V@IUJW?+@<yeku-ova0-}oYd*hQqU!s4OACk;63@e)
ztBJyKQ=Hv<_<DOn+8d7c&DCQ&EB++w^|uc_u6{gzFu49BI1S{{+$gb#Pqg{~J3%*!
zscOwPTdz>ZsC>taJ%~fvwRfQUo|ZSU?(ME}@N_^bD(W{r1e9TLtjG{fwz%T-gzWlx
zJ}thpNngmHxJusW1`puKY+k4+dP{c5->PfPX&Rduha33*pm{WO-MJ+w-U9m6%lsRa
zgNllNoKCgrxwz&?HU|jtYmFRvz(v;NAy5%KXQhNMS4dLnJl6L0{g8r^6)a|AoPM6I
z*P7?a4yB}gs9W&&!~wbAI_d+UC5OheIE?{qb8F_m6QR=YX)lQEOuWeT58M}BZC{bp
zd-+XVL;b8&-AylE%`>9Hlw4W$-VAxo@+K9<?Ewhd^$^6%g33oQzFqQGB}r?3&%vg`
z+%1ZkM#p1*S=z1$Ym{9t!*<b~Xzj$?#c)J~c4Gth!pg|A>MUAZ+chqgPd7z?y?V+z
zfcu{adPN5=U`_F~6D>QMZpqTz6DSso<-A?&C`Wv>hJ!r`hBrg~k{EO~lES4;c;I~K
zd2lR!`4PPbB&E(KmQ6M+`ak+ypJ4SFM!q;Z^XSsPZ`A<tI89BeMGC!#>TpF+e*o2!
zu!K=<>qB=(j(Dj^QCJ*QH^pZAOvYVyq>^lavGj%{)2ew(<S5id`!3t>5P2)pdnU5y
zX%|Wl7=VgGVByc&?|TgpANH05U)qxkHh;5Zc}ig*&XvD88ait}^ptfJCnqughN(JO
z#%|y4?VhFdFs8mB!AE?oF;HjsexmKrDViN^ra44~Djd`<T|Ie_FlwRCq|gcYKbgcL
z7EelN*{n><U=H2YvTK{%v}6I9!HJ-*mLlD^9}kl_2bY2sjf;w!4vrdjYrt7EL<*y!
z494tS3E7$~`f*^KgWnf)a6<U3@Ij|uX)x?P2BDVTc>j~p7CBh^t;Fu!_zIE?%M*K@
z(ZP|GiZ1xV`ImMSd3#3TrgkMO6s%offhorKKxup3dK!<<52nU$YcF<eoufBN`WO+H
zu_g!RQ~@*FnOG4rfP($w#)5>4)jVP8t&rexAr|m|7(0h8QJ5%Mmu=g&ZQHhO+qP}n
zr)=A{ZM*t^fO}W>IA?p1D>HV)7wN{4!h>#2(VR85)1^V;-ZpE)7gl3{<VUZ}Bql6u
z9bqA7;8X&yS@{hJc+-U(QLb}gcC1_m|3bHc4tfo}<RC6n3YpMlk%F&sGvI4)B67o6
z<MX4>1`@vN^uKlV*jpt+xfz!0x9#_2`})}rtK{=q#<HsgVKE+#k(i3Xo~)`%6bnN0
zAAV&Mj2rJ_68wkv+`);1J9Mgx41(IQ9iWNj{GU>JNs3r&KPk6bCpboBe_C;c@$s~g
z@(m>smA0ZaJFlSkEOTM7NBt&{`Q2bl0|4xp(Zk3RRy<COk)6rIol8hr1uJkQQCK^7
zy+#+*{jY;<vhh!*yAUW<bb4m0BxZe&RxR*35rIK#_#S2qhVWU%0S~Gy$p2Q4bOJgS
zbA4kPs<L|E7~@W$Ii@6PG7hFqbNprJw#5og2@1-7cP`5!aVpyvUVS%V!rYTLGk#5J
z3Y)DXBI=gWkw09P3JxTE1jaPsfOnTsflRx9rJ1^}=2jWHJqk<U^&(jGn-2TW$GF`}
zmPkAfD-Q6nlSvv|2d~szwkS}YJ9&zf4b-&fp~$Ue;>acYfD#QTA*m8q)P}1wUbK#{
zJ5qPzb-p6%x|gEb1ov%LE4Bh0CXmSnCbv<<p5J`$HOhiH_Gs{!B1#Dzq^KfACAgsw
z>7sdte&OCjL1R|w?XQhO6$k9=uiz%r-IjdY+u(MWhu08d*mv+V^K>=O1Ct%X>+QG2
zf7l|1GX$0_0Sb!qGqO32)0FC_9I@V}j#-U;WdXXdW^hW@sl2abN=EnEQ;qJ0AH1@!
zaVt?sFj>T4jbt*|=R!d#TtHX<`KoG%UDh6=d3=^w(}s7T*xDUs8Zm#n+Y7H$H4epr
z%5Db8WdZMd6PIv{bs)nj<67Td-{c+48t3Q5g%OxC2b<Xopa6uM@ix<H_GXg@xs_<}
z`GW=AUp?M~Ixjo7eBzSAF$(ePtVK+7fu1s9$B_t=7XzlYJ*^<$<n4`PvIySl<y*M+
zbePgzCR~X71(F46cZ^CO%4o6?<dN$yT%GKKja`+9{Nl+#Tb_3UsRE?U51G2vThIb~
zDwi@TmQ8~uSJo3^1Mjk(=e~hQe`3|ashq_giybz-7jeESQRT<7h~_4<jCf^(pf%>Z
zl_8mj5k4DpZebx*J{Zc3AjMKySZ7U=PhXiKCS;6YW+;}G95{m&fspc+*|f+1S__nb
zzFi`d{Jo!m7}7@C!z=5*tJ=3gnr^wuEp$ZhDYD8o&668n?kKH1I?N$*;izZIN@)+O
zqzG(s9<&+H)V{J355=qv-LraJ!<wynQWgXo)64j14PpC%rrDpn^FE{3AK`A|-JRI!
z?$&zN*z-cQm7>4b1L|MpTc;vML&1M?0XYa3%DYrx;S%ZT-t(x>U<Y9LzV5|Nk;YyG
zG{NlaP`&LMfm|L+(I?oRF=Eiviz9mFkJNh1&`E?e#8io;&z)~uH<2(khv&GBp`V9p
z-$D#P^^A0Q)gC)r=)UoXR5(XpXp-OZK}i8=UlKYX?v{cI9HU1$T>jy>WEl!!{2Sdd
zaa=k>M>^NY#c)nEalwp)t<b-bc37ebIgdBZnYFzzs<e~PF3pgS>L#6uas1B;&v_t>
z7Ee1=A%6~wObf-|XaFj0DI1dHw48zQAKT9<A@AV@M)<xbL8-<GeWy-Zt0?y+V@H7B
z4H6}E`a6*4pe&OK+2V=w?r@KzBgn<&A$r~jjqs^&zH*Da=7IkA*YcmilecI<7$lTX
zj4|}@X$VeK*)giRA^uv3cZ=aA05%k?=+H=LSJDJ0W?dQQ;46O*^5|Te`6T4Ms6a)b
z5U@00bP*pGCNFD~y>_*Tk`Du~R86|2N+}B9^j$lPR1I%t7IuLYM8gTKp1!i(fLRU$
zw%!INP-;mxr-$GDmN;L#-iko<i7J78oWg11#upiC{)qLM?4LvtxocFO=i%RszZ9H2
zo`}B3>pZj>Id!Vnh%guVVs_Wr><{*TP^ISK{c?@HlV{SUPT!>Hiw-u#$~>Gx<~pmY
zy}%={dFN3|nKU0VK3ZdBQl>_!j}z#EP&U;ZB7uaimrnZ_B-uZ^j~S|(DxbP~E)dT^
z66dsLpBW*F<RtpC_eH?k+D9YK(C3ch*r?<1+Z~GyXv%;kRSonF6vv!Mbq|e^yIgfq
z3V@aRTEok87i=yAgqITz%E`eCmCRUGH6uCJX0|Ju27&V|0*(+j<VB7zKcocC=-83=
z5iAw(ukYW?p~sJ5*E+hdPb8<>+47qeuJmY-aJU$|oU3!utXqlJwd`lN(64eVh!cfu
zc|98y%JVX9QjB;HhlOa<`#|Y+Pt1}%(+qRRci-KvJ%0D2CLCVRt7atul4X==a6#)>
zm-29!3&rYIRL10^>EDiT9d7O4*ZU@OQob+MT(rlGryd^x2gp$$wK=>>KeVo$tg@Zm
zRdFtrp;N1Iz6phMYf3}Dmf#|(THU7-+w6uF`Y8Mfwt!XHL>eFBrz?;U%RzGXk^7DS
zUU83c1DQy<okW^U$qy4{1Q6oVP;jiL?9y|>Cqsp34ZwBQFg$nahZwq59$=RtMb2^E
z;y~%eAmhXz%ZLm6K*bSSqfoaOHvBEZaOwFEJcqpyMA7w1Y>hVedOg6Hyrt%kJXZkm
z?a+og`4xH@*>5Llt$(1iBRuf7PiT!<@aE4kCnS`FhNrrb6hWU{8LhGvl?)Z07uNh+
zJzU~sb%ueaXYKG?z*<Q6R(~u5cWSn8&nR(>z2{P$p|g^~fFrk1iAFoMrW=zm%M@iX
zC`hK@nBY{oWaq41=XQa6rd}o{ci8_qz*&!s&W;NDJYTx{&>VQU!ZgDw;%r>^@2_pN
zD4ddS{^@G+)6E`(3GJE@&`hekN)Q^Ba36Coa{kA=8aGI{|Ie3~f|Z@J)7R!Y|AVUx
zg|<ZoK6o6iao6gS?xR=7Ihx0WnIdQ3;%K&eg4~em#2Uj9EVifCAlvvEw52iL@EKkJ
z?~s%gmk;!POl$|P6LuNZhX8Sx)V7?6i2HRTKVz<+THQM(xu@xldX%Td(7jp|=O|j<
zt#!c7=vPZ36Mmh~)o&NcmiU<T)?;*$K|VL+wo$x3&B8WyG!kge`O2bfA)iPP+I@h~
z#pb&O!RKg__dHnZc&FXNE3qRRmVY74!!4L#Kw)Ky)POO-E4KhY!y$$s#$TT(BHCC;
z&J0HBpoNf@D@X{LGFEVp7bl)1HSxhI&47284iufpu4))eLI<a+MqRI{V0mpT<h!o;
z`ma}&Dd>!fY01D{Pt`Z7u)q@JN{oc|0jAXv@!{bZ^5Wi(QC@RfyOaqiOtkylITzgl
zzG_oq!f_sNB-0{&3R4`v5#yE&C2P*0L@e4<-J^=WN5oIMEUqNbKBumtoShs+c`i)N
zd)TRn2OLv35*h&vFT*FUhvC?`I;O&>2JPspv$`Yd%0Y+Y&w`llrE8>jcs{Md?Dud7
z(48}~;?Ue5H4X(!vd3LmaS)ud=_>Du<$RfEH`#gu8`3EU7m@eVi;#RMLbMX0fXSQI
zA>_N#BhgN`O5@zg4btc|;H0llm_r8<Q9v^62iPU=UE~S<f#%)F0S;>;%VHz#qR9k-
za-0#p4rcf2{XciS8Roa><>>fR9c%g^a~FK42e%d6uL@q9w_+Zj<nMx}ZM$q!!OpvQ
z)9CwJKtOHE@gTR-DwXH)8Z0S%32+-#bX%!gpcdJcU^v`2NLf9tIoCKE8mABCt~@9O
z(}mNQiT4ppcPZ_?QtAQOXn4VU|Imx^=^Viqin>sJ_85Nnh?7%oC+r7@3asw=AAJyz
z?~meCvYye$@5^30YI%Rya%KDwa=JRh=pez<0FW=9DJYrhKM9&`x~q(^huSW<H^4U4
z`@)IOY_c~pj6ftbI?${szC4hv8ntCzwRM|?a>RPX)}PMBHDlHnY2f1udt?gfF7!fI
z<@{ifFXA*S&uMc(*Xfe^DivAp1?J}sgrYh0C4b@&5wFG8U%E(YzvTF%80!kM;Ho$!
z4YjFUe7O`Xq-e7OBk6+Fs1r*<J8GVBoA+(QI8YstxiqCc{exNJ7FOx&vs>-|h$tNz
zp8IW`c47Sg?w1HsoJQcx6X=;Co?dd7Y*$dt2=KSizD(?)p=)lf3UySvK1&dvrSm!n
z7)8H#HF<NsK!m<1urT;&00{>YU|p4oIKD4o*$Qt}n2U6wAuS<!!6W5wHw)CR0Kv|P
zEnennxWo+b74VGIP7f!TzzB&Chplv<iih6{Xe$)^<SKXH^EiCKyfd+;@EOb0?-bb#
zTze}2sj-+s9Nok!K*|&0=@aNIO-?Z2^mP3wVGri)wt{Ba@^M*$Rd*WE+agy@i)dJO
zkYiTPr11U%)wVda=B&gJYn`QWFtlWnEB~tkh!!ouizE>`2qrA1UzH}0bM8qL!b&T0
z`_I6DvtSR;WvbQeN^3wnO%}b)&_y(q_Qnag=+IVx>qgj2&(uj)oA6z5k8T8nPzG`b
zuO-je%LBR8&31B2q2DoAg_ZF&r*|=5^6&hP4;TMXRN?{S`a4O&MPWTgsFJE`S@&2N
zquMQZAOPiD<@TTxO*#P}=Jp*yf_`q$b12K$s>ZHEixD56$84+>=5M!@@Mi@VN#~qA
zk}N7ymaN1SVUE681hKE}ZE2WA7QyyL{Qtq{U}IqX-}xMz|35wl8w1P#mCw;>>`*p?
zMu)S7{3OZL_#d1jm%P<hmZ8xW8(Gd~tM%sTwr6g)ytk_UmOpxBt<%f3wyrBHMq_(-
zR&-@)ASN;{GA|LkfT)gUY<O}K!l1-FkeC?Rk%`#}aC0jXt0Th^m}Oc9kje}WfXobl
z`M)z9Oo8Fufh9-_!waASmcq|A!~#2G6Q~wYF2Lm*+v}YGvNQlac6N3_c5`(va&^B?
z|0I>^X#l!3GXUp;SWE#CK}BgPJs<%}!g{a-hGu4GrY1m&POL2eS%4-1WM*!2W~zXW
z9_0R0eyIN8-C2}(dYRehKQMzcv(w{8cm`*3Z|#7bjH-n8pl&JwnGiu$5Cao)sD#vS
z@}1d{%&&Y4W@Pd$e^qg4hmU*{<7fVfcmKt|ZaKWa#PfrU41h8LWb}Z>Owf6_xC8xe
z$&Jh{;PpRaHdoj8`YU{a*}r{Yh2J4U)c)n^?|ch&Y-~?rZDxSdh@RTu>gY^lf!W>V
z=?S<38+&V$w>=7C?Sj~|Kl|;!*aRoW&v0-;?r8rE<L`LLa~im324+=|&Trv=9f>pi
zC_h_uhOha)iOkHPotwYpd)N4UzZ;6m-rU%8e_hA?rr+LzV6vwFbsWiN{jv7<?HIX{
zy_N}ZLkC1n@#|o5X8z9I+qV@V-t+G~=`;M@kO3_HEuF;Z<OJXW;EH|v{{uhj>;04R
z`lFZ9Sl=DWj*ARN78n~G1~o7`FaU9AZ2J85-_L62;>_IW_|CrfxB966y%S?%eqvw_
z)YffcKY(nMvW296L#EED3@FLWWKt>CGy>AiyY5{T1clSc!otxx+^sx3?I1>w`S0y?
zqhlkz!<vjSl1YdYD?f}NeolMPi;}FS@xEfyOL@|_Dt@jnSaGzTH7=|pzS~(+UkgU5
zB;R0mnzJIoo%UEL#V~@A=K3sHWHVAf&A%?GaG_XWYT-|qakHROJgpIirh^IHeO(t6
zdIow&pp$%np@EhH&V>_Vo!*iSDqqFyUX%AkiP+sF*A(r=NDHu=;lUE|g)4;5gZ1sV
zzi*+!+`0nlir2gx7NC0nt_J|z%{@6^X<yC&v4|hdY&Nu{M+#J5P1+?MW<dyEt6_sn
z&5CMcKMy`5p*UEu+lr((Q4&Ksn7Ft<O{M7-j&`Lpc$~mG_NH0)1lay&b9Z(3PW+;h
zbm@<JC*if(`4Wc;L`0ZJE0lWY2h$<(0e(^fve-E2#Ov(9fviv#ScR9y%P-_9Yt}Uq
zDb0#pMFq*=;ZcALdxY_o;D_;TiO5jiG>jndQ(ShFzUG5;5N++3>AMH3DvvvwaWM?S
zCz!mCBoj+D;-5!O+>|sNPt&L+1|7;F8{h=NrsSo<EV1D$q%Dmgu%d4<;M9VvE~{W3
zUDnL)Vwq}``f*``;zy)?cDctZ@ILVX!`-mf%FO(GE2CdI0scT;`MhC;2<g=ue8ne6
zflKQlmKZMVbSAE*xQTwpN<R8^e;N$bu^;aI*b*p`&aWC%t#hIC#s1P!d}y@B&g<@H
zRMbZRVM4q(*uI(1x0|0B9p1mZlX#w$yu<w!rEJFAWIt;NBHFtkGlFqzcnpLW8YZyW
z7z13(rHC(ibdWkOv*aRL7G%XN*^*5NA!918EjICK=@w}uQ37JVPEfHo{{`%%a?eiA
z1@)Xrj49{^M6sVpYA0hghEGDUBKSEVH}bOGvSAFPB``O>aXkKP-^M+JW2AyxnsnNY
z1tXc?PCE<PXc$@f9&ARnmZi^&8Q5+kix-(g^=_^yBcDLAGZ3hD%|+y?ZSP($wKq!V
zr*_MU)<3-$o(|rz(!R+0u%NVNvX(R!&bIRS%>hF=-`9EiYL!wR>6h}Fwd0<4F`?h-
z4gmze3YETBQlEn*rf9Gt$e&V0vsTcB0Np-i?1FtS_mVlIIIT{*Nn$~5ToHd|Ra?HH
zyD8JeW>`7z_r{~U=BEb)=3(Tke=w45G+tsM-v9Dws|NB|TOmp`n46r(tB%c>2?Wy6
z*zl4p{b!XTxRVUCtrjO^82z1juheScedJE4VXkv7=bRklHT8mFQOFyy{lG;{aATw%
zmRX#WUAp#6Yx{57Z9|gLVRxhaCUMXw7j3B5o@8!<*Od|f*>6dc=!j_t1#^cgg99wm
z<}l+|`aXL`5>&E6b%)w=o5^KyX7>rmqS{L^>AP50sn7oX)^GaREXqe;MuVEzYbBs)
z4ml&TY=8<u_S0IGq8;Y-9q|vv(hKUW>(C<vhKJqsrWC=)9$&c3E7{ZudM2A)*QM1Z
ztVJJ!rY7Rw!5SoU&V{(i>xtwIUHT<@ukZVyt6uuXevG(#d;Twn!acOSp_ZVOVTT<c
z#l(UvJRs{)oWjGS^411gV(fjs<HrIuSzKM@DYBe1)3En80A6KvvWW-*OF$%QE#2{Q
zQn0o%+tLjlp$;CwZL5Mm+-BZbq1l3Ivx$j0;kY1Sc%TIS{4{DUWy$8E7ZxVr;<0mr
z|D}(2XU2F+14`dFR`kUKb7tCX>k08vXChk6iVN6RXQ)bJgu!1>F*aW;mG8C3e`=4N
z0qQ8gVC(E>_K3)1Q6C`#nLE{I^{hOrSOv$&_KkgjBt)=MwiqTMdjsh=&#b9Wkua}5
zJ8SD>gzo?aH&KmC5S1yr51O9-8F5qlqd24)%Y(0nygo9UYr_EpNLq?xcltj8XSgq<
zwIWqP)^ZTb!FDI!N@@zCjxi&Os^6??en!=K!wIi{Ko4)&NdwB>yngUFBX6jAH+K6_
zADAv{Vp_8D@+Y^NeXql1hkTG1bjM#)&AHt0R~SjbfTpSff-0>V;te}3{PlnxrU;|W
zgI3p2R!R$17wD4be6#h;`B_^OYRW-#n(Mo)LTFMm<?ESE>QTwPbkk{fWp1wNSTU)*
z)8RGGDVI~gevp4R0dDmeXer$#PFg)?-o6gFj`zPg4%6I@=5CVuE0!8K4OLp7c04-C
z^#6g7YOd-$GS#J2$)<=rgpOUho)M>)!P$>`?7`d#&l;xg{;l$wyQlw(Sn>0`gOSTj
zOGIq##b%X=ut*0f8jmrJec3p=wa-yqoxd*i!pR6Z;^W;dll0=;^(Ok*vsoR&w;(3@
zb;V(|6@c9j*Yi|(6>Wl}xSI05<|2S7II;k*#(4Vtr;nrnwVLJ-Zy>zEykU&GJjV`s
zTr?G~MG!T<V;oAfhj|7q48X%dRs^9cSF7gCMXSX_pWY`!Ut0=7ha)<S0qbbn3c?P*
z&DQ9{sUZ&>F`>nj=ASyo=R>oP7YAY=jSkIJp>j@hgFVc!v_9*9V4B=68T$EQdQa=d
zyr9QsaTFEn#^<!+{6jGbcDzJ%#-+QaD~WKZ1Om#_y?pRe&+WcavGN)3nS^a&%30}-
zHGN&p994@}0vkV*r<mcbRhKzrA_8o;xjUk4c_iH>!@SkRXFpwI9X`5ICN{Iq?mh10
z`>p~YR(GI78}E9C_W(@xpY_s6S_rJ#oE~X>k>=C`RweynNUDUthTjeczR96*^_jv1
z`L`wym}0Jz3Tz)C&Jy>|S{srOE`aE(mAKP_R@pie0Hv3BRt8xZ$f+srNi&izUnh$L
z9D{m~aKOXHM7yMb8C~h~DDA!qUA!2cws&;JczlS3WH<?pLCJyR6|U2Nx8D-QQz=FC
zZbKq(Hvb?kXK_ZA=Q!K&h@zZP>z<WHM_u2-zwFWARtxY{jFL1)4=yyt3R))t!Pv{J
zX7S$Rz9gLWMfrjm%*_UfqiZ~7dmFD8ekHtt<X9f#HSTP)5;mPD-6x++C#_@DBJd-+
z{zeE{L}j9Lrfu;tDhzTD-D=5H%Lv^~@4=V#I1A4`09ywXn(57wZ35bL73C=Y4XTqv
zBQfBTvq?5ODKW`+aPDb4mqtqTVAps$;c3&c1L6m}1DwV$Hgonhg-{T+t|SNW3L3=5
zCW=(Y1+Bp6)QyMMS}|$BVx=<s1)cMK8t@@u3<hG{eWp!Tj*bI~o-fDW#fd(Hbn}q9
zkBz;@i8Ia<1TM-?A|dQtVG^fw3KM$i*qckfgx$r;aBr+2mRKmPDaigpjYiZly97+O
zkgpix^?D$jkbqH4f(DfQB}i4v{X}laGc0!6gkpozLJiTfRrxalJODxem7wd1_6d<0
z+Fr=*4b`;1ss_#DSTrZEJgP+c!{k#Cq~nufhZcGJeB*3V{1#LP2dML~68hg@hjqr+
z1xa%cY{SKssG(YgWQ3`sf;PCzBM}Z>S=)+BF{z|khLfqSsF?i^1wIw~_hu^rw(lzf
z$}!PM-fJP$b&#8CP~#I379aIxSqSEp_MeV;NwSC`NY4xXDeC63FJN0)X5g3^<uV80
zkvSAoc|imsoMB(&C^%2vuudi?VO4F%6?IUTL*f&a<l22}du9vfU`ag~q*ol7gE3)&
zz+#(>Y*b8d4P7AZL$az`BR4=e_BViX{xX|kaJqCo`Iq6y(U)~=N1@s}A-#ci&qDYL
zkG=W{5k_!ZBCpdpeQ+kK+4%akzOMJT*=?DKkdu2I`+bXP+M`3_GZm2fKK9$cP}+ZT
z<hA!B#Y66{`Mw#|Q7fkXYd@7jJeL?_MB8iS4H8q}iazG(-{ay9Sn0w}-GqP22ulO8
z4?MeoWuWAvGq)gjv~Pd<H{iY0aL)Jd_&u|(_k}|xb4HU`4m-{rQwJCOe~Ap^uFRVk
z$QZ)qnuiE@P&dGJdnT;mB$1Yrso7ehuiJB`7xv2ljTOTt^KNdHq{Q2t4ARbi+{DKN
z1~|A^cqZRYZzfc9w_O1+k%h>mA6-0P@yPW4ESZ@AWrH_0yi4k{MQ~Iu#!b^hNXx3<
z9D2zz?bU`!Gp-vxvc|YE17hb3ko$vN59ZputN9Czv;G`d5^TO4g0W^IBFv%RZ;0X7
zGB3HC5=@I$`7}N9;|~DoeKE^3^hB+E_@?Q`!B4V%?l@_^{toHZr5Ofr<08r?7{xZK
zyy~kjl;99de<$qq@UC}K;V6E|24-Pi3it;X{5y{uO=>(;gzHDxIWNpQeFZA*FEJBN
z+yix(E1407KxyS|7)SPcR&13Avh->aXuLN}hTyaUCI1nro0vR&vYx*t*tgn7DdJ2F
ztLdhLiQVBgah<F`HAY+O0iJJ%kIROm`CbY#Uo!S%0VQ<Aym4e1I!C_sSERN_%@aPR
zeBZYcpc$2jkB>uidLE7cGMPj=g&m*<X{H9uH55gk-(H8qi)x*TunrVjx)q*~@t9^l
zpA^4*cCG)DBjX&7_*R&fQ(kzDsL)6JNzI;iX0`>Ingg-ad7R1t<g`*xLNP5K4pNID
z%(lgG)f?m$j(vvg#5Cft$9~RyY$ah)(TW_v?)?D-lnV*a2{0iuJY8sboISG-IqVl%
zCg@`C(l!4+?~T?fkWy_3XjqKJ5p#<S_3$w0^I^BD?xUA*)p|{4KK2Q8>Q|+HCfkW6
z-%0RqU@O)RNdErTzyf3ShX2|oRvX7Tb?G#+aA~x;2w_<*#sP^pGjL~Z5;!>BMR1i1
zZL>>d>1jwFecZ#61{N>l(p;QujQHruM~-MhO3n|PhI><9SHOT^*#lMsi^K7fbCF-!
z2`!J0ut9GHIrLG=QW4AtKNG#Y0QcX9AumEIu9E<zp8xe&xA|QAv`<W&Z<}qs0C>k?
z2cnqK7m8DbdhCsop(m6JE8h{3YjS<f1vf&b96WEHcGL#4redNY7}Bezw~c?8et&=|
zks}ui#f3|%6mWF@oT)C=ZK)l5JAZ^n58z@>mvU0}?TH<VPJA(rps=1cuLN%Koz}Oy
zL-*VjZ<}n(PKCQ?6VAl+AXB}p;lAvd<5b^(oCiVR$K$hdE52>tWfI|tLP6ja{b_nW
zV*ycX(|LkVyDAgS!VX%-!8~_;NuV{qDi#^B^UoG1ly3WZ>Dtjs;|KCyk|4q5nGU4w
z482;fa0#j~jDFd{L!utIKtXfh$Iw#`+B5iFw@<O(yv?6_6G`D>7yYtEF@{nP8jh#0
zP&`X|3`rKZPg8|iT7q(c^3?U2Sdfr@!)F&4#w}Al@+B{R`7#phWYdHq@s;cwQK=xI
z{MPk1aC#A@=cdjBtHx}DDiq|rJan;kT%-gwqpC{NcFI^iLZL8_{5L1ru6UZ;BLSkN
zJwg>RYiO{|%={ycw(4%4b;cKcEgo<Y7~9)QWRFwy<w;#(G*EEew0A(g{^nNVD@>gT
zU;=$ulSKSO!k0rFvEQgKV!n&20B8TcaN%y+yTEMQUc|#)ocoVsX*kd-H85iP%L&?|
ze^U`dX$^U3;3-{NwJ-$GQ`?|81p1jE@!Qs7MjKYW+*SI`{dELx2UxX2{?qhmD{R4}
zO`J<(`-K-<;{~ceQi4l85FTE{3p@9);;k{vFu#g3(tddWnm3KpuX#s8x>0gVqBi~}
zCS3r$v1*Q(Ys^DPb?6Cgfi&JGmVp3%x*W9@o@j;;7p<A>L|(BUUy<C2BP4)>bwc=%
z9qW=<yJ5k+-mW$512`-2Y`xpGUEJ8|Ey_+LVJcxJra02R3a;Bw8w~uR5@h}wkAF9=
zY`&tseJJBnY$VwhN<wo6auOjQZ|&~NxxEMA5#Y^=z;UQUL{z)TE)nd6GL+_sB$-9X
zx7&2a+I=!>IOQ0~RRi7GDG3QbevxzS_P#KPR+rK`GB!S5#Y?aC70A@V4B1yewF*yX
z1Wfp2WEP<zeW_jVF>lEI#P1zo{k+**?tbW1V(Mj(&>j4*HJEU%xF`d}lJw@SAcISN
zEh61kH@{N>f8Atr9b`1C$1RO-+YIiNTs1x6rrj8lMrLR{Ln*3TLJJ4$1W~*tyHNkX
z3nPy``<d_N!UWDKwH7Mf2Q@n?V%#qQoV&;2-VYr7cS8r4e-@H!CPF2t;`BQ9bye%Z
zVKE3I!A5xHKdc^mJHU5f$MI_6`%;_#4>;I+53+-VFOO|oCKG>fT?FEz4DqjZhF=YS
z;0-c00YHOTt(~1St~4y)rwO4tSrL#>Yw19?S~+SBSL#l)_E4{*x;gM&4ab(Wpic&Y
zK!Ba>h;$KZKUVaM;sDWYutrM!MoSo_@8^aH3t?M}!VXTvAklK~GWSCQOE8|FO2$@p
z)W~M5BPde+-RUGnT>xu0{><Q2bElWS-i8jWr6MXGH^EH^A-?P)4H4Gr(wQsd=qRz}
zbs_`JqXo*~jpEc!7**v-s6;=(>VRSZ-vOO%7In6REX0$N>@zN(brUpRWviaCZ6wFX
z7CO%s>bK=B0lo47h)<aFO|Y9LAJrzS{3dPyxUZSIu&_-xFpb_O8W`xdPyz4@eW*Kz
zkCv>YW9I-AoIWT7ONtVj(tm9WzKO<2bU}+!d*7P8v8p95$cGluyARq%`mp8>s_tDH
zz{>hKtO^47**hMoxoCehhK4?1@<u>dq%)Tf#+L4P%g?Fs8?22GphsF|!{mM!r|+kG
z*%aD%R51#}sx(QEnkWcqTvJeeC2E0d*;Y;-I6HUr(W38O_f`u(SXX=0+wHmcB9Q~k
z8ejrDRcALXPdj4aeLv@t7O-dI{MVAwyatoXn)8k&W{wJWa$DY6MJEOXj_i?L8CnN~
z1U)4gLR6HbQF1(I>XXB<uMO8v78D%ii0Kd>)UxT<VY3n$h6ooH;B`3AH4(A}Nf-kP
zH9aQruV1<|UXWn<*?IyuP>-r?BsmUIYR%%H=AvQXZQ@ZUeYA{g4zusyGhBx%Th-pa
zax&fwXk+B}3|#V;YE~%TJwlcBpD^2t#L-Pfox7_s3cauqvy#nq*xt;uoc~PJ^{Uf{
zFonpcI_qbiJ;g*tUv4E=-c>?)k>P33f5-sBTPuFKdO*V8_n-9uPY5gWEo)x$$B5r_
zp*~d+-lVZPe&VvTlGK6VxAjCve~0=9kR%O{oxZ#F-ov=Nz953MI#Me|@Fb%=<?t&T
zefa8~kO#<ZuuQHB^MR@zkzN|e=bOTX?wQxxfQ+ZQ)BhUZ)a-j8n8xl7BKi9wUNnJP
zzn_W}|7q>&V1i|aKGR@^WlGh?^L%FZbFie-5tsKb%@;DLxnbbS+0TDQr9y=sc7M+v
z5m|3PO>DX9D`KlcAFyWaVwSZ_79XyH^W~}AqG^pu?ee4`bnp$TlndVGQ@c#qH?P=c
zdS=xdoygNcT4rLd{-BFPP7)+F^?0z}u|X>zg(!6Dewx%!#b|gwRp<o8Uwk8KyC(M1
z-7D@PuNOuNjlL)Kslp@GP;=&avP9ThaC17d4qRXe&Hu~MnHrGDCbbdsfb$XqW;sGv
z8nu^DWksL#w!`yKko)>|U8X~iTd&XCF{6wP^Ay$7IY~hwrPabpZc%TPm6{j49bP?_
zr#J%0BbN*uHXsVx)FYx2CA<mRj7`NxR7U=VEo{S2sJ?ah0<4__hd@+Ty2@3yx;j5C
z^;)l}iDDS<xpF22gO8Q4tAq}DGDXUeu>JiKYx-0OmBCxcQV$e9-Kzt3%&AtRp2+!4
z@xx+lE>~aBAss-E=`{lVm5y^M3DTRaa3V=M__x9^Tk38=O~5Eq97C{eQG5GrJh)KL
zTMx34$jB1$#+;DsM6L(^q#lRYUMPNgR(48V?w{3ii+l2ZiiBrw-g8}1(d38iFeKs~
z^Hq*llhTNjC_kqS)TfLXCJAakK2ooZ*N_@kO&2$`jA{`uiL?zS_^^dj>B)~t+ZGjb
z3l`~up9>XIkD7a+;6e11`p?Gv9Xu$v!G#+M%%aAxDT_lo>?o(!<kSFD?$3f@Utvo=
z>8G^Z53lZ3*bEy}Se-BAo4|iplsp8XCD2ahY#iRWP3;xdftz2T5g!zq$WT_IYf*L4
z)9y$>&Lsf<N@N^JL~wp$MD^X&DY9@OCDNp98_-ObCbc!F_oi`ajQvg3m4oW`V$8IJ
z5wl7UJt+BzdCkx~C;51tK_{zRM#*Z@%w?{`?SM--!AHBu^>0;B;~aUZ9{V;;691<L
z-0`z4DaU?gJq}NQ{8IS8|E4t2`D&#%%3|#@2n~Q39)Q=EaAIg?DTvs^;r+Tz0v5i1
zR-Z;aPAzpCTObKi^^cQ<TE6vyglu7KN06C*PKXMsNp~y>(UTFxxg`pP+SLaeSI9f`
zG2c>^`pU}}XZjaj`@z)J_JH8LH;N|&aU&M2T_OR1&C_>eY^1KWbQy5rIixlFco{W&
zb5V?wn+CO|V7}9u35F`|nmWPmy)hHBdx%<?XEBVUvmsew$R3c9i)^-4+%n+q(`O4U
zB1PkEofU@rN2AcYRstf}2&D3gYuE9%X9shOe1}gk|NX_&+8EL@h)AoYDXLE09^-dW
zD2n}G5BLTa*1yQlYVYbJSQM?cW(IULSCtQFUP7~EB;E2G*C!cE#xBAjQXdUq?I)zS
z33HfUvj*r9-R2k=FSA|0OVD48ukrH;qzb0N$w2a+@-=2frm_L-IDp~i%acvsjdw#1
zrV+DLgLYlXlhzzuB6=T#_92n6YEiM^OtX@xBO%|Q1aJ&Bv!9j)gh8P;ehULuo~7&!
zju!uoNhiLuGM2{+XzqjVL&wmgaN7RHmmlP?3mR|pJUI<a_#<U7{%N66k5ub6^mqc@
zzzaQ>Fy2%R6Tq;XU66l6JEJ{Hxzbs=X{o`$&<WyCiqOR?FJY2x+bOLocK5DD%6}$?
zzp*1Yx1D<=lmQouvPF7%-G6UoN#UdEDNEZKcZkSAp*5Plna%C}!=?i~qSqv1fO`sy
z25yBSOBM2?Xl8_RzV`zwMm$o#<MZVDzWF1wvbU{LqImaYjRlipnGV0$8eNkUo?1eF
zvp^3yXA$Z4q-eqPL9M^sMGVD0R<wg74@*FOCfH46#s8$sO|l2<QO3_3uF6L_!5%Lf
z?Z_MPwT#7P_N%!@RZX%l<JMz3bN?xx^ew#6{bsUBjl9hwb!3t-V+!Qv0H9VV)y8wn
zDygCJ0`PsI=Qv|~;vC6@Hz{ZE`+bgyBB+#wO7oihNm==OE*Ys0Ma0iouiq4fJ(Tww
z+vd#}+(4)9vUN3J<GQG$Aop<ph2qnWd`oclGT+>-PE));p^cU)I>rh{c_f0}T5pk=
zMM*$Jw;UGG)w3fhYLtUr<|}0t>5EQD%Nd0;Cr{g7XeD4e{Pguoea9>ndx70xT^^6=
zYF~2TQoyKjfYL1uqDSPSqsOB<SSF%_)$3myAf_;UFX*qCZ{&fNfgUL=x%<muMK(7o
zeYmW<SW_yzAraV-&(`#`&LDWDBQx8ulvwLv@zZ7Px*l!7FkLBDD&~Ft1b|RfC|o>+
zK_$F<Bf?;7;IwI0gwlJj=P~cWoGZ)|)^L&Jk1=SH+HG%<eoJM$eG%6O3DCuZlJ9nW
zw6W-vHH;5si~e3fV)oq4`GNY+$__3FD~76#m=5*E)l8-5bm4=XZfTbm{ookJ+~M^+
z-}qJ+EUn|PWnR21(DQKBS(8{_$hR%#FFo;c_BoPS?%k&2ORK<lxkLTFWG`n>VtqYi
zH}!BND;>#N$rdHuDawd1=>ig_vJ#7zS)u(m_EtfKFYo*=f;*{m5<1$5l^bKe2<h6s
z(|Vynyr|o0`_9V@&WN8#$>06^k&91Na6p|JU-vKGr-%<D*92THe(y<HA>(UTqM|Fc
z3x>eUrhaegbvUXHR%d*%3|EYA*Uzn<2O8G3Ut2luJvUFnM7<4D2_gnaYZaqjL&-@;
z_Shr38@F=-zK~qfxfKzN2e}$>&FpVJeH_<%+~aZ!vD1;c)`#T_<J)Drujygcfj+#0
z#VFmFD@nGg*q^hk|2E_Yziim)5yg$^t^T>_j}4`6USDqa|2U;W!h1l?fj4&(16k_@
zXZ0h%k>3U*3Bs$c%!dynr8I{x3+a+%P{B&?7WwdZHMl6Fru^C8sk#pe|FR|&vbm8)
zT+=&|3%R=$?u8g&fw1i>Mc~c5XRrK<Ej5MutekXdm~kFKpNE|L$EW9G`iizD8#4G<
zCk0oEHD=t!>gRXrWg}PrEv(y3#uD_5I1qnt@b1!12!>q!W$-M<%<K#b*r7APIaGX_
z(|PtyVnJ!%cN!x!ZD_0Z-BgN;3|ccY?_t|9x+d*m)Y#bz?^0e2rvzX@Gm;ibn=jN~
z4eh|)6VULPXc8DnqAZT}ci{UoEj1A8F46UP1X^SZY;>x!a-!=;2%+y@%_2$!ZH890
zvbUD=&^OZT5$0+-c^E-_d!34Gs(;2Q>GjFe66`_FaX}dGZok&|zVDW==kn9eXFy7Z
zs(Bbwk_F(e-ab-vnW1SO-Zv9)Uf*PpK;Djy8L~RO_)u+q?gLrp6G;Wny88Lurt5DA
zv$Dd{;4=0BN5H~bzNh9u+pS5^X5qY}^P%KTIO!R%O)u+JHCRB<9}@3C5+f3>p|0u{
zqZy;~b0q5qpNRAIX_4pgIr~iO@X!3#ERIbevraqIR)`HcepE5;JyNtV-_R?yXQc|z
z6yeqS*9E`07>va83)!GHN|%Z9ax2j8DZ_1+0uBj7VMOp((Pfb~SO|TlSvV`FV#@v4
zSmQ-8{c!%)RlyamaP9J(uX}C~Yez9Dnb;DWRp1T2>y28rL`438G@*EvbOfMnM;M`r
z`g|ZTQJQ;iQGI-<;^i*o6#Pi@kcFG^{q`okKH^TBuNh9fz5S@_zS_%O*0(>JfRV0a
zC;lL+2(il(J490+AZL@X*@a_%GJUx1GW|#>R&2@u0?bKA{1ba=XQT8X!7*-w<VA|8
z!<FX!v8bhTw1Ed$!%1s{y50muj<|$rrbB@anL5L)cT}9_hVcGNQ<JhkJp}><WzAd_
zJ;WENIku&Ak9c_taO@y$dEyXnH{L42PT*mB^8D9X2KkVv%Rq3!b!)ggv{X9iF-&!J
zlQCLo-OZ;1YvWz7jPXE&IOe^87Anuoi*}7q3S&FS-Utn7w=2rs?lcVhE>)B0mF;AC
zo<#O^AySy6z9y-`zin;rHpYF0{0?g5_TO6O{u=ls?ESkG*q{hLq%jo3q0vuTli=rm
z-{z`c`B2j{65#HOdlP#se5Mzw-7uv9L{Ww01qa&C%88g(0x{e!tK|g=#533+&MQmR
zr;^DLP%2dk_NLP@IY~BlZqelY>P53;5hEj7g~791zSSYaw@*LOt+cE3)OE1KCJin7
zW6YPiZz++5n<s~NiE#x;&;Yaz(2`$o#zrEt$11`~=-&^rW-a`kp_1`x=IrP~Hiy|A
z{@#K(NZ*lPOtAA0&4JWn0Q<7Lu8{zb2VR9fc1Qer5x=?;5IBGBCq?}a9rmV~u!~12
z$?bMW97A1*jy--q<M>lpxgD7`2(J1N<M=S;ef**O(4hwOP&TIqyzm>AiZ>X=7vup&
zW;|Op?(jE-g(q^o#F0Tt*1b*^^eM^Ctg43eRTp1`<mR*-Wq%E(>mY;U#i{*XVPmtT
z`l{atB;rhv7tzzvT1Y>-F}Fe5UuGvKdnx8Lb=~Jt3O4TdSV`Mz3wFlRlQ-C&IrMgz
z?fXE{C?4TLQVTj7ju+rM#%aG|4?JAr2nQqO_3fLTzFLrbkD4#D`Ny-gO@fuwXu~wS
zV^k1w5<9HKiQr-Wa1vwALMg+1_WV2HiMm=ElG;HQG<k(gIf>1i3v4FbHTX=l&9vT;
zQmjux$fJ?2iyRFhN~9h8kIHq$9+aWreGn94=e@=n+^3EpY4Lt@rw!ob(7d%(UMSxd
zr1(P;WC~oItcKJxPu4XZrpe6grrfr*A49Y#Hj85jMd+w%_Cw;8{k9#hME;RnAx6xk
z*%rvgajGAq3IwjQw7;GLk8WyFB?CF+XH`h}bIScyFa9}nqZ3DPIM)K}DE&~b6qoO4
z`(}Rwks7_h4-C7--np@#FZEC9zDl;+t<+q*iax~0P$SW7^ivIjmhJZMQ41whqjW^7
z#_(b(MZ$D2G0H$f6Cllh?j^i;N=rC?>>;&5+$V3$qOsnoJBw#3gDMSwQ}#b+nDCiJ
z49uy7(@Gx9!CS$Flr94QE5i71iR(G~Xb)IXV<xl$uo1K&guhrv6M>UWFPO(@hbsv5
zU4-W1&E@9Q)%YG3gle#za9<Ih-nwmSNrBh#*U8<~S%Cm48Ogi&k1)3}OSt{vH~Zoe
zo=`S*kT>3iu#B#qYryl8zOn8cdvr&8pa0U^b8X2fv5|1V)OjaXCri#<ZbtTIID5b~
zcg7G7#|@lj<Ox}mha;3^NxFy&J1wGZG=~J?wAmU(ATqvOYhtLn<if=meGJpUm46k#
z&fDO2Mleb}Iqh*w;&BJ<wcI8Q1|a)<2q|EQo3b-)y5D|d{%Bzt9#1QC0vX0+cN{8%
zeb-WRc&%55BtUwXRQ!jv+$Ye+N3(;OC6<2;W(WKV41YHI(%d{x_FGa;n+jw0uNE%R
zZYH2aO_ow@#bxIB7XPV&nY;<hKzUnf;A_z030E-sYaKaaO@xxl*5yO$XG2(<3U{k0
zrBVENR@GLTig8&LW$%<QM1Mvd51?~L1;%|2`K5ZK2Cb(15f->z9!>;&4mb2L-dk|^
zf~aUJ4jMt0PkTtgKT3X$LCvH1%V8z#8>ihl<)f<mumm41oi*>e_FMg!j5Bjzn?3Ru
zUN@HEFvtLZY~AbxI#C;B^`&jb(5JwKKRY*<q?OSNK1TS=+X=xIPV-fe%%20?<@Y6f
zs+&Y7mW7Zpn#6JoIdT3eNa62lLw7n+sRveu>fD}-YaCl0d?JJ8F-&E{J>#|dx;C4U
zs~VE}HJAiPF&0hijkSpcS{(i(49fhVS5#M=?mafv-#4kEbE~=6VADY5o#pUM?ch+{
zRY#v@%W<1XL!5hfy`P)*nuL}1805Eq`)+$b1StaFpH9^pwHKrNga5X#NqBYlGZ<xm
zEGM`UIXmWItlpPYW-at_&6}Z6rB<($A6-6LR2&6E`&<s6pNVJ;++qR!u+G7RH*1n0
zx)k&p9uO{sRk_@!Zw9W$Axh3%!ihsS548if#1mpVSKYr;usR028rcPkB`1V5g)kYG
z?O7#w!}!4dtEliV_b?0{)%+U`c{*UJ&26|O=j7i)2dnPTV|PnpE1vrxDOwi+`+|6}
z@Mc+Q3u~GwTAi()ihv%0;@w_oSsTu`2zD=+&ONh>uDGP@=n=@S@w}bf!mx&8h?|RN
z==OiHQx6JS2=2!{#Yzrs<y0yPx0XlpWGMnX1=$;OSK3)e+SG7-glySy-6cFI0}Jgl
z_6#wo+7A3L9j^j#kMuj~W&xae*i5)(z8gTq2T#blt$+XJqL|OUzI*-AC(64$YFVeR
zK9XaEUNtedIN6Qfot^TwU$(<{EFQg4?Eql*`@0Zl4~_*2>wW52OS8_#9M;jYb>>-g
zMkNM}%b2Yy25$mnbcRsEoVcl=^<spqc-|pH3>B+s)-T4}xVTb2J063yZD%Qo0tQ1~
z-1GzmaV!yi#B|927^xDy6}l&>XN6(Lf(tDeer!o557odfSGA4<`MP`vk|+|+&%$`+
zMP*KRz$JYuKbdLG9Z#c32FZu2Z_R1A7Jr7(2fGs%okeN)gb<sn*N&N!P<vz-xAa<O
zM1e05t~0rtSRRcok?D7;Aos}In~N);9bwZA&AN1Io6=5I19lnR_zkH;!1832C)T_M
zokYP`Yn!{|uTKO8md{y9roYz+cl@KV|0<VPGF+<x#>oA*gQlOK61H<$D;0b-Bryg_
zw(xT<3<|ZlHgP9Fi#XN;#|Cp1naN}QbL3-Mj#*0f9q8Zr**+hcks+5cDJCjkzApYl
zuGcRA!>UF(NVN|P!$Sx&xWWajmg*yx`#M`_EmZT!y2rjkS9LLTL@}TL+3fV&L2cP(
zL*Ps`wjDQit1-8CrW{Nz<gdQfsVAC<^uTC~4kKUQ2f@}GSNytu<ypyec@wX0C&tfa
z&ik1X^db!V%b1ZV8;oS^&FR90vZYJKb7n72Pqle7(%)6Sc>0FKzAx}2ZxOr5V&ZAh
zEo;>|Z6Y&fLggMlAmmd6`LAzw7EPey<p6j*oSyL(cBCwC5x|j-g2~;UxegxILtN~4
zUFc%5qUvcfnTivA1a*gKnyqi7*52Zn*K;RJBp7%SI}eV(7uAA>)onrvf(unp4?XI?
zIHSNce<hXG_aO6=vAHTpz&+5jhfP<0xWGmw=@Z*L&{^?W&6HtWh!+%1cf56!7FnDW
z$r7~Ht%<fT(fCVq?rX+np|}(~*42<4q<tD=^0W`?U(yg%1{sqb&vBMWz85u2qr<rM
zjVW?>U3vEDgdlP9xSCrVUdmRD4Cy3F)Q^jcf%RG|%8*VSACbtEEfXeTTnK5a<oXJc
z3ICHm<#@I^!q5If?JUEgt!chba=$mwR4z@@Ua`6yaJGnv+7^S*KQ9PiwHrjBDQT8v
z@$ScG<<&Zw72(8TXFv?#*`c7#E}vzJ;wPrWp>Zf;N#YN(zC7s2{)QQI&)@?|Oz{X8
z{)aDzl6g=%UT{?Le{%W}fQuVZ->gcKtWk+Yn-o$Eb^paNRjC>VlDutwwV#!5h1$GT
z91M|Nd{Bq==3q(ocy3cgDd63Te_!!&imBT^+v{(i*|aZl*%(|>##!ZDO*hJFu%21a
zoGuq8QW$C-G?`*A?g=G}y38AkWMWBV*DPrzS^i?KmV<FnH2aO|hS^?<qT-P0An|Fl
z;XqeeK`HdT^>1jrO}UJl?Fl00xAt>cvg}(%Y8}Qwb<`yJKK9P_U!taa>f6_?<HY2<
zzEOVKaSe*lQt9JA^krd^c=H9i)ARG$mSFHXnUS3Q4+dBzEBgOQnx`*pROf#<ewezR
zO90|<U)PUO=ig(2t{uh%&vt^cNA^@%OWytfJc5~;FP=JjM2!4L|4d+_`L3g!nb$1L
zjFp$ahJdZ2V#Q(Xr}P@W!V2ew#{&KSdTbpSDT?3`eM`<4?yqL@nmnt{T0fZc&eK{C
zk#+!yZO#HdqoaU2uLh{Z0n>u)6eorx;bWWU<Ok_Jnbgif$W(JV#!uHOgShR9ti^}P
z5y?5Z-U`a`E}x&7;oM2ZHgD-$lJQBRJv!!5_8!>_c47U`>qz{tZ8RD!xr1mGWXlQ6
zTtLH027dS|%MX^>YEdG;U6NyPtuUdI?k8%1sw{D}dYcL3g{vu&*O%H2=#_V&cQHmR
zz2BcxiCEJY!yh$>q_7R--v+({Z@FM7+vbDs!j^atd=n?AX1GPPwpw@|c69}V2m~;>
zBS7q*qb5=f+Wx_>>`;RhdK!(KhP<`q-_ggp1$qRqqDErN%{p|x381jC-|H?BkB0aS
zssfwC?&K!(6`5ZwC%hD8HU$M^?ni_M1%eXxny};#*@Lc3z;L8~d^zW^r`DV}IgI^Z
zRormL6rC_}2rq*r`F`MsHyA2WUA2`#eYsfe^zY>?KUi;;T5+itv`$F!)Eht4S^7@`
zxEqA#_Xbw*`-G=?K~eS=p_5y+Pqazw<v1@epF~B;KBd|K`@OUUSNg~Ni4@08rTMi*
z@y9O`7hmaOE}FwoGnn`%5+3%QHO;M9cxANfgmC1*a%=K;Eu8!F2*q}gSNXvPQXKlG
zFX5XVgibWWUuMDL=|X{(bLlpyxs}QD2RZY)sz*m<6q;9zUZo)9Hz~TYL`E-ihu~c~
zE1WYZ>y8PmrQ}Mpp8DRqU*89)wo4DJ^qX!6fL$&oyT!0&ewT$ARZY169`4R!BRm^f
zdL6k0wvUMnMA*3NjbJGOXXtdP{I0;KZ>1R+oZ<3+)rebS5Ps^7C?6)BY?9yPZ}>m$
z-(}*#?fB)3PJp9a)&dc_EF6Xmy|8o<$5m=$u(Q;ja5o8G=mc51taWz*87{WIX_1%x
zj=7KRa9S@cpMD7i+@rrRJ`miQ&97zRY(JNae1N~p<fzRFdn1G;@eo_`5S7y=`Cjl$
zE;G2LVY#A!@4n8I+$CjwY9199qs|M!K$<wRcGHA?s_oAh=sq~0JeL!XeSN7WM%R9Y
zW16|O>uwH-StC(UD7S~OS}uvZ!7l}0PogSBfLX0sQeQnJ4b0HMza?L}Xn~ZaYFc8!
zaJ8@!(=aElistq?C@`J3v&rAF?LRkRztj}U;ooBC;tTMP>DaS~!DuSS{|VY^e4KZB
zsao2uYZowhguNU8!`L|l3Bv<`b#2?WZQHhO+cv+oZQHhO+qQT6w=<pTp)+kxIV9H{
zl9%^vzEcgA^JcoOnpTcfo#hN%j{y%uhVv-#zEg%0Ky&DlbFaM%u6aMC(6jg&Sbz3~
zrjrP40Bhiw!qW8TkP5Wr@rdv&aL2;|X(n>u82@7t1A;!7lXj`g;fu36hYE?t(?V1C
z3KAr;@zO-JQ-UU@?=Yydpf=!XyHJs^W4!p_P8EX=c;1y31j*%E<yj+~lx~}diRz%p
z*GfnkSyz9JDmJ^4>z-VS9?DQ2<8c#f3I&ODkB4z80LA!dUQ><@upNMmk6(sh&}-hh
z-l!5?EvR2GIuc1H>2XNW)ZoGH>ywagkTGn+Mq9^;Lad!C^6<~Ec*z454J_h9ok`+w
zp!^yP-}K00;fw3tO?#Hm$Y_eB3QAO+3}HWYXK6)ng}vb6my*io>>)M$uf&&jiI66(
zI&09#=*;c7MJNa{73tl9Szx<lVw9QzZ0(!BP$(T|Jr}E4MV(xjCL{tQxZIijQJ#wp
z_!gC;RXi9oCgpo2To3DD>`!-{?ql{JEE>K4YG(s$7)-n?&HD^>BhlapZ*e>>S|`;<
zw%C$wzY~v=THtm3z#TQ|)xf?1_sk2|D)nL;CbyOx7?MaNE%2RN+C6JueUOK%?w9d4
zx*0#7Q}H?}$>aCF){bKPO`%ANe`bmiz%C=kOXC)h2q!$M^tFpdlg;;LJ#jY->|z{S
zv_|?4Q!zZa$5On;sK|(_(Ecv_`50Yp82%~o{?)T9EwxSin1&l;rABaxNgLmxP1i;}
zAC9{4QeHhnHKil|C+$JCX9Ou3eg<UhL>&=|^jvDGYyBbQjO*g}#`R*c&43|YR_5_l
z8AQe}<sbA8<JJUOl$Owkd^ssf;3aG%N%ub?pMP#zQxJMK+vx$T?Nhj(g7SVrL<!a$
zIt%XC+IL|)n-H>_$n#@PsNq-(YOQ8}+K~1--@vGPUm3{&DxM_Oo%Yp&NH%9t+1b#3
z$>v}5BD+SD=YLx>*2@aE=+KAWvF>_0bnwFj2HIj)*0`aJVc;?ilu-JzjX=zRuIV+?
zDB9l3q@yDw*t#eDiMWvzca~TK{9Xxc(x$ue{sRzS=A-`IXfTCqPSYb}GoomLJqaxj
z5AolU(0F!2<{Bb?1_HiCQm?NxW`E!Fx-U-n>;~4HE$oWB9H`lhNGtp|YiWI=eieEL
z=a^e%?=*%_ER7W6G|A4e6K?Atl#EOF#98X`T8>2Q=*JEj+>$Z%5bS6rvC^5T4eJ(E
zHNHugbVXm22<MMG7)e#}ucK$raNj$s!hdqn0wqsJbjVjM|FZluiDZT~e*U{K6NXx_
zQLv?i;FiFbF=;gHu@e1_0gjON04Cr}6rP=MPTno%H@4Ywz?1l3a5>**S3Cl0wRt2j
zmqT_Wau1hI09DJ>G%uzbqxy+5nt~BvDC-qH%!hn?q_!?rM3~Vn+~d`l;z8F62jnj-
zi7$f<Fc`g(jX}z&l8^srdm2ITw4nZ>>2T&fU)l{f%YXhhG)8B`CjL1>KLI1c{<Y)X
zQ&eE8cun1{vP*WTrF9glGn5(8&Pmbfr(9TgGLjaZ&wLptRh6}Oq8m4jDkQM`pdD%D
zK06FE^>vmbHQ3p<pfr^$Etu`^)?)!lxT8GCl6aAS{!o$-$Ce>)Kd!zt=`lR_zW^EG
zQaS~x;yM(`sjFi6B*O^XCs4KcM$Zja2&hSph*2ryUQx+!<NKnUd4v@uSkbzm%5QDk
zP>$qLzW>0(QUv;5x%G;&@LA>KRv4?iI|7Anc<`Z-S$!(h!P*XsHD$73lvO9uvchcW
zEDbQf1t3#Olo!mtC68@P3k_i<1`zfaAR@ajpG>vCmbPGPhj0VsIM%R0MCi`)Q?$y7
z&6D*7do(A#aH1>n0$s)jr<Ei<=<X^meZ+beE}6)3ouWDeKj0C7A6@l-9=nNkcf)!;
zg^k{+hZl$4M==G9k24dz=JwncC)vV}0{!=lC%pSIqJPzwR43si`uE$j4?J8(Yi(L`
z?L^b)##DSg#z!+vTgG9Hc#OV1U*`C&Y8hPXp{mC>Es@?`$)ac^UEjo(uTEesMewho
z9IK5d<>NJ3Q_gUc7SrCxs9XyhU)Ow8$IrS9|AD&_hcjpVBI$U_fDOQXs_CsV-}Ndn
zSfZETn3=RYd0V7KkugX@gja!vC}(osUSy*UO8T*N4WEKnd<O8X8~B<GMRitrS$j#8
z14%&5_-Jar9+U%CKi_V8Pg<2T7eVN+HA?~T*IF=ua%x4PFB^8un09>jXIo1v6mX-7
z9nthFd3jGQq@=`@sz#5w$YTMAjwVrN{I}PgRTYW&cqg0C<1wY<Yl%7TktgjEP>QVF
zPANy8&cKZdB-C1ObRz;8EOsvyr-=R*(l;VjI0|L1`qbv7bM7PnH8zBG)UYxl$G+XD
zkP~?~Vaju(y|R*PNM{`3^HlWC%g@JpT9F5Q9<^yFDFR~Z6co+IeVR{4adskrl9F{O
zti?0xrMtE3SBiPJ4n~epKy|ssy-mifYc42vi&kZfo4-5%^TcidoQfy_VU#E^U)!+}
zpS?12E>{y@UdofB(LP9b>Z+*pkcDnHN@Hc~@`A2wf|yJ{N+C?kDyq9<jhq5L)>k%O
z@CwG*V5)j6_3mvo*dWF+NTIAi0z<}~oSl09E=);W!jDc7i=uZL!16Z;y9vFWYNKpt
z#`bkK>`gdj4wH>OF0*Z0GmsH8X<Fza3mRxXO6NE=G$^mX>h==()X1<q5`zpkNY5u*
z+~!qH*gE(cVBp9+SvmM#eH26=TYBLW;@wmG>Kb$)Ud?S|+d{%>wp<}lm#9)ow-U&C
zcXG_QLFkjy;B02I`f8G&)pezr*+{?TLQ>FwEiLV8ESx>T<TZ+Ka#}<>QTIn)^eTJ7
z3uov?h2ZF!tyx}M<k8fL?_Nkx3PFP)wAr(Ob1~IET4Wc%<e+K91ZJdU`lC_q?BdFl
z9#WRvL%?pBK>HT*fUic$&C*(8hd{Dfp*v8qso(z~yu>NWc&V0XqtEbJRmcPx+c!bm
z_$ZIwTN|6|crf2;WlFV$6*+X?6vhW4rzXZUnT94{(>T%Vg14f<d#OuveuP*8*XEI;
z@rZ6mw>9(IW~^*~t@QIx8-(#WdKEaeAzl*F&ACxo*A~HfyR8@bdc$iSD#hkPZ!9U9
zc6Bj7>$Rvm1YLB7ou=ib<p)laR^-oEX~>>ikGqBkc(A*J_k`gKXR~S|@U`M;Y0BQj
z06M~ND61`Zr5dTK!k=lko-T#*n(z-jQ9#1aVe(hZT&DuKX&E^hpdiQ$GdS}_e)zH#
zw+ql%DMSB;)p^p<ix&gz;7RqnmG!D=Z!68vPbz|3K9@PiT!L#U+jD2ofJnb=SXKI7
zFT+~mu6#rciN}=jMM;8YWZ!Dinu9EH5L-PXgqW}iU^iP`A8aa_RPV6@Hk4bb5X1};
zstt$PyI3aUG8Ke9%ird#AU6w;x$A6-8B|Ov)}(&HH$wqx0JK=+#(XN=6q0l0R=q10
zp&uhq3m2aY(dG0o{3Ye;IC-46k+|v1_54I@_QsZFderr3g$eao$>_lWNgb}d(JQca
zou_YO-&4J$PIl$f_aJp_uvde(eaW!+gv{C`!PNisJaLU^Q5?_xnndu(Kz4KwBWpY@
zT_3yRtZ`PyTenHdA#^bt*=2p+0&5ay!A`;Jz2-5h7jj54=;d1FHZ+MZH>d|^7o>wO
z4aO!umM|jAuTHf@Ub89R_Zc~TF#>MQb{%Mihzg*D(F@5=Su$6p9R_j%;VN3DS92KT
zo5;bUj5vm7f0Y{87#0X$&&%(;vDC^C`~V_2qKr494CMs0h8*xhfoq#L)u*JBKEwqC
z%E_-jSSV{iEk22I)@JvCtn50s`46=cF}9s)ODC#}5bz>gy>1TV$M%cl$>k11WjT+N
zNvA}2kFR0S<W(_w-eF&0^}rU?=U+=l!CW`k%4e)a8Co+fr?B3cCtFe2bP9*QDoKuu
zPIorr!mD4DI#55rPQKs0-u`z|sT?yO6eQX;1p;QoziApl0Tj4|woH%ZO-w6IA;}w&
zlAhyUL0ss_zRv0ICFP3&{R4t}hW2>)2j%&9;w#XXfDvenB;w?a25mazZW?CSAqV!c
z6Anzs(%fupu6dfD?uY((Tu<o4=<E2cv(yAQ6XniP{%2kPAWv4`+CQ^`{~G);BBW3{
zf>fjmKUzS=K7>zc+O-pU9KiA;QQpXSKR!7oT0q;5D3`hh@aB`n?PMw#qUw_3+b9aL
zS~!s^$L0e5RMpp}Pr=3)BKch8rRvsvZ3=1Z!||5Ya^xw*Ku(MdVp~l7O&d*frRe0@
zkmZiIny85Ja31}WL8R5`OW!rQ7Z_n1$)=XSZuhwBLlbIoiU4-iCT6{QEYgl&Am(z%
z6D$*AX>z9bD_bbZQCjw4<Z>`@L>|f1pt9Q=(X21ajC$cC9>P+-W*zINS7ruuB9uMs
zsP9hf^JNgd0jr)?2;Q8H&_(Iy9{544dIs+m5$425JCL(IaM0%=R^bx=OG7In`>*FD
z(_8;;VYI9XVi~LPw~K_F99x5#jNOrLtR<A{NMXxJ^L(`%85aIRHJbbZ)q<P{+UEX8
zYSuyNlE8m)eR|fJ8wi+W?2J}<34X)tF%BO&Ho;qMb!*4G7~Hz%xq!bYtC&O~VkEM^
zvDnY@u4NbsG~aR5Wzn|(EGF(yu8imq9b9t=SvE9aI)<AxYv=a5Up>gKacld`$d@^v
zig27e@q010xNF6P%4>*jnwGyT%U+_pF1HeY-sx(ehMl|M<<xMBzc$$dngV0$-%83S
zsph*s5Gu&!SJ^*7N11Cvthu{;NWiq&-#nheB5WD*SZgM5$a~;47bG}9mY=C@K*~41
zso<d(%(n*PHKd9<xU$hB;1poD#Bn5hp_H{Sj8x`f2VC*0Tt5wD5$vMBOZQviV7J%P
zRqsq>RScWmrF(R~^+M!@5k~;u<QG83FlK#XMw(p#AE;9~-44zEoajz9Wt0`-wa%aN
zyn%lC<qr^l_k>!#uA{L!3ROAw!IcO)RwCZyysbU(8I4!upDO$k^m#!$^b4iVM7&~#
zX_D8ABr$v+2?G2ps6sgBGkDf4I@+B+Mr;gzRask#u1DgPR(n#{8|ONE?$=4v=vfF(
z-YH10X+JAOl3guwfzvYhJ#;nfmq|2Z9UwMVy?BnEz<0PEtaMMTjiZceO{SO~@>ZoX
z^!)<^1hEyo1(a)2mOC25UBCF*BmEAD$*w?}09yC&?~&NV7JD;pWJ~`|)G|Gj%?)*h
zFP&2jxd0h$lfF{N5xXwfUi;MOO6@0ZaG_}xyIY^nv&K>jC}(kFZ&NGa4}Hc$W*d>T
zlFGYYXM2ENU4+^5s=GSXw!huhA@<b6a(HAh6#VoUxaiUwCXBeXL1Ngvh5QBxjG$gH
zRJo^~9;XV{c&g<<YQk5a!CZ4=Al-rdHZ}qx;)JqouFoH&j?+|G=^diiF784epivm2
zO66z-Plx&_PsFv4=B+S9xnr<;nvlvENtyn!wxJG&FhPI`)C)BwlI$BJ`2#pZkvpWZ
z!~h?MlSGJdv&mE6!H)5(|ANr1_z*-tyTaP9{VfJWM`><7ZA2^KE9tf+vS07*m$7!>
zF!1hjZ#Rt_sjm->8?fIGDbs?)Y`^QAXz!#6FcRN_7Px@9@JtZijzlWUDN#h*&?J{I
zg9Anky*rG(W~fPtnNTW_EG7me!@s$XtG!Y8(!O(h$|Iedc@yqYsEof1iNX0Z@)Fj^
z|7m6{r3-?-#$l-jGu3&|f*c&sYuXLI(LDTy?<wNf+l$^1T%fWd(MmkAU7FFiE5N_5
zheBwqsrHdiaMKUnN5laHD(&8~XV=Q;jPpf$(}aXcD5)e)ZJ}(nwQw_F!4}-Cp_}&^
z#FU0tQDIVxGSF%E>uEYG7<^?N>-*6A=erDM-$=a+Z%kzsE^R!_Zajx(g06Lg4*U&X
zgRp!p4+@i(UFhDh=jgZ&6xHqoD15|F%e_LHA$*x}npXJ!`ocW>%G*J(LC}0lGn_Qv
zaqz#rQYFm#4`=)3{SI{$YB6T^9HBD8>0UH{)`)a@Rj*m;!LTW1;`W64?Ey7A<+wN1
zxvUkrKa^zn$%Hq`;OH}HUtQvX>>@cS{pndS?9g|^uv`Uyewjt-dLE4wd$+djpbyxu
zGaTOlR6?MT@H}Puims)C0bKvD@)YL(mpp}&k(C*WUdGhU+{NO*#s7Osz{$?a^uN?8
z1W@#1mNqV?P6YH~Hij;yBBsXnCZ<q)d{E9VPNs&oP#&AM?xqU5JB_q(1G>OA+dDY`
z1FY>=U~G+!khlM9U~TW{1_{>#ba3u<oNarl)~)8<E)-eE;Wb&S(NZx<a@RL)x_c8~
zBV#jD^9!gxW&v?i!;=T3WB?~bNo^xqT*EX1OJi^Ye*k6*Fb7c0<Mofi8JL@z3Ks)K
zY;E|vgJ^1S0b9sk`~m`Ev5lG$X#XP?7@8fOMK!U4L~wC+MRj#`GIVo6H2d8uh5`Y~
zrVRve{s)UdP+MG0TSNhxpQ5A!E&(_oAa0Bu&=?&FJB~sC&jcEj6W{{i%q<=;(}x^T
zfx8a#OfM@p{RaWi1%#XP2gU5(+yqMDqxwZuQCtr8PBmLd2FC!F1$bQY-*=OoocF)R
zz|y$Zzsxwq{qMc;(f7WD3IC!$HQb#)Tt?!?2Eb{7(pdoHd{Bs(@kjbSlm1gTfLs3|
zGrHG5${*C@XLbC5*Sc^Q0OtG;{nqH%*un-{1OaM0bL+c97#9$V^$bAVfdG5A*3tdH
z`WRb5w!Oc;?myFU4(z{|1L*a`I_K)YFafzl0{8q3rty!umD5o+f7(y*HIUygJ(K`5
z0`x8aH{id|hc~gA>;C_Czm4}9e>)RIkE(N`l9Gn~(e?A6)EOvqGb5}6<zIfUNgInd
z{Q><Yr^E{W?dJYPe9W-{uK&`jGq|~dbO5_(X8g6_RsVhdB47OBOUq2p?j%LVhNJcm
z4~#+^92uB{-#a#V|M5G?>f+!A8l3sV{BckDKl-CVLb!lu64lafWk7*wmb8W>fBDd6
z*94fR=ddZ6YnTP=WL$QvjsU=FW@6&$A?;Qmo^}u-&%I|s+~{48Z?h(0j{zmblam#V
z4?d?s=0#Id(fC-k>Zv~JUk<_48n8gv$f6q74%z1{t*rqiUyyS$JI`91;7Wxu6t5S?
zOmcl1F0>t~q2u){xqPyuV{+k-_xpxfJ!?+w2T>y@ob|Al&v*Ch9$QlZ2~Pz%`F{;5
z<N)b+TaTS{)Rh>3Z2lVZ=7?ITBM2^|`u8Q_eD`qZV-a{2^jq@}0WtWx*!mTxwmVYz
zRwU<!AlW;)zn%@MNYJi~M8{ZRCA^pzAtPrZd!Gl*_fE7?ojpdUx@$<|$sX)pXz1>j
zB}G4In!sXI<i4qK1Mh)Bt{%YpybfY3Lzw^xGLx~L6x5l`Al2j&)}`6zWxjIzD~&Tw
zVpKNC{|g!6YZM&v(~KXY*;g~Y@wB|`A@<ROc7Y>;5ae`NqblLP>%|@I${IZ`ygGc_
zmwrWngX0rPeAg)qzfAV6K5w5A-Px#dDV(2DdnfkfMr^3t@#l$aqdM7ArUzuXkH!x|
z<A}p%O=uZQIQ)=G^W6Q#G~ejchAK=eXvxi=h-<c##`?z<1BncfgS;vAExd4MeC`vN
z4BjJhiJV^W!4!z@TXRcEMp!Xfzk#?QJz-c-)K;)G6fOSWb<3am<3mLDD#y8|(t^!n
z=4zuG-Wi4!)IBch?>Y(|vNzFN!WlOX%q~=cQz-x3q8dAx>sNGX1-iJ1dD8OmiR@e`
z_iwf31%M556fbfa(kyN`g3g=m$GO5{;XzuMPO5eZ@=a7@XxuMm1}v*N>$6;1y#pd)
z(bS7<vq76>Ev9T7FHdts=s_6ZLzS>9JtSm&Wl$`}M`b1KEs}`-*pa%6Frm#026j41
z@}Bl1zsMw<<y{W`KNl+b@3yz3VVg2McKmU5A7bZ{;yC<#ydSGmD{!(7|F2(}l{1dw
z5R{LM>eLd&b}i&0I}_zYGqOd#il&a($+m%J=3Ty<Mp})oG3tBZJ32!r3-_$$c>|Qj
zb`42%h9P=UXJL5FnPV3v!58HxYR8o^&C$DaR~0MG_NL?Z$q<<7--DEsGY&}6G}Em)
zx~i*?G;}+mFu>@vJ?s1yp~A8QzRaY{L0~75_s_?-nG86D_7L<PqJBMR2_Y2%GA`TU
z&txwTZaWcfq$QwWtJVzOi^9f&8*A1YcfpcE1jpa$2E~ybx(kC)@e6A&lP=--@ykaT
z@XeX&X#M#!rx=sp>=jpj)7v!ZmBwaDoOP^pw9SsTu&OnGb})LfB*WnXOA*#IPMBd;
z<y68KC3uZz3@Z7-sj`=Fcqh0nUeR|QhzM-51<E2@YGkcG#`TqGFC{lWT&BAP;z{KD
z5X0xtcLZxZ-AKM{-OKXGf2cXqk#w6;3~-sv$}bzuo(T2<g%nckxnMccHZ2H@6Q*rW
zCrl9>mMXWx7A$s=klFSc+y^k&_P7B81AXqRwjIUabDamPlhK}EWcqdG*|Dq~_0^lP
z51x04<8sece?A%m)$gmk^rfVloTL=61jcqcZ3p(0(a^JtSse(jJSIE>9Q;bgy^S|m
zJfR1)4F-cYwWAfPaz9iFS&$g1nPj9qf5bs7vr9>@liXHEWs*hc=9P}~1+zbLdR<M3
ze7L5ufLD&lj9PNl9iLdJ!NX2(!g*3|Z9fcT{iC;QNmJ6jI88ry0~Xr9hYI{aEHt*`
z3}k5?zk7vEs}r3h7zevv&;c&KAZ6n32kelx=8D_!B!pp)we0ohWcq=N*Sr^&9Y_UH
zw^E+kKvfSYcG9G|&hQ;#o{t0lvLyh)?4jcVX!IYgzuQ_7m?e#1q6nO>!<|MQRI?PX
z+bDhd`lgMLsRDvEUX^UX^tZ`bX<h??IS(z?DK*yN(tD_G;6~jVIdsAd)R6C+4-}Mv
z+=!MCSv@|dX<Au6VeLz}Qclo@aq`(6VB#6|_Njo;kW~=qV=`-^V92XPu3dze^b}IJ
zCq_I-phLhCDwi3{t$8x#+ROq}9k=slyN$PugbVV(X&p`X6|Caz8LawVhC|A@@am-{
zmNs*KgOsTLu%Fcu(EmAtAuZsMr?$w_>c(Kw^5o&HYhk>UxY~VqVx}#yf)(2`!7U|J
zLW};ZHk|d0Zy}P4inE3O=5uLQJ&HkEva<B!8|jwN-n2c2=krq{rkTA<wSg6VY&Ma4
zWJQJM8zIyQrJ^!Du)Yjbj$R2+NG1!XD<kL%eUxy3Q|&y#lw32UH)33&nk~2VwxWM@
zVhri+gi85!kVC4YCf{IDmuaqgJ*G}|)LX6iU7*7J6CG=;)8VLY5ujMIHr7k1m#r?p
zcG)l7VwF>YbDG$oioMn?qMucNwle#8(6SpGsa=WeTxAKYn$c-A4_x1{QEZkDVA+4r
zeUhp|rbD%}ofP8@<CXar^xegV##Zc5lW6fWH{F{LZ!a{%f3`Nzi}<0pL3>f04_07V
zJy~LO+rpL=C%~reMwkes2-d$F5u*6I-i3F}^0xCEkXn|QF#3@7oD@rscqoH2;+JOv
zI?tPF9CYCO(<$L<1w@6E<3J4vqaB0pC2{0gt=~jQgwEu=gLg#_Y^!qzbNbE-2F;qA
z(ri4TWX$HTi#o$GlW2K(_Wk86b8(+W9Q#g3T7y>wv4914x-{>S*Y_{tN)~k`sgPit
zXDq4#pD_oGe(RlrTz_#-mBkDT%`FP5ZM`Z|JcFK$>JtI%y$qR%q3`gdvnGlaZHqmM
zxX`7TZ+J7~$6KZ8mKkrFBaQBz2#hZ}juE1i<W!!W=_08fpzvs>gU(;~uxz%m)W>0=
zOECNUee)8hnMxu4NwB;qktqbU^{7jMxIxg0?oKA1)iN(4k=w&%f!S3*R$n~V;LI_f
zjHG7$-Hm;mS{=P8dhE7}$Ei<?In|DaHsn6N2iy(Ddt0rmq17oVPW3w>5LvDG@@#s(
zYA-|==54iwlxZk5YnJ_9<a1cDk`cZY41!v`M;#Q)daK|oh(<{Jr;g0@-P0(jkUMIg
zx%7$Qi_9Q2a^s!(hW1cJ9az(t6lDVn_fRC5&G#4B)%i3`pz#<Wjl2BSzFWwVHL6Fq
zvOI;FL^^(dfQ)D2WE&xwD1D|$TQ$q6-Q6L1ew@wv+jk<+KCDd5!*#$a!gblA<O)@f
z6mEvjS{Hwv=SjJlD{@N15Qv7cEJzQJ%apjQ0s4S3gTSxcLSq5$n=wlT%Th1I0t5M9
z!f#1Vd>k1Xlrex>PhPDz=NWD-YlQD#bj;)99ob@8D=H~IKfG3Y_Xec*9POb|xpLY5
zQHrDmCzPMuk5#FQFn}0FNl_Gk6miMF8lbU`T@DJ+AILO_13uLw5MCbHL~Xwp8Bv^7
zn};ODJ1Kqu?}gwj@HR)<vU!aZDGtdX7e_4l(P)`{(hcP`CwB@Fd2>$`1i!*J@{R4&
z1F<;*US!peq>e%bk}0@mdBUGF=)Jnp7-55V1>H+OVU`5kOzq14n;bqsszU}ed&Bc4
z8%Azw(aVwMD~aE1vqJ|EGBzZ6$1R3RbHz92I%4G_#L9$RLyZoGUgf?~T)m<9gi)dY
z+U^i8JI;;r4q0O4+i(zS#2?_`DMd;gj+UI#-+qa^9@z!Wka9j+s+xD*nE3p=Xp<q`
z)h}^CKXrk>#HLgZ@{6phXh4`jzIta5R5?LrPwhQn)zpe0#aO!UF|sH6Tgg{@{HiR-
z=^+!9ww^TP9Kd=1A}8weF|0<;_#Z=15|UCcBF5gf=AsT=IO<MoJ{FK{(Bk;SgOgIf
zq*&rBsFG4Z#ksfjkyDxc18N6h9M&=<*%?X@=T_Et@tQBy#>cMWyRniJznIgf-;Can
zuebWj2T4{r&MZaiDSKvEqQNDqBb!fWP+8d3c{CK3G2*Mlg$tU};l9p%Z0|l!`2qbw
zM<kVJ6J0B<`5Equ??v%sg&rfIBVV0ETex7E5KW#MYGJHCqY6H2(}7+1CqRnRiUu=Y
zAm36BeJUUhDv9u5#5XHdxVN<G(*RywgchXy=wd^Vu1nWKX%%~94zWL_)bi!08;lMv
z{hVa`(43dhWsQ2b=eIP<nCjqD8IXV~rEj#jgD9!9Xn@$3*@5ABM5SrGg43}vaS~{S
z;C5Uv6XtLVDlT)AOO*(F(lSCT$zs10_-WU$?kWn1XjcVaC{A?L(+EWOeu`L`$BW;U
z?1j_bfOy_Bg`u-`;B?83S+eK&|Mi1|^L5&%W;`&sj;p<*;bv)NNxsFKr1)9_g?{D1
zIMUHe1H2-MY4vw!UkWHy?*8Lu6Cq!0P=)0#2g%y%6v23+g{xLFU9LsGR9_`12XLTm
z2?tQmgPL|xk~}<})V}Cg+NJynO9sLWmi8`18@Tay$u-0_!&4^QdGc$k!bp7Ah9It{
zSGODNZ}@`yK3Z6sdR;AB9|ScpIQ6v@F4Jpa-aOgwrDxNOV3ib0liZKxGqtB94_&L`
zqH1&c7Jcpr0p<i&Ql-$ZAUVEs+Z7mIIS+>Bi%;8#Q`dUqu!m~lHS-h^37ea6{}q3K
z?t*u1X@Lu(y%;c$=k7B0lrf8oOT#G&BDb&Scf~XO!6e%B<i05V@F42|!+rjphZn;^
zjo?-NCir?5378Q#RUEZ3YVo2ZpxJ8sToOvpW>f35A`8lPz#vBB6g`T>vRWl=Hq#b`
z%RVB(3jx$DtG~09G@uVnpK$liOrJcK!(Sx7WEr!k--C$KmiiP3N?E$1H5UeVCZ@cL
z)I4s+9lb9GRhX;MVWJ4YkGoO$x<j=->9J`F9&lnD@5&Uq+L60|jKy156sM+OX}uq+
zp=DHAvMObeGz`87geufy0a<l%{ZY|j&X^;Swr14b))5&vu_SiY7Av2@Gs$kFlQ5yh
z`9OYXBUNDlEmu=zX8pFp0ylfY*cHP)Mb3@l3>u<^@!Q9y`CbL0l0fvebh6alFUAi5
zrB0vc-rv->Q-esDB=QNtO<5o$@y}v5?fDKbrIt~R9}oM7?{9-ESh01N6B3&+tMK-7
zrBb3WK*<|!CFH3e^Y%=Ax|(&ot!~*IE>!luu2|_e#}f;^#%{X37qck3HtxFaA?PGo
z&TY(6^x&7)fk%mMF(-p^Z3kLXI2~USdkWd7!d`QbOzDmyoEUSlgVdu8bSKTI?{x=t
zDMK6~Pv9#@J)`LxwSHO(CGEePLJQ?Obn~Td0F#~#!E+{AA1TOtNnYy3M>rgd!OVjx
zT9>QLDYK>vtr`;R5CAqV55KBu4JsLLWZKH~Zx;W1c+H75)HiMb55nz@2L4R*4g*g(
zrqFwk)md7TQzvb$4~jL%ex%i7;Zvw*79N9~9nC%-y$S049Ech5Hna&~ihn-o%sfw)
zwLn}xLx0cB_)|1_28EpD>&UexTP-i#X$>E5LH1=nzl5_sOB=G~#3Qo!zktD`@R{~K
zx;JtdDf;bAz^xzR*kVS<9DkV7ZXpvk>e3CD%2r9ehdqP8oDUfnRWzE+73UemQ~N^N
zA#(?S!wh~M0b#|XdkBGThA7xX;?3H$ns4AW_EbSTNo=unjUH7Os3+BgWhUMdS_Zc-
zAJ$5Z>!sp%fc9{rW4d3>J?ErCSLN|L&iAIuL+9nAPG6$>zhJRIui|dzdtehj3sIl*
z4M~0;^tLgsy04@)C+2ft*>{<`)Ax@|vNfXMPg+||R!Y=x`@<e@^b*=10V7V|{T#Ni
zgYmQZ;kPNi1lRGTgWMx6-?=jYBi*gXl^_V+pYlDlsjP0zg7=VSUgZTI{rOwtia3EH
zU+Xg+iye8ZI*Vmy?;UysVx<Gf6UgDTe){$GL54f!v1NFWJEbs8>Q4=5_-#Kr%}lBg
z)cqfpw61%ATxtE+H0v<eRhc&(mRw%kpcZJxNp#&ld+G;k9}gpiwEDf>LJ1~uPFy=i
zjhv_O)%}**W<1A1LrKN4Mi9)N&33cULj4CIpj8M>-1z~M(jt8FR#<8FCw^^I^kgIN
z<&l)C-8)dOd&?e5M**o7mT6W8e8dk(^<^J!$@i(BN97f5?q==Bv4%SdR}FqnLbJ)4
z_9v$4sS0GeO%{{p8K<=N+gMm{5;MW`osHGXgIY>VB5^j1FuBPn1md;$(RAM*wW!r`
zHQ7aK+$T>Spshq%O|Vq?z3d^V%%49Q#S!e;pT$~QEG&bH9@xP0gNSJKEB#!j-s%-_
zXS<w}_A5j&CFl5?mXb+aQcSV;XZ{q#{tw7ZY;s4*3OI;NA$3qs{Q^M#qf2olp%qQa
zp;@|w;ngJD>#v7YeH~q2>XDz@=5z9ni{AK@($1x&cA6sR^a&O_#h>Vj7?t^zuJ!g#
zZJ=QLCx@(<L_zb1CpxJ0QWmKEiWaxHWZyPjeDFuvobaaXt^c0f((_Bx`EFQT>zqgQ
zzm6&%BI`#;yb>@T5X3e7#yH@+3eG1-EdwQ*eK$)daUA~ydgPP3eRyigMqmuT*oCFr
zQpB~$c@bT%9E+5`oa6wn&F}`n6(CyYQt9n+MtZ`hM{a?A2|SLqG9zTdb3HJvU5c&m
zR~(Zfc+bCjIx+=|5LD7M$TEkyTRhGH-QG!CDDmz_s80X2xu4C<7AfMPMkQ$nvl^pQ
z=&CKr`9^jLR5X6Y?HFpYL<zGu0-LtIZfE^^((@xMV!P=nF@%$&z|L&^%ZOOC*SGe`
zO)i+1&u6eUc4ilsbSEUBf#?{_xQ9N8V82SBo8nuJ4a3K6g45~RVt+ls>?}z>4vPK7
z6w#QS*HZ=2eumCVG+OJ(3P>S-j;Fzzl1NqzzLQV{>eGW3Gy7ZDtoMpO1PUu?i&j@!
zU;F4~62Eb)g7{C>;z{;Jn5K*Tmq|%Ov#cDXIjxUWG>x^@wdD+ZvbJUB${cWFx|>T`
z?}GU=^CGdh5BLlA`w&(%;RqeyMW6rD{eS>(6xXhe*s$ms7QY3ZL;C^e&IKb_Jm!6+
z;sciYB#oVA3l|kG@Ls*P_TN!*MHSUhZZlDJ&}~BzFeuV#Z{2FMm!D`tuXsk_N!rcl
z{`z>LB!p~+8|9#>W0KH8n$jvAr-Noh%+40vT)k7kc02cV-s{ZsLlCTuW4s<<9zULj
zyM9TT1aoa>mfj{I`CzR4XOMDjDDt_ip7Gm^@L(ZjFL68pX99W%vLP#`xtj+b^zv5q
zK+#lVj5rhe>@wLjnx-p;=o1Y@E)M4))rh%4e>sdr&RDfg>a1-$Ku(72y{>J>S8{*q
zH5h;Tb`9s3glzNEfZt4F@Lg32d~~9~etAA8tfY)`9!JT`P(^-ko;Zt|i;!yfLfrL@
z{2!obQrc)U7JzSw7f-+F;Z%_v1+te4Oe91k-Yl{cSgz0%lNVZzErR!AdFGr(zj>2H
z?^YF#9%FwWy)sT+?kv{~ts^M>A_)r=C3CaEx<T>Nh$Qzjy6{#g#!&4Mn+7=;o1p=J
zeTC-CXw=!z_n6&l$>V$T5cg8wOEV-HwZNL+E>A-IO2=DMYy<}r9$D;L>i({bS+pGO
z&B}4};k|)6-`!r~pjJ&+7p6GTjH8UJEc_K(hVM-s>i5w^q&RWXflYYF&Y#y8uUq=Q
zk#mQBIQaBoO<t#H#1T#5a;IDxGE2LPT9qM$yDV{YIb0PJHQq$9i|Aumj3Vl<lc`m=
zv>k@bg1xtIV0aXnB}uaC0y%&=0U1h|l2&kcgz3ukmONJ=Cu1Vqqgm;;?ZdLTG{YF$
zusW%YL5xsl!^%S}2DVD0QZt`6gJSqmgS$-oPk@%5?<~4_%AAYO%W*gtlHC(Et%PvJ
zBi<^Lm2ZBfIX^7#{o3$1hY!__4Ep3`BIVT<^T?j-s!%@jl~AP#f5=I>%_R$Aq^QP8
z!v0i*M4I#=3K}f2SmIr=VH+j*hpf#bu=L<cYQd8%Byf>>{6mPc2gvs=@)5*|JI48?
zGw*W;_{^D{2T={F(MmVU#hNPx!=MKZIOJ3nIO*&4ZEmZ~6STXz3HJc9Mi}{sV?7?~
zTctve13jVEK&goMU-p9HB|=1*JFQYMa%&zCo`9muoN?#sK6nh@R7JSJ4$9$HZ;E=o
z2PtVus)+y~YoO*JmY{URnYqQI_I&;lJ@ffLR87BTXb&z-MGCNl;uq;o`Cl6oc2(p!
z&%Tu?cc`?19y*~KiD#4SlD53(xam}{%R6yj<Qg-Vboto=ZB=N(RD>VT%y~I_IZ&G&
zcu43NjBc5%-}MrLNhm=@)}8~sC44p)2yWctSQKvd#a)2NqucTv&@<m<d+#rjcHdok
z`uZ5WU>TX!osaVtRQpbHV%!D24aev_fojhOrjxt)U8c!n?=DOi_DaN?1>j^+<Qq@W
zO)V+;bw;qNBg99{0jH;CmX+I+qZMt%E>t{Zr}Ok`TujEFl!f`9*GW<Pymn0h_+Q#=
ztSu0Xu+3~^3yJD7=Zt|$GCe$pt}d=XK)RHLZQWLAyy@oDU(p^lo9?LY?8;Sy8W;5g
z3;pyp!7|C7Gx%u<>}K~K7xUC%r1NZ(xKx-{RB4YLX?F+P2H*eClSbIJU?Sz742!+7
z#y(#f>()=!ZWgttRU&P*W+~wbOt7KzEaH0VSy}J-q%Ygr0Zs47TrkyR-b5&lKcyO}
zLf#kmO%8MS;vC15wrYn)wG8{gXTNUvv5AK-W6vEKC>ZXyj(>yhy#to=x%Q;#awu~A
zV)(S5n!cFB^k!{?!L|<He0bEEq%@?qqu6SsY&Kx?TFFE1ZTTJ1R*Y6BBjQTZ#U%r4
zjYiAe&={TzBT9^tub$ZMG26ZPro<Yj?io}A8K&!bP6FsStKs2$l0PeuP`o#F4XTOH
zel=~#==>)qbiEO3p2jr=MmmBiRJ9dYXh)vLLGK+TfLUG2!>=2RDVVRiuU?zJsGAlM
zC<#r*3Heb>#f9&N0)kDEZEM{G04tYsH+bA+^db6no<%E<>(HLJ!%KkQ=#l_Tl)rE>
zV&@EY#$bZ&Tegy{(vcgWwtk8%G!WC0L{DW`$k8NMaREl5v_$^??;Kf?^UKXLN&_zp
zU56tq4zY<#X#^7z1sJ2Oa+AaycwRzxjZK`51qHnq$~ZHxSx418_~1z-ixiixwsL=9
zyl6atynl4wBEE+Bijy~D4gy7}JV-oP_65*<-FEJ0w4g&9nP_A?>T`r7G~^<?;@$mK
zcwow7T`3PG5XD97P&g8@>EdF91_%^{&M?9<17PL~(&~iTc16@%oIrIb0}pZA5YSbd
zux;<yHeqZ}!w8%ne7JQSzU;~`L=&Hfek-FLU8dR@d~3$2!NMxowAXK=lhAR`!Qaxe
zyA39ep<Lj`2L4<xwU;67h}87bXoI=ZdRWbyNmIw`h!v%K%BjiEp}%ZAW&4U@NM%Iu
z2Tu{q2?gfw0M=K{-P1B}X1^l1apXSPs3+`bFb*={`Pb4r!*EsJ5Z|(e8LIkR?AM-+
z(d)-T^ovL5d4oZ}tzuF0<9i&=`;Ge$aaPvDWZ1F5PqHt=$%~4IKXN7<KYL6C{|*t`
zmZdd3GURPbwo5wJkQQ6`GSZ-2G&u$pF7;^AeBL_>hJ8&W;b}WMYsy3{s|FDmS4Zdo
zKjkPNX{XlW;t%=@WhsD%qoVl5c5y$wh~Cr?uP8lMk5TNJWP>E>i*Mi=V@$^5Opw$$
zy<B<)p*_%Gi*^UIOc52CvMPjW({!q8yH{m3LV^^S!n28-xh1aEeGL+OuyL&|vo~#o
zx&$O%g}$20m=o=s;<cP1e2&p!91miu86zMv)$u$<Pg;VZ$;?P~VtmP*ynu$E^yIn6
z9%p?Mkben-EgvFzwj-O*`Nj@pbSt?tU>MCq@9IBN`Sj-^^4|Q~3b#9IA*BXP_o|gn
zh_OI+S=~jM)e?d$=!E%nyZ^An(nnBP$FE@g@YwNYj;zyPT70&Ol%!$FWD+!@NH2!7
znT?R4K1^RnXk`0!;&xQR|1}{t1AZ{xtRffU0PEF?e+e*5LDs86a(9%zkHnLnXG(!=
zIg6+_lCFhH{ig47GeuUI<aJZj{|fAN%|4Ut#~9x=_0ajh8?x)~VMJ$4vtrDyAq~mW
z(v~Mq+!k;q{vp?vUsXr+PvR6L_&<Ql-%gv*NbLX-G@Pj5E^8s5Utk7`r}m!dGjRj#
zyt7f$*mddwQ{WtXnX$`2Gu$R$+QS^Ii5+qbkMbXhhvJ=42L?vPodus`Rbl^JCbjY-
zxs3UIK$s8W8DfAJP@95jxgQd)NR{uuv$SqyC()6QS-hv3wBYR6+P}uRh`aO8^hXf6
z-_SSp3*MXHouPY(3Q3)oRP1H7b96VOfOwitQVM#mC918Qrw54fV5JT2e0$SA5>3^=
zfDyl~(V4Hc8e$(0wCTRr=b9SE*UQ-TFT9}zfytFI-H#M@hoe;Cst0r@8c=r-)fxUt
z41gF_0MmCzzwF|hKH(Mb6Rqtc%R;7~L~jJPZsU42&LJkKtVvZbtY&aI#7?pkgdXa%
zlw9!<pZ~)cl;EC?+Bu{5-Nuu-Um#RC`>%4QW}Gz!0lyI2`BoVi*Sr267t>&>hpH<v
zuI@%>vD*AE;Fr|iIZ|{-E@MdBmbN_`No-jt%#{?K$m6b=Wg!D(yh`Fvg1btBcl+OT
z`!7$7wDfe+S3<LtM32LYz}1BT1nx=R*Th(`-RdzA4*kP;q@|Dl{$LmX9603T57nE_
zh3h^=w;diiIW_s~DOm@?A}&lz1+mg`c&|RbLs^N+9@o>=_Iq3^x#5`RaW_pL-tw|k
z^)k!T5t!-ln*l)ivT+~$CuwaLR-;NH=(~~cb}A$;d*&(d%oG~fQ{3wXfZpfHOFMzD
z<Pl;kFPwjW6>b+!6@q3>xUeZxM6w%Rn0kF-n{Ecc&3fI<s`AOnj}H22=I4aQQ}onS
zcey~LS75?5<|mR%rgiT!<?GG7&rL}{MAkLW8(6|1ZoW5gV|@gh%K>$9epl@IEPnR#
zZ0jB@cuTQolsHn)4#J88@KaWGLTYQ&!I__euFUJzGXIk7eCy}G^fU8|ccaTY1Osad
z?2r+5^D|e4w>*)~B$gO#ha>?I{1zVV2z(J2>LjgzYOBDovwOdp2#`{e-|-1eRCe&P
z_>;+ZJsu@iZ6z*XCeYRHUYI%)2-NAeKL4O<eQ`VYG^47`4>X(%73iM}&|SpG=rxp;
zG<XxW*L%iPxcden6?$;S+jA?3(N(X}+V?&>Wv?MmO2lDjy)Gh&HYA5F_O*V(fpY_e
zr-qo_POP?tLMk7JQUmc`BvLXBI$q<KalEjy5sdS;RRgnCsM#IhkfkrRq2bv513x=<
z<6V+nOvh7pWH^mm$rLTM{glBj?2rG1W(jn*&Zy_=y*dES_dlrZ^%?5_ydqhDG)rs9
z3IInRGWa)PG-^!MAzS-y-uS;2JUTxqV|)$Bn0N@OQL!GrEwmZSlO^ax8_Rbs?$&Uk
z*UNHn9WF+LERC=Ue-*g5|Hg0^2P|8IIG=9DmkYzHDclI;6*?8LrZA{+Of5}^_GFh?
z*|R0`P{U!=t$yGY_<5UY)q#&eRHJFjyZNY2*2RD?LIyx(t;9PEGUJ|*pJ6dYNkcvS
z2NFo!_>N6oq0RNJP(=Z2=ZN$|QNB+eK+1;gU~jKWD4(6zO}a(Xswt5z^6De;B~>>G
zF%W8X)2?Gk^?QogUwRaw^~AQE<#pZ!Y5NIv7K87+MTLxxO=s&3V9UZ1a}h)7vlDY?
z{x#Xdrq!+x4zTwXQJF}3MgpN9UcN^T5MGg0u@uUCy)BD2!s^!bJS$-t9_16BEBtiq
zs}%B|wnSm-#;-|zA{t?C;7|r!1+b)QpAAcWcL14?J=p>Z#R$ssm+9K&M~eILS~^U)
z>6niQ>jN{sfpQ3lx~K5!4iJsnE10v&CB7*8Ib*-Lr^iqjIOmYBv0tXusTTX`jgaT`
z=3&#X58d(6pr8QjpG2InNz)9UD=j*Auo_CD>s^FbN%r=I>-$5<#Qniwy1T=&uIQ;^
zJjWo{|H^6UZgD(vy~}O4h!3}RjGw1wD7fciu@{-(Zxu!lccHwKIM(lE-K;6wT!Ho2
zQ&`O*8R}D{=8Pp1y>}KyK94bPxo-1$^I)gVg2-CW(HvIR<8IX)d_{67SeOw<W*+If
z4I2{3{rCgu_Y9u=UwJgv{}+$O$iT_T^uH;z{}V`KWMt*w`2UP~*}5A$l<c&+X2;FQ
zadBU)x7u!PO1jx>ov&Z7yDc`{xY%ro?eX3H2cvyf_Imxw#Hd<NGm6(#hX2>|nqAdg
z8NwSE855ZshgCpSPc=3>IR;@^Z0b)+h~xl@%@%ZPEfkv-unPd2N680j24`RdPRGQ|
z*q;C(a(l&#BXEW`2PlDD;TH|)Y)POT2RnvPXlrV92F=g_@X*!O1=Y>bImgv~zxcyb
z0t5p5&n6InIgSN^ps28%n3x8jAT?eEND|O0AWm!@P#E37Iu1er%>=l~1y})K<`xHV
z<xdWP%&o0F-^anZ@F(2Aih6$jotB<almjauC!;E%BdCW;KsK091;o(E3OX+J%WHRa
zJ^X_X%i`GlvF6eYaP}v*D)tu}^N0P@c6I)H7lD@>326Yu<OqfVJR{h85A(MuJGnXy
z*Z+IhSP}i>ujLQP`EvrE|6TQ8%nQZh75&D@me$?`7(^jzePg|g0~i<3$*ojCTsxpK
zCpO{6UqOtGz&ieq{?;E+X;#eN6`_&!uL|d=Pnv+-@gMiR3gYp%x)n3=RUgui@*2Re
zH@%a9^1tYrzB%B(%Ln(OQn%Jsyg%=gJ;vXTe}bB-a%w_>r+xoD0@IpV8<|5jvVxa$
z{H-jGFFf~!`fo;w<@<M?@tgb}{m+osiIdoD9D#cP9Pv-z^}u`G9e={^UqMLd&34au
z`Z_0o3ylnpKkeuU<i3&d%ZLAYW;+KLkZsN%;`bfR-^3py62dtgOQ8OTt@$9bO~xjU
z)+x0bgEE{fGqY*A*i#myk7eVP6gVu4fuU8sf1rO=RNhsX1P89cbenH4sq2=A5el>j
z4^G~@AWrQY_Fu=jcSnc)%V?F-uC#9ZFKIGYZfqpavg&ZG^XH{hKG6$^wb`s?OS3Q}
zekRBg{Ltd7p2hM^`^ks5HY61<)HBSDyvRPCEb3*9sKjqcL;uq(l!%7iJli2EW^SOU
zpJu?1U%DHhlaalaOx_}4I9)TV$QqRUgXp&yZE=e2#GTm<0!qaNX16s3?n3*|LKF^l
z5xUW+mm3pQoE6|m2c3uxwWw+<hQ4PMHNE@*gV2Xa6sC=pBjl#_P3Fea<UW=H&p*lF
zrlfZa7-PrOM=z?R*@|xfO-R=)7l}KAD}~R)@9;w<1(ifpSUE=J;VvsA!O=v>Jx9!0
zG9#dzL|xIUdgRYbdB6q%b6UMJjI-c$m>g7T74SW*Jgyr!!-dk-7hJr1eUT?fY3a37
zS6PSbSLH5eIPz3JFY^^cI2!Hb`Jy#$_*~L-zBM=wUsY)<$EfZ9By6QI#o>ih9MkqB
z_B;3%>6I+M&uH2u4-SJmO^)H#k!-vsBU8lqpfXh1W;b~F9+8!548yHI1wLXMJO{?}
z3}Ke~1uE<Wzb54x{AO2?+?b4^-^)yPKQAf|PM|2Tj7mv4F>as&GU+b9>sY%D8L3yK
z!*SLZWnQF0u>yP-FyT<t(#&U_ssQkuPThC=Do|U)s{{<`o;@~4H(tXmsec4&z!c5m
zWP`{^AOc4Ng(nq_ZBD?>tC~;O&)Q+ci8)D<%h8+db*2@z63N^z%h5RfI^I}BfRhv6
z?61*tR2!N<2=>LDClYUuO%b}mQL_+G8i|MXPgHb|prXr;JtI;;36@RzG+~0ZTS&Z-
zwyDE?Cs6u-5Sioy;0+UD+62>S@}MF;e}2&!IFg}q*6Q+?n#SJKrTpi{jQA5_1-(;(
zWgeKwR{oIH{UW{5;qc3UV7e`*dGcyk0@vc~?r9$HscFlkOpLxCIDGugWGj!h8CmNZ
z7GVXrczunq%(Ve4Ut92`jzDBE)R5*QD+4%@vfe-OH_fPOpb(^pZTOb!B7v8fys)yP
z<&RaUws!hXB*4>WfzGU;U6I$5V#-;DCxK0qt}tE&2@14q7x>K<3BBWTa15eJErXa8
z8^lrmNE6^?1~z+*wx#&?6wg^u<T`xo&(2lhxmB}sj0`v(-EO>v;3Lrn$UL+|Dd^gt
zTlnIzQ2pB2g;hs${L|nvA`_ew4a#$T(fKg{mD(J!*J}DUa%X4=E|%Lp{eH+E<rFeP
z7fybK4|V=)JKadi(Vtea?4K&1dp8;&Fi%m!*!RAZ>-uYA5Vf@6xj4MkIqO|8Y{d~;
z-mdcF*zn77hoWa)VXh?K+;P4k-Oz3iW4y<9pExr)NHmtNMLf`MtFSdK{u2UgXlDe!
z-BH==LD_hXu+2Ex>hU8ymG1;lLwA;?OK7QbiZ!?G15ZZx#V=(O#aj9!98eoP%r>N;
zc`D+oomBhCxLxOxUe=)gL_-@Z5Z|Xn$|`Pt)-B$(D7z(mCbS-C<=q4f51>%b5eCU@
z@;Du-M1}sDfdn6TThK+cg46LzvZm=oicckifv{SCJb_*RC-82_uuF6cly}nl);$Yr
z%d>B3%9X7x1M5|(cqVI3RHacmEjBBWRH{fZphchikBhp%7=^8)v*%Z0N4is(CJ)nw
z^EIFTWLyPgy0k`hY^<kpJBMa=@o9P;tsFAc7^HnP-yKRk!+mvtj`4W)qRXOF^7_+N
z{eLiaPC=S1;Fc}hUAAr8R+nwtt}ffQZQHipW!rZBw<jiIo=(Kv_k7OC{pH?krITw4
z!LIzQE9KDnRmP<CjMbN%VRNV{@@(zNm=li{y05{P`gGDZm=Zqy(qHAr5@%#jwNB$z
z%&p>Cyx>4ck#o+sSW+^NUAnvU(E;OmzezpljBR${?;CJBUlgRe+LPhW;JR7iI&0mh
zbYo<h_!7G0%?pkoD4-D0LbACl_l?d+svgEu+^KzE0nb^z+QQ&&$ghCbIRa)Bz6l3b
z@Mte67^aalB78jNEj69$?$Ht36_M0r;RhzUHD(U9e@tQT#52I;r>2p*lvCZl2$UyV
zJt8<ET!q`1Lag;CN0!(VXi~wu<KSObFcbZ;i26;UW;z2KjVSN!;-A*PbKikVL#2Cn
zSu~<rXNqHpL)Gsf^~t{+azl)H7<AACYpwq%Q3HvEVuO_09-T{nZ7ukPrpvwLrf0w*
z02#G_v2Pnd^04}7@}~r^*R|fYK{gA5=A$*t_T}DJp5%_uSuFu)@TB_-QS*Y8qu7=h
zfB&<Eau0&6r`Pu#lfg_mCIg{Voy)sr_D>LnoM~}q@YCX4kx7#c%gJXm-&?%mtP-Yf
z#Wz)?ftGIOonqHs$9koKckM0d%$@G1iaq0bqLy?50uMjJClPQP`kExpU*&5CRBD$=
zxfE?dH?gdLua&KYIRX^knYnn>4K+E{GEw%1?|KP^l;F9v@l|i`o!=0z7;NgDz-)iq
zNkpiJaqg^ztbNKzC>U#?nxn?Pe3p`0gD{4H5i7`8_(c{BMG}C;5cz8QEfJql!Rf%f
z7-W7qsx%~$;~5(@a)WF~lMr^9MTl(Rs?mB>l($aw4_G#QF-Z?^V45d`{>iWN{fV<g
zPxNLxZ8MINE&8i`_^eep3#0L}*qJtles6}kp+Sn<Xyu}fHY_wW8?(YZ0g4hSfe26x
z1)c{ZRVwl^S|UHL?;q8I<|J3!2r9M8uHeq=W<IZ2Uo#<n>zOmn1>HRBM;UJ?9O+r~
z{z+ir4fiTtnaqkXH5@%#D;~OQUK%0T)4nhtR|LgGUpwN~H#(SgJeyZWgbVJ|8vkv&
zT*@j#aV>M>@_ls2Evu5I7-`X${(o#l0S1bpQqs@=j%o<maSmCo<x5$odg1LQBT_zM
z49=#mBC1Xu54huFjVC9cEx68O6C069Ilxz}_(F(%a=f(QOpf_m(W0oDO24UoP0o#!
z<#F9xhTu*4jbx&7nc9u$3`(LhwlO6<mF1_NQ^(^w)hLI$@~-DmIUu=6-bDqbXJHGA
zw{>!KCd%ahg$A|NIyP`BDBz28hA~vf{1Ux7s<Eh=!x4s0CNqc+n)lC&;<9f*dpPkt
zC@#eNWoh}9WJ6?E9{JPdCWNU$_X0Oz;ikZc0xIgm=gw!g)7q-MD;mt5j3AL|UdSho
z(Tj$-sI?u<i}bGx#>Ek<!IDHCJ#1ywsP9MHY{#OW^W=s18{B!dcU>VrC`v3I`br;v
zY%!E}aShr66*mrMxj>SmcT^0#7}-vvbx6b#yR!UqZ=qXA0EU-DQy-a6h`o300t($@
z%#W>+Oa6)DutMJWdH3bFwqe!xgdTCWK21Bmcjo|=>;cT@*Yu(J2@%;};-(~7;^+wI
zK!b)i1Y-+JxCz$3!c=B`Wx_I#b~oMiL5fIhGnlBNq%O}sVs;>;1mZhqpPsAX-K*ux
z#lheaFE3gZ*cPLK?BLCGg6^(T4;pBfQ88@@%3Jh*tR|8#I`(VPM7%YR!nI1J!wQ`B
z1&P)~%LMY4(pm{5={%Jki|<^BLgH%eY;zhNQBXOH!-UV%<aSL2ao@dGKY9}aal#)?
zN5hJ2>q>Bsfx!)()YyPfTyc>zF@~5P+zTO`*bJSGrHk9m^1z%tBh%(wlk|I09`k?2
zC7Xa<ufv4~EU2I9ME@Nv+g{ta&GjJanyR`wnBN;jxMHrz?s$WYCU5VQpVZ*WPAB02
z*4YyCZUSEGv2|+Z^YN<gyP4&FYtwT8<a@L}EmRfhVN0eoe3H=_s6B!oYL+IBc^}Y$
zc@`peBKEu!YrGD;-F6?2;vq=dnP~C2P(5WWV8Z_t*H|bhtC{y%nVp0@hV5g1FK#P#
z_XI-Asxo=57jvC%%w@DA1yr+5Yt(<{y3ffX4kTv)y!viWRgRh0P?<RmDtA)fB;>iN
zQGVa-`=&7L;l!E7=GuK+#I6kpwbXpoFcTz8vGqKv6iI5bOQF@5WOXbFajRY6;PGnR
z&JvhNasfV$6*$RY1Zr?PFnYpGhj$qJM++gS1@8+v+pud%sltN#13wmLlvY{s<}!=)
z=2bw^hG=R)I|raYFbndO+1Xsl+xpmF14}FMh0bAX1xK`xuv=Fg>~6x!32chzf(EGU
zPKs`B2@WOE5nu?AJ<xI*BCsAN0}Y^Ho8(`d+hxDm4uXj-{8VH*dl6V6xe^v?sF&ZQ
zlL*g}5gh~dKjn^AanmNq)V&F(%iT&3_DApa@N1?xdMMJsOu@K3rjZ5cu-EUkVjdiV
z<>M)%VHfKCHE2Dgs$IXDWY80oFJ=cTx+U=Fhh$$JKH^xfX|ODuDpG-St%Bi(>bc(B
z>6MLACP(&1qLk%MNU6F4c%9S!s;uO`{8B*v%b1Z6R%{N;$z}6qaZZ{w0S4vzFN@y)
zEKa1bjI4b<QM)$jgo3vFrc0&CLhvZ^2Y7OG4k><;?D5D;8c0bs+keKJn^Pmk%<zQx
zOgxP6a^i3LmucMjvgg^Iuc^Ly4+%LEKt&g~$LJb7J$r+z$l733nR>g+!5FRtCH<s*
zS3i$`y}e+5hx6B#%5nPAY6hxm4OEdXB;`d2%W}WgL-I5SFQgiUM!?)KUA;k(<S5`8
z`%;l>Z|;Ug7I0gOeeDT~FXufI5Z@R#1aLhmsSggFgfv92C=8k3iM+I_f<b^1{xl&y
z>5XxorFNRp2Pit=flT<=!XzwtcwX3bf_G_3cn`S}xKi%(rj58VDdvXq(&4*N8Ptzv
zEFmCl;TIR>NOl>|BT%Ih+}rD^a8~=y78lG<RtSM%duBwW4H+U{0nJP~j-ELOQQ4sW
zO72+Owu}(Z(SFVN6#EO-{SeOMfcldZMBU$sqB&oK6C6m<9ZeyZU3n;7H2^HLx+%-Y
zuoJ2@ap_wrlgr_qrbDq?u)V0vba<euCoi3lO8C|p3s0jqwNIGZO?P$48hOEOZv88L
zGXr$h=;tOb8!En^={n1$WXZnn6T<Z_EtFbzwHMc;nRFzzTwn5MCyLXgONiw&rYIW!
zXCEHX(Y)b)Bafl>MF=E-g}{LlALh$hvRH0~2z!iIfr4Q<r6!GqWZY@cLUH9F`L`>{
z=y!4n?JC9QF2(Ik$XZ3`$-$7!Np{ajGX6pLG(Dka8mKTK5A!0>GAr)rFk)CCx*@?P
zoHH(~n=o)9UCY3lk~bV$qSJWkEV?=o3;ZQP*gf7t;pRW>Smoc|L9dW=9^VdzJ&QcJ
zXJ~gxBA2YtFkpdtDU}N7bSU-FjAvtd4<=d*&ei%O^SLuW5S4+YzlO_+LLFx+N0EZO
zSyTw8vkF~p!)|nw)T7R5yQ$R~U0_ST-k)cZVk>BQBxg=x@fCwAbR6?&9S0L`NGj5+
zr4*0OovyY1R6#od<7*t}Jt($Y_p7Sz#3xYvBIPNDRTguZ8I-qc4WY5Sg!XlYtRpHL
zGpg(^M3}JV7F2gt(YA5tF{|&iWbT~fHPimdc@*ObQ_j;Km6!K(oI>#<-Fh{bmMh!a
zXgp=#8^3TOy^De4-0<hEpOD_(aHy7+9~t0it0l>GBODVGP+fNC1s>^3ckr7=#U)7R
z{ojGT%hK=e?Z5hko3SlwHO**@dLnkMvG!*hO1O?V&;NJ>b**~pep#=l*m&ZtMab)A
zv6J6BuMsD%s|JE{+yrI9r8^;Zl2P*u*UJ21eVXC{JD#aFkfNE+ARc-u?WSjkIiOD$
z)_&|(_c?Y+xC6!d%CYKNeWKg{WZ=&TlJ<y4&NomD&snh`XYiN)S6-Mtr-|%*BEQ0r
z0y}rRZ^ZvXh+eCag|eX~SFJvF3k<EsctYQmYbTedfLw%8qh~+^8VEDiBwo1-SU?H%
zK@g(bLh~#&Mg8bFujg1@(0p~W7z^6$nt)eYx~gB)s_=G4K~BipH2AY?XoIyzQ+LoT
zbW?5uS`IH>yWo%W!HZ-r^&+YmtyvUs4@Ku9%1q%<)H)jUSr9o+U^~7Uazlr8PUOKP
zx$83MYt!rhcDo^v8-rsgjW`?*k$b0StWcKAWcngzd^=}*wI_I^cw1Rvr*jifQdM$u
zv_45g;?B}O;&>=4B1uy*dBlBJ#M+4en`EO!;LoP+w`Zu>uEykv`=g0UQ7BS5-RsK5
zTljBNt&W$qzC46D=|^?Fh~X8lM9QA8Y7@A7XjwHiF!{OtlUait31$>A2tbFS?c&4X
z5BhxUj-_`{ay%1I5$`XPD5uMUBbfb_dJX8Cg0cnxxwmSVk+oyFr$getl0Z{*D<j4U
z0gl334Pnn3Lsd3jEOmz~v9OJj(|lbAa{aPQY_GD+-&tb_zu+)jU;HJ&hw`Y=q_X0x
zG<!o3d&OWBQXHG`P3LLxv+6T<)~Q=D^5gt@)wEo(TPuX?j*mT<O^gX!MVv3mmLmpY
z(RN4jEGjD0DC;eoFNo4(mrbl(s4fkNsy~G$;_%5jDRoWC9%m*`B8}SJ+#-asut!`s
z-usa4`fXV~I+%{=j`z^>NpaFZYa7)tm^l6hzJ}4ctlMP4)c3v0&s5hrX9F&XsecN>
z1={@jRLujlz$j+M;O9TGb8;@Ji(NVv(;7<Bo@_X^6j#3j4oea+Pl3y^Hk0MttyxB!
zt72e&^Hwl2%C)KHtC{gIB?4o>3Dn?%JXwp6FbX9KQY2Bi)$cx-e?D9zqQB=3lf;Z`
z+OAt2=iVJX{p78nx?P7-Tj#G(_n?n+-)L{}_2@cdjBOqXf8>U}!0h!IPQ?zZ>u{LR
zNw~%knl;;VH$OHsy>TePc7|mYKGLb~Krw0wi@s~4X5-;~6cHY7b!kWjw4u&uM7@C7
z(C1m9;YUrp-cEl{r0^`8AyR1@-bKrAHpv@7QtkGYLA?>##3GiPt0V?sQBOcd!+#m-
z+oKYH4~06ii}T|W$KOk~Tv$H@iG8L0&h;8|=p}{Z|LVAuKf<~cjZVDEN%+fVt>#Im
zT;8lzvxGFAau5akH4@teF^8X^;nqo3QY0>z^PNAk7nh3JK=Mnh%uF+IIwVDyx_?_5
zh=7ePJJQEkN!EV;?_N7ZC)2(&Dzy2eDq0^TQ;r94`{BA4bte`3OnP%6>I-%uqKHjz
z)1+E=IbuQ3#(7FXsNDEThf076y{=|t&Bmd=$RFPrWO^cs%5+E-KV{8ANWU!Ce_|qi
zs&~&fp?>PW$*^)D6WDs^JHi^eiW~~{Y^k}z<_=-7cD!Z!SxP{*)$W>VF=Xf8Aw$jW
zd;EMk1eD2AXimPa1n8J4wGpr*hyI_;P2&+~sw~)%M!~bc2FHmw=bWv9e%*SwY`6;{
zhThrGVo7r}kK3iq_Jk&5wBNwb?{bjC^(i@9X$`F!P`;uo4RbNl<5(;`42Og(tb3FF
zVtFNr!lm(AQ2#kUJD&JftuW8_fzj5m#G|w!Bq#wqIBCovoVI|UOKhyL*yeF(MQ%%_
z4yzPQ!^}PSxEi75UK)H|Hc}|8>ww|U25H+#Rv_Ol9ptEa0T+!hVlja}XSQPta0(AQ
zeUo-=Qs8!o#QM8g^Jc}rLqzgqU2kxk5bk3f!pnC7EnaN4EsZx#B_Y5X3271(_=a<u
zDJI`19knR6M5KLbI3vdKwnQ7--02s39`=$%yOWk_A=k9mqkx;Ef>=3uaTBmR*o_%v
zO|(KLiq*@=W<oO^bqc^z+=ja699Dc<ZXH+*eRg+(fmO(hCJP>_JzmUQvBvV}B)=KE
zbgK#nrgz52Jk|WQ(vvMrY>w7iXh!a!un+x1vVH?y8UIh07`hVI7(Lmvztb^myx#4<
z8~&U^2e+<B@N^d8Uuu6jpRqnYh$im-JTyok=u1*!FB}#;-UW5V=!lYgIBneOr2gtV
z)y5$}+VV>FJFJma1R2V^uR^ChJ1<wP*<&8yF^MKxpG~^U==vTj_GK0=Dbp_&&1k<v
zOnPhvr_QlKK;Bz0IpS842JV?wK71@ezgJ+jWjY<)_y;qU;**$)5@ulkGuK~55S*aI
zo5L~!6%WzD3)OjloT8l<yxlBK0s!%xB?!Fq%x#rN!G~4U2rk~3i^oxmJ5U%tY6@Bd
z>E$>#siQ51RJ;v)qv1^Li&Ra&ODx-~hqlQmxZ}Cs;Ti|;GK6(!H3VoZ&g)#zy64^R
z<PO&PR<ONhi_j3Iip%`#SOLT78Ri40qp9wOlSfA0zqC^$aPuWT3Y?OgW}|=<lz;ca
zdKdFYLrL!^vI97S6zqe!G=z0W?pWsO$k{{jWHD_lKeq%kpE8iNk10ZNP}4!IoB8=_
zE?h7PE-|E(AD6vKkqX8Kq3fm#eq$M_NN#{YyZb^@afxpZ@1wr6&opiJ)&BSueZ-1Z
zO0?ng!aZglg{S7vR?+Zy<X)|=c$3!!T*;Vbux2cThm236IdtdQ88$Kah+QmcA6W4j
zJbB1)7sMIirw10VMj3b0NBzcBdyn*jUFNVBcuwhsNj|QJChP6sA|#K_&+_=PYPLmn
zmm>?3r6Vfj3jVfM3(PN=ZsIXw40u&O#Ga4H&562PwLb!qn7-u!#Sa+`ZMVb=g*Yve
zi%MlPk{oHWv5rSB5l_1pF4+`c@M7m5JnpTJw6F~O`RXK9^q{Bg{v9|@^AeIfuCrUk
zl=ltghdN3H)vWR>rMU_!;+3^!e@<JYKabMrw0`&|4vZT)h9J&4y?<@G(T=%fsM9ve
ziBaZa*_V3dhEf)dOUX6?u`hu@eot(`=+fXLW)jK;u4@a+p=PPwBN11)zdV_0O{`dn
z%047LDtiEjgLadJAJb`O!D=Ej_e91*xW^f<H`rO7`CrygXX;?omD5&)rFVlTB6s}b
zo!4>^esQ)Gpfz%5D%s0;!kU4E=3bJv_HkKYwh_R7+gy!I%g`(tnM`|5HDYTpn2hR&
zA};{xqgCBj00EV(;`?7nZaao9?#Sac(UCady#{Aw(x&#EON&^YmJUzXb@vb2s-ss#
z?As7tWbWOsrcSSI6QnTtS5!bQ*H3H&`}rN-#I4lZB<93pA{U}|P6?ds*G<?BNn=po
zNQW&Lp?dGxc*&t;1n9qhgBs(8DLL!kPD)!-pS8x7x}6ZH&qm(V?u~NBLK{qYdiwdQ
zCO%|1Q`RgfAw4#I4bl`_7&dhmK&z?b&M*BtH#WE?pUO<&ZYkuqOHFLoNPSw<3p{4<
z4X%Lp&`Oafs2<jt@|plzB{X+%?(dWiO>-4Tc}FOZ;PHZ2A?2+i?4<{?9JOgevU{K|
zYs-OL*JT?E{O29PKr{(>gPT%Y&*0AClxBZDhZ)q^q(d74CRO;}9$Z5kAFqiN5HU)y
zBJ=8h&V0p2Ai}}&8i{URVg8hsmHDI?W#$k9*vKO?W#jciT5Lb3$G#5PHMvSV+socC
z4U?=&iiD1?D1g7FvIw$1CbokiNQm*vW+8+?Q<QEMa@;JNt`Iyu{4{BsG_4|gkIlfY
zbH*g1ffQ4v+$g0>+j~U~8nBc8e6wb`6*b}6csTDFQu1wA==>p}l`x(ls$xwP7UUU~
zTbbWBU)6z>$hVn8oXu<PB33G1$l0nmHHRXXWS3lQuO&7Z*eo2tvs923=wsqOXOPTW
z2t}x_HZEu+%b~ev&m*!$YsN4r0At7|_QoMPe)4dZsl~q#UQb6vXCdi%`ijI<rpI%n
z`>O6mDnDh_S=@f_c%JA(jb^3vRw2|5y!n~TaP%0)`jsj1EO|Os>@P)U-~Ds~$<via
znOT#51uV+m65NS^gyP-9Fw?3eSWexjk1N8TrDJJ1Q^Fe%jm<P_dJFyaIgF9l3Vq@7
z6x175&C@UR=03J>hH6os9EAYkAA%H($+`t%do8VD1A%q)a|LRim|0>Vkvs)nyb8H|
z?`QxotaR<9g!YzGpe|<xKYTYZg_0%LH^C@YcqBxzL~D^Vny?Nej4dh^LOtD0CN?)|
zd@@mMx!pmarexG)MyY_Hah55s^dnnCVU%x(rd`j^`%jCorgs07@my;kHm(KfJW{PT
z@v&upUH;sccO*5xNr(-UP)hId4#D03aP;1yDGtGH=x(boyBQ)gl1l9)xzq`NEy-OW
z_Jk&p->Ub!)8&;%b7}xZTxoznrBjV+q9`^aa0IrHGs;w8%%rt~yhRE@AqRTX%e+=8
zGgKc+ZH%jr+7+6J1r1GFoB6U>v-@cuJ6(;k5T@B39#>65%oC~JJ~puz1;neb*?^(e
zp1Z+fP@M*Ix#w_L%C@R<US{eRGgplV%hf^N6WFcQW3U&`{a87rZAofo)u44%c;x|p
zYPio+2+-llImalCC%C!keiC)FbyF^ao<*=dU=^#ctIwCpyq_?J6_j2V4Q~4l!+k~9
zTAx}6AU?P8xDuC!x10S+x<)|8m0RH!;*P1B^H8Bmf)p_GLyFBYCP+qypZRQ9tT|hl
z1R@!yg;ie`oRrz}hBrbdtb|^wmTN?36vX~e$q^s2^l!5wb;S3XMTeRtlr~pue1lKW
z)2?`vECru>GylK<ad}Lyi2H+{=t{pcpT;IUSE{mRV9k0c`)cgs(CA^KE~|j<C|^k^
zx(FjTzp@epjf8*4kBv(7v<G=YMk28wM}~!zoU5rCMP1SS*0?ZfRCWIY_1r=2<xg?Y
z4&ij}pr$hvF`dFt$oE5z+_PyHPlCP^lkZIX&L&El$R<V}9I>k19!~Fc!$!R}O0Oqj
zkr`&GV_dL&vdsz$JekMae!GA6sX05B@je^*Y?gx3Ol88xa>O@uK@b|zBGrx&>yg_V
z=PTZ7x5=$c#oP|Pr9jjQrKlaQE-WtQ!t1xH&G!*)gkFK^%eKoewDb^tHUYNEtn%tn
z>}-%j2k8p$A{0wqVm?uqXm%L3-ra7Y11sjGBhsm4>&vL3ku;0h@05zRs~9K8t9?mp
zZQY8)N17cWB)?-(FG0f=Wqh#9CpODhKIm*g$BRh_jMDTyuA4dN?Fvc~RTxGzm&_c9
zd`RgkdxC9Jt;o=9H|fKT7;G_u>G8%V{zTsEynYSi(nKZ@#M1|Ht>khA2UQZDBaWI8
zs#v&_`-47a<&teWTsX#&OvD)!IYQG@!w6WsdkZZin|=<;Y?~HVj&6M$graP^5d0`f
zF;--A1FNC-(B;V|^+lUaxb52H#ilnZ@el^|kP}gTF`&hka(`qsj=J<hrGO}QZuRHp
z*iVb{uoJL4iBX8KFn6g{sBf!k1zMexsloQ)i;p@>M$vV-c7+ig6TQ>jJ8sNYkWqaP
zkv90@<w`#Oyn!qqzI&<!{Va`U^E!Fob5yd~_y4JbC+f|Njb`hG^$4*5H@|9a%;0lu
z?ORyA))BwASqT64d3QG06gsT9aTNQa!@hyBmECm(9tLc-;sX<zv5cs-K~YTOm(JB~
zPhVR_#g@1aJi$(ab50ScG<jgvvw{%A<(3;EkLKme>N(>I?1iOGlM)+S;6P&FTyJ!Y
zeALe9Gp`Ub@q@w`USl<Va4ZIGf2wObKwF(6Y$@Zj#cU_!8TL0L8*z8NZ()|gm^fm#
zRmd-hP`H+E;M*liQ*TR9>nf!0hc3g!>)V;-5jizPCA>c-*YaIzZ_Ba*I&oP*BF&5B
zQb)v}%+j&p(0i{UnIN=j7=L(-!AHw((G)gih3`X3LO+ELWx`!81C3%FeYClxBHziS
zt<ymCfOG7;lpw{K7%x3jHc#op;)Pc)Jk`dg!t#6KSdvwzO-T)9$6>-7s1KCe)fQ)v
zA+PZ}-VfI`g=d_B-AP7ER1xpy<@Ksz8GB9=mv18_!#u}%<V#6EoMGde8+&p9YS;L$
zb=Cfk$_y<CZ#aU9yXjjFd3~`MA-J%l+$)zv$mYgwZte=4r-IadJQmj>*<8gIi-72S
zdzw$~;GaxeEzv0c7D5@^;4+!dsJ!19u32szhHzQ|4@uKel;yPj-T%yH{a=~cyr#!X
zY4!?{!=&uX7*qp7nyC_&u;vczxg*<~_-SVwp%X6_m?Rx=26trq9&Z<kpTr)CHsg^Y
zq)T5X6o1sIfaQx>Xo}ErU2M!Ph-ub0vcchrSWzth9^bEo49;NC`DZ4|N8~zZziZ^A
zd$wv^Jch=$Q9K1g{j2#AGWjE+*fp4AeQM|==^6AnejQxFpe9rsI}pg6l^qyd>s6En
z>0F3eZt<q*XISD(wZbH<>rBTSD%&@@&F{G7&a5)k553|aX0)q_ez`oiC-x^apS$CE
zQy*O}GZ(g<h&dT!D1C*b+?2t%j0<kDTj}2NloAksw&Lgf);rMc2vpj1DGX$?L*r7O
zfeDT8*C{PCgNyjs^i}!504uv^CT{0Q6+R3c)%<NU^+|KWC8^d{hZ4h<tc3YnbH5xM
zo)Imu&sI>ALu}y1wSMR~H4`EdGJkZ)f}vPS09Pp{oZysT#RkTh1Ssk;UUjHS7g2)z
zyfnY&d(lUa5y2ovY`AVP;ULnB<FQh*hH>1huJ1%^`tAh%f`jGtL3A=9aJ|mNMo6&z
z5XE9GlZ?sjIs*d3!k~5UYbX4&XYgs%@DB@Bb5y*Q{1VMkM6}GN5Mxs@3Fon(-%o&;
zZtXQ}>HE1YC^XqtY@r?IYt0W*MGIb7t<-U&FdfX)!&m9<i5QA*C7)`j&`ne;yNhuU
zi8<4`+`h0W4sc|Mv)uZs{WPn#fY;k>iDF{LmN+Nz=8_L6Yf6Y_j7M|olM{Pg7ew};
zE_c=kMRD7W7*i7W>X2i-lrI(cJAM2jMGQ5Xu8Ts$k&o&3BboPhzH9Ns&~B%|Ckd;S
ztDk7kvz6qJ#VPaj*Az#k<~x6w4Pzh4>?Iy~L+%53Nb?ebz(b&4>EW*=(hz@^ORHBT
z*;@yqT;BV+Q0L1iZB1?~r=P2g;um8-%O<p%O%9?878}b(BGlEep79>N6cjfby2uAU
zUcOn^Dkh&@t^l8JHkOntxdu#TMpzjF4X+6gTJr{F)SwOk+xMVyyb66Yjnj^9wJZG)
zV%Hi#RXb5=z$v;kdA5>`#woo?91sXcrGiJBO@Yj8xXr^`LB17F?ILY@|CwyW!N5M8
zIC>+xI7UXT?}b!ZiD|o<`z~YWr=UMe50cl&!YQ$zHE$<x(%kP3AQ&7K6&5?!dlxDP
zYs7xxMPTK27^?key-T;bge&y!6Sk%yQO0*Q4$ff{!{>vYQAs%ivcfYxdz$%<DL1GI
zmsk84pg}{;$ya&>rhSjW>nLrfefa>5bN$DaVYCEY7bh){7<S|dqvrM>Xq{xX1GEkb
zK0Z9}@t;OI+t60waP4oq^qYHm@1jg*x8^5zy8Vf$O5*7o9Ut*M+D`ElPFu+JSq?C5
z9<b4Q6;q~0*f)1aakk;MHCQ~ZuccBV7%6LyFgZ&USP*sSI6`s)hw(nXmz)D7XT2pn
zh~*gh0UMv@+SNO}T9`gR;};>^mD*FCCdGAI88`Ndlu92d{&&3YRQE-?U3h?7q6eI)
zQA<(Qqj{PmO@g0vy5g+9b4->gOKc+d3*M-pQ@f$RswlT;i4KrDnU>zNE*`;GvVmEd
z>oW|xF%wWZ1Rw%XE*)o|#r=!*n!RPyg`cu!n7zb1^-Zry{;DMtIV*@9Cb8#DR<fR0
zffm|iT$f6<BW<yl;8f)a*|f#*z&@H5#bemH&sFml)wAySpo7kG2K*!wq)^y7Q<zT(
zO)3uVsm@<t*#hlCZ&@AodeI?MWZcBWI<#hH+yfI&5s43J<L1CCd^RyM8EL}(^<}0N
zfreZ)hfFQrAi2NxO`Peefp@1VO~%`)5&hjV?~qPFFQkc}npgpheM!ivk!M=H4XEJe
z^tC{*_w@%>|El$1$4Hsy6!C<#_xNbpvYSflUu}wygjy_@^V%-43{xB=tmeNun&>n!
z*_!0av+YR`*|E7TOX^4ad=zgmbyN5gpRKz(bSeKBShd@aER417GK+yw?StH5X|~9;
z_^F7K)ViIT#R}-}XKEgt0C_l$f2z(2&$IWJ3=EOnE<97ADoq?+zlSgXCCS9iPQfGm
zZU35irf-Hk6bZE>%*ymIIcvuK>UvGrSw&Zf-zRuBNY>nHNI>;zbzuTu{^IPQw`Vp4
zCteg%(yUQ8zAVh~cjzES$TXKzDEJIKiv8}MsJ;u${PfKwyC6`RB|{~KE~&DrTBiWV
zv_IetR6Z%5cW07nyWD5=M#D&d7w&yWP$e$Rwb4~AT4JsMrq<W_X1f@kDgBMT<MCH9
zT1hqioi}Dd6^ju55Q`b4ahBvu`r~wWWaI5~v9u#a#PcRSvcJ*#7byz<d$qY&%6bD%
z9RJuW94kiaFjgO20?JJ>6`CUKkj6?RzYBGjq}pF>4c+XIna{AZck_xD)y}ywey&zJ
z(dnsdOlW>^pJp_U7VOc4uDudfD}@qHez35kH8BZ!rM1S2_s6@xjb3co41SU`Uq`{$
z0=AnXq<{K(qZ^1eTCWtbF_^nbAhm;#DXKN#A1FlYssB2!$6f}k#}<U3%AKVNCq#V2
zPQUVh{xvOT?_^o*NsMyAnPg5!t=6`flZpe6&f`d$451zhY)~x>bS!g%85e^XDC1Qj
zawoSHQTdAgOF6S*VyG*<id-%pg29?&7fii^PzC@sK^0~E&+<0M|F68w%+A8}U)^mM
zCa(Wm-TvReM3p=_m#uN=jVDACgb&_IjLk8PF&fR~FuPdI4AW<(4JfT&OlT^u6dT3Y
zrPoEsrW_kd8*ir?%wFZVpLKU#ebzqbnzrUXcjmr#22Y<Oz$#N1py5+Og-uj}Wqe?j
z(*v2|;zRoT2M4)LSOX);P+X8znyC$f#DP;SP=HcEk4#Jp3=9RsBp=9(b+^m?F_pgR
zp)?MWC~5I!AgUuc3pvowA#|QzUV4w@?gQg{SP7qqWLUBDI}3o}(8C~HYSTBdGO>V+
zAj};4f#d{}kU9Ieroh9*K*%*nGX;gBKrxB2`oCp?NE7@AfA&NJa8U?7iY8RJncy<Q
zA!VPdo1f~^HG#djnbo*~0{uZ`>6gZ!RU)bJV#E{g1zM9p%KJ!g58RI)cs{ntmVCvL
z7*S#J>m{l80^LSX`k4h>SV#@R{SW4tC!?OK#3)1y9zloCup>b!SwmxA2KT3tJXi@!
zMTV2Q%Pp7<q(uuR!1@EjC6IgzkUVH-UjYX{Vwg(EE_lsQwJygdeyR1SKD6*L%wtOD
zO2$Z>ouXl`I8SqaOkzd#dT)7;7M=J{1Y*e0oV$K`#dVHv`O&Qrxd|=3NA{q&t<O-B
z#4s`r;ItJkbjT*lw}Xb8xB=hix%wu)9nk(i92{Z_6B^iigs|_1i0cHW>PJud$*t@O
zZX(!~l#r4``H?RFaGpTaFfcy=5sY&&@_%f7k%9BBuSvw1VDY7SNe4ef<O=kQTpi?G
zjQq6if0&o`bzeOCbx^*I&kD1NfM1(Op-%Yvd)f^LQ%{D!&Y;{B3335u?Mn2);UZ0P
zzBW-@1n0{`ZSP0Iz1D*FdoL^1HH+icQPHdB_mV85CFQ0ULk!<UCn&ZLROd}2;<+6c
z*%0&Tmvee+ERJv^uda2-aKkyGzxf(>%|+s*(H&hnL-_Pu7PfHD&BMpL*``}b|E#WG
zJL)l7@(%J>xeVxz4a|1Kexz<LbboWcW`LXO8iAAX1i5p1{zT+5%?M}xLeqTrk<4)^
zu#_Eiu68=pXgW+KqJCl5K9i%o5COBN&EOa%g=Zoj1n%{U+|1Gs<{=df7@0S{$(<x*
z7)GEs{6T<_H#L%Jg7RWb**x#*AWVsroxl4fZa!E<)Ga}kQ(%>M8ItMLL+IMpzwA|{
zDdbiX1l$8(wly4CYeZsl?&<hq&#(-7O9k7hDtgS83Uk3|v4md8);89)b1wk1v*9S#
zw$aGu14BD^G;bT=->${>Izu-G!(1UE0nrf|(Yw;B4+s6b7oQKkrMBUudtCYRo!E(^
zk4}LhSv?C@70?Ro>RFVlO5FG}uJc7W3Niev)dEE2w`YAG=RRImWM#F?592x!^GbY3
zy6a<7L<U=`Uip0PB(3_hC?BNPcU*dp>{bS1NSs*IPTsU<c1)tit*nI#RN7edOtt;d
zT1h?J$9ZZC)RV9z!W#lzCOP@p?;!V+FD^-FQ`<b(NmF`PKxqzSl2c+KtrfOvwDZ*!
zW*56<?XOF8@M_(|mSV-x&30PxR~GWzh(J9f2%&#_Z`(uH1Z{5me42^~GMkwN_!R_U
zg6U@QrcJiM$udiEgv21ZyZ5PX-!<~qKNte)E4B_`_GY!Gud$KDi5^GNoZz~-#dNK(
zx(MpkBM=G8;0GXVc~t=>MW)9=QzK)g%<I~r&R^q~+^<Q64yl;>l9z-_qZ$0(Wo1mz
zX`{s<Ux@~tVQczfe`x%|Aajhf><R;iB`OI<CtW4X8Jc@|sb^j?pqsB)?+qL}B@&B#
z<N#c&>f8UEf!o@u(7B*?euO|Kc#w}iu-?^xzZ7hEvY4C&6l$jZOA3Vo#iN!L0840P
zvn-w_b1Y+*OReEwC^GLoiJ8osR>?N39ZF)xh2cCi`p%W^v$bo13xwYCD!=S5j_SkA
zpEDpjPJUSUN~%dT(;Z8p<vpaM!fh%C2w9h*ir~$^+zxvsgQGRFV<j<0nY)oa+ov09
zjB19l{A#fUs&7w5>C@FPQ=Oiu=_~0BYs(fIDGFZ2@yUcjS6U58Dph<++(}3q20R+L
zOUYd9U#XfMP`Hbb;ekVA1U)xCJ7!5(ikfr20)+3fKFiw^N0XfyKe6R}s!!WqSL&E(
z3UTkHK=<mHr>|*C<7?I6$YPg4^`a$uQXg?NNyz_D3r0$@Q?c>%ht?&}@Zs`!ghrf5
zmuO_DMP~a<Wt-=l)i1U39)XrU6Mj`Dix6s>p8d90)O!E31TO8m{+$<u(A#yI17M+X
zt0@ZTq6@~*B62BqMIOMQt5Yz*wVr@B1-pq($rjN<?^UM4V0Z`hjf3a&f5@6Kk4z4e
z-OGl&vOW}TvRieZ8sZVIf}#HGT`>!3hN0`9D#k5&=l7k9!!6B)lmB?CY`J#HEb9aw
za9-aVrU_}$3kXbm{Lo@YJG3+Jdkb)6@-%vID`hJid<DsZo(>^6y#Psu9N<RK_$3wR
zE8_8?<cqJ|oz`Sb|FS67lHbGv+L^T4Fh$C;rR;`(;h}^4BdlrY;wEJrv(dysj9h-G
z^?M~}n_T_avAU$Fs{opAQ`zcO8ucd9_u=c($%qBC?QG>Dq}AiOZN}T#D^1KH3i1a_
zmKuS!{l5G)*d`X|O=e$#2+^7>C9^iV9#TwQGJZ+1E%~MMrDoFH)ixH=PJpTBl#9lE
z*Wr97Br!c}si&1%xQ*F<=C?lGji;(-+LX+mmt5Ta=1pr?3_0lUDpS1;l3zD5*R~tc
zAaC15chdv$Hcn*9TNiNPRT^2x*y+roJn!YPhsN;}>=f>l7Khk*^F9gH10D`k@FcSi
zr$NGjJ1Wc36uhg=etAmkY@?lvqjU>%*XDHxor8}?Nv@ZkGT+NgOK%ylpsL&it8aVI
zQ`SPvIPztLNZT|o_!HuJ-1cOMC2TWD`2JM9H_13kT;A_%2-8um0XO-F%Dl1_Ajczf
zGqQ60(iARJS2F%bQ994WD#weBMwx}x?^7KJxnl`8G)GY_mCsWd#NTo7f_8v=)i<`o
zRn=Rq@mG0#jx!7r)9I-TBMALsZABboyMC(^%M-8~ug{tp2XhG7&al{Bf)mTlIsiIO
z9!0EmA){-9PT{;Y)(9KqGr#s1C<k#0ww4+$H9?j`jf|9j<QuOg>-wyUpq@_^BtQPS
z5wV9UjqCZneghbM`&_(<Ws9RaXj7L~za3Pu#(8BIh_hlb=@$%~+bWaK`g3;Tlj@MK
z{&|T@_aZ#-9LwqkdAubOpxEpR&o<;G75or~UM>@PYh)e*sgiiitdPOn{Ki{5_L^H!
zIuz(JsmO=UI0BOmW#?AhBM=3@W0;qO`3L?EBTs9%xU|!hagPE7$+vdmU)2$qycJD#
zJTZbqpDIM;q?Aj8Y2iNVK#FSx>sV=96VZ)k)>pd55Oi8Z$s?x9p{>rKVL`xAh_-vA
z{c=T2`61{C0~zPb{+O3=bCiy*k>lW#gNyTZ@{U3DV5ROBl$|f%lN~?a@cJ|f%WWof
zlD72saq5qa8#dPsZN12l19jvHp{jeaa8u~NoF^!A^bS)RLR5$~9Lgm78mWt2BJi^x
zmhdL5I>HYekalC-1ia#|%HuI6!sL;Lkt@bzUfk<5O7q63yC@x`3jejui0iRSG5U6y
zG_GvzJiK&C!hZSl8*K1J?gK3U-f*j+G}1!Ox+dcBJ8Fe}y>Z&M?No4=Scn?K0J~U9
zyWYNW2h#J<#M09ZcIJkp!KYP?0b%P2G@1RgrRNI#Va~13>fa$p796Yh{PF<1rZ*~K
zSm}m9wP4_@cWZ)E@%bdm$425#<tXCowBep2B$?eSIb)*U2a=}dLM5m`H`Wv49|$Ws
zT~w~_)y+)kWIin_{%~&iPnS}SRKfM6n&a&c$O3+D_V>rfkXVLH!P+2uXrjYA0p#Yd
zPqL&?8c!w^)3!_M2B*t6rm7=^K=RYct(oJ$qgl^a!OA%`?p9jvRtGuL(o<g(FWn(f
zd6mNsy~HEWKKi*uq`s*fffH0#^~5dO;-_h*8D++4vgH||q-t|FtQnwjCE=7!q~L0C
zw|Gf4V}B;~%R^;<uQ}Fh(dp-v$0J6sevSqDbso$L%*N5rvTob?;??49cOGy$EXjM!
zfm?|yo5^h)5g#E|vxi7ZUi4+>4=Ul-35l!?S&6D`M{bAE?20ipl)xU<l3zA%?Y8K9
zwIMB7Q1ou(B^aqP(X=y|YW6l@cL4Ao`0<>YUIZ+lAm;xw^>F=1>S1DM`hO!;W<n+o
zW-gBZ$~{b+Osq`*%gt(ao3V?T?h-w=d$!BfR)g(kYYtDVZ5G~UD^F{ZJa=nMtj~w%
zZqIAmnD@(j)7-0ZOoN%~OjT`V)d{Y30y0(QJaone4(Q1Bwa!`k8CD1ILu%`2?X1&_
zTcgXQptE|vJ_!yjRz~=*`SFo||D>14!N=j}figiv1IU5Q%z%DjU|`T<2@dZJEKMwK
z4T1|+lvWFgiHLmar}_y4jphQD9^K2DN;>fTziy*&=0|r1&@E0MFb)7-MKDNE4h=vc
z)3mn!K*-=?bX1<uKqbN5*n%JykS@%Pz?7ZXn;MxwCUkQCZnJ{a{uw>L`cHOY{UdsE
zDvkw8xRwATC{7TVz}a~I<f(pbz<jd)2!M7AU<5%5Z5i{^zFQy}bN`N{gq*2e{Pw?~
zwAZpWI&uJ_yEQvA0D~}s{EHun%|G)%Ak_v>7iSiyCU-l~kC`ee8i3<B1}sUMpA(Pv
zk1Oca%#V2HMppZe@?zf~Kf@m{-DukDY+!mp#D7m<fdZGN&LXgj=lVGVz?~f$zcAp{
z&1HBV0Y-wb4j`F0Tp1fcIXQsAuaTcJ9)K#vo?q3@_`tyEqkh*l0PVStQ=^j;)OPyJ
zFe4ps!s_^*wYjy3kh-5Il+ei1^lu{kvuSs6aVOwoCs^jk7XFZzQSc!%IKI3yJNnB2
zhBe6aABXKd3q|nVuZ;QIFK-+Gj{<0e`r0MF1qe6-l#2k@NB{ue8~~c`#>$w)-sICA
z=*MRO=x2xV1xT}Bz&$!9VF^I9HNLty`Ut4s7XW4R2avx50!WUHp4za4-A??#4U5gc
z+7=cyw-!MyDlN{9jDQ(g8s9f7{MJ{lWCP^cQ{DReB7dqffVj!UM*(*gS{j)eo8L=b
zt$tnpZlwUJpE^lE;cPx}5m_OT=wqJyMPDH*!0NW};veGqFMv{PcIU~D?q>iAz4aBy
zW9geOz-5{i7wDxAnkysy4*+rf2Yl%1pQfG!gF*(;e|9$!E8|D?4dC%(UGhr6Xyiuz
zQVN)kjEqXiIp4ki&=2+7BCnN~_f!2|ivVcf0dxS?^8td0`OsGvi9OK2!&SZ1LS_E#
zO2(7RX9Wp<y-AjfXeL=X8Vc6<)cJW0BdDkBd+SpAJi@)2hn?QCgvEhcUJNzx!{J2k
z5cF4p@am&f{tVt`9qHn-h6%xam_lKlVl(ZmMKx|BZCpiPgmo!PPkxl#D!j4i(#p@T
z{Z;`cwF?2ZD2_u2_a(QCxjz#~$P!Yxh?<?9Ncx?NPZc^UArb0rPxOiCVCi&dIPMY6
z_^mV-uB5{YpL3HX%TJ`g&AH|7nH-o<HE=$sykY!jOb4p2B{W2<n<!YEIFJ)YyQY4e
z`6T7bIZTII<$*DMOa=x7Ds5Q1+zcWU%f1X4VhxdThS9`Eg~wJ--ok5hG`@L#-uC3r
z6;7Dr7ydCM{zCPq8y&HajN+B|02rxAU{F|F&Tu067DjDO1AE7hk9EH5{LSb=1~B7@
zJKD6c-;GJms%CVo(5HWPiEP}lG73E1CVx){v`Q2l8#DBr2M%i^Vl$&5j35C4`xp>{
zE~hdO(s#e5309aI;vdWyJQF)*QWCxu?(ea+xmtF>kD4<m$o?J}D;Bj|pMJ4<2ZVIe
zS2fq8#vrTpg4(8c`a7vVewj-^i8{(g@wf;z8;k`8j%J%}NY;WlAP=01B=V#J$>-Mf
zuC$wK!-PByWvL)LElRjYeF8@~bkL(}O(JQUhSTw_OXT461GL203bN2rHti31(5Zmu
zu0OTU?|X^`bGJ*25mh>QbMpxFc3)4m<#|Hs(rT#hbCB9=)iDSkRFqq|f14{FhGPN3
zc)#BnpDFKy`$}4S&A4o;e&%uH@hJ0&bHK0al=u&uOp2Mw{T;UeL)D==(&AHxGxa`V
z0gcL+D&Icbs>d&%@d~bG4K!N|#DU_WY{(bwerX5RY{KEzQ|#dKd_8Mu>kJ4zk>j+w
z<V($D@#XxWGg2$7-jB13n`IPo3<Mv_mTVH{9SHlzgMuvaq|K|dYJxJ@4I%y$8JOQA
z1|@$hv<Q1#^POGOdIz@P6&8&yf6wz?>NLS5tqL+ISzpAB&m1NV=^tt2tt(n??XQFv
zY#~;<gk5*+P!+Nj3S4OUJrS<P*n2@6S8zPJ_MTxThh>o^uGW{eg<n9TA<nr?(m;5R
z(?qd2#N#X9;awAkqE_E&j1YRQ${p@zy1y;Z0W9E|&9n%!i==tw{=PNsfD8X9<u9Lt
z8Tz71Y^p!_3YXG@yYXR2bm80^gVfXATk|9~HYIaO%9-3WnCN8Rhd+B;$`w^m`fY9<
z8h{bBb}oQ%*qvs)7SG@Qyj3Bg#cc5bPtV^z$&zf+lwn+>w-?{veNO4E(R$8Uxd-t7
z)^G`a9<oWObqL!QOvsHDA~Mw1D6r4+a*GqSypBYs_w05ZsaKmOjbe$akQrW}J-6S6
zLg|n2j9bLeGo7|$hJFQp+p$A;*2_uc#AbZ*C(~=wvq>5j)E(y{tAQAEba;R6_*Jwo
z?A;mS;Kl^7lt-G)SE5-zJr3;w+FAd(cfYv#1H+4s3hl<}w?Q+Ld1b9*27371gP%2v
zpD5g4#8h$n3(ORt+*%f50@BpoQlwdA8YCmJ_4f)d&g^AxaKl#BvYy?MENJynI30P*
zyb-Oqtp3jO<wVm)>T$n7wY?U#gCOTfr6!>OCL%W4vPL?>83pKsRKIQbM-)?u8LD`r
zFlB#lbR{B6dY%+BIY&L*vT}RbL$JN}uL<Bh^gCfUU4t}n{p@W+%$F%~DxhIm0nA!X
zFbZL73e&Qapa6^`*Ang!9Lt#K2JdgD#X&9vr@%VIZGi}GDO{I);2&?uOj$6MIlbnX
z;B6$P;99E0!lM8;$W?c;uh_2KS9_%l!Nb&fBylpL2t{?Oi<zSAv)l$hO*F(uBhR_d
zVBJfzR~yBu_M?%(Q;AsjHj(Rthve(_KAjilC(!3zMfl-k2CwomIn(1+`&6fc86E^z
z<d5oubZIwCC|!+_zKPvy;!G0X=&-OjU*o};PygmL%zFs?Rh%$w1T#&>M^-YFIlU;K
z?tq2WzClHf(Xi!JAx)IDoQ_Er3%XE&c)OOTdUe6ho+Mm-hhoObSL-_5dP5wk^&E)R
zLuL$SQzxUwP$>~KsTv;i-joSjtH8msWj)e8`xdBcpr;#>({Z`1SG|EKqERab4%>wS
zFU0G!BAbq&yobL(Uuru)PAL@&8|X{Lr}VE)ddq~?xG3zrN>)KWAn;M6;lDz(A%rd$
zR6XSLr|)){%f^LY=DNlc4f8K0G~emfVZq9keAr@mrnVCl^ln5zto>=gQ$`*7#3<<s
z(#TFc8OpKhDRz8UBm;%`IM_=P(S2`1W>5!_+dk}=e%(FRy^VgFB{&*KOWN(5j#ZCS
z#|u&t-DC(l#~GAPz8zujmelA*j9}pliQB3b=2$w28_cJ7A+}`qvpmJ}ox1~%e>y-#
z7K()J&=jAzGLyysb=O*|eKvF3AF)%w<RHyCK&!f-PGNwfWVvwO*hC#>SQ)MD0#_lp
zyr6SrwwQPKe%0R9-VUas?xHpkLu&w2aGrEK$LHd^xU@U@lZ+4n!@{FS6e!PeA!de$
z%GmX(56#CTF_F3>$N^i3i`4f-d%uuFu`j(%gDrg?8o1l}g?dr9H&iAEg*UPhe+nw%
z_Zn(<=mTA6haS~Gx;gcC)BguVQCl--B<;(%fkZExjhLn5N*EFpTz6i=EsbQOBePC`
zal?t6BqK9S9sIEHpl1gk6%CHgX<>PTt2|>{&!qlc$H;-OvX3E|Cu3<YYl8CSuF?h@
z!h8&@hTFT~5yXG6DG^HZ`=?ddx~A}emG5I@O^TOG0t6vBZHNcEcb~y=+Da|24ko^J
zGGs?AZ}W@l=Tt^|ALq?`%sB7VFvq{yU8bSZ=jM^QnMDM{?vYm>rea7wq{i-!!6Ct6
za~yHARBMm~X?23tz)69}<Nj|7Yq_(+nMMxz<b0~S*3fzc%tw1NA}hQp1Tl0Djz{lG
zYT+eK!fw;HljI`d4lpaImL)acU|U2sr^}2E0dU1Sovh?{{W7WAE4z+nx(m*sgAX(O
zrn{Z|%8w?fIZ{S5TYO=S^;XWt52=G83BPX$&^OzKZ=pYJy%Bdn%@%0`svU}PUCxgX
zmd_=G*t+v0ft%*bI82uQC<QBK(q~kDioTO(A*maOGqdj|=IOlc<N4@X9&(Mq32K3L
zpVw(acKHfS^A_PtdWcOpN~R5F(m@b*fsoDk=CckZp6X6nqBJ~Vc$0CDB~@jJa(@Yt
z;|M;3YkcHO`>j?a9CNj{E1($h`l1X_NISHH*T(t7r(T-F#`(R)tkTb~n^}<dP~Quv
zL9c5r8+idOT@EZ08umNn7z4Hsf^J*-4N{hv7SCz~S%#KWvjoQCp#r&dO2HquvTqbm
zfTKT-_R!6x55;<YH`vi!o>>tiH^gVQb=mITA!`DeuNN9Q6lD#%7@$;w$v#Iv@!PBl
z!L58GXogtcrB{3NhTqE}3qO27bG+m&>Dq_gb@(7pnS}i%CuI&bTw!EjAYv+~UJRBS
zRmeu4!E{%CHBju6SMA^cTl*!q>@Y$DgDrwd@=iUV*wqs6XjBExEnSNT$=k$hTZ9KK
zkI>gDztGi2Z+dC^Gm+paH0t|~)_MBYKwmL|pP9MS2J4AEWkKZ7Ol>m!>0IOCmafBv
z8b+*faN&Odh(LG0E!gQtafutrL3`opA$kS1Id(!Z^gNIp0(+LAKzRZj4=E9hK#A-d
zeRymx>hT?Qij-9m40E{c%uhP@_zk9aYU=cjc#@waW(g~4doT?n5aFcvH5?Hdrl5jF
z>WPT~O_CorS1oICG6FfZcx%9SbbaI&ZVEz@5tTGYyvuut4Y7@n9NzHXKB&OiT>Bi;
z0{ojNLZ>g~^5U_K@I21rv@lnP5ZP0RL1cN#+jiZ3LVdZubmfO;Z-rSJ!lsn_^6{zY
z0Kdx2#g)w!jKWy&t)f5z2`Ae60zxkH-VH@U1MG*k7cw!uLPt_oV2gn|_%}%sJsX0U
zHK30{TmQADus2#b>agXnS4?U;=0hYG!TZS{_^h8_nqISmAX!`>2649?c$AJ|p!0&@
zGJ=ed8xzSbi}~&`?>GXzev(N<V=)vv>dFg)l@oiD(^=XgIqc#4G;1Z&OkVa5!MqW5
zVUV`d7AL9}%*SRFs55}{!|t5fD@j$AL{d9XdBLdl^Ai8TqE30NgYc@QKURFu`j=VH
z`>^g~%8pd>Ukq`4*O-#Ds%o2tZz&9+8_pMb8tY6m!N>a=@|Ym<J@%{M_o0Vp5o1)+
zLveGNuR;p}XPA4_EZ7k4`BKzMoq!&uBJ(411cc6d#hJBZVD>|)Z;C2{12JaQ?xMIr
zhzWvHT_B{iwcjiX)oLfKx%1e5B~DJNkbTct?kec*T7wy6K)@nHf>f4}_DbbPMm3xh
zK#*YFi@7nqJ1YU%Jd-flvZU*Haz}=i%iz1#K;dU|xpI=Dbi5P+)hKu}^|YpdDP&Mg
zISU5L!$Uxy)EYT)p|{sHCDaf_od%ls)t%U(74-@YQjr-oQ&4o3zqM7>4T8?bpWmt1
z8n(WLXC~4?Vj-evn&68f>X0gB^UkQPKF6=bpWowh1H;#L<vqjTIPijNsgJ{nV8cp3
zCR6A73~;H(<LXE<|A;52eMG&c=eBpkqYKgGCG@N5_B;fW^<`w?BF~739i2)wxmFMi
zN?zvIFJje@)k@NXO-ig@U^j~j+B(6CrCV=@He=xin1(X|k1Ke#(7yuC57joKwg;lE
zT0+T6%V>HOr;o%5HiN5^wfZ0^V2%VnN~9G_N{<1W&FO7JDUD@E0cgE=Y+_JDn<aFP
z&POWXg3qkJtrVfvaSr7Vh8n_BCP)I2{aSZ;2ORC?Hr4(*WK$oF??UgvNh0u6M&c5_
ziUeiKv&t7)Z}-OYG+b1KQnfCWlKK|`+uDTrSWr!%JZqv7e&z(>Ck&deO$_hI{og0u
zj$!hse67sOIONHZ^ITDl+~S_U$4)rB`6l_X7ao+}$-BzNuAGrMj<>v3Dj8Vp&vW0N
zK>454;5*T4Rf9_wF?fJ?06;|cGL0)ujB2&H`enWknTQAPS<fS7K=o&USmybBe%=93
z{zM(u`!l}F=U&8Z;7DPJk-3gG-FP{4eId6Uwg(?PX^Kxe>-k_A%twujf*fq-1#`gC
zRfet!b5qr%fiwZMMUIP8yV*!h(3x9@CE>P)B4YA!P~73T3G)N(iYz-dnLrojqj}V2
z?jgGRf`-6zNKZl}wYNZSf4y?RUK{X6@uzek*uajtfJC@ywL<FkHg9Z9HP`)s<$3kZ
zIJ*-J#IV)Ld=iQjtZf^r92J&&a3$V?YB;=?Mm&)nKE;>ePSs$mDyH3>AwzQdg*<wW
zwOt}r-HXcy$Wy;>`z`8`OKr>{l94#2d(a65W(v9LaK0nd-k`-a-oB~qP)1SGB0VR-
z?BSydv+GEZ1k~K%0uB&=2Olw|%H;C>pc*q{(JXI-4A!i9V<dSA&v0d7fPAP!JBCx2
zpJE|eA4!nDk^!y5E=^|oo?{<<1?m}@m(NS7Pp7<;b^X53yj&x9v(bt8OyDJ@&E)Fs
z_JmQLi`OQW1UZk2XIhalgY&gKCwqpp;Sq>N#d1Q-i|_FZ(4BieO{h9sjzljaODDAG
z)+}7MJg?XKmJCZ@I^`qoCVk!-<Bgzfvou;T0HE6Y{^)32<rpb_SPh3ZFZhm`F=oQ~
zOX1m;7h~9*<aOs2QYV{17GB_>reI+s+1eFSuP9S6&s5WiWU>T~;Bz?RAwRv%_OwBa
zT3aCrJ_Y?Q<%^8RQB}6c9L4)Ft<WxpDR?p{BYu8#y41sW8UlqxFF1abFqgLrkHNOu
zr^ABw2oW>I&(B;BI|0ux$Z1Axa+C3)vvKLJ0XMyv8F}*n$bPmH7nE*qZyVvShL&NQ
zRQSEwxzErhEbHY9h(`73|8V>9wvQ~`IE#8?$f)WIyV0jcE_)Z?5G=57&!6jhX_7Yi
zQUJ6LO=oyr+Kb5cGV`tX+T8IcbniTxvu>z@J&SC$;D2)#Ia8bF{d{SGh8p{folfDa
z6KLKqGMT|TpLV!EQj*WlS?8)7Mz2}7C;xhj*K8JlF!hn~MJ}M?IMX6d58Yz8eW^Ux
zDx++>Ii1c*^Fvzpp`rZn9Ek>NPNBtZAw%Q+8GY@a&Xm7Xz;Q7iV;0UUwV_PT{=4nX
z?#UF!3v<m$m-_|&PqON7T(?msXL3&0Bzu$M)mw4Y&Lv)yi%LD-{-PTpYa?WHM{o3z
ziL0}5;`XJR!kXEYTY7`S%u~-PTf+#9<SCKqU3k22L@~wDBN1<cIvdwwBzJ3LCR9Wg
zae-RNBT~Q{Sd{FEc@r~TbSDP6kZ*A{;6@BZ_DMX6k($2>ycq9hrKL=p!QTh$r(xhm
z=#-Gm$q9VFY8+b*k0=Gz3qH>pKvgAkU+8!4a&v2>R@jr4wFqQ98ZjqZo$taK_XYw$
zjqJUVtQZ%p8$*v%bw9$u#cpkLI_sZOr))X=VG8^k2k&+0(+B<fKSv%2a`E}z@qJ|#
z>eP0X2J^0?B~B9li0o*8fE2La4Qez9!zbGHPs72~me@kCpdsn<>ZjF8uFd|zi!9_u
zm|Eei>P|#N)x^Vr(dHRdbUYs;n-@`(f-gUJTU{;Vzas+ct_lOUX-WpRv8+7U|K!|n
znE>rQ)*IOmNWLC;J43uy=s5nFH>NVJ4QLDf$@G+(LZ|m_&TCp&zF>H;ukV1B@doG}
zm6Sb4yK_^b-gfhO|6Fp&_jn)?JMTh${Gr`3zU6Z3j6kQl#aYpEiHt|Q+oK3ql0!xX
zvg&tII)2#UQp-*x*(7!!QSVdxO(+@eA&^E9=JthZ-GI5>6T=artUm-|bt)oOg#<Pb
zr&<H%<=b*|!tc=fG2)_ppj*pLu8Y3nPsJ363qhk}zMw1_@VUuiYx>#e1JHvlQvu;Z
zs!OTWz{3u{=LDf2Md^c|OGH@R`Qm+BGGCd6AN9g?U0F$`Jm}3e{i!15IrgAe7#zRA
zGAeUrn+jX0R9&jBV`#t4%PVx)BUxhis8P-%xlSx)s07OTZ7j~y1r8k{D-gF1gpaZh
zSj5$+afXo+%J#;{rtfY~#uUP62T1X$@rA5Lp6z4NAPAM`wu3j>uKS<W1?XjLvLZ}s
zCG}s!)Y3~-D5*46sD1V1_R6dchaaYMNIFHdX!^(MD}fWM#=HC2i?7mnQK3Qm?rv<m
zF1t|9tz<VBcsGRhM`MrRD$O`BkZpbmxbv84Z{MI+T2AJ;oqBF(pvupU^SS9UztR6h
z*!(o+xQmG>pNKJo1_V81&wOW)vQ2Lo0}+;!4_-)y2gi(c2wfxYS><>IpP?k&Zv$Ho
z7?YJ~M9n@`*{-l~ZoIp3Jk#nwnx35$SY>OAL!Q5^0}UEy^`BFCM5<moy@n499A$Uu
zbQWx__7}QZ6S7t>r#ZVXf%{-MA@&7X>3m0EpgmF=>J7Kv#~+d~m}XF&S`XGG(MHoN
z{l11e+8D-i2QHZV1()4_oo?px9kwTdYdmkY@+_<Wvs)=QvGLEY6id!!F0`eTf-yE6
zDdsC#$xC%=PZ<K*)5+=ic<peImR+Jo|KAVe=&_t#W%e~9EGu8~)e4esAsFndk2E8(
zjyOR;T}@WX@_aTtX0^5LioH!G6JJ%^3^$}qhv#5R__msGE|*O<?DJeT{0;;9fdQ(@
zLDjvt^oAeZ=XyMH50oFzDC=b4(bqxdpg?s^OstQjerNh0d*=XbUfnp+odn4;R_*Tx
z!|@Elo5_%IEP_T;LC~IOr@zY5E_QQLnKeuG`NtdW<xjp`RMzC70(;Bj0&J7hT~#p)
zhxO7mtg@z8O^y@94^$BSI4OI+^)71$HXnm!()|F34~3I%oeEOHns%C!sn-~ELsYfd
zLQRWRl~l*R-#X*7{gF`b_zv4|yMxa4M9OCf|8$k+szKqIU|@&RQ(4A{yqbF--bluL
zlFVzA;Qd+0cyWyohN2fN7n0;}mA8}Jsu=T9SJaWPg7>K>1&2ng{bzNR-%gY9BuhYu
z67$bf^;P<#j06mgMBN1aT1<?I5%iwJ*&jXu?r)&3D4&*4ipC+g%|VlPQB<OZuXjES
zi1p>^D0|jn!%*j+Z!ML-bW?Tsvh(pSxP4ON;O#9`YO!Ye1~uCgr$hi!Cn+&L1&5Ah
z(B#?ueF5H=-{5S8iYZX0a7s+`m}Mn1Yudw%CTpj14U2HYF~RIKEA}4ZlDIGiVPKVe
z>z9$ocxJ6ma&leUK~JZdy3T+%A;rG!<;!=w!&U_NV;#=rMvt<2&3kOmIA8fYQ0OVz
z=NEh|EJ{j>wF;sVePlXIGD@=O;}Q=MqEWP8Av<H@_klK*inW<O%uoiwREWw>jUzHB
z9V*HFrYN^d8#^?k&7o7sF(yRkw<EBqC<Taht(S~c?ng)E8M7JQew1SMC$5<c_hUV8
z_$Edo)3Ya_`@|DGmx%x<iW!Zpa=kI(YV12XaeYumLOH=)b;8j`nI6^}Zw-2eglDa9
zSVBL2Hc$G?o;~Qorj#Jb-t~K1yG$EE)2Vh&FH9S_=A69|a8=DR>6C~qucOA%5W|DW
zq~6#;iRu<IK((x~u8kzl$q#k)alzTflE!C~scpTD&9W?D)F=702#SUnHu~;%gBMN_
zetqHaS3KWbp(y7`zzZ%Lt?wI#<34JvM#0L&n{3^>A`14yxXO0@B(>&sGM9FN{9)KQ
z-Qt<yw61$7z52_*AWlYe=uS^aG*Qb^nDTxe_~UyOD87<ol#p*_+Ffi#qZ>ysXJ-si
zclS3p6uTL8%F7$iAr!wN8M0XQRr$k~$uCU>#I?-}l&xTo+l|rac^?wKtVkC@&qu_n
zMd9}$#8suFrZ0F&8myE-)t|rbc<|KmPKIu0vgfF3_#YN7gT(9&ZjS3rZ&)3dnwil-
zB-Q=^0XuN7hubLDc?zpgvw<M$U-b&vcf+8~gP$*v`N=dPLQ(#l3?O7Q3O$Nx_Vwb2
z&GSpvn`5!1+!oC#E@gR+uPb>6mk16*hjt#w+p}F!Xd_s<l!`d<F?+%uW(~1A*E>AT
z1;RBIQ!VrQtM}8inlll%uTunAb%luYG8iil{Ios#E-ytq^|6U+$PGS8LA2$8xptD|
za%`8iGB!#X^Sp3@&>E~$=uhPK{I_!=*|_QqIJylDr-Y8)z$n0lj~sxnW*TwfS~+Yr
zyd^&o%My1|S<QuHE-tHJCtp{GwT+`P=r*+R1BNwuV>+S2pSTOop?!_Ges32CDdrwT
zmSP?7`9ibUBvD7qen)XHFx->mpBVx_y;V}JU;3VVYyfMr82UaQUS{<e`^D@4(<5*&
zb~~jkFI9&`>R~K(P0N?~`4s)<B<yu%nbt0`is>UpBs(_1fkUcU*0kItNSscl?xf@j
z6?_JD=a<<xml`l6Su5Uy6vg5{0>98$QYaY$r~9s7FEewL#J|O4(l6w^%)^<S!6I5&
zxoQdHzgwbq1ZJ@d-_sI8pqc!(+ibHP2Ai~q4I;7=IiR&$k|?D7`7!Wn`6EYls>Zt)
z6ex5k%p8$gI<-%zLeJ~k63i)wuyQ!+9^3ufm2iIN`Vlj-Rbwh@khT(0#Wt}dfQB@L
zeHCbsK~(-=$&cD^ud$$2ULhz{nkxx;f%<K@yoN%-E2H0<OVLJ_bOv2Bnc2F23~o#O
z%fQT&2LQ>5WU+l$OY)Q7F8d7nrefP><^jz}thoSeW{CuS_dHVEV<Z_QNPs=t+kc7%
zPCJu$CfF?qeFW(X#>kj|{Fq1iH#Z-4>G)**M(zi-Kl%57aKsZ737><0swvdmuw6O6
z+jG|k%7`!W1#%ulsd0;ROIJ?v;dAv11qZ~|_z+98Ce89b^d8qAMy^~aKTkJU9;dPt
z<q5y03<$E^GhLxRc#hA5+Jz_03>%yZs;-$)+7v@SO5So`))Z}ZPqg738>rVJA^m1)
zQgX(`92biEhJ;Ph&}cXsHpWQ)m@Y|+yXKM9G<O})s~anrL}KX~p$4%{US`_03C$Vm
z)<|wFL@psiMUu24jCZDXY8Y}yqwkW;PE!>_xM=(~B-I+y)?oNKOZ2X9vpOHxVhlyK
zZUt45!~UaNUyZ~^2iCLD@$$a?sYDxueY^UeN@%%sLX&1GGwbqZ#ACZ)9j15~-HsVv
zxx&4O%q%L8X=vc}rBiNohg=>`YWQvp>29)ba!@#ZFpjxH&l8-axx|s*QW-xkDjzp6
zzah@SWZ5NB4BF=lV-x@Vhm0(Rjbpg2e4w{_uWtvB5{FZCpf*HjX2eJ_<5W#KgWe^?
zOpSm4SO()ZNRrGwqEs!P%R)xS(IKUaqwlgl#&B2T8sk*Nnz9mk*d?KIPG4()-EW?(
zG8?cGRsVu$&kpMA?IVmDxJ`d3sIZH(%7TLl|1s;y=c7<LYHTOl{)7X)YH*D{n9yzd
zea<|A2jD1F_Ak>|<jzX)kUL+|dl*|-I1^AI*jvw8e2l$-U8?DFRu~2)b_-@v5hsCH
zVk>`v{R9x)UybVkScE5G<q07LC9&@@UeV=aJd9n3_?7Iacqxe6*3qu!mfly8wBGA7
zOu}{3J#13;fvr$Kyk~9RZH70~k6OL8GhXN*tCyFeYgsLJ=V*cmPd2H^Y8_Qv;A2;K
zT^b6y4rb<s-VdR#*Wi@(xn}~-FwZItrFU!fw~WhVHclK|so&K<6ON*JcdDc&-rOcQ
z$q%vJcxjA&HKx}hmIM9_6<$#7u$Sni*D5f$ryqzs$~=rKihk^IG1Try@1EO2+f%n@
zk6`^g;Ta3*uA%oZ{c}iEGumf4WG$|T6|D}36%E^TTq-SuhAwdCB03T|$<Xh9IB_0D
z)Uc{d+7?~(pgJv1T2bctjS7S_RFqG~BacTbaQpIeUYyFRw0sy>Q4S70nr1~L0u`x_
z{l0%sf&iN}dM4*cavhW1(|a3zpcLd1Glg#sxoLy5&B=BQ?Pig0C`-`X)<SE)fLK|{
zXmJFNM8SQ=#+tgn=y+?K{kPcZ2uhIFd`CzaD9O6gJl&MRQ7up8v)^}ZMQ8B)fm{^9
z7f6=9z^ltC0e!g>xT*DGx;5r4uCK2BO5h<H6_Q_z#1o;9xkrx@PC}V;g>R&KsqSNM
ztN>LxhZU@fWVCE=;#2#6HLnYO<6Vqw^_TGqy%nBk7vJ|kCyFBKNOzZbrc3mmR-JPg
zxabSda+-*y<(5wo0m0eRThd1Cyx!ZXM_H{7@xQQ`A1ztwRshfhoJ4=fHM!Vx+JUys
ztb{1-eGX=fT$(8p*u>Tv@5<M9!y03)2ctp98e@9`MLqWSGu2`>3bg6TG<jw(#`9a|
z87|_t%|vEYbUu+7)v5u;m6guIT`XpS5n%1}EC!jmIJM<-KXd4vUz@(S)aglrd4(<o
z*H<J<f8)HW3`vFBvCF>@W87U>gzz3j^G;!dJn06#T^WFenCqq<TxaLCTSQaUVcsb(
z%NwR(d5m@od55a&(*C_?x>}dB?1q`0ceewUNhRO+9AnJAI`@b4wQ_a(YUmDXqcvAQ
zf!%j*wi0x$jVufH9V!l%L=E?bEkq&aiJ~Y(^zZ}~Vm*&vpa)u-&StsS6sbg+2b;|(
z6&K6)v7(jkhg6Ky=CADbJjn@;ls+hur@5%BnBb?o-=ln4E}GFfbBn1K;)bd?+N!tf
ztVZbB{)&)Nlw55jy!ZzI1dk2a;!IFObnq?DqB}rF7nQ)cz$;0@{mWAKvG4D2Sh|=w
zw!$63kk;Xp4BqzfV+n#a7FRcq^dOfR>YYF4T965-S!96q-81_<8w+AVoK^*;br?6)
zAde%-Izu)Q9Px)DWB?Q22`=8IK&4V@{|j<0>JUU&pSgG1b9f#AH)Ai)Av;q*OecY>
z15<+6wPd~K1)c5?f|Hh$;c^yY*nC1>wh;v}O!v~omW*+$E?^Lf{DV7h#3owza94@E
ziRYnCY`eMNK{hRNW0|La`%G>H)p%J4qrlO`NuJ%Tpjv!|SUysD9hzYC2TFX-Dbcr<
zOGvmZLbtVXV#c3xzDdxLF8<{D_ur8x!FGt?*QJY|;kNI!b+efn7v`Td%u37JD)zpD
zQu53h3x076B(>|%_m`m0RPFS_6k)%fZ=t{%b=Swg4;0Fic1bDb*1HGBTtKPjCIHO^
zCgP|}dDGeH^}hU)D>RH@Hnxg<_;y)19~fx!!Y-XI25mg{;iqQgv7lj`xtgNkyZ3v|
zpj^bf9A4u(e~u=FtV*dD2ucQdj12+489?**4UB~2jehoTZV;m6J_YiZ3MS%Waj8MX
z21KGScWQ<vc<8dTHNhCMjAL}TK_qGl#=ZSid&MOb;0LXO64}pP=~kCYi5;jy-=052
zdI%3mHX-90uhrtX@F%*iYb@s7Yf1_<@#Hr6-R4H7#JrVpci*N0>ok-K{w}8*Lh}sy
z7M2*%FH0W7Gw<aO)VSI;{{=GT-+L-&V9k!ollOY#5cD0)^q`$2fn)*>-Sv|fMSOlJ
zK_}>RQT(=wmS_7SX={6iF+w?0m*&%&g5c9~#M=&T7ysgQ%8f~=3$wy{b_~S@jZTb~
z2!RrQ>JY+6ADMNk*txW<pBU%MXBnhwKiIfz?<)T$>5(RTD1@28s#N{>{@B)ybt8#!
z7Ub5+mnjju>)_zgFqPCL>EasM8UNRM_L;=DmeAyHb(oly=<5*=T}H|4L=e%c#HGJ!
z+Lr1^Itz8PyF4r-+pH2*WXVud^bfloYrmZ!HR=C^Mr^vO<~9H9nh!JGj~X)XZR^Z|
zG|!=eWwXkoYetnZ^+GAE(VX|HAC4f;cb3f3WWANz*Qc+p*K++qxLKUOOv}W5Mev2@
zWJb=9ag1vpW0}Eef{WZjSf^s&p%`P}SK%IYagpYq?eWkB<K*`fYCagu_-zqnf;8u<
z55Ks$2}Ehir5d*#q_GJBT#gFt3IWl_VSX#>K_T*x*8ldW5z)THqGm^GB2|EcQ$_;p
z!JU*lF6R1f+XpXE%%KMmOTil~^(=&Blo1zK4Qq;Z0OkP9E#PJ5yZX7z!y(c|ZP{lU
zqUs$Hf>nVuDDoDQ6-LKOI@NvTj(U3^^?ez4qt?~VYC3`$I5wlmRShS6<|Y+H*%041
zsjA}q1;}_7!jqax;lbuTbtj2}g$)VD$G+SgYfR(4(uz_L#0K>{gb?={Z~ce}X;D!L
z5LD+dF7x6q|0(4K3F`qKeRBoakEgusDZX7=m<1bduk7qf*BD+R!u4lFbA0>46r7%l
zCBIS@6<EqAzEKW_Dm8~YlKx6I5@~5jE;()nI))DW)~;w)vL{R~Z8V+l-w#7A-mEh5
zpAfi=-1n`wq~R@G_By4YTi-k)>GrZC67<EG9vw93p{|N7P`Ga`9zxS}!T8~BKnlUb
z(+tv?nAVBg;4P#c((~`uvS6GjmJre|M8bZk9b1aN>SiF`ix>4jz4b>Vl2c6F-rWFD
zd2+%h3(-ZLFAx_qiwKKe3Z<u$A@S>y%V=fwxi};|)VFu&h`|_?u1y*j#zX5j8ek~w
z6biSIr)#d;!m4jAexg}TqCm*;E6iX<f*iV%Y`My>z&lP9YY+T>Ek!of%~Y%gTPosW
zo!sYsdrfKi;nhHdZLXC>l!ScODLC8G*`c#A89&Z6tSdho?c5DAWh0tr6IexTs;(Cf
zLzlZU`+<!u($bL#`SJEexXpELTGGVqwV?0kJd3Jx_ju%e-GJh;OW6&319ugpNcLFY
zG~=rVQAk$xtL;pQ$n#{@MFBRP4NN;5AGfdbuo5bcw+F3uUNUa0=Ulw{m)b1<2bf$l
z5{m_gkp4aGu(opz%t6HW@udT|PlP|5TGLl*W^r~INkT%E?I24pg0n1xlbghdSJRjm
zkZ8khzu>2i<sM$qbzHeQ-q;9ATY0B3@kf=@Nb<no3aocm6E)C9>D8jZ6TG=jeXVMY
z%HYeeRD9~c5od98s2vvYk6v(B?5qpqHps9?z$^Na^t&iN)>L>C-}8W>x8F=kZ($${
zfDb@6`}osIJ9MDRE!u<&3bsqi?C{zRGVErMu<o|GX_bAHB%>K7@>o~WH-@--ks4n7
zT0ceerY6?N5a+-&SO}<}TH^Vb)I)BbpX8Z8Dj_@fn00HRm@QN>pzE7=WSgGNOVZY<
z`X#Puuqe9+LlLBG+x7JpBl7hO=V96{pWXNi3<NLpo`XwNT&bY-0bSOD0tN+nPSJ_l
z*!;q9NFkoZR29~&`}^t5pUwvZmOBi6ELuVWf0Z6w)%}!U__IY3!FHu+LYk%J1=i~%
zJHqf&_XpgF7*qBif}C^FD|i5b-eZxReL&iM&EX2iG^t~&C732<re*A0k#hotn*x=}
z9x)i&2PoRz*4Ve#w~*ph-5r?<)|>(B=!z50B(SfNL+J2ITm=4W_)a)yPK}rfxJ%Xd
z&pP57DFYsK!t)#fN!Nxn3uO0zopi`HosM+PE@d~U>RW%@c7FHI$Y6EBmR{m;EK@uw
za8(byoAq-Ti<Wn61`wv{@Um(XU=)9J?=>OYwi!>WZjtz|-_Qm{N3M5dc;8Zn@<20_
z(h78}`nfRb)Dlcop1XPcEE&b3>qtEzCir<?CNe3ZA(w0-0b?OWiW5tvaIVF`d|ZZz
zD(HcPSUt$>fcfSQktgKkcNPqDD?yMtPB~5cnB`6{Z$p#f+H9%Q%-{2h$~{7>oX<+T
zA-0$2y!#i3$Z87FaNbsVIfxD<hT<|YG0SfDF?wU$j)X*V)U^#R*)7af^%l}2E7;Jn
ziX&eJB;pB8(~q|f2xyY#5Z-{Y^Fc-jzeTf@2<<Zn8t{e`>qq#(E|mmu`HyT|Fn1U?
zNhdE7`(5Fw5X+xGshXYiFNpn`CvPW&A&*%Ft}+pQWHQRIap4h+cg}<(=q1W4uHY)6
zhf0bD&1+_)ABL1354gFTkJaw68EE;XV$hibmU$L)NoeQURF)n{In1~p{JNH`g;|15
z59Kh>h+_b}<-$sdPOyAm!uF<-Xk5;%CH*CIe5$ORYcbVRN$<sJYo@|$B{)Q?^nC+3
zN6BdO1Yz~(VqTk@M#xEC3dvy+f|wzKAi-D>UPgN}c}BWbm#39^GMi9Yg~*?0W_BNC
z2h_R-l@y}XWS_?D5^U;k0;)aB{JJ(&V9wG5O3uFnw2F~FO0M9C!eH!djqr?CE;x2c
z>6v7AisO@OAgIzSoiGjaJBABJiL`Vm9-Rz{9l;QgAz^wz@vujKu$HTJhIVUud$)3X
zlpaH3;Nq+kth`p?W{dAyu8vYl@NPy>9lnir&1|lgH)GiWn*tY#kP>5Zzmj|2qPVV_
z!HVn?$@paVjO1sGHIP*{g;oTGy%)u_R?edIZfpAPc6X_DnaSDQH8g!5W{Q!1gH?B-
z=73h_tiF-=lqY|Fih#HK(_-)M6(DciA1y$fH(dYymwc&?Ep0?q^dt|*<$SATP^`SS
z8Q3JY6la|LVP=@1v7*aZ5ty|>uYqAKYuVjhsSZ+~@%xr?Il?w>-af-y6T+1{%ZG0N
zlUBZ;*qjk;3_;Lyu8aH%waq_7-($oBLt<BZd814^Qr!0aXzS10uSm5-n`NI3!`B|P
zZ|3vT&3(=>HkNxIDRj}2f$rsFFK)BY69Z|(cm-S9ET177p|7;8L*e5E<i`B`o8Gce
zd8;IeIq>r*hsSxQ+W1Hjpf!0S{yeoAXf=FCye(;P_js0?qFOe72Mt3|%BV7lubYZl
zH@X)>v!`r)RB0_OL%zJu!2o?L0+l=9pQ4&?hSlc70r*Z_TX!<ox$1#<{RT@)<>`77
zyAYLIPzmmky9+<X-d8JbUEr!VgEc|UG2Y*u3e~<tZ&vNrHQJSi(M?U+IhD#P$4Gzg
zyn=m?YLIxjXC1*7u4HD9g%STz#|UZ6XiwO!ZV<G0Q~8R<J11241Rxp{7JM|$+shHg
zEO=Fmr$@}M9~VY)x}kJS_#(DVTB#DrngHtaYg#;EZ2wB;+Y>hiIOjW*^#!8|Se?GX
zc90yi*2LQ&%U|09d_aKC<VMAALQgJ4w@t-j(%x;_)NO98`&?_(22WI5#z&#D>s)M*
zr1Ipnxj%A+&B0Q4mItv^B)?Cyu<YkF8air!HdqY#76(95qfx&uVB+jP7B9IMJwqz9
zj>24qJ_}oDi6#G%Ow0PxlEHZEE0J3oU0n~i=&lCUsgE{9dYdijPdG*+a3pq9rcj-8
zui~_&Pda!xeNqoZqa%8FeIcsYhCgMK%|=Vv-nYDg1P4QaRzDjqN`mgH9O82)L9Nwq
z%Z-`v?niU7nF>&_CkWz@!G#CC%>238gfyB%D!Hm#Z<T7k$+xT$x^>PSu4uGDRa2aD
zO~^z0XX1k~d|KAS(@Nvc?=-ioG9Ut<*r~rGv{c|r_k!`!nccR8iJ*$G2#Va~s_1p@
zECMoKR@)Q83wX?9epYU`7TT3&-(*1ZKxp_dNd$Y5if9)aOH_2khX~)i%&hJEo)fhZ
z(%7Gg)rIjQQk-aT1vh&o&*cjX9kuu^>RrE$pmK|Yh0U4o9fw2f!7+_0$;e(lck$|_
z$Ul$8H5M{<mmXCh5k*oqn~3!>AsU66tb{GVkRf^aJ0pWR&05ZZTAJa5qWT72%N5j9
z1CGXGrzvVSgyLKh<p{{};{`T$C6<w}3+RLZ99-&F?*s)@iF!o@hq<cRcv$#r2M#xy
zB-C^WN=b8Qc}!pL*=2lFuKQ=IIb&^>65bypXVL=F5F<Q8m_sKW7F%iCH@mO!SXhhp
zjBNg6C#0m}5v(wN??kO%bUMbELp@DNp~X5f2bJ~O`axE5A{xdufyNq4VzHx1_VHXc
zYCg}~zCcWhCu3$mBQ#4W9?s42S}=_DdRDt&@F9h&><t^}1=(xa$fn;HciQ}>))x0m
zUV7*PON~8|Ja5V|4=_2&;~!LpeKS%&<tkn|$SZlcn33$;eT$O_4kzPhgbL&5VZ9}F
zej1I3#1XzXSw~bak>t)-8Rk+Lu@;_7Zx4yu!3TR@EO+4H_MejKmKGBb3*-n9-0H}j
zf2kyfw2zNMZAqcBF4FB3B&~Aes&;Q&|7@OhFwV{6==<^_N|)=|gwIp~+cg<$@nWWS
zM`~Y&|I9=$ZVTo#uDS}u6d&cc57)p8YJ7?+H+gDzOnA%*a8JTbq=m~Lqe}luG5iDb
zWB1SfuYQ3_EZ7@AuhlpywN3BHjEoxJV7fbGRKgD?DQ;bH&9zT9k1fSXooh`;;5dGH
zN6l*v@?QM@J9A?~7Bq+;;!zW2x+xwS7Msr&f5_q4=ts2p+P3TrA5~<asvmxh&npGB
z!yA=^Vs5$W(OJ`5Ju4T%v&>;ScOF~7K=eu^jRqMKkkJam45po6@XHc!z`=x4M?|7r
z^QeSiMJ2Wrrl?NzteVlJUT4WWa?eB0b>WjTabGZ&<p#!!ydSMho(T=dK?PC0fOr&&
zH+^q*qZEDLEalFR$p1GFozMHCEzQ1_r;XF|)q~7+nT3KeXRykLty#2$4xgfURz#S@
z`y31m7r{W&0z=Nl9p`DsE%E>&G!H2?uy8&VuMT@kG-a%Ji%0kgyYnP}Ko&ABE&J;7
z`{-xY_l;TWB$@k6Bf>zV5jU+Tt09SR6UY2;NWwksT(b;#6_%~22YvQsyv`F3LbW6A
z9E+Qk`3c4{{ol?fdb1UgNcRz81e2U&&SV{F>C8&E$rTs|rXWzuE0SCXmuz9D+B)UC
zudv#9U`&llGGc3Uu~^{?G<QX3Tk^)$5tAlY>%RY~E9xMbnDD$ml=|)Jaf0_8ciUWb
zOMYo{CGyntE&6S$qtCnAc_Zs~V@;3^vqxvOK1xf?7*5|MClFbi_pqb@a}zNB+hwIi
z6I_mUn*Ce2zOdNVB7+c>qoT~w(>b1=gh7{I=f$QGmaEvk&jAwaJ=CQC($j{`9nAil
zDLp?rVd=y#wd0^)+xgPLW`gWdpMWanFl$L?>v#}?dvIP&P=f=Q?U!-b?<e>DtvP>q
zPNw&M-iSA=v-Mhiiu_q66@iafGyMJRRQql1WA~;F-oTP0f53;z{o5ZXg^!z_913qj
zoMzf4pB_(JiI;-CR=BPv3LHm+x{O;Vi!{?V#={}0d&n8%r<*pU;<wywV(hnta<16Z
zJkJrH8ZA2x2q=E2AI9SBGjw7PT8k#4O8ACRZI6)q9+!nx-ko1)t!v|*omCXQ)x*W+
zI_qK{c&%JRx3)r%pzh~<?+SQ5V`j0>*2YUbefk|PTHH=G&363m5Hbn8Fn6#T_%zYw
zJLyJyPz~m>#RYsQ5PGAJJvR2Jio(~V>>ORI*NZ%>X(!3e6-LR^?%9;o(X2&+2uyaJ
z`Q!blV|8g<4ZxSaZ4|$R$Al*d{R0korNbl=kFJ}@?=jQIw+AaTn8@Niqz+{#fhGL(
z#}-dve0*B8!ZkEJ`o$1TWm!t}^Ru}IX57QsNzI+Gqxk70OXLlh5lNk)oMz8d_<`qN
zi{nYvxxUMNb{$Ct<S2f+3R?v+_@0cOIP%8CDaeQB?YGX>MqE0(G8J-9Xl!TMm5*2m
zzK^uaRFKHo(DRk#Yvr?P%A`lNtFl;2M6Q`dg_OmO*M&vsx?<5Crk`%UNo>pYFZrbt
zv?_E3cyfIj!)++TvD9-#(|D8z7&3Zn@F5ua8-qS?!tHyzDakKop#yK6wbN&bWEiNt
zImn|o$0OHdVEzvIeEX$V@?Uo+*$l8~u#o($3F}&&&F)*-M`V&CUH(?*+ws>ge|m7M
z>%R(m`CNF;?+nafDM`n~1aP(o9q39HF3CA&O?Rg<;%dHv!h2B+rk}r~Fkx?s?JuQ-
z)UFUyn1SIPn)3;tGB3OT#&FH#M1{n#<^0T&kuAdXw+_4TW`uW3ByifMvx^T}W=6Jf
zs&-iSOQQF<^9?uqbv;SGaHX_^om@F<2Tm-w@;XOZ%IWx~=Z79WMimC%14dUk9)Y6X
z)D>g8S=k&(55zbeKv+AHFx)61bCpebkAZ+jh6~<n9j(J6!{@wzj`C$4t-jYLX*lTM
zy+WU_ES+>K&o>qJCKj3>SYLyd^b}SFSB>o6yFw_V#(aa|efxSn#z2l%bLF-ub*8%j
zIQ+mq!1a0uR#LyITUuH_u~94^QPEk2dLG{<zp8Qa-PA-qM8YwMjK>IgPSy;@;&s{)
z8H2CoZ6^c(zTfBg*8V|eGmy;^is_<YAj6#rGDhqEAidU*tuGh$<71d~cIJebrGg1B
z8ny9Dve@t57&A_wZZ_b>vK|Nkc=HmY<@5ImUJvvWFrWF8ywV3fvigw(pYY~d2&>bH
zf5r)HJR*}vQb4KO^2<jACaZEQ!l@>bTf)mV49J0`X8#TgOO21vlTXM{v1{Oo?!a=o
zf#9(_<n)6PNHcHIx#MtV!_wb|OUAk%FQPf1iH@+IOsa&FSxQFIvXLzih8K_2&aaxM
znFln4HmSO?kK;8+*jpKSzM@}>c#~`~X0qQQptUY<{b=bij;F||nv@?a7&)a`jCFic
z=E2}=+}l3j^J_8^wxPw)HRvn5J)?Zd6%3qE>*>%sqw0AFU`K{7^L(%0BMGoT^>s-C
z{bB3?(S-Ez8$nrrZl33JD{Z*M7ZF~$M-&@oQU|zO>Ie+vF=)voqNXS0p`Vx`;$QOu
zC^wR!gD2&+%3_mtlv|S2`v^3+fIYu!M=8{JQm24bTyKEZcR>#(_3~5stD!NARkcBD
zmHc6yBe63@<D$fJA6z6=)8ZUyhB_$?$JIHH+xkQKUJ>iufqMFLvB+k+;P;*_jkWl%
zurMjjSaPA^?`)>N>--SrX#~wa)KfG!9L=lvm^3zRrs=d{e8ayrx*yxqeR8+=U$6?d
zi+V9@R+XCc)9=N`NivBZ`|shs%!<m!X(vjVyqX*FXM-Dgll?mw;k!n7&Jorr!78Uu
zTm5aKiWnO;0<jX~(|C}QSCGDiO}0L;L=LUS4@wKoGo6_b*d(7`?pBtk*or|c!6;(!
zEwy0TCE&2;uLue*t2Le8+Hj$>jv3M}%{dn<tiy&xb#<JG?bFuJTm}RMgY+B;Q)VD)
z1z`o^!T|bVpJ|^c+zhJjcfp|z4F}(v$+B&fA*;x+Hv2ko(gtm}esh*z&N04x>Fsj$
zSc%=R!f}~5=1ga!xSV#v&~z<p5zR{M-O9?tq*Jl}=6jK+ZOu}lHm2qZ+;jbza&him
z!(h@|%?GvJ+20weuJ5zdR5U#1gXeKf+F4Mp6GQ5OG~_zzcHB9J4h0su^QRBg|L0Bh
zY9j$BWDY;!+LJL%0+9FC{bIfvMb}+1fL!&#$`U~fK^eJ#T6wlwoQR78hP{dU6#tR^
z6^-+z22H9)1T;poRSKiQIo|o=^=MIjlhmL<pGsCZOoyednhDfFz0{{Gu9uh1#Vn^F
zo6)Yp@L(rVv4^XMqA*Y?XfflgcMbP5_Uv+td9eu0kZbHYM5}`J{3<2|-ds;>+F})h
zb@|TFs^2mQH3Cm~BK8<td{J^MWJl-x&)t0O^h}I7bVRyI0V2!z)5H*t463x~Xjy0=
z$QzwUs+*Mc*W3>h1OiiP%W7jOx+tOz5q0w0ePV1KeV)0<Ynw^JUKEzpR=HB&qVeK3
z5;b4AI^jZ{hyf7-{rm$Sbfe4rN#2!Tx!)*hKxY;z^vK=z=m~bGA1m#+I0dH!=;RFA
z78wN$^rCg?C;X0H;+`n5)z}#=88;D2?hiE1H>rR^UXQ##gZfu$87RI@uku2~_g%rm
zQ__s%xD50j_v!qEe5<gx7oG1V&O}45dL?q~jrV!#N&}pM{EpJ$tkZeL^HfY+`_}j{
zNm@~Kzb95AK!9UoSur}}sST=c7;*)!JN2PH+)1U1i$w=%SFt-hQI3rG)?PM^2)7cv
z6`Pj6@X+w8<Msap+XW>0M^y=IUs1RcyglfMz8aRQzu@2`I<*8nfmH-h&*W)?B>Ngl
zKu9mfXbEbQ1p@;E@iA+J{)EpPH4No_S88VaOd8r-A`K|C2D9>bpNWkf(k<!uwDn21
zuJoi>lXIrqR?08d8CizI<46QDbO2@DX~vZTweKqvUcM2~yP&QNAGDl(z+)_`l8H0z
zDa6hsZj*MMZLP7P!!2k!=?d#Q`xTop8vCSR8tRa6MBka?EN>Oy28G;^3G)4{^);mV
z8ir!dys(2g(9}Rhf(3WWe_vLFbjBBu4DU09qGkdevlf%(!^zJHv3!Lm#)JzXHcH;+
zjtjCP<h4344{-{swyviRE#@<$(-QX8Td{?{$G%b`tC!jDMn;am(o@)V-J6W^tUBx4
zA7N|DvG4}|eAX%E#iAfrzxX!ryzuER&_0`5AEN}^*|%%vsmF{vCLqp?7ky4+U|k?1
zOUDjskThpZNJA?|XGQm$7EJOmHDde&i0CdZ0eV_8{QG5GBmnoY|FTtKYiA6M|38h8
z98LWYn$869%>;a84fcGR>Tg_UOcNn5NK(QRnU#+gFJ)6slV(i@gzMVU-EZ3DSS6?F
zm>gLKWvLN<+C_98OrV%DRg?GVv|d8P*83+Ouxu!LwZY6HM>#$JxG`OH9)WcyV?DYp
znN3g7>Z8}5)TQ=DxT=EB8&3Ym_i`K0A~U69zPg2rTAeLAneak58bw?vdI}fAypc^P
zLmijPDs5XJiq$X-jzdA#L&d3feM{gsaoJlRPyQ0c-d}TQhbCq~2^Rt^`pga*<;?cO
zpiaU|2&*y|h-#1zIblJD>n2%!m5DzSiWDui8KFi=g_zrEekC&a-}7dZn~x0eU$1YF
zY76%5O5HnpZ4SR|V&m!D6e!zbb-ZS=L>oo7NS!+BF~2cZKrzd-ZWPWv81jo$S%ZsW
z!6x@p55K;9ZpYNa2^Xt@K}LL#U%Q+}NV3zAljBA{rv-h&&bxsvqsHcYB-8U>YDy6h
z3h`mS6rnV7Zv?IZ?hO$fyBtptox(Ix0&q4W{eUsfvZ}vj53WCYAX?4q%8lL&e2n`3
zp$*pDMdLIX1b^*7o&gJF$uP}s40GX$E4%^f1`j=sspki<5};lo%P`)tyiLhN1Y<f0
zX_N}l+G)4+ayKNPGioHATyJs81z!tc8LrcoeIR<K6}!+Af(2He<P{}|_NGO)PrB?-
zO4&1$2d1Ggw8o$fupRhq+D76RV3~z<qrFUk>U@oKXVurJ+mIBIK@MpgKFSjn;%>dI
zw-$32Wu8f~#8FR5pz_a{th9bU_`4eSFj`^Ag0_4{2a-x6U;q?{J5U4EkyH{P;bRU5
zwmE@3V8jq*Wrj$r9wajI&sl;n9j$<LS+W9z<%cv_=7NCcwK_5^MHtwv32i_|t~1Qk
z78{4M3nx_+X3o3}jyqW^8PtmS<;XEWA(&%lxdJlRCjIHscvZtEY*KYfXCmr4PRj_K
z49LtFPU4!k8iyoTfx#CCi9^O!Vcf5c;rUT_Ej*N6k9pD*dWWsoi;8OUek4Eonbo_;
zDeB=;h}*S)t1yhBQOYgoq>84ww?_(ijbiFxOPqtZ=8<Q4EdcffGR7pJS{Obr6gdAZ
zn9po!niU<YXCZNf_`*GxiMhe+5<NSy6BR==vzg6+$#+3!9RQZu7WQsqd3?{v`~o2*
zt{;HNu2uiyi}VR(PL@-zwn7)$qZb`=&}fC6Mg+UmF&TV@*Jb#-T^KWdnupbHZ*Oh>
zHB}YazO*GRXU7<}eql~exN=s~>|=LI3QV~J-_cYPuf4u&k~^J#@qD+=N^fwe(1r0$
z<~WfOF3tykC0PyO#$J2`!Lp~FM1@g34Gb*?uopY+(ha$Rv2aDeQ3M2Z=f{ppYss^2
zA_wDov7M#yIxquSL@9y)(-1Xo8-qu*h7vJjoP&?x0_*X@)QTS&$yQ$OTG0%6l>@M4
z?^=!EUvZ|XcEOYiWo~41baG{3Z3<;>WN%_>3NbY|Fd#4>Z(?c+JUj|7RC#b^ATLj1
zYEyJ=3NKC|F)%O+FGgu{b95j%I5-L~Ol59obZ8(nF*h(EARr(hAPO%=X>4?5av(28
zY+-a|L}g=dWMv9IJ_>Vma%Ev{3V7P>TiJ3ON3wnASM=jdIE1c!iEvDWHhMe~C7G19
zh8`fQMdFGiBmlJK`}Ox^Wi`6G(ZCoa?WY?e3yE5CIhmDN)oe-YL?tR|ovftRM5szR
zLxiq$^hB7-sz^kr9EL&I$_rlwEDDn5dJt)fS5+|n0EDiBC4Szdc_3UBJc;t5lFHDs
zfUiyjqGY9nNPUn`l0ZQLnKTHd(pC_+V4;)=5D;8tOmx&2D&vwGQB)>q5*Afug&{7H
zw1>i=TxE?<eW8M0hJ=gCDQ$^Tm9sWcrgBl}15mE=(l}Pq>i`R#6qR>LQ*X(7!ox=x
zYm<>cB|ta~1OO5I0{WwXEm0}_VtKHlidwq^2aTcu&d$avItfCe$5W5ARgCBf0&Imy
zlc2g#X%?Um8ht?#WhGE2c!YBiqkv2V84o-uBBFvwGL{xY6__I>>4Nn{&^mmTQY%<5
zJdGPo9rRsV4XdRm(h(F&h4dZEbXpdifIA$`ip~>4&{zqTz#=3hF-tltWys^?E2W~X
z9D+y!ewZW@W-y<e0}6g3*Fgsh2g0#ZIV}#z?NWIdL4g7aEeBMv$*G{C#tMow70Kle
zE3`lyQD{pI?^l+f)C!?b+!6OM#KJ3}VmPp5rZ(VZ$-7VwTr{n48eBB3a1mTIt)LBn
z03!;}S%O4I3w{zSi~w4e>@@;5Sa@F=8RdZ`Hy8!WEm>|fBHobY#(=9K%MslQ6s@pP
zBd}=&LKGCO@USpNGa?@I$Z|{u7qT3z%)yU89@H=Y_}WzU{j00_>YzTk{<uotpU$qn
z9Mliyi%-qsJ?($-q5gOMbN%qWOkWP_<K}c#z1K!g40f{DZXzvhLOn6C6?<m_L@@7u
z_2Z9KeNxpw&0o%|`cd_duhX+;BI7@+fBowKKetx`R!uAd%PTp-RtH`a!0WZ12&;Ff
z;O|fc8zGaDUYtaH8c(>eN+SMkICy}M{f$qGX6T|338WL^XNL~qE_IL-$^tI9iJ-t2
zdSWB%B*P9Mlqi*WRK1t9FGY1+)o<Ru!}>|UcO*NQ7OSi4i;EBK<iq*ZDlt98j-oV@
zRvjWiQrgU4bjqsvi%3bAzn~gWnx!w`SHD=yPfr?HQq?aW9ai<r=KHEjqTW+x=QXp{
zhlBUt`w2xG(mhe=0gV<ZVgj_^BVUF|1d(dU|Ns7-zd&8VDV|~zDH59!pWLI77j&k1
z<Tfqw*C8MfC<t7p#g2a-1wc@R6&n+ID5;Db=GUKNV#ihK{zdeKJVFIm?EIHXvU4zi
zDEjU3M>f}On|dToHv9!x8>g^z-xjAhsK~9CanPdTK@ig}YEsQwDBxT`ivkZ|oI=`#
zzcsB=C_#B9`IwThov6e?(-8opIC&BrX-?*xIAj`UOe)1JA<Il{w4&1@wK(Bo9qV3N
z!~M*!93{R+%84u}6%=W?9?y7iZy+5qHYg^F*LA$oxJKDQL_337iKc905;CccDE0J<
z!xzm~6!}a?9R@TGC&VSqF<9NUJf|Gh!K`T>y-k~Wrk16YEe;VA*Y+3<)O-wxydWtS
zf~8>ej`p%o@e+at%`=TmXrTwEU!P(GQ9~zQ<pD8IV%E$ei$O@>sIST8Sq#riEzY~5
zTbx=K)c{?lxxYk?N13%1R6a^tTSM_t%*oiKeq=SY+`}HrYm50jCwtGPI7)Om$|f<L
z+ElWVoT9}=2PkvPTb>h2o9%Kg6%_4^aJeGrgidOCb(wF=ex^BhW}b;Zw>+medZ*c&
z`Ebip%GP+b*3FxgnM9zBf;5dQ811qkV6C$hXCAx4=6TxDKG*B2;1uncC@E)VPTZf?
zX9?O)V#Y5?;CZRd5nFaqjxJ$fntDsPcr3dy<?oVa_my*cZdDyP?4~jtvb)n9O@}_Z
zcBkY(jw?sW7^b*QvMEtnPVEekr1_E3vP-Gh5J&7p1d5|FAn3+MsX+TYiatvIX=SG2
zFqJkFIVG<7a2r!9DSL3so6y4qO;%Z#lDJMmoZOsvmZQws0G-gIaml1$E#~m5+#gyQ
z-bwNRuPixYhQ_^3yR^kYb^UAysC1-}6uKd%0&(+}`EW}*nO;jpMz=j$=fbDb108RY
zw{Q}7Ivsi(l~tZacR!VGUx_QlB1KO0d7L@Y+RR%~@LR))c|9w&QY2u@E?oP`Sp@`4
zb3d~zN13s~u97_(cYX@0Voru5^;_vu&{Gd(%FwPY=JOnly-O{fI+!j;$snduOP2!`
z(w3ms$CNQrOQ)1bPt+zV(>}JRmzMU1LZ9bopMoT{c}_VhJ=s`ryG_e{xMeA2YfN10
z=IPwzDFL{^o8A-6=Pll%pjDcuP1;g{@TS$Y@eSdP?Hkez=E<uwf01e((2K1Enup)$
zLzYj!Hc0YlVL#K{Un0e$%+V-aP%4r)%khju>ZbrVEhfo3d1W!5=d_-(Yq}g|wY_C<
zB+bqyYGxiYGc%5v?J;}I%+O|!nVFfHdCbfVV;VCvGc((_-*a|1?u|XW-}mQsbY!bk
zDy1qbRoS78N1{uUXDAl?8{i%GlqPSVRHl@Ts)2EgzJ0PIF?83cL=!*gL@QTkd2)<a
zTj!J$SivxgW;N!ZOQBB=OB5j^s9QwDF+MkRerDOd9r@63LLni)N!aaneHt1nDJdx9
z?;m-xQqRh_*BAKmbo#+xRqh!<7(b(|YIhRf`*C0qSkV@l_G16~ur+ah?j=sS6R>r?
z%r6xvSW|-4F!!czj)mwk{j1)RQJ*9X>6FVoc?L~(vJ}2O>#I;en|)5Tp^Pcx;5N5%
zcn6`P7}3d&=TdND*><@?pRk+HJsaU}&t=p)<^DG2FPuY#=G>6c=i7_dr>Sru_`t3}
z$j9sRk*nQkZDPwBUx|@3Q@ayZF<I<|Y+yDQ+eFw!3Byj!%I)}plk+AQ{g^j`r|13a
zXw8>Yh|OJEu<m`WZvKr5x1F8(`bB-@;a#ux&nx5k!T~B|z4!Zp(Vd%kq4Kp|rhGbU
zHV>g{`waGAL&m{w!(XX}1svm#>lD%rmrKZJk`F&W3Iu+aK3IJGwmqGCIMU>=U^=bv
z(DSY8>Ce4Wcqq_YsJIiKo9|iho&Q>+KLjT~7x=;F^>)5-Ru}|<1gaeuw+t^NGMi|}
zv;2Y-o)ah@8qf+0fs6(ddp7V|df#{_^?@G8SCI>zVhnOu|JmfD+EcwXZ+GVEcVhf;
z^SWE030gDvGV~62ad5zHm`aWkaL-mTH)ZE{U+~G-qc?B<;O_l7ymWU62lA!x0ZFV6
zc382Zstl}S<ztOGzJk*yAPJq9%a}n2$5W!z4EVUI`gGyf=g1Y%s|;sv_~=iZYdMJO
z^@C1*sDDAMPi?q*xHW3$(|>b%c<b!0uBj0a4xD=l$a?qu$j0YCJneG0x=ZbOzrBa-
z(6VuDnh>^|em@Y__jspvZ$<oU0#97i%AI(v)_N=5z@@15{vp{irbqKRag#|^v&ro9
z$9iB2dYj6af`cD{_3&!o3Kr$uWsEY$Q~1S(DlPCCzi$zkCi!p0u!4{KC!b+O5Z78Q
zMv%?6pp(Q~>YqbV;$`%>Y;!M63Uu(qr*h$8rr4a%BsoqJYnByv*7Q$Wyq|%UFII9s
zK}DV_DtVeQaqbZz7<^ye2Df@chkbLyU+&InvWqE5;CqyGK>5mZdf8^*RTIxdf_oUx
zqgEeoW~-V(kK6r=fu$#3H_ncCw=TX6ef}=j^(<Yxx|kSX1PRi7o!Hbcv%c77@pYDS
zuVvY6Y@o`4tEP0$!y~+_Cri&;E0^GRFJnomT)BDpu93uks#((|)CBn2sr}uBhsRH@
zEd{2MR2z9gZGGAZC0UyAOYE%FN4i0Mrs`B1jzds+!&El4Q$}gVjdM=Yy_<!T_ixg?
z_?&O=ZT@<t6ZIZ7&dsf}&9%j|`F`!wF7wSzbP3K;RuXiX6My1LV9Dw!S5!48gs37D
zFSr{;Ho#^@5{b>JOiPJ{xWHkcUs*%!?+8MEVwmC(e5ZQ^gIH?=X^#*f*j=5oEtkIk
zGv3ZRQ}?vS^W@~CDM_Kr6EX6BU5Zb(5tFD@?8U=AIjebdS2<h4yN#j8ZZvP0%;M=D
z9yy+t+e%OMwLXpW&>`sW`s;Ng;4v3mb@(<)#%>?@zb15oU90n0DEo&Ya>+PlmwN5Z
zabc?S%K_`E-@}e|ozBnt3j7lO>}LIW;SY~T3+L|rmTif-XU3O6Ds<qgiZFzy9ahSe
z?bg-vyyF;z_+m+|kG1PeqkF;RZNIXGV#^s+q2z(=+0gSmVf7LMWn1PC7YwB|DiYj#
zsV_<2gWcMqmZ`pvSjB0i)Sjb8!7RKHu9n%-=C5{d`G;9$!=>_XHlWE}a&=nzVo%tU
zO3P-Gk+X3%%-RED!9x7=yb;Z{VBrwbK(rzn;MyIUOx-m54+F<rv|<85r=-_Fx_CXC
zy6GW^e_qaZuyc`r(Bs8jjQj0rA9^E_QCA`rIa4cIM^aCADuW{C?ar#54}beDpc*bg
zU!eb$szHHz{6fY_{<gyXzT5J3Uq{a!<C(3?#piuTLWEC!XsktcWt;Yz9}bIPD3^9q
z=LhpUoFVi3qd{$Yn{lMb$X*t^EhYIa0pYMlqTotGnFe6~rK1Z{XU5D-^X~Z0d?fds
zIrEdY!j@4SZl(Sw<u@&}{xaG9RCeK@F0tR;)JJT1F?t?bT^O6VWJ4LP(bO~z)ahjE
z(l%^{_1X1J(wk$nCt82HlX0|24@oFk6Qm=w!<5QR3mZ=F%>=$xVMg3xbn*G({p1Pd
z?9$GKO^h#k0-zac?WD|XQb^lkCF|2{HfcSvFMP}&IC74zkaciHxV%;Fz4h3BV`zzx
z`WhgWoL}8y*tdx~SrokgqW#2s^qJtX8|7dPG@YtZ$7<bYa5OEuB?*EPT@VP=;%(IB
z9++s?!rFOTcs-w8S#qJz*iy83ZHepDaUB=8<NlD0wsqES_o!GqI@IVAh_lno=5Uv=
zb8eCB0cBddQQ~zE4_LzN+Rsq;l*2z-Ae3QcV(X{-(&fEj<#qo}$i(tT#<kO>U}Mqe
zFuCdc?v~)uhw5?j-Ywejiue2j^W43ONOa8=&;hzCpPbQpi@ipZGN6-e=);5%)H;bc
z83jK|8v}a9v#m???4oUg(RA{A*)mH-$2eY91)QY$E{wo!@ZP@G_?H<kkw%lF^AwrO
zUos#Yw!<x5?>+X^lxI5{=O|e{7SxVsdxChk=>(L>qc@ZAdSwLDjSZ!Mce@D>tDiQb
zZhMK~TI(VLaRz++cTRuRXJzeAUNUjl&!6C5_YTdf#=QE@gg?!WPIG+k(|lEqh$vic
z61t+;%Tv$Si8sF2bb9<ntal8=AM}OyS`@qYOXc5gTE?NN2iFVwMN(OSzXn$T?xSe+
z7H{-wY8t1k^`W_gna&VDyI{^+Hbt58$ztq0?ewsMaN2O9YQn1)FQ*<qkw;pC__yAZ
z&_Z<-Dk59E&#8D7LE4!}oJ}oDPCZL*`6S+_;EZ44<X!=;CVr*BUVUI9F9dJxZbYMs
zU3Y;qu$*5<_jNc*)n-oBhOKN>RL^v1xj_9WL>Q6i+JV2+3EA}v`G<jX<9~=<aI$dx
z_hJ{{xj6q<?1JU{clQ5o?7~}fyqsbfbv?J{m<XlZYraqz0XtCr5B46>v=Js4Ngu%E
z{UwIyV`S1PM+>2Jsw+7?9#s>=+p4jt%6ir9%w~><vph;+BMm**^jmqR<yw)e*RCt?
z=jbx+V%hN`#Ln}Qj3*6O5l$wnUExLM?6M1q*Qo@gRMMD)N^Jo<pHmR#Y8bCg{Zq6U
z1ake%UwUI`+zox!Q;FzWGlO4vABZ6y1G_OpqK|TlF)rkZYFv!LH$rZJ5oO+XcfpZA
z2vG%Zf0UjnB8Fz6eFBEc0qV7_yK6!HRe2D`zo^hn=`RVIup@_cfT{M7l!9uj(UYj3
zIcD6Xe!F4+_|C$z$c&5r(?mS5;F-Tr_;=7fK=Cw9(;VDUE?17$L@1E87qd`!rL7Yi
zaZDf%1(9?DMDK^FLDWp%Y|Icq(Og&}kQRdiL>*&vn$anFg$q+b4F{1{!<z+nUZ71l
zkcU{HP<R8jY1)7xFJ{Jo0bG1WD7!M?yo$9fGq?gJXeexcl-5vpp}PlgjE`LgEn!*V
zT;8%UO6yF2sqBa#pRLT6xTsrtXleziQO3!K;ErsbIr?LGQDZIADTWvm4W*IWja;LW
zw;UdGDP|~Y2=M~N_?INspvJm?3`k2fHvmw7fziaAoo4E7XwV{`7c^~<t6R_`@F3*r
zEswO@K?-{9G^A3{qL(k3+u?V(TlJKVC3xD^>GOK>u-D`J@_D8{y-|1e`S5zf<Tk%|
zlPl=^_PX};w8`5IByykrc=^5!FMaL0E;HY)r7|(5YE;*cK>}iRuA+$?4V9{Onhx3~
z0h0w4;tjEjhjCfozaGb11iSHSd%pO3qS@|idcML(h&<>;Tu}+!<H2`fmnADuYjU35
zFZqZQ$gJ3rTlqls|7Q7dr?7jo9}mP};J_NNh!-&wW(#DTkd?$<v#Prvj{QnU;Jei^
zccKK(M8H4%BK;KVKM%u_?0l7)(HIOnO2FbKc4)>J2`g<*OR~^W*!?Kdc}DKVVk4pq
zmL-CFMK47*JpxH5HQk?q78^sSDftmUZR@+pxQ|O-3RBf0vQrUu?y0x$r-3GJ;DM>@
zC_V`l8t6tMK%7zxRbPQYq7G3*JhhjU`&OlUPe5^HyGdcCodc*(?btu=u4xvevY8J`
zJ_BUT)JK&-Z@)Ms@3VTpc8@J|j3@7$mZ;T?>+CxGOc@tDNjl;wP|zV+eYT0$_aL=c
z2zLYZjC4bF3D*#fH)CZVjl@UMmhfWRt)R-uW#iJ9&V^y>h3;==qUy*X=71@P3897U
zw?tFX60i7HWEP<EP3(<T-MNib$Fj3xzbytZ;ikT)+us|>yFYYg=RBAz=W|VhN~UM2
zw;z-?(T#m05;;ShTHdDo8sfX%752hRZFFlN7n;qNb>Yb=tZ{n`PHG-d3o9aw;t&vr
z6_icfxe03$pg0kkg~BF00+Am~e9lL6spAlEt%brWER9n1U09m(2a9k)0~XbfQ3#gt
zLxYuby+F680CcJ!nsEJx=lEItwHj!`%k-H~$;6w05!n98Iy)nQoi50o?Pb240Q<uz
z>zIkYx)pbJbHa(k8GOE1+iUA3SO;Nl-2FPt!M~Y-?w*+34OW~Thuvs{1XnGyRGXUw
zn@z-KH~9296=cPx0coy|*O%BA`=eP|6QkTbZBwfM3_I)a;r6m?H5-p|AAY8lN<I&c
zi=>zHU}!2_w0P9B!GZ9`-_DhP)V~Rn468l`I`j!%>kWEgqqBJ-g-o6Qh~FOy2CDlG
z#0lP-bWa|h;d^f!?H<7|K<ku<*q`$*;bi|d_{Vg+T?O*X;$0{g6e2y^-Mq9qN9M;o
z+ef9o!)1K@HN>$_T(4U_{>`H;e=Zgxs3D!4!11ZG322&ht9ouu=;4?ddBU-MmaoJ9
zah)mcOnmjWD;NM#q|P1VQ###D(4%b|`;@apD!mr{s{Z6UX--1B;GvyCXc&2g;22=t
z^*g(k-ag_D7(USd?u?F|z9VK|Y+i4<*%{sD7aHE)6DxS@flRF3eGRY4#Z`|Vm-5|7
z3yhlH-q(*U<V+m3X8fLBWlfzcGS6V2E4pD_a%9t?7G*T<@G*Fcl4tx|hP%d5TQx-|
zTYd?52jzk=DD}yK!hp$wWBJciwUX$>y;;Qsm-Qi>->I6y`<t1D3|>hY3*~-Ew`@FR
zB3eor7Ny$w-JLyAQkHPWlyS)`LPi#nrb6eOJzn-3r(7$8W7`DrikX3NreLkNm?P(>
zwY9QAW)@al$85Jh0eF5pz5y%Fk2_MT!6-M@-QQk>2EI_gxez>X|4fXBzA%)?-<&$R
zwkKKdM~tFI@j&p}NS8#vIMrIDj;1?BjPmhlGy=VL<a~9VC#`9mEr;iP^gfd)7P4b9
zgUy`Nm=Hc^IPoyP*4lQ>F(Gy&NX>E8pz*@}*46bI+4WNYOVn|42j<1DJ@BPnYU=M|
zXETGmm#=*Mz)J3sw?fR@7pUsq_}G73%{l*jt2uB}g6)4T=N#PMIsUuLd6SNI&3@}I
zpDq2FSVHj4gJKPG&;g-1VxhQRn1oKqKcGY79w<|n`+qeDKA(QmO7Wv<CwZ7raWYp7
z$lO%K4wV=D;OLjzP~6aI<?gijW;eMWrNjlpwfBIyZPvH$2iMr8*$IlFB^rHW){ltj
zWxjprTqNHjgn?_<=b7LX=}%~<rFrT(x2i;9`6?;7O;uh$d8^!MAsNk{07HQ9C8_Xg
zW*wy?VPCM*9r7m><vCnPJdRZoCh(9d05f}!%GYr_J{Kmho|Iy9nj}^j+#Q1<+VEjQ
z)Px3NtuRr`^G>)9Go>-Y5!n@9ONLizB+NvK($Dmsb3Gt(mMr10w-8mEq+H0@uUkA=
zNg@b49{LeeSP``?UNw(O(usy<Ks%}*g|3YLmbjM>Y9<?cS{}x5P{O_F7yeHJMcnCk
z3oEeL!Fw$xTAl<L%S#FHfE}|DWu)!mq)$+$@<awe8n-JSm)0t)izF$4y=VsCgAnZZ
zSUk@=z!XlC0R6py>vn6?0hHD8rx}J+E7vT71^ZQ0(yZWS<SjiPHI@ZC>vy>nisBGN
zaxqk?*gh$mk8jDTlDG`GX5j8Qq+ytq#K0ozvw#`+pE-krBeU_#tP$wNGb3qH^=i`Y
z6yGNt0*fW1DrG=C5a^);J8-Jf$jG(1RzbdD@bL#2asu!Rf7We6tOAIzMT=&fgv1NQ
zaib;73{6BsKB;2aGwN7_#X?w6G#I085ynvBCD?K>gfetb$wx?|&60C8OC%?3_^V8f
zqwlspKA*NeuJy0BK9wwJrVGAeuY8`NwR-O6dP<jG=kRK-UZ$2_)gR&BhlxIGFMcoO
zn2-<T*uLz=KG@lD1xd1)SXW?wM>TFXLYj{At}&X|KnRLXgItwIVE8SLupN%Q9Kix@
zbXnOCTam|UgbDCuagDfO8FHKgSG&ko?J!>mLImmXdpmln$=$rP|77rPS6D#)dcI?t
zKXdK==4-xIE_ws@mk`DJ5+ako&up9~grOFr1Vmd^-!EPMJ=?8;D#r-knte$d%%*W|
zM~xt5=iZiY1KBN?l%O4yD0%5gbH+ZzR%Ul>Jivxm@{EYC(YE#t|KtOo0DIM2=^A0t
zB}5I(T*HG`^o(e@_VQa1v}pJ<!5_gA<cGP79^X3!!K1B@BW(|FPgiZNEuT9kyN7|N
zSAt;Eb#!dT>rAk5NJC{19h9Sh_oMrps_xH}gYEO!PqFsSuj|h$JeRe51^&+BnBwJZ
zgOI%^iXh1jZ&VUiT|vo&g7op#HzHs6sx9+!_pdvJEwY_lIWKr;@SVB=@a<}G;`l|v
z7|b?H!}sB(T;G@H+XPEmCMH2&*{?Sl?_q9TY_*>EG}*rb@>1H`eW_8SR!2^Yh{WZ;
zEmJ@aWku%0cR52+X5^a16NJ-YTjQM4dIJr@pwTw<<`i-TB9eb)aw}R(c@`PcZ~G7Y
zlo8=e&X`_c7bf?k<;5#05s}apHV+MennX=ZI}C`WwSfFBGMk(*LSrdQ(MWTKuJQN0
z=+bEH?5$@}{nf5GbWp2n?|xdBy`Zl$5Kiu7R7|?i@_q%1J~6kK{C*`IzcWSDQBF!q
zbq1Y&h7v=&oRb@JAx&xJJsN4r0Z{TY(=6a_RkWBROC{S#)&ne+I1+zp>bNE&Nk7!w
zgm`$CwkpzqxHPFkDX-6eVq*D}MpI&HHJ!?gK{-aJB<rKds*EwwRO8w(gII&WAzAZo
z*kSWaL-3|wkqj>ZiakvJ4^4*X>Ik}4M08Q=d~I8qxAICY!qucHw$gG@ftJkJQHiWf
zzD6#9BQ-?{9p_X>qR1)rQ6voypfAJGly8v;rG*x3Ch1fMp7=aw@$A8z`e>gjCXi77
zRpMwrG%c}aVw~7CQMz5qIcGKb+hSq`*QgOgyCQ!^tvvX*R#{!am{b{e%8lT|6%!ND
ztis9gtKm(OF#lYFIfl}t34R|6coi6qo<(_yhQs7?CCr=xoZ}xAYRiHRhUPdM)gj5-
z^G3nh5_G*A9s#<_gezD9)lw}RmigZj-~yp&7GGA05YgDx)(0;%uTWvt2!}sS$TZ`(
zlftLDubkm0(d{gdc`)GFKI})9&lCiupJ58MayE2+3|UjbAwcCVj2bbb#{w1>`EXEC
z6d;7u5CbF&jVXW?N}iOw#uqe|W&K6khI*g=ew11}s_oZCs!l=_WKC1E!mNq>En)Gq
zHKo@aka@j-LMA$0JM-kk!?-po=?Pg&B#~5pSx%BrT9lj{@#IZjCbgeUqm$))&2!ir
zsVL}~PS|h)<lqOx)uDAAk5(jT6PFT*N=spp?80&nR^KoJM)D7Lof|z!!HWR_gr)cp
zvF#~|D%G6INk!+uY7Na}(3ypiobBt1mC6L;qgR5TZQb1+Lt#`8Sxsf5DE;R&@C=4<
z=z7Ojv(%tB5e45OuYskN$3~w$=+)JJrS4P5EulGxMC|7Ddp_Vs6mr|xW+bFFJ|6uw
zQC$n#H=$-mxz?Zx%umw*3;qs+224YkDm=NY&TAnVlfI~Hwx+a@pFc8NLX26w5RAYz
zQz=?tVj~@l-x`C$P+G%CXSD*C)IMFT=*EGQRL*hNF#!-E9zMx_*bhtE#@3jHHlv&L
zeE5d<40akT(VC%YNd}+v-I~^2x>U-*c8GKcBabgk7K-MFq+dMddF%|>g%YaDe$gt9
zTpLyJpR75t$#f&F#>*l>x%>hcHEM$ci7(g?`o)5JbU-N@**8;#SJ6=cZ2CV-Q4k%t
zl@kgq9a7q*?0Z~PAKsD5J1}6;`kJ#I4vok~Vi`Kt!dGoQf+t((#pR<S)@3CUlhFt>
zitW=QKNAy07PoX{?;F@|l3{Y#f+PrZ^PR*0`oO0sJ^vwB>c{kF%LY6hc5aNF8{>Uk
zrKg;)CQ)Wd&mgENobp=H<WKEO0ir#5M+IIr4cR>#n;K|^711pL;%W*Vw379e4MXs(
zPervN@?#YeE5V3K*gx%;_I-3qCYV%6C4<tbf}8%hY<Ai-rs)DWhy2LDfl>{Q@gmyf
zuqB?kze3qdP&RyPgA$u4<q{>l)RR@1DU4}EEa49?WVg+D7K_|XD|v6aIWN0R9<3u@
zD`2A0R;L-y9idw+Ld!K+mfazbAij&r!=_ToX)a}%BMgTyDa+`Gm+FfWeze8RMM<K*
zc3UJTvH3ME?vp9D8HKP)EjB9O?n*ZtKnW-N<Av|yeO(2w*i{VEo!mZ}R6tshrI4V1
zXa9Zdrn?tqu-a*nkwwC|G1i|m2VhgRKSpXgi9jT8ZHg4dnA2>aTu?hvfo2gYnF+g>
z!GQ{hp36m#qJzEJk%m#iEkcwZlKrKWu2lF#II=%fzN%<2M{rq&1pl5JSv(kW#dJ-F
z*@0F57eI*|Vj&sD&cYKmiCTS?yQq?1R)Es3UPO{^s1D`hy-1J)wFhcaS)y*_HW*Wa
zW&%56GN~An3qz|f?nl}je$I_UyD~>N$(3{7H0c2sT#kd3f>m-!4XdD@K5TxMVP%+s
z&`S!n6#S%nZIXLPxC4zmdw+498GqF;pS5ro%L!TK8JO@5C<@}@+Bos-C&A=bu2tD`
z3JI?wn=E|9zfwC3DgrWFv`>cehYqa0wU;%AXeD0WPdurLs{~7T5p9DGi^a_pS;OhI
z42Fw4!pU!CPio)>S=em^9G%<iwqd=Cb>LGC`z;h+jRm{SeyKXw!>!jFM{2{Z2y@?B
z?y*;rsh2TFp@grr{96whA|*IS&rtv91nq+Epk%jAmGq(Vgxm10MnPb$%csO+rM8-i
zBV{$yYEbZA*>KST6Z;w4e{LL^4R2SXH0@1JzMbgCcOJ}k_-CVET#x+<+Gt9+pCFu~
zkM*|W^rMpeR+~*i=e`spFA%1EH_;|EidW2l7I&AQZ5Yt$dV7Pd<M!0H!qR%sw44H#
zrVo87k&evQd<R2qj>L;`i1pB+R@vdc9=bl<&4t%%T!3ILNkR?U+zj0AZZIBV`T56g
zsnNLLe3FW1al?`i3Tw;T)&*gb<tJuy;$a%~S#u&Kv<{|gSUUBx)sR?QHVshB@O#j(
z@m40mz+U0cWhJ3Ps1^c$1s>PVo0r2353lm{DM%mQ4u>%B-->+K)aRGY3`8J4)$FY9
z`KgRl#-E0YhC2Mj=!;9PLb;K_FUf~fLwbkDBsD9Bs~m#<3h28YC~i#2%OJY>ZX!z<
zx8?eK8(nb>>&Mk`R9C+UF8r+VVu^k2y0NJ06F<9>`}x<lz_D<@6n`8VG`UkB?)kiF
z$m(dQfUmP<c;AsY80g)A#(rnsNUhKB71eG|ob3Lc^mh<&E)#wYez)nr(j?GFkTwi$
z38+h7PUdOjK&@jc?#pYiqor5?)zOzOA24R#$X{t91atkHs*DVdqCdIXo%HN*_A*r3
zvZQ~zHmndnh5os^Vd&<*CpIm(a7$5a;@><<>$!#BszGPt$f3w6?+yv+eIs%yW!T6v
zR_$Jjdtj>!zd59aNAW;Xsu%%*){E-gKg@-_AAha4f22<7IomHZRrtshzKcSuEgeIP
zJEE%U6B$G!&pkVb&$)*czP|@oG2LN6n^s1}&#kO=18UKLB3`tlPtH1D<b`Nfo?Jt9
zHw1qjT(T&ko<UA##t-kSWFjR&6*~k;EE}9qQ)ZnZLQzz*orRxf96v7aGW90v@vtAo
zPx3K~P1xQ^&T*1eIU2r&MhmQ()L>b@T$W)C)dc%o<iq}(gbUB{_YhS!3h}%KV7yw%
z)@z$;_wU_qn5(t)oB$#GAdM_#SrjJXZHfA2ImAQbcOp`^!4WP};$ou)8VQBAJlby~
zdczPOjo(*Uc{8V*a6z@$z4(_adhHzGLMUHO`NjB1kYKePgE>Q!XO$q36KxlP80F0O
zs7c-QDfNjPF8?Qv!zD_amo6mPKCST>#_}vxKumL*Rt)Qe$Mj}og<x0L=lji7Jr7uU
zg#?pHj8tl`dI#}p!Se!7uG)OT*?wRm`l3!G4M^N`H=4U(F@k<dh1a(pd9UJbhw7+6
z&D6Q;32~fXuv+|U&lKqycjy6oWbDeLJLzM10YW+R<-O2ftGEvsoDTe`TTolY@%U0r
z6C8VY>=>alNkZEtWs#+(DG9N{N{`Qck*Ks#-6kSy8&Y$e6!GuVio@Y*jn<NtGgIRg
zqj4erLB}*0NIX2M`qZ*m$S9^AWdq@z6OiF6<o6BH7S7=4i3}IdRW&R704tepdsw{p
z&N`>5anXxNn?wb`nM$dwe})$iw@YH@goA`_pI-X%lH6Vk=yO)Iv(ii0gt>0XKJ{iR
z#25z*qHM9ny!hi2$kg1i45${kiCp_WnpLHmdcTyRm9(%PmL@iYnvY%kIBuhR$&Soy
zUE_~0E<&;)xrkrwN}D2M@x!G-;w}|8+?tEmnYXZ-fhibbViP~XrPz)r9<`pxt5F7-
zk_Ly_ymafxlbs9J;fx9a^!4k?oDV~Dk7s?ltIA9)II>BQjq9w-mZX-6MtwiNE8hvf
zC*Mu|l)OGSK~PB)g&KQJwqQ|*i(HYVmAg7b{>Vw-!0A@~9d$GvJR~XlC_)2&umMTw
zeqc!;Kt)G&8*f{W&6i}r_tKR%BGKEf5{O20+V5Dem9Jq<+h!yebc7Ectf5Vy)Gm3*
zn|aax=#$Rr>9w+VN;mLw`{Is&I0N&@@O%)&8&GBz<)$;dacO7c;@n`18GF`Bg#VcM
zM2tzK&&9XRf9#fD9RKU8X1Up!_1wFsxn?JpBc?Td3*%&u)*X)kxqRO=LBQ?g5$2(8
zuPxw~R-%JU=$1#kW>`@d<0(S2y|D9{C(B@8?@4{VgO;g_ILi_y7VcFBvJ1h(b#1Mj
zxu<Yofc6q2rZH@mZr2b4FVf@u;LsU9HZ&|&gXk@r=Gbfi>HrA}10J#vxuP|d`;>wc
z4h2XpZM@i43`&p;euLcDBXvrpJUz4sbz?6}D^tFyjqu?1o|loG*YwpG>e>!tVfh()
zsUqyAGObTbJ$GqeD1Ov>_>{3{c{m(X@gi4Bqz-<^UVXTfb|me~xi;J#n(;L8oP8Yb
zkwm}qgTJY^;ei$zk$gW$I51h?FA)mO3#n_)pOFl8Nr%3{wB_<NAJiTkpPf09b2E$G
zz~((2;!mx!4>BUQsGp1grndxZH7rX5=qhtsm$)v`@Pb#439zZ(2R4Bsu@x^o!5u}0
z7Tj_6qXFp?v^mt=`U7}N<IaKp87|z5tS&lC(9u*MM+4h*q<;;(|DrLv*WP&@+bpgu
zjWe>voV}<x?$f0v$;W!lBrIF-olJ@4^^h9Pm=NzIz-WYBdmsdbU)$<TiAAMMByb-e
z|9MCN$+@Q@P2oj07wh$ddBR7vy|h)q2LI(H#C;v|oz7CC57b;dn*U@fLJNP1O+Zmy
ztQ8dXIjitKlC-dO8%ta<`b-lw=odd-0C+(^tB>EWE|d9Gmie0D)lf9X@GzNoWpLtO
zu)f2XdyCfaD)>v|?)CiDTvoFL!w(77D|Dp0B&ZcZ@TBXwYrU^5C<5nD-a0*EkoG=0
zQxV%zzJx>@tvSQPZt{b=iT*({q$y<}n=$^xOS#mi?pADyPT{yHAFVleo*c(L-?d9W
zFi;<vqctdW(CXZ5%;o(ws$KUyHtC{dJ%5!Tt+(pAs8fBodzsgSX|Ut`XeBqg8M8H6
zjf8g~i`2~eeMj}786Q7HKRFM{RehwZ-l~J^hRvY{n=1C~eC1p~y(Jq?6){FoEk4u2
z{!u(>2e#Wz(vf<Dxb^Vx)fK0$H}w?YxOO4j;z_U->GHAd#o@t!(uw6@+XL0;nXe<G
zu1jLR)qOR|mHPqy$Pi<*#$wRT)MaM$B+|CL*=H~zyJX+}eM30$Y&w4~%1&&!EW~Y~
zLwAituUmq^m}}1~p68E`*dgnq-vR5xYx}7lEgtql`mmRbRxqkrNWBf;A9~jcRp?-h
zx@^)rM5~R|F$$}VzRVi=Gx@U@UKKX-j5=#PWZ|_J2M=V^?%YkB*7Z)cX5)p)HIc1k
zATlMC0o@<3&y0QTkLdF4McD>?>e+I+{)YpZwlK69qbc2z42qg=X`YU~5|U(IOB$#=
zGyL!6c-odmj7MX*-`$y*X|Busr!T`lc-lJY=@D2uT-QoO|Jr_H<_+u|PJ!~sAAB~$
zWq*ug*e)=cwxv}WajDyWUij@OnE<;qUKX*u!q``8x!em|KU?flkE__wa#b0p>d=)*
zssXu=vur`6E&G#qu$al2EhxcVdxCZRZUs>iO0@-fFN}JC2e;N{mnB$;9fB#*V8a)}
zP$`1!`B_vD3M7u`_C-&ti?P(+OwW!2tMb3%^m|v>2?HMc%g;(?;VZmha((OId8-e0
z(=G#Bfnv^Q!3DptpVpW!75e`<F1`$25D;)23`KH6Q4`gttqhrj41OuH$2NNBObJcY
zAPibq9?0x5JjsWt_~=KxrHDLjMY?5?=@C1?^}}Hru0=fBA<u$-sVznx&SDiFp7;7v
za#bTZa4x-6iC1==W4fj0y8X*M7-aK3mTHG@%v5JjGGLceV@R&{b?GU1b<~c4jrHaC
z-T?_CGCbfVd+(qx>jP|u>peIhV`KMve>f=>x<z37wbs(0|7$Py_<hx`<O;Xyd^K6O
zqrSt<`o;U`0JQrdwHrD2qN??LtU}kliLS<_38BM?$m`5v;+U+^86B90SXCX^IENUD
zvvxlA_#oe3RDW#URPhXyvsLnRICrm?2eRpVLwmc?nL+NVX{}2~YFqp|gJ{F3gx7bG
zD&`gFj%_QCs3>nOk2rJMi8#AA`g?re%p0x&{YRBUM|A+$9D%Ca>v?aSeT8yqogMqA
z&ell3s!H`FT&V{U=6XjvH3oJfx0N5MKfIUgX|y5JRT|{1-dCj`eu1uBpSu2sm_8TF
z{~KK(?Cb=vbD*YSQn7HdHU<7FI~!S=8an|gQ6O5t33yJ{P{mY(*ww-bKnwt45gZ&$
z&4}#{jjasLO=*}E9qde;jZGb>?M=*pVhk*d?97ZToHR@_rtYqG4knJ&G;sgcWMOA3
z281IJQ;YGiG6ReMGP5zWuyU|+urV-mP%$%80p;ZEO#Uko6$e9mds7o2w!zTa(G-qJ
zQAJ#XQNr2U+Q`t>7KnMERsmQz5(B^gwuhcr&D6mW*flX5Be2{s2RADx2Lmf3=l`@5
zC=a|hSqm3aVxUnROk$=+7KXMo#8&o(P5?(!Lt>ZzaXBX=D<ccdKPU=QTN67YOE@6h
zg7yEhHv$A^{2Qae1w?Den%bHJM~{t#^WWPd#Q!x!BRhfLuAdnt<mnwQ)|C2@B1W)?
zT1mB8sZ5$T9|4LUodzXnV%k@KZKpg%DTHxxZ*HUODjP8Y)DVK44u+YK1iv6mF+t}L
z6@o?uOzL|mOhghf89)h>r=mPcpb1Yhg;)jkwJU@$f-DIJOqjF`MoyyiqWU5Kb23xa
zeAtWLK&+dw9h*Z__iKK}H`(&DE9r}I;heq(ltfbK33ub{R>^#}<_c>Q-#hMCX>x<r
z*5g|qq;V^0h^Q65799k?p9ume;}9dn?V5J@)bmu;V5ndwHR@p1OwB`v2G;GY0&Ft2
z_uF?35u#`=-JXf#$d%PNa$@(1<M;gz7r~%sl#KLj=K)EXCym>6J9=+d%sFLyOSNW4
zRdMsuZ0&jwc#le}WCNuoxmuwk=nmf>yyO8EPLHrS6<sd>amus&Z;wht$<z#vNy^s5
z)Qwo18Ca&8g;f`hN!h}~^j|a_lRB|B3o#op3y`a1XXgauGXGQUTIrvQ%<TRV`p1v{
zITRz-=Hp~z5ffoy7U5)J6J}-SU=imQ5f<m-6lURKm*AG*W)&d*uSI}8{g0W#&J3Jf
z|N8vbGle2U+nPWfBgA}-Z8*m9Cj6WJt`%z=kL!_-BR+4q!lgOy<}V|v7y@W{$i^}Z
ztefRqFtA^!(vWDxw6w(spb@L?%NV<$7!XF}<g`Iru%P8)k>%3X<U+N=0e2srUg;0H
z>3iI7`c`I(8RSw4?=2KkT4;&n*%Q86yU8g<M!Yi!01GKCEA5#@)aC$m8@yGmegu_i
z`GP7EYw!y|>9pFnYA^yoB7h+1)c|qTo&BPKNjKC5v?^PXN=3XQtfWRCxqZ51hBgSV
zSEBI@z|&+q9cVVA)UP)kdN_UG!0GSP*a2V&0yjXp5XeX|fk7y&%A*J(GjLR<%Mi?0
z^8L{Yxep)!&;@DtaW*ahkYQQ^2>@2pDX^{qx`4Ck6d1`q+eX{Qw;<16y+(mX@qTXu
z!Bv=5{(kUnVqCq&E3_DYQ2_5WCJb^Q8NhSq5H>cz7$7-)i9!fXH62s1LCFUzpHCo~
zNydjbnMWYmA^sg{vLIW+G3eVi{wn$^{SJAW$iUXCT>srR81CnyISf;P1^auIc0X=w
zkPCE`yc>>=aHeF3up5SssJ2jtJoUN|8S?28%mXB*4XRw|Ni5eCZ51Uz9maVVi9viW
zcRn^pH1Q}Erpdr{x_#QIUF#gO(WlWu1jiZK21HI!m2yiGPpm_z3_?=^Ph^gjrcG@+
z30gUb+-!yZ@%#>!h#E)ZDB&-o_O!&zB&rgIX+$$JVyrZ6d1c<{bVHDe@k)#f7^1HX
zZQHrfUV);Z=#RQotLawi`O)YEBc`SNY;j(3AWM}!qDx*c8QpUw*ahbTf@Da~R;)1W
zY~MtxE|nk9G981ebZ$ztijVuE10)1jZ5qjf&^@`sDEEE`1NDT?P(Qwsh(vT*V|uQR
zOqUe`d5(=u0BBg6M+dx&h%{V!AOWpKwdw;DS`SteFZ7WC64A}5HcY_IF2xh`;hOGz
z8Yci9un(a~1vbKS>L=vL`3Hawm<RCKyiv#O5X>X&RqRzH5r%WvMp3{kEb9UKs$ru|
z5bHfc1|$0Gi*!f>U@SUIG29910zV@~Ug~@BpNahL^f-D(ro5AaJkwIJF$;EE><2@U
z^3u*AHPJ*<6+L&z3#e6M5>;(I(T;G+4w}bXs0_G{+&Cj923)L<cBNn=CYr}TXj()-
zE0xZpP1%ca{vi+#WRU;G(R(RCFJ6|3*f<NRiw9ms<5I(?=%IX0F?1O^(+)%Pm|*mD
zt5Ymomx|tz+N0WUR+lL`VWj_o8nIEa40NWvWq#M2SDt<~p*qhE#6>hSKcgpBCqzTM
zyydRy+X`59P@w99Y2h+tY8R%xrpWFjqo;O|#&4%V)GoeIa{4`lisyP*!EifJLUnIA
z?AcmedCMR4TGGq#)GjrV0X~bAK*hS~S}@QcLzm8=(+LRwC`9Tro+(5Ho?(P*TXcd4
z8X=WfgJKIgaq#z5Ynl+n7Mgdu6>on$h_{cik+YGa|7R^;w8_ZTw@XmZ88?p+EZ8Ui
z55T(At!EH)uP{3!--~WPi#<$qheWrK8#cc19#Z_&H$uqa=^xeaNISpm!J;E&eKN1f
zflmaIBKKde6|ern(ErOG(}p*LEDPjlx>a$%At=!RF1j@IopQ(B9yGcWSY_oO=enhB
z3F5GajmDGFqv}Mc&btwd-y-gWtIm%u)TKhV&HDv9QiFO5PmlYOaK`*`lL^?D@d;L>
zx}0te-+xVfopA*4nePAF!Q2W)od4xvo`AU^)>Fb&aP|+CbT6U{l2u3%iXUu_tme~=
zveMNUjcScF{fDRwkrPH!TXN5Sq@z^87awR9F`Lu_BB93ZN09ViegiISQ7dqaM5n3(
zG7TL_o?gpZs7lB)A*!-~hdg*|5IkY7W6-WVWNWYw0}zA&5@rO4S`2IOwLYZUZ|7iz
z23*VFj{y^TUG9^<^W1c<?v|rXcLI4^o*?)TufIck4ecTDA%}Z`qn8Cy+G}AC6&2WE
z04D1XeDSoxln5j0fTi|f*kkB`FZCfRLLc>FCf;Wy@W1}X{Ogx#fcf1X{;&VqHc}ci
z{5E4NG-jW7Erc4#Z?uK;c)a-auzd+xVJKQZzOV~F^spi!6*&4psl<E1-*zNqq&TRf
zVLv3qSV<F5<D<e%#K`{x3wal&ccB$B4l}+ntVo=kfz$$3Dsn_iJS(P1Tt%9ndGxv=
zT*|6}M@oqzfi~VGj9io)hjbK0D&z;NSOQ4`!vBTEDM8DW@IUqL#z{T$lleX@{fPT+
zlTg=^QOx^uCOrZ3CP50Rt03-ZLx;*InIZd<Bhl;D^)(41oJ-cBT-0!bT=2cBnOR^m
zZQpYoPAcQatXKkN0(*Q>IJq3T1*z0GXaCvuIQw6VY1gHLjYxvo)7P{zmw0!5o!$2&
z83N2g;bIx$XygJQbd(?cpce(O!j`k?<syW^w*%G|<kM!eZIZ7-%HSK&t^pT887P&I
z8SqX44+c$Asb~ah2lbjeVVup2AQzPuLa9=M?+K4<Anb_8kQt!XV5jfUey<-Sd5pdg
z(`!r3AlZs7Qn}xYt_u5VW_~ZZq}>;S&$@u|JggE5`Rc7fACFl<gLJvsAWZu&HKN>a
zG!^>UcDUeYK^0PdERVmM<rF&*u6)4cSzNcbxddbz1bhH$tjuL!okEfDpi}#Tq;g+M
z*xN5~kr%leLbVX5S(a=Af%o(`@38|85N~xq*u;|t%GF2T3VC=O<2*=^D9|FOeP;l=
z4jyR$OCJcmoiDZZg2{`8!%X?HiW)4N6QS1I`MdYBz-YEc+j|x2M{+<T^+;Gi>0#Cb
zoqa99<1>4yku3*nU)cW!@(-4q-nP5{QLq_<D5dwwm!yGLzB^J5R>m&CIuKZA4l|>K
zJ=^^Nk4GdB=bX{Lefk};6n?QAo9*|P|KnUQWCwh-f;<?a96Lo{;clgr?=8kfRBG@a
z(!_1P>H9s>-g*&HB<PHk<O(P36pRc@K$O2JWD16c+BGm;X-*)<5JO`3i#Y)$^sk=Y
zDiJcM@@5UrlQrK3Mh&$}zfdnrzY-{*L$7GWLcyONXL5XO_MlsSuZ07U=i&5f<;i!=
z75TmdJ}S@k5L$zrUUY!!IyEg7`MxzhDzo*#mT?^2bhblYE9&usG-uv#0Y|<4;#6L!
zO~s<T!V{#*$yu=CS60=)cHXEKmh&=po^iE&02yV)-?P9%Kg>1{-05qz;Xa7GnyOh7
zwNlx|7fpg+gwrExCpr}zLOoi=!c}^ZjhPE)lxJ^UF?nQFi+!YNEGyd`uR?bvnt3NP
zeA9o!y6Z^jE;Fr%YhCofGT`_@G#0l5LkKAp(#|Vv;C_|NSk@a)(G<a3Pd{?3f*f)%
zm(Lj1huf^0a`gUzvgJ5lz|~mnt@;CU%&~G{aS^4BxNbQe$ie=B&7Q7W&K?57$=M7x
zA=4b_ZBROTDQ_W&_=6p_uQTM37?<;$YbDgDT$i~!zYm&_gZ)qM>K~~*i(p)cU|giA
z%=6z^PL*cp-<PKccSxtRgad=e{Y>q2I95uxmQXXub)c~qrh5&b45SCr&sVUTwixo_
zdu{TB{RA|aSB`j^oUulPqb&K@SI!ttS7^}eWFOyKMIO$RGSo|}7x7~|aUGnuzwa%$
zR%q&(*W2}!8}owNx;ro8X~3imJ_Xn&dOzhoDhozy>k+W&c|45LcbKnyP#?3cL<-KK
zT2kLkC<hYW@jV>=nr6$o{l53>kFr`${jEx{c^!Y`g{HNFg`3)X!!BVg-@}fk^^}ok
z`OFpP%DCg}o=VlQZEQtO!o5o2u#5tM`}xg$fL+S|lWEH^g93|t)(xxp9`=O(d|*>R
z6pC_Z2p#eap!T)B7pfN3DUfg){<W7fZ{|<^s9xs0Ayi}Ld6iGF<?9nj)9afb?mM`U
z%?CDcRJuktmn#Nd`-qnj9P(Dc8#3S7wJmF=z&RGM{IyPS6~Vo6%51vf=IQmJE#uFG
zqU#8mCFC9>vF?XCG^WXgjlm`$*<loqYKk-2S86;O?-0@;Tl)A~;W7O^G#)A#h#_%^
z=+n=Ebrv8eir=<_Tz1+fn*vqyz$>Bn&f1y`2)2KY+<ZS?1dnpSK42a*Od6mL{fShF
zFTuSyj|hUfi0E&~45ne;0$ICkOJ^{&;nEv5d~*+!j0UT8);OzOG^`rX3T;BNB3R@}
znInLz{LKrOHrl%9N8v&RdUjsBShsA8U%P7ywjG}dfqliiY1ld77J7rUNAQO?%Ju)l
zNJJWj8B~>hoWwE(8Qr!8H6uh4B}haHt%!LE8PFP58Q7^I!&yh0hS&p*JDUHwEdvgT
zYA>j0=Z_9kBvb~%hwMgp&A08|d*^oqIt88s{r?+-nS10;GqG!_yotx6{>w{8yOqdZ
zaNDQ%!|x6B3H%az9r^#nI1xI5QX*FD@sEP}KZ*QHNnnY#WxxY*f&Xtx%?ydr=Q+x^
zBixGuiJK^kp0}cYm%K+s$DfEI9Lf6!7S)<XQ29}Pj+-6(oq*8=yh`X!`*G)|H2|$m
z;Onfd@=6AvVpwHTAiqjaS#!CjN<jH#KDM!GRK@4ByZKda?Rcw+!(cVXLr*)f<YIxV
ziNj=dQ*UOm*1`^NW--iSYq^S{<gu+JA*$sL)_$^4u#Jx8BKH}(LqmSap*>};DXaQG
zJnmqj<^r_Kuch1N+je%o>AICW9iWX$yQDqkXWD^+R?28SqZ-rw15~bX)j_r4N%I9`
zFEHKi_i0w_#!lGgzq9mHV~-%;VcbMb+$l_OF0?jLHK5v4V5?0{tWMOcKDGTmi9i(e
zQ@DE$j<kKcfsG!7=0^(%k5a`KLSD<4$41T5TjyF`D#$m~im%dMu|Yj>kBzAcLTzY|
zxhaHs){~}2J~g{noMSD@)|9#)Q(G&XN9~d(HKtD-e+{TNwX1jcEo1jSW1M-dt~)A!
zBCd^BB`jNh%1ENbq1e&gVUru<*+-VUuwk2$kH{YD%l88!sxNScMECXoJs#ocWa!}J
X1`MOYad0w!XXS>Ypb%G(fct*{i^jr}


From cf522226945d464847bd2477fde9af4d24be0723 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Thu, 7 Oct 2021 19:25:29 +0200
Subject: [PATCH 684/966] Correct support function name

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 tests/scripts/all.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 567fa936c4..721c82d34b 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -2303,7 +2303,7 @@ component_test_m32_o2 () {
     msg "test ssl-opt.sh, i386, make, gcc-O2"
     tests/ssl-opt.sh
 }
-support_test_m32_o1 () {
+support_test_m32_o2 () {
     support_test_m32_o0 "$@"
 }
 

From 77f0535a9352053a98988bb592c90e521522347f Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Thu, 7 Oct 2021 19:27:16 +0200
Subject: [PATCH 685/966] Clarify a comment

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 tests/scripts/all.sh | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 721c82d34b..5bc9a3d276 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -2275,7 +2275,8 @@ component_build_mbedtls_config_file () {
 }
 
 component_test_m32_o0 () {
-    # Build without optimization, to not use the i386 specific inline assembly.
+    # Build without optimization, so as to use portable C code (in a 32-bit
+    # build) and not the i386-specific inline assembly.
     msg "build: i386, make, gcc -O0 (ASan build)" # ~ 30s
     scripts/config.py full
     make CC=gcc CFLAGS="$ASAN_CFLAGS -m32 -O0" LDFLAGS="-m32 $ASAN_CFLAGS"

From dbf7b7eeb5712df6651c7e360a55b82633bd7d14 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Thu, 7 Oct 2021 19:34:57 +0200
Subject: [PATCH 686/966] Switch cmake -O2 builds around to where we test a lot

Use Release mode (-O2) for component_test_full_cmake_clang which runs SSL
tests.

To have some coverage with Check mode (which enables more compiler warnings
but compiles with -Os), change a few other builds that only run unit tests
at most to Check mode.

Don't add any new builds, to keep the total build volume down. We don't need
extensive coverage of all combinations, just a reasonable set.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 tests/scripts/all.sh | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 5bc9a3d276..646055d63b 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -1283,7 +1283,7 @@ component_test_psa_collect_statuses () {
 component_test_full_cmake_clang () {
     msg "build: cmake, full config, clang" # ~ 50s
     scripts/config.py full
-    CC=clang cmake -D CMAKE_BUILD_TYPE:String=Check -D ENABLE_TESTING=On .
+    CC=clang cmake -D CMAKE_BUILD_TYPE:String=Release -D ENABLE_TESTING=On .
     make
 
     msg "test: main suites (full config, clang)" # ~ 5s
@@ -1926,7 +1926,8 @@ component_build_no_std_function () {
     scripts/config.py set MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
     scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED
     scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT
-    make CC=gcc CFLAGS='-Werror -Wall -Wextra -Os'
+    CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Check
+    make
 }
 
 component_build_no_ssl_srv () {
@@ -2094,7 +2095,7 @@ component_test_when_no_ciphersuites_have_mac () {
 component_test_no_date_time () {
     msg "build: default config without MBEDTLS_HAVE_TIME_DATE"
     scripts/config.py unset MBEDTLS_HAVE_TIME_DATE
-    CC=gcc cmake
+    CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Check
     make
 
     msg "test: !MBEDTLS_HAVE_TIME_DATE - main suites"
@@ -2633,7 +2634,7 @@ component_test_cmake_out_of_source () {
     MBEDTLS_ROOT_DIR="$PWD"
     mkdir "$OUT_OF_SOURCE_DIR"
     cd "$OUT_OF_SOURCE_DIR"
-    cmake "$MBEDTLS_ROOT_DIR"
+    cmake -D CMAKE_BUILD_TYPE:String=Check "$MBEDTLS_ROOT_DIR"
     make
 
     msg "test: cmake 'out-of-source' build"

From 34da3727d6feef7322bd15e238bcef6317cf5edc Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Sun, 19 Sep 2021 18:05:08 +0800
Subject: [PATCH 687/966] Add check read ptr macro

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_misc.h | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 3f3f505031..4cbefdbfd4 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -409,6 +409,29 @@ static inline int mbedtls_ssl_chk_buf_ptr( const uint8_t *cur,
         }                                                                \
     } while( 0 )
 
+/**
+ * \brief        This macro checks if the remaining size in a input buffer is
+ *               greater or equal than a needed space. If it is not the case,
+ *               it returns an SSL_DECODE_ERROR error and sends DECODE_ERROR
+ *               alert message.
+ *
+ * \param cur    Pointer to the current position in the buffer.
+ * \param end    Pointer to one past the end of the buffer.
+ * \param need   Needed space in bytes.
+ *
+ */
+#define MBEDTLS_SSL_CHK_BUF_READ_PTR( cur, end, need )                          \
+    do {                                                                        \
+        if( mbedtls_ssl_chk_buf_ptr( ( cur ), ( end ), ( need ) ) != 0 )        \
+        {                                                                       \
+            MBEDTLS_SSL_DEBUG_MSG( 1,                                           \
+                                   ( "missing input data in %s", __func__ ) );  \
+            MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,   \
+                                          MBEDTLS_ERR_SSL_DECODE_ERROR );       \
+            return( MBEDTLS_ERR_SSL_DECODE_ERROR );                             \
+        }                                                                       \
+    } while( 0 )
+
 #ifdef __cplusplus
 extern "C" {
 #endif

From 1b7c4a464c385421f2a2f33ec3d22de7c6530007 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Thu, 9 Sep 2021 17:09:12 +0800
Subject: [PATCH 688/966] tls13: add key exchange modes in handshake params

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_misc.h | 40 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)

diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 4cbefdbfd4..9f9192fc07 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -509,6 +509,9 @@ struct mbedtls_ssl_handshake_params
     /*
      * Handshake specific crypto variables
      */
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+    int tls1_3_kex_modes; /*!< key exchange modes for TLS 1.3 */
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
     defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
@@ -1438,6 +1441,43 @@ static inline int mbedtls_ssl_conf_tls13_some_psk_enabled( mbedtls_ssl_context *
                    MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_ALL ) );
 }
 
+static inline unsigned mbedtls_ssl_tls1_3_check_kex_modes( mbedtls_ssl_context *ssl,
+                                                           int kex_mode_mask )
+{
+    return( ( ssl->handshake->tls1_3_kex_modes & kex_mode_mask ) != 0 );
+}
+
+static inline int mbedtls_ssl_tls1_3_psk_enabled( mbedtls_ssl_context *ssl )
+{
+    return( mbedtls_ssl_tls1_3_check_kex_modes( ssl,
+                   MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK ) );
+}
+
+static inline int mbedtls_ssl_tls1_3_psk_ephemeral_enabled(
+                                                    mbedtls_ssl_context *ssl )
+{
+    return( mbedtls_ssl_tls1_3_check_kex_modes( ssl,
+                   MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_EPHEMERAL ) );
+}
+
+static inline int mbedtls_ssl_tls1_3_ephemeral_enabled( mbedtls_ssl_context *ssl )
+{
+    return( mbedtls_ssl_tls1_3_check_kex_modes( ssl,
+                   MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL ) );
+}
+
+static inline int mbedtls_ssl_tls1_3_some_ephemeral_enabled( mbedtls_ssl_context *ssl )
+{
+    return( mbedtls_ssl_tls1_3_check_kex_modes( ssl,
+                   MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL_ALL ) );
+}
+
+static inline int mbedtls_ssl_tls1_3_some_psk_enabled( mbedtls_ssl_context *ssl )
+{
+    return( mbedtls_ssl_tls1_3_check_kex_modes( ssl,
+                   MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_ALL ) );
+}
+
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
 
 /**

From e15e665cfb9de25232ef69cb6893fbd010c63d21 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Tue, 28 Sep 2021 21:06:07 +0800
Subject: [PATCH 689/966] fix comments and check return issues

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_misc.h | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 9f9192fc07..8074a3aeeb 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -410,14 +410,14 @@ static inline int mbedtls_ssl_chk_buf_ptr( const uint8_t *cur,
     } while( 0 )
 
 /**
- * \brief        This macro checks if the remaining size in a input buffer is
- *               greater or equal than a needed space. If it is not the case,
- *               it returns an SSL_DECODE_ERROR error and sends DECODE_ERROR
- *               alert message.
+ * \brief        This macro checks if the remaining length in an input buffer is
+ *               greater or equal than a needed length. If it is not the case, it
+ *               returns an SSL_DECODE_ERROR error and pends DECODE_ERROR alert
+ *               message.
  *
  * \param cur    Pointer to the current position in the buffer.
  * \param end    Pointer to one past the end of the buffer.
- * \param need   Needed space in bytes.
+ * \param need   Needed length in bytes.
  *
  */
 #define MBEDTLS_SSL_CHK_BUF_READ_PTR( cur, end, need )                          \
@@ -1442,9 +1442,9 @@ static inline int mbedtls_ssl_conf_tls13_some_psk_enabled( mbedtls_ssl_context *
 }
 
 static inline unsigned mbedtls_ssl_tls1_3_check_kex_modes( mbedtls_ssl_context *ssl,
-                                                           int kex_mode_mask )
+                                                           int kex_modes_mask )
 {
-    return( ( ssl->handshake->tls1_3_kex_modes & kex_mode_mask ) != 0 );
+    return( ( ssl->handshake->tls1_3_kex_modes & kex_modes_mask ) == 0 );
 }
 
 static inline int mbedtls_ssl_tls1_3_psk_enabled( mbedtls_ssl_context *ssl )

From adf861aad4c12c7328282ac2a14da6e716b7b674 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Wed, 29 Sep 2021 21:22:08 +0800
Subject: [PATCH 690/966] Address kex_modes check function

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_misc.h | 20 +++++++++++++++-----
 1 file changed, 15 insertions(+), 5 deletions(-)

diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 8074a3aeeb..d269e6f858 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -1441,6 +1441,16 @@ static inline int mbedtls_ssl_conf_tls13_some_psk_enabled( mbedtls_ssl_context *
                    MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_ALL ) );
 }
 
+/**
+ * Given a list of key exchange modes, check if at least one of them is
+ * supported.
+ *
+ * \param[in] ssl  SSL context
+ * \param key_modes_mask  Mask of the key exchange modes to check
+ *
+ * \return 0 if at least one of the key exchange modes is supported,
+ *         <>0 otherwise.
+ */
 static inline unsigned mbedtls_ssl_tls1_3_check_kex_modes( mbedtls_ssl_context *ssl,
                                                            int kex_modes_mask )
 {
@@ -1449,32 +1459,32 @@ static inline unsigned mbedtls_ssl_tls1_3_check_kex_modes( mbedtls_ssl_context *
 
 static inline int mbedtls_ssl_tls1_3_psk_enabled( mbedtls_ssl_context *ssl )
 {
-    return( mbedtls_ssl_tls1_3_check_kex_modes( ssl,
+    return( ! mbedtls_ssl_tls1_3_check_kex_modes( ssl,
                    MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK ) );
 }
 
 static inline int mbedtls_ssl_tls1_3_psk_ephemeral_enabled(
                                                     mbedtls_ssl_context *ssl )
 {
-    return( mbedtls_ssl_tls1_3_check_kex_modes( ssl,
+    return( ! mbedtls_ssl_tls1_3_check_kex_modes( ssl,
                    MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_EPHEMERAL ) );
 }
 
 static inline int mbedtls_ssl_tls1_3_ephemeral_enabled( mbedtls_ssl_context *ssl )
 {
-    return( mbedtls_ssl_tls1_3_check_kex_modes( ssl,
+    return( ! mbedtls_ssl_tls1_3_check_kex_modes( ssl,
                    MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL ) );
 }
 
 static inline int mbedtls_ssl_tls1_3_some_ephemeral_enabled( mbedtls_ssl_context *ssl )
 {
-    return( mbedtls_ssl_tls1_3_check_kex_modes( ssl,
+    return( ! mbedtls_ssl_tls1_3_check_kex_modes( ssl,
                    MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL_ALL ) );
 }
 
 static inline int mbedtls_ssl_tls1_3_some_psk_enabled( mbedtls_ssl_context *ssl )
 {
-    return( mbedtls_ssl_tls1_3_check_kex_modes( ssl,
+    return( ! mbedtls_ssl_tls1_3_check_kex_modes( ssl,
                    MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_ALL ) );
 }
 

From 0cabad375b67892005cc22947accb0ffbcbf3f7f Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Thu, 30 Sep 2021 09:52:35 +0800
Subject: [PATCH 691/966] fix doxygen parameter wrong

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_misc.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index d269e6f858..85c7779705 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -1446,7 +1446,7 @@ static inline int mbedtls_ssl_conf_tls13_some_psk_enabled( mbedtls_ssl_context *
  * supported.
  *
  * \param[in] ssl  SSL context
- * \param key_modes_mask  Mask of the key exchange modes to check
+ * \param kex_modes_mask  Mask of the key exchange modes to check
  *
  * \return 0 if at least one of the key exchange modes is supported,
  *         <>0 otherwise.

From dca3d5ddf9d5164308cf88415b72854ec6cd150d Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Fri, 8 Oct 2021 14:19:29 +0800
Subject: [PATCH 692/966] fix document issues

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_misc.h | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 85c7779705..cdd5609675 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -412,8 +412,9 @@ static inline int mbedtls_ssl_chk_buf_ptr( const uint8_t *cur,
 /**
  * \brief        This macro checks if the remaining length in an input buffer is
  *               greater or equal than a needed length. If it is not the case, it
- *               returns an SSL_DECODE_ERROR error and pends DECODE_ERROR alert
- *               message.
+ *               returns #MBEDTLS_SSL_DECODE_ERROR error and pends a
+ *               #MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR alert message.
+ *               It is used to guaranteed remaining length.
  *
  * \param cur    Pointer to the current position in the buffer.
  * \param end    Pointer to one past the end of the buffer.
@@ -1449,7 +1450,7 @@ static inline int mbedtls_ssl_conf_tls13_some_psk_enabled( mbedtls_ssl_context *
  * \param kex_modes_mask  Mask of the key exchange modes to check
  *
  * \return 0 if at least one of the key exchange modes is supported,
- *         <>0 otherwise.
+ *         !=0 otherwise.
  */
 static inline unsigned mbedtls_ssl_tls1_3_check_kex_modes( mbedtls_ssl_context *ssl,
                                                            int kex_modes_mask )

From c1ddeef53aa547956f63a5da74f4e93f1865fa35 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Fri, 8 Oct 2021 15:14:45 +0800
Subject: [PATCH 693/966] fix various issues

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_misc.h       |  4 +---
 library/ssl_msg.c        |  3 ---
 library/ssl_tls.c        | 20 +++++++++++---------
 library/ssl_tls13_keys.h |  8 ++------
 4 files changed, 14 insertions(+), 21 deletions(-)

diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 6f83fc3276..06351fc0c7 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -1501,9 +1501,7 @@ int mbedtls_ssl_tls13_start_handshake_msg( mbedtls_ssl_context *ssl,
 int mbedtls_ssl_tls13_finish_handshake_msg( mbedtls_ssl_context *ssl,
                                             size_t buf_len,
                                             size_t msg_len );
-/*
- * Update checksum with handshake header
- */
+
 void mbedtls_ssl_tls13_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl,
                                                unsigned hs_type,
                                                size_t total_hs_len );
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index e636762c53..13a9e0ff31 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -5558,9 +5558,6 @@ void mbedtls_ssl_transform_free( mbedtls_ssl_transform *transform )
 void mbedtls_ssl_set_inbound_transform( mbedtls_ssl_context *ssl,
                                         mbedtls_ssl_transform *transform )
 {
-    if( ssl->transform_in == transform )
-        return;
-
     ssl->transform_in = transform;
     mbedtls_platform_zeroize( ssl->in_ctr, MBEDTLS_SSL_COUNTER_LEN );
 }
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 58b81ff26d..26cf6b3e09 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -7062,20 +7062,22 @@ int mbedtls_ssl_get_handshake_transcript( mbedtls_ssl_context *ssl,
                                           size_t dst_len,
                                           size_t *olen )
 {
+    switch( md )
+    {
+
 #if defined(MBEDTLS_SHA384_C)
-    if( md == MBEDTLS_MD_SHA384 )
-    {
+    case MBEDTLS_MD_SHA384:
         return( ssl_get_handshake_transcript_sha384( ssl, dst, dst_len, olen ) );
-    }
-    else
-#endif /* MBEDTLS_SHA512_C */
+#endif /* MBEDTLS_SHA384_C */
+
 #if defined(MBEDTLS_SHA256_C)
-    if( md == MBEDTLS_MD_SHA256 )
-    {
+    case MBEDTLS_MD_SHA256:
         return( ssl_get_handshake_transcript_sha256( ssl, dst, dst_len, olen ) );
-    }
-    else
 #endif /* MBEDTLS_SHA256_C */
+
+    default:
+        break;
+    }
     return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
 }
 #endif /* !MBEDTLS_USE_PSA_CRYPTO */
diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h
index 45b0fdfa4c..866aae9117 100644
--- a/library/ssl_tls13_keys.h
+++ b/library/ssl_tls13_keys.h
@@ -534,22 +534,18 @@ int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform,
 /*
  * TLS 1.3 key schedule evolutions
  *
- *   Early Data -> Handshake -> Application
+ *   Early -> Handshake -> Application
  *
  * Small wrappers around mbedtls_ssl_tls1_3_evolve_secret().
  */
 
 /**
- * \brief Begin TLS 1.3 key schedule by calculating early secret
- *        from chosen PSK.
+ * \brief Begin TLS 1.3 key schedule by calculating early secret.
  *
  *        The TLS 1.3 key schedule can be viewed as a simple state machine
  *        with states Initial -> Early -> Handshake -> Application, and
  *        this function represents the Initial -> Early transition.
  *
- *        In the early stage, mbedtls_ssl_tls1_3_generate_early_data_keys()
- *        can be used to derive the 0-RTT traffic keys.
- *
  * \param ssl  The SSL context to operate on.
  *
  * \returns    \c 0 on success.

From ae0b2e2a2f5de804bf450ec7da12761c2f53af91 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Fri, 8 Oct 2021 15:21:19 +0800
Subject: [PATCH 694/966] Rename counter_len

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 include/mbedtls/ssl.h |  4 ++--
 library/ssl_misc.h    | 20 ++++++++++----------
 library/ssl_msg.c     | 25 ++++++++++++++-----------
 library/ssl_tls.c     |  6 +++---
 4 files changed, 29 insertions(+), 26 deletions(-)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 2b75267e84..2c77dbed55 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -594,7 +594,7 @@ union mbedtls_ssl_premaster_secret
 #define MBEDTLS_PREMASTER_SIZE     sizeof( union mbedtls_ssl_premaster_secret )
 
 /* Length in number of bytes of the TLS sequence number */
-#define MBEDTLS_SSL_COUNTER_LEN 8
+#define MBEDTLS_SSL_SEQUENCE_NUMBER_LEN 8
 
 #ifdef __cplusplus
 extern "C" {
@@ -1555,7 +1555,7 @@ struct mbedtls_ssl_context
     size_t MBEDTLS_PRIVATE(out_buf_len);         /*!< length of output buffer          */
 #endif
 
-    unsigned char MBEDTLS_PRIVATE(cur_out_ctr)[MBEDTLS_SSL_COUNTER_LEN]; /*!<  Outgoing record sequence  number. */
+    unsigned char MBEDTLS_PRIVATE(cur_out_ctr)[MBEDTLS_SSL_SEQUENCE_NUMBER_LEN]; /*!<  Outgoing record sequence  number. */
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
     uint16_t MBEDTLS_PRIVATE(mtu);               /*!< path mtu, used to fragment outgoing messages */
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 06351fc0c7..d194b0e1eb 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -573,8 +573,8 @@ struct mbedtls_ssl_handshake_params
                                               flight being received          */
     mbedtls_ssl_transform *alt_transform_out;   /*!<  Alternative transform for
                                               resending messages             */
-    unsigned char alt_out_ctr[MBEDTLS_SSL_COUNTER_LEN]; /*!<  Alternative record epoch/counter
-                                                              for resending messages         */
+    unsigned char alt_out_ctr[MBEDTLS_SSL_SEQUENCE_NUMBER_LEN]; /*!<  Alternative record epoch/counter
+                                                                      for resending messages         */
 
 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
     /* The state of CID configuration in this handshake. */
@@ -873,14 +873,14 @@ static inline int mbedtls_ssl_transform_uses_aead(
 
 typedef struct
 {
-    uint8_t ctr[MBEDTLS_SSL_COUNTER_LEN];  /* In TLS:  The implicit record sequence number.
-                                            * In DTLS: The 2-byte epoch followed by
-                                            *          the 6-byte sequence number.
-                                            * This is stored as a raw big endian byte array
-                                            * as opposed to a uint64_t because we rarely
-                                            * need to perform arithmetic on this, but do
-                                            * need it as a Byte array for the purpose of
-                                            * MAC computations.                             */
+    uint8_t ctr[MBEDTLS_SSL_SEQUENCE_NUMBER_LEN];  /* In TLS:  The implicit record sequence number.
+                                                    * In DTLS: The 2-byte epoch followed by
+                                                    *          the 6-byte sequence number.
+                                                    * This is stored as a raw big endian byte array
+                                                    * as opposed to a uint64_t because we rarely
+                                                    * need to perform arithmetic on this, but do
+                                                    * need it as a Byte array for the purpose of
+                                                    * MAC computations.                             */
     uint8_t type;           /* The record content type.                      */
     uint8_t ver[2];         /* SSL/TLS version as present on the wire.
                              * Convert to internal presentation of versions
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 13a9e0ff31..7fa0a56174 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -2101,7 +2101,7 @@ void mbedtls_ssl_flight_free( mbedtls_ssl_flight_item *flight )
 static int ssl_swap_epochs( mbedtls_ssl_context *ssl )
 {
     mbedtls_ssl_transform *tmp_transform;
-    unsigned char tmp_out_ctr[MBEDTLS_SSL_COUNTER_LEN];
+    unsigned char tmp_out_ctr[MBEDTLS_SSL_SEQUENCE_NUMBER_LEN];
 
     if( ssl->transform_out == ssl->handshake->alt_transform_out )
     {
@@ -2564,7 +2564,7 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush )
         mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver,
                            ssl->conf->transport, ssl->out_hdr + 1 );
 
-        memcpy( ssl->out_ctr, ssl->cur_out_ctr, MBEDTLS_SSL_COUNTER_LEN );
+        memcpy( ssl->out_ctr, ssl->cur_out_ctr, MBEDTLS_SSL_SEQUENCE_NUMBER_LEN );
         MBEDTLS_PUT_UINT16_BE( len, ssl->out_len, 0);
 
         if( ssl->transform_out != NULL )
@@ -3651,9 +3651,12 @@ static int ssl_prepare_record_content( mbedtls_ssl_context *ssl,
 #endif
         {
             unsigned i;
-            for( i = MBEDTLS_SSL_COUNTER_LEN; i > mbedtls_ssl_ep_len( ssl ); i-- )
+            for( i = MBEDTLS_SSL_SEQUENCE_NUMBER_LEN;
+                 i > mbedtls_ssl_ep_len( ssl ); i-- )
+            {
                 if( ++ssl->in_ctr[i - 1] != 0 )
                     break;
+            }
 
             /* The loop goes to its end iff the counter is wrapping */
             if( i == mbedtls_ssl_ep_len( ssl ) )
@@ -4793,7 +4796,7 @@ int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl )
     }
     else
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
-    mbedtls_platform_zeroize( ssl->in_ctr, MBEDTLS_SSL_COUNTER_LEN );
+    mbedtls_platform_zeroize( ssl->in_ctr, MBEDTLS_SSL_SEQUENCE_NUMBER_LEN );
 
     mbedtls_ssl_update_in_pointers( ssl );
 
@@ -4829,12 +4832,12 @@ void mbedtls_ssl_update_out_pointers( mbedtls_ssl_context *ssl,
     {
         ssl->out_ctr = ssl->out_hdr +  3;
 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
-        ssl->out_cid = ssl->out_ctr + MBEDTLS_SSL_COUNTER_LEN;
+        ssl->out_cid = ssl->out_ctr + MBEDTLS_SSL_SEQUENCE_NUMBER_LEN;
         ssl->out_len = ssl->out_cid;
         if( transform != NULL )
             ssl->out_len += transform->out_cid_len;
 #else /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
-        ssl->out_len = ssl->out_ctr + MBEDTLS_SSL_COUNTER_LEN;
+        ssl->out_len = ssl->out_ctr + MBEDTLS_SSL_SEQUENCE_NUMBER_LEN;
 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
         ssl->out_iv  = ssl->out_len + 2;
     }
@@ -4883,17 +4886,17 @@ void mbedtls_ssl_update_in_pointers( mbedtls_ssl_context *ssl )
          * ssl_parse_record_header(). */
         ssl->in_ctr = ssl->in_hdr +  3;
 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
-        ssl->in_cid = ssl->in_ctr + MBEDTLS_SSL_COUNTER_LEN;
+        ssl->in_cid = ssl->in_ctr + MBEDTLS_SSL_SEQUENCE_NUMBER_LEN;
         ssl->in_len = ssl->in_cid; /* Default: no CID */
 #else /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
-        ssl->in_len = ssl->in_ctr + MBEDTLS_SSL_COUNTER_LEN;
+        ssl->in_len = ssl->in_ctr + MBEDTLS_SSL_SEQUENCE_NUMBER_LEN;
 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
         ssl->in_iv  = ssl->in_len + 2;
     }
     else
 #endif
     {
-        ssl->in_ctr = ssl->in_hdr - MBEDTLS_SSL_COUNTER_LEN;
+        ssl->in_ctr = ssl->in_hdr - MBEDTLS_SSL_SEQUENCE_NUMBER_LEN;
         ssl->in_len = ssl->in_hdr + 3;
 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
         ssl->in_cid = ssl->in_len;
@@ -5068,7 +5071,7 @@ static int ssl_check_ctr_renegotiate( mbedtls_ssl_context *ssl )
 
     in_ctr_cmp = memcmp( ssl->in_ctr + ep_len,
                          &ssl->conf->renego_period[ep_len],
-                         MBEDTLS_SSL_COUNTER_LEN - ep_len );
+                         MBEDTLS_SSL_SEQUENCE_NUMBER_LEN - ep_len );
     out_ctr_cmp = memcmp( &ssl->cur_out_ctr[ep_len],
                           &ssl->conf->renego_period[ep_len],
                           sizeof( ssl->cur_out_ctr ) - ep_len );
@@ -5559,7 +5562,7 @@ void mbedtls_ssl_set_inbound_transform( mbedtls_ssl_context *ssl,
                                         mbedtls_ssl_transform *transform )
 {
     ssl->transform_in = transform;
-    mbedtls_platform_zeroize( ssl->in_ctr, MBEDTLS_SSL_COUNTER_LEN );
+    mbedtls_platform_zeroize( ssl->in_ctr, MBEDTLS_SSL_SEQUENCE_NUMBER_LEN );
 }
 
 void mbedtls_ssl_set_outbound_transform( mbedtls_ssl_context *ssl,
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 26cf6b3e09..8c1fdd816e 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -5778,11 +5778,11 @@ int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl,
     }
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 
-    used += MBEDTLS_SSL_COUNTER_LEN;
+    used += MBEDTLS_SSL_SEQUENCE_NUMBER_LEN;
     if( used <= buf_len )
     {
-        memcpy( p, ssl->cur_out_ctr, MBEDTLS_SSL_COUNTER_LEN );
-        p += MBEDTLS_SSL_COUNTER_LEN;
+        memcpy( p, ssl->cur_out_ctr, MBEDTLS_SSL_SEQUENCE_NUMBER_LEN );
+        p += MBEDTLS_SSL_SEQUENCE_NUMBER_LEN;
     }
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)

From 205fd82f7ec395ba7da1a24f0573f18840fab431 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Fri, 8 Oct 2021 16:16:24 +0800
Subject: [PATCH 695/966] fix check_name fail

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_misc.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index cdd5609675..4205a477c1 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -412,7 +412,7 @@ static inline int mbedtls_ssl_chk_buf_ptr( const uint8_t *cur,
 /**
  * \brief        This macro checks if the remaining length in an input buffer is
  *               greater or equal than a needed length. If it is not the case, it
- *               returns #MBEDTLS_SSL_DECODE_ERROR error and pends a
+ *               returns #MBEDTLS_ERR_SSL_DECODE_ERROR error and pends a
  *               #MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR alert message.
  *               It is used to guaranteed remaining length.
  *

From d1ab2628444324a5784b813b1c9c2b53d296595b Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Fri, 8 Oct 2021 15:36:57 +0800
Subject: [PATCH 696/966] define max md size for tls1_3

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 include/mbedtls/md.h | 4 ++++
 library/ssl_misc.h   | 6 +++---
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h
index fa2b152f96..34f314f3f4 100644
--- a/include/mbedtls/md.h
+++ b/include/mbedtls/md.h
@@ -74,6 +74,10 @@ typedef enum {
 #define MBEDTLS_MD_MAX_BLOCK_SIZE         64
 #endif
 
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+#define MBEDTLS_TLS1_3_MD_MAX_SIZE         MBEDTLS_MD_MAX_SIZE
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
+
 /**
  * Opaque struct.
  *
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index d194b0e1eb..b8361dbb65 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -678,9 +678,9 @@ struct mbedtls_ssl_handshake_params
 
     union
     {
-        unsigned char early    [MBEDTLS_MD_MAX_SIZE];
-        unsigned char handshake[MBEDTLS_MD_MAX_SIZE];
-        unsigned char app      [MBEDTLS_MD_MAX_SIZE];
+        unsigned char early    [MBEDTLS_TLS1_3_MD_MAX_SIZE];
+        unsigned char handshake[MBEDTLS_TLS1_3_MD_MAX_SIZE];
+        unsigned char app      [MBEDTLS_TLS1_3_MD_MAX_SIZE];
     } tls1_3_master_secrets;
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
 

From f4d2fd4a057762358485f879900777e04d41f6a4 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Fri, 8 Oct 2021 11:45:47 +0200
Subject: [PATCH 697/966] Fix cmake invocation syntax

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 tests/scripts/all.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 646055d63b..85f6848c39 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -1926,7 +1926,7 @@ component_build_no_std_function () {
     scripts/config.py set MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
     scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED
     scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT
-    CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Check
+    CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Check .
     make
 }
 
@@ -2095,7 +2095,7 @@ component_test_when_no_ciphersuites_have_mac () {
 component_test_no_date_time () {
     msg "build: default config without MBEDTLS_HAVE_TIME_DATE"
     scripts/config.py unset MBEDTLS_HAVE_TIME_DATE
-    CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Check
+    CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Check .
     make
 
     msg "test: !MBEDTLS_HAVE_TIME_DATE - main suites"

From d9d630cdf301f88b49458f163b7f0b01bcdbc9fb Mon Sep 17 00:00:00 2001
From: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
Date: Fri, 8 Oct 2021 12:26:21 +0200
Subject: [PATCH 698/966] Addapt psa_generate_key() tests

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
---
 tests/scripts/generate_psa_tests.py           | 17 +++++++++++------
 tests/suites/test_suite_psa_crypto.data       |  2 +-
 ...st_suite_psa_crypto_not_supported.function | 19 +++++++++++++++++++
 3 files changed, 31 insertions(+), 7 deletions(-)

diff --git a/tests/scripts/generate_psa_tests.py b/tests/scripts/generate_psa_tests.py
index c788ce6d6d..1cdd28f89a 100755
--- a/tests/scripts/generate_psa_tests.py
+++ b/tests/scripts/generate_psa_tests.py
@@ -133,7 +133,7 @@ class Information:
         return constructors
 
 
-def test_case_for_key_type_not_supported(
+def test_case_for_key_type_not_supported_invalid_arg(
         verb: str, key_type: str, bits: int,
         dependencies: List[str],
         *args: str,
@@ -148,10 +148,15 @@ def test_case_for_key_type_not_supported(
     adverb = 'not' if dependencies else 'never'
     if param_descr:
         adverb = param_descr + ' ' + adverb
-    tc.set_description('PSA {} {} {}-bit {} supported'
-                       .format(verb, short_key_type, bits, adverb))
+    if (verb == "generate") and ("PUBLIC" in short_key_type):
+        tc.set_description('PSA {} {} {}-bit invalid argument'
+                    .format(verb, short_key_type, bits))
+        tc.set_function(verb + '_invalid_arg')
+    else:
+        tc.set_description('PSA {} {} {}-bit {} supported'
+                        .format(verb, short_key_type, bits, adverb))
+        tc.set_function(verb + '_not_supported')
     tc.set_dependencies(dependencies)
-    tc.set_function(verb + '_not_supported')
     tc.set_arguments([key_type] + list(args))
     return tc
 
@@ -192,7 +197,7 @@ class NotSupported:
         else:
             generate_dependencies = import_dependencies
         for bits in kt.sizes_to_test():
-            yield test_case_for_key_type_not_supported(
+            yield test_case_for_key_type_not_supported_invalid_arg(
                 'import', kt.expression, bits,
                 finish_family_dependencies(import_dependencies, bits),
                 test_case.hex_string(kt.key_material(bits)),
@@ -203,7 +208,7 @@ class NotSupported:
                 # supported or not depending on implementation capabilities,
                 # only generate the test case once.
                 continue
-            yield test_case_for_key_type_not_supported(
+            yield test_case_for_key_type_not_supported_invalid_arg(
                 'generate', kt.expression, bits,
                 finish_family_dependencies(generate_dependencies, bits),
                 str(bits),
diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index 063629e599..350537b051 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -4705,7 +4705,7 @@ generate_random:2 * MBEDTLS_CTR_DRBG_MAX_REQUEST + 1
 
 PSA generate key: bad type (RSA public key)
 depends_on:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
-generate_key:PSA_KEY_TYPE_RSA_PUBLIC_KEY:512:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_NOT_SUPPORTED:0
+generate_key:PSA_KEY_TYPE_RSA_PUBLIC_KEY:512:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_INVALID_ARGUMENT:0
 
 PSA generate key: raw data, 0 bits: invalid argument
 # The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED
diff --git a/tests/suites/test_suite_psa_crypto_not_supported.function b/tests/suites/test_suite_psa_crypto_not_supported.function
index e3253d8405..6b85fd75a7 100644
--- a/tests/suites/test_suite_psa_crypto_not_supported.function
+++ b/tests/suites/test_suite_psa_crypto_not_supported.function
@@ -50,3 +50,22 @@ exit:
     PSA_DONE( );
 }
 /* END_CASE */
+
+/* BEGIN_CASE */
+void generate_invalid_arg( int key_type, int bits )
+{
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+    mbedtls_svc_key_id_t key_id = INVALID_KEY_ID;
+
+    PSA_ASSERT( psa_crypto_init( ) );
+    psa_set_key_type( &attributes, key_type );
+    psa_set_key_bits( &attributes, bits );
+    TEST_EQUAL( psa_generate_key( &attributes, &key_id ),
+                PSA_ERROR_INVALID_ARGUMENT );
+    TEST_ASSERT( mbedtls_svc_key_id_equal( key_id, MBEDTLS_SVC_KEY_ID_INIT ) );
+
+exit:
+    psa_destroy_key( key_id );
+    PSA_DONE( );
+}
+/* END_CASE */

From 88b756bacb410918b91897bdcd96973be54e6198 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Fri, 8 Oct 2021 18:41:38 +0800
Subject: [PATCH 699/966] move tls1_3 max md size

It should be internal definition

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 include/mbedtls/md.h | 4 ----
 library/ssl_misc.h   | 4 ++++
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h
index 34f314f3f4..fa2b152f96 100644
--- a/include/mbedtls/md.h
+++ b/include/mbedtls/md.h
@@ -74,10 +74,6 @@ typedef enum {
 #define MBEDTLS_MD_MAX_BLOCK_SIZE         64
 #endif
 
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
-#define MBEDTLS_TLS1_3_MD_MAX_SIZE         MBEDTLS_MD_MAX_SIZE
-#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
-
 /**
  * Opaque struct.
  *
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index b8361dbb65..76962d3fa6 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -307,6 +307,10 @@
       + ( MBEDTLS_SSL_CID_OUT_LEN_MAX ) )
 #endif
 
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+#define MBEDTLS_TLS1_3_MD_MAX_SIZE         MBEDTLS_MD_MAX_SIZE
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
+
 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
 /**
  * \brief          Return the maximum fragment length (payload, in bytes) for

From 25f70635330eb295577368a55cb17febf3e881d1 Mon Sep 17 00:00:00 2001
From: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
Date: Fri, 8 Oct 2021 14:45:04 +0200
Subject: [PATCH 700/966] enerate_psa_tests.py fix format

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
---
 tests/scripts/generate_psa_tests.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/scripts/generate_psa_tests.py b/tests/scripts/generate_psa_tests.py
index 1cdd28f89a..45d940ea97 100755
--- a/tests/scripts/generate_psa_tests.py
+++ b/tests/scripts/generate_psa_tests.py
@@ -150,11 +150,11 @@ def test_case_for_key_type_not_supported_invalid_arg(
         adverb = param_descr + ' ' + adverb
     if (verb == "generate") and ("PUBLIC" in short_key_type):
         tc.set_description('PSA {} {} {}-bit invalid argument'
-                    .format(verb, short_key_type, bits))
+                           .format(verb, short_key_type, bits))
         tc.set_function(verb + '_invalid_arg')
     else:
         tc.set_description('PSA {} {} {}-bit {} supported'
-                        .format(verb, short_key_type, bits, adverb))
+                           .format(verb, short_key_type, bits, adverb))
         tc.set_function(verb + '_not_supported')
     tc.set_dependencies(dependencies)
     tc.set_arguments([key_type] + list(args))

From 09c46da27ed735a200251da5f66b9a9a82f31dda Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Fri, 8 Oct 2021 15:48:16 +0200
Subject: [PATCH 701/966] Implement PSA_WANT_KEY_TYPE_ARIA

Follow what has been done for CAMELLIA.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 include/mbedtls/config_psa.h | 22 +++++++++++++++++++++-
 include/psa/crypto_config.h  |  1 +
 2 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h
index 9080cd19bc..87997c3891 100644
--- a/include/mbedtls/config_psa.h
+++ b/include/mbedtls/config_psa.h
@@ -267,6 +267,18 @@ extern "C" {
 #endif /* PSA_HAVE_SOFT_KEY_TYPE_AES || PSA_HAVE_SOFT_BLOCK_MODE */
 #endif /* PSA_WANT_KEY_TYPE_AES */
 
+#if defined(PSA_WANT_KEY_TYPE_ARIA)
+#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ARIA)
+#define PSA_HAVE_SOFT_KEY_TYPE_ARIA 1
+#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ARIA */
+#if defined(PSA_HAVE_SOFT_KEY_TYPE_ARIA) || \
+    defined(PSA_HAVE_SOFT_BLOCK_MODE) || \
+    defined(PSA_HAVE_SOFT_BLOCK_AEAD)
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ARIA 1
+#define MBEDTLS_ARIA_C
+#endif /* PSA_HAVE_SOFT_KEY_TYPE_ARIA || PSA_HAVE_SOFT_BLOCK_MODE */
+#endif /* PSA_WANT_KEY_TYPE_ARIA */
+
 #if defined(PSA_WANT_KEY_TYPE_CAMELLIA)
 #if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA)
 #define PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA 1
@@ -301,6 +313,7 @@ extern "C" {
  * PSA_HAVE_SOFT_BLOCK_CIPHER, which can be used in any of these
  * situations. */
 #if defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \
+    defined(PSA_HAVE_SOFT_KEY_TYPE_ARIA) || \
     defined(PSA_HAVE_SOFT_KEY_TYPE_DES) || \
     defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA)
 #define PSA_HAVE_SOFT_BLOCK_CIPHER 1
@@ -381,6 +394,7 @@ extern "C" {
 #if defined(PSA_WANT_ALG_CCM)
 #if !defined(MBEDTLS_PSA_ACCEL_ALG_CCM) || \
     defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \
+    defined(PSA_HAVE_SOFT_KEY_TYPE_ARIA) || \
     defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA)
 #define MBEDTLS_PSA_BUILTIN_ALG_CCM 1
 #define MBEDTLS_CCM_C
@@ -390,6 +404,7 @@ extern "C" {
 #if defined(PSA_WANT_ALG_GCM)
 #if !defined(MBEDTLS_PSA_ACCEL_ALG_GCM) || \
     defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \
+    defined(PSA_HAVE_SOFT_KEY_TYPE_ARIA) || \
     defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA)
 #define MBEDTLS_PSA_BUILTIN_ALG_GCM 1
 #define MBEDTLS_GCM_C
@@ -629,6 +644,11 @@ extern "C" {
 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES 1
 #endif
 
+#if defined(MBEDTLS_ARIA_C)
+#define PSA_WANT_KEY_TYPE_ARIA 1
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ARIA 1
+#endif
+
 #if defined(MBEDTLS_CAMELLIA_C)
 #define PSA_WANT_KEY_TYPE_CAMELLIA 1
 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CAMELLIA 1
@@ -660,7 +680,7 @@ extern "C" {
 #endif
 
 #if defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) || \
-    defined(MBEDTLS_CAMELLIA_C)
+    defined(MBEDTLS_ARIA_C) || defined(MBEDTLS_CAMELLIA_C)
 #define MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING 1
 #define PSA_WANT_ALG_ECB_NO_PADDING 1
 #endif
diff --git a/include/psa/crypto_config.h b/include/psa/crypto_config.h
index 64d8c58169..6476e3cffb 100644
--- a/include/psa/crypto_config.h
+++ b/include/psa/crypto_config.h
@@ -111,6 +111,7 @@
 #define PSA_WANT_KEY_TYPE_DERIVE                1
 #define PSA_WANT_KEY_TYPE_HMAC                  1
 #define PSA_WANT_KEY_TYPE_AES                   1
+#define PSA_WANT_KEY_TYPE_ARIA                  1
 #define PSA_WANT_KEY_TYPE_CAMELLIA              1
 #define PSA_WANT_KEY_TYPE_CHACHA20              1
 #define PSA_WANT_KEY_TYPE_DES                   1

From fd320e9a6e521650aab86126da9627aec55e4db0 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Fri, 8 Oct 2021 21:52:41 +0800
Subject: [PATCH 702/966] Replace zeroize with memset

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_msg.c | 6 +++---
 library/ssl_tls.c | 7 +++----
 2 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 7fa0a56174..fdb647a508 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -4796,7 +4796,7 @@ int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl )
     }
     else
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
-    mbedtls_platform_zeroize( ssl->in_ctr, MBEDTLS_SSL_SEQUENCE_NUMBER_LEN );
+    memset( ssl->in_ctr, 0, MBEDTLS_SSL_SEQUENCE_NUMBER_LEN );
 
     mbedtls_ssl_update_in_pointers( ssl );
 
@@ -5562,14 +5562,14 @@ void mbedtls_ssl_set_inbound_transform( mbedtls_ssl_context *ssl,
                                         mbedtls_ssl_transform *transform )
 {
     ssl->transform_in = transform;
-    mbedtls_platform_zeroize( ssl->in_ctr, MBEDTLS_SSL_SEQUENCE_NUMBER_LEN );
+    memset( ssl->in_ctr, 0, MBEDTLS_SSL_SEQUENCE_NUMBER_LEN );
 }
 
 void mbedtls_ssl_set_outbound_transform( mbedtls_ssl_context *ssl,
                                          mbedtls_ssl_transform *transform )
 {
     ssl->transform_out = transform;
-    mbedtls_platform_zeroize( ssl->cur_out_ctr, sizeof( ssl->cur_out_ctr ) );
+    memset( ssl->cur_out_ctr, 0, sizeof( ssl->cur_out_ctr ) );
 }
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 8c1fdd816e..bf3ab09397 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -2824,8 +2824,7 @@ int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl )
                 sizeof( ssl->handshake->alt_out_ctr ) );
 
         /* Set sequence_number to zero */
-        mbedtls_platform_zeroize( &ssl->cur_out_ctr[2],
-                                  sizeof( ssl->cur_out_ctr ) - 2 );
+        memset( &ssl->cur_out_ctr[2], 0, sizeof( ssl->cur_out_ctr ) - 2 );
 
 
         /* Increment epoch */
@@ -2842,7 +2841,7 @@ int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl )
     }
     else
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
-    mbedtls_platform_zeroize( ssl->cur_out_ctr, sizeof( ssl->cur_out_ctr ) );
+    memset( ssl->cur_out_ctr, 0, sizeof( ssl->cur_out_ctr ) );
 
     ssl->transform_out = ssl->transform_negotiate;
     ssl->session_out = ssl->session_negotiate;
@@ -3327,7 +3326,7 @@ static void ssl_session_reset_msg_layer( mbedtls_ssl_context *ssl,
     ssl->out_msglen  = 0;
     ssl->out_left    = 0;
     memset( ssl->out_buf, 0, out_buf_len );
-    mbedtls_platform_zeroize( ssl->cur_out_ctr, sizeof( ssl->cur_out_ctr ) );
+    memset( ssl->cur_out_ctr, 0, sizeof( ssl->cur_out_ctr ) );
     ssl->transform_out = NULL;
 
 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)

From f6892dec2a24781dfc6e3bc5fcd637993797d1d2 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Fri, 8 Oct 2021 16:28:32 +0200
Subject: [PATCH 703/966] Readability improvements

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 include/psa/crypto_values.h | 4 ++--
 library/psa_crypto_rsa.c    | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h
index aa7d02ef39..86a03d125f 100644
--- a/include/psa/crypto_values.h
+++ b/include/psa/crypto_values.h
@@ -1425,8 +1425,8 @@
  *                      a supported algorithm identifier or policy.
  */
 #define PSA_ALG_IS_RSA_PSS(alg)                                 \
-    ((((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_RSA_PSS_BASE) ||  \
-     (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_RSA_PSS_ANY_SALT_BASE))
+    (PSA_ALG_IS_RSA_PSS_STANDARD_SALT(alg) ||                   \
+     PSA_ALG_IS_RSA_PSS_ANY_SALT(alg))
 
 #define PSA_ALG_ECDSA_BASE                      ((psa_algorithm_t)0x06000600)
 /** ECDSA signature with hashing.
diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c
index 7ee15ea077..8318ef47b3 100644
--- a/library/psa_crypto_rsa.c
+++ b/library/psa_crypto_rsa.c
@@ -462,7 +462,7 @@ static int rsa_pss_expected_salt_len( psa_algorithm_t alg,
         return( MBEDTLS_RSA_SALT_LEN_ANY );
     /* Otherwise: standard salt length, i.e. largest possible salt length
      * up to the hash length. */
-    int klen = (int) (int) mbedtls_rsa_get_len( rsa ); // known to fit
+    int klen = (int) mbedtls_rsa_get_len( rsa ); // known to fit
     int hlen = (int) hash_length; // known to fit
     int room = klen - 2 - hlen;
     if( room < 0 )

From e4eefc716a16fd7a879189b5322b9275b5b80b9e Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Sat, 9 Oct 2021 10:40:40 +0800
Subject: [PATCH 704/966] Improve document for chk_buf_read_ptr

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_misc.h | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 4205a477c1..6b33cb5dbc 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -414,7 +414,9 @@ static inline int mbedtls_ssl_chk_buf_ptr( const uint8_t *cur,
  *               greater or equal than a needed length. If it is not the case, it
  *               returns #MBEDTLS_ERR_SSL_DECODE_ERROR error and pends a
  *               #MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR alert message.
- *               It is used to guaranteed remaining length.
+ *
+ *               This is a function-like macro. It is guaranteed to evaluate each
+ *               argument exactly once.
  *
  * \param cur    Pointer to the current position in the buffer.
  * \param end    Pointer to one past the end of the buffer.

From b576c7b779edb2c9f2e45206f13a0ca8b1c93cbf Mon Sep 17 00:00:00 2001
From: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
Date: Mon, 11 Oct 2021 10:15:25 +0200
Subject: [PATCH 705/966] Address review comments

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
---
 ChangeLog.d/fix-psa_gen_key-status.txt        |  2 +-
 tests/scripts/generate_psa_tests.py           | 66 +++++++++++++------
 ...st_suite_psa_crypto_not_supported.function |  2 +-
 3 files changed, 48 insertions(+), 22 deletions(-)

diff --git a/ChangeLog.d/fix-psa_gen_key-status.txt b/ChangeLog.d/fix-psa_gen_key-status.txt
index c46bd6f01f..78609882f9 100644
--- a/ChangeLog.d/fix-psa_gen_key-status.txt
+++ b/ChangeLog.d/fix-psa_gen_key-status.txt
@@ -1,2 +1,2 @@
 Bugfix
-   * Fix status ret by psa_generate_key() for public key. Fixes #4551.
+   * Fix the error returned by psa_generate_key() for a public key. Fixes #4551.
diff --git a/tests/scripts/generate_psa_tests.py b/tests/scripts/generate_psa_tests.py
index 45d940ea97..4c8143ff09 100755
--- a/tests/scripts/generate_psa_tests.py
+++ b/tests/scripts/generate_psa_tests.py
@@ -133,7 +133,7 @@ class Information:
         return constructors
 
 
-def test_case_for_key_type_not_supported_invalid_arg(
+def test_case_for_key_type_not_supported(
         verb: str, key_type: str, bits: int,
         dependencies: List[str],
         *args: str,
@@ -148,20 +148,37 @@ def test_case_for_key_type_not_supported_invalid_arg(
     adverb = 'not' if dependencies else 'never'
     if param_descr:
         adverb = param_descr + ' ' + adverb
-    if (verb == "generate") and ("PUBLIC" in short_key_type):
-        tc.set_description('PSA {} {} {}-bit invalid argument'
-                           .format(verb, short_key_type, bits))
-        tc.set_function(verb + '_invalid_arg')
-    else:
-        tc.set_description('PSA {} {} {}-bit {} supported'
-                           .format(verb, short_key_type, bits, adverb))
-        tc.set_function(verb + '_not_supported')
+    tc.set_description('PSA {} {} {}-bit {} supported'
+                       .format(verb, short_key_type, bits, adverb))
+    tc.set_dependencies(dependencies)
+    tc.set_function(verb + '_not_supported')
+    tc.set_arguments([key_type] + list(args))
+    return tc
+
+def test_case_for_key_type_invalid_argument(
+        verb: str, key_type: str, bits: int,
+        dependencies: List[str],
+        *args: str,
+        param_descr: str = ''
+) -> test_case.TestCase:
+    """Return one test case exercising a key creation method
+    for an invalid argument when key is public.
+    """
+    hack_dependencies_not_implemented(dependencies)
+    tc = test_case.TestCase()
+    short_key_type = re.sub(r'PSA_(KEY_TYPE|ECC_FAMILY)_', r'', key_type)
+    adverb = 'not' if dependencies else 'never'
+    if param_descr:
+        adverb = param_descr + ' ' + adverb
+    tc.set_description('PSA {} {} {}-bit invalid argument'
+                       .format(verb, short_key_type, bits))
+    tc.set_function(verb + '_invalid_argument')
     tc.set_dependencies(dependencies)
     tc.set_arguments([key_type] + list(args))
     return tc
 
 class NotSupported:
-    """Generate test cases for when something is not supported."""
+    """Generate test cases for when something is not supported or argument is inavlid."""
 
     def __init__(self, info: Information) -> None:
         self.constructors = info.constructors
@@ -176,11 +193,13 @@ class NotSupported:
             param: Optional[int] = None,
             param_descr: str = '',
     ) -> Iterator[test_case.TestCase]:
-        """Return test cases exercising key creation when the given type is unsupported.
+        """Return test cases exercising key creation when the given type is unsupported
+        or argument is invalid.
 
         If param is present and not None, emit test cases conditioned on this
         parameter not being supported. If it is absent or None, emit test cases
-        conditioned on the base type not being supported.
+        conditioned on the base type not being supported. If key is public emit test
+        case for invalid argument.
         """
         if kt.name in self.ALWAYS_SUPPORTED:
             # Don't generate test cases for key types that are always supported.
@@ -197,7 +216,7 @@ class NotSupported:
         else:
             generate_dependencies = import_dependencies
         for bits in kt.sizes_to_test():
-            yield test_case_for_key_type_not_supported_invalid_arg(
+            yield test_case_for_key_type_not_supported(
                 'import', kt.expression, bits,
                 finish_family_dependencies(import_dependencies, bits),
                 test_case.hex_string(kt.key_material(bits)),
@@ -208,12 +227,20 @@ class NotSupported:
                 # supported or not depending on implementation capabilities,
                 # only generate the test case once.
                 continue
-            yield test_case_for_key_type_not_supported_invalid_arg(
-                'generate', kt.expression, bits,
-                finish_family_dependencies(generate_dependencies, bits),
-                str(bits),
-                param_descr=param_descr,
-            )
+            if kt.name.endswith('_PUBLIC_KEY'):
+                yield test_case_for_key_type_invalid_argument(
+                    'generate', kt.expression, bits,
+                    finish_family_dependencies(generate_dependencies, bits),
+                    str(bits),
+                    param_descr=param_descr,
+                )
+            else:
+                yield test_case_for_key_type_not_supported(
+                    'generate', kt.expression, bits,
+                    finish_family_dependencies(generate_dependencies, bits),
+                    str(bits),
+                    param_descr=param_descr,
+                )
             # To be added: derive
 
     ECC_KEY_TYPES = ('PSA_KEY_TYPE_ECC_KEY_PAIR',
@@ -234,7 +261,6 @@ class NotSupported:
                 yield from self.test_cases_for_key_type_not_supported(
                     kt, 0, param_descr='curve')
 
-
 class StorageKey(psa_storage.Key):
     """Representation of a key for storage format testing."""
 
diff --git a/tests/suites/test_suite_psa_crypto_not_supported.function b/tests/suites/test_suite_psa_crypto_not_supported.function
index 6b85fd75a7..0665230d72 100644
--- a/tests/suites/test_suite_psa_crypto_not_supported.function
+++ b/tests/suites/test_suite_psa_crypto_not_supported.function
@@ -52,7 +52,7 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void generate_invalid_arg( int key_type, int bits )
+void generate_invalid_argument( int key_type, int bits )
 {
     psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     mbedtls_svc_key_id_t key_id = INVALID_KEY_ID;

From 77804132ba8b43360fc01012cd70bf68e34972ba Mon Sep 17 00:00:00 2001
From: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
Date: Mon, 11 Oct 2021 16:38:17 +0200
Subject: [PATCH 706/966] Use PSA_HASH_LENGTH instead hardcoded integer values

---
 tests/suites/test_suite_psa_crypto.data | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index 063629e599..6090cdf006 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -4422,19 +4422,19 @@ derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384):PSA_KEY_DERIVATION_INPUT_
 
 PSA key derivation: HKDF SHA-256, request maximum capacity
 depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
-derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":255 * 32:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865":""
+derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":255 * PSA_HASH_LENGTH(PSA_ALG_SHA_256):"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865":""
 
 PSA key derivation: HKDF SHA-1, request maximum capacity
 depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_1
-derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SALT:"":PSA_KEY_DERIVATION_INPUT_SECRET:"0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c":PSA_KEY_DERIVATION_INPUT_INFO:"":255 * 20:"2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48":""
+derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SALT:"":PSA_KEY_DERIVATION_INPUT_SECRET:"0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c":PSA_KEY_DERIVATION_INPUT_INFO:"":255 * PSA_HASH_LENGTH(PSA_ALG_SHA_1):"2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48":""
 
 PSA key derivation: HKDF SHA-256, request too much capacity
 depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
-derive_set_capacity:PSA_ALG_HKDF(PSA_ALG_SHA_256):255 * 32 + 1:PSA_ERROR_INVALID_ARGUMENT
+derive_set_capacity:PSA_ALG_HKDF(PSA_ALG_SHA_256):255 * PSA_HASH_LENGTH(PSA_ALG_SHA_256) + 1:PSA_ERROR_INVALID_ARGUMENT
 
 PSA key derivation: HKDF SHA-1, request too much capacity
 depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_1
-derive_set_capacity:PSA_ALG_HKDF(PSA_ALG_SHA_1):255 * 20 + 1:PSA_ERROR_INVALID_ARGUMENT
+derive_set_capacity:PSA_ALG_HKDF(PSA_ALG_SHA_1):255 * PSA_HASH_LENGTH(PSA_ALG_SHA_1) + 1:PSA_ERROR_INVALID_ARGUMENT
 
 PSA key derivation: over capacity 42: output 42+1
 depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
@@ -4454,19 +4454,19 @@ derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"00010
 
 PSA key derivation: HKDF SHA-256, read maximum capacity minus 1
 depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
-derive_full:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":255 * 32 - 1
+derive_full:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":255 * PSA_HASH_LENGTH(PSA_ALG_SHA_256) - 1
 
 PSA key derivation: HKDF SHA-256, read maximum capacity
 depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
-derive_full:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":255 * 32
+derive_full:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":255 * PSA_HASH_LENGTH(PSA_ALG_SHA_256)
 
 PSA key derivation: TLS 1.2 PRF SHA-256, read maximum capacity minus 1
 depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF
-derive_full:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":255 * 32 - 1
+derive_full:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":255 * PSA_HASH_LENGTH(PSA_ALG_SHA_256) - 1
 
 PSA key derivation: TLS 1.2 PRF SHA-256, read maximum capacity
 depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF
-derive_full:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":255 * 32
+derive_full:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":255 * PSA_HASH_LENGTH(PSA_ALG_SHA_256)
 
 PSA key derivation: HKDF SHA-256, exercise AES128-CTR
 depends_on:PSA_WANT_ALG_CTR:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES

From 78521966b0fce063229398e1b589efe9e969f173 Mon Sep 17 00:00:00 2001
From: openluopworld <wuhanluop@163.com>
Date: Tue, 12 Oct 2021 18:15:06 +0800
Subject: [PATCH 707/966] changelog for #4950

Signed-off-by: openluopworld <wuhanluop@163.com>
---
 ChangeLog | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index ebf8a36add..a9fecb8e15 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,11 @@
 mbed TLS ChangeLog (Sorted per branch, date)
 
+= mbed TLS x.x.x branch released xxxx-xx-xx
+
+Bugfix
+   * Fix a bug in mbedtls_gcm_starts() when bits of iv are longer than 2^32.
+   * Fix #4950.
+
 = Mbed TLS 3.0.0 branch released 2021-07-07
 
 API changes

From 506752299b4f1961efe81558a2a5309f2a97c08c Mon Sep 17 00:00:00 2001
From: openluopworld <wuhanluop@163.com>
Date: Tue, 12 Oct 2021 18:38:50 +0800
Subject: [PATCH 708/966] add changelog file for #4950

Signed-off-by: openluopworld <wuhanluop@163.com>
---
 ChangeLog                                   | 6 ------
 ChangeLog.d/bugfix-for-gcm-long-iv-size.txt | 4 ++++
 2 files changed, 4 insertions(+), 6 deletions(-)
 create mode 100644 ChangeLog.d/bugfix-for-gcm-long-iv-size.txt

diff --git a/ChangeLog b/ChangeLog
index a9fecb8e15..ebf8a36add 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,11 +1,5 @@
 mbed TLS ChangeLog (Sorted per branch, date)
 
-= mbed TLS x.x.x branch released xxxx-xx-xx
-
-Bugfix
-   * Fix a bug in mbedtls_gcm_starts() when bits of iv are longer than 2^32.
-   * Fix #4950.
-
 = Mbed TLS 3.0.0 branch released 2021-07-07
 
 API changes
diff --git a/ChangeLog.d/bugfix-for-gcm-long-iv-size.txt b/ChangeLog.d/bugfix-for-gcm-long-iv-size.txt
new file mode 100644
index 0000000000..0e2e5117ec
--- /dev/null
+++ b/ChangeLog.d/bugfix-for-gcm-long-iv-size.txt
@@ -0,0 +1,4 @@
+Bugfix
+   * Fix a bug in mbedtls_gcm_starts() when bits of iv are longer than 2^32.
+   * Fix #4950.
+

From 151ccb297766b6263cdce69f8ca0b785b5323499 Mon Sep 17 00:00:00 2001
From: openluopworld <wuhanluop@163.com>
Date: Wed, 13 Oct 2021 00:23:30 +0800
Subject: [PATCH 709/966] update changelog for #4884

Signed-off-by: openluopworld <wuhanluop@163.com>
---
 ChangeLog.d/bugfix-for-gcm-long-iv-size.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ChangeLog.d/bugfix-for-gcm-long-iv-size.txt b/ChangeLog.d/bugfix-for-gcm-long-iv-size.txt
index 0e2e5117ec..c04c4aa182 100644
--- a/ChangeLog.d/bugfix-for-gcm-long-iv-size.txt
+++ b/ChangeLog.d/bugfix-for-gcm-long-iv-size.txt
@@ -1,4 +1,4 @@
 Bugfix
    * Fix a bug in mbedtls_gcm_starts() when bits of iv are longer than 2^32.
-   * Fix #4950.
+   * Fix #4884.
 

From d60950c2d0cfc421ddfca68ad801bbf44c2ef0aa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Wed, 13 Oct 2021 13:12:47 +0200
Subject: [PATCH 710/966] Use newer OpenSSL for tests failing with the old
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
---
 tests/ssl-opt.sh | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 66c648573b..0422c1b1b8 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -2694,10 +2694,13 @@ run_test    "Session resume using tickets, DTLS: openssl server" \
             -c "parse new session ticket" \
             -c "a session has been resumed"
 
+# For reasons that aren't fully understood, this test randomly fails with high
+# probabiliby with OpenSSL 1.0.2g on the CI, see #5012.
+requires_openssl_next
 run_test    "Session resume using tickets, DTLS: openssl client" \
             "$P_SRV dtls=1 debug_level=3 tickets=1" \
-            "( $O_CLI -dtls -sess_out $SESSION; \
-               $O_CLI -dtls -sess_in $SESSION; \
+            "( $O_NEXT_CLI -dtls -sess_out $SESSION; \
+               $O_NEXT_CLI -dtls -sess_in $SESSION; \
                rm -f $SESSION )" \
             0 \
             -s "found session ticket extension" \
@@ -2894,10 +2897,13 @@ run_test    "Session resume using cache, DTLS: session copy" \
             -s "a session has been resumed" \
             -c "a session has been resumed"
 
+# For reasons that aren't fully understood, this test randomly fails with high
+# probabiliby with OpenSSL 1.0.2g on the CI, see #5012.
+requires_openssl_next
 run_test    "Session resume using cache, DTLS: openssl client" \
             "$P_SRV dtls=1 debug_level=3 tickets=0" \
-            "( $O_CLI -dtls -sess_out $SESSION; \
-               $O_CLI -dtls -sess_in $SESSION; \
+            "( $O_NEXT_CLI -dtls -sess_out $SESSION; \
+               $O_NEXT_CLI -dtls -sess_in $SESSION; \
                rm -f $SESSION )" \
             0 \
             -s "found session ticket extension" \

From 1ecfdea002aee1ba9e4ef805a8ddd194e92fe58f Mon Sep 17 00:00:00 2001
From: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
Date: Wed, 13 Oct 2021 11:09:44 +0200
Subject: [PATCH 711/966] all.sh: add full - MBEDTLS_CHACHAPOLY_C without
 PSA_WANT_ALG_GCM and PSA_WANT_ALG_CHACHA20_POLY1305

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
---
 tests/scripts/all.sh | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 1bcc2e4a58..ed5faf5db9 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -1596,6 +1596,19 @@ component_test_psa_crypto_config_no_driver() {
     make test
 }
 
+component_test_psa_crypto_config_chachapoly_disabled() {
+    # full - MBEDTLS_CHACHAPOLY_C without PSA_WANT_ALG_GCM and PSA_WANT_ALG_CHACHA20_POLY1305
+    msg "build: full - MBEDTLS_CHACHAPOLY_C without PSA_WANT_ALG_GCM and PSA_WANT_ALG_CHACHA20_POLY1305"
+    scripts/config.py full
+    scripts/config.py unset MBEDTLS_CHACHAPOLY_C
+    scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_GCM
+    scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_CHACHA20_POLY1305
+    make CC=gcc CFLAGS="$ASAN_CFLAGS -O2" LDFLAGS="$ASAN_CFLAGS"
+
+    msg "test: full - MBEDTLS_CHACHAPOLY_C without PSA_WANT_ALG_GCM and PSA_WANT_ALG_CHACHA20_POLY1305"
+    make test
+}
+
 # This should be renamed to test and updated once the accelerator ECDSA code is in place and ready to test.
 component_build_psa_accel_alg_ecdsa() {
     # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_ECDSA

From 4cad4fc8a94e1a42bae3f705a0d59f1022c1ea41 Mon Sep 17 00:00:00 2001
From: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
Date: Wed, 13 Oct 2021 11:12:08 +0200
Subject: [PATCH 712/966] psa_crypto.c: use switch instead if-else in
 psa_aead_check_nonce_length and psa_aead_set_lengths (fixes #5065)

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
---
 library/psa_crypto.c | 97 ++++++++++++++++++++++----------------------
 1 file changed, 49 insertions(+), 48 deletions(-)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index ece64b100d..2299da3a59 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3621,34 +3621,35 @@ static psa_status_t psa_aead_check_nonce_length( psa_algorithm_t alg,
 {
     psa_algorithm_t base_alg = psa_aead_get_base_algorithm( alg );
 
-#if defined(PSA_WANT_ALG_GCM)
-    if( base_alg == PSA_ALG_GCM )
+    switch(base_alg)
     {
-        /* Not checking max nonce size here as GCM spec allows almost
-         * arbitrarily large nonces. Please note that we do not generally
-         * recommend the usage of nonces of greater length than
-         * PSA_AEAD_NONCE_MAX_SIZE, as large nonces are hashed to a shorter
-         * size, which can then lead to collisions if you encrypt a very
-         * large number of messages.*/
-        if( nonce_length != 0 )
-            return( PSA_SUCCESS );
-    }
+#if defined(PSA_WANT_ALG_GCM)
+        case PSA_ALG_GCM:
+            /* Not checking max nonce size here as GCM spec allows almost
+            * arbitrarily large nonces. Please note that we do not generally
+            * recommend the usage of nonces of greater length than
+            * PSA_AEAD_NONCE_MAX_SIZE, as large nonces are hashed to a shorter
+            * size, which can then lead to collisions if you encrypt a very
+            * large number of messages.*/
+            if( nonce_length != 0 )
+                return( PSA_SUCCESS );
+            break;
 #endif /* PSA_WANT_ALG_GCM */
 #if defined(PSA_WANT_ALG_CCM)
-    if( base_alg == PSA_ALG_CCM )
-    {
-        if( nonce_length >= 7 && nonce_length <= 13 )
-            return( PSA_SUCCESS );
-    }
-    else
+        case PSA_ALG_CCM:
+            if( nonce_length >= 7 && nonce_length <= 13 )
+                return( PSA_SUCCESS );
+            break;
 #endif /* PSA_WANT_ALG_CCM */
 #if defined(PSA_WANT_ALG_CHACHA20_POLY1305)
-    if( base_alg == PSA_ALG_CHACHA20_POLY1305 )
-    {
-        if( nonce_length == 12 )
-            return( PSA_SUCCESS );
-    }
+        case PSA_ALG_CHACHA20_POLY1305:
+            if( nonce_length == 12 )
+                return( PSA_SUCCESS );
+            break;
 #endif /* PSA_WANT_ALG_CHACHA20_POLY1305 */
+        default:
+            break;
+    }
 
     return( PSA_ERROR_NOT_SUPPORTED );
 }
@@ -3950,40 +3951,40 @@ psa_status_t psa_aead_set_lengths( psa_aead_operation_t *operation,
         goto exit;
     }
 
-#if defined(PSA_WANT_ALG_GCM)
-    if( operation->alg == PSA_ALG_GCM )
+    switch(operation->alg)
     {
-        /* Lengths can only be too large for GCM if size_t is bigger than 32
-         * bits. Without the guard this code will generate warnings on 32bit
-         * builds. */
+#if defined(PSA_WANT_ALG_GCM)
+        case PSA_ALG_GCM:
+            /* Lengths can only be too large for GCM if size_t is bigger than 32
+            * bits. Without the guard this code will generate warnings on 32bit
+            * builds. */
 #if SIZE_MAX > UINT32_MAX
-        if( (( uint64_t ) ad_length ) >> 61 != 0 ||
-            (( uint64_t ) plaintext_length ) > 0xFFFFFFFE0ull )
-        {
-            status = PSA_ERROR_INVALID_ARGUMENT;
-            goto exit;
-        }
+            if( (( uint64_t ) ad_length ) >> 61 != 0 ||
+                (( uint64_t ) plaintext_length ) > 0xFFFFFFFE0ull )
+            {
+                status = PSA_ERROR_INVALID_ARGUMENT;
+                goto exit;
+            }
 #endif
-    }
-    else
+            break;
 #endif /* PSA_WANT_ALG_GCM */
 #if defined(PSA_WANT_ALG_CCM)
-    if( operation->alg == PSA_ALG_CCM )
-    {
-        if( ad_length > 0xFF00 )
-        {
-            status = PSA_ERROR_INVALID_ARGUMENT;
-            goto exit;
-        }
-    }
-    else
+        case PSA_ALG_CCM:
+            if( ad_length > 0xFF00 )
+            {
+                status = PSA_ERROR_INVALID_ARGUMENT;
+                goto exit;
+            }
+            break;
 #endif /* PSA_WANT_ALG_CCM */
 #if defined(PSA_WANT_ALG_CHACHA20_POLY1305)
-    if( operation->alg == PSA_ALG_CHACHA20_POLY1305 )
-    {
-        /* No length restrictions for ChaChaPoly. */
-    }
+        case PSA_ALG_CHACHA20_POLY1305:
+            /* No length restrictions for ChaChaPoly. */
+            break;
 #endif /* PSA_WANT_ALG_CHACHA20_POLY1305 */
+        default:
+            break;
+    }
 
     status = psa_driver_wrapper_aead_set_lengths( operation, ad_length,
                                                   plaintext_length );

From 09cfa18976fa0b14d2dd78f377bf173b4eb60403 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Wed, 13 Oct 2021 16:13:44 +0100
Subject: [PATCH 713/966] Spelling fix

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 tests/ssl-opt.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 0422c1b1b8..fb4403c3ef 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -2695,7 +2695,7 @@ run_test    "Session resume using tickets, DTLS: openssl server" \
             -c "a session has been resumed"
 
 # For reasons that aren't fully understood, this test randomly fails with high
-# probabiliby with OpenSSL 1.0.2g on the CI, see #5012.
+# probability with OpenSSL 1.0.2g on the CI, see #5012.
 requires_openssl_next
 run_test    "Session resume using tickets, DTLS: openssl client" \
             "$P_SRV dtls=1 debug_level=3 tickets=1" \
@@ -2898,7 +2898,7 @@ run_test    "Session resume using cache, DTLS: session copy" \
             -c "a session has been resumed"
 
 # For reasons that aren't fully understood, this test randomly fails with high
-# probabiliby with OpenSSL 1.0.2g on the CI, see #5012.
+# probability with OpenSSL 1.0.2g on the CI, see #5012.
 requires_openssl_next
 run_test    "Session resume using cache, DTLS: openssl client" \
             "$P_SRV dtls=1 debug_level=3 tickets=0" \

From 1428f252ad9b506d1fe9bfa9e6834a2f857a1e20 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Tue, 12 Oct 2021 16:02:55 +0100
Subject: [PATCH 714/966] Fix incorrect check for DTLS

Missing wildcards meant that some servers were not identified as DTLS,
which lead to port checking on TCP rather than UDP, and thus mistakenly
cancelling tests as the server had not come up.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 tests/ssl-opt.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index fb4403c3ef..e9d67182ae 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -753,7 +753,7 @@ wait_client_done() {
 # check if the given command uses dtls and sets global variable DTLS
 detect_dtls() {
     case "$1" in
-        *dtls=1*|-dtls|-u) DTLS=1;;
+        *dtls=1*|*-dtls*|*-u*) DTLS=1;;
         *) DTLS=0;;
     esac
 }

From 0421715ade83391430ae6071f8734aa0154f4a77 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Tue, 12 Oct 2021 16:10:37 +0100
Subject: [PATCH 715/966] Use 127.0.0.1 rather than localhost

This was causing some tests using the openssl s_client to not connect -
I suspect this was due to localhost (at least on my machine) resolving
to ::1 rather than 127.0.0.1. Note that the error seen would have been
that the session file specified with -sess_out did not get created.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 tests/ssl-opt.sh | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index e9d67182ae..b5ddc37c9a 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -1309,22 +1309,24 @@ SRV_DELAY_SECONDS=0
 
 # fix commands to use this port, force IPv4 while at it
 # +SRV_PORT will be replaced by either $SRV_PORT or $PXY_PORT later
+# Note: Using 'localhost' rather than 127.0.0.1 here is unwise, as on many
+# machines that will resolve to ::1, and we don't want ipv6 here.
 P_SRV="$P_SRV server_addr=127.0.0.1 server_port=$SRV_PORT"
 P_CLI="$P_CLI server_addr=127.0.0.1 server_port=+SRV_PORT"
 P_PXY="$P_PXY server_addr=127.0.0.1 server_port=$SRV_PORT listen_addr=127.0.0.1 listen_port=$PXY_PORT ${SEED:+"seed=$SEED"}"
 O_SRV="$O_SRV -accept $SRV_PORT"
-O_CLI="$O_CLI -connect localhost:+SRV_PORT"
+O_CLI="$O_CLI -connect 127.0.0.1:+SRV_PORT"
 G_SRV="$G_SRV -p $SRV_PORT"
 G_CLI="$G_CLI -p +SRV_PORT"
 
 if [ -n "${OPENSSL_LEGACY:-}" ]; then
     O_LEGACY_SRV="$O_LEGACY_SRV -accept $SRV_PORT -dhparam data_files/dhparams.pem"
-    O_LEGACY_CLI="$O_LEGACY_CLI -connect localhost:+SRV_PORT"
+    O_LEGACY_CLI="$O_LEGACY_CLI -connect 127.0.0.1:+SRV_PORT"
 fi
 
 if [ -n "${OPENSSL_NEXT:-}" ]; then
     O_NEXT_SRV="$O_NEXT_SRV -accept $SRV_PORT"
-    O_NEXT_CLI="$O_NEXT_CLI -connect localhost:+SRV_PORT"
+    O_NEXT_CLI="$O_NEXT_CLI -connect 127.0.0.1:+SRV_PORT"
 fi
 
 if [ -n "${GNUTLS_NEXT_SERV:-}" ]; then

From ed61c5e8b000898f99a8f02995ac4bef605700a2 Mon Sep 17 00:00:00 2001
From: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
Date: Wed, 13 Oct 2021 15:24:25 +0200
Subject: [PATCH 716/966] Add change-log file (issue #5065)

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
---
 ChangeLog.d/issue5065.txt | 4 ++++
 1 file changed, 4 insertions(+)
 create mode 100644 ChangeLog.d/issue5065.txt

diff --git a/ChangeLog.d/issue5065.txt b/ChangeLog.d/issue5065.txt
new file mode 100644
index 0000000000..f468c63ff2
--- /dev/null
+++ b/ChangeLog.d/issue5065.txt
@@ -0,0 +1,4 @@
+Bugfix
+   * Use switch statement instead if-else in
+     psa_aead_check_nonce_length()
+     and psa_aead_set_lengths(). Fixes #5065.

From 316c4fa3ce1e3bb7d615d268e26ea4ccc44b6d96 Mon Sep 17 00:00:00 2001
From: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
Date: Fri, 15 Oct 2021 08:04:53 +0200
Subject: [PATCH 717/966] Address review comments

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
---
 ChangeLog.d/issue5065.txt | 5 ++---
 tests/scripts/all.sh      | 6 +++---
 2 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/ChangeLog.d/issue5065.txt b/ChangeLog.d/issue5065.txt
index f468c63ff2..943ee47d91 100644
--- a/ChangeLog.d/issue5065.txt
+++ b/ChangeLog.d/issue5065.txt
@@ -1,4 +1,3 @@
 Bugfix
-   * Use switch statement instead if-else in
-     psa_aead_check_nonce_length()
-     and psa_aead_set_lengths(). Fixes #5065.
+   * Fix compile-time or run-time errors in PSA
+     AEAD functions when ChachaPoly is disabled. Fixes #5065.
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index ed5faf5db9..28387f443f 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -1597,15 +1597,15 @@ component_test_psa_crypto_config_no_driver() {
 }
 
 component_test_psa_crypto_config_chachapoly_disabled() {
-    # full - MBEDTLS_CHACHAPOLY_C without PSA_WANT_ALG_GCM and PSA_WANT_ALG_CHACHA20_POLY1305
-    msg "build: full - MBEDTLS_CHACHAPOLY_C without PSA_WANT_ALG_GCM and PSA_WANT_ALG_CHACHA20_POLY1305"
+    # full minus MBEDTLS_CHACHAPOLY_C without PSA_WANT_ALG_GCM and PSA_WANT_ALG_CHACHA20_POLY1305
+    msg "build: full minus MBEDTLS_CHACHAPOLY_C without PSA_WANT_ALG_GCM and PSA_WANT_ALG_CHACHA20_POLY1305"
     scripts/config.py full
     scripts/config.py unset MBEDTLS_CHACHAPOLY_C
     scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_GCM
     scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_CHACHA20_POLY1305
     make CC=gcc CFLAGS="$ASAN_CFLAGS -O2" LDFLAGS="$ASAN_CFLAGS"
 
-    msg "test: full - MBEDTLS_CHACHAPOLY_C without PSA_WANT_ALG_GCM and PSA_WANT_ALG_CHACHA20_POLY1305"
+    msg "test: full minus MBEDTLS_CHACHAPOLY_C without PSA_WANT_ALG_GCM and PSA_WANT_ALG_CHACHA20_POLY1305"
     make test
 }
 

From c8aaac89d05bf225531793d52d944ab4284da3bb Mon Sep 17 00:00:00 2001
From: Dave Rodgman <dave.rodgman@arm.com>
Date: Mon, 18 Oct 2021 12:56:53 +0100
Subject: [PATCH 718/966] Fix naming examples in TLS 1.3 style guide

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
---
 docs/architecture/tls13-experimental.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/architecture/tls13-experimental.md b/docs/architecture/tls13-experimental.md
index 5d7c14f1bb..88d0b73ddc 100644
--- a/docs/architecture/tls13-experimental.md
+++ b/docs/architecture/tls13-experimental.md
@@ -255,7 +255,7 @@ TLS 1.3 specific coding rules:
     Example 1: #define CLIENT_HELLO_RANDOM_LEN 32, macro for the length of the
         `random` field of the ClientHello message.
 
-    Example 2 (consistent abbreviation): `mbedtls_ssl_tls1_3_write_sig_alg_ext()`
+    Example 2 (consistent abbreviation): `mbedtls_ssl_tls13_write_sig_alg_ext()`
         and `MBEDTLS_TLS_EXT_SIG_ALG`, `sig_alg` standing for
         `signature_algorithms`.
 
@@ -279,7 +279,7 @@ TLS 1.3 specific coding rules:
     of another one which could potentially lead to some nasty issues.
 
     Example: `cipher_suites` vector of ClientHello in
-             `ssl_tls1_3_write_client_hello_cipher_suites()`
+             `ssl_tls13_write_client_hello_cipher_suites()`
     ```
     size_t cipher_suites_len;
     unsigned char *p_cipher_suites_len;

From 236bf98cfdcabc31ba7e76d40a0dd28ce43b384f Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Tue, 19 Oct 2021 16:25:10 +0200
Subject: [PATCH 719/966] Move some code of run_test into auxiliary functions

No behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 tests/ssl-opt.sh | 237 +++++++++++++++++++++++++++--------------------
 1 file changed, 134 insertions(+), 103 deletions(-)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index e90a35226b..1d73d3af05 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -795,68 +795,12 @@ skip_handshake_stage_check() {
     SKIP_HANDSHAKE_CHECK="YES"
 }
 
-# Usage: run_test name [-p proxy_cmd] srv_cmd cli_cmd cli_exit [option [...]]
-# Options:  -s pattern  pattern that must be present in server output
-#           -c pattern  pattern that must be present in client output
-#           -u pattern  lines after pattern must be unique in client output
-#           -f call shell function on client output
-#           -S pattern  pattern that must be absent in server output
-#           -C pattern  pattern that must be absent in client output
-#           -U pattern  lines after pattern must be unique in server output
-#           -F call shell function on server output
-#           -g call shell function on server and client output
-run_test() {
-    NAME="$1"
-    shift 1
-
-    if is_excluded "$NAME"; then
-        SKIP_NEXT="NO"
-        # There was no request to run the test, so don't record its outcome.
-        return
-    fi
-
-    print_name "$NAME"
-
-    # Do we only run numbered tests?
-    if [ -n "$RUN_TEST_NUMBER" ]; then
-        case ",$RUN_TEST_NUMBER," in
-            *",$TESTS,"*) :;;
-            *) SKIP_NEXT="YES";;
-        esac
-    fi
-
-    # does this test use a proxy?
-    if [ "X$1" = "X-p" ]; then
-        PXY_CMD="$2"
-        shift 2
-    else
-        PXY_CMD=""
-    fi
-
-    # get commands and client output
-    SRV_CMD="$1"
-    CLI_CMD="$2"
-    CLI_EXPECT="$3"
-    shift 3
-
-    # Check if test uses files
-    case "$SRV_CMD $CLI_CMD" in
-        *data_files/*)
-            requires_config_enabled MBEDTLS_FS_IO;;
-    esac
-
-    # If the client or serve requires a ciphersuite, check that it's enabled.
-    maybe_requires_ciphersuite_enabled "$SRV_CMD" "$@"
-    maybe_requires_ciphersuite_enabled "$CLI_CMD" "$@"
-
-    # should we skip?
-    if [ "X$SKIP_NEXT" = "XYES" ]; then
-        SKIP_NEXT="NO"
-        record_outcome "SKIP"
-        SKIPS=$(( $SKIPS + 1 ))
-        return
-    fi
-
+# Analyze the commands that will be used in a test.
+#
+# Analyze and possibly instrument $PXY_CMD, $CLI_CMD, $SRV_CMD to pass
+# extra arguments or go through wrappers.
+# Set $DTLS (0=TLS, 1=DTLS).
+analyze_test_commands() {
     # update DTLS variable
     detect_dtls "$SRV_CMD"
 
@@ -910,48 +854,21 @@ run_test() {
             CLI_CMD="valgrind --leak-check=full $CLI_CMD"
         fi
     fi
+}
 
-    TIMES_LEFT=2
-    while [ $TIMES_LEFT -gt 0 ]; do
-        TIMES_LEFT=$(( $TIMES_LEFT - 1 ))
-
-        # run the commands
-        if [ -n "$PXY_CMD" ]; then
-            printf "# %s\n%s\n" "$NAME" "$PXY_CMD" > $PXY_OUT
-            $PXY_CMD >> $PXY_OUT 2>&1 &
-            PXY_PID=$!
-            wait_proxy_start "$PXY_PORT" "$PXY_PID"
-        fi
-
-        check_osrv_dtls
-        printf '# %s\n%s\n' "$NAME" "$SRV_CMD" > $SRV_OUT
-        provide_input | $SRV_CMD >> $SRV_OUT 2>&1 &
-        SRV_PID=$!
-        wait_server_start "$SRV_PORT" "$SRV_PID"
-
-        printf '# %s\n%s\n' "$NAME" "$CLI_CMD" > $CLI_OUT
-        eval "$CLI_CMD" >> $CLI_OUT 2>&1 &
-        wait_client_done
-
-        sleep 0.05
-
-        # terminate the server (and the proxy)
-        kill $SRV_PID
-        wait $SRV_PID
-        SRV_RET=$?
-
-        if [ -n "$PXY_CMD" ]; then
-            kill $PXY_PID >/dev/null 2>&1
-            wait $PXY_PID
-        fi
-
-        # retry only on timeouts
-        if grep '===CLIENT_TIMEOUT===' $CLI_OUT >/dev/null; then
-            printf "RETRY "
-        else
-            TIMES_LEFT=0
-        fi
-    done
+# Check for failure conditions after a test case.
+#
+# Inputs from run_test:
+# * positional parameters: test options (see run_test documentation)
+# * $CLI_EXIT: client return code
+# * $CLI_EXPECT: expected client return code
+# * $SRV_RET: server return code
+# * $CLI_OUT, $SRV_OUT, $PXY_OUT: files containing client/server/proxy logs
+#
+# Outputs:
+# * $pass: set to 1 if no failures are detected, 0 otherwise
+check_test_failure() {
+    pass=0
 
     # check if the client and server went at least to the handshake stage
     # (useful to avoid tests with only negative assertions and non-zero
@@ -1085,6 +1002,120 @@ run_test() {
     fi
 
     # if we're here, everything is ok
+    pass=1
+}
+
+# Usage: run_test name [-p proxy_cmd] srv_cmd cli_cmd cli_exit [option [...]]
+# Options:  -s pattern  pattern that must be present in server output
+#           -c pattern  pattern that must be present in client output
+#           -u pattern  lines after pattern must be unique in client output
+#           -f call shell function on client output
+#           -S pattern  pattern that must be absent in server output
+#           -C pattern  pattern that must be absent in client output
+#           -U pattern  lines after pattern must be unique in server output
+#           -F call shell function on server output
+#           -g call shell function on server and client output
+run_test() {
+    NAME="$1"
+    shift 1
+
+    if is_excluded "$NAME"; then
+        SKIP_NEXT="NO"
+        # There was no request to run the test, so don't record its outcome.
+        return
+    fi
+
+    print_name "$NAME"
+
+    # Do we only run numbered tests?
+    if [ -n "$RUN_TEST_NUMBER" ]; then
+        case ",$RUN_TEST_NUMBER," in
+            *",$TESTS,"*) :;;
+            *) SKIP_NEXT="YES";;
+        esac
+    fi
+
+    # does this test use a proxy?
+    if [ "X$1" = "X-p" ]; then
+        PXY_CMD="$2"
+        shift 2
+    else
+        PXY_CMD=""
+    fi
+
+    # get commands and client output
+    SRV_CMD="$1"
+    CLI_CMD="$2"
+    CLI_EXPECT="$3"
+    shift 3
+
+    # Check if test uses files
+    case "$SRV_CMD $CLI_CMD" in
+        *data_files/*)
+            requires_config_enabled MBEDTLS_FS_IO;;
+    esac
+
+    # If the client or serve requires a ciphersuite, check that it's enabled.
+    maybe_requires_ciphersuite_enabled "$SRV_CMD" "$@"
+    maybe_requires_ciphersuite_enabled "$CLI_CMD" "$@"
+
+    # should we skip?
+    if [ "X$SKIP_NEXT" = "XYES" ]; then
+        SKIP_NEXT="NO"
+        record_outcome "SKIP"
+        SKIPS=$(( $SKIPS + 1 ))
+        return
+    fi
+
+    analyze_test_commands "$@"
+
+    TIMES_LEFT=2
+    while [ $TIMES_LEFT -gt 0 ]; do
+        TIMES_LEFT=$(( $TIMES_LEFT - 1 ))
+
+        # run the commands
+        if [ -n "$PXY_CMD" ]; then
+            printf "# %s\n%s\n" "$NAME" "$PXY_CMD" > $PXY_OUT
+            $PXY_CMD >> $PXY_OUT 2>&1 &
+            PXY_PID=$!
+            wait_proxy_start "$PXY_PORT" "$PXY_PID"
+        fi
+
+        check_osrv_dtls
+        printf '# %s\n%s\n' "$NAME" "$SRV_CMD" > $SRV_OUT
+        provide_input | $SRV_CMD >> $SRV_OUT 2>&1 &
+        SRV_PID=$!
+        wait_server_start "$SRV_PORT" "$SRV_PID"
+
+        printf '# %s\n%s\n' "$NAME" "$CLI_CMD" > $CLI_OUT
+        eval "$CLI_CMD" >> $CLI_OUT 2>&1 &
+        wait_client_done
+
+        sleep 0.05
+
+        # terminate the server (and the proxy)
+        kill $SRV_PID
+        wait $SRV_PID
+        SRV_RET=$?
+
+        if [ -n "$PXY_CMD" ]; then
+            kill $PXY_PID >/dev/null 2>&1
+            wait $PXY_PID
+        fi
+
+        # retry only on timeouts
+        if grep '===CLIENT_TIMEOUT===' $CLI_OUT >/dev/null; then
+            printf "RETRY "
+        else
+            TIMES_LEFT=0
+        fi
+    done
+
+    check_test_failure "$@"
+    if [ "$pass" -eq 0 ]; then
+        return
+    fi
+
     record_outcome "PASS"
     if [ "$PRESERVE_LOGS" -gt 0 ]; then
         mv $SRV_OUT o-srv-${TESTS}.log

From 196d73bc1b9dd4a97c3a271af07ac9cf6a3fb4fb Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Tue, 19 Oct 2021 16:35:35 +0200
Subject: [PATCH 720/966] Move the core loop of run_test into an auxiliary
 function

No behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 tests/ssl-opt.sh | 73 +++++++++++++++++++++++++++++-------------------
 1 file changed, 44 insertions(+), 29 deletions(-)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 1d73d3af05..8f403113cc 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -1005,6 +1005,49 @@ check_test_failure() {
     pass=1
 }
 
+# Run the current test case: start the server and if applicable the proxy, run
+# the client, wait for all processes to finish or time out.
+#
+# Inputs:
+# * $NAME: test case name
+# * $CLI_CMD, $SRV_CMD, $PXY_CMD: commands to run
+# * $CLI_OUT, $SRV_OUT, $PXY_OUT: files to contain client/server/proxy logs
+#
+# Outputs:
+# * $CLI_EXIT: client return code
+# * $SRV_RET: server return code
+do_run_test_once() {
+    # run the commands
+    if [ -n "$PXY_CMD" ]; then
+        printf "# %s\n%s\n" "$NAME" "$PXY_CMD" > $PXY_OUT
+        $PXY_CMD >> $PXY_OUT 2>&1 &
+        PXY_PID=$!
+        wait_proxy_start "$PXY_PORT" "$PXY_PID"
+    fi
+
+    check_osrv_dtls
+    printf '# %s\n%s\n' "$NAME" "$SRV_CMD" > $SRV_OUT
+    provide_input | $SRV_CMD >> $SRV_OUT 2>&1 &
+    SRV_PID=$!
+    wait_server_start "$SRV_PORT" "$SRV_PID"
+
+    printf '# %s\n%s\n' "$NAME" "$CLI_CMD" > $CLI_OUT
+    eval "$CLI_CMD" >> $CLI_OUT 2>&1 &
+    wait_client_done
+
+    sleep 0.05
+
+    # terminate the server (and the proxy)
+    kill $SRV_PID
+    wait $SRV_PID
+    SRV_RET=$?
+
+    if [ -n "$PXY_CMD" ]; then
+        kill $PXY_PID >/dev/null 2>&1
+        wait $PXY_PID
+    fi
+}
+
 # Usage: run_test name [-p proxy_cmd] srv_cmd cli_cmd cli_exit [option [...]]
 # Options:  -s pattern  pattern that must be present in server output
 #           -c pattern  pattern that must be present in client output
@@ -1073,35 +1116,7 @@ run_test() {
     while [ $TIMES_LEFT -gt 0 ]; do
         TIMES_LEFT=$(( $TIMES_LEFT - 1 ))
 
-        # run the commands
-        if [ -n "$PXY_CMD" ]; then
-            printf "# %s\n%s\n" "$NAME" "$PXY_CMD" > $PXY_OUT
-            $PXY_CMD >> $PXY_OUT 2>&1 &
-            PXY_PID=$!
-            wait_proxy_start "$PXY_PORT" "$PXY_PID"
-        fi
-
-        check_osrv_dtls
-        printf '# %s\n%s\n' "$NAME" "$SRV_CMD" > $SRV_OUT
-        provide_input | $SRV_CMD >> $SRV_OUT 2>&1 &
-        SRV_PID=$!
-        wait_server_start "$SRV_PORT" "$SRV_PID"
-
-        printf '# %s\n%s\n' "$NAME" "$CLI_CMD" > $CLI_OUT
-        eval "$CLI_CMD" >> $CLI_OUT 2>&1 &
-        wait_client_done
-
-        sleep 0.05
-
-        # terminate the server (and the proxy)
-        kill $SRV_PID
-        wait $SRV_PID
-        SRV_RET=$?
-
-        if [ -n "$PXY_CMD" ]; then
-            kill $PXY_PID >/dev/null 2>&1
-            wait $PXY_PID
-        fi
+        do_run_test_once
 
         # retry only on timeouts
         if grep '===CLIENT_TIMEOUT===' $CLI_OUT >/dev/null; then

From 0e3534c67b396539a3bf498a92b9f0241d0a37f7 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Tue, 19 Oct 2021 17:23:25 +0200
Subject: [PATCH 721/966] Move retry logic into check_test_failure

This will allow having other retry conditions, in particular based on
run_test options.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 tests/ssl-opt.sh | 32 ++++++++++++++++++--------------
 1 file changed, 18 insertions(+), 14 deletions(-)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 8f403113cc..b41a91f6ff 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -864,11 +864,19 @@ analyze_test_commands() {
 # * $CLI_EXPECT: expected client return code
 # * $SRV_RET: server return code
 # * $CLI_OUT, $SRV_OUT, $PXY_OUT: files containing client/server/proxy logs
+# * $TIMES_LEFT: if nonzero, a RETRY outcome is allowed
 #
 # Outputs:
-# * $pass: set to 1 if no failures are detected, 0 otherwise
+# * $outcome: one of PASS/RETRY/FAIL
 check_test_failure() {
-    pass=0
+    outcome=FAIL
+
+    if [ $TIMES_LEFT -gt 0 ] &&
+       grep '===CLIENT_TIMEOUT===' $CLI_OUT >/dev/null
+    then
+        outcome=RETRY
+        return
+    fi
 
     # check if the client and server went at least to the handshake stage
     # (useful to avoid tests with only negative assertions and non-zero
@@ -1002,7 +1010,7 @@ check_test_failure() {
     fi
 
     # if we're here, everything is ok
-    pass=1
+    outcome=PASS
 }
 
 # Run the current test case: start the server and if applicable the proxy, run
@@ -1118,19 +1126,15 @@ run_test() {
 
         do_run_test_once
 
-        # retry only on timeouts
-        if grep '===CLIENT_TIMEOUT===' $CLI_OUT >/dev/null; then
-            printf "RETRY "
-        else
-            TIMES_LEFT=0
-        fi
+        check_test_failure "$@"
+        case $outcome in
+            PASS) break;;
+            RETRY) printf "RETRY ";;
+            FAIL) return;;
+        esac
     done
 
-    check_test_failure "$@"
-    if [ "$pass" -eq 0 ]; then
-        return
-    fi
-
+    # If we get this far, the test case passed.
     record_outcome "PASS"
     if [ "$PRESERVE_LOGS" -gt 0 ]; then
         mv $SRV_OUT o-srv-${TESTS}.log

From f11d30ecda8c6ea046972edfdd001eacf102e213 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Tue, 19 Oct 2021 18:00:10 +0200
Subject: [PATCH 722/966] Retry if a test case fails because of an unexpected
 resend

Palliative for https://github.com/ARMmbed/mbedtls/issues/3377. If a test
case fails due to an unexpected resend, allow retrying, like in the case of
a client timeout.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 tests/ssl-opt.sh | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index b41a91f6ff..23169e466d 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -867,14 +867,14 @@ analyze_test_commands() {
 # * $TIMES_LEFT: if nonzero, a RETRY outcome is allowed
 #
 # Outputs:
-# * $outcome: one of PASS/RETRY/FAIL
+# * $outcome: one of PASS/RETRY*/FAIL
 check_test_failure() {
     outcome=FAIL
 
     if [ $TIMES_LEFT -gt 0 ] &&
        grep '===CLIENT_TIMEOUT===' $CLI_OUT >/dev/null
     then
-        outcome=RETRY
+        outcome="RETRY(client-timeout)"
         return
     fi
 
@@ -939,14 +939,22 @@ check_test_failure() {
 
             "-S")
                 if grep -v '^==' $SRV_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then
-                    fail "pattern '$2' MUST NOT be present in the Server output"
+                    if [ "$2" = "resend" ] && [ $TIMES_LEFT -gt 0 ]; then
+                        outcome="RETRY(resend)"
+                    else
+                        fail "pattern '$2' MUST NOT be present in the Server output"
+                    fi
                     return
                 fi
                 ;;
 
             "-C")
                 if grep -v '^==' $CLI_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then
-                    fail "pattern '$2' MUST NOT be present in the Client output"
+                    if [ "$2" = "resend" ] && [ $TIMES_LEFT -gt 0 ]; then
+                        outcome="RETRY(resend)"
+                    else
+                        fail "pattern '$2' MUST NOT be present in the Client output"
+                    fi
                     return
                 fi
                 ;;
@@ -1129,7 +1137,7 @@ run_test() {
         check_test_failure "$@"
         case $outcome in
             PASS) break;;
-            RETRY) printf "RETRY ";;
+            RETRY*) printf "$outcome ";;
             FAIL) return;;
         esac
     done

From 58ed8a7594ce279a13f85762d7449d369fb1f530 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Tue, 19 Oct 2021 17:56:39 +0100
Subject: [PATCH 723/966] Remove use of -p with lsof

On machines with more modern kernels (>5.4 from testing so far) the
useage of -b seems to conflict with the usage of -p. Whilst the usage of
-b seems like a good idea to avoid blocks as we are tight looping on it,
the usage of -p seems to require the usage of stat() (specifically in
/proc) which -b forbids. All you get is a load of warnings
(suppressable by -w) but never a positive result, which means that all
servers are reported as "Failed to start". We are not keen on losing
-b, so instead parse the output of lsof (using -F to format it) to
check the if PIDs that it outputs match that we are looking for.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 tests/ssl-opt.sh | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index e90a35226b..d5b9150ca0 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -633,7 +633,21 @@ if type lsof >/dev/null 2>/dev/null; then
             proto=TCP
         fi
         # Make a tight loop, server normally takes less than 1s to start.
-        while ! lsof -a -n -b -i "$proto:$1" -p "$2" >/dev/null 2>/dev/null; do
+        while true; do
+              SERVER_PIDS=$(lsof -a -n -b -i "$proto:$1" -F p | cut -c2-)
+              SERVER_FOUND=false
+              # When proxies are used, more than one PID can be listening on
+              # the same port. Each PID will be on its own line.
+              while read -r PID; do
+                  if [[ $PID == $2 ]]; then
+                      SERVER_FOUND=true
+                      break
+                  fi
+              done <<< "$SERVER_PIDS"
+
+              if ($SERVER_FOUND == true); then
+                  break
+              fi
               if [ $(( $(date +%s) - $START_TIME )) -gt $DOG_DELAY ]; then
                   echo "$3 START TIMEOUT"
                   echo "$3 START TIMEOUT" >> $4

From e7fc7ef38b9be6b4565f0d8af3d69850d18c23f6 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Tue, 19 Oct 2021 21:33:32 +0200
Subject: [PATCH 724/966] Always set a build type for cmake when building for
 testing

Set the build type to Release (-O2) when running CPU-intensive tests (ssl-opt,
or unit tests with debug features). A build type of Check (-Os) would be best
when the main objective of the build is to check for build errors or warnings
and there aren't many tests to run; in this commit there are no such test
cases to change. Only use cmake with no build type (which results in not
passing a -O option, and thus missing some GCC warnings) when exercising cmake
features.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 tests/scripts/all.sh | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 85f6848c39..5fe8db61cf 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -1960,7 +1960,7 @@ component_test_memory_buffer_allocator_backtrace () {
     scripts/config.py set MBEDTLS_PLATFORM_MEMORY
     scripts/config.py set MBEDTLS_MEMORY_BACKTRACE
     scripts/config.py set MBEDTLS_MEMORY_DEBUG
-    CC=gcc cmake .
+    CC=gcc cmake -DCMAKE_BUILD_TYPE:String=Release .
     make
 
     msg "test: MBEDTLS_MEMORY_BUFFER_ALLOC_C and MBEDTLS_MEMORY_BACKTRACE"
@@ -1971,7 +1971,7 @@ component_test_memory_buffer_allocator () {
     msg "build: default config with memory buffer allocator"
     scripts/config.py set MBEDTLS_MEMORY_BUFFER_ALLOC_C
     scripts/config.py set MBEDTLS_PLATFORM_MEMORY
-    CC=gcc cmake .
+    CC=gcc cmake -DCMAKE_BUILD_TYPE:String=Release .
     make
 
     msg "test: MBEDTLS_MEMORY_BUFFER_ALLOC_C"
@@ -2068,7 +2068,7 @@ component_test_ssl_alloc_buffer_and_mfl () {
     scripts/config.py set MBEDTLS_MEMORY_DEBUG
     scripts/config.py set MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
     scripts/config.py set MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
-    CC=gcc cmake .
+    CC=gcc cmake -DCMAKE_BUILD_TYPE:String=Release .
     make
 
     msg "test: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH, MBEDTLS_MEMORY_BUFFER_ALLOC_C, MBEDTLS_MEMORY_DEBUG and MBEDTLS_SSL_MAX_FRAGMENT_LENGTH"

From 89615eefe738be97d9d61fe824f9a3f766df0670 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Thu, 29 Apr 2021 20:28:54 +0200
Subject: [PATCH 725/966] Show values when TEST_EQUAL fails

When TEST_EQUAL fails, show the two numerical values in the test log (only
with host_test). The values are printed in hexa and signed decimal.

The arguments of TEST_EQUAL must now be integers, not pointers or floats.
The current implementation requires them to fit in unsigned long long
Signed values no larger than long long will work too. The implementation
uses unsigned long long rather than uintmax_t to reduce portability
concerns. The snprintf function must support "%llx" and "%lld".

For this purpose, add room for two lines of text to the mbedtls_test_info
structure. This adds 154 bytes of global data.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 tests/include/test/helpers.h    | 23 +++++++++++++++++++++++
 tests/include/test/macros.h     | 20 +++++++++++++-------
 tests/src/helpers.c             | 25 +++++++++++++++++++++++++
 tests/src/psa_exercise_key.c    |  8 ++++----
 tests/suites/host_test.function |  6 ++++++
 5 files changed, 71 insertions(+), 11 deletions(-)

diff --git a/tests/include/test/helpers.h b/tests/include/test/helpers.h
index 27e5599ed1..ef32cdf83b 100644
--- a/tests/include/test/helpers.h
+++ b/tests/include/test/helpers.h
@@ -73,6 +73,8 @@ typedef struct
     const char *filename;
     int line_no;
     unsigned long step;
+    char line1[76];
+    char line2[76];
 #if defined(MBEDTLS_TEST_MUTEX_USAGE)
     const char *mutex_usage_error;
 #endif
@@ -131,6 +133,27 @@ void mbedtls_test_set_step( unsigned long step );
  */
 void mbedtls_test_info_reset( void );
 
+/**
+ * \brief           Record the current test case as a failure if two integers
+ *                  have a different value.
+ *
+ *                  This function is usually called via the macro
+ *                  #TEST_EQUAL.
+ *
+ * \param test      Description of the failure or assertion that failed. This
+ *                  MUST be a string literal. This normally has the form
+ *                  "EXPR1 == EXPR2" where EXPR1 has the value \p value1
+ *                  and EXPR2 has the value \p value2.
+ * \param line_no   Line number where the failure originated.
+ * \param filename  Filename where the failure originated.
+ * \param value1    The first value to compare.
+ * \param value2    The second value to compare.
+ *
+ * \return          \c 1 if the values are equal, otherwise \c 0.
+ */
+int mbedtls_test_equal( const char *test, int line_no, const char* filename,
+                        unsigned long long value1, unsigned long long value2 );
+
 /**
  * \brief          This function decodes the hexadecimal representation of
  *                 data.
diff --git a/tests/include/test/macros.h b/tests/include/test/macros.h
index 9b3fc9c809..a88b2e8115 100644
--- a/tests/include/test/macros.h
+++ b/tests/include/test/macros.h
@@ -73,15 +73,21 @@
        }                                                    \
     } while( 0 )
 
-/** Evaluate two expressions and fail the test case if they have different
- * values.
+/** Evaluate two integer expressions and fail the test case if they have
+ * different values.
  *
- * \param expr1     An expression to evaluate.
- * \param expr2     The expected value of \p expr1. This can be any
- *                  expression, but it is typically a constant.
+ * The two expressions should have the same signedness, otherwise the
+ * comparison is not meaningful if the signed value is negative.
+ *
+ * \param expr1     An integral-typed expression to evaluate.
+ * \param expr2     Another integral-typed expression to evaluate.
  */
-#define TEST_EQUAL( expr1, expr2 )              \
-    TEST_ASSERT( ( expr1 ) == ( expr2 ) )
+#define TEST_EQUAL( expr1, expr2 )                                      \
+    do {                                                                \
+        if( ! mbedtls_test_equal( #expr1 " == " #expr2, __LINE__, __FILE__, \
+                                  expr1, expr2 ) )                      \
+            goto exit;                                                  \
+    } while( 0 )
 
 /** Allocate memory dynamically and fail the test case if this fails.
  * The allocated memory will be filled with zeros.
diff --git a/tests/src/helpers.c b/tests/src/helpers.c
index 4d3d53da50..ec4d84eac1 100644
--- a/tests/src/helpers.c
+++ b/tests/src/helpers.c
@@ -95,6 +95,31 @@ void mbedtls_test_info_reset( void )
     mbedtls_test_info.test = 0;
     mbedtls_test_info.line_no = 0;
     mbedtls_test_info.filename = 0;
+    memset( mbedtls_test_info.line1, 0, sizeof( mbedtls_test_info.line1 ) );
+    memset( mbedtls_test_info.line2, 0, sizeof( mbedtls_test_info.line2 ) );
+}
+
+int mbedtls_test_equal( const char *test, int line_no, const char* filename,
+                        unsigned long long value1, unsigned long long value2 )
+{
+    if( value1 == value2 )
+        return( 1 );
+    if( mbedtls_test_info.result == MBEDTLS_TEST_RESULT_FAILED )
+    {
+        /* We've already recorded the test as having failed. Don't
+         * overwrite any previous information about the failure. */
+        return( 0 );
+    }
+    mbedtls_test_fail( test, line_no, filename );
+    (void) mbedtls_snprintf( mbedtls_test_info.line1,
+                             sizeof( mbedtls_test_info.line1 ),
+                             "lhs = 0x%016llx = %lld",
+                             value1, (long long) value1 );
+    (void) mbedtls_snprintf( mbedtls_test_info.line2,
+                             sizeof( mbedtls_test_info.line2 ),
+                             "rhs = 0x%016llx = %lld",
+                             value2, (long long) value2 );
+    return( 0 );
 }
 
 int mbedtls_test_unhexify( unsigned char *obuf,
diff --git a/tests/src/psa_exercise_key.c b/tests/src/psa_exercise_key.c
index e4e55c9c2c..923d2c136a 100644
--- a/tests/src/psa_exercise_key.c
+++ b/tests/src/psa_exercise_key.c
@@ -663,7 +663,7 @@ int mbedtls_test_psa_exported_key_sanity_check(
         TEST_EQUAL( mbedtls_asn1_get_tag( &p, end, &len,
                                           MBEDTLS_ASN1_SEQUENCE |
                                           MBEDTLS_ASN1_CONSTRUCTED ), 0 );
-        TEST_EQUAL( p + len, end );
+        TEST_EQUAL( len, end - p );
         if( ! mbedtls_test_asn1_skip_integer( &p, end, 0, 0, 0 ) )
             goto exit;
         if( ! mbedtls_test_asn1_skip_integer( &p, end, bits, bits, 1 ) )
@@ -684,7 +684,7 @@ int mbedtls_test_psa_exported_key_sanity_check(
             goto exit;
         if( ! mbedtls_test_asn1_skip_integer( &p, end, 1, bits / 2 + 1, 0 ) )
             goto exit;
-        TEST_EQUAL( p, end );
+        TEST_EQUAL( p - end, 0 );
 
         TEST_ASSERT( exported_length <= PSA_EXPORT_KEY_PAIR_MAX_SIZE );
     }
@@ -716,12 +716,12 @@ int mbedtls_test_psa_exported_key_sanity_check(
                                           MBEDTLS_ASN1_SEQUENCE |
                                           MBEDTLS_ASN1_CONSTRUCTED ),
                     0 );
-        TEST_EQUAL( p + len, end );
+        TEST_EQUAL( len, end - p );
         if( ! mbedtls_test_asn1_skip_integer( &p, end, bits, bits, 1 ) )
             goto exit;
         if( ! mbedtls_test_asn1_skip_integer( &p, end, 2, bits, 1 ) )
             goto exit;
-        TEST_EQUAL( p, end );
+        TEST_EQUAL( p - end, 0 );
 
 
         TEST_ASSERT( exported_length <=
diff --git a/tests/suites/host_test.function b/tests/suites/host_test.function
index a5fd7179b6..17926ebb3c 100644
--- a/tests/suites/host_test.function
+++ b/tests/suites/host_test.function
@@ -778,6 +778,12 @@ int execute_tests( int argc , const char ** argv )
                     mbedtls_fprintf( stdout, "line %d, %s",
                                      mbedtls_test_info.line_no,
                                      mbedtls_test_info.filename );
+                    if( mbedtls_test_info.line1[0] != 0 )
+                        mbedtls_fprintf( stdout, "\n  %s",
+                                         mbedtls_test_info.line1 );
+                    if( mbedtls_test_info.line2[0] != 0 )
+                        mbedtls_fprintf( stdout, "\n  %s",
+                                         mbedtls_test_info.line2 );
                 }
                 fflush( stdout );
             }

From 1b0978b8032c9b9fe814104e93548835d3e4b0ff Mon Sep 17 00:00:00 2001
From: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
Date: Fri, 15 Oct 2021 15:21:51 +0200
Subject: [PATCH 726/966] Add test class for key generation

Genertae test_suite_psa_crypto_generate_key.generated.data.
Use test_suite_psa_crypto_generate_key.function as a test function.

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
---
 scripts/mbedtls_dev/test_case.py              | 12 ++-
 tests/scripts/generate_psa_tests.py           | 79 +++++++++++++++++++
 ...est_suite_psa_crypto_generate_key.function | 54 +++++++++++++
 3 files changed, 142 insertions(+), 3 deletions(-)
 create mode 100644 tests/suites/test_suite_psa_crypto_generate_key.function

diff --git a/scripts/mbedtls_dev/test_case.py b/scripts/mbedtls_dev/test_case.py
index d01e1432b6..11117fcdd7 100644
--- a/scripts/mbedtls_dev/test_case.py
+++ b/scripts/mbedtls_dev/test_case.py
@@ -42,6 +42,7 @@ class TestCase:
         self.dependencies = [] #type: List[str]
         self.function = None #type: Optional[str]
         self.arguments = [] #type: List[str]
+        self.result = '' #type: str
 
     def add_comment(self, *lines: str) -> None:
         self.comments += lines
@@ -58,6 +59,9 @@ class TestCase:
     def set_arguments(self, arguments: List[str]) -> None:
         self.arguments = arguments
 
+    def set_result(self, result: str) -> None:
+        self.result = result
+
     def check_completeness(self) -> None:
         if self.description is None:
             raise MissingDescription
@@ -81,9 +85,11 @@ class TestCase:
         out.write(self.description + '\n')
         if self.dependencies:
             out.write('depends_on:' + ':'.join(self.dependencies) + '\n')
-        out.write(self.function + ':' + ':'.join(self.arguments) + '\n')
-
-
+        out.write(self.function + ':' + ':'.join(self.arguments))
+        if self.result:
+            out.write(':' + self.result + '\n')
+        else:
+            out.write('\n')
 
 def write_data_file(filename: str,
                     test_cases: Iterable[TestCase],
diff --git a/tests/scripts/generate_psa_tests.py b/tests/scripts/generate_psa_tests.py
index 4c8143ff09..b4a13bac3d 100755
--- a/tests/scripts/generate_psa_tests.py
+++ b/tests/scripts/generate_psa_tests.py
@@ -261,6 +261,83 @@ class NotSupported:
                 yield from self.test_cases_for_key_type_not_supported(
                     kt, 0, param_descr='curve')
 
+def test_case_for_key_generation(
+        key_type: str, bits: int,
+        dependencies: List[str],
+        *args: str,
+        result: str = '',
+        param_descr: str = '',
+) -> test_case.TestCase:
+    """Return one test case exercising a key generation.
+    """
+    hack_dependencies_not_implemented(dependencies)
+    tc = test_case.TestCase()
+    short_key_type = re.sub(r'PSA_(KEY_TYPE|ECC_FAMILY)_', r'', key_type)
+    tc.set_description('PSA {} {}-bit'
+                       .format( short_key_type, bits))
+    tc.set_dependencies(dependencies)
+    tc.set_function('generate_key')
+    tc.set_arguments([key_type] + list(args))
+    tc.set_result(result)
+
+    return tc
+
+class KeyGenerate:
+    """Generate positive and negative (invalid argument) test cases for key generation."""
+
+    def __init__(self, info: Information) -> None:
+        self.constructors = info.constructors
+
+    def test_cases_for_key_type_key_generation(
+            self,
+            kt: crypto_knowledge.KeyType,
+            param: Optional[int] = None,
+            param_descr: str = '',
+    ) -> Iterator[test_case.TestCase]:
+        """Return test cases exercising key generation.
+
+        All key types can be generated except for public keys. For public key
+        PSA_ERROR_INVALID_ARGUMENT status is expected.
+        """
+        result = 'PSA_SUCCESS'
+
+        import_dependencies = [psa_want_symbol(kt.name)]
+        if kt.params is not None:
+            import_dependencies += [psa_want_symbol(sym)
+                                    for i, sym in enumerate(kt.params)]
+        if kt.name.endswith('_PUBLIC_KEY'):
+            generate_dependencies = []
+            result = 'PSA_ERROR_INVALID_ARGUMENT'
+        else:
+            generate_dependencies = import_dependencies
+        for bits in kt.sizes_to_test():
+            yield test_case_for_key_generation(
+                kt.expression, bits,
+                finish_family_dependencies(generate_dependencies, bits),
+                str(bits),
+                result,
+                param_descr=param_descr
+            )
+
+    ECC_KEY_TYPES = ('PSA_KEY_TYPE_ECC_KEY_PAIR',
+                     'PSA_KEY_TYPE_ECC_PUBLIC_KEY')
+
+    def test_cases_for_key_generation(self) -> Iterator[test_case.TestCase]:
+        """Generate test cases that exercise the generation of keys."""
+        for key_type in sorted(self.constructors.key_types):
+            if key_type in self.ECC_KEY_TYPES:
+                continue
+            kt = crypto_knowledge.KeyType(key_type)
+            yield from self.test_cases_for_key_type_key_generation(kt)
+        for curve_family in sorted(self.constructors.ecc_curves):
+            for constr in self.ECC_KEY_TYPES:
+                kt = crypto_knowledge.KeyType(constr, [curve_family])
+                yield from self.test_cases_for_key_type_key_generation(
+                    kt, param_descr='type')
+                yield from self.test_cases_for_key_type_key_generation(
+                    kt, 0, param_descr='curve')
+
+
 class StorageKey(psa_storage.Key):
     """Representation of a key for storage format testing."""
 
@@ -682,6 +759,8 @@ class TestGenerator:
         test_case.write_data_file(filename, test_cases)
 
     TARGETS = {
+        'test_suite_psa_crypto_generate_key.generated':
+        lambda info: KeyGenerate(info).test_cases_for_key_generation(),
         'test_suite_psa_crypto_not_supported.generated':
         lambda info: NotSupported(info).test_cases_for_not_supported(),
         'test_suite_psa_crypto_storage_format.current':
diff --git a/tests/suites/test_suite_psa_crypto_generate_key.function b/tests/suites/test_suite_psa_crypto_generate_key.function
new file mode 100644
index 0000000000..7404d382a9
--- /dev/null
+++ b/tests/suites/test_suite_psa_crypto_generate_key.function
@@ -0,0 +1,54 @@
+/* BEGIN_HEADER */
+
+#include "psa/crypto.h"
+#include "test/psa_crypto_helpers.h"
+
+#define INVALID_KEY_ID mbedtls_svc_key_id_make( 0, 0xfedcba98 )
+
+/* END_HEADER */
+
+/* BEGIN_DEPENDENCIES
+ * depends_on:MBEDTLS_PSA_CRYPTO_C
+ * END_DEPENDENCIES
+ */
+
+/* BEGIN_CASE */
+void generate_key( int key_type, int bits, int result)
+{
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+    mbedtls_svc_key_id_t key_id = INVALID_KEY_ID;
+
+    // key lifetiem, usage flags, algorithm are irrelevant for this test
+    psa_key_lifetime_t _key_life_time = (psa_key_lifetime_t) 0;
+    psa_key_usage_t _key_usage_flags = (psa_key_usage_t) 0;
+    psa_algorithm_t _key_algorithm = (psa_algorithm_t) 0;
+    psa_key_type_t _key_type = (psa_key_type_t) key_type;
+    size_t _key_bits = (size_t) bits;
+    psa_status_t _result = (psa_status_t) result;
+
+    PSA_ASSERT( psa_crypto_init( ) );
+    psa_set_key_lifetime( &attributes, _key_life_time );
+    psa_set_key_usage_flags( &attributes, _key_usage_flags );
+    psa_set_key_algorithm( &attributes, _key_algorithm );
+    psa_set_key_type( &attributes, _key_type );
+    psa_set_key_bits( &attributes, _key_bits );
+    TEST_EQUAL( psa_generate_key( &attributes, &key_id ),
+                _result );
+
+    // Verify attributes of the created key on success
+    if (_result == PSA_SUCCESS)
+    {
+        psa_key_attributes_t key_attributes = {0};
+        PSA_ASSERT( psa_get_key_attributes( key_id, &key_attributes ) );
+        TEST_EQUAL( psa_get_key_lifetime( &key_attributes ), 0 );
+        TEST_EQUAL( psa_get_key_usage_flags( &key_attributes ), 0 );
+        TEST_EQUAL( psa_get_key_algorithm( &key_attributes ), 0 );
+        TEST_EQUAL( psa_get_key_type( &key_attributes ), _key_type );
+        TEST_EQUAL( psa_get_key_bits( &key_attributes ), _key_bits );
+    }
+
+exit:
+    psa_destroy_key( key_id );
+    PSA_DONE( );
+}
+/* END_CASE */

From 8d468e4ee87cbee2197070bcfc2ef4a508770352 Mon Sep 17 00:00:00 2001
From: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
Date: Mon, 18 Oct 2021 14:58:20 +0200
Subject: [PATCH 727/966] Remove key generation when given argument is invalid
 from NotSupported class

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
---
 tests/scripts/generate_psa_tests.py           | 42 +++----------------
 ...st_suite_psa_crypto_not_supported.function | 19 ---------
 2 files changed, 6 insertions(+), 55 deletions(-)

diff --git a/tests/scripts/generate_psa_tests.py b/tests/scripts/generate_psa_tests.py
index b4a13bac3d..589820265c 100755
--- a/tests/scripts/generate_psa_tests.py
+++ b/tests/scripts/generate_psa_tests.py
@@ -155,30 +155,8 @@ def test_case_for_key_type_not_supported(
     tc.set_arguments([key_type] + list(args))
     return tc
 
-def test_case_for_key_type_invalid_argument(
-        verb: str, key_type: str, bits: int,
-        dependencies: List[str],
-        *args: str,
-        param_descr: str = ''
-) -> test_case.TestCase:
-    """Return one test case exercising a key creation method
-    for an invalid argument when key is public.
-    """
-    hack_dependencies_not_implemented(dependencies)
-    tc = test_case.TestCase()
-    short_key_type = re.sub(r'PSA_(KEY_TYPE|ECC_FAMILY)_', r'', key_type)
-    adverb = 'not' if dependencies else 'never'
-    if param_descr:
-        adverb = param_descr + ' ' + adverb
-    tc.set_description('PSA {} {} {}-bit invalid argument'
-                       .format(verb, short_key_type, bits))
-    tc.set_function(verb + '_invalid_argument')
-    tc.set_dependencies(dependencies)
-    tc.set_arguments([key_type] + list(args))
-    return tc
-
 class NotSupported:
-    """Generate test cases for when something is not supported or argument is inavlid."""
+    """Generate test cases for when something is not supported."""
 
     def __init__(self, info: Information) -> None:
         self.constructors = info.constructors
@@ -193,13 +171,11 @@ class NotSupported:
             param: Optional[int] = None,
             param_descr: str = '',
     ) -> Iterator[test_case.TestCase]:
-        """Return test cases exercising key creation when the given type is unsupported
-        or argument is invalid.
+        """Return test cases exercising key creation when the given type is unsupported.
 
         If param is present and not None, emit test cases conditioned on this
         parameter not being supported. If it is absent or None, emit test cases
-        conditioned on the base type not being supported. If key is public emit test
-        case for invalid argument.
+        conditioned on the base type not being supported.
         """
         if kt.name in self.ALWAYS_SUPPORTED:
             # Don't generate test cases for key types that are always supported.
@@ -227,14 +203,8 @@ class NotSupported:
                 # supported or not depending on implementation capabilities,
                 # only generate the test case once.
                 continue
-            if kt.name.endswith('_PUBLIC_KEY'):
-                yield test_case_for_key_type_invalid_argument(
-                    'generate', kt.expression, bits,
-                    finish_family_dependencies(generate_dependencies, bits),
-                    str(bits),
-                    param_descr=param_descr,
-                )
-            else:
+                # Public key cannot be generated
+            if not kt.name.endswith('_PUBLIC_KEY'):
                 yield test_case_for_key_type_not_supported(
                     'generate', kt.expression, bits,
                     finish_family_dependencies(generate_dependencies, bits),
@@ -266,7 +236,7 @@ def test_case_for_key_generation(
         dependencies: List[str],
         *args: str,
         result: str = '',
-        param_descr: str = '',
+        param_descr: str = ''
 ) -> test_case.TestCase:
     """Return one test case exercising a key generation.
     """
diff --git a/tests/suites/test_suite_psa_crypto_not_supported.function b/tests/suites/test_suite_psa_crypto_not_supported.function
index 0665230d72..e3253d8405 100644
--- a/tests/suites/test_suite_psa_crypto_not_supported.function
+++ b/tests/suites/test_suite_psa_crypto_not_supported.function
@@ -50,22 +50,3 @@ exit:
     PSA_DONE( );
 }
 /* END_CASE */
-
-/* BEGIN_CASE */
-void generate_invalid_argument( int key_type, int bits )
-{
-    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
-    mbedtls_svc_key_id_t key_id = INVALID_KEY_ID;
-
-    PSA_ASSERT( psa_crypto_init( ) );
-    psa_set_key_type( &attributes, key_type );
-    psa_set_key_bits( &attributes, bits );
-    TEST_EQUAL( psa_generate_key( &attributes, &key_id ),
-                PSA_ERROR_INVALID_ARGUMENT );
-    TEST_ASSERT( mbedtls_svc_key_id_equal( key_id, MBEDTLS_SVC_KEY_ID_INIT ) );
-
-exit:
-    psa_destroy_key( key_id );
-    PSA_DONE( );
-}
-/* END_CASE */

From bca03e5f7d29dd7566a725bfee83be87cab2aa4a Mon Sep 17 00:00:00 2001
From: Xiaofei Bai <xiaofei.bai@arm.com>
Date: Thu, 9 Sep 2021 09:42:37 +0000
Subject: [PATCH 728/966] Add code size comparison script.

Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
---
 scripts/code_size_compare.py | 210 +++++++++++++++++++++++++++++++++++
 1 file changed, 210 insertions(+)
 create mode 100755 scripts/code_size_compare.py

diff --git a/scripts/code_size_compare.py b/scripts/code_size_compare.py
new file mode 100755
index 0000000000..19a6c43d01
--- /dev/null
+++ b/scripts/code_size_compare.py
@@ -0,0 +1,210 @@
+#!/usr/bin/env python3
+
+"""
+Purpose
+
+This script is for comparing the size of the library files from two
+different Git revisions within an Mbed TLS repository.
+The results of the comparison is formatted as csv and stored at a
+configurable location.
+Note: must be run from Mbed TLS root.
+"""
+
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import argparse
+import os
+import subprocess
+import sys
+
+class CodeSizeComparison:
+    """compare code size between two Git revisions"""
+
+    def __init__(self, old_revision, new_revision, result_dir):
+        """
+        old_revision: revision to compare against
+        new_revision:
+        result_dir: directory for comparision result
+        """
+        self.repo_path = "."
+        self.result_dir = os.path.abspath(result_dir)
+        if os.path.exists(self.result_dir) is False:
+            os.makedirs(self.result_dir)
+
+        self.csv_dir = os.path.abspath("code_size_records/")
+        if os.path.exists(self.csv_dir) is False:
+            os.makedirs(self.csv_dir)
+
+        self.old_rev = old_revision
+        self.new_rev = new_revision
+        self.git_command = "git"
+        self.make_command = "make"
+
+    @staticmethod
+    def check_repo_path():
+        if not all(os.path.isdir(d) for d in ["include", "library", "tests"]):
+            raise Exception("Must be run from Mbed TLS root")
+
+    def _create_git_worktree(self, revision):
+        """Make a separate worktree for revision.
+        Do not modify the current worktree."""
+
+        if revision == "head":
+            print("Using current work directory.")
+            git_worktree_path = self.repo_path
+        else:
+            print("Creating git worktree for", revision)
+            git_worktree_path = os.path.join(self.repo_path, "temp-" + revision)
+            subprocess.check_output(
+                [self.git_command, "worktree", "add", "--detach",
+                 git_worktree_path, revision], cwd=self.repo_path,
+                stderr=subprocess.STDOUT
+            )
+        return git_worktree_path
+
+    def _build_libraries(self, git_worktree_path):
+        """Build libraries in the specified worktree."""
+
+        my_environment = os.environ.copy()
+        subprocess.check_output(
+            [self.make_command, "-j", "lib"], env=my_environment,
+            cwd=git_worktree_path, stderr=subprocess.STDOUT,
+        )
+
+    def _gen_code_size_csv(self, revision, git_worktree_path):
+        """Generate code size csv file."""
+
+        csv_fname = revision + ".csv"
+        print("Measuring code size for", revision)
+        result = subprocess.check_output(
+            ["size library/*.o"], cwd=git_worktree_path, shell=True
+        )
+        size_text = result.decode()
+        csv_file = open(os.path.join(self.csv_dir, csv_fname), "w")
+        for line in size_text.splitlines()[1:]:
+            data = line.split()
+            csv_file.write("{}, {}\n".format(data[5], data[3]))
+
+    def _remove_worktree(self, git_worktree_path):
+        """Remove temporary worktree."""
+        if git_worktree_path != self.repo_path:
+            print("Removing temporary worktree", git_worktree_path)
+            subprocess.check_output(
+                [self.git_command, "worktree", "remove", "--force",
+                 git_worktree_path], cwd=self.repo_path,
+                stderr=subprocess.STDOUT
+            )
+
+    def _get_code_size_for_rev(self, revision):
+        """Generate code size csv file for the specified git revision."""
+
+        # Check if the corresponding record exists
+        csv_fname = revision + ".csv"
+        if (revision != "head") and \
+           os.path.exists(os.path.join(self.csv_dir, csv_fname)):
+            print("Code size csv file for", revision, "already exists.")
+        else:
+            git_worktree_path = self._create_git_worktree(revision)
+            self._build_libraries(git_worktree_path)
+            self._gen_code_size_csv(revision, git_worktree_path)
+            self._remove_worktree(git_worktree_path)
+
+    def compare_code_size(self):
+        """Generate results of the size changes between two revisions,
+        old and new. Measured code size results of these two revisions
+        must be available"""
+
+        old_file = open(os.path.join(self.csv_dir, self.old_rev + ".csv"), "r")
+        new_file = open(os.path.join(self.csv_dir, self.new_rev + ".csv"), "r")
+        res_file = open(os.path.join(self.result_dir, "compare-" + self.old_rev
+                                     + "-" + self.new_rev + ".csv"), "w")
+        res_file.write("file_name, this_size, old_size, change, change %\n")
+        print("Generate comparision results.")
+
+        old_ds = {}
+        for line in old_file.readlines()[1:]:
+            cols = line.split(", ")
+            fname = cols[0]
+            size = int(cols[1])
+            if size != 0:
+                old_ds[fname] = size
+
+        new_ds = {}
+        for line in new_file.readlines()[1:]:
+            cols = line.split(", ")
+            fname = cols[0]
+            size = int(cols[1])
+            new_ds[fname] = size
+
+        for fname in new_ds:
+            this_size = new_ds[fname]
+            if fname in old_ds:
+                old_size = old_ds[fname]
+                change = this_size - old_size
+                change_pct = change / old_size
+                res_file.write("{}, {}, {}, {}, {:.2%}\n".format(fname, \
+                               this_size, old_size, change, float(change_pct)))
+            else:
+                res_file.write("{}, {}\n".format(fname, this_size))
+        return 1
+
+    def get_comparision_results(self):
+        """Compare size of library/*.o between self.old_rev and self.new_rev,
+        and generate the result file."""
+        self.check_repo_path()
+        self._get_code_size_for_rev(self.old_rev)
+        self._get_code_size_for_rev(self.new_rev)
+        return self.compare_code_size()
+
+def run_main():
+    parser = argparse.ArgumentParser(
+        description=(
+            """This script is for comparing the size of the library files
+            from two different Git revisions within an Mbed TLS repository.
+            The results of the comparison is formatted as csv, and stored at
+            a configurable location.
+            Note: must be run from Mbed TLS root."""
+        )
+    )
+    parser.add_argument(
+        "-r", "--result-dir", type=str, default="comparison",
+        help="directory where comparison result is stored, \
+              default is comparison",
+    )
+    parser.add_argument(
+        "-o", "--old-rev", type=str, help="old revision for comparison",
+        required=True,
+    )
+    parser.add_argument(
+        "-n", "--new-rev", type=str, default="head",
+        help="new revision for comparison, default is current work directory."
+    )
+    comp_args = parser.parse_args()
+
+    if os.path.isfile(comp_args.result_dir):
+        print("Error: {} is not a directory".format(comp_args.result_dir))
+        parser.exit()
+
+    old_revision = comp_args.old_rev
+    new_revision = comp_args.new_rev
+    result_dir = comp_args.result_dir
+    size_compare = CodeSizeComparison(old_revision, new_revision, result_dir)
+    return_code = size_compare.get_comparision_results()
+    sys.exit(return_code)
+
+
+if __name__ == "__main__":
+    run_main()

From 788ad339b8cbf1dbb6233f6be92e2261c3e67194 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Wed, 20 Oct 2021 14:17:02 +0200
Subject: [PATCH 729/966] Move is-it-resend logic into a function

Improve the code structure in case we want to add other similar conditions
later. Document better what we're doing, and document why we're doing it.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 tests/ssl-opt.sh | 34 ++++++++++++++++++++++++++++------
 1 file changed, 28 insertions(+), 6 deletions(-)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 23169e466d..fa34ff66f3 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -552,6 +552,32 @@ record_outcome() {
     fi
 }
 
+# True if the presence of the given pattern in a log definitely indicates
+# that the test has failed. False if the presence is inconclusive.
+#
+# Inputs:
+# * $1: pattern found in the logs
+# * $TIMES_LEFT: >0 if retrying is an option
+#
+# Outputs:
+# * $outcome: set to a retry reason if the pattern is inconclusive,
+#             unchanged otherwise.
+# * Return value: 1 if the pattern is inconclusive,
+#                 0 if the failure is definitive.
+log_pattern_presence_is_conclusive() {
+    # If we've run out of attempts, then don't retry no matter what.
+    if [ $TIMES_LEFT -eq 0 ]; then
+        return 0
+    fi
+    case $1 in
+        "resend")
+            # An undesired resend may have been caused by the OS dropping or
+            # delaying a packet at an inopportune time.
+            outcome="RETRY(resend)"
+            return 1;;
+    esac
+}
+
 # fail <message>
 fail() {
     record_outcome "FAIL" "$1"
@@ -939,9 +965,7 @@ check_test_failure() {
 
             "-S")
                 if grep -v '^==' $SRV_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then
-                    if [ "$2" = "resend" ] && [ $TIMES_LEFT -gt 0 ]; then
-                        outcome="RETRY(resend)"
-                    else
+                    if log_pattern_presence_is_conclusive "$2"; then
                         fail "pattern '$2' MUST NOT be present in the Server output"
                     fi
                     return
@@ -950,9 +974,7 @@ check_test_failure() {
 
             "-C")
                 if grep -v '^==' $CLI_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then
-                    if [ "$2" = "resend" ] && [ $TIMES_LEFT -gt 0 ]; then
-                        outcome="RETRY(resend)"
-                    else
+                    if log_pattern_presence_is_conclusive "$2"; then
                         fail "pattern '$2' MUST NOT be present in the Client output"
                     fi
                     return

From 3a96d09898b501c6002d471b6461e77a796b1d8e Mon Sep 17 00:00:00 2001
From: Brett Warren <brett.warren@arm.com>
Date: Tue, 19 Oct 2021 22:01:12 +0100
Subject: [PATCH 730/966] export MBEDTLS_DEPRECATED from platform_util.h

Since there are no longer any alternative
MBEDTLS_DEPRECATED definitions in the codebase,
MBEDTLS_DEPRECATED can now be exported without breaking
anything.

Signed-off-by: Brett Warren <brett.warren@arm.com>
---
 include/mbedtls/platform_util.h | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h
index 36e3718e6c..26e628b4e9 100644
--- a/include/mbedtls/platform_util.h
+++ b/include/mbedtls/platform_util.h
@@ -42,10 +42,6 @@ extern "C" {
 /* Internal helper macros for deprecating API constants. */
 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
 #if defined(MBEDTLS_DEPRECATED_WARNING)
-/* Deliberately don't (yet) export MBEDTLS_DEPRECATED here
- * to avoid conflict with other headers which define and use
- * it, too. We might want to move all these definitions here at
- * some point for uniformity. */
 #define MBEDTLS_DEPRECATED __attribute__((deprecated))
 MBEDTLS_DEPRECATED typedef char const * mbedtls_deprecated_string_constant_t;
 #define MBEDTLS_DEPRECATED_STRING_CONSTANT( VAL )       \
@@ -53,7 +49,6 @@ MBEDTLS_DEPRECATED typedef char const * mbedtls_deprecated_string_constant_t;
 MBEDTLS_DEPRECATED typedef int mbedtls_deprecated_numeric_constant_t;
 #define MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( VAL )       \
     ( (mbedtls_deprecated_numeric_constant_t) ( VAL ) )
-#undef MBEDTLS_DEPRECATED
 #else /* MBEDTLS_DEPRECATED_WARNING */
 #define MBEDTLS_DEPRECATED_STRING_CONSTANT( VAL ) VAL
 #define MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( VAL ) VAL

From 9e98573ca2a6e6be35f3dd1634bd55212bdeb2a0 Mon Sep 17 00:00:00 2001
From: Brett Warren <brett.warren@arm.com>
Date: Tue, 19 Oct 2021 22:16:51 +0100
Subject: [PATCH 731/966] fix build fail with MBEDTLS_DEPRECATED

When deprecated functions are allowed

Signed-off-by: Brett Warren <brett.warren@arm.com>
---
 include/mbedtls/platform_util.h | 1 +
 1 file changed, 1 insertion(+)

diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h
index 26e628b4e9..5d2fefc36f 100644
--- a/include/mbedtls/platform_util.h
+++ b/include/mbedtls/platform_util.h
@@ -50,6 +50,7 @@ MBEDTLS_DEPRECATED typedef int mbedtls_deprecated_numeric_constant_t;
 #define MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( VAL )       \
     ( (mbedtls_deprecated_numeric_constant_t) ( VAL ) )
 #else /* MBEDTLS_DEPRECATED_WARNING */
+#define MBEDTLS_DEPRECATED
 #define MBEDTLS_DEPRECATED_STRING_CONSTANT( VAL ) VAL
 #define MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( VAL ) VAL
 #endif /* MBEDTLS_DEPRECATED_WARNING */

From 80b31c56eba2634ddc60d3cf8e2cdc7eb9c639ae Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= <bence.szepkuti@arm.com>
Date: Tue, 19 Oct 2021 15:05:36 +0200
Subject: [PATCH 732/966] Run the PSA Compliance test suite in all.sh
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This commit adds a component to all.sh which clones, builds and runs the
compliance test suite.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
---
 tests/scripts/all.sh                 | 13 ++++
 tests/scripts/test_psa_compliance.py | 96 ++++++++++++++++++++++++++++
 2 files changed, 109 insertions(+)
 create mode 100755 tests/scripts/test_psa_compliance.py

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 099174372e..68163559a8 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -2756,6 +2756,19 @@ component_test_zeroize () {
     unset gdb_disable_aslr
 }
 
+component_test_psa_compliance () {
+    msg "build: make, default config (out-of-box), libmbedcrypto.a only"
+    make library/libmbedcrypto.a
+
+    msg "unit test: test_psa_compliance.py"
+    ./tests/scripts/test_psa_compliance.py
+}
+
+support_test_psa_compliance () {
+    local ver=($(cmake --version | sed 's/cmake version //; y/./ /; q'))
+    [ "${ver[0]}" -eq 3 ] && [ "${ver[1]}" -ge 10 ]
+}
+
 component_check_python_files () {
     msg "Lint: Python scripts"
     tests/scripts/check-python-files.sh
diff --git a/tests/scripts/test_psa_compliance.py b/tests/scripts/test_psa_compliance.py
new file mode 100755
index 0000000000..07fa76e60f
--- /dev/null
+++ b/tests/scripts/test_psa_compliance.py
@@ -0,0 +1,96 @@
+#!/usr/bin/env python3
+#pylint: disable=missing-module-docstring
+import os
+import re
+import shutil
+import subprocess
+import sys
+
+EXPECTED_FAILURES = {
+    216, 221, 224, 225, 248, 249, 252, 253, 254, 255, 256, 257, 258, 259, 260, 261, 262, 263
+}
+PSA_ARCH_TESTS_REPO = 'https://github.com/ronald-cron-arm/psa-arch-tests.git'
+PSA_ARCH_TESTS_REF = 'crypto1.0-3.0'
+
+#pylint: disable=too-many-statements
+def main():
+    mbedtls_dir = os.getcwd()
+
+    mbedcrypto_lib = 'library/libmbedcrypto.a'
+    if not os.path.exists(mbedcrypto_lib):
+        subprocess.check_call(['make', mbedcrypto_lib])
+
+    psa_arch_tests_dir = 'psa-arch-tests'
+    try:
+        os.mkdir(psa_arch_tests_dir)
+    except FileExistsError:
+        pass
+    os.chdir(psa_arch_tests_dir)
+
+    subprocess.check_call(['git', 'init'])
+    subprocess.check_call(['git', 'fetch', PSA_ARCH_TESTS_REPO, PSA_ARCH_TESTS_REF])
+    subprocess.check_call(['git', 'checkout', 'FETCH_HEAD'])
+
+    build_dir = 'api-tests/build'
+    try:
+        shutil.rmtree(build_dir)
+    except FileNotFoundError:
+        pass
+    os.mkdir(build_dir)
+    os.chdir(build_dir)
+
+    #pylint: disable=bad-continuation
+    subprocess.check_call([
+        'cmake', '..', '-GUnix Makefiles',
+                       '-DTARGET=tgt_dev_apis_stdc',
+                       '-DTOOLCHAIN=HOST_GCC',
+                       '-DSUITE=CRYPTO',
+                       '-DPSA_CRYPTO_LIB_FILENAME={}/library/libmbedcrypto.a'.format(mbedtls_dir),
+                       '-DPSA_INCLUDE_PATHS={}/include'.format(mbedtls_dir)
+    ])
+    subprocess.check_call(['cmake', '--build', '.'])
+
+    proc = subprocess.Popen(['./psa-arch-tests-crypto'],
+                            bufsize=1, stdout=subprocess.PIPE, universal_newlines=True)
+
+    test_re = re.compile('^TEST(?:: ([0-9]*)| RESULT: FAILED)')
+    test = -1
+    unexpected_successes = set(EXPECTED_FAILURES)
+    expected_failures = []
+    unexpected_failures = []
+    for line in proc.stdout:
+        print(line[:-1])
+        match = test_re.match(line)
+        if match is not None:
+            if match.group(1) is not None:
+                test = int(match.group(1))
+            else:
+                try:
+                    unexpected_successes.remove(test)
+                    expected_failures.append(test)
+                except KeyError:
+                    unexpected_failures.append(test)
+    proc.wait()
+
+    print()
+    print('***** test_psa_compliance.py report ******')
+    print()
+    print('Expected failures:', ', '.join(str(i) for i in expected_failures))
+    print('Unexpected failures:', ', '.join(str(i) for i in unexpected_failures))
+    print('Unexpected successes:', ', '.join(str(i) for i in sorted(unexpected_successes)))
+    print()
+    if unexpected_successes or unexpected_failures:
+        if unexpected_successes:
+            print('Unexpected successes encountered.')
+            #pylint: disable=line-too-long
+            print('Please remove the corresponding tests from EXPECTED_FAILURES in tests/scripts/compliance_test.py')
+            print()
+        print('FAILED')
+        sys.exit(1)
+    else:
+        os.chdir(mbedtls_dir)
+        shutil.rmtree(psa_arch_tests_dir)
+        print('SUCCESS')
+
+if __name__ == '__main__':
+    main()

From bb2ced33dd8ff2b90aff907301cb4d1c0c7a06d9 Mon Sep 17 00:00:00 2001
From: Mateusz Starzyk <mateusz.starzyk@mobica.com>
Date: Wed, 13 Oct 2021 13:37:30 +0200
Subject: [PATCH 733/966] Ignore plaintext length for CCM*-no-tag.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
---
 include/mbedtls/ccm.h |  4 ++++
 library/ccm.c         | 22 ++++++++++++++++++----
 2 files changed, 22 insertions(+), 4 deletions(-)

diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h
index 6f991fefbd..0dc5b59683 100644
--- a/include/mbedtls/ccm.h
+++ b/include/mbedtls/ccm.h
@@ -198,6 +198,7 @@ int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
  * \param ctx       The CCM context to use for encryption. This must be
  *                  initialized and bound to a key.
  * \param length    The length of the input data in Bytes.
+ *                  For tag length = 0, input length is ignored.
  * \param iv        The initialization vector (nonce). This must be a readable
  *                  buffer of at least \p iv_len Bytes.
  * \param iv_len    The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,
@@ -207,6 +208,7 @@ int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
  *                  at least \p ad_len Bytes.
  * \param ad_len    The length of additional data in Bytes.
  *                  This must be less than 2^16 - 2^8.
+ *                  For tag length = 0, AD length can be 0.
  * \param input     The buffer holding the input data. If \p length is greater
  *                  than zero, \p input must be a readable buffer of at least
  *                  that length.
@@ -279,6 +281,7 @@ int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
  * \param ctx       The CCM context to use for decryption. This must be
  *                  initialized and bound to a key.
  * \param length    The length of the input data in Bytes.
+ *                  For tag length = 0, input length is ignored.
  * \param iv        The initialization vector (nonce). This must be a readable
  *                  buffer of at least \p iv_len Bytes.
  * \param iv_len    The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,
@@ -288,6 +291,7 @@ int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
  *                  at least that \p ad_len Bytes.
  * \param ad_len    The length of additional data in Bytes.
  *                  This must be less than 2^16 - 2^8.
+ *                  For tag length = 0, AD length can be 0.
  * \param input     The buffer holding the input data. If \p length is greater
  *                  than zero, \p input must be a readable buffer of at least
  *                  that length.
diff --git a/library/ccm.c b/library/ccm.c
index 15efff79f0..e062678569 100644
--- a/library/ccm.c
+++ b/library/ccm.c
@@ -150,9 +150,20 @@ static int ccm_calculate_first_block_if_ready(mbedtls_ccm_context *ctx)
     if( !(ctx->state & CCM_STATE__STARTED) || !(ctx->state & CCM_STATE__LENGHTS_SET) )
         return 0;
 
-    if( ctx->tag_len == 0 && \
-        ( ctx->mode == MBEDTLS_CCM_ENCRYPT || ctx->mode == MBEDTLS_CCM_DECRYPT ) )
-        return( MBEDTLS_ERR_CCM_BAD_INPUT );
+    /* CCM expects non-empty tag.
+     * CCM* allows empty tag. For CCM* without tag, ignore plaintext length.
+     */
+    if( ctx->tag_len == 0 )
+    {
+        if( ctx->mode == MBEDTLS_CCM_STAR_ENCRYPT || ctx->mode == MBEDTLS_CCM_STAR_DECRYPT )
+        {
+            ctx->plaintext_len = 0;
+        }
+        else
+        {
+            return( MBEDTLS_ERR_CCM_BAD_INPUT );
+        }
+    }
 
     /*
      * First block:
@@ -342,7 +353,10 @@ int mbedtls_ccm_update( mbedtls_ccm_context *ctx,
         return MBEDTLS_ERR_CCM_BAD_INPUT;
     }
 
-    if( ctx->processed + input_len > ctx->plaintext_len )
+    /* Check against plaintext length only if performing operation with
+     * authentication
+     */
+    if( ctx->tag_len != 0 && ctx->processed + input_len > ctx->plaintext_len )
     {
         return MBEDTLS_ERR_CCM_BAD_INPUT;
     }

From 594215be6e00e1bb921497091213ed601df5e4f4 Mon Sep 17 00:00:00 2001
From: Mateusz Starzyk <mateusz.starzyk@mobica.com>
Date: Thu, 14 Oct 2021 12:23:06 +0200
Subject: [PATCH 734/966] Add support for CCM*-no-tag to PSA.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
---
 include/psa/crypto_sizes.h  |  3 ++-
 include/psa/crypto_values.h | 11 +++++++++++
 library/cipher.c            | 35 +++++++++++++++++++++++++++++++++++
 library/psa_crypto.c        |  7 ++++++-
 library/psa_crypto_cipher.c |  3 +++
 5 files changed, 57 insertions(+), 2 deletions(-)

diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h
index 4c67f10afa..e9a7a350bc 100644
--- a/include/psa/crypto_sizes.h
+++ b/include/psa/crypto_sizes.h
@@ -959,7 +959,8 @@
          (alg) == PSA_ALG_CBC_PKCS7) ? PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
      (key_type) == PSA_KEY_TYPE_CHACHA20 && \
          (alg) == PSA_ALG_STREAM_CIPHER ? 12 : \
-     0)
+         (alg) == PSA_ALG_CCM_STAR_NO_TAG ? 13 : \
+         0)
 
 /** The maximum IV size for all supported cipher algorithms, in bytes.
  *
diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h
index daef9416cc..9f0b7517d4 100644
--- a/include/psa/crypto_values.h
+++ b/include/psa/crypto_values.h
@@ -1195,6 +1195,17 @@
  */
 #define PSA_ALG_CCM                             ((psa_algorithm_t)0x05500100)
 
+/** The CCM* cipher mode without authentication.
+ *
+ * This is CCM* as specified in IEEE 802.15.4 §7, with a tag length of 0.
+ * For CCM* with a nonzero tag length, use the AEAD algorithm #PSA_ALG_CCM.
+ *
+ * The underlying block cipher is determined by the key type.
+ *
+ * Currently only 13-byte long IV's are supported.
+ */
+#define PSA_ALG_CCM_STAR_NO_TAG                 ((psa_algorithm_t)0x04c01300)
+
 /** The GCM authenticated encryption algorithm.
  *
  * The underlying block cipher is determined by the key type.
diff --git a/library/cipher.c b/library/cipher.c
index dc801894b7..4ed6c910f0 100644
--- a/library/cipher.c
+++ b/library/cipher.c
@@ -424,6 +424,31 @@ int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx,
     }
 #endif
 
+#if defined(MBEDTLS_CCM_C)
+    if( MBEDTLS_MODE_CCM == ctx->cipher_info->mode )
+    {
+        int set_lengths_result;
+        int ccm_star_mode;
+
+        set_lengths_result = mbedtls_ccm_set_lengths(
+                                (mbedtls_ccm_context *) ctx->cipher_ctx,
+                                0, 0, 0 );
+        if( set_lengths_result != 0 )
+            return set_lengths_result;
+
+        if( ctx->operation == MBEDTLS_DECRYPT )
+            ccm_star_mode = MBEDTLS_CCM_STAR_DECRYPT;
+        else if( ctx->operation == MBEDTLS_ENCRYPT )
+            ccm_star_mode = MBEDTLS_CCM_STAR_ENCRYPT;
+        else
+            return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+
+        return( mbedtls_ccm_starts( (mbedtls_ccm_context *) ctx->cipher_ctx,
+                                    ccm_star_mode,
+                                    iv, iv_len ) );
+    }
+#endif
+
     if ( actual_iv_size != 0 )
     {
         memcpy( ctx->iv, iv, actual_iv_size );
@@ -560,6 +585,15 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i
     }
 #endif
 
+#if defined(MBEDTLS_CCM_C)
+    if( ctx->cipher_info->mode == MBEDTLS_MODE_CCM )
+    {
+        return( mbedtls_ccm_update( (mbedtls_ccm_context *) ctx->cipher_ctx,
+                                    input, ilen,
+                                    output, ilen, olen ) );
+    }
+#endif
+
 #if defined(MBEDTLS_CHACHAPOLY_C)
     if ( ctx->cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305 )
     {
@@ -947,6 +981,7 @@ int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx,
         MBEDTLS_MODE_OFB == ctx->cipher_info->mode ||
         MBEDTLS_MODE_CTR == ctx->cipher_info->mode ||
         MBEDTLS_MODE_GCM == ctx->cipher_info->mode ||
+        MBEDTLS_MODE_CCM == ctx->cipher_info->mode ||
         MBEDTLS_MODE_XTS == ctx->cipher_info->mode ||
         MBEDTLS_MODE_STREAM == ctx->cipher_info->mode )
     {
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index ece64b100d..67494dd249 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3587,7 +3587,12 @@ psa_status_t psa_cipher_decrypt( mbedtls_svc_key_id_t key,
       .core = slot->attr
     };
 
-    if( input_length < PSA_CIPHER_IV_LENGTH( slot->attr.type, alg ) )
+    if( alg == PSA_ALG_CCM_STAR_NO_TAG && input_length < PSA_BLOCK_CIPHER_BLOCK_LENGTH( slot->attr.type ) )
+    {
+        status = PSA_ERROR_INVALID_ARGUMENT;
+        goto exit;
+    }
+    else if ( input_length < PSA_CIPHER_IV_LENGTH( slot->attr.type, alg ) )
     {
         status = PSA_ERROR_INVALID_ARGUMENT;
         goto exit;
diff --git a/library/psa_crypto_cipher.c b/library/psa_crypto_cipher.c
index 2268fc5850..acbbd5ca6b 100644
--- a/library/psa_crypto_cipher.c
+++ b/library/psa_crypto_cipher.c
@@ -92,6 +92,9 @@ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa(
             case PSA_ALG_CBC_PKCS7:
                 mode = MBEDTLS_MODE_CBC;
                 break;
+            case PSA_ALG_CCM_STAR_NO_TAG:
+                mode = MBEDTLS_MODE_CCM;
+                break;
             case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 0 ):
                 mode = MBEDTLS_MODE_CCM;
                 break;

From ed71e9273045b173e647a0cfd0259299753c1283 Mon Sep 17 00:00:00 2001
From: Mateusz Starzyk <mateusz.starzyk@mobica.com>
Date: Thu, 21 Oct 2021 10:04:57 +0200
Subject: [PATCH 735/966] Add tests for CCM*-no-tag.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
---
 tests/suites/test_suite_ccm.data            |  8 +++++
 tests/suites/test_suite_ccm.function        | 25 ++++++++++++++
 tests/suites/test_suite_psa_crypto.data     | 36 +++++++++++++++++++++
 tests/suites/test_suite_psa_crypto.function | 34 +++++++++++++++++++
 4 files changed, 103 insertions(+)

diff --git a/tests/suites/test_suite_ccm.data b/tests/suites/test_suite_ccm.data
index 591e0d9067..61e6e9b991 100644
--- a/tests/suites/test_suite_ccm.data
+++ b/tests/suites/test_suite_ccm.data
@@ -1744,3 +1744,11 @@ mbedtls_ccm_unexpected_ad::MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_ENCRYPT:"d32088d50d
 CCM encrypt, unexpected ciphertext/plaintext data, NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16)
 depends_on:MBEDTLS_AES_C
 mbedtls_ccm_unexpected_text:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_ENCRYPT:"d32088d50df9aba14d9022c870a0cb85":"4b10788c1a03bca656f04f1f98":"e16c69861efc206e85aab1255e":"0eff7d7bcceb873c3203a8df74f4e91b04bd607ec11202f96cfeb99f5bcdb7aa"
+
+CCM* encrypt, no auth NIST VADT AES-256 #1 (P=24, N=13)
+depends_on:MBEDTLS_AES_C
+mbedtls_ccm_star_no_tag:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_ENCRYPT:"26511fb51fcfa75cb4b44da75a6e5a0eb8d9c8f3b906f886df3ba3e6da3a1389":"30d56ff2a25b83fee791110fcaea48e41db7c7f098a81000":"72a60f345a1978fb40f28a2fa4":"55f068c0bbba8b598013dd1841fd740fda2902322148ab5e"
+
+CCM* decrypt, no auth NIST DVPT AES-128 #15 (P=24, N=13)
+depends_on:MBEDTLS_AES_C
+mbedtls_ccm_star_no_tag:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_DECRYPT:"90929a4b0ac65b350ad1591611fe4829":"4bfe4e35784f0a65b545477e5e2f4bae0e1e6fa717eaf2cb":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697"
diff --git a/tests/suites/test_suite_ccm.function b/tests/suites/test_suite_ccm.function
index e48b1f990a..a7ba0dea20 100644
--- a/tests/suites/test_suite_ccm.function
+++ b/tests/suites/test_suite_ccm.function
@@ -231,6 +231,31 @@ exit:
 }
 /* END_CASE */
 
+/* BEGIN_CASE */
+void mbedtls_ccm_star_no_tag( int cipher_id, int mode, data_t * key,
+                              data_t * msg, data_t * iv, data_t * result )
+{
+    mbedtls_ccm_context ctx;
+    uint8_t *output = NULL;
+    size_t olen;
+
+    mbedtls_ccm_init( &ctx );
+    TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 );
+    TEST_EQUAL( 0, mbedtls_ccm_starts( &ctx, mode, iv->x, iv->len ) );
+    TEST_EQUAL( 0, mbedtls_ccm_set_lengths( &ctx, 0, msg->len, 0 ) );
+
+    ASSERT_ALLOC( output, msg->len );
+    TEST_EQUAL( 0, mbedtls_ccm_update( &ctx, msg->x, msg->len, output, msg->len, &olen ) );
+    TEST_EQUAL( result->len, olen );
+    ASSERT_COMPARE( output, olen, result->x, result->len );
+
+    TEST_EQUAL( 0, mbedtls_ccm_finish( &ctx, NULL, 0 ) );
+exit:
+    mbedtls_free(output);
+    mbedtls_ccm_free( &ctx );
+}
+/* END_CASE */
+
 /* BEGIN_CASE */
 void mbedtls_ccm_auth_decrypt( int cipher_id, data_t * key,
                                data_t * msg, data_t * iv,
diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index 063629e599..e7ba9d3eb3 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -1946,6 +1946,10 @@ PSA symmetric encrypt validation: 3-key 3DES-CBC-nopad, 8 bytes, good
 depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_DES
 cipher_encrypt_validation:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce31323437383b3d3e":"eda4011239bc3ac9"
 
+PSA symmetric encrypt validation: CCM*-no-tag, 15 bytes, good
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
+cipher_encrypt_validation:PSA_ALG_CCM_STAR_NO_TAG:PSA_KEY_TYPE_AES:"d24a3d3dde8c84830280cb87abad0bb3":"6bc1bee22e409f96e93d7e11739317"
+
 PSA symmetric encrypt multipart: AES-ECB, 0 bytes, good
 depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES
 cipher_encrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"":0:0:0:"":PSA_SUCCESS
@@ -2006,6 +2010,10 @@ PSA symmetric encrypt multipart: 3-key 3DES-ECB, 8 bytes, good
 depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_DES
 cipher_encrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce31323437383b3d3e":"":"c78e2b38139610e3":8:8:0:"817ca7d69b80d86a":PSA_SUCCESS
 
+PSA symmetric encrypt multipart: CCM*-no-tag, AES, 24 bytes, good
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
+cipher_encrypt_multipart:PSA_ALG_CCM_STAR_NO_TAG:PSA_KEY_TYPE_AES:"d24a3d3dde8c84830280cb87abad0bb3":"f1100035bb24a8d26004e0e24b":"7c86135ed9c2a515aaae0e9a208133897269220f30870006":10:10:14:"1faeb0ee2ca2cd52f0aa3966578344f24e69b742c4ab37ab":PSA_SUCCESS
+
 PSA cipher decrypt: without initialization
 depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES
 cipher_decrypt_fail:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"":"":"":PSA_ERROR_BAD_STATE
@@ -2038,6 +2046,10 @@ PSA symmetric decrypt: AES-CBC-nopad, input too short (5 bytes)
 depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_AES
 cipher_decrypt_fail:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee223":PSA_ERROR_INVALID_ARGUMENT
 
+PSA symetric decrypt: CCM*-no-tag, input too short (15 bytes)
+depends_on:MBEDTLS_AES_C
+cipher_decrypt_fail:PSA_ALG_CCM_STAR_NO_TAG:PSA_KEY_TYPE_AES:"19ebfde2d5468ba0a3031bde629b11fd":"5a8aa485c316e9":"2a2a2a2a2a2a2a2a":PSA_ERROR_INVALID_ARGUMENT
+
 PSA symmetric decrypt: AES-ECB, 0 bytes, good
 depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES
 cipher_decrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"":""
@@ -2086,6 +2098,10 @@ PSA symmetric decrypt: 3-key 3DES-ECB, 8 bytes, good
 depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_DES
 cipher_decrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce31323437383b3d3e":"":"817ca7d69b80d86a":"c78e2b38139610e3"
 
+PSA symmetric decrypt: CCM*-no-tag, NIST DVPT AES-128 #15
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
+cipher_decrypt:PSA_ALG_CCM_STAR_NO_TAG:PSA_KEY_TYPE_AES:"90929a4b0ac65b350ad1591611fe4829":"5a8aa485c316e9403aff859fbb":"4bfe4e35784f0a65b545477e5e2f4bae0e1e6fa717eaf2cb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697"
+
 PSA symmetric decrypt multipart: AES-ECB, 0 bytes, good
 depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES
 cipher_decrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"":0:0:0:"":PSA_SUCCESS
@@ -2146,6 +2162,10 @@ PSA symmetric decrypt multipart: 3-key 3DES-ECB, 8 bytes, good
 depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_DES
 cipher_decrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce31323437383b3d3e":"":"817ca7d69b80d86a":8:8:0:"c78e2b38139610e3":PSA_SUCCESS
 
+PSA symmetric decrypt multipart: CCM*-no-tag, 24 bytes, good
+depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_DES
+cipher_decrypt_multipart:PSA_ALG_CCM_STAR_NO_TAG:PSA_KEY_TYPE_AES:"197afb02ffbd8f699dacae87094d5243":"5a8aa485c316e9403aff859fbb":"4a550134f94455979ec4bf89ad2bd80d25a77ae94e456134":10:10:14:"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697":PSA_SUCCESS
+
 PSA symmetric encrypt/decrypt: AES-ECB, 16 bytes, good
 depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES
 cipher_verify_output:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a"
@@ -2166,6 +2186,22 @@ PSA symmetric encrypt/decrypt: AES-CTR
 depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
 cipher_verify_output:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a"
 
+PSA symmetric encrypt/decrypt: CCM*-no-tag, AES
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
+cipher_verify_output:PSA_ALG_CCM_STAR_NO_TAG:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a"
+
+CCM*-no-tag encrypt, iv_length = 14, bad
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
+cipher_encrypt_validate_iv_length:PSA_ALG_CCM_STAR_NO_TAG:PSA_KEY_TYPE_AES:"90929a4b0ac65b350ad1591611fe4829":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":14:PSA_ERROR_INVALID_ARGUMENT
+
+CCM*-no-tag encrypt, iv_length = 13, good
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
+cipher_encrypt_validate_iv_length:PSA_ALG_CCM_STAR_NO_TAG:PSA_KEY_TYPE_AES:"90929a4b0ac65b350ad1591611fe4829":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":13:PSA_SUCCESS
+
+CCM*-no-tag encrypt, iv_length = 12, bad
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
+cipher_encrypt_validate_iv_length:PSA_ALG_CCM_STAR_NO_TAG:PSA_KEY_TYPE_AES:"90929a4b0ac65b350ad1591611fe4829":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":12:PSA_ERROR_INVALID_ARGUMENT
+
 PSA symmetric encryption multipart: AES-ECB, 16+16 bytes
 depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES
 cipher_encrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":16:16:16:"3ad77bb40d7a3660a89ecaf32466ef9755ed5e9e066820fa52c729886d18854c":PSA_SUCCESS
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 591c2960de..99f2628256 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -2863,6 +2863,40 @@ exit:
 }
 /* END_CASE */
 
+/* BEGIN_CASE */
+void cipher_encrypt_validate_iv_length( int alg, int key_type, data_t* key_data,
+                               data_t *input, int iv_length,
+                               int expected_result )
+{
+    mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
+    psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+    size_t output_buffer_size = 0;
+    unsigned char *output = NULL;
+
+    output_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len );
+    ASSERT_ALLOC( output, output_buffer_size );
+
+    PSA_ASSERT( psa_crypto_init( ) );
+
+    psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
+    psa_set_key_algorithm( &attributes, alg );
+    psa_set_key_type( &attributes, key_type );
+
+    PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+                                &key ) );
+    PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
+    TEST_EQUAL( expected_result, psa_cipher_set_iv( &operation, output,
+                                                    iv_length ) );
+
+exit:
+    psa_cipher_abort( &operation );
+    mbedtls_free( output );
+    psa_destroy_key( key );
+    PSA_DONE( );
+}
+/* END_CASE */
+
 /* BEGIN_CASE */
 void cipher_encrypt_alg_without_iv( int alg_arg,
                                     int key_type_arg,

From 8132c2ff46d532ce9350860b25f6955d842438f6 Mon Sep 17 00:00:00 2001
From: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
Date: Thu, 21 Oct 2021 12:26:58 +0200
Subject: [PATCH 736/966] Address review comments

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
---
 programs/ssl/ssl_server2.c | 50 ++++++++++++++++++++++++++------------
 tests/ssl-opt.sh           |  4 +--
 2 files changed, 37 insertions(+), 17 deletions(-)

diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 68e92b7121..c23d73045f 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -203,7 +203,7 @@ int main( void )
 #endif /* MBEDTLS_X509_CRT_PARSE_C */
 #if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_X509_CRT_PARSE_C)
 #define USAGE_KEY_OPAQUE \
-    "    key_opaque=%%d       Handle your private key as if it were opaque\n" \
+    "    key_opaque=%%d       Handle your private keys as if they were opaque\n" \
     "                        default: 0 (disabled)\n"
 #else
 #define USAGE_KEY_OPAQUE ""
@@ -1325,8 +1325,9 @@ int main( int argc, char *argv[] )
     mbedtls_pk_context pkey;
     mbedtls_x509_crt srvcert2;
     mbedtls_pk_context pkey2;
-#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
     psa_key_id_t key_slot = 0; /* invalid key slot */
+    psa_key_id_t key_slot2 = 0; /* invalid key slot */
 #endif
     int key_cert_init = 0, key_cert_init2 = 0;
 #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
@@ -2491,23 +2492,38 @@ int main( int argc, char *argv[] )
                             (unsigned int) -ret );
             goto exit;
         }
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-    if( opt.key_opaque != 0 )
-    {
-        if( ( ret = mbedtls_pk_wrap_as_opaque( &pkey2, &key_slot,
-                                               PSA_ALG_SHA_256 ) ) != 0 )
-        {
-            mbedtls_printf( " failed\n  !  "
-                            "mbedtls_pk_wrap_as_opaque returned -0x%x\n\n", (unsigned int)  -ret );
-            goto exit;
-        }
-    }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
         key_cert_init2 = 2;
 #endif /* MBEDTLS_ECDSA_C */
     }
 
-    mbedtls_printf( " ok (key type: %s)\n", mbedtls_pk_get_name( &pkey2 ) );
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    if( opt.key_opaque != 0 )
+    {
+        if ( mbedtls_pk_get_type( &pkey ) == MBEDTLS_PK_ECKEY )
+        {
+            if( ( ret = mbedtls_pk_wrap_as_opaque( &pkey, &key_slot,
+                                                PSA_ALG_SHA_256 ) ) != 0 )
+            {
+                mbedtls_printf( " failed\n  !  "
+                                "mbedtls_pk_wrap_as_opaque returned -0x%x\n\n", (unsigned int)  -ret );
+                goto exit;
+            }
+        }
+
+        if ( mbedtls_pk_get_type( &pkey2 ) == MBEDTLS_PK_ECKEY )
+        {
+            if( ( ret = mbedtls_pk_wrap_as_opaque( &pkey2, &key_slot2,
+                                                PSA_ALG_SHA_256 ) ) != 0 )
+            {
+                mbedtls_printf( " failed\n  !  "
+                                "mbedtls_pk_wrap_as_opaque returned -0x%x\n\n", (unsigned int)  -ret );
+                goto exit;
+            }
+        }
+    }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+    mbedtls_printf( " ok (key types: %s - %s)\n", mbedtls_pk_get_name( &pkey ), mbedtls_pk_get_name( &pkey2 ) );
 #endif /* MBEDTLS_X509_CRT_PARSE_C */
 
 #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO)
@@ -3953,6 +3969,10 @@ exit:
     mbedtls_pk_free( &pkey );
     mbedtls_x509_crt_free( &srvcert2 );
     mbedtls_pk_free( &pkey2 );
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    psa_destroy_key( key_slot );
+    psa_destroy_key( key_slot2 );
+#endif
 #endif
 #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
     for( i = 0; (size_t) i < ssl_async_keys.slots_used; i++ )
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 7d0b31381f..628fad9560 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -1455,7 +1455,7 @@ run_test    "Opaque key for server authentication" \
              key_file=data_files/server5.key" \
             0 \
             -c "Verifying peer X.509 certificate... ok" \
-            -s "key type: Opaque" \
+            -s "key types: RSA - Opaque" \
             -S "error" \
             -C "error"
 
@@ -1471,7 +1471,7 @@ run_test    "Opaque key for client/server authentication" \
             0 \
             -c "key type: Opaque" \
             -c "Verifying peer X.509 certificate... ok" \
-            -s "key type: Opaque" \
+            -s "key types: RSA - Opaque" \
             -s "Verifying peer X.509 certificate... ok" \
             -S "error" \
             -C "error"

From 33d01ffe60fe7ce2ebb8e649b657e89a4a8318dd Mon Sep 17 00:00:00 2001
From: Mateusz Starzyk <mateusz.starzyk@mobica.com>
Date: Thu, 21 Oct 2021 14:55:59 +0200
Subject: [PATCH 737/966] Remove redundant value assignemnt to olen.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
---
 tests/suites/test_suite_gcm.function | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/tests/suites/test_suite_gcm.function b/tests/suites/test_suite_gcm.function
index 816ebc4ec5..5696679ea9 100644
--- a/tests/suites/test_suite_gcm.function
+++ b/tests/suites/test_suite_gcm.function
@@ -438,7 +438,7 @@ void gcm_update_output_buffer_too_small( int cipher_id, int mode,
 {
     mbedtls_gcm_context ctx;
     uint8_t *output = NULL;
-    size_t olen;
+    size_t olen = 0;
     size_t output_len = input->len - 1;
 
     mbedtls_gcm_init( &ctx );
@@ -446,7 +446,6 @@ void gcm_update_output_buffer_too_small( int cipher_id, int mode,
     TEST_EQUAL( 0, mbedtls_gcm_starts( &ctx, mode, iv->x, iv->len ) );
 
     ASSERT_ALLOC( output, output_len );
-    olen = 0xdeadbeef;
     TEST_EQUAL( MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL, mbedtls_gcm_update( &ctx, input->x, input->len, output, output_len, &olen ) );
 
 exit:

From e05e126933b81403620ca56f40f08cfad1a3ecc3 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Wed, 20 Oct 2021 15:59:33 +0100
Subject: [PATCH 738/966] Remove bash specific code

Use case pattern matching instead of multiline split, given there is
only the well formatted PIDs to match on this should be safe.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 tests/ssl-opt.sh | 24 ++++++++++--------------
 1 file changed, 10 insertions(+), 14 deletions(-)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index d5b9150ca0..25aa5bafe7 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -626,6 +626,8 @@ has_mem_err() {
 # Wait for process $2 named $3 to be listening on port $1. Print error to $4.
 if type lsof >/dev/null 2>/dev/null; then
     wait_app_start() {
+        newline='
+'
         START_TIME=$(date +%s)
         if [ "$DTLS" -eq 1 ]; then
             proto=UDP
@@ -634,20 +636,14 @@ if type lsof >/dev/null 2>/dev/null; then
         fi
         # Make a tight loop, server normally takes less than 1s to start.
         while true; do
-              SERVER_PIDS=$(lsof -a -n -b -i "$proto:$1" -F p | cut -c2-)
-              SERVER_FOUND=false
-              # When proxies are used, more than one PID can be listening on
-              # the same port. Each PID will be on its own line.
-              while read -r PID; do
-                  if [[ $PID == $2 ]]; then
-                      SERVER_FOUND=true
-                      break
-                  fi
-              done <<< "$SERVER_PIDS"
-
-              if ($SERVER_FOUND == true); then
-                  break
-              fi
+              SERVER_PIDS=$(lsof -a -n -b -i "$proto:$1" -F p)
+              # When we use a proxy, it will be listening on the same port we
+              # are checking for as well as the server and lsof will list both.
+              # If multiple PIDs are returned, each one will be on a separate
+              # line, each prepended with 'p'.
+             case ${newline}${SERVER_PIDS}${newline} in
+                  *${newline}p${2}${newline}*) break;;
+              esac
               if [ $(( $(date +%s) - $START_TIME )) -gt $DOG_DELAY ]; then
                   echo "$3 START TIMEOUT"
                   echo "$3 START TIMEOUT" >> $4

From 2400b50250a8be764571f6ae9381b5fd3d57c545 Mon Sep 17 00:00:00 2001
From: Xiaofei Bai <xiaofei.bai@arm.com>
Date: Thu, 21 Oct 2021 12:22:58 +0000
Subject: [PATCH 739/966] Add revision validation and escape filenames

Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
---
 scripts/code_size_compare.py | 51 ++++++++++++++++++++++++------------
 1 file changed, 34 insertions(+), 17 deletions(-)

diff --git a/scripts/code_size_compare.py b/scripts/code_size_compare.py
index 19a6c43d01..96ebf3d54b 100755
--- a/scripts/code_size_compare.py
+++ b/scripts/code_size_compare.py
@@ -31,7 +31,7 @@ import subprocess
 import sys
 
 class CodeSizeComparison:
-    """compare code size between two Git revisions"""
+    """Compare code size between two Git revisions."""
 
     def __init__(self, old_revision, new_revision, result_dir):
         """
@@ -58,16 +58,22 @@ class CodeSizeComparison:
         if not all(os.path.isdir(d) for d in ["include", "library", "tests"]):
             raise Exception("Must be run from Mbed TLS root")
 
+    @staticmethod
+    def validate_revision(revision):
+        result = subprocess.run(["git", "cat-file", "-e", revision], check=False)
+        return result.returncode
+
     def _create_git_worktree(self, revision):
         """Make a separate worktree for revision.
         Do not modify the current worktree."""
 
-        if revision == "head":
+        if revision == "HEAD":
             print("Using current work directory.")
             git_worktree_path = self.repo_path
         else:
             print("Creating git worktree for", revision)
-            git_worktree_path = os.path.join(self.repo_path, "temp-" + revision)
+            rev_dirname = revision.replace("/", "_")
+            git_worktree_path = os.path.join(self.repo_path, "temp-" + rev_dirname)
             subprocess.check_output(
                 [self.git_command, "worktree", "add", "--detach",
                  git_worktree_path, revision], cwd=self.repo_path,
@@ -87,7 +93,7 @@ class CodeSizeComparison:
     def _gen_code_size_csv(self, revision, git_worktree_path):
         """Generate code size csv file."""
 
-        csv_fname = revision + ".csv"
+        csv_fname = revision.replace("/", "_") + ".csv"
         print("Measuring code size for", revision)
         result = subprocess.check_output(
             ["size library/*.o"], cwd=git_worktree_path, shell=True
@@ -112,8 +118,8 @@ class CodeSizeComparison:
         """Generate code size csv file for the specified git revision."""
 
         # Check if the corresponding record exists
-        csv_fname = revision + ".csv"
-        if (revision != "head") and \
+        csv_fname = revision.replace("/", "_") + ".csv"
+        if (revision != "HEAD") and \
            os.path.exists(os.path.join(self.csv_dir, csv_fname)):
             print("Code size csv file for", revision, "already exists.")
         else:
@@ -125,14 +131,17 @@ class CodeSizeComparison:
     def compare_code_size(self):
         """Generate results of the size changes between two revisions,
         old and new. Measured code size results of these two revisions
-        must be available"""
+        must be available."""
 
-        old_file = open(os.path.join(self.csv_dir, self.old_rev + ".csv"), "r")
-        new_file = open(os.path.join(self.csv_dir, self.new_rev + ".csv"), "r")
-        res_file = open(os.path.join(self.result_dir, "compare-" + self.old_rev
-                                     + "-" + self.new_rev + ".csv"), "w")
+        old_file = open(os.path.join(self.csv_dir, \
+                        self.old_rev.replace("/", "_") + ".csv"), "r")
+        new_file = open(os.path.join(self.csv_dir, \
+                        self.new_rev.replace("/", "_") + ".csv"), "r")
+        res_file = open(os.path.join(self.result_dir, \
+                        "compare-" + self.old_rev.replace("/", "_") + "-" \
+                        + self.new_rev.replace("/", "_") + ".csv"), "w")
         res_file.write("file_name, this_size, old_size, change, change %\n")
-        print("Generate comparision results.")
+        print("Generating comparision results.")
 
         old_ds = {}
         for line in old_file.readlines()[1:]:
@@ -159,7 +168,7 @@ class CodeSizeComparison:
                                this_size, old_size, change, float(change_pct)))
             else:
                 res_file.write("{}, {}\n".format(fname, this_size))
-        return 1
+        return 0
 
     def get_comparision_results(self):
         """Compare size of library/*.o between self.old_rev and self.new_rev,
@@ -169,7 +178,7 @@ class CodeSizeComparison:
         self._get_code_size_for_rev(self.new_rev)
         return self.compare_code_size()
 
-def run_main():
+def main():
     parser = argparse.ArgumentParser(
         description=(
             """This script is for comparing the size of the library files
@@ -185,11 +194,11 @@ def run_main():
               default is comparison",
     )
     parser.add_argument(
-        "-o", "--old-rev", type=str, help="old revision for comparison",
+        "-o", "--old-rev", type=str, help="old revision for comparison.(prefer commit ID)",
         required=True,
     )
     parser.add_argument(
-        "-n", "--new-rev", type=str, default="head",
+        "-n", "--new-rev", type=str, default="HEAD",
         help="new revision for comparison, default is current work directory."
     )
     comp_args = parser.parse_args()
@@ -198,8 +207,16 @@ def run_main():
         print("Error: {} is not a directory".format(comp_args.result_dir))
         parser.exit()
 
+    validate_result = CodeSizeComparison.validate_revision(comp_args.old_rev)
+    if validate_result != 0:
+        sys.exit(validate_result)
     old_revision = comp_args.old_rev
+
+    validate_result = CodeSizeComparison.validate_revision(comp_args.new_rev)
+    if validate_result != 0:
+        sys.exit(validate_result)
     new_revision = comp_args.new_rev
+
     result_dir = comp_args.result_dir
     size_compare = CodeSizeComparison(old_revision, new_revision, result_dir)
     return_code = size_compare.get_comparision_results()
@@ -207,4 +224,4 @@ def run_main():
 
 
 if __name__ == "__main__":
-    run_main()
+    main()

From 437da19f4f1a5f66b3e838534c251b4bd6e63c4d Mon Sep 17 00:00:00 2001
From: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
Date: Wed, 20 Oct 2021 11:59:50 +0200
Subject: [PATCH 740/966] Remove unused param and duplicated test cases

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
---
 tests/scripts/generate_psa_tests.py | 26 +++++++++-----------------
 1 file changed, 9 insertions(+), 17 deletions(-)

diff --git a/tests/scripts/generate_psa_tests.py b/tests/scripts/generate_psa_tests.py
index 589820265c..d1307ad11a 100755
--- a/tests/scripts/generate_psa_tests.py
+++ b/tests/scripts/generate_psa_tests.py
@@ -235,8 +235,7 @@ def test_case_for_key_generation(
         key_type: str, bits: int,
         dependencies: List[str],
         *args: str,
-        result: str = '',
-        param_descr: str = ''
+        result: str = ''
 ) -> test_case.TestCase:
     """Return one test case exercising a key generation.
     """
@@ -244,7 +243,7 @@ def test_case_for_key_generation(
     tc = test_case.TestCase()
     short_key_type = re.sub(r'PSA_(KEY_TYPE|ECC_FAMILY)_', r'', key_type)
     tc.set_description('PSA {} {}-bit'
-                       .format( short_key_type, bits))
+                       .format(short_key_type, bits))
     tc.set_dependencies(dependencies)
     tc.set_function('generate_key')
     tc.set_arguments([key_type] + list(args))
@@ -258,11 +257,12 @@ class KeyGenerate:
     def __init__(self, info: Information) -> None:
         self.constructors = info.constructors
 
+    ECC_KEY_TYPES = ('PSA_KEY_TYPE_ECC_KEY_PAIR',
+                     'PSA_KEY_TYPE_ECC_PUBLIC_KEY')
+
+    @staticmethod
     def test_cases_for_key_type_key_generation(
-            self,
-            kt: crypto_knowledge.KeyType,
-            param: Optional[int] = None,
-            param_descr: str = '',
+            kt: crypto_knowledge.KeyType
     ) -> Iterator[test_case.TestCase]:
         """Return test cases exercising key generation.
 
@@ -285,13 +285,9 @@ class KeyGenerate:
                 kt.expression, bits,
                 finish_family_dependencies(generate_dependencies, bits),
                 str(bits),
-                result,
-                param_descr=param_descr
+                result
             )
 
-    ECC_KEY_TYPES = ('PSA_KEY_TYPE_ECC_KEY_PAIR',
-                     'PSA_KEY_TYPE_ECC_PUBLIC_KEY')
-
     def test_cases_for_key_generation(self) -> Iterator[test_case.TestCase]:
         """Generate test cases that exercise the generation of keys."""
         for key_type in sorted(self.constructors.key_types):
@@ -302,11 +298,7 @@ class KeyGenerate:
         for curve_family in sorted(self.constructors.ecc_curves):
             for constr in self.ECC_KEY_TYPES:
                 kt = crypto_knowledge.KeyType(constr, [curve_family])
-                yield from self.test_cases_for_key_type_key_generation(
-                    kt, param_descr='type')
-                yield from self.test_cases_for_key_type_key_generation(
-                    kt, 0, param_descr='curve')
-
+                yield from self.test_cases_for_key_type_key_generation(kt)
 
 class StorageKey(psa_storage.Key):
     """Representation of a key for storage format testing."""

From 30bd7fa607f63f1a7fa013898817ecd8385b60e6 Mon Sep 17 00:00:00 2001
From: Mateusz Starzyk <mateusz.starzyk@mobica.com>
Date: Fri, 22 Oct 2021 10:33:25 +0200
Subject: [PATCH 741/966] Change error code for
 MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
---
 include/mbedtls/error.h | 2 +-
 include/mbedtls/gcm.h   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h
index 27420ce4fc..8b2b9ea580 100644
--- a/include/mbedtls/error.h
+++ b/include/mbedtls/error.h
@@ -56,7 +56,7 @@
  * Module   Nr  Codes assigned
  * ERROR     2  0x006E          0x0001
  * MPI       7  0x0002-0x0010
- * GCM       3  0x0012-0x0014   0x0013-0x0013
+ * GCM       3  0x0012-0x0016   0x0013-0x0013
  * THREADING 3  0x001A-0x001E
  * AES       5  0x0020-0x0022   0x0021-0x0025
  * CAMELLIA  3  0x0024-0x0026   0x0027-0x0027
diff --git a/include/mbedtls/gcm.h b/include/mbedtls/gcm.h
index a4de9191d8..7dc9dfb8ec 100644
--- a/include/mbedtls/gcm.h
+++ b/include/mbedtls/gcm.h
@@ -46,7 +46,7 @@
 /** Bad input parameters to function. */
 #define MBEDTLS_ERR_GCM_BAD_INPUT                         -0x0014
 /** An output buffer is too small. */
-#define MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL                  -0x0018
+#define MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL                  -0x0016
 
 #ifdef __cplusplus
 extern "C" {

From ba20fc98b8fe0fdde376a14ca9b61091fea45875 Mon Sep 17 00:00:00 2001
From: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
Date: Fri, 22 Oct 2021 10:39:56 +0200
Subject: [PATCH 742/966] Fix issues pointed by CI

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
---
 tests/scripts/generate_psa_tests.py                      | 9 +++++++--
 tests/suites/test_suite_psa_crypto_generate_key.function | 2 +-
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/tests/scripts/generate_psa_tests.py b/tests/scripts/generate_psa_tests.py
index d1307ad11a..a850ea7cbf 100755
--- a/tests/scripts/generate_psa_tests.py
+++ b/tests/scripts/generate_psa_tests.py
@@ -96,7 +96,7 @@ def hack_dependencies_not_implemented(dependencies: List[str]) -> None:
     if _implemented_dependencies is None:
         _implemented_dependencies = \
             read_implemented_dependencies('include/psa/crypto_config.h')
-    if not all(dep.lstrip('!') in _implemented_dependencies
+    if not all((dep.lstrip('!') in _implemented_dependencies or 'PSA_WANT' not in dep)
                for dep in dependencies):
         dependencies.append('DEPENDENCY_NOT_IMPLEMENTED_YET')
 
@@ -260,8 +260,11 @@ class KeyGenerate:
     ECC_KEY_TYPES = ('PSA_KEY_TYPE_ECC_KEY_PAIR',
                      'PSA_KEY_TYPE_ECC_PUBLIC_KEY')
 
-    @staticmethod
+    RSA_KEY_TYPES = ('PSA_KEY_TYPE_RSA_KEY_PAIR',
+                     'PSA_KEY_TYPE_RSA_PUBLIC_KEY')
+
     def test_cases_for_key_type_key_generation(
+            self,
             kt: crypto_knowledge.KeyType
     ) -> Iterator[test_case.TestCase]:
         """Return test cases exercising key generation.
@@ -280,6 +283,8 @@ class KeyGenerate:
             result = 'PSA_ERROR_INVALID_ARGUMENT'
         else:
             generate_dependencies = import_dependencies
+            if kt.name in self.RSA_KEY_TYPES:
+                generate_dependencies.append("MBEDTLS_GENPRIME")
         for bits in kt.sizes_to_test():
             yield test_case_for_key_generation(
                 kt.expression, bits,
diff --git a/tests/suites/test_suite_psa_crypto_generate_key.function b/tests/suites/test_suite_psa_crypto_generate_key.function
index 7404d382a9..d30c0e4876 100644
--- a/tests/suites/test_suite_psa_crypto_generate_key.function
+++ b/tests/suites/test_suite_psa_crypto_generate_key.function
@@ -38,7 +38,7 @@ void generate_key( int key_type, int bits, int result)
     // Verify attributes of the created key on success
     if (_result == PSA_SUCCESS)
     {
-        psa_key_attributes_t key_attributes = {0};
+        psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
         PSA_ASSERT( psa_get_key_attributes( key_id, &key_attributes ) );
         TEST_EQUAL( psa_get_key_lifetime( &key_attributes ), 0 );
         TEST_EQUAL( psa_get_key_usage_flags( &key_attributes ), 0 );

From 61a8b2daf210beb6a78e6065d725d839241ce1ce Mon Sep 17 00:00:00 2001
From: Mateusz Starzyk <mateusz.starzyk@mobica.com>
Date: Thu, 21 Oct 2021 11:46:42 +0200
Subject: [PATCH 743/966] Add changelog entry for CCM*-no-tag.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
---
 ChangeLog.d/ccm_star_no_tag.txt | 8 ++++++++
 1 file changed, 8 insertions(+)
 create mode 100644 ChangeLog.d/ccm_star_no_tag.txt

diff --git a/ChangeLog.d/ccm_star_no_tag.txt b/ChangeLog.d/ccm_star_no_tag.txt
new file mode 100644
index 0000000000..88c0d1fb1f
--- /dev/null
+++ b/ChangeLog.d/ccm_star_no_tag.txt
@@ -0,0 +1,8 @@
+Changes
+   * Ignore plaintext/ciphertext lengths for CCM*-no-tag operations.
+     For CCM* encryption/decryption without authentication, input
+     length will be ignored.
+   * Add support for CCM*-no-tag cipher to the PSA.
+     Currently only 13-byte long IV's are supported.
+     For decryption a minimum of 16-byte long input is expected.
+     These restrictions may be subject to change.

From a5a2399cb0543d73fb0957c0cce8f1963252165d Mon Sep 17 00:00:00 2001
From: Aaron Erhardt <aaron.erhardt@t-online.de>
Date: Fri, 22 Oct 2021 22:05:04 +0200
Subject: [PATCH 744/966] Remove mode param from AES-CTR docs

Signed-off-by: Aaron Erhardt <aaron.erhardt@t-online.de>
---
 include/mbedtls/aes.h | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h
index becbfae1d9..e381c11838 100644
--- a/include/mbedtls/aes.h
+++ b/include/mbedtls/aes.h
@@ -511,10 +511,6 @@ int mbedtls_aes_crypt_ofb( mbedtls_aes_context *ctx,
  * \brief      This function performs an AES-CTR encryption or decryption
  *             operation.
  *
- *             This function performs the operation defined in the \p mode
- *             parameter (encrypt/decrypt), on the input data buffer
- *             defined in the \p input parameter.
- *
  *             Due to the nature of CTR, you must use the same key schedule
  *             for both encryption and decryption operations. Therefore, you
  *             must use the context initialized with mbedtls_aes_setkey_enc()

From 9bb56dc6bed9a5a4ace7d970aab928a68e7b7668 Mon Sep 17 00:00:00 2001
From: Aaron Erhardt <aaron.erhardt@t-online.de>
Date: Fri, 22 Oct 2021 22:05:10 +0200
Subject: [PATCH 745/966] Add return info to sha256 docs

Signed-off-by: Aaron Erhardt <aaron.erhardt@t-online.de>
---
 include/mbedtls/sha256.h | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/include/mbedtls/sha256.h b/include/mbedtls/sha256.h
index 9e6f59dc4b..0cbbac11f2 100644
--- a/include/mbedtls/sha256.h
+++ b/include/mbedtls/sha256.h
@@ -167,6 +167,9 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx,
  *                 for SHA-256, \c 28 bytes for SHA-224.
  * \param is224    Determines which function to use. This must be
  *                 either \c 0 for SHA-256, or \c 1 for SHA-224.
+ *
+ * \return         \c 0 on success.
+ * \return         A negative error code on failure.
  */
 int mbedtls_sha256( const unsigned char *input,
                     size_t ilen,

From 61e35e0047271167720935ecf458778c1bd9ffae Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Thu, 16 Sep 2021 18:59:08 +0800
Subject: [PATCH 746/966] tls13: add generate handshake keys

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_misc.h       |  23 ++++++++
 library/ssl_tls13_keys.c | 117 +++++++++++++++++++++++++++++++++++++++
 library/ssl_tls13_keys.h |  36 +++++-------
 3 files changed, 155 insertions(+), 21 deletions(-)

diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 9041c51d2c..b801499ca1 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -508,6 +508,27 @@ struct mbedtls_ssl_key_set
 };
 typedef struct mbedtls_ssl_key_set mbedtls_ssl_key_set;
 
+typedef struct
+{
+    unsigned char binder_key                  [ MBEDTLS_MD_MAX_SIZE ];
+    unsigned char client_early_traffic_secret [ MBEDTLS_MD_MAX_SIZE ];
+    unsigned char early_exporter_master_secret[ MBEDTLS_MD_MAX_SIZE ];
+} mbedtls_ssl_tls1_3_early_secrets;
+
+typedef struct
+{
+    unsigned char client_handshake_traffic_secret[ MBEDTLS_MD_MAX_SIZE ];
+    unsigned char server_handshake_traffic_secret[ MBEDTLS_MD_MAX_SIZE ];
+} mbedtls_ssl_tls1_3_handshake_secrets;
+
+typedef struct
+{
+    unsigned char client_application_traffic_secret_N[ MBEDTLS_MD_MAX_SIZE ];
+    unsigned char server_application_traffic_secret_N[ MBEDTLS_MD_MAX_SIZE ];
+    unsigned char exporter_master_secret             [ MBEDTLS_MD_MAX_SIZE ];
+    unsigned char resumption_master_secret           [ MBEDTLS_MD_MAX_SIZE ];
+} mbedtls_ssl_tls1_3_application_secrets;
+
 /*
  * This structure contains the parameters only needed during handshake.
  */
@@ -715,6 +736,8 @@ struct mbedtls_ssl_handshake_params
         unsigned char handshake[MBEDTLS_TLS1_3_MD_MAX_SIZE];
         unsigned char app      [MBEDTLS_TLS1_3_MD_MAX_SIZE];
     } tls1_3_master_secrets;
+
+    mbedtls_ssl_tls1_3_handshake_secrets tls1_3_hs_secrets;
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
 
 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index b07c1c3b9e..a20fa51507 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -846,4 +846,121 @@ int mbedtls_ssl_tls1_3_key_schedule_stage_early( mbedtls_ssl_context *ssl )
     return( 0 );
 }
 
+/* mbedtls_ssl_tls1_3_generate_handshake_keys() generates keys necessary for
+ * protecting the handshake messages, as described in Section 7 of TLS 1.3. */
+int mbedtls_ssl_tls1_3_generate_handshake_keys( mbedtls_ssl_context *ssl,
+                                                mbedtls_ssl_key_set *traffic_keys )
+{
+    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+
+    mbedtls_md_type_t md_type;
+    mbedtls_md_info_t const *md_info;
+    size_t md_size;
+
+    unsigned char transcript[MBEDTLS_MD_MAX_SIZE];
+    size_t transcript_len;
+
+    mbedtls_cipher_info_t const *cipher_info;
+    size_t keylen, ivlen;
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> mbedtls_ssl_tls1_3_generate_handshake_keys" ) );
+
+    cipher_info = mbedtls_cipher_info_from_type(
+                    ssl->handshake->ciphersuite_info->cipher );
+    keylen = cipher_info->key_bitlen >> 3;
+    ivlen = cipher_info->iv_size;
+
+    md_type = ssl->handshake->ciphersuite_info->mac;
+    md_info = mbedtls_md_info_from_type( md_type );
+    md_size = mbedtls_md_get_size( md_info );
+
+    ret = mbedtls_ssl_get_handshake_transcript( ssl, md_type,
+                                                transcript,
+                                                sizeof( transcript ),
+                                                &transcript_len );
+    if( ret != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1,
+                               "mbedtls_ssl_get_handshake_transcript",
+                               ret );
+        return( ret );
+    }
+
+    ret = mbedtls_ssl_tls1_3_derive_handshake_secrets( md_type,
+                ssl->handshake->tls1_3_master_secrets.handshake,
+                transcript, transcript_len,
+                &ssl->handshake->tls1_3_hs_secrets );
+    if( ret != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_derive_handshake_secrets",
+                               ret );
+        return( ret );
+    }
+
+    MBEDTLS_SSL_DEBUG_BUF( 4, "Client handshake traffic secret",
+                    ssl->handshake->tls1_3_hs_secrets.client_handshake_traffic_secret,
+                    md_size );
+
+    MBEDTLS_SSL_DEBUG_BUF( 4, "Server handshake traffic secret",
+                    ssl->handshake->tls1_3_hs_secrets.server_handshake_traffic_secret,
+                    md_size );
+
+    /*
+     * Export client handshake traffic secret
+     */
+#if defined(MBEDTLS_SSL_EXPORT_KEYS)
+    if( ssl->f_export_keys != NULL )
+    {
+        ssl->f_export_keys( ssl->p_export_keys,
+                MBEDTLS_SSL_KEY_EXPORT_TLS13_CLIENT_HANDSHAKE_TRAFFIC_SECRET,
+                ssl->handshake->tls1_3_hs_secrets.client_handshake_traffic_secret,
+                md_size,
+                ssl->handshake->randbytes + 32,
+                ssl->handshake->randbytes,
+                MBEDTLS_SSL_TLS_PRF_NONE /* TODO: FIX! */ );
+
+        ssl->f_export_keys( ssl->p_export_keys,
+                MBEDTLS_SSL_KEY_EXPORT_TLS13_SERVER_HANDSHAKE_TRAFFIC_SECRET,
+                ssl->handshake->tls1_3_hs_secrets.server_handshake_traffic_secret,
+                md_size,
+                ssl->handshake->randbytes + 32,
+                ssl->handshake->randbytes,
+                MBEDTLS_SSL_TLS_PRF_NONE /* TODO: FIX! */ );
+    }
+#endif /* MBEDTLS_SSL_EXPORT_KEYS */
+
+    ret = mbedtls_ssl_tls1_3_make_traffic_keys( md_type,
+                ssl->handshake->tls1_3_hs_secrets.client_handshake_traffic_secret,
+                ssl->handshake->tls1_3_hs_secrets.server_handshake_traffic_secret,
+                md_size,
+                keylen, ivlen, traffic_keys );
+    if( ret != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_make_traffic_keys", ret );
+        goto exit;
+    }
+
+    MBEDTLS_SSL_DEBUG_BUF( 4, "client_handshake write_key",
+                           traffic_keys->client_write_key,
+                           traffic_keys->key_len);
+
+    MBEDTLS_SSL_DEBUG_BUF( 4, "server_handshake write_key",
+                           traffic_keys->server_write_key,
+                           traffic_keys->key_len);
+
+    MBEDTLS_SSL_DEBUG_BUF( 4, "client_handshake write_iv",
+                           traffic_keys->client_write_iv,
+                           traffic_keys->iv_len);
+
+    MBEDTLS_SSL_DEBUG_BUF( 4, "server_handshake write_iv",
+                           traffic_keys->server_write_iv,
+                           traffic_keys->iv_len);
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= mbedtls_ssl_tls1_3_generate_handshake_keys" ) );
+
+exit:
+
+    return( ret );
+}
+
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h
index 866aae9117..602d06def4 100644
--- a/library/ssl_tls13_keys.h
+++ b/library/ssl_tls13_keys.h
@@ -70,27 +70,6 @@ extern const struct mbedtls_ssl_tls1_3_labels_struct mbedtls_ssl_tls1_3_labels;
 #define MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_CONTEXT_LEN  \
     MBEDTLS_MD_MAX_SIZE
 
-typedef struct
-{
-    unsigned char binder_key                  [ MBEDTLS_MD_MAX_SIZE ];
-    unsigned char client_early_traffic_secret [ MBEDTLS_MD_MAX_SIZE ];
-    unsigned char early_exporter_master_secret[ MBEDTLS_MD_MAX_SIZE ];
-} mbedtls_ssl_tls1_3_early_secrets;
-
-typedef struct
-{
-    unsigned char client_handshake_traffic_secret[ MBEDTLS_MD_MAX_SIZE ];
-    unsigned char server_handshake_traffic_secret[ MBEDTLS_MD_MAX_SIZE ];
-} mbedtls_ssl_tls1_3_handshake_secrets;
-
-typedef struct
-{
-    unsigned char client_application_traffic_secret_N[ MBEDTLS_MD_MAX_SIZE ];
-    unsigned char server_application_traffic_secret_N[ MBEDTLS_MD_MAX_SIZE ];
-    unsigned char exporter_master_secret             [ MBEDTLS_MD_MAX_SIZE ];
-    unsigned char resumption_master_secret           [ MBEDTLS_MD_MAX_SIZE ];
-} mbedtls_ssl_tls1_3_application_secrets;
-
 /* Maximum desired length for expanded key material generated
  * by HKDF-Expand-Label.
  *
@@ -553,4 +532,19 @@ int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform,
  */
 int mbedtls_ssl_tls1_3_key_schedule_stage_early( mbedtls_ssl_context *ssl );
 
+/**
+ * \brief Compute TLS 1.3 handshake traffic keys.
+ *
+ * \param ssl  The SSL context to operate on. This must be in
+ *             key schedule stage \c Handshake, see
+ *             mbedtls_ssl_tls13_key_schedule_stage_handshake().
+ * \param traffic_keys The address at which to store the handshake traffic key
+ *                     keys. This must be writable but may be uninitialized.
+ *
+ * \returns    \c 0 on success.
+ * \returns    A negative error code on failure.
+ */
+int mbedtls_ssl_tls1_3_generate_handshake_keys( mbedtls_ssl_context *ssl,
+                                        mbedtls_ssl_key_set *traffic_keys );
+
 #endif /* MBEDTLS_SSL_TLS1_3_KEYS_H */

From a0650ebb9d99204d1e14183ee2da0893ade4efab Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Thu, 9 Sep 2021 17:14:45 +0800
Subject: [PATCH 747/966] tls13: add handshake key schedule

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_tls13_keys.c | 92 ++++++++++++++++++++++++++++++++++++++++
 library/ssl_tls13_keys.h | 20 ++++++++-
 2 files changed, 111 insertions(+), 1 deletion(-)

diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index a20fa51507..165cf4cbed 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -963,4 +963,96 @@ exit:
     return( ret );
 }
 
+static int ssl_tls1_3_complete_ephemeral_secret( mbedtls_ssl_context *ssl,
+                                                 unsigned char *secret,
+                                                 size_t secret_len,
+                                                 unsigned char **actual_secret,
+                                                 size_t *actual_len )
+{
+    int ret = 0;
+
+    *actual_secret = NULL;
+    *actual_len = 0;
+    /*
+     * Compute ECDHE secret for second stage of secret evolution.
+     */
+#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED)
+    if( mbedtls_ssl_tls1_3_some_ephemeral_enabled( ssl ) )
+    {
+        if( mbedtls_ssl_tls13_named_group_is_ecdhe(
+                ssl->handshake->offered_group_id ) )
+        {
+#if defined(MBEDTLS_ECDH_C)
+            ret = mbedtls_ecdh_calc_secret( &ssl->handshake->ecdh_ctx,
+                                            actual_len, secret, secret_len,
+                                            ssl->conf->f_rng,
+                                            ssl->conf->p_rng );
+
+            if( ret != 0 )
+            {
+                MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_calc_secret", ret );
+                return( ret );
+            }
+
+            *actual_secret = secret;
+#endif /* MBEDTLS_ECDH_C */
+        }
+        else if( mbedtls_ssl_tls13_named_group_is_dhe(
+                    ssl->handshake->offered_group_id ) )
+        {
+            /* TODO: Not supported yet */
+        }
+    }
+#else
+    ((void) ssl);
+    ((void) secret);
+    ((void) secret_len);
+#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED */
+
+    return( ret );
+}
+
+int mbedtls_ssl_tls1_3_key_schedule_stage_handshake( mbedtls_ssl_context *ssl )
+{
+    int ret = 0;
+    mbedtls_md_type_t const md_type = ssl->handshake->ciphersuite_info->mac;
+#if defined(MBEDTLS_DEBUG_C)
+    mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type );
+    size_t const md_size = mbedtls_md_get_size( md_info );
+#endif /* MBEDTLS_DEBUG_C */
+
+    unsigned char *ephemeral;
+    size_t ephemeral_len;
+
+    unsigned char ecdhe[66]; /* TODO: Magic constant! */
+
+    /* Finalize calculation of ephemeral input to key schedule, if present. */
+    ret = ssl_tls1_3_complete_ephemeral_secret( ssl, ecdhe, sizeof( ecdhe ),
+                                               &ephemeral, &ephemeral_len );
+    if( ret != 0 )
+        return( ret );
+
+    /*
+     * Compute HandshakeSecret
+     */
+
+    ret = mbedtls_ssl_tls1_3_evolve_secret( md_type,
+                              ssl->handshake->tls1_3_master_secrets.early,
+                              ephemeral, ephemeral_len,
+                              ssl->handshake->tls1_3_master_secrets.handshake );
+    if( ret != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_evolve_secret", ret );
+        return( ret );
+    }
+
+    MBEDTLS_SSL_DEBUG_BUF( 4, "Handshake secret",
+            ssl->handshake->tls1_3_master_secrets.handshake, md_size );
+
+#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED)
+    mbedtls_platform_zeroize( ecdhe, sizeof( ecdhe ) );
+#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED */
+    return( 0 );
+}
+
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h
index 602d06def4..536d976cd8 100644
--- a/library/ssl_tls13_keys.h
+++ b/library/ssl_tls13_keys.h
@@ -532,12 +532,30 @@ int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform,
  */
 int mbedtls_ssl_tls1_3_key_schedule_stage_early( mbedtls_ssl_context *ssl );
 
+/**
+ * \brief Transition into handshake stage of TLS 1.3 key schedule.
+ *
+ *        The TLS 1.3 key schedule can be viewed as a simple state machine
+ *        with states Initial -> Early -> Handshake -> Application, and
+ *        this function represents the Early -> Handshake transition.
+ *
+ *        In the handshake stage, mbedtls_ssl_tls1_3_generate_handshake_keys()
+ *        can be used to derive the handshake traffic keys.
+ *
+ * \param ssl  The SSL context to operate on. This must be in key schedule
+ *             stage \c Early.
+ *
+ * \returns    \c 0 on success.
+ * \returns    A negative error code on failure.
+ */
+int mbedtls_ssl_tls1_3_key_schedule_stage_handshake( mbedtls_ssl_context *ssl );
+
 /**
  * \brief Compute TLS 1.3 handshake traffic keys.
  *
  * \param ssl  The SSL context to operate on. This must be in
  *             key schedule stage \c Handshake, see
- *             mbedtls_ssl_tls13_key_schedule_stage_handshake().
+ *             mbedtls_ssl_tls1_3_key_schedule_stage_handshake().
  * \param traffic_keys The address at which to store the handshake traffic key
  *                     keys. This must be writable but may be uninitialized.
  *

From 1efa815db78808b70c7e0856a8ebb944376d82a2 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Thu, 9 Sep 2021 15:42:32 +0800
Subject: [PATCH 748/966] tls13: add ecdh_read_public

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ecdh.c      | 58 +++++++++++++++++++++++++++++++++++++++++++++
 library/ecdh_misc.h |  6 +++++
 2 files changed, 64 insertions(+)

diff --git a/library/ecdh.c b/library/ecdh.c
index b72bd1fe08..0067e0bd4b 100644
--- a/library/ecdh.c
+++ b/library/ecdh.c
@@ -806,6 +806,64 @@ int mbedtls_ecdh_setup_no_everest( mbedtls_ecdh_context *ctx,
 #endif
 }
 
+static int ecdh_tls1_3_read_public_internal( mbedtls_ecdh_context_mbed *ctx,
+                                             const unsigned char *buf,
+                                             size_t blen )
+{
+    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+    const unsigned char *p = buf;
+    const unsigned char *end = buf + blen;
+    size_t data_len;
+
+    if( end - p < 3 )
+        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+
+    data_len = MBEDTLS_GET_UINT16_BE( p, 0 );
+    p += 2;
+
+    if( data_len < 1 || data_len != ( blen - 2 ) )
+        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+
+    /*
+     * Save buffer start for read_binary and update buf
+     */
+    if( ( ret = mbedtls_ecp_point_read_binary( &ctx->grp,
+                                        &ctx->Qp, p, data_len ) ) != 0)
+    {
+        return( ret );
+    }
+
+    return( 0 );
+}
+
+/*
+ * Parse and import the client's TLS 1.3 public value
+ */
+int mbedtls_ecdh_tls1_3_read_public( mbedtls_ecdh_context *ctx,
+                                     const unsigned char *buf,
+                                     size_t blen )
+{
+    ECDH_VALIDATE_RET( ctx != NULL );
+    ECDH_VALIDATE_RET( buf != NULL );
+
+#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
+    return( ecdh_tls1_3_read_public_internal( ctx, buf, blen ) );
+#else
+    switch( ctx->var )
+    {
+#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
+        case MBEDTLS_ECDH_VARIANT_EVEREST:
+            return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
+#endif
+        case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
+            return( ecdh_tls1_3_read_public_internal( &ctx->ctx.mbed_ecdh,
+                                                      buf, blen ) );
+        default:
+            return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+    }
+#endif
+}
+
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
 
 #endif /* MBEDTLS_ECDH_C */
diff --git a/library/ecdh_misc.h b/library/ecdh_misc.h
index d1342f8b91..94d31394b1 100644
--- a/library/ecdh_misc.h
+++ b/library/ecdh_misc.h
@@ -43,6 +43,12 @@ int mbedtls_ecdh_tls13_make_params( mbedtls_ecdh_context *ctx, size_t *olen,
                                     int ( *f_rng )( void *, unsigned char *, size_t ),
                                     void *p_rng );
 
+/*
+ * TLS 1.3 version of mbedtls_ecdh_read_public in ecdh.h
+ */
+int mbedtls_ecdh_tls1_3_read_public( mbedtls_ecdh_context *ctx,
+                                     const unsigned char *buf,
+                                     size_t blen );
 
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
 

From e1b9c297b9c9ce845a1dd325d9cfd69fa5f12465 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Fri, 10 Sep 2021 10:08:31 +0800
Subject: [PATCH 749/966] Add read_server_hello

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_tls13_client.c | 584 ++++++++++++++++++++++++++++++++++++-
 1 file changed, 581 insertions(+), 3 deletions(-)

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 633bb8da2e..054a45d7f6 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -29,11 +29,14 @@
 
 #include "mbedtls/debug.h"
 #include "mbedtls/error.h"
+#include "mbedtls/platform.h"
 
 #include "ssl_misc.h"
 #include "ecdh_misc.h"
+#include "ssl_tls13_keys.h"
 
 #define CLIENT_HELLO_RANDOM_LEN 32
+#define SERVER_HELLO_RANDOM_LEN 32
 
 /* Write extensions */
 
@@ -92,6 +95,36 @@ static int ssl_tls13_write_supported_versions_ext( mbedtls_ssl_context *ssl,
     return( 0 );
 }
 
+static int ssl_tls1_3_parse_supported_versions_ext( mbedtls_ssl_context *ssl,
+                                                    const unsigned char *buf,
+                                                    size_t len )
+{
+    /* TODO: Implement full version and remove force version set in
+     *       ssl_tls_parse_server_hello.
+     *
+     * From page 40,RFC 8446
+     *  If supported_versions extension is present, clients MUST ignore the
+     *  ServerHello.legacy_version value and MUST use only the
+     *  "supported_versions" extension to determine the selected version.  If
+     *  the "supported_versions" extension in the ServerHello contains a
+     *  version not offered by the client or contains a version prior to
+     *  TLS 1.3, the client MUST abort the handshake with an
+     *  "illegal_parameter" alert.
+     */
+
+    ((void) ssl);
+
+    if( len != 2 ||
+        buf[0] != MBEDTLS_SSL_MAJOR_VERSION_3 ||
+        buf[1] != MBEDTLS_SSL_MINOR_VERSION_4 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "unexpected version" ) );
+        return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+    }
+
+    return( 0 );
+}
+
 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
 
 /*
@@ -452,6 +485,125 @@ cleanup:
     return( ret );
 }
 
+#if defined(MBEDTLS_ECDH_C)
+
+/* TODO: Code for MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED missing */
+static int ssl_tls1_3_check_ecdh_params( const mbedtls_ssl_context *ssl )
+{
+    const mbedtls_ecp_curve_info *curve_info;
+    mbedtls_ecp_group_id grp_id;
+#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
+    grp_id = ssl->handshake->ecdh_ctx.grp.id;
+#else
+    grp_id = ssl->handshake->ecdh_ctx.grp_id;
+#endif
+
+    curve_info = mbedtls_ecp_curve_info_from_grp_id( grp_id );
+    if( curve_info == NULL )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    }
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "ECDH curve: %s", curve_info->name ) );
+
+#if defined(MBEDTLS_ECP_C)
+    if( mbedtls_ssl_check_curve( ssl, grp_id ) != 0 )
+#else
+    if( ssl->handshake->ecdh_ctx.grp.nbits < 163 ||
+            ssl->handshake->ecdh_ctx.grp.nbits > 521 )
+#endif
+            return( -1 );
+
+    MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
+                            MBEDTLS_DEBUG_ECDH_QP );
+
+    return( 0 );
+}
+
+/* The ssl_tls1_3_parse_key_share_ext() function is used
+ *  by the client to parse a KeyShare extension in
+ *  a ServerHello message.
+ *
+ *  The server only provides a single KeyShareEntry.
+ */
+static int ssl_tls1_3_read_public_ecdhe_share( mbedtls_ssl_context *ssl,
+                                               const unsigned char *buf,
+                                               size_t len )
+{
+    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+
+    ret = mbedtls_ecdh_tls1_3_read_public( &ssl->handshake->ecdh_ctx,
+                                          buf, len );
+    if( ret != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ecdh_tls13_read_public" ), ret );
+        return( ret );
+    }
+
+    if( ssl_tls1_3_check_ecdh_params( ssl ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "ssl_tls1_3_check_ecdh_params() failed!" ) );
+        return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+    }
+
+    return( 0 );
+}
+#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C */
+
+/*
+ * Parse key_share extension in Server Hello
+ * struct {
+ *        KeyShareEntry server_share;
+ * } KeyShareServerHello;
+ * struct {
+ *        NamedGroup group;
+ *        opaque key_exchange<1..2^16-1>;
+ * } KeyShareEntry;
+ */
+static int ssl_tls1_3_parse_key_share_ext( mbedtls_ssl_context *ssl,
+                                          const unsigned char *buf,
+                                          const unsigned char *end )
+{
+    int ret = 0;
+    const unsigned char *p = buf;
+    uint16_t server_share_group, offered_group;
+
+    /* server_share_group (2 bytes) */
+    MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2);
+    server_share_group = MBEDTLS_GET_UINT16_BE( p, 0 );
+    p += 2;
+
+    /* Check that chosen group matches the one we offered. */
+    offered_group = ssl->handshake->offered_group_id;
+    if( offered_group != server_share_group )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1,
+            ( "Invalid server key share, our group %u, their group %u",
+              (unsigned) offered_group, (unsigned) server_share_group ) );
+        return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+    }
+
+#if defined(MBEDTLS_ECDH_C)
+    if( mbedtls_ssl_tls13_named_group_is_ecdhe( server_share_group ) )
+    {
+        /* Complete ECDHE key agreement */
+        ret = ssl_tls1_3_read_public_ecdhe_share( ssl, p, end - p );
+        if( ret != 0 )
+            return( ret );
+    }
+#endif /* MBEDTLS_ECDH_C */
+    else if( 0 /* other KEMs? */ )
+    {
+        /* Do something */
+    }
+    else
+        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+
+    ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_KEY_SHARE;
+    return( ret );
+}
+
 #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
 
 /* Write cipher_suites
@@ -738,13 +890,439 @@ cleanup:
 }
 
 /*
+ * Functions for parsing and processing ServerHello
+ */
+static int ssl_server_hello_is_hrr( unsigned const char *buf )
+{
+    const unsigned char magic_hrr_string[32] =
+        { 0xCF, 0x21, 0xAD, 0x74, 0xE5, 0x9A, 0x61, 0x11,
+          0xBE, 0x1D, 0x8C, 0x02, 0x1E, 0x65, 0xB8, 0x91,
+          0xC2, 0xA2, 0x11, 0x16, 0x7A, 0xBB, 0x8C, 0x5E,
+          0x07, 0x9E, 0x09, 0xE2, 0xC8, 0xA8, 0x33 ,0x9C };
+
+    /* Check whether this message is a HelloRetryRequest ( HRR ) message.
+     *
+     * ServerHello and HRR are only distinguished by Random set to the
+     * special value of the SHA-256 of "HelloRetryRequest".
+     *
+     * struct {
+     *    ProtocolVersion legacy_version = 0x0303;
+     *    Random random;
+     *    opaque legacy_session_id_echo<0..32>;
+     *    CipherSuite cipher_suite;
+     *    uint8 legacy_compression_method = 0;
+     *    Extension extensions<6..2 ^ 16 - 1>;
+     * } ServerHello;
+     *
+     */
+    if( memcmp( buf + 2, magic_hrr_string,
+                sizeof( magic_hrr_string ) ) == 0 )
+    {
+        return( 1 );
+    }
+
+    return( 0 );
+}
+
+/* Fetch and preprocess
+ * Returns a negative value on failure, and otherwise
+ * - SSL_SERVER_HELLO_COORDINATE_HELLO or
+ * - SSL_SERVER_HELLO_COORDINATE_HRR
+ * to indicate which message is expected and to be parsed next. */
+#define SSL_SERVER_HELLO_COORDINATE_HELLO  0
+#define SSL_SERVER_HELLO_COORDINATE_HRR 1
+static int ssl_server_hello_coordinate( mbedtls_ssl_context *ssl,
+                                        unsigned char **buf,
+                                        size_t *buf_len )
+{
+    int ret;
+
+    MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_read_record( ssl, 0 ) );
+
+    /* TBD: If we do an HRR, keep track of the number
+     * of ClientHello's we sent, and fail if it
+     * exceeds the configured threshold. */
+
+    if( ( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ) ||
+        ( ssl->in_msg[0] != MBEDTLS_SSL_HS_SERVER_HELLO ) )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "unexpected message" ) );
+
+        MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE,
+                                      MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
+        return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
+    }
+
+    *buf = ssl->in_msg + 4;
+    *buf_len = ssl->in_hslen - 4;
+
+    if( ssl_server_hello_is_hrr( ssl->in_msg + 4 ) )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "received HelloRetryRequest message" ) );
+        ret = SSL_SERVER_HELLO_COORDINATE_HRR;
+    }
+    else
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "received ServerHello message" ) );
+        ret = SSL_SERVER_HELLO_COORDINATE_HELLO;
+    }
+
+cleanup:
+
+    return( ret );
+}
+
+static int ssl_tls1_3_check_server_hello_session_id( mbedtls_ssl_context *ssl,
+                                                    const unsigned char **buf,
+                                                    const unsigned char *end )
+{
+    const unsigned char *p = *buf;
+    size_t recv_id_len;
+
+    MBEDTLS_SSL_CHK_BUF_PTR( p, end, 1 );
+    recv_id_len = *p++ ;
+
+    MBEDTLS_SSL_CHK_BUF_PTR( p, end, recv_id_len );
+
+    /* legacy_session_id_echo */
+    if( ssl->session_negotiate->id_len != recv_id_len )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "Mismatch of session id length:"
+            " id_len = %" MBEDTLS_PRINTF_SIZET
+            " , recv_id_len = %" MBEDTLS_PRINTF_SIZET,
+            ssl->session_negotiate->id_len, recv_id_len ) );
+        return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+    }
+
+    if( memcmp( ssl->session_negotiate->id, p , recv_id_len ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "Unexpected legacy_session_id_echo" ) );
+        MBEDTLS_SSL_DEBUG_BUF( 3, "Expected Session ID",
+                               ssl->session_negotiate->id,
+                               ssl->session_negotiate->id_len );
+        MBEDTLS_SSL_DEBUG_BUF( 3, "Received Session ID", p,
+                               ssl->session_negotiate->id_len );
+        return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+    }
+
+    p += recv_id_len;
+    *buf = p;
+
+    MBEDTLS_SSL_DEBUG_BUF( 3, "Session ID", ssl->session_negotiate->id,
+                            recv_id_len );
+    return( 0 );
+}
+
+static int ssl_tls1_3_cipher_suite_is_offered( mbedtls_ssl_context *ssl,
+                                              uint16_t cipher_suite )
+{
+    /* Check whether we have offered this ciphersuite */
+    for ( int i = 0; ssl->conf->ciphersuite_list[i] != 0; i++ )
+    {
+        if( ssl->conf->ciphersuite_list[i] == cipher_suite )
+        {
+            return( 1 );
+        }
+    }
+    return( 0 );
+}
+
+/* Parse ServerHello message and configure context
+ *
+ * struct {
+ *    ProtocolVersion legacy_version = 0x0303; // TLS 1.2
+ *    Random random;
+ *    opaque legacy_session_id_echo<0..32>;
+ *    CipherSuite cipher_suite;
+ *    uint8 legacy_compression_method = 0;
+ *    Extension extensions<6..2 ^ 16 - 1>;
+ * } ServerHello;
+ */
+static int ssl_tls1_3_parse_server_hello( mbedtls_ssl_context *ssl,
+                                          const unsigned char *buf,
+                                          const unsigned char *end )
+{
+
+    int ret;
+    const unsigned char *p = buf;
+    size_t field_len; /* Length of field */
+    const unsigned char *ext_end; /* Pointer to end of individual extension */
+    uint16_t cipher_suite;
+    const mbedtls_ssl_ciphersuite_t* ciphersuite_info;
+
+    /*
+     * Check there is space for minimal fields
+     *
+     * - legacy_version             ( 2 bytes)
+     * - random                     (32 bytes)
+     * - legacy_session_id_echo     ( 1 byte ), minimum size
+     * - cipher_suite               ( 2 bytes)
+     * - legacy_compression_method  ( 1 byte )
+     */
+    if( mbedtls_ssl_chk_buf_ptr( p, end, 38 ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1,
+            ( "bad server hello message - min size not reached" ) );
+        MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,
+                                      MBEDTLS_ERR_SSL_DECODE_ERROR );
+        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+    }
+
+    MBEDTLS_SSL_DEBUG_BUF( 4, "server hello", p, end - p );
+
+    MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, version", p, 2 );
+
+    /* legacy_version must be 0x0303 (TLS 1.2) */
+    if( !( p[0] == MBEDTLS_SSL_MAJOR_VERSION_3 &&
+           p[1] == MBEDTLS_SSL_MINOR_VERSION_3 ) )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "Unsupported version of TLS." ) );
+        MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION,
+                                      MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION );
+        return( MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION );
+    }
+    p += 2;
+    /* Internally we use the correct 1.3 version
+     * TODO: Remove below lines after supported_versions extension
+     *       finished.
+     */
+    ssl->major_ver = MBEDTLS_SSL_MAJOR_VERSION_3;
+    ssl->minor_ver = MBEDTLS_SSL_MINOR_VERSION_4;
+
+    /* Store server-provided random values */
+    memcpy( ssl->handshake->randbytes + CLIENT_HELLO_RANDOM_LEN, p,
+            SERVER_HELLO_RANDOM_LEN );
+    MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, random bytes",
+                           p, SERVER_HELLO_RANDOM_LEN );
+    p += SERVER_HELLO_RANDOM_LEN;
+
+    /* Read and store session id (legacy_session_id_echo) */
+    if( ssl_tls1_3_check_server_hello_session_id( ssl, &p, end ) != 0 )
+    {
+        MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
+                                      MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+        return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+    }
+
+    /* Read server-selected ciphersuite,
+       Check if there is space for cipher_suite. */
+    MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2);
+    cipher_suite = MBEDTLS_GET_UINT16_BE( p, 0 );
+    p += 2;
+
+    /* Configure ciphersuites */
+    ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( cipher_suite );
+    ssl->handshake->ciphersuite_info = ciphersuite_info;
+    if( ciphersuite_info == NULL )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "ciphersuite info for %04x not found",
+                                    cipher_suite ) );
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
+
+        MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE,
+                                      MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    }
+
+    mbedtls_ssl_optimize_checksum( ssl, ssl->handshake->ciphersuite_info );
+
+    ssl->session_negotiate->ciphersuite = cipher_suite;
+
+    ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( cipher_suite );
+
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: ( %04x ) - %s",
+                                 cipher_suite, ciphersuite_info->name ) );
+
+#if defined(MBEDTLS_HAVE_TIME)
+    ssl->session_negotiate->start = time( NULL );
+#endif /* MBEDTLS_HAVE_TIME */
+
+    /* Check whether we have offered this ciphersuite */
+    /* Via the force_ciphersuite version we may have instructed the client */
+    /* to use a difference ciphersuite. */
+    if( ssl_tls1_3_cipher_suite_is_offered( ssl, cipher_suite ) == 0 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "ciphersuite(%04x) is not in offered list",
+                                    cipher_suite ) );
+        MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE,
+                                      MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+        return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+    }
+
+    /* Ensure that compression method is set to zero
+     *
+     * legacy_compression_method == 0 ( 1 byte)
+     */
+    MBEDTLS_SSL_CHK_BUF_PTR( p, end, 1 );
+    if( p[0] != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
+        MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
+                                      MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+        return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+    }
+    p++;
+
+    /* Check there is space fore extensions_length */
+    if( mbedtls_ssl_chk_buf_ptr( p, end, 2 ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
+        MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,
+                                      MBEDTLS_ERR_SSL_DECODE_ERROR );
+        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+    }
+
+    /* Get length of extensions field (2 bytes)*/
+    MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
+    field_len = MBEDTLS_GET_UINT16_BE( p, 0 );
+    p += 2;
+    /* Check there is space for extensions_data */
+    if( mbedtls_ssl_chk_buf_ptr( p, end, field_len ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
+        MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,
+                                      MBEDTLS_ERR_SSL_DECODE_ERROR );
+        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+    }
+    /* Set end of extensions */
+    ext_end = p + field_len;
+
+    MBEDTLS_SSL_DEBUG_MSG( 3,
+        ( "server hello, total extension length: %" MBEDTLS_PRINTF_SIZET ,
+          field_len ) );
+
+    MBEDTLS_SSL_DEBUG_BUF( 3, "server hello extensions", p, field_len );
+
+    while ( p < ext_end )
+    {
+        unsigned int extension_type;
+        size_t extension_data_len;
+
+        /*
+         *    ....
+         *    Extension extensions<6..2 ^ 16 - 1>;
+         *    ....
+         * struct {
+         *      ExtensionType extension_type;
+         *      opaque extension_data<0..2^16-1>;
+         * } Extension;
+         * extension_type           (2 bytes)
+         * extension_data_length    (2 bytes)
+         */
+        MBEDTLS_SSL_CHK_BUF_PTR( p, ext_end, 4 );
+        extension_type = MBEDTLS_GET_UINT16_BE( p, 0 );
+        extension_data_len = MBEDTLS_GET_UINT16_BE( p, 2 );
+        p += 4;
+
+        if( mbedtls_ssl_chk_buf_ptr( p, ext_end, extension_data_len ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
+            MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,
+                                          MBEDTLS_ERR_SSL_DECODE_ERROR );
+            return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+        }
+
+        switch( extension_type )
+        {
+            case MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS:
+                MBEDTLS_SSL_DEBUG_MSG( 3,
+                            ( "found supported_versions extension" ) );
+
+                ret = ssl_tls1_3_parse_supported_versions_ext( ssl,
+                                                        p, extension_data_len );
+                if( ret != 0 )
+                    return( ret );
+                break;
+
+            case MBEDTLS_TLS_EXT_PRE_SHARED_KEY:
+                MBEDTLS_SSL_DEBUG_MSG( 3, ( "found pre_shared_key extension." ) );
+                MBEDTLS_SSL_DEBUG_MSG( 3, ( "pre_shared_key:Not supported yet" ) );
+                break;
+
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+            case MBEDTLS_TLS_EXT_KEY_SHARE:
+                MBEDTLS_SSL_DEBUG_MSG( 3, ( "found key_shares extension" ) );
+                if( ( ret = ssl_tls1_3_parse_key_share_ext( ssl,
+                                            p, p + extension_data_len ) ) != 0 )
+                {
+                    MBEDTLS_SSL_DEBUG_RET( 1,
+                                           "ssl_tls1_3_parse_key_share_ext",
+                                           ret );
+                    return( ret );
+                }
+                break;
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+
+            default:
+                MBEDTLS_SSL_DEBUG_MSG( 3,
+                                       ( "unknown extension found: %u ( ignoring )",
+                                         extension_type ) );
+        }
+
+        p += extension_data_len;
+    }
+
+    return( 0 );
+}
+
+static int ssl_tls13_finalize_server_hello( mbedtls_ssl_context *ssl )
+{
+    ((void) ssl);
+    MBEDTLS_SSL_DEBUG_MSG( 1, ( "postprocess hasn't been implemented" ) );
+    return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+}
+
+/*
+ * Wait and Parse ServerHello handshake message.
  * Handler for MBEDTLS_SSL_SERVER_HELLO
  */
 static int ssl_tls1_3_process_server_hello( mbedtls_ssl_context *ssl )
 {
-    MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) );
-    mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS );
-    return( 0 );
+    int ret = 0;
+    unsigned char *buf;
+    size_t buf_len;
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> %s", __func__ ) );
+
+    /* Coordination step
+     * - Fetch record
+     * - Make sure it's either a ServerHello or a HRR.
+     * - Switch processing routine in case of HRR
+     */
+
+    ssl->major_ver = MBEDTLS_SSL_MAJOR_VERSION_3;
+    ssl->handshake->extensions_present = MBEDTLS_SSL_EXT_NONE;
+
+
+    ret = ssl_server_hello_coordinate( ssl, &buf, &buf_len );
+    /* Parsing step
+     * We know what message to expect by now and call
+     * the respective parsing function.
+     */
+    if( ret == SSL_SERVER_HELLO_COORDINATE_HELLO )
+    {
+        MBEDTLS_SSL_PROC_CHK( ssl_tls1_3_parse_server_hello( ssl, buf,
+                                                             buf + buf_len ) );
+
+        mbedtls_ssl_tls1_3_add_hs_msg_to_checksum( ssl,
+                                                   MBEDTLS_SSL_HS_SERVER_HELLO,
+                                                   buf, buf_len );
+
+        MBEDTLS_SSL_PROC_CHK( ssl_tls13_finalize_server_hello( ssl ) );
+    }
+    else if( ret == SSL_SERVER_HELLO_COORDINATE_HRR )
+    {
+        /* TODO: Implement HRR in future #4915 */
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "HRR hasn't been implemented" ) );
+
+        MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE,
+                                      MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
+        ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
+    }
+
+cleanup:
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= %s", __func__ ) );
+    return( ret );
 }
 
 /*

From 0b17784932d4094e39f0ec090cb2663012ef2821 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Sun, 5 Sep 2021 19:41:30 +0800
Subject: [PATCH 750/966] Add finalize function

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_tls13_client.c | 98 ++++++++++++++++++++++++++++++++++++--
 1 file changed, 93 insertions(+), 5 deletions(-)

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 054a45d7f6..5502c885f8 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -1265,11 +1265,99 @@ static int ssl_tls1_3_parse_server_hello( mbedtls_ssl_context *ssl,
     return( 0 );
 }
 
-static int ssl_tls13_finalize_server_hello( mbedtls_ssl_context *ssl )
+static int ssl_tls1_3_finalize_server_hello( mbedtls_ssl_context *ssl )
 {
-    ((void) ssl);
-    MBEDTLS_SSL_DEBUG_MSG( 1, ( "postprocess hasn't been implemented" ) );
-    return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+    int ret;
+    mbedtls_ssl_key_set traffic_keys;
+    mbedtls_ssl_transform *transform_handshake;
+
+    /* We need to set the key exchange algorithm based on the
+     * following rules:
+     *
+     *   1 ) IF PRE_SHARED_KEY extension was received
+     *      THEN set MBEDTLS_KEY_EXCHANGE_PSK
+     *   2 ) IF PRE_SHARED_KEY extension && KEY_SHARE was received
+     *      THEN set MBEDTLS_KEY_EXCHANGE_ECDHE_PSK
+     *   3 ) IF KEY_SHARES extension was received && SIG_ALG extension received
+     *      THEN set MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
+     *   ELSE unknown key exchange mechanism.
+     */
+
+    if( ssl->handshake->extensions_present & MBEDTLS_SSL_EXT_PRE_SHARED_KEY )
+    {
+        if( ssl->handshake->extensions_present & MBEDTLS_SSL_EXT_KEY_SHARE )
+            ssl->handshake->tls1_3_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_EPHEMERAL;
+        else
+            ssl->handshake->tls1_3_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK;
+    }
+    else if( ssl->handshake->extensions_present & MBEDTLS_SSL_EXT_KEY_SHARE )
+        ssl->handshake->tls1_3_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL;
+    else
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "Unknown key exchange." ) );
+        return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+    }
+
+    /* Start the TLS 1.3 key schedule: Set the PSK and derive early secret.
+     *
+     * TODO: We don't have to do this in case we offered 0-RTT and the
+     *       server accepted it. In this case, we could skip generating
+     *       the early secret. */
+    ret = mbedtls_ssl_tls1_3_key_schedule_stage_early( ssl );
+    if( ret != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_key_schedule_stage_early_data",
+                               ret );
+        return( ret );
+    }
+
+    /* Compute handshake secret */
+    ret = mbedtls_ssl_tls1_3_key_schedule_stage_handshake( ssl );
+    if( ret != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_derive_master_secret", ret );
+        return( ret );
+    }
+
+    /* Next evolution in key schedule: Establish handshake secret and
+     * key material. */
+    ret = mbedtls_ssl_tls1_3_generate_handshake_keys( ssl, &traffic_keys );
+    if( ret != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1,
+                "mbedtls_ssl_tls1_3_generate_handshake_keys", ret );
+        return( ret );
+    }
+
+    transform_handshake =
+        mbedtls_calloc( 1, sizeof( mbedtls_ssl_transform ) );
+    if( transform_handshake == NULL )
+        return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+
+    ret = mbedtls_ssl_tls13_populate_transform( transform_handshake,
+                              ssl->conf->endpoint,
+                              ssl->session_negotiate->ciphersuite,
+                              &traffic_keys,
+                              ssl );
+    if( ret != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_populate_transform", ret );
+        return( ret );
+    }
+
+    ssl->handshake->transform_handshake = transform_handshake;
+    mbedtls_ssl_set_inbound_transform( ssl, ssl->handshake->transform_handshake );
+
+    MBEDTLS_SSL_DEBUG_MSG( 1, ( "Switch to handshake keys for inbound traffic" ) );
+    ssl->session_in = ssl->session_negotiate;
+
+    /*
+     * State machine update
+     */
+    mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS );
+
+    mbedtls_platform_zeroize( &traffic_keys, sizeof( traffic_keys ) );
+    return( 0 );
 }
 
 /*
@@ -1308,7 +1396,7 @@ static int ssl_tls1_3_process_server_hello( mbedtls_ssl_context *ssl )
                                                    MBEDTLS_SSL_HS_SERVER_HELLO,
                                                    buf, buf_len );
 
-        MBEDTLS_SSL_PROC_CHK( ssl_tls13_finalize_server_hello( ssl ) );
+        MBEDTLS_SSL_PROC_CHK( ssl_tls1_3_finalize_server_hello( ssl ) );
     }
     else if( ret == SSL_SERVER_HELLO_COORDINATE_HRR )
     {

From 4ae2d62ccee7083bf7a18d5c7db68f1dbf174ada Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Wed, 15 Sep 2021 15:34:56 +0800
Subject: [PATCH 751/966] Improve tls13 handshake test

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 tests/ssl-opt.sh | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index e90a35226b..ec37221279 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -8692,7 +8692,9 @@ run_test    "TLS1.3: Test client hello msg work - openssl" \
             -c "tls1_3 client state: 20"    \
             -c "tls1_3 client state: 11"    \
             -c "tls1_3 client state: 14"    \
-            -c "tls1_3 client state: 15"
+            -c "tls1_3 client state: 15"    \
+            -c "<= ssl_tls1_3_process_server_hello" \
+            -c "=> ssl_tls1_3_process_server_hello"
 
 requires_gnutls_tls1_3
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
@@ -8713,7 +8715,9 @@ run_test    "TLS1.3: Test client hello msg work - gnutls" \
             -c "tls1_3 client state: 20"    \
             -c "tls1_3 client state: 11"    \
             -c "tls1_3 client state: 14"    \
-            -c "tls1_3 client state: 15"
+            -c "tls1_3 client state: 15"    \
+            -c "<= ssl_tls1_3_process_server_hello" \
+            -c "=> ssl_tls1_3_process_server_hello"
 
 # Test heap memory usage after handshake
 requires_config_enabled MBEDTLS_MEMORY_DEBUG

From fd532e506b5ebc313e7d2ef9330d13d643bbb623 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Sun, 19 Sep 2021 15:57:53 +0800
Subject: [PATCH 752/966] fix set key exchange mode issue

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_tls13_client.c | 34 +++++++++++++++++++++++-----------
 1 file changed, 23 insertions(+), 11 deletions(-)

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 5502c885f8..463821b28d 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -1274,26 +1274,38 @@ static int ssl_tls1_3_finalize_server_hello( mbedtls_ssl_context *ssl )
     /* We need to set the key exchange algorithm based on the
      * following rules:
      *
-     *   1 ) IF PRE_SHARED_KEY extension was received
-     *      THEN set MBEDTLS_KEY_EXCHANGE_PSK
-     *   2 ) IF PRE_SHARED_KEY extension && KEY_SHARE was received
-     *      THEN set MBEDTLS_KEY_EXCHANGE_ECDHE_PSK
-     *   3 ) IF KEY_SHARES extension was received && SIG_ALG extension received
-     *      THEN set MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
+     *   1) IF PRE_SHARED_KEY extension was received
+     *          THEN set KEY_EXCHANGE_MODE_PSK_EPHEMERAL;
+     *   2) IF PRE_SHARED_KEY extension && KEY_SHARE was received
+     *          THEN set KEY_EXCHANGE_MODE_PSK;
+     *   3) IF KEY_SHARES extension was received && SIG_ALG extension received
+     *      THEN set KEY_EXCHANGE_MODE_EPHEMERAL
      *   ELSE unknown key exchange mechanism.
      */
-
     if( ssl->handshake->extensions_present & MBEDTLS_SSL_EXT_PRE_SHARED_KEY )
     {
         if( ssl->handshake->extensions_present & MBEDTLS_SSL_EXT_KEY_SHARE )
-            ssl->handshake->tls1_3_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_EPHEMERAL;
+        {
+            /* Condition 2) */
+            ssl->handshake->tls1_3_kex_modes =
+                MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_EPHEMERAL;
+        }
         else
-            ssl->handshake->tls1_3_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK;
+        {
+            /* Condition 1) */
+            ssl->handshake->tls1_3_kex_modes =
+                MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK;
+        }
+    }
+    else if( ( ssl->handshake->extensions_present & MBEDTLS_SSL_EXT_KEY_SHARE ) )
+    {
+        /* Condition 3) */
+        ssl->handshake->tls1_3_kex_modes =
+            MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL;
     }
-    else if( ssl->handshake->extensions_present & MBEDTLS_SSL_EXT_KEY_SHARE )
-        ssl->handshake->tls1_3_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL;
     else
     {
+        /* ELSE case */
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "Unknown key exchange." ) );
         return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
     }

From de4fb2cc346be9b977ead03a9e932abc575b3c57 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Sun, 19 Sep 2021 18:05:08 +0800
Subject: [PATCH 753/966] Apply check read ptr macro

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_tls13_client.c | 52 +++++++++-----------------------------
 1 file changed, 12 insertions(+), 40 deletions(-)

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 463821b28d..57a0b2882a 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -570,7 +570,7 @@ static int ssl_tls1_3_parse_key_share_ext( mbedtls_ssl_context *ssl,
     uint16_t server_share_group, offered_group;
 
     /* server_share_group (2 bytes) */
-    MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2);
+    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2);
     server_share_group = MBEDTLS_GET_UINT16_BE( p, 0 );
     p += 2;
 
@@ -979,10 +979,10 @@ static int ssl_tls1_3_check_server_hello_session_id( mbedtls_ssl_context *ssl,
     const unsigned char *p = *buf;
     size_t recv_id_len;
 
-    MBEDTLS_SSL_CHK_BUF_PTR( p, end, 1 );
+    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 1 );
     recv_id_len = *p++ ;
 
-    MBEDTLS_SSL_CHK_BUF_PTR( p, end, recv_id_len );
+    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, recv_id_len );
 
     /* legacy_session_id_echo */
     if( ssl->session_negotiate->id_len != recv_id_len )
@@ -1042,13 +1042,12 @@ static int ssl_tls1_3_parse_server_hello( mbedtls_ssl_context *ssl,
                                           const unsigned char *buf,
                                           const unsigned char *end )
 {
-
     int ret;
     const unsigned char *p = buf;
     size_t field_len; /* Length of field */
     const unsigned char *ext_end; /* Pointer to end of individual extension */
     uint16_t cipher_suite;
-    const mbedtls_ssl_ciphersuite_t* ciphersuite_info;
+    const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
 
     /*
      * Check there is space for minimal fields
@@ -1059,14 +1058,7 @@ static int ssl_tls1_3_parse_server_hello( mbedtls_ssl_context *ssl,
      * - cipher_suite               ( 2 bytes)
      * - legacy_compression_method  ( 1 byte )
      */
-    if( mbedtls_ssl_chk_buf_ptr( p, end, 38 ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1,
-            ( "bad server hello message - min size not reached" ) );
-        MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,
-                                      MBEDTLS_ERR_SSL_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
-    }
+    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 38 );
 
     MBEDTLS_SSL_DEBUG_BUF( 4, "server hello", p, end - p );
 
@@ -1106,7 +1098,7 @@ static int ssl_tls1_3_parse_server_hello( mbedtls_ssl_context *ssl,
 
     /* Read server-selected ciphersuite,
        Check if there is space for cipher_suite. */
-    MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2);
+    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2);
     cipher_suite = MBEDTLS_GET_UINT16_BE( p, 0 );
     p += 2;
 
@@ -1153,7 +1145,7 @@ static int ssl_tls1_3_parse_server_hello( mbedtls_ssl_context *ssl,
      *
      * legacy_compression_method == 0 ( 1 byte)
      */
-    MBEDTLS_SSL_CHK_BUF_PTR( p, end, 1 );
+    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 1 );
     if( p[0] != 0 )
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
@@ -1164,26 +1156,13 @@ static int ssl_tls1_3_parse_server_hello( mbedtls_ssl_context *ssl,
     p++;
 
     /* Check there is space fore extensions_length */
-    if( mbedtls_ssl_chk_buf_ptr( p, end, 2 ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
-        MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,
-                                      MBEDTLS_ERR_SSL_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
-    }
-
+    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2 );
     /* Get length of extensions field (2 bytes)*/
-    MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
     field_len = MBEDTLS_GET_UINT16_BE( p, 0 );
     p += 2;
+
     /* Check there is space for extensions_data */
-    if( mbedtls_ssl_chk_buf_ptr( p, end, field_len ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
-        MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,
-                                      MBEDTLS_ERR_SSL_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
-    }
+    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, field_len );
     /* Set end of extensions */
     ext_end = p + field_len;
 
@@ -1209,18 +1188,12 @@ static int ssl_tls1_3_parse_server_hello( mbedtls_ssl_context *ssl,
          * extension_type           (2 bytes)
          * extension_data_length    (2 bytes)
          */
-        MBEDTLS_SSL_CHK_BUF_PTR( p, ext_end, 4 );
+        MBEDTLS_SSL_CHK_BUF_READ_PTR( p, ext_end, 4 );
         extension_type = MBEDTLS_GET_UINT16_BE( p, 0 );
         extension_data_len = MBEDTLS_GET_UINT16_BE( p, 2 );
         p += 4;
 
-        if( mbedtls_ssl_chk_buf_ptr( p, ext_end, extension_data_len ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
-            MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,
-                                          MBEDTLS_ERR_SSL_DECODE_ERROR );
-            return( MBEDTLS_ERR_SSL_DECODE_ERROR );
-        }
+        MBEDTLS_SSL_CHK_BUF_READ_PTR( p, ext_end, extension_data_len );
 
         switch( extension_type )
         {
@@ -1393,7 +1366,6 @@ static int ssl_tls1_3_process_server_hello( mbedtls_ssl_context *ssl )
     ssl->major_ver = MBEDTLS_SSL_MAJOR_VERSION_3;
     ssl->handshake->extensions_present = MBEDTLS_SSL_EXT_NONE;
 
-
     ret = ssl_server_hello_coordinate( ssl, &buf, &buf_len );
     /* Parsing step
      * We know what message to expect by now and call

From 42920ec5a59a4453ec55f824a64c10776bf61f71 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Tue, 28 Sep 2021 14:31:15 +0800
Subject: [PATCH 754/966] tls1_3:skip handshake msg test with PSA_CRYPTO

tls1_3 hasn't implemented PSA version get transcript

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 tests/ssl-opt.sh | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index ec37221279..2b91025fd2 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -8675,6 +8675,7 @@ run_test    "TLS1.3: handshake dispatch test: tls1_3 only" \
 
 requires_openssl_tls1_3
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
+requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
 run_test    "TLS1.3: Test client hello msg work - openssl" \
             "$O_NEXT_SRV -tls1_3 -msg" \
             "$P_CLI debug_level=2 min_version=tls1_3 max_version=tls1_3" \
@@ -8698,6 +8699,7 @@ run_test    "TLS1.3: Test client hello msg work - openssl" \
 
 requires_gnutls_tls1_3
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
+requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
 run_test    "TLS1.3: Test client hello msg work - gnutls" \
             "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --debug=4" \
             "$P_CLI debug_level=2 min_version=tls1_3 max_version=tls1_3" \

From 5ccfcd4ca13577ee578ddef5b985a4d0087665e7 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Mon, 11 Oct 2021 16:39:29 +0800
Subject: [PATCH 755/966] Add local variable to represent handshake

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_tls13_keys.c | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index 165cf4cbed..5e6182f1cf 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -826,17 +826,18 @@ int mbedtls_ssl_tls1_3_key_schedule_stage_early( mbedtls_ssl_context *ssl )
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_md_type_t md_type;
+    mbedtls_ssl_handshake_params *handshake = ssl->handshake;
 
-    if( ssl->handshake->ciphersuite_info == NULL )
+    if( handshake->ciphersuite_info == NULL )
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "cipher suite info not found" ) );
         return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
     }
 
-    md_type = ssl->handshake->ciphersuite_info->mac;
+    md_type = handshake->ciphersuite_info->mac;
 
     ret = mbedtls_ssl_tls1_3_evolve_secret( md_type, NULL, NULL, 0,
-                                ssl->handshake->tls1_3_master_secrets.early );
+                                            handshake->tls1_3_master_secrets.early );
     if( ret != 0 )
     {
         MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_evolve_secret", ret );
@@ -1015,7 +1016,8 @@ static int ssl_tls1_3_complete_ephemeral_secret( mbedtls_ssl_context *ssl,
 int mbedtls_ssl_tls1_3_key_schedule_stage_handshake( mbedtls_ssl_context *ssl )
 {
     int ret = 0;
-    mbedtls_md_type_t const md_type = ssl->handshake->ciphersuite_info->mac;
+    mbedtls_ssl_handshake_params *handshake = ssl->handshake;
+    mbedtls_md_type_t const md_type = handshake->ciphersuite_info->mac;
 #if defined(MBEDTLS_DEBUG_C)
     mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type );
     size_t const md_size = mbedtls_md_get_size( md_info );
@@ -1037,9 +1039,9 @@ int mbedtls_ssl_tls1_3_key_schedule_stage_handshake( mbedtls_ssl_context *ssl )
      */
 
     ret = mbedtls_ssl_tls1_3_evolve_secret( md_type,
-                              ssl->handshake->tls1_3_master_secrets.early,
-                              ephemeral, ephemeral_len,
-                              ssl->handshake->tls1_3_master_secrets.handshake );
+                                            handshake->tls1_3_master_secrets.early,
+                                            ephemeral, ephemeral_len,
+                                            handshake->tls1_3_master_secrets.handshake );
     if( ret != 0 )
     {
         MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_evolve_secret", ret );
@@ -1047,7 +1049,7 @@ int mbedtls_ssl_tls1_3_key_schedule_stage_handshake( mbedtls_ssl_context *ssl )
     }
 
     MBEDTLS_SSL_DEBUG_BUF( 4, "Handshake secret",
-            ssl->handshake->tls1_3_master_secrets.handshake, md_size );
+                           handshake->tls1_3_master_secrets.handshake, md_size );
 
 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED)
     mbedtls_platform_zeroize( ecdhe, sizeof( ecdhe ) );

From f0ac2352d6b8cc3f63902fcb4cdd72cf1190df3c Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Mon, 11 Oct 2021 17:47:07 +0800
Subject: [PATCH 756/966] Refactor key_schedule_stage_handshake

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_tls13_client.c |   2 +-
 library/ssl_tls13_keys.c   | 102 ++++++++++++++-----------------------
 library/ssl_tls13_keys.h   |   4 +-
 3 files changed, 41 insertions(+), 67 deletions(-)

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 57a0b2882a..8a167a51d4 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -1297,7 +1297,7 @@ static int ssl_tls1_3_finalize_server_hello( mbedtls_ssl_context *ssl )
     }
 
     /* Compute handshake secret */
-    ret = mbedtls_ssl_tls1_3_key_schedule_stage_handshake( ssl );
+    ret = mbedtls_ssl_tls13_key_schedule_stage_handshake( ssl );
     if( ret != 0 )
     {
         MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_derive_master_secret", ret );
diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index 5e6182f1cf..7ba5b5f8f6 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -964,83 +964,57 @@ exit:
     return( ret );
 }
 
-static int ssl_tls1_3_complete_ephemeral_secret( mbedtls_ssl_context *ssl,
-                                                 unsigned char *secret,
-                                                 size_t secret_len,
-                                                 unsigned char **actual_secret,
-                                                 size_t *actual_len )
+int mbedtls_ssl_tls13_key_schedule_stage_handshake( mbedtls_ssl_context *ssl )
 {
-    int ret = 0;
-
-    *actual_secret = NULL;
-    *actual_len = 0;
-    /*
-     * Compute ECDHE secret for second stage of secret evolution.
-     */
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED)
-    if( mbedtls_ssl_tls1_3_some_ephemeral_enabled( ssl ) )
-    {
-        if( mbedtls_ssl_tls13_named_group_is_ecdhe(
-                ssl->handshake->offered_group_id ) )
-        {
-#if defined(MBEDTLS_ECDH_C)
-            ret = mbedtls_ecdh_calc_secret( &ssl->handshake->ecdh_ctx,
-                                            actual_len, secret, secret_len,
-                                            ssl->conf->f_rng,
-                                            ssl->conf->p_rng );
-
-            if( ret != 0 )
-            {
-                MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_calc_secret", ret );
-                return( ret );
-            }
-
-            *actual_secret = secret;
-#endif /* MBEDTLS_ECDH_C */
-        }
-        else if( mbedtls_ssl_tls13_named_group_is_dhe(
-                    ssl->handshake->offered_group_id ) )
-        {
-            /* TODO: Not supported yet */
-        }
-    }
-#else
-    ((void) ssl);
-    ((void) secret);
-    ((void) secret_len);
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED */
-
-    return( ret );
-}
-
-int mbedtls_ssl_tls1_3_key_schedule_stage_handshake( mbedtls_ssl_context *ssl )
-{
-    int ret = 0;
+    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_ssl_handshake_params *handshake = ssl->handshake;
     mbedtls_md_type_t const md_type = handshake->ciphersuite_info->mac;
+    size_t ephemeral_len = 0;
+    unsigned char ecdhe[MBEDTLS_ECP_MAX_BYTES];
 #if defined(MBEDTLS_DEBUG_C)
     mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type );
     size_t const md_size = mbedtls_md_get_size( md_info );
 #endif /* MBEDTLS_DEBUG_C */
 
-    unsigned char *ephemeral;
-    size_t ephemeral_len;
-
-    unsigned char ecdhe[66]; /* TODO: Magic constant! */
-
-    /* Finalize calculation of ephemeral input to key schedule, if present. */
-    ret = ssl_tls1_3_complete_ephemeral_secret( ssl, ecdhe, sizeof( ecdhe ),
-                                               &ephemeral, &ephemeral_len );
-    if( ret != 0 )
-        return( ret );
+#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED)
+    /*
+     * Compute ECDHE secret used to compute the handshake secret from which
+     * client_handshake_traffic_secret and server_handshake_traffic_secret
+     * are derived in the handshake secret derivation stage.
+     */
+    if( mbedtls_ssl_tls1_3_ephemeral_enabled( ssl ) )
+    {
+        if( mbedtls_ssl_tls13_named_group_is_ecdhe( handshake->offered_group_id ) )
+        {
+#if defined(MBEDTLS_ECDH_C)
+            ret = mbedtls_ecdh_calc_secret( &handshake->ecdh_ctx,
+                                            &ephemeral_len, ecdhe, sizeof( ecdhe ),
+                                            ssl->conf->f_rng,
+                                            ssl->conf->p_rng );
+            if( ret != 0 )
+            {
+                MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_calc_secret", ret );
+                return( ret );
+            }
+#endif /* MBEDTLS_ECDH_C */
+        }
+        else if( mbedtls_ssl_tls13_named_group_is_dhe( handshake->offered_group_id ) )
+        {
+            /* TODO: Not supported yet */
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "DHE not supported." ) );
+            return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
+        }
+    }
+#else
+    return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
+#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED */
 
     /*
-     * Compute HandshakeSecret
+     * Compute the Handshake Secret
      */
-
     ret = mbedtls_ssl_tls1_3_evolve_secret( md_type,
                                             handshake->tls1_3_master_secrets.early,
-                                            ephemeral, ephemeral_len,
+                                            ecdhe, ephemeral_len,
                                             handshake->tls1_3_master_secrets.handshake );
     if( ret != 0 )
     {
diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h
index 536d976cd8..71bd90de24 100644
--- a/library/ssl_tls13_keys.h
+++ b/library/ssl_tls13_keys.h
@@ -548,14 +548,14 @@ int mbedtls_ssl_tls1_3_key_schedule_stage_early( mbedtls_ssl_context *ssl );
  * \returns    \c 0 on success.
  * \returns    A negative error code on failure.
  */
-int mbedtls_ssl_tls1_3_key_schedule_stage_handshake( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_tls13_key_schedule_stage_handshake( mbedtls_ssl_context *ssl );
 
 /**
  * \brief Compute TLS 1.3 handshake traffic keys.
  *
  * \param ssl  The SSL context to operate on. This must be in
  *             key schedule stage \c Handshake, see
- *             mbedtls_ssl_tls1_3_key_schedule_stage_handshake().
+ *             mbedtls_ssl_tls13_key_schedule_stage_handshake().
  * \param traffic_keys The address at which to store the handshake traffic key
  *                     keys. This must be writable but may be uninitialized.
  *

From 4a1733831e4c1d0fd66e3ee1fef413892335f274 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Mon, 11 Oct 2021 21:45:31 +0800
Subject: [PATCH 757/966] fix various issues

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ecdh.c             |   5 +-
 library/ssl_tls13_client.c | 332 +++++++++++++++++++------------------
 2 files changed, 173 insertions(+), 164 deletions(-)

diff --git a/library/ecdh.c b/library/ecdh.c
index 0067e0bd4b..8884260e81 100644
--- a/library/ecdh.c
+++ b/library/ecdh.c
@@ -812,10 +812,9 @@ static int ecdh_tls1_3_read_public_internal( mbedtls_ecdh_context_mbed *ctx,
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     const unsigned char *p = buf;
-    const unsigned char *end = buf + blen;
     size_t data_len;
 
-    if( end - p < 3 )
+    if( blen < 3 )
         return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
 
     data_len = MBEDTLS_GET_UINT16_BE( p, 0 );
@@ -828,7 +827,7 @@ static int ecdh_tls1_3_read_public_internal( mbedtls_ecdh_context_mbed *ctx,
      * Save buffer start for read_binary and update buf
      */
     if( ( ret = mbedtls_ecp_point_read_binary( &ctx->grp,
-                                        &ctx->Qp, p, data_len ) ) != 0)
+                                               &ctx->Qp, p, data_len ) ) != 0)
     {
         return( ret );
     }
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 8a167a51d4..57195b3296 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -97,29 +97,19 @@ static int ssl_tls13_write_supported_versions_ext( mbedtls_ssl_context *ssl,
 
 static int ssl_tls1_3_parse_supported_versions_ext( mbedtls_ssl_context *ssl,
                                                     const unsigned char *buf,
-                                                    size_t len )
+                                                    size_t buf_len )
 {
-    /* TODO: Implement full version and remove force version set in
-     *       ssl_tls_parse_server_hello.
-     *
-     * From page 40,RFC 8446
-     *  If supported_versions extension is present, clients MUST ignore the
-     *  ServerHello.legacy_version value and MUST use only the
-     *  "supported_versions" extension to determine the selected version.  If
-     *  the "supported_versions" extension in the ServerHello contains a
-     *  version not offered by the client or contains a version prior to
-     *  TLS 1.3, the client MUST abort the handshake with an
-     *  "illegal_parameter" alert.
-     */
-
     ((void) ssl);
 
-    if( len != 2 ||
+    if( buf_len != 2 ||
         buf[0] != MBEDTLS_SSL_MAJOR_VERSION_3 ||
         buf[1] != MBEDTLS_SSL_MINOR_VERSION_4 )
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "unexpected version" ) );
-        return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+
+        MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
+                                      MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER);
+        return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
     }
 
     return( 0 );
@@ -487,7 +477,6 @@ cleanup:
 
 #if defined(MBEDTLS_ECDH_C)
 
-/* TODO: Code for MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED missing */
 static int ssl_tls1_3_check_ecdh_params( const mbedtls_ssl_context *ssl )
 {
     const mbedtls_ecp_curve_info *curve_info;
@@ -507,12 +496,7 @@ static int ssl_tls1_3_check_ecdh_params( const mbedtls_ssl_context *ssl )
 
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "ECDH curve: %s", curve_info->name ) );
 
-#if defined(MBEDTLS_ECP_C)
     if( mbedtls_ssl_check_curve( ssl, grp_id ) != 0 )
-#else
-    if( ssl->handshake->ecdh_ctx.grp.nbits < 163 ||
-            ssl->handshake->ecdh_ctx.grp.nbits > 521 )
-#endif
             return( -1 );
 
     MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
@@ -521,20 +505,20 @@ static int ssl_tls1_3_check_ecdh_params( const mbedtls_ssl_context *ssl )
     return( 0 );
 }
 
-/* The ssl_tls1_3_parse_key_share_ext() function is used
+/* The ssl_tls13_parse_key_share_ext() function is used
  *  by the client to parse a KeyShare extension in
- *  a ServerHello message.
+ *  a Server Hello message.
  *
  *  The server only provides a single KeyShareEntry.
  */
 static int ssl_tls1_3_read_public_ecdhe_share( mbedtls_ssl_context *ssl,
                                                const unsigned char *buf,
-                                               size_t len )
+                                               size_t buf_len )
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
     ret = mbedtls_ecdh_tls1_3_read_public( &ssl->handshake->ecdh_ctx,
-                                          buf, len );
+                                          buf, buf_len );
     if( ret != 0 )
     {
         MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ecdh_tls13_read_public" ), ret );
@@ -544,12 +528,14 @@ static int ssl_tls1_3_read_public_ecdhe_share( mbedtls_ssl_context *ssl,
     if( ssl_tls1_3_check_ecdh_params( ssl ) != 0 )
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "ssl_tls1_3_check_ecdh_params() failed!" ) );
-        return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+        MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
+                                      MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+        return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
     }
 
     return( 0 );
 }
-#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C */
+#endif /* MBEDTLS_ECDH_C */
 
 /*
  * Parse key_share extension in Server Hello
@@ -561,31 +547,36 @@ static int ssl_tls1_3_read_public_ecdhe_share( mbedtls_ssl_context *ssl,
  *        opaque key_exchange<1..2^16-1>;
  * } KeyShareEntry;
  */
-static int ssl_tls1_3_parse_key_share_ext( mbedtls_ssl_context *ssl,
+static int ssl_tls13_parse_key_share_ext( mbedtls_ssl_context *ssl,
                                           const unsigned char *buf,
                                           const unsigned char *end )
 {
     int ret = 0;
     const unsigned char *p = buf;
-    uint16_t server_share_group, offered_group;
+    uint16_t group, offered_group;
 
-    /* server_share_group (2 bytes) */
-    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2);
-    server_share_group = MBEDTLS_GET_UINT16_BE( p, 0 );
+    /* ...
+     * NamedGroup group; (2 bytes)
+     * ...
+     */
+    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2 );
+    group = MBEDTLS_GET_UINT16_BE( p, 0 );
     p += 2;
 
-    /* Check that chosen group matches the one we offered. */
+    /* Check that the chosen group matches the one we offered. */
     offered_group = ssl->handshake->offered_group_id;
-    if( offered_group != server_share_group )
+    if( offered_group != group )
     {
         MBEDTLS_SSL_DEBUG_MSG( 1,
             ( "Invalid server key share, our group %u, their group %u",
-              (unsigned) offered_group, (unsigned) server_share_group ) );
-        return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+              (unsigned) offered_group, (unsigned) group ) );
+        MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE,
+                                      MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+        return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
     }
 
 #if defined(MBEDTLS_ECDH_C)
-    if( mbedtls_ssl_tls13_named_group_is_ecdhe( server_share_group ) )
+    if( mbedtls_ssl_tls13_named_group_is_ecdhe( group ) )
     {
         /* Complete ECDHE key agreement */
         ret = ssl_tls1_3_read_public_ecdhe_share( ssl, p, end - p );
@@ -890,11 +881,11 @@ cleanup:
 }
 
 /*
- * Functions for parsing and processing ServerHello
+ * Functions for parsing and processing Server Hello
  */
-static int ssl_server_hello_is_hrr( unsigned const char *buf )
+static int ssl_server_hello_is_hrr( unsigned const char *buf, size_t blen )
 {
-    const unsigned char magic_hrr_string[32] =
+    static const unsigned char magic_hrr_string[32] =
         { 0xCF, 0x21, 0xAD, 0x74, 0xE5, 0x9A, 0x61, 0x11,
           0xBE, 0x1D, 0x8C, 0x02, 0x1E, 0x65, 0xB8, 0x91,
           0xC2, 0xA2, 0x11, 0x16, 0x7A, 0xBB, 0x8C, 0x5E,
@@ -902,7 +893,7 @@ static int ssl_server_hello_is_hrr( unsigned const char *buf )
 
     /* Check whether this message is a HelloRetryRequest ( HRR ) message.
      *
-     * ServerHello and HRR are only distinguished by Random set to the
+     * Server Hello and HRR are only distinguished by Random set to the
      * special value of the SHA-256 of "HelloRetryRequest".
      *
      * struct {
@@ -915,8 +906,10 @@ static int ssl_server_hello_is_hrr( unsigned const char *buf )
      * } ServerHello;
      *
      */
-    if( memcmp( buf + 2, magic_hrr_string,
-                sizeof( magic_hrr_string ) ) == 0 )
+    if( blen < 2 + sizeof( magic_hrr_string ) )
+        return (MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+
+    if( memcmp( buf + 2, magic_hrr_string, sizeof( magic_hrr_string ) ) == 0 )
     {
         return( 1 );
     }
@@ -929,20 +922,16 @@ static int ssl_server_hello_is_hrr( unsigned const char *buf )
  * - SSL_SERVER_HELLO_COORDINATE_HELLO or
  * - SSL_SERVER_HELLO_COORDINATE_HRR
  * to indicate which message is expected and to be parsed next. */
-#define SSL_SERVER_HELLO_COORDINATE_HELLO  0
+#define SSL_SERVER_HELLO_COORDINATE_HELLO 0
 #define SSL_SERVER_HELLO_COORDINATE_HRR 1
 static int ssl_server_hello_coordinate( mbedtls_ssl_context *ssl,
                                         unsigned char **buf,
                                         size_t *buf_len )
 {
-    int ret;
+    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
     MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_read_record( ssl, 0 ) );
 
-    /* TBD: If we do an HRR, keep track of the number
-     * of ClientHello's we sent, and fail if it
-     * exceeds the configured threshold. */
-
     if( ( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ) ||
         ( ssl->in_msg[0] != MBEDTLS_SSL_HS_SERVER_HELLO ) )
     {
@@ -956,7 +945,7 @@ static int ssl_server_hello_coordinate( mbedtls_ssl_context *ssl,
     *buf = ssl->in_msg + 4;
     *buf_len = ssl->in_hslen - 4;
 
-    if( ssl_server_hello_is_hrr( ssl->in_msg + 4 ) )
+    if( ssl_server_hello_is_hrr( *buf, *buf_len ) )
     {
         MBEDTLS_SSL_DEBUG_MSG( 2, ( "received HelloRetryRequest message" ) );
         ret = SSL_SERVER_HELLO_COORDINATE_HRR;
@@ -972,54 +961,55 @@ cleanup:
     return( ret );
 }
 
-static int ssl_tls1_3_check_server_hello_session_id( mbedtls_ssl_context *ssl,
-                                                    const unsigned char **buf,
-                                                    const unsigned char *end )
+static int ssl_tls13_check_server_hello_session_id_echo( mbedtls_ssl_context *ssl,
+                                                         const unsigned char **buf,
+                                                         const unsigned char *end )
 {
     const unsigned char *p = *buf;
-    size_t recv_id_len;
+    size_t legacy_session_id_echo_len;
 
     MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 1 );
-    recv_id_len = *p++ ;
+    legacy_session_id_echo_len = *p++ ;
 
-    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, recv_id_len );
+    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, legacy_session_id_echo_len );
 
     /* legacy_session_id_echo */
-    if( ssl->session_negotiate->id_len != recv_id_len )
+    if( ssl->session_negotiate->id_len != legacy_session_id_echo_len ||
+        memcmp( ssl->session_negotiate->id, p , legacy_session_id_echo_len ) != 0 )
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "Mismatch of session id length:"
             " id_len = %" MBEDTLS_PRINTF_SIZET
-            " , recv_id_len = %" MBEDTLS_PRINTF_SIZET,
-            ssl->session_negotiate->id_len, recv_id_len ) );
-        return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
-    }
-
-    if( memcmp( ssl->session_negotiate->id, p , recv_id_len ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "Unexpected legacy_session_id_echo" ) );
+            " , legacy_session_id_echo_len = %" MBEDTLS_PRINTF_SIZET,
+            ssl->session_negotiate->id_len, legacy_session_id_echo_len ) );
         MBEDTLS_SSL_DEBUG_BUF( 3, "Expected Session ID",
                                ssl->session_negotiate->id,
                                ssl->session_negotiate->id_len );
         MBEDTLS_SSL_DEBUG_BUF( 3, "Received Session ID", p,
-                               ssl->session_negotiate->id_len );
+                               legacy_session_id_echo_len );
+
+        MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
+                                      MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER);
+
         return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
     }
 
-    p += recv_id_len;
+    p += legacy_session_id_echo_len;
     *buf = p;
 
     MBEDTLS_SSL_DEBUG_BUF( 3, "Session ID", ssl->session_negotiate->id,
-                            recv_id_len );
+                            ssl->session_negotiate->id_len );
     return( 0 );
 }
 
-static int ssl_tls1_3_cipher_suite_is_offered( mbedtls_ssl_context *ssl,
-                                              uint16_t cipher_suite )
+static int ssl_tls13_cipher_suite_is_offered( mbedtls_ssl_context *ssl,
+                                              int cipher_suite )
 {
+    const int *ciphersuite_list = ssl->conf->ciphersuite_list;
+
     /* Check whether we have offered this ciphersuite */
-    for ( int i = 0; ssl->conf->ciphersuite_list[i] != 0; i++ )
+    for ( size_t i = 0; ciphersuite_list[i] != 0; i++ )
     {
-        if( ssl->conf->ciphersuite_list[i] == cipher_suite )
+        if( ciphersuite_list[i] == cipher_suite )
         {
             return( 1 );
         }
@@ -1044,8 +1034,8 @@ static int ssl_tls1_3_parse_server_hello( mbedtls_ssl_context *ssl,
 {
     int ret;
     const unsigned char *p = buf;
-    size_t field_len; /* Length of field */
-    const unsigned char *ext_end; /* Pointer to end of individual extension */
+    size_t extensions_len; /* Length of field */
+    const unsigned char *extensions_end; /* Pointer to end of individual extension */
     uint16_t cipher_suite;
     const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
 
@@ -1053,18 +1043,22 @@ static int ssl_tls1_3_parse_server_hello( mbedtls_ssl_context *ssl,
      * Check there is space for minimal fields
      *
      * - legacy_version             ( 2 bytes)
-     * - random                     (32 bytes)
+     * - random                     (SERVER_HELLO_RANDOM_LEN bytes)
      * - legacy_session_id_echo     ( 1 byte ), minimum size
      * - cipher_suite               ( 2 bytes)
      * - legacy_compression_method  ( 1 byte )
      */
-    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 38 );
+    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, SERVER_HELLO_RANDOM_LEN + 6 );
 
     MBEDTLS_SSL_DEBUG_BUF( 4, "server hello", p, end - p );
-
     MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, version", p, 2 );
 
-    /* legacy_version must be 0x0303 (TLS 1.2) */
+    /* ...
+     * ProtocaolVersion legacy_version = 0x0303; // TLS 1.2
+     * ...
+     * with ProtocolVersion defined as:
+     * uint16 ProtocolVersion;
+     */
     if( !( p[0] == MBEDTLS_SSL_MAJOR_VERSION_3 &&
            p[1] == MBEDTLS_SSL_MINOR_VERSION_3 ) )
     {
@@ -1074,54 +1068,66 @@ static int ssl_tls1_3_parse_server_hello( mbedtls_ssl_context *ssl,
         return( MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION );
     }
     p += 2;
-    /* Internally we use the correct 1.3 version
-     * TODO: Remove below lines after supported_versions extension
-     *       finished.
-     */
-    ssl->major_ver = MBEDTLS_SSL_MAJOR_VERSION_3;
-    ssl->minor_ver = MBEDTLS_SSL_MINOR_VERSION_4;
 
-    /* Store server-provided random values */
+    /* ...
+     * Random random;
+     * ...
+     * with Random defined as:
+     * opaque Random[32];
+     */
     memcpy( ssl->handshake->randbytes + CLIENT_HELLO_RANDOM_LEN, p,
             SERVER_HELLO_RANDOM_LEN );
     MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, random bytes",
                            p, SERVER_HELLO_RANDOM_LEN );
     p += SERVER_HELLO_RANDOM_LEN;
 
-    /* Read and store session id (legacy_session_id_echo) */
-    if( ssl_tls1_3_check_server_hello_session_id( ssl, &p, end ) != 0 )
+    /* ...
+     * opaque legacy_session_id_echo<0..32>;
+     * ...
+     */
+    if( ssl_tls13_check_server_hello_session_id_echo( ssl, &p, end ) != 0 )
     {
         MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
                                       MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
         return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
     }
 
-    /* Read server-selected ciphersuite,
-       Check if there is space for cipher_suite. */
-    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2);
+    /* ...
+     * CipherSuite cipher_suite;
+     * ...
+     * with CipherSuite defined as:
+     * uint8 CipherSuite[2];
+     */
+    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2 );
     cipher_suite = MBEDTLS_GET_UINT16_BE( p, 0 );
     p += 2;
 
-    /* Configure ciphersuites */
+
+    /*
+     * Check whether this ciphersuite is supported and offered.
+     * Via the force_ciphersuite version we may have instructed the client
+     * to use a different ciphersuite.
+     */
     ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( cipher_suite );
-    ssl->handshake->ciphersuite_info = ciphersuite_info;
-    if( ciphersuite_info == NULL )
+    if( ciphersuite_info == NULL ||
+        ssl_tls13_cipher_suite_is_offered( ssl, cipher_suite ) == 0 )
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "ciphersuite info for %04x not found",
                                     cipher_suite ) );
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
 
-        MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE,
-                                      MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+        MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
+                                      MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+        return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
     }
 
-    mbedtls_ssl_optimize_checksum( ssl, ssl->handshake->ciphersuite_info );
 
+    /* Configure ciphersuites */
+    mbedtls_ssl_optimize_checksum( ssl, ciphersuite_info );
+
+    ssl->handshake->ciphersuite_info = ciphersuite_info;
     ssl->session_negotiate->ciphersuite = cipher_suite;
 
-    ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( cipher_suite );
-
     MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: ( %04x ) - %s",
                                  cipher_suite, ciphersuite_info->name ) );
 
@@ -1129,21 +1135,9 @@ static int ssl_tls1_3_parse_server_hello( mbedtls_ssl_context *ssl,
     ssl->session_negotiate->start = time( NULL );
 #endif /* MBEDTLS_HAVE_TIME */
 
-    /* Check whether we have offered this ciphersuite */
-    /* Via the force_ciphersuite version we may have instructed the client */
-    /* to use a difference ciphersuite. */
-    if( ssl_tls1_3_cipher_suite_is_offered( ssl, cipher_suite ) == 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "ciphersuite(%04x) is not in offered list",
-                                    cipher_suite ) );
-        MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE,
-                                      MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
-        return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
-    }
-
-    /* Ensure that compression method is set to zero
-     *
-     * legacy_compression_method == 0 ( 1 byte)
+    /* ...
+     * uint8 legacy_compression_method = 0;
+     * ...
      */
     MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 1 );
     if( p[0] != 0 )
@@ -1155,45 +1149,39 @@ static int ssl_tls1_3_parse_server_hello( mbedtls_ssl_context *ssl,
     }
     p++;
 
-    /* Check there is space fore extensions_length */
+    /*
+     *    ....
+     *    Extension extensions<6..2 ^ 16 - 1>;
+     *    ....
+     * struct {
+     *      ExtensionType extension_type; (2 bytes)
+     *      opaque extension_data<0..2^16-1>;
+     * } Extension;
+     */
     MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2 );
-    /* Get length of extensions field (2 bytes)*/
-    field_len = MBEDTLS_GET_UINT16_BE( p, 0 );
+    extensions_len = MBEDTLS_GET_UINT16_BE( p, 0 );
     p += 2;
 
-    /* Check there is space for extensions_data */
-    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, field_len );
-    /* Set end of extensions */
-    ext_end = p + field_len;
+    /* Check extensions do not go beyond the buffer of data. */
+    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, extensions_len );
+    extensions_end = p + extensions_len;
 
     MBEDTLS_SSL_DEBUG_MSG( 3,
         ( "server hello, total extension length: %" MBEDTLS_PRINTF_SIZET ,
-          field_len ) );
+          extensions_len ) );
+    MBEDTLS_SSL_DEBUG_BUF( 3, "server hello extensions", p, extensions_len );
 
-    MBEDTLS_SSL_DEBUG_BUF( 3, "server hello extensions", p, field_len );
-
-    while ( p < ext_end )
+    while( p < extensions_end )
     {
         unsigned int extension_type;
         size_t extension_data_len;
 
-        /*
-         *    ....
-         *    Extension extensions<6..2 ^ 16 - 1>;
-         *    ....
-         * struct {
-         *      ExtensionType extension_type;
-         *      opaque extension_data<0..2^16-1>;
-         * } Extension;
-         * extension_type           (2 bytes)
-         * extension_data_length    (2 bytes)
-         */
-        MBEDTLS_SSL_CHK_BUF_READ_PTR( p, ext_end, 4 );
+        MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, 4 );
         extension_type = MBEDTLS_GET_UINT16_BE( p, 0 );
         extension_data_len = MBEDTLS_GET_UINT16_BE( p, 2 );
         p += 4;
 
-        MBEDTLS_SSL_CHK_BUF_READ_PTR( p, ext_end, extension_data_len );
+        MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, extension_data_len );
 
         switch( extension_type )
         {
@@ -1210,16 +1198,20 @@ static int ssl_tls1_3_parse_server_hello( mbedtls_ssl_context *ssl,
             case MBEDTLS_TLS_EXT_PRE_SHARED_KEY:
                 MBEDTLS_SSL_DEBUG_MSG( 3, ( "found pre_shared_key extension." ) );
                 MBEDTLS_SSL_DEBUG_MSG( 3, ( "pre_shared_key:Not supported yet" ) );
-                break;
+
+                MBEDTLS_SSL_PEND_FATAL_ALERT(
+                    MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT,
+                    MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION );
+                return( MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION );
 
 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
             case MBEDTLS_TLS_EXT_KEY_SHARE:
                 MBEDTLS_SSL_DEBUG_MSG( 3, ( "found key_shares extension" ) );
-                if( ( ret = ssl_tls1_3_parse_key_share_ext( ssl,
+                if( ( ret = ssl_tls13_parse_key_share_ext( ssl,
                                             p, p + extension_data_len ) ) != 0 )
                 {
                     MBEDTLS_SSL_DEBUG_RET( 1,
-                                           "ssl_tls1_3_parse_key_share_ext",
+                                           "ssl_tls13_parse_key_share_ext",
                                            ret );
                     return( ret );
                 }
@@ -1227,9 +1219,15 @@ static int ssl_tls1_3_parse_server_hello( mbedtls_ssl_context *ssl,
 #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
 
             default:
-                MBEDTLS_SSL_DEBUG_MSG( 3,
-                                       ( "unknown extension found: %u ( ignoring )",
-                                         extension_type ) );
+                MBEDTLS_SSL_DEBUG_MSG(
+                    3,
+                    ( "unknown extension found: %u ( ignoring )",
+                      extension_type ) );
+
+                MBEDTLS_SSL_PEND_FATAL_ALERT(
+                    MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT,
+                    MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION );
+                return( MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION );
         }
 
         p += extension_data_len;
@@ -1242,7 +1240,7 @@ static int ssl_tls1_3_finalize_server_hello( mbedtls_ssl_context *ssl )
 {
     int ret;
     mbedtls_ssl_key_set traffic_keys;
-    mbedtls_ssl_transform *transform_handshake;
+    mbedtls_ssl_transform *transform_handshake = NULL;
 
     /* We need to set the key exchange algorithm based on the
      * following rules:
@@ -1280,7 +1278,8 @@ static int ssl_tls1_3_finalize_server_hello( mbedtls_ssl_context *ssl )
     {
         /* ELSE case */
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "Unknown key exchange." ) );
-        return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+        ret = MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
+        goto cleanup;
     }
 
     /* Start the TLS 1.3 key schedule: Set the PSK and derive early secret.
@@ -1293,7 +1292,7 @@ static int ssl_tls1_3_finalize_server_hello( mbedtls_ssl_context *ssl )
     {
         MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_key_schedule_stage_early_data",
                                ret );
-        return( ret );
+        goto cleanup;
     }
 
     /* Compute handshake secret */
@@ -1301,7 +1300,7 @@ static int ssl_tls1_3_finalize_server_hello( mbedtls_ssl_context *ssl )
     if( ret != 0 )
     {
         MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_derive_master_secret", ret );
-        return( ret );
+        goto cleanup;
     }
 
     /* Next evolution in key schedule: Establish handshake secret and
@@ -1311,13 +1310,16 @@ static int ssl_tls1_3_finalize_server_hello( mbedtls_ssl_context *ssl )
     {
         MBEDTLS_SSL_DEBUG_RET( 1,
                 "mbedtls_ssl_tls1_3_generate_handshake_keys", ret );
-        return( ret );
+        goto cleanup;
     }
 
     transform_handshake =
         mbedtls_calloc( 1, sizeof( mbedtls_ssl_transform ) );
     if( transform_handshake == NULL )
-        return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+    {
+        ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
+        goto cleanup;
+    }
 
     ret = mbedtls_ssl_tls13_populate_transform( transform_handshake,
                               ssl->conf->endpoint,
@@ -1327,7 +1329,7 @@ static int ssl_tls1_3_finalize_server_hello( mbedtls_ssl_context *ssl )
     if( ret != 0 )
     {
         MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_populate_transform", ret );
-        return( ret );
+        goto cleanup;
     }
 
     ssl->handshake->transform_handshake = transform_handshake;
@@ -1341,17 +1343,27 @@ static int ssl_tls1_3_finalize_server_hello( mbedtls_ssl_context *ssl )
      */
     mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS );
 
+cleanup:
+
     mbedtls_platform_zeroize( &traffic_keys, sizeof( traffic_keys ) );
-    return( 0 );
+    if( ret != 0 )
+    {
+        if( transform_handshake != NULL )
+            mbedtls_free( transform_handshake );
+        MBEDTLS_SSL_PEND_FATAL_ALERT(
+            MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE,
+            MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+    }
+    return( ret );
 }
 
 /*
- * Wait and Parse ServerHello handshake message.
+ * Wait and parse ServerHello handshake message.
  * Handler for MBEDTLS_SSL_SERVER_HELLO
  */
 static int ssl_tls1_3_process_server_hello( mbedtls_ssl_context *ssl )
 {
-    int ret = 0;
+    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char *buf;
     size_t buf_len;
 
@@ -1384,12 +1396,10 @@ static int ssl_tls1_3_process_server_hello( mbedtls_ssl_context *ssl )
     }
     else if( ret == SSL_SERVER_HELLO_COORDINATE_HRR )
     {
-        /* TODO: Implement HRR in future #4915 */
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "HRR hasn't been implemented" ) );
-
-        MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE,
-                                      MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
-        ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "HRR not supported" ) );
+        MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ,
+                                      MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+        ret = MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
     }
 
 cleanup:

From c068b6671e2e2748f968d8b4dd4da583f2c25926 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Mon, 11 Oct 2021 22:30:19 +0800
Subject: [PATCH 758/966] Rename tls13 prefix to fix coding issues

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ecdh.c             | 18 +++++++--------
 library/ecdh_misc.h        |  6 ++---
 library/ssl_misc.h         |  2 +-
 library/ssl_tls13_client.c | 45 +++++++++++++++++++-------------------
 library/ssl_tls13_keys.c   | 24 ++++++++++----------
 library/ssl_tls13_keys.h   |  6 ++---
 6 files changed, 51 insertions(+), 50 deletions(-)

diff --git a/library/ecdh.c b/library/ecdh.c
index 8884260e81..27e5d739c6 100644
--- a/library/ecdh.c
+++ b/library/ecdh.c
@@ -806,9 +806,9 @@ int mbedtls_ecdh_setup_no_everest( mbedtls_ecdh_context *ctx,
 #endif
 }
 
-static int ecdh_tls1_3_read_public_internal( mbedtls_ecdh_context_mbed *ctx,
-                                             const unsigned char *buf,
-                                             size_t blen )
+static int ecdh_tls13_read_public_internal( mbedtls_ecdh_context_mbed *ctx,
+                                            const unsigned char *buf,
+                                            size_t blen )
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     const unsigned char *p = buf;
@@ -838,15 +838,15 @@ static int ecdh_tls1_3_read_public_internal( mbedtls_ecdh_context_mbed *ctx,
 /*
  * Parse and import the client's TLS 1.3 public value
  */
-int mbedtls_ecdh_tls1_3_read_public( mbedtls_ecdh_context *ctx,
-                                     const unsigned char *buf,
-                                     size_t blen )
+int mbedtls_ecdh_tls13_read_public( mbedtls_ecdh_context *ctx,
+                                    const unsigned char *buf,
+                                    size_t blen )
 {
     ECDH_VALIDATE_RET( ctx != NULL );
     ECDH_VALIDATE_RET( buf != NULL );
 
 #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
-    return( ecdh_tls1_3_read_public_internal( ctx, buf, blen ) );
+    return( ecdh_tls13_read_public_internal( ctx, buf, blen ) );
 #else
     switch( ctx->var )
     {
@@ -855,8 +855,8 @@ int mbedtls_ecdh_tls1_3_read_public( mbedtls_ecdh_context *ctx,
             return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
 #endif
         case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
-            return( ecdh_tls1_3_read_public_internal( &ctx->ctx.mbed_ecdh,
-                                                      buf, blen ) );
+            return( ecdh_tls13_read_public_internal( &ctx->ctx.mbed_ecdh,
+                                                     buf, blen ) );
         default:
             return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
     }
diff --git a/library/ecdh_misc.h b/library/ecdh_misc.h
index 94d31394b1..228f54a31a 100644
--- a/library/ecdh_misc.h
+++ b/library/ecdh_misc.h
@@ -46,9 +46,9 @@ int mbedtls_ecdh_tls13_make_params( mbedtls_ecdh_context *ctx, size_t *olen,
 /*
  * TLS 1.3 version of mbedtls_ecdh_read_public in ecdh.h
  */
-int mbedtls_ecdh_tls1_3_read_public( mbedtls_ecdh_context *ctx,
-                                     const unsigned char *buf,
-                                     size_t blen );
+int mbedtls_ecdh_tls13_read_public( mbedtls_ecdh_context *ctx,
+                                    const unsigned char *buf,
+                                    size_t blen );
 
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
 
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index b801499ca1..216035933b 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -737,7 +737,7 @@ struct mbedtls_ssl_handshake_params
         unsigned char app      [MBEDTLS_TLS1_3_MD_MAX_SIZE];
     } tls1_3_master_secrets;
 
-    mbedtls_ssl_tls1_3_handshake_secrets tls1_3_hs_secrets;
+    mbedtls_ssl_tls1_3_handshake_secrets tls13_hs_secrets;
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
 
 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 57195b3296..768caed96b 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -95,9 +95,9 @@ static int ssl_tls13_write_supported_versions_ext( mbedtls_ssl_context *ssl,
     return( 0 );
 }
 
-static int ssl_tls1_3_parse_supported_versions_ext( mbedtls_ssl_context *ssl,
-                                                    const unsigned char *buf,
-                                                    size_t buf_len )
+static int ssl_tls13_parse_supported_versions_ext( mbedtls_ssl_context *ssl,
+                                                   const unsigned char *buf,
+                                                   size_t buf_len )
 {
     ((void) ssl);
 
@@ -477,7 +477,7 @@ cleanup:
 
 #if defined(MBEDTLS_ECDH_C)
 
-static int ssl_tls1_3_check_ecdh_params( const mbedtls_ssl_context *ssl )
+static int ssl_tls13_check_ecdh_params( const mbedtls_ssl_context *ssl )
 {
     const mbedtls_ecp_curve_info *curve_info;
     mbedtls_ecp_group_id grp_id;
@@ -511,13 +511,13 @@ static int ssl_tls1_3_check_ecdh_params( const mbedtls_ssl_context *ssl )
  *
  *  The server only provides a single KeyShareEntry.
  */
-static int ssl_tls1_3_read_public_ecdhe_share( mbedtls_ssl_context *ssl,
-                                               const unsigned char *buf,
-                                               size_t buf_len )
+static int ssl_tls13_read_public_ecdhe_share( mbedtls_ssl_context *ssl,
+                                              const unsigned char *buf,
+                                              size_t buf_len )
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    ret = mbedtls_ecdh_tls1_3_read_public( &ssl->handshake->ecdh_ctx,
+    ret = mbedtls_ecdh_tls13_read_public( &ssl->handshake->ecdh_ctx,
                                           buf, buf_len );
     if( ret != 0 )
     {
@@ -525,9 +525,9 @@ static int ssl_tls1_3_read_public_ecdhe_share( mbedtls_ssl_context *ssl,
         return( ret );
     }
 
-    if( ssl_tls1_3_check_ecdh_params( ssl ) != 0 )
+    if( ssl_tls13_check_ecdh_params( ssl ) != 0 )
     {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "ssl_tls1_3_check_ecdh_params() failed!" ) );
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "ssl_tls13_check_ecdh_params() failed!" ) );
         MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
                                       MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
         return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
@@ -579,7 +579,7 @@ static int ssl_tls13_parse_key_share_ext( mbedtls_ssl_context *ssl,
     if( mbedtls_ssl_tls13_named_group_is_ecdhe( group ) )
     {
         /* Complete ECDHE key agreement */
-        ret = ssl_tls1_3_read_public_ecdhe_share( ssl, p, end - p );
+        ret = ssl_tls13_read_public_ecdhe_share( ssl, p, end - p );
         if( ret != 0 )
             return( ret );
     }
@@ -1028,9 +1028,9 @@ static int ssl_tls13_cipher_suite_is_offered( mbedtls_ssl_context *ssl,
  *    Extension extensions<6..2 ^ 16 - 1>;
  * } ServerHello;
  */
-static int ssl_tls1_3_parse_server_hello( mbedtls_ssl_context *ssl,
-                                          const unsigned char *buf,
-                                          const unsigned char *end )
+static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl,
+                                         const unsigned char *buf,
+                                         const unsigned char *end )
 {
     int ret;
     const unsigned char *p = buf;
@@ -1189,7 +1189,7 @@ static int ssl_tls1_3_parse_server_hello( mbedtls_ssl_context *ssl,
                 MBEDTLS_SSL_DEBUG_MSG( 3,
                             ( "found supported_versions extension" ) );
 
-                ret = ssl_tls1_3_parse_supported_versions_ext( ssl,
+                ret = ssl_tls13_parse_supported_versions_ext( ssl,
                                                         p, extension_data_len );
                 if( ret != 0 )
                     return( ret );
@@ -1236,7 +1236,7 @@ static int ssl_tls1_3_parse_server_hello( mbedtls_ssl_context *ssl,
     return( 0 );
 }
 
-static int ssl_tls1_3_finalize_server_hello( mbedtls_ssl_context *ssl )
+static int ssl_tls13_finalize_server_hello( mbedtls_ssl_context *ssl )
 {
     int ret;
     mbedtls_ssl_key_set traffic_keys;
@@ -1305,11 +1305,11 @@ static int ssl_tls1_3_finalize_server_hello( mbedtls_ssl_context *ssl )
 
     /* Next evolution in key schedule: Establish handshake secret and
      * key material. */
-    ret = mbedtls_ssl_tls1_3_generate_handshake_keys( ssl, &traffic_keys );
+    ret = mbedtls_ssl_tls13_generate_handshake_keys( ssl, &traffic_keys );
     if( ret != 0 )
     {
-        MBEDTLS_SSL_DEBUG_RET( 1,
-                "mbedtls_ssl_tls1_3_generate_handshake_keys", ret );
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_generate_handshake_keys",
+                               ret );
         goto cleanup;
     }
 
@@ -1350,6 +1350,7 @@ cleanup:
     {
         if( transform_handshake != NULL )
             mbedtls_free( transform_handshake );
+
         MBEDTLS_SSL_PEND_FATAL_ALERT(
             MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE,
             MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
@@ -1385,14 +1386,14 @@ static int ssl_tls1_3_process_server_hello( mbedtls_ssl_context *ssl )
      */
     if( ret == SSL_SERVER_HELLO_COORDINATE_HELLO )
     {
-        MBEDTLS_SSL_PROC_CHK( ssl_tls1_3_parse_server_hello( ssl, buf,
-                                                             buf + buf_len ) );
+        MBEDTLS_SSL_PROC_CHK( ssl_tls13_parse_server_hello( ssl, buf,
+                                                            buf + buf_len ) );
 
         mbedtls_ssl_tls1_3_add_hs_msg_to_checksum( ssl,
                                                    MBEDTLS_SSL_HS_SERVER_HELLO,
                                                    buf, buf_len );
 
-        MBEDTLS_SSL_PROC_CHK( ssl_tls1_3_finalize_server_hello( ssl ) );
+        MBEDTLS_SSL_PROC_CHK( ssl_tls13_finalize_server_hello( ssl ) );
     }
     else if( ret == SSL_SERVER_HELLO_COORDINATE_HRR )
     {
diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index 7ba5b5f8f6..b568f3fd89 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -847,10 +847,10 @@ int mbedtls_ssl_tls1_3_key_schedule_stage_early( mbedtls_ssl_context *ssl )
     return( 0 );
 }
 
-/* mbedtls_ssl_tls1_3_generate_handshake_keys() generates keys necessary for
+/* mbedtls_ssl_tls13_generate_handshake_keys() generates keys necessary for
  * protecting the handshake messages, as described in Section 7 of TLS 1.3. */
-int mbedtls_ssl_tls1_3_generate_handshake_keys( mbedtls_ssl_context *ssl,
-                                                mbedtls_ssl_key_set *traffic_keys )
+int mbedtls_ssl_tls13_generate_handshake_keys( mbedtls_ssl_context *ssl,
+                                               mbedtls_ssl_key_set *traffic_keys )
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
@@ -864,7 +864,7 @@ int mbedtls_ssl_tls1_3_generate_handshake_keys( mbedtls_ssl_context *ssl,
     mbedtls_cipher_info_t const *cipher_info;
     size_t keylen, ivlen;
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> mbedtls_ssl_tls1_3_generate_handshake_keys" ) );
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> mbedtls_ssl_tls13_generate_handshake_keys" ) );
 
     cipher_info = mbedtls_cipher_info_from_type(
                     ssl->handshake->ciphersuite_info->cipher );
@@ -890,7 +890,7 @@ int mbedtls_ssl_tls1_3_generate_handshake_keys( mbedtls_ssl_context *ssl,
     ret = mbedtls_ssl_tls1_3_derive_handshake_secrets( md_type,
                 ssl->handshake->tls1_3_master_secrets.handshake,
                 transcript, transcript_len,
-                &ssl->handshake->tls1_3_hs_secrets );
+                &ssl->handshake->tls13_hs_secrets );
     if( ret != 0 )
     {
         MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_derive_handshake_secrets",
@@ -899,11 +899,11 @@ int mbedtls_ssl_tls1_3_generate_handshake_keys( mbedtls_ssl_context *ssl,
     }
 
     MBEDTLS_SSL_DEBUG_BUF( 4, "Client handshake traffic secret",
-                    ssl->handshake->tls1_3_hs_secrets.client_handshake_traffic_secret,
+                    ssl->handshake->tls13_hs_secrets.client_handshake_traffic_secret,
                     md_size );
 
     MBEDTLS_SSL_DEBUG_BUF( 4, "Server handshake traffic secret",
-                    ssl->handshake->tls1_3_hs_secrets.server_handshake_traffic_secret,
+                    ssl->handshake->tls13_hs_secrets.server_handshake_traffic_secret,
                     md_size );
 
     /*
@@ -914,7 +914,7 @@ int mbedtls_ssl_tls1_3_generate_handshake_keys( mbedtls_ssl_context *ssl,
     {
         ssl->f_export_keys( ssl->p_export_keys,
                 MBEDTLS_SSL_KEY_EXPORT_TLS13_CLIENT_HANDSHAKE_TRAFFIC_SECRET,
-                ssl->handshake->tls1_3_hs_secrets.client_handshake_traffic_secret,
+                ssl->handshake->tls13_hs_secrets.client_handshake_traffic_secret,
                 md_size,
                 ssl->handshake->randbytes + 32,
                 ssl->handshake->randbytes,
@@ -922,7 +922,7 @@ int mbedtls_ssl_tls1_3_generate_handshake_keys( mbedtls_ssl_context *ssl,
 
         ssl->f_export_keys( ssl->p_export_keys,
                 MBEDTLS_SSL_KEY_EXPORT_TLS13_SERVER_HANDSHAKE_TRAFFIC_SECRET,
-                ssl->handshake->tls1_3_hs_secrets.server_handshake_traffic_secret,
+                ssl->handshake->tls13_hs_secrets.server_handshake_traffic_secret,
                 md_size,
                 ssl->handshake->randbytes + 32,
                 ssl->handshake->randbytes,
@@ -931,8 +931,8 @@ int mbedtls_ssl_tls1_3_generate_handshake_keys( mbedtls_ssl_context *ssl,
 #endif /* MBEDTLS_SSL_EXPORT_KEYS */
 
     ret = mbedtls_ssl_tls1_3_make_traffic_keys( md_type,
-                ssl->handshake->tls1_3_hs_secrets.client_handshake_traffic_secret,
-                ssl->handshake->tls1_3_hs_secrets.server_handshake_traffic_secret,
+                ssl->handshake->tls13_hs_secrets.client_handshake_traffic_secret,
+                ssl->handshake->tls13_hs_secrets.server_handshake_traffic_secret,
                 md_size,
                 keylen, ivlen, traffic_keys );
     if( ret != 0 )
@@ -957,7 +957,7 @@ int mbedtls_ssl_tls1_3_generate_handshake_keys( mbedtls_ssl_context *ssl,
                            traffic_keys->server_write_iv,
                            traffic_keys->iv_len);
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= mbedtls_ssl_tls1_3_generate_handshake_keys" ) );
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= mbedtls_ssl_tls13_generate_handshake_keys" ) );
 
 exit:
 
diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h
index 71bd90de24..384f433b59 100644
--- a/library/ssl_tls13_keys.h
+++ b/library/ssl_tls13_keys.h
@@ -539,7 +539,7 @@ int mbedtls_ssl_tls1_3_key_schedule_stage_early( mbedtls_ssl_context *ssl );
  *        with states Initial -> Early -> Handshake -> Application, and
  *        this function represents the Early -> Handshake transition.
  *
- *        In the handshake stage, mbedtls_ssl_tls1_3_generate_handshake_keys()
+ *        In the handshake stage, mbedtls_ssl_tls13_generate_handshake_keys()
  *        can be used to derive the handshake traffic keys.
  *
  * \param ssl  The SSL context to operate on. This must be in key schedule
@@ -562,7 +562,7 @@ int mbedtls_ssl_tls13_key_schedule_stage_handshake( mbedtls_ssl_context *ssl );
  * \returns    \c 0 on success.
  * \returns    A negative error code on failure.
  */
-int mbedtls_ssl_tls1_3_generate_handshake_keys( mbedtls_ssl_context *ssl,
-                                        mbedtls_ssl_key_set *traffic_keys );
+int mbedtls_ssl_tls13_generate_handshake_keys( mbedtls_ssl_context *ssl,
+                                               mbedtls_ssl_key_set *traffic_keys );
 
 #endif /* MBEDTLS_SSL_TLS1_3_KEYS_H */

From f532bb2577180650174bfd227ca946a410328f59 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Wed, 13 Oct 2021 10:34:03 +0800
Subject: [PATCH 759/966] Change MD size for tls13 keys

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_misc.h | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 216035933b..fb611662c7 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -510,15 +510,15 @@ typedef struct mbedtls_ssl_key_set mbedtls_ssl_key_set;
 
 typedef struct
 {
-    unsigned char binder_key                  [ MBEDTLS_MD_MAX_SIZE ];
-    unsigned char client_early_traffic_secret [ MBEDTLS_MD_MAX_SIZE ];
-    unsigned char early_exporter_master_secret[ MBEDTLS_MD_MAX_SIZE ];
+    unsigned char binder_key                  [ MBEDTLS_TLS1_3_MD_MAX_SIZE ];
+    unsigned char client_early_traffic_secret [ MBEDTLS_TLS1_3_MD_MAX_SIZE ];
+    unsigned char early_exporter_master_secret[ MBEDTLS_TLS1_3_MD_MAX_SIZE ];
 } mbedtls_ssl_tls1_3_early_secrets;
 
 typedef struct
 {
-    unsigned char client_handshake_traffic_secret[ MBEDTLS_MD_MAX_SIZE ];
-    unsigned char server_handshake_traffic_secret[ MBEDTLS_MD_MAX_SIZE ];
+    unsigned char client_handshake_traffic_secret[ MBEDTLS_TLS1_3_MD_MAX_SIZE ];
+    unsigned char server_handshake_traffic_secret[ MBEDTLS_TLS1_3_MD_MAX_SIZE ];
 } mbedtls_ssl_tls1_3_handshake_secrets;
 
 typedef struct

From 435208a9490ebe24764b008592360a0b958c4d9c Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Wed, 13 Oct 2021 11:22:16 +0800
Subject: [PATCH 760/966] Improve generate_handshake_keys

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_tls13_keys.c | 40 ++++++++++++++++++++--------------------
 1 file changed, 20 insertions(+), 20 deletions(-)

diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index b568f3fd89..4fe1d5c65e 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -858,20 +858,23 @@ int mbedtls_ssl_tls13_generate_handshake_keys( mbedtls_ssl_context *ssl,
     mbedtls_md_info_t const *md_info;
     size_t md_size;
 
-    unsigned char transcript[MBEDTLS_MD_MAX_SIZE];
+    unsigned char transcript[MBEDTLS_TLS1_3_MD_MAX_SIZE];
     size_t transcript_len;
 
     mbedtls_cipher_info_t const *cipher_info;
     size_t keylen, ivlen;
 
+    mbedtls_ssl_handshake_params *handshake = ssl->handshake;
+    const mbedtls_ssl_ciphersuite_t *ciphersuite_info = handshake->ciphersuite_info;
+    mbedtls_ssl_tls1_3_handshake_secrets *tls13_hs_secrets = &handshake->tls13_hs_secrets;
+
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> mbedtls_ssl_tls13_generate_handshake_keys" ) );
 
-    cipher_info = mbedtls_cipher_info_from_type(
-                    ssl->handshake->ciphersuite_info->cipher );
+    cipher_info = mbedtls_cipher_info_from_type( ciphersuite_info->cipher );
     keylen = cipher_info->key_bitlen >> 3;
     ivlen = cipher_info->iv_size;
 
-    md_type = ssl->handshake->ciphersuite_info->mac;
+    md_type = ciphersuite_info->mac;
     md_info = mbedtls_md_info_from_type( md_type );
     md_size = mbedtls_md_get_size( md_info );
 
@@ -888,9 +891,8 @@ int mbedtls_ssl_tls13_generate_handshake_keys( mbedtls_ssl_context *ssl,
     }
 
     ret = mbedtls_ssl_tls1_3_derive_handshake_secrets( md_type,
-                ssl->handshake->tls1_3_master_secrets.handshake,
-                transcript, transcript_len,
-                &ssl->handshake->tls13_hs_secrets );
+                                    handshake->tls1_3_master_secrets.handshake,
+                                    transcript, transcript_len, tls13_hs_secrets );
     if( ret != 0 )
     {
         MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_derive_handshake_secrets",
@@ -899,11 +901,10 @@ int mbedtls_ssl_tls13_generate_handshake_keys( mbedtls_ssl_context *ssl,
     }
 
     MBEDTLS_SSL_DEBUG_BUF( 4, "Client handshake traffic secret",
-                    ssl->handshake->tls13_hs_secrets.client_handshake_traffic_secret,
+                    tls13_hs_secrets->client_handshake_traffic_secret,
                     md_size );
-
     MBEDTLS_SSL_DEBUG_BUF( 4, "Server handshake traffic secret",
-                    ssl->handshake->tls13_hs_secrets.server_handshake_traffic_secret,
+                    tls13_hs_secrets->server_handshake_traffic_secret,
                     md_size );
 
     /*
@@ -914,27 +915,26 @@ int mbedtls_ssl_tls13_generate_handshake_keys( mbedtls_ssl_context *ssl,
     {
         ssl->f_export_keys( ssl->p_export_keys,
                 MBEDTLS_SSL_KEY_EXPORT_TLS13_CLIENT_HANDSHAKE_TRAFFIC_SECRET,
-                ssl->handshake->tls13_hs_secrets.client_handshake_traffic_secret,
+                tls13_hs_secrets->client_handshake_traffic_secret,
                 md_size,
-                ssl->handshake->randbytes + 32,
-                ssl->handshake->randbytes,
+                handshake->randbytes + 32,
+                handshake->randbytes,
                 MBEDTLS_SSL_TLS_PRF_NONE /* TODO: FIX! */ );
 
         ssl->f_export_keys( ssl->p_export_keys,
                 MBEDTLS_SSL_KEY_EXPORT_TLS13_SERVER_HANDSHAKE_TRAFFIC_SECRET,
-                ssl->handshake->tls13_hs_secrets.server_handshake_traffic_secret,
+                tls13_hs_secrets->server_handshake_traffic_secret,
                 md_size,
-                ssl->handshake->randbytes + 32,
-                ssl->handshake->randbytes,
+                handshake->randbytes + 32,
+                handshake->randbytes,
                 MBEDTLS_SSL_TLS_PRF_NONE /* TODO: FIX! */ );
     }
 #endif /* MBEDTLS_SSL_EXPORT_KEYS */
 
     ret = mbedtls_ssl_tls1_3_make_traffic_keys( md_type,
-                ssl->handshake->tls13_hs_secrets.client_handshake_traffic_secret,
-                ssl->handshake->tls13_hs_secrets.server_handshake_traffic_secret,
-                md_size,
-                keylen, ivlen, traffic_keys );
+                            tls13_hs_secrets->client_handshake_traffic_secret,
+                            tls13_hs_secrets->server_handshake_traffic_secret,
+                            md_size, keylen, ivlen, traffic_keys );
     if( ret != 0 )
     {
         MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_make_traffic_keys", ret );

From b85277e3af889e21bd779e2ba365f1af5253573a Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Wed, 13 Oct 2021 13:36:05 +0800
Subject: [PATCH 761/966] Address various issues

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ecdh.c             |  15 ++-
 library/ecdh_misc.h        |   8 +-
 library/ssl_tls13_client.c | 185 +++++++++++++++++--------------------
 library/ssl_tls13_keys.c   |   1 -
 4 files changed, 95 insertions(+), 114 deletions(-)

diff --git a/library/ecdh.c b/library/ecdh.c
index 27e5d739c6..ddd4ef545e 100644
--- a/library/ecdh.c
+++ b/library/ecdh.c
@@ -808,24 +808,21 @@ int mbedtls_ecdh_setup_no_everest( mbedtls_ecdh_context *ctx,
 
 static int ecdh_tls13_read_public_internal( mbedtls_ecdh_context_mbed *ctx,
                                             const unsigned char *buf,
-                                            size_t blen )
+                                            size_t buf_len )
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     const unsigned char *p = buf;
     size_t data_len;
 
-    if( blen < 3 )
+    if( buf_len < 3 )
         return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
 
     data_len = MBEDTLS_GET_UINT16_BE( p, 0 );
     p += 2;
 
-    if( data_len < 1 || data_len != ( blen - 2 ) )
+    if( data_len < 1 || data_len != ( buf_len - 2 ) )
         return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
 
-    /*
-     * Save buffer start for read_binary and update buf
-     */
     if( ( ret = mbedtls_ecp_point_read_binary( &ctx->grp,
                                                &ctx->Qp, p, data_len ) ) != 0)
     {
@@ -840,13 +837,13 @@ static int ecdh_tls13_read_public_internal( mbedtls_ecdh_context_mbed *ctx,
  */
 int mbedtls_ecdh_tls13_read_public( mbedtls_ecdh_context *ctx,
                                     const unsigned char *buf,
-                                    size_t blen )
+                                    size_t buf_len )
 {
     ECDH_VALIDATE_RET( ctx != NULL );
     ECDH_VALIDATE_RET( buf != NULL );
 
 #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
-    return( ecdh_tls13_read_public_internal( ctx, buf, blen ) );
+    return( ecdh_tls13_read_public_internal( ctx, buf, buf_len ) );
 #else
     switch( ctx->var )
     {
@@ -856,7 +853,7 @@ int mbedtls_ecdh_tls13_read_public( mbedtls_ecdh_context *ctx,
 #endif
         case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
             return( ecdh_tls13_read_public_internal( &ctx->ctx.mbed_ecdh,
-                                                     buf, blen ) );
+                                                     buf, buf_len ) );
         default:
             return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
     }
diff --git a/library/ecdh_misc.h b/library/ecdh_misc.h
index 228f54a31a..d0f338a837 100644
--- a/library/ecdh_misc.h
+++ b/library/ecdh_misc.h
@@ -36,19 +36,19 @@ int mbedtls_ecdh_setup_no_everest( mbedtls_ecdh_context *ctx,
                                    mbedtls_ecp_group_id grp_id );
 
 /*
- * TLS 1.3 version of mbedtls_ecdh_make_params in ecdh.h
+ * TLS 1.3 version of mbedtls_ecdh_make_params
  */
 int mbedtls_ecdh_tls13_make_params( mbedtls_ecdh_context *ctx, size_t *olen,
-                                    unsigned char *buf, size_t blen,
+                                    unsigned char *buf, size_t buf_len,
                                     int ( *f_rng )( void *, unsigned char *, size_t ),
                                     void *p_rng );
 
 /*
- * TLS 1.3 version of mbedtls_ecdh_read_public in ecdh.h
+ * TLS 1.3 version of mbedtls_ecdh_read_public
  */
 int mbedtls_ecdh_tls13_read_public( mbedtls_ecdh_context *ctx,
                                     const unsigned char *buf,
-                                    size_t blen );
+                                    size_t buf_len );
 
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
 
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 768caed96b..15bf43bb1c 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -97,12 +97,12 @@ static int ssl_tls13_write_supported_versions_ext( mbedtls_ssl_context *ssl,
 
 static int ssl_tls13_parse_supported_versions_ext( mbedtls_ssl_context *ssl,
                                                    const unsigned char *buf,
-                                                   size_t buf_len )
+                                                   const unsigned char *end )
 {
     ((void) ssl);
 
-    if( buf_len != 2 ||
-        buf[0] != MBEDTLS_SSL_MAJOR_VERSION_3 ||
+    MBEDTLS_SSL_CHK_BUF_READ_PTR( buf, end, 2);
+    if( buf[0] != MBEDTLS_SSL_MAJOR_VERSION_3 ||
         buf[1] != MBEDTLS_SSL_MINOR_VERSION_4 )
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "unexpected version" ) );
@@ -497,7 +497,7 @@ static int ssl_tls13_check_ecdh_params( const mbedtls_ssl_context *ssl )
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "ECDH curve: %s", curve_info->name ) );
 
     if( mbedtls_ssl_check_curve( ssl, grp_id ) != 0 )
-            return( -1 );
+        return( -1 );
 
     MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
                             MBEDTLS_DEBUG_ECDH_QP );
@@ -505,12 +505,6 @@ static int ssl_tls13_check_ecdh_params( const mbedtls_ssl_context *ssl )
     return( 0 );
 }
 
-/* The ssl_tls13_parse_key_share_ext() function is used
- *  by the client to parse a KeyShare extension in
- *  a Server Hello message.
- *
- *  The server only provides a single KeyShareEntry.
- */
 static int ssl_tls13_read_public_ecdhe_share( mbedtls_ssl_context *ssl,
                                               const unsigned char *buf,
                                               size_t buf_len )
@@ -522,12 +516,16 @@ static int ssl_tls13_read_public_ecdhe_share( mbedtls_ssl_context *ssl,
     if( ret != 0 )
     {
         MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ecdh_tls13_read_public" ), ret );
-        return( ret );
+
+        MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
+                                      MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+        return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
     }
 
     if( ssl_tls13_check_ecdh_params( ssl ) != 0 )
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "ssl_tls13_check_ecdh_params() failed!" ) );
+
         MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
                                       MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
         return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
@@ -538,7 +536,9 @@ static int ssl_tls13_read_public_ecdhe_share( mbedtls_ssl_context *ssl,
 #endif /* MBEDTLS_ECDH_C */
 
 /*
- * Parse key_share extension in Server Hello
+ * ssl_tls13_parse_key_share_ext()
+ *      Parse key_share extension in Server Hello
+ *
  * struct {
  *        KeyShareEntry server_share;
  * } KeyShareServerHello;
@@ -551,7 +551,7 @@ static int ssl_tls13_parse_key_share_ext( mbedtls_ssl_context *ssl,
                                           const unsigned char *buf,
                                           const unsigned char *end )
 {
-    int ret = 0;
+    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     const unsigned char *p = buf;
     uint16_t group, offered_group;
 
@@ -583,8 +583,9 @@ static int ssl_tls13_parse_key_share_ext( mbedtls_ssl_context *ssl,
         if( ret != 0 )
             return( ret );
     }
+    else
 #endif /* MBEDTLS_ECDH_C */
-    else if( 0 /* other KEMs? */ )
+    if( 0 /* other KEMs? */ )
     {
         /* Do something */
     }
@@ -883,9 +884,18 @@ cleanup:
 /*
  * Functions for parsing and processing Server Hello
  */
-static int ssl_server_hello_is_hrr( unsigned const char *buf, size_t blen )
+/* Fetch and preprocess
+ * Returns a negative value on failure, and otherwise
+ * - SSL_SERVER_HELLO_COORDINATE_HELLO or
+ * - SSL_SERVER_HELLO_COORDINATE_HRR
+ * to indicate which message is expected and to be parsed next. */
+#define SSL_SERVER_HELLO_COORDINATE_HELLO 0
+#define SSL_SERVER_HELLO_COORDINATE_HRR 1
+static int ssl_server_hello_is_hrr( mbedtls_ssl_context *ssl,
+                                    const unsigned char *buf,
+                                    const unsigned char *end )
 {
-    static const unsigned char magic_hrr_string[32] =
+    static const unsigned char magic_hrr_string[SERVER_HELLO_RANDOM_LEN] =
         { 0xCF, 0x21, 0xAD, 0x74, 0xE5, 0x9A, 0x61, 0x11,
           0xBE, 0x1D, 0x8C, 0x02, 0x1E, 0x65, 0xB8, 0x91,
           0xC2, 0xA2, 0x11, 0x16, 0x7A, 0xBB, 0x8C, 0x5E,
@@ -902,31 +912,23 @@ static int ssl_server_hello_is_hrr( unsigned const char *buf, size_t blen )
      *    opaque legacy_session_id_echo<0..32>;
      *    CipherSuite cipher_suite;
      *    uint8 legacy_compression_method = 0;
-     *    Extension extensions<6..2 ^ 16 - 1>;
+     *    Extension extensions<6..2^16-1>;
      * } ServerHello;
      *
      */
-    if( blen < 2 + sizeof( magic_hrr_string ) )
-        return (MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+    MBEDTLS_SSL_CHK_BUF_READ_PTR( buf, end, 2 + sizeof( magic_hrr_string ) );
 
     if( memcmp( buf + 2, magic_hrr_string, sizeof( magic_hrr_string ) ) == 0 )
     {
-        return( 1 );
+        return( SSL_SERVER_HELLO_COORDINATE_HRR );
     }
 
-    return( 0 );
+    return( SSL_SERVER_HELLO_COORDINATE_HELLO );
 }
 
-/* Fetch and preprocess
- * Returns a negative value on failure, and otherwise
- * - SSL_SERVER_HELLO_COORDINATE_HELLO or
- * - SSL_SERVER_HELLO_COORDINATE_HRR
- * to indicate which message is expected and to be parsed next. */
-#define SSL_SERVER_HELLO_COORDINATE_HELLO 0
-#define SSL_SERVER_HELLO_COORDINATE_HRR 1
-static int ssl_server_hello_coordinate( mbedtls_ssl_context *ssl,
-                                        unsigned char **buf,
-                                        size_t *buf_len )
+static int ssl_tls13_server_hello_coordinate( mbedtls_ssl_context *ssl,
+                                              unsigned char **buf,
+                                              size_t *buf_len )
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
@@ -945,15 +947,15 @@ static int ssl_server_hello_coordinate( mbedtls_ssl_context *ssl,
     *buf = ssl->in_msg + 4;
     *buf_len = ssl->in_hslen - 4;
 
-    if( ssl_server_hello_is_hrr( *buf, *buf_len ) )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "received HelloRetryRequest message" ) );
-        ret = SSL_SERVER_HELLO_COORDINATE_HRR;
-    }
-    else
+    ret = ssl_server_hello_is_hrr( ssl, *buf, *buf + *buf_len );
+    switch( ret )
     {
+    case SSL_SERVER_HELLO_COORDINATE_HELLO:
         MBEDTLS_SSL_DEBUG_MSG( 2, ( "received ServerHello message" ) );
-        ret = SSL_SERVER_HELLO_COORDINATE_HELLO;
+        break;
+    case SSL_SERVER_HELLO_COORDINATE_HRR:
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "received HelloRetryRequest message" ) );
+        break;
     }
 
 cleanup:
@@ -977,10 +979,6 @@ static int ssl_tls13_check_server_hello_session_id_echo( mbedtls_ssl_context *ss
     if( ssl->session_negotiate->id_len != legacy_session_id_echo_len ||
         memcmp( ssl->session_negotiate->id, p , legacy_session_id_echo_len ) != 0 )
     {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "Mismatch of session id length:"
-            " id_len = %" MBEDTLS_PRINTF_SIZET
-            " , legacy_session_id_echo_len = %" MBEDTLS_PRINTF_SIZET,
-            ssl->session_negotiate->id_len, legacy_session_id_echo_len ) );
         MBEDTLS_SSL_DEBUG_BUF( 3, "Expected Session ID",
                                ssl->session_negotiate->id,
                                ssl->session_negotiate->id_len );
@@ -1025,17 +1023,17 @@ static int ssl_tls13_cipher_suite_is_offered( mbedtls_ssl_context *ssl,
  *    opaque legacy_session_id_echo<0..32>;
  *    CipherSuite cipher_suite;
  *    uint8 legacy_compression_method = 0;
- *    Extension extensions<6..2 ^ 16 - 1>;
+ *    Extension extensions<6..2^16-1>;
  * } ServerHello;
  */
 static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl,
                                          const unsigned char *buf,
                                          const unsigned char *end )
 {
-    int ret;
+    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     const unsigned char *p = buf;
-    size_t extensions_len; /* Length of field */
-    const unsigned char *extensions_end; /* Pointer to end of individual extension */
+    size_t extensions_len;
+    const unsigned char *extensions_end;
     uint16_t cipher_suite;
     const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
 
@@ -1054,7 +1052,7 @@ static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl,
     MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, version", p, 2 );
 
     /* ...
-     * ProtocaolVersion legacy_version = 0x0303; // TLS 1.2
+     * ProtocolVersion legacy_version = 0x0303; // TLS 1.2
      * ...
      * with ProtocolVersion defined as:
      * uint16 ProtocolVersion;
@@ -1112,9 +1110,8 @@ static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl,
     if( ciphersuite_info == NULL ||
         ssl_tls13_cipher_suite_is_offered( ssl, cipher_suite ) == 0 )
     {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "ciphersuite info for %04x not found",
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "ciphersuite(%04x) not found or not offered",
                                     cipher_suite ) );
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
 
         MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
                                       MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
@@ -1142,17 +1139,16 @@ static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl,
     MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 1 );
     if( p[0] != 0 )
     {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad legacy compression method" ) );
         MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
                                       MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
         return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
     }
     p++;
 
-    /*
-     *    ....
-     *    Extension extensions<6..2 ^ 16 - 1>;
-     *    ....
+    /* ...
+     * Extension extensions<6..2^16-1>;
+     * ...
      * struct {
      *      ExtensionType extension_type; (2 bytes)
      *      opaque extension_data<0..2^16-1>;
@@ -1166,9 +1162,6 @@ static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl,
     MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, extensions_len );
     extensions_end = p + extensions_len;
 
-    MBEDTLS_SSL_DEBUG_MSG( 3,
-        ( "server hello, total extension length: %" MBEDTLS_PRINTF_SIZET ,
-          extensions_len ) );
     MBEDTLS_SSL_DEBUG_BUF( 3, "server hello extensions", p, extensions_len );
 
     while( p < extensions_end )
@@ -1190,7 +1183,8 @@ static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl,
                             ( "found supported_versions extension" ) );
 
                 ret = ssl_tls13_parse_supported_versions_ext( ssl,
-                                                        p, extension_data_len );
+                                                              p,
+                                                              p + extension_data_len );
                 if( ret != 0 )
                     return( ret );
                 break;
@@ -1238,45 +1232,39 @@ static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl,
 
 static int ssl_tls13_finalize_server_hello( mbedtls_ssl_context *ssl )
 {
-    int ret;
+    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_ssl_key_set traffic_keys;
     mbedtls_ssl_transform *transform_handshake = NULL;
+    mbedtls_ssl_handshake_params *handshake = ssl->handshake;
 
-    /* We need to set the key exchange algorithm based on the
-     * following rules:
-     *
-     *   1) IF PRE_SHARED_KEY extension was received
-     *          THEN set KEY_EXCHANGE_MODE_PSK_EPHEMERAL;
-     *   2) IF PRE_SHARED_KEY extension && KEY_SHARE was received
-     *          THEN set KEY_EXCHANGE_MODE_PSK;
-     *   3) IF KEY_SHARES extension was received && SIG_ALG extension received
-     *      THEN set KEY_EXCHANGE_MODE_EPHEMERAL
-     *   ELSE unknown key exchange mechanism.
+    /* Determine the key exchange mode:
+     * 1) If both the pre_shared_key and key_share extensions were received
+     *    then the key exchange mode is PSK with EPHEMERAL.
+     * 2) If only the pre_shared_key extension was received then the key
+     *    exchange mode is PSK-only.
+     * 3) If only the key_share extension was received then the key
+     *    exchange mode is EPHEMERAL-only.
      */
-    if( ssl->handshake->extensions_present & MBEDTLS_SSL_EXT_PRE_SHARED_KEY )
+    switch( handshake->extensions_present &
+            ( MBEDTLS_SSL_EXT_PRE_SHARED_KEY | MBEDTLS_SSL_EXT_KEY_SHARE ) )
     {
-        if( ssl->handshake->extensions_present & MBEDTLS_SSL_EXT_KEY_SHARE )
-        {
-            /* Condition 2) */
-            ssl->handshake->tls1_3_kex_modes =
-                MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_EPHEMERAL;
-        }
-        else
-        {
-            /* Condition 1) */
-            ssl->handshake->tls1_3_kex_modes =
-                MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK;
-        }
-    }
-    else if( ( ssl->handshake->extensions_present & MBEDTLS_SSL_EXT_KEY_SHARE ) )
-    {
-        /* Condition 3) */
-        ssl->handshake->tls1_3_kex_modes =
-            MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL;
-    }
-    else
-    {
-        /* ELSE case */
+    /* Only the pre_shared_key extension was received */
+    case MBEDTLS_SSL_EXT_PRE_SHARED_KEY:
+        handshake->tls1_3_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK;
+        break;
+
+    /* Only the key_share extension was received */
+    case MBEDTLS_SSL_EXT_KEY_SHARE:
+        handshake->tls1_3_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL;
+        break;
+
+    /* Both the pre_shared_key and key_share extensions were received */
+    case ( MBEDTLS_SSL_EXT_PRE_SHARED_KEY | MBEDTLS_SSL_EXT_KEY_SHARE ):
+        handshake->tls1_3_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_EPHEMERAL;
+        break;
+
+    /* Neither pre_shared_key nor key_share extension was received */
+    default:
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "Unknown key exchange." ) );
         ret = MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
         goto cleanup;
@@ -1313,8 +1301,7 @@ static int ssl_tls13_finalize_server_hello( mbedtls_ssl_context *ssl )
         goto cleanup;
     }
 
-    transform_handshake =
-        mbedtls_calloc( 1, sizeof( mbedtls_ssl_transform ) );
+    transform_handshake = mbedtls_calloc( 1, sizeof( mbedtls_ssl_transform ) );
     if( transform_handshake == NULL )
     {
         ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
@@ -1332,8 +1319,8 @@ static int ssl_tls13_finalize_server_hello( mbedtls_ssl_context *ssl )
         goto cleanup;
     }
 
-    ssl->handshake->transform_handshake = transform_handshake;
-    mbedtls_ssl_set_inbound_transform( ssl, ssl->handshake->transform_handshake );
+    handshake->transform_handshake = transform_handshake;
+    mbedtls_ssl_set_inbound_transform( ssl, transform_handshake );
 
     MBEDTLS_SSL_DEBUG_MSG( 1, ( "Switch to handshake keys for inbound traffic" ) );
     ssl->session_in = ssl->session_negotiate;
@@ -1348,8 +1335,7 @@ cleanup:
     mbedtls_platform_zeroize( &traffic_keys, sizeof( traffic_keys ) );
     if( ret != 0 )
     {
-        if( transform_handshake != NULL )
-            mbedtls_free( transform_handshake );
+        mbedtls_free( transform_handshake );
 
         MBEDTLS_SSL_PEND_FATAL_ALERT(
             MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE,
@@ -1375,11 +1361,10 @@ static int ssl_tls1_3_process_server_hello( mbedtls_ssl_context *ssl )
      * - Make sure it's either a ServerHello or a HRR.
      * - Switch processing routine in case of HRR
      */
-
     ssl->major_ver = MBEDTLS_SSL_MAJOR_VERSION_3;
     ssl->handshake->extensions_present = MBEDTLS_SSL_EXT_NONE;
 
-    ret = ssl_server_hello_coordinate( ssl, &buf, &buf_len );
+    ret = ssl_tls13_server_hello_coordinate( ssl, &buf, &buf_len );
     /* Parsing step
      * We know what message to expect by now and call
      * the respective parsing function.
diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index 4fe1d5c65e..35829f2323 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -1000,7 +1000,6 @@ int mbedtls_ssl_tls13_key_schedule_stage_handshake( mbedtls_ssl_context *ssl )
         }
         else if( mbedtls_ssl_tls13_named_group_is_dhe( handshake->offered_group_id ) )
         {
-            /* TODO: Not supported yet */
             MBEDTLS_SSL_DEBUG_MSG( 1, ( "DHE not supported." ) );
             return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
         }

From 193f0e74497fc97e56a31a075fb395cca8e85494 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Wed, 13 Oct 2021 18:33:13 +0800
Subject: [PATCH 762/966] fix build fail on tls1_3_md_max_size

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_misc.h | 2 --
 1 file changed, 2 deletions(-)

diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index fb611662c7..ceaf0588f3 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -307,9 +307,7 @@
       + ( MBEDTLS_SSL_CID_OUT_LEN_MAX ) )
 #endif
 
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
 #define MBEDTLS_TLS1_3_MD_MAX_SIZE         MBEDTLS_MD_MAX_SIZE
-#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
 
 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
 /**

From 745bb616a47d48378f4e4f2ce572f0f1678c4e96 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Wed, 13 Oct 2021 22:01:04 +0800
Subject: [PATCH 763/966] Fix format issue and enhance test

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_tls13_client.c | 51 +++++++++++++++++++++-----------------
 tests/ssl-opt.sh           |  9 +++++--
 2 files changed, 35 insertions(+), 25 deletions(-)

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 15bf43bb1c..2924fd8b68 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -926,6 +926,11 @@ static int ssl_server_hello_is_hrr( mbedtls_ssl_context *ssl,
     return( SSL_SERVER_HELLO_COORDINATE_HELLO );
 }
 
+/* Fetch and preprocess
+ * Returns a negative value on failure, and otherwise
+ * - SSL_SERVER_HELLO_COORDINATE_HELLO or
+ * - SSL_SERVER_HELLO_COORDINATE_HRR
+ */
 static int ssl_tls13_server_hello_coordinate( mbedtls_ssl_context *ssl,
                                               unsigned char **buf,
                                               size_t *buf_len )
@@ -950,12 +955,12 @@ static int ssl_tls13_server_hello_coordinate( mbedtls_ssl_context *ssl,
     ret = ssl_server_hello_is_hrr( ssl, *buf, *buf + *buf_len );
     switch( ret )
     {
-    case SSL_SERVER_HELLO_COORDINATE_HELLO:
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "received ServerHello message" ) );
-        break;
-    case SSL_SERVER_HELLO_COORDINATE_HRR:
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "received HelloRetryRequest message" ) );
-        break;
+        case SSL_SERVER_HELLO_COORDINATE_HELLO:
+            MBEDTLS_SSL_DEBUG_MSG( 2, ( "received ServerHello message" ) );
+            break;
+        case SSL_SERVER_HELLO_COORDINATE_HRR:
+            MBEDTLS_SSL_DEBUG_MSG( 2, ( "received HelloRetryRequest message" ) );
+            break;
     }
 
 cleanup:
@@ -1248,26 +1253,26 @@ static int ssl_tls13_finalize_server_hello( mbedtls_ssl_context *ssl )
     switch( handshake->extensions_present &
             ( MBEDTLS_SSL_EXT_PRE_SHARED_KEY | MBEDTLS_SSL_EXT_KEY_SHARE ) )
     {
-    /* Only the pre_shared_key extension was received */
-    case MBEDTLS_SSL_EXT_PRE_SHARED_KEY:
-        handshake->tls1_3_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK;
-        break;
+        /* Only the pre_shared_key extension was received */
+        case MBEDTLS_SSL_EXT_PRE_SHARED_KEY:
+            handshake->tls1_3_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK;
+            break;
 
-    /* Only the key_share extension was received */
-    case MBEDTLS_SSL_EXT_KEY_SHARE:
-        handshake->tls1_3_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL;
-        break;
+        /* Only the key_share extension was received */
+        case MBEDTLS_SSL_EXT_KEY_SHARE:
+            handshake->tls1_3_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL;
+            break;
 
-    /* Both the pre_shared_key and key_share extensions were received */
-    case ( MBEDTLS_SSL_EXT_PRE_SHARED_KEY | MBEDTLS_SSL_EXT_KEY_SHARE ):
-        handshake->tls1_3_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_EPHEMERAL;
-        break;
+        /* Both the pre_shared_key and key_share extensions were received */
+        case ( MBEDTLS_SSL_EXT_PRE_SHARED_KEY | MBEDTLS_SSL_EXT_KEY_SHARE ):
+            handshake->tls1_3_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_EPHEMERAL;
+            break;
 
-    /* Neither pre_shared_key nor key_share extension was received */
-    default:
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "Unknown key exchange." ) );
-        ret = MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
-        goto cleanup;
+        /* Neither pre_shared_key nor key_share extension was received */
+        default:
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "Unknown key exchange." ) );
+            ret = MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
+            goto cleanup;
     }
 
     /* Start the TLS 1.3 key schedule: Set the PSK and derive early secret.
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 2b91025fd2..ad7abbba07 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -8678,7 +8678,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
 requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
 run_test    "TLS1.3: Test client hello msg work - openssl" \
             "$O_NEXT_SRV -tls1_3 -msg" \
-            "$P_CLI debug_level=2 min_version=tls1_3 max_version=tls1_3" \
+            "$P_CLI debug_level=3 min_version=tls1_3 max_version=tls1_3" \
             1 \
             -c "SSL - The requested feature is not available" \
             -s "ServerHello"                \
@@ -8695,6 +8695,8 @@ run_test    "TLS1.3: Test client hello msg work - openssl" \
             -c "tls1_3 client state: 14"    \
             -c "tls1_3 client state: 15"    \
             -c "<= ssl_tls1_3_process_server_hello" \
+            -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
+            -c "ECDH curve: x25519"         \
             -c "=> ssl_tls1_3_process_server_hello"
 
 requires_gnutls_tls1_3
@@ -8702,7 +8704,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
 requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
 run_test    "TLS1.3: Test client hello msg work - gnutls" \
             "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --debug=4" \
-            "$P_CLI debug_level=2 min_version=tls1_3 max_version=tls1_3" \
+            "$P_CLI debug_level=3 min_version=tls1_3 max_version=tls1_3" \
             1 \
             -c "SSL - The requested feature is not available" \
             -s "SERVER HELLO was queued"    \
@@ -8719,8 +8721,11 @@ run_test    "TLS1.3: Test client hello msg work - gnutls" \
             -c "tls1_3 client state: 14"    \
             -c "tls1_3 client state: 15"    \
             -c "<= ssl_tls1_3_process_server_hello" \
+            -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
+            -c "ECDH curve: x25519"         \
             -c "=> ssl_tls1_3_process_server_hello"
 
+
 # Test heap memory usage after handshake
 requires_config_enabled MBEDTLS_MEMORY_DEBUG
 requires_config_enabled MBEDTLS_MEMORY_BUFFER_ALLOC_C

From 337d5318aed405853849be13a16a2a4e4dc05592 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Fri, 15 Oct 2021 10:09:05 +0800
Subject: [PATCH 764/966] replace md_max_size with tls13_md_max_size

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_misc.h | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index ceaf0588f3..904d8c77db 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -521,10 +521,10 @@ typedef struct
 
 typedef struct
 {
-    unsigned char client_application_traffic_secret_N[ MBEDTLS_MD_MAX_SIZE ];
-    unsigned char server_application_traffic_secret_N[ MBEDTLS_MD_MAX_SIZE ];
-    unsigned char exporter_master_secret             [ MBEDTLS_MD_MAX_SIZE ];
-    unsigned char resumption_master_secret           [ MBEDTLS_MD_MAX_SIZE ];
+    unsigned char client_application_traffic_secret_N[ MBEDTLS_TLS1_3_MD_MAX_SIZE ];
+    unsigned char server_application_traffic_secret_N[ MBEDTLS_TLS1_3_MD_MAX_SIZE ];
+    unsigned char exporter_master_secret             [ MBEDTLS_TLS1_3_MD_MAX_SIZE ];
+    unsigned char resumption_master_secret           [ MBEDTLS_TLS1_3_MD_MAX_SIZE ];
 } mbedtls_ssl_tls1_3_application_secrets;
 
 /*

From 7a186a0cbfc9e8b1b6c7184f5df050830a3cb4d1 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Fri, 15 Oct 2021 18:46:14 +0800
Subject: [PATCH 765/966] fix comment issue

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_tls13_client.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 2924fd8b68..ca82fdcc58 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -884,8 +884,7 @@ cleanup:
 /*
  * Functions for parsing and processing Server Hello
  */
-/* Fetch and preprocess
- * Returns a negative value on failure, and otherwise
+/* Returns a negative value on failure, and otherwise
  * - SSL_SERVER_HELLO_COORDINATE_HELLO or
  * - SSL_SERVER_HELLO_COORDINATE_HRR
  * to indicate which message is expected and to be parsed next. */

From ad3a113fc6aa6dd8bf2255228813e8218729d53a Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Mon, 25 Oct 2021 10:46:43 +0800
Subject: [PATCH 766/966] Remove MBEDTLS_SSL_EXPORT_KEYS

It is always on now in `development`

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_tls13_keys.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index 35829f2323..96f5310797 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -910,7 +910,6 @@ int mbedtls_ssl_tls13_generate_handshake_keys( mbedtls_ssl_context *ssl,
     /*
      * Export client handshake traffic secret
      */
-#if defined(MBEDTLS_SSL_EXPORT_KEYS)
     if( ssl->f_export_keys != NULL )
     {
         ssl->f_export_keys( ssl->p_export_keys,
@@ -929,7 +928,6 @@ int mbedtls_ssl_tls13_generate_handshake_keys( mbedtls_ssl_context *ssl,
                 handshake->randbytes,
                 MBEDTLS_SSL_TLS_PRF_NONE /* TODO: FIX! */ );
     }
-#endif /* MBEDTLS_SSL_EXPORT_KEYS */
 
     ret = mbedtls_ssl_tls1_3_make_traffic_keys( md_type,
                             tls13_hs_secrets->client_handshake_traffic_secret,

From 188468b5f441ebab28289f8fb271ded078eab78a Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Mon, 25 Oct 2021 10:48:24 +0800
Subject: [PATCH 767/966] Add reference link for Random definition

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_tls13_client.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index ca82fdcc58..989bdc0abc 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -1071,7 +1071,8 @@ static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl,
     }
     p += 2;
 
-    /* ...
+    /* From RFC8446, page 27.
+     * ...
      * Random random;
      * ...
      * with Random defined as:

From cbdedc54b9f0d532cf6920a6a2a6efb89182a66d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Tue, 11 May 2021 12:47:30 +0200
Subject: [PATCH 768/966] Allow cmake to generate error.c
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
---
 library/CMakeLists.txt | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index a5d692cbe4..a6d626b52e 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -109,6 +109,24 @@ set(src_tls
     ssl_tls13_generic.c
 )
 
+find_package(Perl REQUIRED)
+
+file(GLOB error_headers ${CMAKE_CURRENT_SOURCE_DIR}/../include/mbedtls/*.h)
+add_custom_command(
+    OUTPUT
+        ${CMAKE_CURRENT_BINARY_DIR}/error.c
+    COMMAND
+        ${PERL_EXECUTABLE}
+            ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/generate_errors.pl
+            ${CMAKE_CURRENT_SOURCE_DIR}/../include/mbedtls
+            ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/data_files
+            ${CMAKE_CURRENT_BINARY_DIR}/error.c
+    DEPENDS
+        ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/generate_errors.pl
+        ${error_headers}
+        ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/data_files/error.fmt
+)
+
 if(CMAKE_COMPILER_IS_GNUCC)
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wmissing-declarations -Wmissing-prototypes")
 endif(CMAKE_COMPILER_IS_GNUCC)

From 65a72031198b846546aeae90d484200282273a4d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Tue, 11 May 2021 13:02:44 +0200
Subject: [PATCH 769/966] Allow cmake to generate version_features.c
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
---
 library/CMakeLists.txt | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index a6d626b52e..187693d563 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -127,6 +127,21 @@ add_custom_command(
         ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/data_files/error.fmt
 )
 
+add_custom_command(
+    OUTPUT
+        ${CMAKE_CURRENT_BINARY_DIR}/version_features.c
+    COMMAND
+        ${PERL_EXECUTABLE}
+            ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/generate_features.pl
+            ${CMAKE_CURRENT_SOURCE_DIR}/../include/mbedtls
+            ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/data_files
+            ${CMAKE_CURRENT_BINARY_DIR}/version_features.c
+    DEPENDS
+        ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/generate_features.pl
+        ${CMAKE_CURRENT_SOURCE_DIR}/../include/mbedtls/mbedtls_config.h
+        ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/data_files/version_features.fmt
+)
+
 if(CMAKE_COMPILER_IS_GNUCC)
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wmissing-declarations -Wmissing-prototypes")
 endif(CMAKE_COMPILER_IS_GNUCC)

From aedca0c993bddb4996d1980b962e360d891a9c6a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Tue, 11 May 2021 13:45:54 +0200
Subject: [PATCH 770/966] Simplify source declarations in ssl/CMakeLists.txt
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

query_config was added twice, and while at it let's declare all the
sources in one place

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
---
 programs/ssl/CMakeLists.txt | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/programs/ssl/CMakeLists.txt b/programs/ssl/CMakeLists.txt
index def9c7cf6c..bdce56bfcc 100644
--- a/programs/ssl/CMakeLists.txt
+++ b/programs/ssl/CMakeLists.txt
@@ -22,6 +22,7 @@ foreach(exe IN LISTS executables)
     set(extra_sources "")
     if(exe STREQUAL "ssl_client2" OR exe STREQUAL "ssl_server2")
         list(APPEND extra_sources
+            ssl_test_lib.c
             ${CMAKE_CURRENT_SOURCE_DIR}/../test/query_config.c)
     endif()
     add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>
@@ -30,11 +31,6 @@ foreach(exe IN LISTS executables)
     target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
 endforeach()
 
-set_property(TARGET ssl_client2 APPEND PROPERTY SOURCES
-    ssl_test_lib.c ${CMAKE_CURRENT_SOURCE_DIR}/../test/query_config.c)
-set_property(TARGET ssl_server2 APPEND PROPERTY SOURCES
-    ssl_test_lib.c ${CMAKE_CURRENT_SOURCE_DIR}/../test/query_config.c)
-
 if(THREADS_FOUND)
     add_executable(ssl_pthread_server ssl_pthread_server.c $<TARGET_OBJECTS:mbedtls_test>)
     target_include_directories(ssl_pthread_server PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)

From 3a8413d3165af9b84859ca9e935ad4a183c2622c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Fri, 14 May 2021 09:23:57 +0200
Subject: [PATCH 771/966] Allow generate_query_config.pl to take arguments
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
---
 scripts/generate_query_config.pl | 26 ++++++++++++++++++--------
 1 file changed, 18 insertions(+), 8 deletions(-)

diff --git a/scripts/generate_query_config.pl b/scripts/generate_query_config.pl
index e3bbaa0745..eab986afad 100755
--- a/scripts/generate_query_config.pl
+++ b/scripts/generate_query_config.pl
@@ -14,7 +14,8 @@
 # information is used to automatically generate the body of the query_config()
 # function by using the template in scripts/data_files/query_config.fmt.
 #
-# Usage: ./scripts/generate_query_config.pl without arguments
+# Usage: scripts/generate_query_config.pl without arguments, or
+# generate_query_config.pl config_file template_file output_file
 #
 # Copyright The Mbed TLS Contributors
 # SPDX-License-Identifier: Apache-2.0
@@ -33,15 +34,24 @@
 
 use strict;
 
-my $config_file = "./include/mbedtls/mbedtls_config.h";
+my ($config_file, $query_config_format_file, $query_config_file);
 
-my $query_config_format_file = "./scripts/data_files/query_config.fmt";
-my $query_config_file = "./programs/test/query_config.c";
+if( @ARGV ) {
+    die "Invalid number of arguments" if scalar @ARGV != 3;
+    ($config_file, $query_config_format_file, $query_config_file) = @ARGV;
 
-unless( -f $config_file && -f $query_config_format_file ) {
-    chdir '..' or die;
-    -f $config_file && -f $query_config_format_file
-      or die "Without arguments, must be run from root or a subdirectory\n";
+    -f $config_file or die "No such file: $config_file";
+    -f $query_config_format_file or die "No such file: $query_config_format_file";
+} else {
+    $config_file = "./include/mbedtls/mbedtls_config.h";
+    $query_config_format_file = "./scripts/data_files/query_config.fmt";
+    $query_config_file = "./programs/test/query_config.c";
+
+    unless( -f $config_file && -f $query_config_format_file ) {
+        chdir '..' or die;
+        -f $config_file && -f $query_config_format_file
+          or die "Without arguments, must be run from root or a subdirectory\n";
+    }
 }
 
 # Excluded macros from the generated query_config.c. For example, macros that

From 86cfa6c27f989bca3c18399a27a276645352100c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Fri, 14 May 2021 10:07:33 +0200
Subject: [PATCH 772/966] Allow CMake to generate query_config.c
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This one was trickier for two reasons:

1. It's used from another directory, see
https://gitlab.kitware.com/cmake/community/-/wikis/FAQ#how-can-i-add-a-dependency-to-a-source-file-which-is-generated-in-a-subdirectory

2. The C file being generated after CMake is run means CMake can't
automatically scan for included headers and do its usual magic, so we
need to declare the dependency and more importantly the include path.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
---
 programs/ssl/CMakeLists.txt  | 17 ++++++++++++++++-
 programs/test/CMakeLists.txt | 27 ++++++++++++++++++++++++++-
 2 files changed, 42 insertions(+), 2 deletions(-)

diff --git a/programs/ssl/CMakeLists.txt b/programs/ssl/CMakeLists.txt
index bdce56bfcc..a14e264666 100644
--- a/programs/ssl/CMakeLists.txt
+++ b/programs/ssl/CMakeLists.txt
@@ -18,17 +18,32 @@ set(executables
     ssl_server2
 )
 
+# Inform CMake the the following file will be generated as part of the build
+# process, so it doesn't complain that it doesn't exist yet. Starting from
+# CMake 3.20, this will no longer be necessary as CMake will automatically
+# propagate this information accross the tree, for now it's only visible
+# inside the same directory, so we need to propagate manually.
+set_source_files_properties(
+    ${CMAKE_CURRENT_BINARY_DIR}/../test/query_config.c
+    PROPERTIES GENERATED TRUE)
+
 foreach(exe IN LISTS executables)
     set(extra_sources "")
     if(exe STREQUAL "ssl_client2" OR exe STREQUAL "ssl_server2")
         list(APPEND extra_sources
             ssl_test_lib.c
-            ${CMAKE_CURRENT_SOURCE_DIR}/../test/query_config.c)
+            ${CMAKE_CURRENT_SOURCE_DIR}/../test/query_config.h
+            ${CMAKE_CURRENT_BINARY_DIR}/../test/query_config.c)
     endif()
     add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>
         ${extra_sources})
     target_link_libraries(${exe} ${libs})
     target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
+    if(exe STREQUAL "ssl_client2" OR exe STREQUAL "ssl_server2")
+        add_dependencies(${exe} generate_query_config_c)
+        target_include_directories(${exe}
+            PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../test)
+    endif()
 endforeach()
 
 if(THREADS_FOUND)
diff --git a/programs/test/CMakeLists.txt b/programs/test/CMakeLists.txt
index a0a1b763cc..8193124e9e 100644
--- a/programs/test/CMakeLists.txt
+++ b/programs/test/CMakeLists.txt
@@ -27,15 +27,40 @@ if(TEST_CPP)
     target_link_libraries(cpp_dummy_build ${mbedcrypto_target})
 endif()
 
+find_package(Perl REQUIRED)
+
+add_custom_command(
+    OUTPUT
+        ${CMAKE_CURRENT_BINARY_DIR}/query_config.c
+    COMMAND
+        ${PERL}
+            ${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/generate_query_config.pl
+            ${CMAKE_CURRENT_SOURCE_DIR}/../../include/mbedtls/mbedtls_config.h
+            ${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/data_files/query_config.fmt
+            ${CMAKE_CURRENT_BINARY_DIR}/query_config.c
+    DEPENDS
+        ${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/generate_query_config.pl
+        ${CMAKE_CURRENT_SOURCE_DIR}/../../include/mbedtls/mbedtls_config.h
+        ${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/data_files/query_config.fmt
+)
+# this file will also be used in anoter directory, so create a target, see
+# https://gitlab.kitware.com/cmake/community/-/wikis/FAQ#how-can-i-add-a-dependency-to-a-source-file-which-is-generated-in-a-subdirectory
+add_custom_target(generate_query_config_c
+    DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/query_config.c)
+
 foreach(exe IN LISTS executables_libs executables_mbedcrypto)
     set(extra_sources "")
     if(exe STREQUAL "query_compile_time_config")
         list(APPEND extra_sources
-            ${CMAKE_CURRENT_SOURCE_DIR}/query_config.c)
+            ${CMAKE_CURRENT_SOURCE_DIR}/query_config.h
+            ${CMAKE_CURRENT_BINARY_DIR}/query_config.c)
     endif()
     add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>
         ${extra_sources})
     target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
+    if(exe STREQUAL "query_compile_time_config")
+        target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR})
+    endif()
 
     # This emulates "if ( ... IN_LIST ... )" which becomes available in CMake 3.3
     list(FIND executables_libs ${exe} exe_index)

From 15a42c3e2615c3e47069a63eb6e8b19551cfa2fc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Fri, 14 May 2021 10:33:32 +0200
Subject: [PATCH 773/966] Allow CMake to generate
 psa_constant_names_generated.c
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This one's a bit funny too as the generated file is not a source to the
executable (ie, it's not passed as an argument to the compiler), so
CMake's dependency resolution didn't work even though the file is in the
same directory.

For some reason, the following didn't work either:

    add_dependencies(psa_constant_names
        ${CMAKE_CURRENT_BINARY_DIR}/psa_constant_names_generated.c)

So, apply the same strategy as for cross-directory use of a generated
file by creating a target and using it as a dependency.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
---
 programs/psa/CMakeLists.txt | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/programs/psa/CMakeLists.txt b/programs/psa/CMakeLists.txt
index 23e85fea75..01bd687826 100644
--- a/programs/psa/CMakeLists.txt
+++ b/programs/psa/CMakeLists.txt
@@ -4,6 +4,21 @@ set(executables
     psa_constant_names
 )
 
+add_custom_command(
+    OUTPUT
+        ${CMAKE_CURRENT_BINARY_DIR}/psa_constant_names_generated.c
+    COMMAND
+        ${PYTHON}
+            ${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/generate_psa_constants.py
+            ${CMAKE_CURRENT_BINARY_DIR}
+    WORKING_DIRECTORY
+        ${CMAKE_CURRENT_SOURCE_DIR}/../..
+    DEPENDS
+        ${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/generate_psa_constants.py
+        ${CMAKE_CURRENT_SOURCE_DIR}/../../include/psa/crypto_values.h
+        ${CMAKE_CURRENT_SOURCE_DIR}/../../include/psa/crypto_extra.h
+)
+
 foreach(exe IN LISTS executables)
     add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
     target_link_libraries(${exe} ${mbedcrypto_target})
@@ -11,6 +26,9 @@ foreach(exe IN LISTS executables)
 endforeach()
 
 target_include_directories(psa_constant_names PRIVATE ${CMAKE_CURRENT_BINARY_DIR})
+add_custom_target(generate_psa_constant_names_generated_c
+    DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/psa_constant_names_generated.c)
+add_dependencies(psa_constant_names generate_psa_constant_names_generated_c)
 
 install(TARGETS ${executables}
         DESTINATION "bin"

From 42681f3bd0142eda32826c8012ac9143c9fc7af3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Fri, 14 May 2021 10:53:43 +0200
Subject: [PATCH 774/966] Improve formatting of CMake file
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- avoid very long lines
- match order of command arguments and dependencies
- group compiler flags together

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
---
 tests/CMakeLists.txt | 33 +++++++++++++++++++++++++--------
 1 file changed, 25 insertions(+), 8 deletions(-)

diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index fbd746e524..574b346dc7 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -13,11 +13,6 @@ if(NOT MBEDTLS_PYTHON_EXECUTABLE)
     message(FATAL_ERROR "Cannot build test suites without Python 3")
 endif()
 
-# Enable definition of various functions used throughout the testsuite
-# (gethostname, strdup, fileno...) even when compiling with -std=c99. Harmless
-# on non-POSIX platforms.
-add_definitions("-D_POSIX_C_SOURCE=200809L")
-
 # Test suites caught by SKIP_TEST_SUITES are built but not executed.
 # "foo" as a skip pattern skips "test_suite_foo" and "test_suite_foo.bar"
 # but not "test_suite_foobar".
@@ -33,9 +28,26 @@ function(add_test_suite suite_name)
     endif()
 
     add_custom_command(
-        OUTPUT test_suite_${data_name}.c
-        COMMAND ${MBEDTLS_PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_test_code.py -f ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${suite_name}.function -d ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${data_name}.data -t ${CMAKE_CURRENT_SOURCE_DIR}/suites/main_test.function -p ${CMAKE_CURRENT_SOURCE_DIR}/suites/host_test.function -s ${CMAKE_CURRENT_SOURCE_DIR}/suites --helpers-file ${CMAKE_CURRENT_SOURCE_DIR}/suites/helpers.function -o .
-        DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_test_code.py ${mbedtls_target} ${CMAKE_CURRENT_SOURCE_DIR}/suites/helpers.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/main_test.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/host_test.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${suite_name}.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${data_name}.data
+        OUTPUT
+            test_suite_${data_name}.c
+        COMMAND
+            ${MBEDTLS_PYTHON_EXECUTABLE}
+            ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_test_code.py
+            -f ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${suite_name}.function
+            -d ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${data_name}.data
+            -t ${CMAKE_CURRENT_SOURCE_DIR}/suites/main_test.function
+            -p ${CMAKE_CURRENT_SOURCE_DIR}/suites/host_test.function
+            -s ${CMAKE_CURRENT_SOURCE_DIR}/suites
+            --helpers-file ${CMAKE_CURRENT_SOURCE_DIR}/suites/helpers.function
+            -o .
+        DEPENDS
+            ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_test_code.py
+            ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${suite_name}.function
+            ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${data_name}.data
+            ${CMAKE_CURRENT_SOURCE_DIR}/suites/main_test.function
+            ${CMAKE_CURRENT_SOURCE_DIR}/suites/host_test.function
+            ${CMAKE_CURRENT_SOURCE_DIR}/suites/helpers.function
+            ${mbedtls_target}
     )
 
     add_executable(test_suite_${data_name} test_suite_${data_name}.c $<TARGET_OBJECTS:mbedtls_test>)
@@ -55,6 +67,11 @@ function(add_test_suite suite_name)
     endif()
 endfunction(add_test_suite)
 
+# Enable definition of various functions used throughout the testsuite
+# (gethostname, strdup, fileno...) even when compiling with -std=c99. Harmless
+# on non-POSIX platforms.
+add_definitions("-D_POSIX_C_SOURCE=200809L")
+
 if(CMAKE_COMPILER_IS_GNUCC OR CMAKE_COMPILER_IS_CLANG)
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wno-unused-function")
 endif(CMAKE_COMPILER_IS_GNUCC OR CMAKE_COMPILER_IS_CLANG)

From a9cb8941688a886a9ba7c6f0eaedd4f89d5004ad Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Fri, 14 May 2021 11:37:09 +0200
Subject: [PATCH 775/966] Add --directory option to generate_psa_tests.py
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
---
 tests/scripts/generate_psa_tests.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/tests/scripts/generate_psa_tests.py b/tests/scripts/generate_psa_tests.py
index 4c8143ff09..260a4c4c99 100755
--- a/tests/scripts/generate_psa_tests.py
+++ b/tests/scripts/generate_psa_tests.py
@@ -699,6 +699,8 @@ def main(args):
     parser = argparse.ArgumentParser(description=__doc__)
     parser.add_argument('--list', action='store_true',
                         help='List available targets and exit')
+    parser.add_argument('--directory', metavar='DIR',
+                        help='Output directory (default: tests/suites)')
     parser.add_argument('targets', nargs='*', metavar='TARGET',
                         help='Target file to generate (default: all; "-": none)')
     options = parser.parse_args(args)

From ce3ba8f030b101df116ee3634df255e3e022f6f1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Fri, 14 May 2021 12:03:37 +0200
Subject: [PATCH 776/966] Allow CMake to run generate_psa_tests
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Note: the test suites are actually generated in the source tree, due to
the use of

    link_to_source(suites)

This will be fixed in the next commit.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
---
 tests/CMakeLists.txt | 32 ++++++++++++++++++++++++++++++--
 1 file changed, 30 insertions(+), 2 deletions(-)

diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index 574b346dc7..cddedb455e 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -13,6 +13,24 @@ if(NOT MBEDTLS_PYTHON_EXECUTABLE)
     message(FATAL_ERROR "Cannot build test suites without Python 3")
 endif()
 
+add_custom_command(
+    OUTPUT
+        ${CMAKE_CURRENT_BINARY_DIR}/suites/test_suite_psa_crypto_not_supported.generated.data
+        ${CMAKE_CURRENT_BINARY_DIR}/suites/test_suite_psa_crypto_storage_format.current.data
+        ${CMAKE_CURRENT_BINARY_DIR}/suites/test_suite_psa_crypto_storage_format.v0.data
+    WORKING_DIRECTORY
+        ${CMAKE_CURRENT_SOURCE_DIR}/..
+    COMMAND
+        ${MBEDTLS_PYTHON_EXECUTABLE}
+        ${CMAKE_CURRENT_SOURCE_DIR}/../tests/scripts/generate_psa_tests.py
+        --directory ${CMAKE_CURRENT_BINARY_DIR}/suites
+    DEPENDS
+        ${CMAKE_CURRENT_SOURCE_DIR}/../tests/scripts/generate_psa_tests.py
+        ${CMAKE_CURRENT_SOURCE_DIR}/../include/psa/crypto_config.h
+        ${CMAKE_CURRENT_SOURCE_DIR}/../include/psa/crypto_values.h
+        ${CMAKE_CURRENT_SOURCE_DIR}/../include/psa/crypto_extra.h
+)
+
 # Test suites caught by SKIP_TEST_SUITES are built but not executed.
 # "foo" as a skip pattern skips "test_suite_foo" and "test_suite_foo.bar"
 # but not "test_suite_foobar".
@@ -27,6 +45,16 @@ function(add_test_suite suite_name)
         set(data_name ${suite_name})
     endif()
 
+    if(data_name STREQUAL "psa_crypto_not_supported.generated" OR
+       data_name STREQUAL "psa_crypto_storage_format.current" OR
+       data_name STREQUAL "psa_crypto_storage_format.v0")
+        set(data_file
+            ${CMAKE_CURRENT_BINARY_DIR}/suites/test_suite_${data_name}.data)
+    else()
+        set(data_file
+            ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${data_name}.data)
+    endif()
+
     add_custom_command(
         OUTPUT
             test_suite_${data_name}.c
@@ -34,7 +62,7 @@ function(add_test_suite suite_name)
             ${MBEDTLS_PYTHON_EXECUTABLE}
             ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_test_code.py
             -f ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${suite_name}.function
-            -d ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${data_name}.data
+            -d ${data_file}
             -t ${CMAKE_CURRENT_SOURCE_DIR}/suites/main_test.function
             -p ${CMAKE_CURRENT_SOURCE_DIR}/suites/host_test.function
             -s ${CMAKE_CURRENT_SOURCE_DIR}/suites
@@ -43,7 +71,7 @@ function(add_test_suite suite_name)
         DEPENDS
             ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_test_code.py
             ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${suite_name}.function
-            ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${data_name}.data
+            ${data_file}
             ${CMAKE_CURRENT_SOURCE_DIR}/suites/main_test.function
             ${CMAKE_CURRENT_SOURCE_DIR}/suites/host_test.function
             ${CMAKE_CURRENT_SOURCE_DIR}/suites/helpers.function

From 313bcfcde8188286874d21e8de4d19c05e0c4786 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Tue, 7 Sep 2021 12:16:49 +0200
Subject: [PATCH 777/966] Stop writing to the source tree.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Due to the directory test/suites being linked, the files generated there
where actually written to the source tree, not just the binary tree.

We no longer need this directory to be linked, that was a remnant of the
time where the .data files were read while running the tests; nowadays
they're processed when generating the test .c file.

Just create the directory, as the generating script quite reasonably
assumes that the output directory passed on the command line exists.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
---
 tests/CMakeLists.txt | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index cddedb455e..48716ae286 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -13,6 +13,9 @@ if(NOT MBEDTLS_PYTHON_EXECUTABLE)
     message(FATAL_ERROR "Cannot build test suites without Python 3")
 endif()
 
+# generated .data files will go there
+file(MAKE_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}/suites)
+
 add_custom_command(
     OUTPUT
         ${CMAKE_CURRENT_BINARY_DIR}/suites/test_suite_psa_crypto_not_supported.generated.data
@@ -215,5 +218,4 @@ if (NOT ${CMAKE_CURRENT_BINARY_DIR} STREQUAL ${CMAKE_CURRENT_SOURCE_DIR})
     link_to_source(data_files)
     link_to_source(scripts)
     link_to_source(ssl-opt.sh)
-    link_to_source(suites)
 endif()

From e90e405e15195414e50505c364183eba858763ff Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Wed, 8 Sep 2021 13:27:09 +0200
Subject: [PATCH 778/966] Introduce "Dev mode" option
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

When the option is On, CMake will have rules to generate the generated
files using scripts etc. When the option is Off, CMake will assume the
files are available from the source tree; in that mode, it won't require
any extra tools (Perl for example) compared to when we committed the
files to git.

The intention is that users will never need to adjust this option:

- in the development branch (and features branches etc.) the option is
always On (development mode);
- in released tarballs, which include the generated files, we'll switch
the option to Off (release mode) in the same commit that re-adds the
generated files.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
---
 CMakeLists.txt               |  1 +
 library/CMakeLists.txt       | 61 +++++++++++++++++++-----------------
 programs/psa/CMakeLists.txt  | 38 ++++++++++++----------
 programs/ssl/CMakeLists.txt  | 22 +++++++------
 programs/test/CMakeLists.txt | 36 +++++++++++----------
 tests/CMakeLists.txt         | 40 +++++++++++++----------
 6 files changed, 112 insertions(+), 86 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 210aba4893..2731d727c4 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -46,6 +46,7 @@ option(ENABLE_PROGRAMS "Build mbed TLS programs." ON)
 
 option(UNSAFE_BUILD "Allow unsafe builds. These builds ARE NOT SECURE." OFF)
 option(MBEDTLS_FATAL_WARNINGS "Compiler warnings treated as errors" ON)
+option(DEV_MODE "Development mode: (re)generate some files as needed" ON)
 
 string(REGEX MATCH "Clang" CMAKE_COMPILER_IS_CLANG "${CMAKE_C_COMPILER_ID}")
 string(REGEX MATCH "GNU" CMAKE_COMPILER_IS_GNU "${CMAKE_C_COMPILER_ID}")
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index 187693d563..f3b93fbdff 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -109,38 +109,43 @@ set(src_tls
     ssl_tls13_generic.c
 )
 
-find_package(Perl REQUIRED)
+if(DEV_MODE)
+    find_package(Perl REQUIRED)
 
-file(GLOB error_headers ${CMAKE_CURRENT_SOURCE_DIR}/../include/mbedtls/*.h)
-add_custom_command(
-    OUTPUT
-        ${CMAKE_CURRENT_BINARY_DIR}/error.c
-    COMMAND
-        ${PERL_EXECUTABLE}
-            ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/generate_errors.pl
-            ${CMAKE_CURRENT_SOURCE_DIR}/../include/mbedtls
-            ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/data_files
+    file(GLOB error_headers ${CMAKE_CURRENT_SOURCE_DIR}/../include/mbedtls/*.h)
+    add_custom_command(
+        OUTPUT
             ${CMAKE_CURRENT_BINARY_DIR}/error.c
-    DEPENDS
-        ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/generate_errors.pl
-        ${error_headers}
-        ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/data_files/error.fmt
-)
+        COMMAND
+            ${PERL_EXECUTABLE}
+                ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/generate_errors.pl
+                ${CMAKE_CURRENT_SOURCE_DIR}/../include/mbedtls
+                ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/data_files
+                ${CMAKE_CURRENT_BINARY_DIR}/error.c
+        DEPENDS
+            ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/generate_errors.pl
+            ${error_headers}
+            ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/data_files/error.fmt
+    )
 
-add_custom_command(
-    OUTPUT
-        ${CMAKE_CURRENT_BINARY_DIR}/version_features.c
-    COMMAND
-        ${PERL_EXECUTABLE}
-            ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/generate_features.pl
-            ${CMAKE_CURRENT_SOURCE_DIR}/../include/mbedtls
-            ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/data_files
+    add_custom_command(
+        OUTPUT
             ${CMAKE_CURRENT_BINARY_DIR}/version_features.c
-    DEPENDS
-        ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/generate_features.pl
-        ${CMAKE_CURRENT_SOURCE_DIR}/../include/mbedtls/mbedtls_config.h
-        ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/data_files/version_features.fmt
-)
+        COMMAND
+            ${PERL_EXECUTABLE}
+                ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/generate_features.pl
+                ${CMAKE_CURRENT_SOURCE_DIR}/../include/mbedtls
+                ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/data_files
+                ${CMAKE_CURRENT_BINARY_DIR}/version_features.c
+        DEPENDS
+            ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/generate_features.pl
+            ${CMAKE_CURRENT_SOURCE_DIR}/../include/mbedtls/mbedtls_config.h
+            ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/data_files/version_features.fmt
+    )
+else()
+    link_to_source(error.c)
+    link_to_source(version_features.c)
+endif()
 
 if(CMAKE_COMPILER_IS_GNUCC)
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wmissing-declarations -Wmissing-prototypes")
diff --git a/programs/psa/CMakeLists.txt b/programs/psa/CMakeLists.txt
index 01bd687826..c5d0d28dd4 100644
--- a/programs/psa/CMakeLists.txt
+++ b/programs/psa/CMakeLists.txt
@@ -4,20 +4,24 @@ set(executables
     psa_constant_names
 )
 
-add_custom_command(
-    OUTPUT
-        ${CMAKE_CURRENT_BINARY_DIR}/psa_constant_names_generated.c
-    COMMAND
-        ${PYTHON}
+if(DEV_MODE)
+    add_custom_command(
+        OUTPUT
+            ${CMAKE_CURRENT_BINARY_DIR}/psa_constant_names_generated.c
+        COMMAND
+            ${PYTHON}
+                ${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/generate_psa_constants.py
+                ${CMAKE_CURRENT_BINARY_DIR}
+        WORKING_DIRECTORY
+            ${CMAKE_CURRENT_SOURCE_DIR}/../..
+        DEPENDS
             ${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/generate_psa_constants.py
-            ${CMAKE_CURRENT_BINARY_DIR}
-    WORKING_DIRECTORY
-        ${CMAKE_CURRENT_SOURCE_DIR}/../..
-    DEPENDS
-        ${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/generate_psa_constants.py
-        ${CMAKE_CURRENT_SOURCE_DIR}/../../include/psa/crypto_values.h
-        ${CMAKE_CURRENT_SOURCE_DIR}/../../include/psa/crypto_extra.h
-)
+            ${CMAKE_CURRENT_SOURCE_DIR}/../../include/psa/crypto_values.h
+            ${CMAKE_CURRENT_SOURCE_DIR}/../../include/psa/crypto_extra.h
+    )
+else()
+    link_to_source(psa_constant_names_generated.c)
+endif()
 
 foreach(exe IN LISTS executables)
     add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
@@ -26,9 +30,11 @@ foreach(exe IN LISTS executables)
 endforeach()
 
 target_include_directories(psa_constant_names PRIVATE ${CMAKE_CURRENT_BINARY_DIR})
-add_custom_target(generate_psa_constant_names_generated_c
-    DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/psa_constant_names_generated.c)
-add_dependencies(psa_constant_names generate_psa_constant_names_generated_c)
+if(DEV_MODE)
+    add_custom_target(generate_psa_constant_names_generated_c
+        DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/psa_constant_names_generated.c)
+    add_dependencies(psa_constant_names generate_psa_constant_names_generated_c)
+endif()
 
 install(TARGETS ${executables}
         DESTINATION "bin"
diff --git a/programs/ssl/CMakeLists.txt b/programs/ssl/CMakeLists.txt
index a14e264666..e8d2865d9e 100644
--- a/programs/ssl/CMakeLists.txt
+++ b/programs/ssl/CMakeLists.txt
@@ -18,14 +18,16 @@ set(executables
     ssl_server2
 )
 
-# Inform CMake the the following file will be generated as part of the build
-# process, so it doesn't complain that it doesn't exist yet. Starting from
-# CMake 3.20, this will no longer be necessary as CMake will automatically
-# propagate this information accross the tree, for now it's only visible
-# inside the same directory, so we need to propagate manually.
-set_source_files_properties(
-    ${CMAKE_CURRENT_BINARY_DIR}/../test/query_config.c
-    PROPERTIES GENERATED TRUE)
+if(DEV_MODE)
+    # Inform CMake the the following file will be generated as part of the build
+    # process, so it doesn't complain that it doesn't exist yet. Starting from
+    # CMake 3.20, this will no longer be necessary as CMake will automatically
+    # propagate this information accross the tree, for now it's only visible
+    # inside the same directory, so we need to propagate manually.
+    set_source_files_properties(
+        ${CMAKE_CURRENT_BINARY_DIR}/../test/query_config.c
+        PROPERTIES GENERATED TRUE)
+endif()
 
 foreach(exe IN LISTS executables)
     set(extra_sources "")
@@ -40,7 +42,9 @@ foreach(exe IN LISTS executables)
     target_link_libraries(${exe} ${libs})
     target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
     if(exe STREQUAL "ssl_client2" OR exe STREQUAL "ssl_server2")
-        add_dependencies(${exe} generate_query_config_c)
+        if(DEV_MODE)
+            add_dependencies(${exe} generate_query_config_c)
+        endif()
         target_include_directories(${exe}
             PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../test)
     endif()
diff --git a/programs/test/CMakeLists.txt b/programs/test/CMakeLists.txt
index 8193124e9e..053b03c952 100644
--- a/programs/test/CMakeLists.txt
+++ b/programs/test/CMakeLists.txt
@@ -27,26 +27,30 @@ if(TEST_CPP)
     target_link_libraries(cpp_dummy_build ${mbedcrypto_target})
 endif()
 
-find_package(Perl REQUIRED)
+if(DEV_MODE)
+    find_package(Perl REQUIRED)
 
-add_custom_command(
-    OUTPUT
-        ${CMAKE_CURRENT_BINARY_DIR}/query_config.c
-    COMMAND
-        ${PERL}
+    add_custom_command(
+        OUTPUT
+            ${CMAKE_CURRENT_BINARY_DIR}/query_config.c
+        COMMAND
+            ${PERL}
+                ${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/generate_query_config.pl
+                ${CMAKE_CURRENT_SOURCE_DIR}/../../include/mbedtls/mbedtls_config.h
+                ${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/data_files/query_config.fmt
+                ${CMAKE_CURRENT_BINARY_DIR}/query_config.c
+        DEPENDS
             ${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/generate_query_config.pl
             ${CMAKE_CURRENT_SOURCE_DIR}/../../include/mbedtls/mbedtls_config.h
             ${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/data_files/query_config.fmt
-            ${CMAKE_CURRENT_BINARY_DIR}/query_config.c
-    DEPENDS
-        ${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/generate_query_config.pl
-        ${CMAKE_CURRENT_SOURCE_DIR}/../../include/mbedtls/mbedtls_config.h
-        ${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/data_files/query_config.fmt
-)
-# this file will also be used in anoter directory, so create a target, see
-# https://gitlab.kitware.com/cmake/community/-/wikis/FAQ#how-can-i-add-a-dependency-to-a-source-file-which-is-generated-in-a-subdirectory
-add_custom_target(generate_query_config_c
-    DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/query_config.c)
+    )
+    # this file will also be used in anoter directory, so create a target, see
+    # https://gitlab.kitware.com/cmake/community/-/wikis/FAQ#how-can-i-add-a-dependency-to-a-source-file-which-is-generated-in-a-subdirectory
+    add_custom_target(generate_query_config_c
+        DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/query_config.c)
+else()
+    link_to_source(query_config.c)
+endif()
 
 foreach(exe IN LISTS executables_libs executables_mbedcrypto)
     set(extra_sources "")
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index 48716ae286..454fe5aabd 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -16,23 +16,29 @@ endif()
 # generated .data files will go there
 file(MAKE_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}/suites)
 
-add_custom_command(
-    OUTPUT
-        ${CMAKE_CURRENT_BINARY_DIR}/suites/test_suite_psa_crypto_not_supported.generated.data
-        ${CMAKE_CURRENT_BINARY_DIR}/suites/test_suite_psa_crypto_storage_format.current.data
-        ${CMAKE_CURRENT_BINARY_DIR}/suites/test_suite_psa_crypto_storage_format.v0.data
-    WORKING_DIRECTORY
-        ${CMAKE_CURRENT_SOURCE_DIR}/..
-    COMMAND
-        ${MBEDTLS_PYTHON_EXECUTABLE}
-        ${CMAKE_CURRENT_SOURCE_DIR}/../tests/scripts/generate_psa_tests.py
-        --directory ${CMAKE_CURRENT_BINARY_DIR}/suites
-    DEPENDS
-        ${CMAKE_CURRENT_SOURCE_DIR}/../tests/scripts/generate_psa_tests.py
-        ${CMAKE_CURRENT_SOURCE_DIR}/../include/psa/crypto_config.h
-        ${CMAKE_CURRENT_SOURCE_DIR}/../include/psa/crypto_values.h
-        ${CMAKE_CURRENT_SOURCE_DIR}/../include/psa/crypto_extra.h
-)
+if(DEV_MODE)
+    add_custom_command(
+        OUTPUT
+            ${CMAKE_CURRENT_BINARY_DIR}/suites/test_suite_psa_crypto_not_supported.generated.data
+            ${CMAKE_CURRENT_BINARY_DIR}/suites/test_suite_psa_crypto_storage_format.current.data
+            ${CMAKE_CURRENT_BINARY_DIR}/suites/test_suite_psa_crypto_storage_format.v0.data
+        WORKING_DIRECTORY
+            ${CMAKE_CURRENT_SOURCE_DIR}/..
+        COMMAND
+            ${MBEDTLS_PYTHON_EXECUTABLE}
+            ${CMAKE_CURRENT_SOURCE_DIR}/../tests/scripts/generate_psa_tests.py
+            --directory ${CMAKE_CURRENT_BINARY_DIR}/suites
+        DEPENDS
+            ${CMAKE_CURRENT_SOURCE_DIR}/../tests/scripts/generate_psa_tests.py
+            ${CMAKE_CURRENT_SOURCE_DIR}/../include/psa/crypto_config.h
+            ${CMAKE_CURRENT_SOURCE_DIR}/../include/psa/crypto_values.h
+            ${CMAKE_CURRENT_SOURCE_DIR}/../include/psa/crypto_extra.h
+    )
+else()
+    link_to_source(suites/test_suite_psa_crypto_not_supported.generated.data)
+    link_to_source(suites/test_suite_psa_crypto_storage_format.current.data)
+    link_to_source(suites/test_suite_psa_crypto_storage_format.v0.data)
+endif()
 
 # Test suites caught by SKIP_TEST_SUITES are built but not executed.
 # "foo" as a skip pattern skips "test_suite_foo" and "test_suite_foo.bar"

From 389150d4dbb6a8ee0666cd5ccf78d6fdb8b349f8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Thu, 9 Sep 2021 10:51:16 +0200
Subject: [PATCH 779/966] Cleanup: remove *.datax files with CMake
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Unrelated to other commits in this PR, except when running manual tests
I kept noticing these files where left over.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
---
 tests/CMakeLists.txt | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index 454fe5aabd..6d54d7c576 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -85,6 +85,8 @@ function(add_test_suite suite_name)
             ${CMAKE_CURRENT_SOURCE_DIR}/suites/host_test.function
             ${CMAKE_CURRENT_SOURCE_DIR}/suites/helpers.function
             ${mbedtls_target}
+        BYPRODUCTS
+            test_suite_${data_name}.datax
     )
 
     add_executable(test_suite_${data_name} test_suite_${data_name}.c $<TARGET_OBJECTS:mbedtls_test>)

From bfe54d703d2709ae9b24780d4382bf801e11a54d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Thu, 9 Sep 2021 11:11:44 +0200
Subject: [PATCH 780/966] Cleanup: rm all files generated by cmake
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Again, unrelated, except I kept noticing.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
---
 tests/scripts/all.sh | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 099174372e..27a83a23b4 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -292,7 +292,8 @@ cleanup()
            -iname CMakeFiles -exec rm -rf {} \+ -o \
            \( -iname cmake_install.cmake -o \
               -iname CTestTestfile.cmake -o \
-              -iname CMakeCache.txt \) -exec rm -f {} \+
+              -iname CMakeCache.txt -o \
+              -path './cmake/*.cmake' \) -exec rm -f {} \+
     # Recover files overwritten by in-tree CMake builds
     rm -f include/Makefile include/mbedtls/Makefile programs/*/Makefile
 

From 9327fb33a6fa32daa42926d5bc500df08b54c51d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Thu, 9 Sep 2021 11:46:25 +0200
Subject: [PATCH 781/966] Fix test_ref_config component of all.sh
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
---
 tests/scripts/all.sh | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 27a83a23b4..d3fba17877 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -999,7 +999,16 @@ component_test_psa_crypto_rsa_no_genprime() {
 
 component_test_ref_configs () {
     msg "test/build: ref-configs (ASan build)" # ~ 6 min 20s
-    CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
+    # test-ref-configs works by overwriting mbedtls_config.h; this makes cmake
+    # want to re-generate generated files that depend on it, quite correctly.
+    # However this doesn't work as the generation script expects a specific
+    # format for mbedtls_config.h, which the other files don't follow. Also,
+    # cmake can't know this, but re-generation is actually not necessary as
+    # the generated files only depend on the list of availabe options, not
+    # whether they're on or off. So, disable cmake's (over-sensitive here)
+    # dependency resolution for generated files and just rely on them being
+    # present (thanks for pre_generate_files) by turning DEV_MODE off.
+    CC=gcc cmake -D DEV_MODE=Off -D CMAKE_BUILD_TYPE:String=Asan .
     tests/scripts/test-ref-configs.pl
 }
 

From e12e7f47de986686c257e549841de557f9851f77 Mon Sep 17 00:00:00 2001
From: David Horstmann <david.horstmann@arm.com>
Date: Fri, 15 Oct 2021 19:10:15 +0100
Subject: [PATCH 782/966] Get generated data file list from script

Use the generate_psa_tests.py script to generate the list
of test data files used as output files by cmake.

Do this by introducing a new option --list-for-cmake
that prints a semicolon-separated list of the data files
with no terminating newline (since this is how a cmake list
is represented).

Replace the hard-coded output file list with a variable
generated by the script using this option.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
---
 tests/CMakeLists.txt                | 13 ++++++++++---
 tests/scripts/generate_psa_tests.py | 11 +++++++++++
 2 files changed, 21 insertions(+), 3 deletions(-)

diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index 6d54d7c576..ef41f2996e 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -17,11 +17,18 @@ endif()
 file(MAKE_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}/suites)
 
 if(DEV_MODE)
+    execute_process(
+        COMMAND
+            ${CMAKE_CURRENT_SOURCE_DIR}/../tests/scripts/generate_psa_tests.py
+            --list-for-cmake
+            --directory ${CMAKE_CURRENT_BINARY_DIR}/suites
+        WORKING_DIRECTORY
+            ${CMAKE_CURRENT_SOURCE_DIR}/..
+        OUTPUT_VARIABLE
+            TEST_SUITE_DATA_FILES)
     add_custom_command(
         OUTPUT
-            ${CMAKE_CURRENT_BINARY_DIR}/suites/test_suite_psa_crypto_not_supported.generated.data
-            ${CMAKE_CURRENT_BINARY_DIR}/suites/test_suite_psa_crypto_storage_format.current.data
-            ${CMAKE_CURRENT_BINARY_DIR}/suites/test_suite_psa_crypto_storage_format.v0.data
+            ${TEST_SUITE_DATA_FILES}
         WORKING_DIRECTORY
             ${CMAKE_CURRENT_SOURCE_DIR}/..
         COMMAND
diff --git a/tests/scripts/generate_psa_tests.py b/tests/scripts/generate_psa_tests.py
index 260a4c4c99..16e27ee6bb 100755
--- a/tests/scripts/generate_psa_tests.py
+++ b/tests/scripts/generate_psa_tests.py
@@ -699,6 +699,8 @@ def main(args):
     parser = argparse.ArgumentParser(description=__doc__)
     parser.add_argument('--list', action='store_true',
                         help='List available targets and exit')
+    parser.add_argument('--list-for-cmake', action='store_true',
+                        help='Print \';\'-separated list of available targets and exit')
     parser.add_argument('--directory', metavar='DIR',
                         help='Output directory (default: tests/suites)')
     parser.add_argument('targets', nargs='*', metavar='TARGET',
@@ -710,6 +712,15 @@ def main(args):
         for name in sorted(generator.TARGETS):
             print(generator.filename_for(name))
         return
+    # List in a cmake list format (i.e. ';'-separated)
+    if options.list_for_cmake:
+        filenames = []
+        for name in sorted(generator.TARGETS):
+            if ';' in generator.filename_for(name):
+                raise ValueError('Cannot pass filename containing \';\' to cmake: ' + name)
+            filenames.append(generator.filename_for(name))
+        print(';'.join(filenames), end='')
+        return
     if options.targets:
         # Allow "-" as a special case so you can run
         # ``generate_psa_tests.py - $targets`` and it works uniformly whether

From 7b78ec88a4b6dff9345ff534541aa80f8f92b4dc Mon Sep 17 00:00:00 2001
From: David Horstmann <david.horstmann@arm.com>
Date: Tue, 19 Oct 2021 14:43:54 +0100
Subject: [PATCH 783/966] Change variable name to lowercase

This seems more correct for variables that are only used in
a small area of the cmake file.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
---
 tests/CMakeLists.txt | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index ef41f2996e..ef484f68e2 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -25,10 +25,10 @@ if(DEV_MODE)
         WORKING_DIRECTORY
             ${CMAKE_CURRENT_SOURCE_DIR}/..
         OUTPUT_VARIABLE
-            TEST_SUITE_DATA_FILES)
+            test_suite_data_files)
     add_custom_command(
         OUTPUT
-            ${TEST_SUITE_DATA_FILES}
+            ${test_suite_data_files}
         WORKING_DIRECTORY
             ${CMAKE_CURRENT_SOURCE_DIR}/..
         COMMAND

From 1732b5d6ee51aa6bb7c7b61bf265864c79ebbdab Mon Sep 17 00:00:00 2001
From: David Horstmann <david.horstmann@arm.com>
Date: Tue, 19 Oct 2021 16:43:53 +0100
Subject: [PATCH 784/966] Move test link_to_source() calls into a foreach

This removes a hardcoded list of generated test names

Signed-off-by: David Horstmann <david.horstmann@arm.com>
---
 tests/CMakeLists.txt | 25 +++++++++++++------------
 1 file changed, 13 insertions(+), 12 deletions(-)

diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index ef484f68e2..4e44f88211 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -16,16 +16,17 @@ endif()
 # generated .data files will go there
 file(MAKE_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}/suites)
 
+execute_process(
+    COMMAND
+        ${CMAKE_CURRENT_SOURCE_DIR}/../tests/scripts/generate_psa_tests.py
+        --list-for-cmake
+        --directory ${CMAKE_CURRENT_BINARY_DIR}/suites
+    WORKING_DIRECTORY
+        ${CMAKE_CURRENT_SOURCE_DIR}/..
+    OUTPUT_VARIABLE
+        test_suite_data_files)
+
 if(DEV_MODE)
-    execute_process(
-        COMMAND
-            ${CMAKE_CURRENT_SOURCE_DIR}/../tests/scripts/generate_psa_tests.py
-            --list-for-cmake
-            --directory ${CMAKE_CURRENT_BINARY_DIR}/suites
-        WORKING_DIRECTORY
-            ${CMAKE_CURRENT_SOURCE_DIR}/..
-        OUTPUT_VARIABLE
-            test_suite_data_files)
     add_custom_command(
         OUTPUT
             ${test_suite_data_files}
@@ -42,9 +43,9 @@ if(DEV_MODE)
             ${CMAKE_CURRENT_SOURCE_DIR}/../include/psa/crypto_extra.h
     )
 else()
-    link_to_source(suites/test_suite_psa_crypto_not_supported.generated.data)
-    link_to_source(suites/test_suite_psa_crypto_storage_format.current.data)
-    link_to_source(suites/test_suite_psa_crypto_storage_format.v0.data)
+    foreach(file ${test_suite_data_files})
+        link_to_source(${file})
+    endforeach()
 endif()
 
 # Test suites caught by SKIP_TEST_SUITES are built but not executed.

From b3a5424a4e6e1c09d9b38ed1aa2b9cc1644bf3ce Mon Sep 17 00:00:00 2001
From: David Horstmann <david.horstmann@arm.com>
Date: Tue, 19 Oct 2021 18:37:04 +0100
Subject: [PATCH 785/966] Add function to remove last filename extension

Add a new function that takes a string and removes the
portion following the last '.' character, usually a file
extension. This would transform:
 * "a.b.c" into "a.b"
 * "name." into "name"
 * ".name" into ""
 * "no_dot" into "no_dot" (i.e. no change)

CMake's existing file-extension-removal command removes
the largest possible extension which would make "a.b.c"
into "a", which is incorrect for handling tests that have
'.'s within their names.

The desired behaviour was added in CMake 3.14, but we
support CMake >= 3.5.1 (for 3.0) and >= 2.8.12.2 (for 2.x)
at the time of writing.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
---
 CMakeLists.txt | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 2731d727c4..9c34da9228 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -136,6 +136,22 @@ function(link_to_source base_name)
     endif()
 endfunction(link_to_source)
 
+# Get the filename without the final extension (i.e. convert "a.b.c" to "a.b")
+function(get_name_without_last_ext dest_var full_name)
+    # Split into a list on '.' (but a cmake list is just a ';'-separated string)
+    string(REPLACE "." ";" ext_parts "${full_name}")
+    # Remove the last item if there are more than one
+    list(LENGTH ext_parts ext_parts_len)
+    if (${ext_parts_len} GREATER "1")
+        math(EXPR ext_parts_last_item "${ext_parts_len} - 1")
+        list(REMOVE_AT ext_parts ${ext_parts_last_item})
+    endif()
+    # Convert back to a string by replacing separators with '.'
+    string(REPLACE ";" "." no_ext_name "${ext_parts}")
+    # Copy into the desired variable
+    set(${dest_var} ${no_ext_name} PARENT_SCOPE)
+endfunction(get_name_without_last_ext)
+
 string(REGEX MATCH "Clang" CMAKE_COMPILER_IS_CLANG "${CMAKE_C_COMPILER_ID}")
 
 include(CheckCCompilerFlag)

From ae7bd3513cf1c47740cbdeccc105728f07025086 Mon Sep 17 00:00:00 2001
From: David Horstmann <david.horstmann@arm.com>
Date: Tue, 19 Oct 2021 19:05:42 +0100
Subject: [PATCH 786/966] Select test data directory using generated list

Remove a hardcoded list of tests that use generated
".data" files, and instead derive this list from the existing
list of test files (created using generate_psa_tests.py).

This reduces the maintenance burden as only the list
in generate_psa_tests.py needs to be updated.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
---
 tests/CMakeLists.txt | 23 +++++++++++++++++------
 1 file changed, 17 insertions(+), 6 deletions(-)

diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index 4e44f88211..d25f77239c 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -24,12 +24,12 @@ execute_process(
     WORKING_DIRECTORY
         ${CMAKE_CURRENT_SOURCE_DIR}/..
     OUTPUT_VARIABLE
-        test_suite_data_files)
+        generated_data_files)
 
 if(DEV_MODE)
     add_custom_command(
         OUTPUT
-            ${test_suite_data_files}
+            ${generated_data_files}
         WORKING_DIRECTORY
             ${CMAKE_CURRENT_SOURCE_DIR}/..
         COMMAND
@@ -43,7 +43,7 @@ if(DEV_MODE)
             ${CMAKE_CURRENT_SOURCE_DIR}/../include/psa/crypto_extra.h
     )
 else()
-    foreach(file ${test_suite_data_files})
+    foreach(file ${generated_data_files})
         link_to_source(${file})
     endforeach()
 endif()
@@ -62,9 +62,20 @@ function(add_test_suite suite_name)
         set(data_name ${suite_name})
     endif()
 
-    if(data_name STREQUAL "psa_crypto_not_supported.generated" OR
-       data_name STREQUAL "psa_crypto_storage_format.current" OR
-       data_name STREQUAL "psa_crypto_storage_format.v0")
+    # Get the test names of the tests with generated .data files
+    # from the generated_data_files list in parent scope.
+    set(generated_data_names "")
+    foreach(generated_data_file ${generated_data_files})
+        # Get the plain filename
+        get_filename_component(generated_data_name ${generated_data_file} NAME)
+        # Remove the ".data" extension
+        get_name_without_last_ext(generated_data_name ${generated_data_name})
+        # Remove leading "test_suite_"
+        string(SUBSTRING ${generated_data_name} 11 -1 generated_data_name)
+        list(APPEND generated_data_names ${generated_data_name})
+    endforeach()
+
+    if(";${generated_data_names};" MATCHES ";${data_name};")
         set(data_file
             ${CMAKE_CURRENT_BINARY_DIR}/suites/test_suite_${data_name}.data)
     else()

From d64f4b249c62954da87648bbb7e26f1980a6615c Mon Sep 17 00:00:00 2001
From: David Horstmann <david.horstmann@arm.com>
Date: Wed, 20 Oct 2021 12:29:47 +0100
Subject: [PATCH 787/966] Fix assorted spelling and wording issues

Signed-off-by: David Horstmann <david.horstmann@arm.com>
---
 programs/ssl/CMakeLists.txt      | 4 ++--
 programs/test/CMakeLists.txt     | 2 +-
 scripts/generate_query_config.pl | 2 +-
 tests/scripts/all.sh             | 4 ++--
 4 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/programs/ssl/CMakeLists.txt b/programs/ssl/CMakeLists.txt
index e8d2865d9e..066940e91b 100644
--- a/programs/ssl/CMakeLists.txt
+++ b/programs/ssl/CMakeLists.txt
@@ -19,10 +19,10 @@ set(executables
 )
 
 if(DEV_MODE)
-    # Inform CMake the the following file will be generated as part of the build
+    # Inform CMake that the following file will be generated as part of the build
     # process, so it doesn't complain that it doesn't exist yet. Starting from
     # CMake 3.20, this will no longer be necessary as CMake will automatically
-    # propagate this information accross the tree, for now it's only visible
+    # propagate this information across the tree, for now it's only visible
     # inside the same directory, so we need to propagate manually.
     set_source_files_properties(
         ${CMAKE_CURRENT_BINARY_DIR}/../test/query_config.c
diff --git a/programs/test/CMakeLists.txt b/programs/test/CMakeLists.txt
index 053b03c952..94331b8c7b 100644
--- a/programs/test/CMakeLists.txt
+++ b/programs/test/CMakeLists.txt
@@ -44,7 +44,7 @@ if(DEV_MODE)
             ${CMAKE_CURRENT_SOURCE_DIR}/../../include/mbedtls/mbedtls_config.h
             ${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/data_files/query_config.fmt
     )
-    # this file will also be used in anoter directory, so create a target, see
+    # this file will also be used in another directory, so create a target, see
     # https://gitlab.kitware.com/cmake/community/-/wikis/FAQ#how-can-i-add-a-dependency-to-a-source-file-which-is-generated-in-a-subdirectory
     add_custom_target(generate_query_config_c
         DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/query_config.c)
diff --git a/scripts/generate_query_config.pl b/scripts/generate_query_config.pl
index eab986afad..b565024719 100755
--- a/scripts/generate_query_config.pl
+++ b/scripts/generate_query_config.pl
@@ -50,7 +50,7 @@ if( @ARGV ) {
     unless( -f $config_file && -f $query_config_format_file ) {
         chdir '..' or die;
         -f $config_file && -f $query_config_format_file
-          or die "Without arguments, must be run from root or a subdirectory\n";
+          or die "No arguments supplied, must be run from project root or a first-level subdirectory\n";
     }
 }
 
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index d3fba17877..f0e9a7d6c0 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -1004,10 +1004,10 @@ component_test_ref_configs () {
     # However this doesn't work as the generation script expects a specific
     # format for mbedtls_config.h, which the other files don't follow. Also,
     # cmake can't know this, but re-generation is actually not necessary as
-    # the generated files only depend on the list of availabe options, not
+    # the generated files only depend on the list of available options, not
     # whether they're on or off. So, disable cmake's (over-sensitive here)
     # dependency resolution for generated files and just rely on them being
-    # present (thanks for pre_generate_files) by turning DEV_MODE off.
+    # present (thanks to pre_generate_files) by turning DEV_MODE off.
     CC=gcc cmake -D DEV_MODE=Off -D CMAKE_BUILD_TYPE:String=Asan .
     tests/scripts/test-ref-configs.pl
 }

From ff0a3b3aa6d1c55f0beec9b59ff7284a97e50f6d Mon Sep 17 00:00:00 2001
From: David Horstmann <david.horstmann@arm.com>
Date: Wed, 20 Oct 2021 14:04:02 +0100
Subject: [PATCH 788/966] Improve error message in generate_query_config.pl

Add usage information to the ARGV-incorrect-length error
message in generate_query_config.pl. A plain usage message
looks a bit incongruous when raised as an error, but the
error message alone is unhelpful.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
---
 scripts/generate_query_config.pl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/generate_query_config.pl b/scripts/generate_query_config.pl
index b565024719..7855c7caa4 100755
--- a/scripts/generate_query_config.pl
+++ b/scripts/generate_query_config.pl
@@ -37,7 +37,7 @@ use strict;
 my ($config_file, $query_config_format_file, $query_config_file);
 
 if( @ARGV ) {
-    die "Invalid number of arguments" if scalar @ARGV != 3;
+    die "Invalid number of arguments - usage: $0 [CONFIG_FILE TEMPLATE_FILE OUTPUT_FILE]" if scalar @ARGV != 3;
     ($config_file, $query_config_format_file, $query_config_file) = @ARGV;
 
     -f $config_file or die "No such file: $config_file";

From 7570d24d3d9336aa57373b4b71cadfae9074e422 Mon Sep 17 00:00:00 2001
From: David Horstmann <david.horstmann@arm.com>
Date: Wed, 20 Oct 2021 16:27:24 +0100
Subject: [PATCH 789/966] Fix issue with DEV_MODE=OFF case

When DEV_MODE=OFF, link_to_source() was being called with
a full path in the build directory, rather than just a base
name starting at "suites/" as was intended. Fix this by
generating a list of base names and using that for
link_to_source(), then deriving full paths afterwards.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
---
 tests/CMakeLists.txt | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index d25f77239c..53692465b7 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -16,15 +16,22 @@ endif()
 # generated .data files will go there
 file(MAKE_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}/suites)
 
+# Get base names for generated files (starting at "suites/")
 execute_process(
     COMMAND
         ${CMAKE_CURRENT_SOURCE_DIR}/../tests/scripts/generate_psa_tests.py
         --list-for-cmake
-        --directory ${CMAKE_CURRENT_BINARY_DIR}/suites
+        --directory suites
     WORKING_DIRECTORY
         ${CMAKE_CURRENT_SOURCE_DIR}/..
     OUTPUT_VARIABLE
-        generated_data_files)
+        base_generated_data_files)
+
+# Derive generated file paths in the build directory
+set(generated_data_files "")
+foreach(file ${base_generated_data_files})
+    list(APPEND generated_data_files ${CMAKE_CURRENT_BINARY_DIR}/${file})
+endforeach()
 
 if(DEV_MODE)
     add_custom_command(
@@ -43,7 +50,7 @@ if(DEV_MODE)
             ${CMAKE_CURRENT_SOURCE_DIR}/../include/psa/crypto_extra.h
     )
 else()
-    foreach(file ${generated_data_files})
+    foreach(file ${base_generated_data_files})
         link_to_source(${file})
     endforeach()
 endif()

From f602eb19bacaa5d411b1ccf000db361ca3b1c468 Mon Sep 17 00:00:00 2001
From: David Horstmann <david.horstmann@arm.com>
Date: Wed, 20 Oct 2021 16:40:56 +0100
Subject: [PATCH 790/966] Add comment explaining generate_psa_code.py

Explain that the output filename is derived from the -d
argument, so that it's obvious why the CMakefile code
does what it does.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
---
 tests/CMakeLists.txt | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index 53692465b7..c884769682 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -92,6 +92,8 @@ function(add_test_suite suite_name)
 
     add_custom_command(
         OUTPUT
+            # The output filename of generate_test_code.py is derived from the -d
+            # input argument.
             test_suite_${data_name}.c
         COMMAND
             ${MBEDTLS_PYTHON_EXECUTABLE}

From 3e30ad9b0d8ec230f490088ddd7273e7d592abcf Mon Sep 17 00:00:00 2001
From: David Horstmann <david.horstmann@arm.com>
Date: Wed, 20 Oct 2021 16:53:58 +0100
Subject: [PATCH 791/966] Use MBEDTLS_PYTHON_EXECUTABLE

Change one occurrence of ${PYTHON} to ${MBEDTLS_PYTHON_EXECUTABLE}
and add implied ${MBEDTLS_PYTHON_EXECUTABLE} to the start of a
different command.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
---
 programs/psa/CMakeLists.txt | 2 +-
 tests/CMakeLists.txt        | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/programs/psa/CMakeLists.txt b/programs/psa/CMakeLists.txt
index c5d0d28dd4..fd8eeea783 100644
--- a/programs/psa/CMakeLists.txt
+++ b/programs/psa/CMakeLists.txt
@@ -9,7 +9,7 @@ if(DEV_MODE)
         OUTPUT
             ${CMAKE_CURRENT_BINARY_DIR}/psa_constant_names_generated.c
         COMMAND
-            ${PYTHON}
+            ${MBEDTLS_PYTHON_EXECUTABLE}
                 ${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/generate_psa_constants.py
                 ${CMAKE_CURRENT_BINARY_DIR}
         WORKING_DIRECTORY
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index c884769682..0bd94baa27 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -19,6 +19,7 @@ file(MAKE_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}/suites)
 # Get base names for generated files (starting at "suites/")
 execute_process(
     COMMAND
+        ${MBEDTLS_PYTHON_EXECUTABLE}
         ${CMAKE_CURRENT_SOURCE_DIR}/../tests/scripts/generate_psa_tests.py
         --list-for-cmake
         --directory suites

From a8d14061073055ce619b2e254cb8f5e5e827ac0d Mon Sep 17 00:00:00 2001
From: David Horstmann <david.horstmann@arm.com>
Date: Wed, 20 Oct 2021 17:14:23 +0100
Subject: [PATCH 792/966] Rename DEV_MODE to GEN_FILES

GEN_FILES is a bit clearer as it describes what the setting
does more precisely.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
---
 CMakeLists.txt               | 2 +-
 library/CMakeLists.txt       | 2 +-
 programs/psa/CMakeLists.txt  | 4 ++--
 programs/ssl/CMakeLists.txt  | 4 ++--
 programs/test/CMakeLists.txt | 2 +-
 tests/CMakeLists.txt         | 2 +-
 tests/scripts/all.sh         | 4 ++--
 7 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 9c34da9228..b0ece2a0ea 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -46,7 +46,7 @@ option(ENABLE_PROGRAMS "Build mbed TLS programs." ON)
 
 option(UNSAFE_BUILD "Allow unsafe builds. These builds ARE NOT SECURE." OFF)
 option(MBEDTLS_FATAL_WARNINGS "Compiler warnings treated as errors" ON)
-option(DEV_MODE "Development mode: (re)generate some files as needed" ON)
+option(GEN_FILES "Generate the auto-generated files as needed" ON)
 
 string(REGEX MATCH "Clang" CMAKE_COMPILER_IS_CLANG "${CMAKE_C_COMPILER_ID}")
 string(REGEX MATCH "GNU" CMAKE_COMPILER_IS_GNU "${CMAKE_C_COMPILER_ID}")
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index f3b93fbdff..18aff5af39 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -109,7 +109,7 @@ set(src_tls
     ssl_tls13_generic.c
 )
 
-if(DEV_MODE)
+if(GEN_FILES)
     find_package(Perl REQUIRED)
 
     file(GLOB error_headers ${CMAKE_CURRENT_SOURCE_DIR}/../include/mbedtls/*.h)
diff --git a/programs/psa/CMakeLists.txt b/programs/psa/CMakeLists.txt
index fd8eeea783..26ca73c185 100644
--- a/programs/psa/CMakeLists.txt
+++ b/programs/psa/CMakeLists.txt
@@ -4,7 +4,7 @@ set(executables
     psa_constant_names
 )
 
-if(DEV_MODE)
+if(GEN_FILES)
     add_custom_command(
         OUTPUT
             ${CMAKE_CURRENT_BINARY_DIR}/psa_constant_names_generated.c
@@ -30,7 +30,7 @@ foreach(exe IN LISTS executables)
 endforeach()
 
 target_include_directories(psa_constant_names PRIVATE ${CMAKE_CURRENT_BINARY_DIR})
-if(DEV_MODE)
+if(GEN_FILES)
     add_custom_target(generate_psa_constant_names_generated_c
         DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/psa_constant_names_generated.c)
     add_dependencies(psa_constant_names generate_psa_constant_names_generated_c)
diff --git a/programs/ssl/CMakeLists.txt b/programs/ssl/CMakeLists.txt
index 066940e91b..280bbcf3d2 100644
--- a/programs/ssl/CMakeLists.txt
+++ b/programs/ssl/CMakeLists.txt
@@ -18,7 +18,7 @@ set(executables
     ssl_server2
 )
 
-if(DEV_MODE)
+if(GEN_FILES)
     # Inform CMake that the following file will be generated as part of the build
     # process, so it doesn't complain that it doesn't exist yet. Starting from
     # CMake 3.20, this will no longer be necessary as CMake will automatically
@@ -42,7 +42,7 @@ foreach(exe IN LISTS executables)
     target_link_libraries(${exe} ${libs})
     target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
     if(exe STREQUAL "ssl_client2" OR exe STREQUAL "ssl_server2")
-        if(DEV_MODE)
+        if(GEN_FILES)
             add_dependencies(${exe} generate_query_config_c)
         endif()
         target_include_directories(${exe}
diff --git a/programs/test/CMakeLists.txt b/programs/test/CMakeLists.txt
index 94331b8c7b..142a831667 100644
--- a/programs/test/CMakeLists.txt
+++ b/programs/test/CMakeLists.txt
@@ -27,7 +27,7 @@ if(TEST_CPP)
     target_link_libraries(cpp_dummy_build ${mbedcrypto_target})
 endif()
 
-if(DEV_MODE)
+if(GEN_FILES)
     find_package(Perl REQUIRED)
 
     add_custom_command(
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index 0bd94baa27..41dceed939 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -34,7 +34,7 @@ foreach(file ${base_generated_data_files})
     list(APPEND generated_data_files ${CMAKE_CURRENT_BINARY_DIR}/${file})
 endforeach()
 
-if(DEV_MODE)
+if(GEN_FILES)
     add_custom_command(
         OUTPUT
             ${generated_data_files}
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index f0e9a7d6c0..595b1baf91 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -1007,8 +1007,8 @@ component_test_ref_configs () {
     # the generated files only depend on the list of available options, not
     # whether they're on or off. So, disable cmake's (over-sensitive here)
     # dependency resolution for generated files and just rely on them being
-    # present (thanks to pre_generate_files) by turning DEV_MODE off.
-    CC=gcc cmake -D DEV_MODE=Off -D CMAKE_BUILD_TYPE:String=Asan .
+    # present (thanks to pre_generate_files) by turning GEN_FILES off.
+    CC=gcc cmake -D GEN_FILES=Off -D CMAKE_BUILD_TYPE:String=Asan .
     tests/scripts/test-ref-configs.pl
 }
 

From 65d8c69e80734454204c9dcc1a3c11a4a8cbf63d Mon Sep 17 00:00:00 2001
From: David Horstmann <david.horstmann@arm.com>
Date: Thu, 21 Oct 2021 16:09:51 +0100
Subject: [PATCH 793/966] Remove unnecessary check for ';' in filenames

The Makefiles already assume that filenames don't contain
special characters anyway, so we don't need to check this
in generate_psa_tests.py.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
---
 tests/scripts/generate_psa_tests.py | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/tests/scripts/generate_psa_tests.py b/tests/scripts/generate_psa_tests.py
index 16e27ee6bb..1e5d2041b5 100755
--- a/tests/scripts/generate_psa_tests.py
+++ b/tests/scripts/generate_psa_tests.py
@@ -715,11 +715,8 @@ def main(args):
     # List in a cmake list format (i.e. ';'-separated)
     if options.list_for_cmake:
         filenames = []
-        for name in sorted(generator.TARGETS):
-            if ';' in generator.filename_for(name):
-                raise ValueError('Cannot pass filename containing \';\' to cmake: ' + name)
-            filenames.append(generator.filename_for(name))
-        print(';'.join(filenames), end='')
+        print(';'.join(generator.filename_for(name)
+                       for name in sorted(generator.TARGETS)), end='')
         return
     if options.targets:
         # Allow "-" as a special case so you can run

From 774965188a1012e57730e8f18e095eb837b9d94a Mon Sep 17 00:00:00 2001
From: David Horstmann <david.horstmann@arm.com>
Date: Thu, 21 Oct 2021 19:45:52 +0100
Subject: [PATCH 794/966] Turn GEN_FILES off by default on windows

If on windows, turn off GEN_FILES as it does not currently
work (for reasons unknown).

Note: The WIN32 variable is "True on windows systems,
including win64", as one would expect.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
---
 CMakeLists.txt | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index b0ece2a0ea..cd990abe88 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -46,7 +46,11 @@ option(ENABLE_PROGRAMS "Build mbed TLS programs." ON)
 
 option(UNSAFE_BUILD "Allow unsafe builds. These builds ARE NOT SECURE." OFF)
 option(MBEDTLS_FATAL_WARNINGS "Compiler warnings treated as errors" ON)
-option(GEN_FILES "Generate the auto-generated files as needed" ON)
+if(WIN32)
+    option(GEN_FILES "Generate the auto-generated files as needed" OFF)
+else()
+    option(GEN_FILES "Generate the auto-generated files as needed" ON)
+endif()
 
 string(REGEX MATCH "Clang" CMAKE_COMPILER_IS_CLANG "${CMAKE_C_COMPILER_ID}")
 string(REGEX MATCH "GNU" CMAKE_COMPILER_IS_GNU "${CMAKE_C_COMPILER_ID}")

From 48a05536841b15b22f2d8c54892a5bb75a24304b Mon Sep 17 00:00:00 2001
From: David Horstmann <david.horstmann@arm.com>
Date: Fri, 22 Oct 2021 15:10:46 +0100
Subject: [PATCH 795/966] Document the CMake generated files capability

Add a line in the README explaining that CMake will generate
the files it needs automatically on non-Windows systems
when not cross-compiling.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index dbe6a2325e..e6924cbe1d 100644
--- a/README.md
+++ b/README.md
@@ -67,6 +67,7 @@ If you are cross-compiling, you must set the `CC` environment variable to a C co
 Any of the following methods are available to generate the configuration-independent files:
 
 * If not cross-compiling, running `make` with any target, or just `make`, will automatically generate required files.
+* On non-Windows systems, when not cross-compiling, CMake will generate the required files automatically.
 * Run `make generated_files` to generate all the configuration-independent files.
 * On Unix/POSIX systems, run `tests/scripts/check-generated-files.sh -u` to generate all the configuration-independent files.
 * On Windows, run `scripts\make_generated_files.bat` to generate all the configuration-independent files.

From 3ee10e841e1ff1398ae9ecebd85c4ad5455d9e14 Mon Sep 17 00:00:00 2001
From: David Horstmann <david.horstmann@arm.com>
Date: Fri, 22 Oct 2021 18:22:11 +0100
Subject: [PATCH 796/966] Fix unused variable in generate_psa_tests.py

Remove the newly-unused variable that became unused in
a previous commit.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
---
 tests/scripts/generate_psa_tests.py | 1 -
 1 file changed, 1 deletion(-)

diff --git a/tests/scripts/generate_psa_tests.py b/tests/scripts/generate_psa_tests.py
index 1e5d2041b5..39fb210278 100755
--- a/tests/scripts/generate_psa_tests.py
+++ b/tests/scripts/generate_psa_tests.py
@@ -714,7 +714,6 @@ def main(args):
         return
     # List in a cmake list format (i.e. ';'-separated)
     if options.list_for_cmake:
-        filenames = []
         print(';'.join(generator.filename_for(name)
                        for name in sorted(generator.TARGETS)), end='')
         return

From 2c1442ebc03e7fb3ea3012876f964d4c90a5b2b2 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Mon, 26 Jul 2021 20:20:54 +0200
Subject: [PATCH 797/966] New sample program to benchmark certificate loading

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 programs/.gitignore          |   1 +
 programs/Makefile            |   5 +
 programs/x509/CMakeLists.txt |   1 +
 programs/x509/load_roots.c   | 203 +++++++++++++++++++++++++++++++++++
 4 files changed, 210 insertions(+)
 create mode 100644 programs/x509/load_roots.c

diff --git a/programs/.gitignore b/programs/.gitignore
index d8eb6baa03..deb104a401 100644
--- a/programs/.gitignore
+++ b/programs/.gitignore
@@ -69,6 +69,7 @@ x509/cert_app
 x509/cert_req
 x509/cert_write
 x509/crl_app
+x509/load_roots
 x509/req_app
 
 # Generated data files
diff --git a/programs/Makefile b/programs/Makefile
index 02eb5a1430..7f9d11e80d 100644
--- a/programs/Makefile
+++ b/programs/Makefile
@@ -110,6 +110,7 @@ APPS = \
 	x509/cert_req \
 	x509/cert_write \
 	x509/crl_app \
+	x509/load_roots \
 	x509/req_app \
 # End of APPS
 
@@ -387,6 +388,10 @@ x509/cert_req$(EXEXT): x509/cert_req.c $(DEP)
 	echo "  CC    x509/cert_req.c"
 	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) x509/cert_req.c    $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
 
+x509/load_roots$(EXEXT): x509/load_roots.c $(DEP)
+	echo "  CC    x509/load_roots.c"
+	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) x509/load_roots.c    $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
 x509/req_app$(EXEXT): x509/req_app.c $(DEP)
 	echo "  CC    x509/req_app.c"
 	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) x509/req_app.c    $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
diff --git a/programs/x509/CMakeLists.txt b/programs/x509/CMakeLists.txt
index a04fa8bcf8..5876b8d21d 100644
--- a/programs/x509/CMakeLists.txt
+++ b/programs/x509/CMakeLists.txt
@@ -7,6 +7,7 @@ set(executables
     cert_req
     cert_write
     crl_app
+    load_roots
     req_app
 )
 
diff --git a/programs/x509/load_roots.c b/programs/x509/load_roots.c
new file mode 100644
index 0000000000..cb168126a2
--- /dev/null
+++ b/programs/x509/load_roots.c
@@ -0,0 +1,203 @@
+/*
+ *  Root CA reading application
+ *
+ *  Copyright The Mbed TLS Contributors
+ *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ *  This file is provided under the Apache License 2.0, or the
+ *  GNU General Public License v2.0 or later.
+ *
+ *  **********
+ *  Apache License 2.0:
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  **********
+ *
+ *  **********
+ *  GNU General Public License v2.0 or later:
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License along
+ *  with this program; if not, write to the Free Software Foundation, Inc.,
+ *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ *  **********
+ */
+
+#include "mbedtls/build_info.h"
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#include <stdlib.h>
+#define mbedtls_time            time
+#define mbedtls_time_t          time_t
+#define mbedtls_fprintf         fprintf
+#define mbedtls_printf          printf
+#define mbedtls_exit            exit
+#define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
+
+#if !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_FS_IO) ||  \
+    !defined(MBEDTLS_TIMING_C)
+int main( void )
+{
+    mbedtls_printf("MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_FS_IO and/or "
+           "MBEDTLS_TIMING_C not defined.\n");
+    mbedtls_exit( 0 );
+}
+#else
+
+#include "mbedtls/error.h"
+#include "mbedtls/timing.h"
+#include "mbedtls/x509_crt.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#define DFL_ITERATIONS          1
+#define DFL_PRIME_CACHE         1
+
+#define USAGE \
+    "\n usage: load_roots param=<>... [--] {FILE|DIR}...\n"   \
+    "\n acceptable parameters:\n"                       \
+    "    iterations=%%d        Iteration count (not including cache priming); default: 1\n"  \
+    "    prime=%%d             Prime the disk read cache? Default: 1 (yes)\n"  \
+    "\n"
+
+
+/*
+ * global options
+ */
+struct options
+{
+    const char **filenames;     /* NULL-terminated list of file names */
+    unsigned iterations;        /* Number of iterations to time */
+    int prime_cache;            /* Prime the disk read cache? */
+} opt;
+
+
+int read_certificates( const char *const *filenames )
+{
+    mbedtls_x509_crt cas;
+    int ret = 0;
+    const char *const *cur;
+    char error_message[200];
+
+    mbedtls_x509_crt_init( &cas );
+
+    for( cur = filenames; *cur != NULL; cur++ )
+    {
+        ret = mbedtls_x509_crt_parse_file( &cas, *cur );
+        if( ret != 0 )
+        {
+            mbedtls_strerror( ret, error_message, sizeof( error_message ) );
+            printf( "\n%s: -0x%04x (%s)\n", *cur, -ret, error_message );
+            goto exit;
+        }
+    }
+
+exit:
+    mbedtls_x509_crt_free( &cas );
+    return( ret == 0 );
+}
+
+int main( int argc, char *argv[] )
+{
+    int exit_code = MBEDTLS_EXIT_FAILURE;
+    unsigned i, j;
+    struct mbedtls_timing_hr_time timer;
+    unsigned long ms;
+
+    if( argc == 0 )
+    {
+        mbedtls_printf( USAGE );
+        goto exit;
+    }
+
+    opt.filenames = NULL;
+    opt.iterations = DFL_ITERATIONS;
+    opt.prime_cache = DFL_PRIME_CACHE;
+
+    for( i = 1; i < (unsigned) argc; i++ )
+    {
+        char *p = argv[i];
+        char *q = NULL;
+
+        if( strcmp( p, "--" ) == 0 )
+            break;
+        if( ( q = strchr( p, '=' ) ) == NULL )
+            break;
+        *q++ = '\0';
+
+        for( j = 0; p + j < q; j++ )
+        {
+            if( argv[i][j] >= 'A' && argv[i][j] <= 'Z' )
+                argv[i][j] |= 0x20;
+        }
+
+        if( strcmp( p, "iterations" ) == 0 )
+        {
+            opt.iterations = atoi( q );
+        }
+        else if( strcmp( p, "prime" ) == 0 )
+        {
+            opt.iterations = atoi( q ) != 0;
+        }
+        else
+            mbedtls_printf( "Unknown option: %s\n", p );
+    }
+
+    opt.filenames = (const char**) argv + i;
+    if( *opt.filenames == 0 )
+    {
+        mbedtls_printf( "Missing list of certificate files to parse\n" );
+        goto exit;
+    }
+
+    mbedtls_printf( "Parsing %u certificates", argc - i );
+    if( opt.prime_cache )
+    {
+        if( ! read_certificates( opt.filenames ) )
+            goto exit;
+        mbedtls_printf( " " );
+    }
+
+    (void) mbedtls_timing_get_timer( &timer, 1 );
+    for( i = 1; i <= opt.iterations; i++ )
+    {
+        if( ! read_certificates( opt.filenames ) )
+            goto exit;
+        mbedtls_printf( "." );
+    }
+    ms = mbedtls_timing_get_timer( &timer, 0 );
+    mbedtls_printf( "\n%u iterations -> %lu ms\n", opt.iterations, ms );
+    exit_code = MBEDTLS_EXIT_SUCCESS;
+
+exit:
+    mbedtls_exit( exit_code );
+}
+#endif /* necessary configuration */

From b553eaabeac6cc4a08676accfaad5458bf47c7f7 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Wed, 28 Jul 2021 11:33:04 +0200
Subject: [PATCH 798/966] Base64 decoding: don't use the table for '='

Base64 decoding uses equality comparison tests for characters that don't
leak information about the content of the data other than its length, such
as whitespace. Do this with '=' as well, since it only reveals information
about the length. This way the table lookup can focus on character validity
and decoding value.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 library/base64.c | 64 +++++++++++++++++++-----------------------------
 1 file changed, 25 insertions(+), 39 deletions(-)

diff --git a/library/base64.c b/library/base64.c
index 9cf5dd41d4..8b818c86a8 100644
--- a/library/base64.c
+++ b/library/base64.c
@@ -54,7 +54,7 @@ static const unsigned char base64_dec_map[128] =
     127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
     127, 127, 127,  62, 127, 127, 127,  63,  52,  53,
      54,  55,  56,  57,  58,  59,  60,  61, 127, 127,
-    127,  64, 127, 127, 127,   0,   1,   2,   3,   4,
+    127, 127, 127, 127, 127,   0,   1,   2,   3,   4,
       5,   6,   7,   8,   9,  10,  11,  12,  13,  14,
      15,  16,  17,  18,  19,  20,  21,  22,  23,  24,
      25, 127, 127, 127, 127, 127, 127,  26,  27,  28,
@@ -90,31 +90,6 @@ static void mbedtls_base64_cond_assign_uchar( unsigned char * dest, const unsign
     *dest = ( ( *src ) & mask ) | ( ( *dest ) & ~mask );
 }
 
-/*
- * Constant flow conditional assignment to uint_32
- */
-static void mbedtls_base64_cond_assign_uint32( uint32_t * dest, const uint32_t src,
-                                       uint32_t condition )
-{
-    /* MSVC has a warning about unary minus on unsigned integer types,
-     * but this is well-defined and precisely what we want to do here. */
-#if defined(_MSC_VER)
-#pragma warning( push )
-#pragma warning( disable : 4146 )
-#endif
-
-    /* Generate bitmask from condition, mask will either be 0xFFFFFFFF or 0 */
-    uint32_t mask = ( condition | -condition );
-    mask >>= 31;
-    mask = -mask;
-
-#if defined(_MSC_VER)
-#pragma warning( pop )
-#endif
-
-    *dest = ( src & mask ) | ( ( *dest ) & ~mask );
-}
-
 /*
  * Constant flow check for equality
  */
@@ -273,17 +248,22 @@ int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen,
         if( x != 0 )
             return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
 
-        if( src[i] == '=' && ++j > 2 )
-            return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
-
-        dec_map_lookup = mbedtls_base64_table_lookup( base64_dec_map, sizeof( base64_dec_map ), src[i] );
-
-        if( src[i] > 127 || dec_map_lookup == 127 )
-            return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
-
-        if( dec_map_lookup < 64 && j != 0 )
+        if( src[i] > 127 )
             return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
 
+        if( src[i] == '=' )
+        {
+            if( ++j > 2 )
+                return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
+        }
+        else
+        {
+            if( j != 0 )
+                return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
+            dec_map_lookup = mbedtls_base64_table_lookup( base64_dec_map, sizeof( base64_dec_map ), src[i] );
+            if( dec_map_lookup == 127 )
+                return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
+        }
         n++;
     }
 
@@ -311,10 +291,16 @@ int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen,
         if( *src == '\r' || *src == '\n' || *src == ' ' )
             continue;
 
-        dec_map_lookup = mbedtls_base64_table_lookup( base64_dec_map, sizeof( base64_dec_map ), *src );
-
-        mbedtls_base64_cond_assign_uint32( &j, j - 1, mbedtls_base64_eq( dec_map_lookup, 64 ) );
-        x  = ( x << 6 ) | ( dec_map_lookup & 0x3F );
+        if( *src == '=' )
+        {
+            --j;
+            x = x << 6;
+        }
+        else
+        {
+            dec_map_lookup = mbedtls_base64_table_lookup( base64_dec_map, sizeof( base64_dec_map ), *src );
+            x  = ( x << 6 ) | ( dec_map_lookup & 0x3F );
+        }
 
         if( ++n == 4 )
         {

From ab043350525833314b5a2e6d0d2efcd6510a8142 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Wed, 28 Jul 2021 13:54:02 +0200
Subject: [PATCH 799/966] Base64 decoding: use ranges instead of tables

Instead of doing constant-flow table lookup, which requires 128 memory loads
for each lookup into a 128-entry table, do a range-based calculation, which
requires more CPU instructions per range but there are only 5 ranges.

Experimentally, this is ~12x faster on my PC (based on
programs/x509/load_roots). The code is slightly smaller, too.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 library/base64.c | 64 +++++++++++++++++++++++++++++++-----------------
 1 file changed, 42 insertions(+), 22 deletions(-)

diff --git a/library/base64.c b/library/base64.c
index 8b818c86a8..7d9ddf9cd8 100644
--- a/library/base64.c
+++ b/library/base64.c
@@ -46,23 +46,6 @@ static const unsigned char base64_enc_map[64] =
     '8', '9', '+', '/'
 };
 
-static const unsigned char base64_dec_map[128] =
-{
-    127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
-    127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
-    127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
-    127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
-    127, 127, 127,  62, 127, 127, 127,  63,  52,  53,
-     54,  55,  56,  57,  58,  59,  60,  61, 127, 127,
-    127, 127, 127, 127, 127,   0,   1,   2,   3,   4,
-      5,   6,   7,   8,   9,  10,  11,  12,  13,  14,
-     15,  16,  17,  18,  19,  20,  21,  22,  23,  24,
-     25, 127, 127, 127, 127, 127, 127,  26,  27,  28,
-     29,  30,  31,  32,  33,  34,  35,  36,  37,  38,
-     39,  40,  41,  42,  43,  44,  45,  46,  47,  48,
-     49,  50,  51, 127, 127, 127, 127, 127
-};
-
 #define BASE64_SIZE_T_MAX   ( (size_t) -1 ) /* SIZE_T_MAX is not standard */
 
 /*
@@ -133,6 +116,18 @@ static unsigned char mbedtls_base64_table_lookup( const unsigned char * const ta
     return result;
 }
 
+/* Return 0xff if low <= c <= high, 0 otherwise.
+ *
+ * Constant flow with respect to c.
+ */
+static unsigned char mask_of_range( unsigned char low, unsigned char high,
+                                    unsigned char c )
+{
+    unsigned low_mask = ( c - low ) >> 8;
+    unsigned high_mask = ( c - high - 1 ) >> 8;
+    return( ~low_mask & high_mask & 0xff );
+}
+
 /*
  * Encode a buffer into base64 format
  */
@@ -211,6 +206,34 @@ int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen,
     return( 0 );
 }
 
+/* Given a Base64 digit, return its value.
+ * If c is not a Base64 digit ('A'..'Z', 'a'..'z', '0'..'9', '+' or '/'),
+ * return -1.
+ *
+ * The implementation assumes that letters are consecutive (e.g. ASCII
+ * but not EBCDIC).
+ *
+ * The implementation is constant-flow (no branch or memory access depending
+ * on the value of c) unless the compiler inlines and optimizes a specific
+ * access.
+ */
+static signed char dec_value( unsigned char c )
+{
+    unsigned char val = 0;
+    /* For each range of digits, if c is in that range, mask val with
+     * the corresponding value. Since c can only be in a single range,
+     * only at most one masking will change val. Set val to one plus
+     * the desired value so that it stays 0 if c is in none of the ranges. */
+    val |= mask_of_range( 'A', 'Z', c ) & ( c - 'A' +  0 + 1 );
+    val |= mask_of_range( 'a', 'z', c ) & ( c - 'a' + 26 + 1 );
+    val |= mask_of_range( '0', '9', c ) & ( c - '0' + 52 + 1 );
+    val |= mask_of_range( '+', '+', c ) & ( c - '+' + 62 + 1 );
+    val |= mask_of_range( '/', '/', c ) & ( c - '/' + 63 + 1 );
+    /* At this point, val is 0 if c is an invalid digit and v+1 if c is
+     * a digit with the value v. */
+    return( val - 1 );
+}
+
 /*
  * Decode a base64-formatted buffer
  */
@@ -220,7 +243,6 @@ int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen,
     size_t i, n;
     uint32_t j, x;
     unsigned char *p;
-    unsigned char dec_map_lookup;
 
     /* First pass: check for validity and get output length */
     for( i = n = j = 0; i < slen; i++ )
@@ -260,8 +282,7 @@ int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen,
         {
             if( j != 0 )
                 return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
-            dec_map_lookup = mbedtls_base64_table_lookup( base64_dec_map, sizeof( base64_dec_map ), src[i] );
-            if( dec_map_lookup == 127 )
+            if( dec_value( src[i] ) < 0 )
                 return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
         }
         n++;
@@ -298,8 +319,7 @@ int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen,
         }
         else
         {
-            dec_map_lookup = mbedtls_base64_table_lookup( base64_dec_map, sizeof( base64_dec_map ), *src );
-            x  = ( x << 6 ) | ( dec_map_lookup & 0x3F );
+            x  = ( x << 6 ) | ( dec_value( *src ) & 0x3F );
         }
 
         if( ++n == 4 )

From 1121cd29b65f89186102f82bf3ae0dda24029a63 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Wed, 28 Jul 2021 14:20:06 +0200
Subject: [PATCH 800/966] Base64 decode: simplify local variables

Document what each local variable does when it isn't obvious from the name.
Don't reuse a variable for different purposes.

This commit has very little impact on the generated code (same code size on
a sample Thumb build), although it does fix a theoretical bug that 2^32
spaces inside a line would be ignored instead of treated as an error.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 library/base64.c | 42 +++++++++++++++++++++---------------------
 1 file changed, 21 insertions(+), 21 deletions(-)

diff --git a/library/base64.c b/library/base64.c
index 7d9ddf9cd8..960f778ca1 100644
--- a/library/base64.c
+++ b/library/base64.c
@@ -240,19 +240,22 @@ static signed char dec_value( unsigned char c )
 int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen,
                    const unsigned char *src, size_t slen )
 {
-    size_t i, n;
-    uint32_t j, x;
+    size_t i; /* index in source */
+    size_t n; /* number of digits or trailing = in source */
+    uint32_t x; /* value accumulator */
+    unsigned equals = 0;
+    int spaces_present = 0;
     unsigned char *p;
 
     /* First pass: check for validity and get output length */
-    for( i = n = j = 0; i < slen; i++ )
+    for( i = n = 0; i < slen; i++ )
     {
         /* Skip spaces before checking for EOL */
-        x = 0;
+        spaces_present = 0;
         while( i < slen && src[i] == ' ' )
         {
             ++i;
-            ++x;
+            spaces_present = 1;
         }
 
         /* Spaces at end of buffer are OK */
@@ -267,7 +270,7 @@ int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen,
             continue;
 
         /* Space inside a line is an error */
-        if( x != 0 )
+        if( spaces_present )
             return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
 
         if( src[i] > 127 )
@@ -275,12 +278,12 @@ int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen,
 
         if( src[i] == '=' )
         {
-            if( ++j > 2 )
+            if( ++equals > 2 )
                 return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
         }
         else
         {
-            if( j != 0 )
+            if( equals != 0 )
                 return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
             if( dec_value( src[i] ) < 0 )
                 return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
@@ -299,7 +302,7 @@ int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen,
      *     n = ( ( n * 6 ) + 7 ) >> 3;
      */
     n = ( 6 * ( n >> 3 ) ) + ( ( 6 * ( n & 0x7 ) + 7 ) >> 3 );
-    n -= j;
+    n -= equals;
 
     if( dst == NULL || dlen < n )
     {
@@ -307,27 +310,24 @@ int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen,
         return( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL );
     }
 
-   for( j = 3, n = x = 0, p = dst; i > 0; i--, src++ )
-   {
+    equals = 0;
+    for( n = x = 0, p = dst; i > 0; i--, src++ )
+    {
         if( *src == '\r' || *src == '\n' || *src == ' ' )
             continue;
 
+        x = x << 6;
         if( *src == '=' )
-        {
-            --j;
-            x = x << 6;
-        }
+            ++equals;
         else
-        {
-            x  = ( x << 6 ) | ( dec_value( *src ) & 0x3F );
-        }
+            x |= dec_value( *src );
 
         if( ++n == 4 )
         {
             n = 0;
-            if( j > 0 ) *p++ = MBEDTLS_BYTE_2( x );
-            if( j > 1 ) *p++ = MBEDTLS_BYTE_1( x );
-            if( j > 2 ) *p++ = MBEDTLS_BYTE_0( x );
+            *p++ = MBEDTLS_BYTE_2( x );
+            if( equals <= 1 ) *p++ = MBEDTLS_BYTE_1( x );
+            if( equals <= 0 ) *p++ = MBEDTLS_BYTE_0( x );
         }
     }
 

From 2c4a3686bb822c3c67e1f6157e5087ea6a3bf4db Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Wed, 28 Jul 2021 14:31:39 +0200
Subject: [PATCH 801/966] Base64 encoding: use ranges instead of tables

Instead of doing constant-flow table lookup, which requires 64 memory loads
for each lookup into a 64-entry table, do a range-based calculation, which
requires more CPU instructions per range but there are only 5 ranges.

I expect a significant performance gain (although smaller than for decoding
since the encoding table is half the size), but I haven't measured. Code
size is slightly smaller.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 library/base64.c | 122 ++++++++++-------------------------------------
 1 file changed, 25 insertions(+), 97 deletions(-)

diff --git a/library/base64.c b/library/base64.c
index 960f778ca1..832484f98f 100644
--- a/library/base64.c
+++ b/library/base64.c
@@ -35,87 +35,8 @@
 #endif /* MBEDTLS_PLATFORM_C */
 #endif /* MBEDTLS_SELF_TEST */
 
-static const unsigned char base64_enc_map[64] =
-{
-    'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J',
-    'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T',
-    'U', 'V', 'W', 'X', 'Y', 'Z', 'a', 'b', 'c', 'd',
-    'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n',
-    'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x',
-    'y', 'z', '0', '1', '2', '3', '4', '5', '6', '7',
-    '8', '9', '+', '/'
-};
-
 #define BASE64_SIZE_T_MAX   ( (size_t) -1 ) /* SIZE_T_MAX is not standard */
 
-/*
- * Constant flow conditional assignment to unsigned char
- */
-static void mbedtls_base64_cond_assign_uchar( unsigned char * dest, const unsigned char * const src,
-                                       unsigned char condition )
-{
-    /* MSVC has a warning about unary minus on unsigned integer types,
-     * but this is well-defined and precisely what we want to do here. */
-#if defined(_MSC_VER)
-#pragma warning( push )
-#pragma warning( disable : 4146 )
-#endif
-
-    /* Generate bitmask from condition, mask will either be 0xFF or 0 */
-    unsigned char mask = ( condition | -condition );
-    mask >>= 7;
-    mask = -mask;
-
-#if defined(_MSC_VER)
-#pragma warning( pop )
-#endif
-
-    *dest = ( ( *src ) & mask ) | ( ( *dest ) & ~mask );
-}
-
-/*
- * Constant flow check for equality
- */
-static unsigned char mbedtls_base64_eq( size_t in_a, size_t in_b )
-{
-    size_t difference = in_a ^ in_b;
-
-    /* MSVC has a warning about unary minus on unsigned integer types,
-     * but this is well-defined and precisely what we want to do here. */
-#if defined(_MSC_VER)
-#pragma warning( push )
-#pragma warning( disable : 4146 )
-#endif
-
-    difference |= -difference;
-
-#if defined(_MSC_VER)
-#pragma warning( pop )
-#endif
-
-    /* cope with the varying size of size_t per platform */
-    difference >>= ( sizeof( difference ) * 8 - 1 );
-
-    return (unsigned char) ( 1 ^ difference );
-}
-
-/*
- * Constant flow lookup into table.
- */
-static unsigned char mbedtls_base64_table_lookup( const unsigned char * const table,
-                                                 const size_t table_size, const size_t table_index )
-{
-    size_t i;
-    unsigned char result = 0;
-
-    for( i = 0; i < table_size; ++i )
-    {
-        mbedtls_base64_cond_assign_uchar( &result, &table[i], mbedtls_base64_eq( i, table_index ) );
-    }
-
-    return result;
-}
-
 /* Return 0xff if low <= c <= high, 0 otherwise.
  *
  * Constant flow with respect to c.
@@ -128,6 +49,24 @@ static unsigned char mask_of_range( unsigned char low, unsigned char high,
     return( ~low_mask & high_mask & 0xff );
 }
 
+/* Given a value in the range 0..63, return the corresponding Base64 digit.
+ * The implementation assumes that letters are consecutive (e.g. ASCII
+ * but not EBCDIC).
+ */
+static unsigned char enc_char( unsigned char val )
+{
+    unsigned char digit = 0;
+    /* For each range of values, if val is in that range, mask digit with
+     * the corresponding value. Since val can only be in a single range,
+     * only at most one masking will change digit. */
+    digit |= mask_of_range(  0, 25, val ) & ( 'A' + val );
+    digit |= mask_of_range( 26, 51, val ) & ( 'a' + val - 26 );
+    digit |= mask_of_range( 52, 61, val ) & ( '0' + val - 52 );
+    digit |= mask_of_range( 62, 62, val ) & '+';
+    digit |= mask_of_range( 63, 63, val ) & '/';
+    return( digit );
+}
+
 /*
  * Encode a buffer into base64 format
  */
@@ -168,17 +107,10 @@ int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen,
         C2 = *src++;
         C3 = *src++;
 
-        *p++ = mbedtls_base64_table_lookup( base64_enc_map, sizeof( base64_enc_map ),
-                                            ( ( C1 >> 2 ) & 0x3F ) );
-
-        *p++ = mbedtls_base64_table_lookup( base64_enc_map, sizeof( base64_enc_map ),
-                                            ( ( ( ( C1 &  3 ) << 4 ) + ( C2 >> 4 ) ) & 0x3F ) );
-
-        *p++ = mbedtls_base64_table_lookup( base64_enc_map, sizeof( base64_enc_map ),
-                                            ( ( ( ( C2 & 15 ) << 2 ) + ( C3 >> 6 ) ) & 0x3F ) );
-
-        *p++ = mbedtls_base64_table_lookup( base64_enc_map, sizeof( base64_enc_map ),
-                                            ( C3 & 0x3F ) );
+        *p++ = enc_char( ( C1 >> 2 ) & 0x3F );
+        *p++ = enc_char( ( ( ( C1 &  3 ) << 4 ) + ( C2 >> 4 ) ) & 0x3F );
+        *p++ = enc_char( ( ( ( C2 & 15 ) << 2 ) + ( C3 >> 6 ) ) & 0x3F );
+        *p++ = enc_char( C3 & 0x3F );
     }
 
     if( i < slen )
@@ -186,15 +118,11 @@ int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen,
         C1 = *src++;
         C2 = ( ( i + 1 ) < slen ) ? *src++ : 0;
 
-        *p++ = mbedtls_base64_table_lookup( base64_enc_map, sizeof( base64_enc_map ),
-                                            ( ( C1 >> 2 ) & 0x3F ) );
-
-        *p++ = mbedtls_base64_table_lookup( base64_enc_map, sizeof( base64_enc_map ),
-                                            ( ( ( ( C1 & 3 ) << 4 ) + ( C2 >> 4 ) ) & 0x3F ) );
+        *p++ = enc_char( ( C1 >> 2 ) & 0x3F );
+        *p++ = enc_char( ( ( ( C1 & 3 ) << 4 ) + ( C2 >> 4 ) ) & 0x3F );
 
         if( ( i + 1 ) < slen )
-             *p++ = mbedtls_base64_table_lookup( base64_enc_map, sizeof( base64_enc_map ),
-                                                 ( ( ( C2 & 15 ) << 2 ) & 0x3F ) );
+             *p++ = enc_char( ( ( C2 & 15 ) << 2 ) & 0x3F );
         else *p++ = '=';
 
         *p++ = '=';

From 66884e6dae845e1e57b1c9c6b017cfd8f7856abc Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Wed, 28 Jul 2021 14:37:14 +0200
Subject: [PATCH 802/966] Base64 range-based constant-flow code: changelog
 entry

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 ChangeLog.d/base64-ranges.txt | 4 ++++
 1 file changed, 4 insertions(+)
 create mode 100644 ChangeLog.d/base64-ranges.txt

diff --git a/ChangeLog.d/base64-ranges.txt b/ChangeLog.d/base64-ranges.txt
new file mode 100644
index 0000000000..8ffba2deec
--- /dev/null
+++ b/ChangeLog.d/base64-ranges.txt
@@ -0,0 +1,4 @@
+Changes
+   * Improve the performance of base64 constant-flow code. The result is still
+     slower than the original non-constant-flow implementation, but much faster
+     than the previous constant-flow implemenation. Fixes #4814.

From 67468e81a602b2d74fbaf6e0de7b72f7760dad9b Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Fri, 30 Jul 2021 12:56:21 +0200
Subject: [PATCH 803/966] Base64 decode: simplify local variables (n)

n was used for two different purposes. Give it a different name the second
time. This does not seem to change the generated code when compiling with
optimization for size or performance.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 library/base64.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/library/base64.c b/library/base64.c
index 832484f98f..d33429645b 100644
--- a/library/base64.c
+++ b/library/base64.c
@@ -171,6 +171,7 @@ int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen,
     size_t i; /* index in source */
     size_t n; /* number of digits or trailing = in source */
     uint32_t x; /* value accumulator */
+    unsigned accumulated_digits = 0;
     unsigned equals = 0;
     int spaces_present = 0;
     unsigned char *p;
@@ -239,7 +240,7 @@ int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen,
     }
 
     equals = 0;
-    for( n = x = 0, p = dst; i > 0; i--, src++ )
+    for( x = 0, p = dst; i > 0; i--, src++ )
     {
         if( *src == '\r' || *src == '\n' || *src == ' ' )
             continue;
@@ -250,9 +251,9 @@ int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen,
         else
             x |= dec_value( *src );
 
-        if( ++n == 4 )
+        if( ++accumulated_digits == 4 )
         {
-            n = 0;
+            accumulated_digits = 0;
             *p++ = MBEDTLS_BYTE_2( x );
             if( equals <= 1 ) *p++ = MBEDTLS_BYTE_1( x );
             if( equals <= 0 ) *p++ = MBEDTLS_BYTE_0( x );

From 8635e2301fc2c9232922fce294884de99ea78923 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Fri, 30 Jul 2021 12:57:22 +0200
Subject: [PATCH 804/966] mask_of_range: simplify high comparison

To test c <= high, instead of testing the sign of (high + 1) - c, negate the
sign of high - c (as we're doing for c - low). This is a little easier to
read and shaves 2 instructions off the arm thumb build with
arm-none-eabi-gcc 7.3.1.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 library/base64.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/library/base64.c b/library/base64.c
index d33429645b..6ddd501a4f 100644
--- a/library/base64.c
+++ b/library/base64.c
@@ -44,9 +44,11 @@
 static unsigned char mask_of_range( unsigned char low, unsigned char high,
                                     unsigned char c )
 {
-    unsigned low_mask = ( c - low ) >> 8;
-    unsigned high_mask = ( c - high - 1 ) >> 8;
-    return( ~low_mask & high_mask & 0xff );
+    /* low_mask is: 0 if low <= c, 0x...ff if low > c */
+    unsigned low_mask = ( (unsigned) c - low ) >> 8;
+    /* high_mask is: 0 if c <= high, 0x...ff if high > c */
+    unsigned high_mask = ( (unsigned) high - c ) >> 8;
+    return( ~( low_mask | high_mask ) & 0xff );
 }
 
 /* Given a value in the range 0..63, return the corresponding Base64 digit.

From 618a70ede70eefbe84805ef890ad643af74a58fa Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Fri, 30 Jul 2021 13:00:10 +0200
Subject: [PATCH 805/966] load_roots: arguments must be files

I had originally thought to support directories with
mbedtls_x509_crt_parse_path but it would have complicated the code more than
I cared for. Remove a remnant of the original project in the documentation.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 programs/x509/load_roots.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/programs/x509/load_roots.c b/programs/x509/load_roots.c
index cb168126a2..3ee5485250 100644
--- a/programs/x509/load_roots.c
+++ b/programs/x509/load_roots.c
@@ -82,7 +82,7 @@ int main( void )
 #define DFL_PRIME_CACHE         1
 
 #define USAGE \
-    "\n usage: load_roots param=<>... [--] {FILE|DIR}...\n"   \
+    "\n usage: load_roots param=<>... [--] FILE...\n"   \
     "\n acceptable parameters:\n"                       \
     "    iterations=%%d        Iteration count (not including cache priming); default: 1\n"  \
     "    prime=%%d             Prime the disk read cache? Default: 1 (yes)\n"  \

From 01997e119f5c3d76c949f59420df0c339ce88c35 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Fri, 30 Jul 2021 13:01:36 +0200
Subject: [PATCH 806/966] load_roots: fix no-argument detection

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 programs/x509/load_roots.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/programs/x509/load_roots.c b/programs/x509/load_roots.c
index 3ee5485250..2dff951756 100644
--- a/programs/x509/load_roots.c
+++ b/programs/x509/load_roots.c
@@ -132,7 +132,7 @@ int main( int argc, char *argv[] )
     struct mbedtls_timing_hr_time timer;
     unsigned long ms;
 
-    if( argc == 0 )
+    if( argc <= 1 )
     {
         mbedtls_printf( USAGE );
         goto exit;

From 9a2114ca574658fd200d0e966ebf7064e531dc8f Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Fri, 30 Jul 2021 13:01:52 +0200
Subject: [PATCH 807/966] load_roots: properly error out on an invalid option

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 programs/x509/load_roots.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/programs/x509/load_roots.c b/programs/x509/load_roots.c
index 2dff951756..7e52957d8a 100644
--- a/programs/x509/load_roots.c
+++ b/programs/x509/load_roots.c
@@ -168,7 +168,11 @@ int main( int argc, char *argv[] )
             opt.iterations = atoi( q ) != 0;
         }
         else
+        {
             mbedtls_printf( "Unknown option: %s\n", p );
+            mbedtls_printf( USAGE );
+            goto exit;
+        }
     }
 
     opt.filenames = (const char**) argv + i;

From d7d3279fdf42c38f392653bfeed1b8f1bed822a8 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Tue, 3 Aug 2021 12:19:30 +0200
Subject: [PATCH 808/966] Expose internal base64 functions for testing

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 include/mbedtls/base64.h | 10 ++++++++
 library/base64.c         | 53 +++++++++++++++++++++++-----------------
 2 files changed, 40 insertions(+), 23 deletions(-)

diff --git a/include/mbedtls/base64.h b/include/mbedtls/base64.h
index 8378589f31..f6f755913d 100644
--- a/include/mbedtls/base64.h
+++ b/include/mbedtls/base64.h
@@ -87,6 +87,16 @@ int mbedtls_base64_self_test( int verbose );
 
 #endif /* MBEDTLS_SELF_TEST */
 
+#if defined(MBEDTLS_TEST_HOOKS)
+/* These functions are only exposed in testing configurations for testing
+ * purposes and may change or disappear at any time. */
+unsigned char mbedtls_base64_mask_of_range( unsigned char low,
+                                            unsigned char high,
+                                            unsigned char c );
+unsigned char mbedtls_base64_enc_char( unsigned char val );
+signed char mbedtls_base64_dec_value( unsigned char c );
+#endif
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/library/base64.c b/library/base64.c
index 6ddd501a4f..96c94d1c61 100644
--- a/library/base64.c
+++ b/library/base64.c
@@ -41,8 +41,10 @@
  *
  * Constant flow with respect to c.
  */
-static unsigned char mask_of_range( unsigned char low, unsigned char high,
-                                    unsigned char c )
+MBEDTLS_STATIC_TESTABLE
+unsigned char mbedtls_base64_mask_of_range( unsigned char low,
+                                            unsigned char high,
+                                            unsigned char c )
 {
     /* low_mask is: 0 if low <= c, 0x...ff if low > c */
     unsigned low_mask = ( (unsigned) c - low ) >> 8;
@@ -55,17 +57,18 @@ static unsigned char mask_of_range( unsigned char low, unsigned char high,
  * The implementation assumes that letters are consecutive (e.g. ASCII
  * but not EBCDIC).
  */
-static unsigned char enc_char( unsigned char val )
+MBEDTLS_STATIC_TESTABLE
+unsigned char mbedtls_base64_enc_char( unsigned char val )
 {
     unsigned char digit = 0;
     /* For each range of values, if val is in that range, mask digit with
      * the corresponding value. Since val can only be in a single range,
      * only at most one masking will change digit. */
-    digit |= mask_of_range(  0, 25, val ) & ( 'A' + val );
-    digit |= mask_of_range( 26, 51, val ) & ( 'a' + val - 26 );
-    digit |= mask_of_range( 52, 61, val ) & ( '0' + val - 52 );
-    digit |= mask_of_range( 62, 62, val ) & '+';
-    digit |= mask_of_range( 63, 63, val ) & '/';
+    digit |= mbedtls_base64_mask_of_range(  0, 25, val ) & ( 'A' + val );
+    digit |= mbedtls_base64_mask_of_range( 26, 51, val ) & ( 'a' + val - 26 );
+    digit |= mbedtls_base64_mask_of_range( 52, 61, val ) & ( '0' + val - 52 );
+    digit |= mbedtls_base64_mask_of_range( 62, 62, val ) & '+';
+    digit |= mbedtls_base64_mask_of_range( 63, 63, val ) & '/';
     return( digit );
 }
 
@@ -109,10 +112,12 @@ int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen,
         C2 = *src++;
         C3 = *src++;
 
-        *p++ = enc_char( ( C1 >> 2 ) & 0x3F );
-        *p++ = enc_char( ( ( ( C1 &  3 ) << 4 ) + ( C2 >> 4 ) ) & 0x3F );
-        *p++ = enc_char( ( ( ( C2 & 15 ) << 2 ) + ( C3 >> 6 ) ) & 0x3F );
-        *p++ = enc_char( C3 & 0x3F );
+        *p++ = mbedtls_base64_enc_char( ( C1 >> 2 ) & 0x3F );
+        *p++ = mbedtls_base64_enc_char( ( ( ( C1 &  3 ) << 4 ) + ( C2 >> 4 ) )
+                                        & 0x3F );
+        *p++ = mbedtls_base64_enc_char( ( ( ( C2 & 15 ) << 2 ) + ( C3 >> 6 ) )
+                                        & 0x3F );
+        *p++ = mbedtls_base64_enc_char( C3 & 0x3F );
     }
 
     if( i < slen )
@@ -120,11 +125,12 @@ int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen,
         C1 = *src++;
         C2 = ( ( i + 1 ) < slen ) ? *src++ : 0;
 
-        *p++ = enc_char( ( C1 >> 2 ) & 0x3F );
-        *p++ = enc_char( ( ( ( C1 & 3 ) << 4 ) + ( C2 >> 4 ) ) & 0x3F );
+        *p++ = mbedtls_base64_enc_char( ( C1 >> 2 ) & 0x3F );
+        *p++ = mbedtls_base64_enc_char( ( ( ( C1 & 3 ) << 4 ) + ( C2 >> 4 ) )
+                                        & 0x3F );
 
         if( ( i + 1 ) < slen )
-             *p++ = enc_char( ( ( C2 & 15 ) << 2 ) & 0x3F );
+             *p++ = mbedtls_base64_enc_char( ( ( C2 & 15 ) << 2 ) & 0x3F );
         else *p++ = '=';
 
         *p++ = '=';
@@ -147,18 +153,19 @@ int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen,
  * on the value of c) unless the compiler inlines and optimizes a specific
  * access.
  */
-static signed char dec_value( unsigned char c )
+MBEDTLS_STATIC_TESTABLE
+signed char mbedtls_base64_dec_value( unsigned char c )
 {
     unsigned char val = 0;
     /* For each range of digits, if c is in that range, mask val with
      * the corresponding value. Since c can only be in a single range,
      * only at most one masking will change val. Set val to one plus
      * the desired value so that it stays 0 if c is in none of the ranges. */
-    val |= mask_of_range( 'A', 'Z', c ) & ( c - 'A' +  0 + 1 );
-    val |= mask_of_range( 'a', 'z', c ) & ( c - 'a' + 26 + 1 );
-    val |= mask_of_range( '0', '9', c ) & ( c - '0' + 52 + 1 );
-    val |= mask_of_range( '+', '+', c ) & ( c - '+' + 62 + 1 );
-    val |= mask_of_range( '/', '/', c ) & ( c - '/' + 63 + 1 );
+    val |= mbedtls_base64_mask_of_range( 'A', 'Z', c ) & ( c - 'A' +  0 + 1 );
+    val |= mbedtls_base64_mask_of_range( 'a', 'z', c ) & ( c - 'a' + 26 + 1 );
+    val |= mbedtls_base64_mask_of_range( '0', '9', c ) & ( c - '0' + 52 + 1 );
+    val |= mbedtls_base64_mask_of_range( '+', '+', c ) & ( c - '+' + 62 + 1 );
+    val |= mbedtls_base64_mask_of_range( '/', '/', c ) & ( c - '/' + 63 + 1 );
     /* At this point, val is 0 if c is an invalid digit and v+1 if c is
      * a digit with the value v. */
     return( val - 1 );
@@ -216,7 +223,7 @@ int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen,
         {
             if( equals != 0 )
                 return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
-            if( dec_value( src[i] ) < 0 )
+            if( mbedtls_base64_dec_value( src[i] ) < 0 )
                 return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
         }
         n++;
@@ -251,7 +258,7 @@ int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen,
         if( *src == '=' )
             ++equals;
         else
-            x |= dec_value( *src );
+            x |= mbedtls_base64_dec_value( *src );
 
         if( ++accumulated_digits == 4 )
         {

From a64417afe6d59647b3cf182f0a1185416140313a Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Tue, 3 Aug 2021 12:38:55 +0200
Subject: [PATCH 809/966] Add unit tests for base64 internal functions

Add unit tests for mask_of_range(), enc_char() and dec_value().

When constant-flow testing is enabled, verify that these functions are
constant-flow.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 tests/suites/test_suite_base64.data     | 30 +++++++++++++
 tests/suites/test_suite_base64.function | 58 +++++++++++++++++++++++++
 2 files changed, 88 insertions(+)

diff --git a/tests/suites/test_suite_base64.data b/tests/suites/test_suite_base64.data
index 3a892f4792..1f94c54348 100644
--- a/tests/suites/test_suite_base64.data
+++ b/tests/suites/test_suite_base64.data
@@ -1,3 +1,33 @@
+mask_of_range empty (1..0)
+mask_of_range:1:0
+
+mask_of_range empty (255..0)
+mask_of_range:255:0
+
+mask_of_range empty (42..7)
+mask_of_range:42:7
+
+mask_of_range 0..0
+mask_of_range:0:0
+
+mask_of_range 42..42
+mask_of_range:42:42
+
+mask_of_range 255..255
+mask_of_range:255:255
+
+mask_of_range 0..255
+mask_of_range:0:255
+
+mask_of_range 'A'..'Z'
+mask_of_range:65:90
+
+enc_char (all digits)
+enc_chars:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"
+
+dec_value (all characters)
+dec_chars:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"
+
 Test case mbedtls_base64_encode #1 buffer just right
 mbedtls_base64_encode:"":"":0:0
 
diff --git a/tests/suites/test_suite_base64.function b/tests/suites/test_suite_base64.function
index be9b6e8c3e..89d7995116 100644
--- a/tests/suites/test_suite_base64.function
+++ b/tests/suites/test_suite_base64.function
@@ -8,6 +8,64 @@
  * END_DEPENDENCIES
  */
 
+/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS */
+void mask_of_range( int low_arg, int high_arg )
+{
+    unsigned char low = low_arg, high = high_arg;
+    unsigned c;
+    for( c = 0; c <= 0xff; c++ )
+    {
+        mbedtls_test_set_step( c );
+        TEST_CF_SECRET( &c, sizeof( c ) );
+        unsigned char m = mbedtls_base64_mask_of_range( low, high, c );
+        TEST_CF_PUBLIC( &c, sizeof( c ) );
+        if( low <= c && c <= high )
+            TEST_EQUAL( m, 0xff );
+        else
+            TEST_EQUAL( m, 0 );
+    }
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS */
+void enc_chars( char *chars )
+{
+    for( unsigned value = 0; value < 64; value++ )
+    {
+        mbedtls_test_set_step( value );
+        TEST_CF_SECRET( &value, sizeof( value ) );
+        unsigned char digit = mbedtls_base64_enc_char( value );
+        TEST_CF_PUBLIC( &value, sizeof( value ) );
+        TEST_CF_PUBLIC( &digit, sizeof( digit ) );
+        TEST_EQUAL( digit, chars[value] );
+    }
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS */
+void dec_chars( char *chars )
+{
+    char *p;
+    const size_t chars_len = strlen( chars );
+    signed char expected;
+
+    for( unsigned c = 0; c <= 0xff; c++ )
+    {
+        mbedtls_test_set_step( c );
+        p = memchr( chars, c, chars_len );
+        if( p == NULL )
+            expected = -1;
+        else
+            expected = p - chars;
+        TEST_CF_SECRET( &c, sizeof( c ) );
+        signed char actual = mbedtls_base64_dec_value( c );
+        TEST_CF_PUBLIC( &c, sizeof( c ) );
+        TEST_CF_PUBLIC( &actual, sizeof( actual ) );
+        TEST_EQUAL( actual, expected );
+    }
+}
+/* END_CASE */
+
 /* BEGIN_CASE */
 void mbedtls_base64_encode( char * src_string, char * dst_string,
                             int dst_buf_size, int result )

From 987984482d46a71d9a9efca9ab4117b0343561d5 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Tue, 3 Aug 2021 13:15:04 +0200
Subject: [PATCH 810/966] Fix printf format signedness error

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 programs/x509/load_roots.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/programs/x509/load_roots.c b/programs/x509/load_roots.c
index 7e52957d8a..8570a0e62a 100644
--- a/programs/x509/load_roots.c
+++ b/programs/x509/load_roots.c
@@ -115,7 +115,8 @@ int read_certificates( const char *const *filenames )
         if( ret != 0 )
         {
             mbedtls_strerror( ret, error_message, sizeof( error_message ) );
-            printf( "\n%s: -0x%04x (%s)\n", *cur, -ret, error_message );
+            printf( "\n%s: -0x%04x (%s)\n",
+                    *cur, (unsigned) -ret, error_message );
             goto exit;
         }
     }

From 27298780468b8414ec2d2d9f558f87f400d711f2 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Tue, 3 Aug 2021 17:41:49 +0200
Subject: [PATCH 811/966] Mark output as public before testing it

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 tests/suites/test_suite_base64.function | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tests/suites/test_suite_base64.function b/tests/suites/test_suite_base64.function
index 89d7995116..c0548956ef 100644
--- a/tests/suites/test_suite_base64.function
+++ b/tests/suites/test_suite_base64.function
@@ -19,6 +19,7 @@ void mask_of_range( int low_arg, int high_arg )
         TEST_CF_SECRET( &c, sizeof( c ) );
         unsigned char m = mbedtls_base64_mask_of_range( low, high, c );
         TEST_CF_PUBLIC( &c, sizeof( c ) );
+        TEST_CF_PUBLIC( &m, sizeof( m ) );
         if( low <= c && c <= high )
             TEST_EQUAL( m, 0xff );
         else

From 680747b8681742ba239cfd1072a52fbaa7e26a78 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Fri, 6 Aug 2021 14:37:01 +0200
Subject: [PATCH 812/966] Fix the build of sample programs without
 mbedtls_strerror

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 ChangeLog.d/no-strerror.txt    |  3 +++
 programs/pkey/key_app_writer.c | 12 +++++++-----
 programs/x509/load_roots.c     |  7 ++++++-
 3 files changed, 16 insertions(+), 6 deletions(-)
 create mode 100644 ChangeLog.d/no-strerror.txt

diff --git a/ChangeLog.d/no-strerror.txt b/ChangeLog.d/no-strerror.txt
new file mode 100644
index 0000000000..69743a8715
--- /dev/null
+++ b/ChangeLog.d/no-strerror.txt
@@ -0,0 +1,3 @@
+Bugfix
+   * Fix the build of sample programs when neither MBEDTLS_ERROR_C nor
+     MBEDTLS_ERROR_STRERROR_DUMMY is enabled.
diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c
index 8a09af5125..ed6addfef8 100644
--- a/programs/pkey/key_app_writer.c
+++ b/programs/pkey/key_app_writer.c
@@ -202,7 +202,9 @@ int main( int argc, char *argv[] )
 {
     int ret = 1;
     int exit_code = MBEDTLS_EXIT_FAILURE;
-    char buf[1024];
+#if defined(MBEDTLS_ERROR_C)
+    char buf[200];
+#endif
     int i;
     char *p, *q;
 
@@ -220,7 +222,9 @@ int main( int argc, char *argv[] )
     mbedtls_ctr_drbg_init( &ctr_drbg );
 
     mbedtls_pk_init( &key );
+#if defined(MBEDTLS_ERROR_C)
     memset( buf, 0, sizeof( buf ) );
+#endif
 
     mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
     mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &DP );
@@ -316,8 +320,7 @@ int main( int argc, char *argv[] )
                                         mbedtls_ctr_drbg_random, &ctr_drbg );
         if( ret != 0 )
         {
-            mbedtls_strerror( ret, (char *) buf, sizeof(buf) );
-            mbedtls_printf( " failed\n  !  mbedtls_pk_parse_keyfile returned -0x%04x - %s\n\n", (unsigned int) -ret, buf );
+            mbedtls_printf( " failed\n  !  mbedtls_pk_parse_keyfile returned -0x%04x", (unsigned int) -ret );
             goto exit;
         }
 
@@ -377,8 +380,7 @@ int main( int argc, char *argv[] )
 
         if( ret != 0 )
         {
-            mbedtls_strerror( ret, (char *) buf, sizeof(buf) );
-            mbedtls_printf( " failed\n  !  mbedtls_pk_parse_public_key returned -0x%04x - %s\n\n", (unsigned int) -ret, buf );
+            mbedtls_printf( " failed\n  !  mbedtls_pk_parse_public_key returned -0x%04x", (unsigned int) -ret );
             goto exit;
         }
 
diff --git a/programs/x509/load_roots.c b/programs/x509/load_roots.c
index 8570a0e62a..e07bed7211 100644
--- a/programs/x509/load_roots.c
+++ b/programs/x509/load_roots.c
@@ -105,7 +105,6 @@ int read_certificates( const char *const *filenames )
     mbedtls_x509_crt cas;
     int ret = 0;
     const char *const *cur;
-    char error_message[200];
 
     mbedtls_x509_crt_init( &cas );
 
@@ -114,9 +113,15 @@ int read_certificates( const char *const *filenames )
         ret = mbedtls_x509_crt_parse_file( &cas, *cur );
         if( ret != 0 )
         {
+#if defined(MBEDTLS_ERROR_C) || defined(MBEDTLS_ERROR_STRERROR_DUMMY)
+            char error_message[200];
             mbedtls_strerror( ret, error_message, sizeof( error_message ) );
             printf( "\n%s: -0x%04x (%s)\n",
                     *cur, (unsigned) -ret, error_message );
+#else
+            printf( "\n%s: -0x%04x\n",
+                    *cur, (unsigned) -ret );
+#endif
             goto exit;
         }
     }

From c1776a01d29a64e9629cdc6417ead16ed8a73ae8 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Fri, 6 Aug 2021 14:47:10 +0200
Subject: [PATCH 813/966] Move declarations of testing-only base64 functions to
 their own header

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 include/mbedtls/base64.h                | 10 -----
 library/base64.c                        |  1 +
 library/base64_invasive.h               | 55 +++++++++++++++++++++++++
 tests/suites/test_suite_base64.function |  1 +
 4 files changed, 57 insertions(+), 10 deletions(-)
 create mode 100644 library/base64_invasive.h

diff --git a/include/mbedtls/base64.h b/include/mbedtls/base64.h
index f6f755913d..8378589f31 100644
--- a/include/mbedtls/base64.h
+++ b/include/mbedtls/base64.h
@@ -87,16 +87,6 @@ int mbedtls_base64_self_test( int verbose );
 
 #endif /* MBEDTLS_SELF_TEST */
 
-#if defined(MBEDTLS_TEST_HOOKS)
-/* These functions are only exposed in testing configurations for testing
- * purposes and may change or disappear at any time. */
-unsigned char mbedtls_base64_mask_of_range( unsigned char low,
-                                            unsigned char high,
-                                            unsigned char c );
-unsigned char mbedtls_base64_enc_char( unsigned char val );
-signed char mbedtls_base64_dec_value( unsigned char c );
-#endif
-
 #ifdef __cplusplus
 }
 #endif
diff --git a/library/base64.c b/library/base64.c
index 96c94d1c61..085c71f3c1 100644
--- a/library/base64.c
+++ b/library/base64.c
@@ -22,6 +22,7 @@
 #if defined(MBEDTLS_BASE64_C)
 
 #include "mbedtls/base64.h"
+#include "base64_invasive.h"
 
 #include <stdint.h>
 
diff --git a/library/base64_invasive.h b/library/base64_invasive.h
new file mode 100644
index 0000000000..9e264719d4
--- /dev/null
+++ b/library/base64_invasive.h
@@ -0,0 +1,55 @@
+/**
+ * \file base_invasive.h
+ *
+ * \brief Base64 module: interfaces for invasive testing only.
+ *
+ * The interfaces in this file are intended for testing purposes only.
+ * They SHOULD NOT be made available in library integrations except when
+ * building the library for testing.
+ */
+/*
+ *  Copyright The Mbed TLS Contributors
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+#ifndef MBEDTLS_BASE64_INVASIVE_H
+#define MBEDTLS_BASE64_INVASIVE_H
+
+#include "common.h"
+
+#if defined(MBEDTLS_TEST_HOOKS)
+/* Return 0xff if low <= c <= high, 0 otherwise.
+ *
+ * Constant flow with respect to c.
+ */
+unsigned char mbedtls_base64_mask_of_range( unsigned char low,
+                                            unsigned char high,
+                                            unsigned char c );
+
+/* Given a value in the range 0..63, return the corresponding Base64 digit.
+ *
+ * Operates in constant time (no branches or memory access depending on val).
+ */
+unsigned char mbedtls_base64_enc_char( unsigned char val );
+
+/* Given a Base64 digit, return its value.
+ * If c is not a Base64 digit ('A'..'Z', 'a'..'z', '0'..'9', '+' or '/'),
+ * return -1.
+ *
+ * Operates in constant time (no branches or memory access depending on c).
+ */
+signed char mbedtls_base64_dec_value( unsigned char c );
+#endif /* MBEDTLS_TEST_HOOKS */
+
+#endif /* MBEDTLS_SSL_INVASIVE_H */
diff --git a/tests/suites/test_suite_base64.function b/tests/suites/test_suite_base64.function
index c0548956ef..d0e1167705 100644
--- a/tests/suites/test_suite_base64.function
+++ b/tests/suites/test_suite_base64.function
@@ -1,5 +1,6 @@
 /* BEGIN_HEADER */
 #include "mbedtls/base64.h"
+#include "base64_invasive.h"
 #include <test/constant_flow.h>
 /* END_HEADER */
 

From ba951f558465358bde42b2dd0587adbe5ab54825 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Fri, 6 Aug 2021 14:55:55 +0200
Subject: [PATCH 814/966] Move the list of Base64 digits out of the test data

This is part of the definition of the encoding, not a choice of test
parameter, so keep it with the test code.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 tests/suites/test_suite_base64.data     |  4 ++--
 tests/suites/test_suite_base64.function | 18 ++++++++++++------
 2 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/tests/suites/test_suite_base64.data b/tests/suites/test_suite_base64.data
index 1f94c54348..555666807d 100644
--- a/tests/suites/test_suite_base64.data
+++ b/tests/suites/test_suite_base64.data
@@ -23,10 +23,10 @@ mask_of_range 'A'..'Z'
 mask_of_range:65:90
 
 enc_char (all digits)
-enc_chars:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"
+enc_chars:
 
 dec_value (all characters)
-dec_chars:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"
+dec_chars:
 
 Test case mbedtls_base64_encode #1 buffer just right
 mbedtls_base64_encode:"":"":0:0
diff --git a/tests/suites/test_suite_base64.function b/tests/suites/test_suite_base64.function
index d0e1167705..8775c8dfbc 100644
--- a/tests/suites/test_suite_base64.function
+++ b/tests/suites/test_suite_base64.function
@@ -2,6 +2,12 @@
 #include "mbedtls/base64.h"
 #include "base64_invasive.h"
 #include <test/constant_flow.h>
+
+#if defined(MBEDTLS_TEST_HOOKS)
+static const char digits[] =
+    "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+#endif /* MBEDTLS_TEST_HOOKS */
+
 /* END_HEADER */
 
 /* BEGIN_DEPENDENCIES
@@ -30,7 +36,7 @@ void mask_of_range( int low_arg, int high_arg )
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS */
-void enc_chars( char *chars )
+void enc_chars( )
 {
     for( unsigned value = 0; value < 64; value++ )
     {
@@ -39,26 +45,26 @@ void enc_chars( char *chars )
         unsigned char digit = mbedtls_base64_enc_char( value );
         TEST_CF_PUBLIC( &value, sizeof( value ) );
         TEST_CF_PUBLIC( &digit, sizeof( digit ) );
-        TEST_EQUAL( digit, chars[value] );
+        TEST_EQUAL( digit, digits[value] );
     }
 }
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS */
-void dec_chars( char *chars )
+void dec_chars( )
 {
     char *p;
-    const size_t chars_len = strlen( chars );
     signed char expected;
 
     for( unsigned c = 0; c <= 0xff; c++ )
     {
         mbedtls_test_set_step( c );
-        p = memchr( chars, c, chars_len );
+        /* digits is 0-terminated. sizeof()-1 excludes the trailing 0. */
+        p = memchr( digits, c, sizeof( digits ) - 1 );
         if( p == NULL )
             expected = -1;
         else
-            expected = p - chars;
+            expected = p - digits;
         TEST_CF_SECRET( &c, sizeof( c ) );
         signed char actual = mbedtls_base64_dec_value( c );
         TEST_CF_PUBLIC( &c, sizeof( c ) );

From 93365a7f450d5bab3ee5176fd36e11d5a23330fe Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Fri, 6 Aug 2021 16:54:22 +0200
Subject: [PATCH 815/966] Rename variable to avoid a name clash

digits is also a local variable in host_test.function, leading to compilers
complaining about that shadowing the global variable in
test_suite_base64.function.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 tests/suites/test_suite_base64.function | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/tests/suites/test_suite_base64.function b/tests/suites/test_suite_base64.function
index 8775c8dfbc..67fbb67505 100644
--- a/tests/suites/test_suite_base64.function
+++ b/tests/suites/test_suite_base64.function
@@ -4,7 +4,7 @@
 #include <test/constant_flow.h>
 
 #if defined(MBEDTLS_TEST_HOOKS)
-static const char digits[] =
+static const char base64_digits[] =
     "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
 #endif /* MBEDTLS_TEST_HOOKS */
 
@@ -45,7 +45,7 @@ void enc_chars( )
         unsigned char digit = mbedtls_base64_enc_char( value );
         TEST_CF_PUBLIC( &value, sizeof( value ) );
         TEST_CF_PUBLIC( &digit, sizeof( digit ) );
-        TEST_EQUAL( digit, digits[value] );
+        TEST_EQUAL( digit, base64_digits[value] );
     }
 }
 /* END_CASE */
@@ -59,12 +59,12 @@ void dec_chars( )
     for( unsigned c = 0; c <= 0xff; c++ )
     {
         mbedtls_test_set_step( c );
-        /* digits is 0-terminated. sizeof()-1 excludes the trailing 0. */
-        p = memchr( digits, c, sizeof( digits ) - 1 );
+        /* base64_digits is 0-terminated. sizeof()-1 excludes the trailing 0. */
+        p = memchr( base64_digits, c, sizeof( base64_digits ) - 1 );
         if( p == NULL )
             expected = -1;
         else
-            expected = p - digits;
+            expected = p - base64_digits;
         TEST_CF_SECRET( &c, sizeof( c ) );
         signed char actual = mbedtls_base64_dec_value( c );
         TEST_CF_PUBLIC( &c, sizeof( c ) );

From ac253ea32be3707169a175e1da857ebc1626ebfe Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Mon, 25 Oct 2021 21:13:27 +0200
Subject: [PATCH 816/966] Fix copypasta in comment

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 library/base64.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/base64.c b/library/base64.c
index 085c71f3c1..a516c1d4a3 100644
--- a/library/base64.c
+++ b/library/base64.c
@@ -49,7 +49,7 @@ unsigned char mbedtls_base64_mask_of_range( unsigned char low,
 {
     /* low_mask is: 0 if low <= c, 0x...ff if low > c */
     unsigned low_mask = ( (unsigned) c - low ) >> 8;
-    /* high_mask is: 0 if c <= high, 0x...ff if high > c */
+    /* high_mask is: 0 if c <= high, 0x...ff if c > high */
     unsigned high_mask = ( (unsigned) high - c ) >> 8;
     return( ~( low_mask | high_mask ) & 0xff );
 }

From 66c9b84f932f6671738ee72019ae47b83ad87979 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Mon, 25 Oct 2021 21:14:06 +0200
Subject: [PATCH 817/966] Fix typo in documentation

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 ChangeLog.d/base64-ranges.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ChangeLog.d/base64-ranges.txt b/ChangeLog.d/base64-ranges.txt
index 8ffba2deec..e3f3862bfb 100644
--- a/ChangeLog.d/base64-ranges.txt
+++ b/ChangeLog.d/base64-ranges.txt
@@ -1,4 +1,4 @@
 Changes
    * Improve the performance of base64 constant-flow code. The result is still
      slower than the original non-constant-flow implementation, but much faster
-     than the previous constant-flow implemenation. Fixes #4814.
+     than the previous constant-flow implementation. Fixes #4814.

From e6d7e5cef6340a70055efa10378704c9c619ab61 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Tue, 26 Oct 2021 10:44:32 +0800
Subject: [PATCH 818/966] move CLIENT/SERVER_HELLO_RANDOM_LEN to `ssl_misc.h`

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_misc.h         | 11 +++++++++--
 library/ssl_tls13_client.c | 32 ++++++++++++++------------------
 2 files changed, 23 insertions(+), 20 deletions(-)

diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 904d8c77db..66fb26c624 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -309,6 +309,9 @@
 
 #define MBEDTLS_TLS1_3_MD_MAX_SIZE         MBEDTLS_MD_MAX_SIZE
 
+#define MBEDTLS_CLIENT_HELLO_RANDOM_LEN 32
+#define MBEDTLS_SERVER_HELLO_RANDOM_LEN 32
+
 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
 /**
  * \brief          Return the maximum fragment length (payload, in bytes) for
@@ -715,7 +718,9 @@ struct mbedtls_ssl_handshake_params
 
     size_t pmslen;                      /*!<  premaster length        */
 
-    unsigned char randbytes[64];        /*!<  random bytes            */
+    unsigned char randbytes[MBEDTLS_CLIENT_HELLO_RANDOM_LEN +
+                            MBEDTLS_SERVER_HELLO_RANDOM_LEN];
+                                        /*!<  random bytes            */
     unsigned char premaster[MBEDTLS_PREMASTER_SIZE];
                                         /*!<  premaster secret        */
 
@@ -880,7 +885,9 @@ struct mbedtls_ssl_transform
     /* We need the Hello random bytes in order to re-derive keys from the
      * Master Secret and other session info,
      * see ssl_tls12_populate_transform() */
-    unsigned char randbytes[64]; /*!< ServerHello.random+ClientHello.random */
+    unsigned char randbytes[MBEDTLS_SERVER_HELLO_RANDOM_LEN +
+                            MBEDTLS_CLIENT_HELLO_RANDOM_LEN];
+                            /*!< ServerHello.random+ClientHello.random */
 #endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */
 };
 
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 989bdc0abc..979db31449 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -35,9 +35,6 @@
 #include "ecdh_misc.h"
 #include "ssl_tls13_keys.h"
 
-#define CLIENT_HELLO_RANDOM_LEN 32
-#define SERVER_HELLO_RANDOM_LEN 32
-
 /* Write extensions */
 
 /*
@@ -709,11 +706,11 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl,
     p += 2;
 
     /* Write the random bytes ( random ).*/
-    MBEDTLS_SSL_CHK_BUF_PTR( p, end, CLIENT_HELLO_RANDOM_LEN );
-    memcpy( p, ssl->handshake->randbytes, CLIENT_HELLO_RANDOM_LEN );
+    MBEDTLS_SSL_CHK_BUF_PTR( p, end, MBEDTLS_CLIENT_HELLO_RANDOM_LEN );
+    memcpy( p, ssl->handshake->randbytes, MBEDTLS_CLIENT_HELLO_RANDOM_LEN );
     MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, random bytes",
-                           p, CLIENT_HELLO_RANDOM_LEN );
-    p += CLIENT_HELLO_RANDOM_LEN;
+                           p, MBEDTLS_CLIENT_HELLO_RANDOM_LEN );
+    p += MBEDTLS_CLIENT_HELLO_RANDOM_LEN;
 
     /*
      * Write legacy_session_id
@@ -834,7 +831,7 @@ static int ssl_tls13_prepare_client_hello( mbedtls_ssl_context *ssl )
 
     if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng,
                                   ssl->handshake->randbytes,
-                                  CLIENT_HELLO_RANDOM_LEN ) ) != 0 )
+                                  MBEDTLS_CLIENT_HELLO_RANDOM_LEN ) ) != 0 )
     {
         MBEDTLS_SSL_DEBUG_RET( 1, "f_rng", ret );
         return( ret );
@@ -894,7 +891,7 @@ static int ssl_server_hello_is_hrr( mbedtls_ssl_context *ssl,
                                     const unsigned char *buf,
                                     const unsigned char *end )
 {
-    static const unsigned char magic_hrr_string[SERVER_HELLO_RANDOM_LEN] =
+    static const unsigned char magic_hrr_string[MBEDTLS_SERVER_HELLO_RANDOM_LEN] =
         { 0xCF, 0x21, 0xAD, 0x74, 0xE5, 0x9A, 0x61, 0x11,
           0xBE, 0x1D, 0x8C, 0x02, 0x1E, 0x65, 0xB8, 0x91,
           0xC2, 0xA2, 0x11, 0x16, 0x7A, 0xBB, 0x8C, 0x5E,
@@ -1045,12 +1042,12 @@ static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl,
      * Check there is space for minimal fields
      *
      * - legacy_version             ( 2 bytes)
-     * - random                     (SERVER_HELLO_RANDOM_LEN bytes)
+     * - random                     (MBEDTLS_SERVER_HELLO_RANDOM_LEN bytes)
      * - legacy_session_id_echo     ( 1 byte ), minimum size
      * - cipher_suite               ( 2 bytes)
      * - legacy_compression_method  ( 1 byte )
      */
-    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, SERVER_HELLO_RANDOM_LEN + 6 );
+    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, MBEDTLS_SERVER_HELLO_RANDOM_LEN + 6 );
 
     MBEDTLS_SSL_DEBUG_BUF( 4, "server hello", p, end - p );
     MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, version", p, 2 );
@@ -1071,18 +1068,17 @@ static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl,
     }
     p += 2;
 
-    /* From RFC8446, page 27.
-     * ...
+    /* ...
      * Random random;
      * ...
      * with Random defined as:
-     * opaque Random[32];
+     * opaque Random[MBEDTLS_SERVER_HELLO_RANDOM_LEN];
      */
-    memcpy( ssl->handshake->randbytes + CLIENT_HELLO_RANDOM_LEN, p,
-            SERVER_HELLO_RANDOM_LEN );
+    memcpy( &ssl->handshake->randbytes[MBEDTLS_CLIENT_HELLO_RANDOM_LEN], p,
+            MBEDTLS_SERVER_HELLO_RANDOM_LEN );
     MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, random bytes",
-                           p, SERVER_HELLO_RANDOM_LEN );
-    p += SERVER_HELLO_RANDOM_LEN;
+                           p, MBEDTLS_SERVER_HELLO_RANDOM_LEN );
+    p += MBEDTLS_SERVER_HELLO_RANDOM_LEN;
 
     /* ...
      * opaque legacy_session_id_echo<0..32>;

From c2d2f217fbba6ae7f275a5c3741e36bb4a674e56 Mon Sep 17 00:00:00 2001
From: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
Date: Tue, 26 Oct 2021 12:21:45 +0200
Subject: [PATCH 819/966] ssl_client2/ssl_server_2: use PSA_ALG_ANY_HASH as
 algorithm for opaque key

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
---
 programs/ssl/ssl_client2.c | 2 +-
 programs/ssl/ssl_server2.c | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index a970503c87..cd9c8bf356 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -1692,7 +1692,7 @@ int main( int argc, char *argv[] )
     if( opt.key_opaque != 0 )
     {
         if( ( ret = mbedtls_pk_wrap_as_opaque( &pkey, &key_slot,
-                                               PSA_ALG_SHA_256 ) ) != 0 )
+                                               PSA_ALG_ANY_HASH ) ) != 0 )
         {
             mbedtls_printf( " failed\n  !  "
                             "mbedtls_pk_wrap_as_opaque returned -0x%x\n\n", (unsigned int)  -ret );
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index c23d73045f..1700405ed3 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -2502,7 +2502,7 @@ int main( int argc, char *argv[] )
         if ( mbedtls_pk_get_type( &pkey ) == MBEDTLS_PK_ECKEY )
         {
             if( ( ret = mbedtls_pk_wrap_as_opaque( &pkey, &key_slot,
-                                                PSA_ALG_SHA_256 ) ) != 0 )
+                                                PSA_ALG_ANY_HASH ) ) != 0 )
             {
                 mbedtls_printf( " failed\n  !  "
                                 "mbedtls_pk_wrap_as_opaque returned -0x%x\n\n", (unsigned int)  -ret );
@@ -2513,7 +2513,7 @@ int main( int argc, char *argv[] )
         if ( mbedtls_pk_get_type( &pkey2 ) == MBEDTLS_PK_ECKEY )
         {
             if( ( ret = mbedtls_pk_wrap_as_opaque( &pkey2, &key_slot2,
-                                                PSA_ALG_SHA_256 ) ) != 0 )
+                                                PSA_ALG_ANY_HASH ) ) != 0 )
             {
                 mbedtls_printf( " failed\n  !  "
                                 "mbedtls_pk_wrap_as_opaque returned -0x%x\n\n", (unsigned int)  -ret );

From bb5d48307325ca4f2ee8c3cdcc81de4112222944 Mon Sep 17 00:00:00 2001
From: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
Date: Tue, 26 Oct 2021 12:25:27 +0200
Subject: [PATCH 820/966] ssl-opt.sh: adapt paramteters of key opaque cases

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
---
 tests/ssl-opt.sh | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 628fad9560..e0abd3f71e 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -1435,12 +1435,15 @@ requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
 requires_config_enabled MBEDTLS_ECDSA_C
 requires_config_enabled MBEDTLS_SHA256_C
 run_test    "Opaque key for client authentication" \
-            "$P_SRV auth_mode=required" \
+            "$P_SRV auth_mode=required crt_file=data_files/server5.crt \
+             key_file=data_files/server5.key" \
             "$P_CLI key_opaque=1 crt_file=data_files/server5.crt \
              key_file=data_files/server5.key" \
             0 \
             -c "key type: Opaque" \
+            -c "Ciphersuite is TLS-ECDHE-ECDSA" \
             -s "Verifying peer X.509 certificate... ok" \
+            -s "Ciphersuite is TLS-ECDHE-ECDSA" \
             -S "error" \
             -C "error"
 
@@ -1450,12 +1453,15 @@ requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
 requires_config_enabled MBEDTLS_ECDSA_C
 requires_config_enabled MBEDTLS_SHA256_C
 run_test    "Opaque key for server authentication" \
-            "$P_SRV auth_mode=required key_opaque=1" \
+            "$P_SRV auth_mode=required key_opaque=1 crt_file=data_files/server5.crt \
+             key_file=data_files/server5.key" \
             "$P_CLI crt_file=data_files/server5.crt \
              key_file=data_files/server5.key" \
             0 \
             -c "Verifying peer X.509 certificate... ok" \
-            -s "key types: RSA - Opaque" \
+            -c "Ciphersuite is TLS-ECDHE-ECDSA" \
+            -s "key types: Opaque - invalid PK" \
+            -s "Ciphersuite is TLS-ECDHE-ECDSA" \
             -S "error" \
             -C "error"
 
@@ -1465,14 +1471,17 @@ requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
 requires_config_enabled MBEDTLS_ECDSA_C
 requires_config_enabled MBEDTLS_SHA256_C
 run_test    "Opaque key for client/server authentication" \
-            "$P_SRV auth_mode=required key_opaque=1" \
+            "$P_SRV auth_mode=required key_opaque=1 crt_file=data_files/server5.crt \
+             key_file=data_files/server5.key" \
             "$P_CLI key_opaque=1 crt_file=data_files/server5.crt \
              key_file=data_files/server5.key" \
             0 \
             -c "key type: Opaque" \
             -c "Verifying peer X.509 certificate... ok" \
-            -s "key types: RSA - Opaque" \
+            -c "Ciphersuite is TLS-ECDHE-ECDSA" \
+            -s "key types: Opaque - invalid PK" \
             -s "Verifying peer X.509 certificate... ok" \
+            -s "Ciphersuite is TLS-ECDHE-ECDSA" \
             -S "error" \
             -C "error"
 

From 643d11606a09ece4f7dfb533a30e88641448db29 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Wed, 27 Oct 2021 13:52:04 +0800
Subject: [PATCH 821/966] Add GET/PUT_UINT24_BE/LE

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/common.h | 72 ++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 72 insertions(+)

diff --git a/library/common.h b/library/common.h
index 9b10ec8fbb..8dfa816dcf 100644
--- a/library/common.h
+++ b/library/common.h
@@ -226,6 +226,78 @@ extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const c
 }
 #endif
 
+/**
+ * Get the unsigned 24 bits integer corresponding to four bytes in
+ * big-endian order (MSB first).
+ *
+ * \param   data    Base address of the memory to get the four bytes from.
+ * \param   offset  Offset from \p base of the first and most significant
+ *                  byte of the four bytes to build the 24 bits unsigned
+ *                  integer from.
+ */
+#ifndef MBEDTLS_GET_UINT24_BE
+#define MBEDTLS_GET_UINT24_BE( data , offset )                  \
+    (                                                           \
+          ( (uint32_t) ( data )[( offset )    ] << 16 )         \
+        | ( (uint32_t) ( data )[( offset ) + 1] << 8  )         \
+        | ( (uint32_t) ( data )[( offset ) + 2]       )         \
+    )
+#endif
+
+/**
+ * Put in memory a 24 bits unsigned integer in big-endian order.
+ *
+ * \param   n       24 bits unsigned integer to put in memory.
+ * \param   data    Base address of the memory where to put the 24
+ *                  bits unsigned integer in.
+ * \param   offset  Offset from \p base where to put the most significant
+ *                  byte of the 24 bits unsigned integer \p n.
+ */
+#ifndef MBEDTLS_PUT_UINT24_BE
+#define MBEDTLS_PUT_UINT24_BE( n, data, offset )                \
+{                                                               \
+    ( data )[( offset )    ] = MBEDTLS_BYTE_2( n );             \
+    ( data )[( offset ) + 1] = MBEDTLS_BYTE_1( n );             \
+    ( data )[( offset ) + 2] = MBEDTLS_BYTE_0( n );             \
+}
+#endif
+
+/**
+ * Get the unsigned 24 bits integer corresponding to four bytes in
+ * little-endian order (LSB first).
+ *
+ * \param   data    Base address of the memory to get the four bytes from.
+ * \param   offset  Offset from \p base of the first and least significant
+ *                  byte of the four bytes to build the 24 bits unsigned
+ *                  integer from.
+ */
+#ifndef MBEDTLS_GET_UINT24_LE
+#define MBEDTLS_GET_UINT24_LE( data, offset )                   \
+    (                                                           \
+          ( (uint32_t) ( data )[( offset )    ]       )         \
+        | ( (uint32_t) ( data )[( offset ) + 1] <<  8 )         \
+        | ( (uint32_t) ( data )[( offset ) + 2] << 16 )         \
+    )
+#endif
+
+/**
+ * Put in memory a 24 bits unsigned integer in little-endian order.
+ *
+ * \param   n       24 bits unsigned integer to put in memory.
+ * \param   data    Base address of the memory where to put the 24
+ *                  bits unsigned integer in.
+ * \param   offset  Offset from \p base where to put the least significant
+ *                  byte of the 24 bits unsigned integer \p n.
+ */
+#ifndef MBEDTLS_PUT_UINT24_LE
+#define MBEDTLS_PUT_UINT24_LE( n, data, offset )                \
+{                                                               \
+    ( data )[( offset )    ] = MBEDTLS_BYTE_0( n );             \
+    ( data )[( offset ) + 1] = MBEDTLS_BYTE_1( n );             \
+    ( data )[( offset ) + 2] = MBEDTLS_BYTE_2( n );             \
+}
+#endif
+
 /**
  * Get the unsigned 64 bits integer corresponding to eight bytes in
  * big-endian order (MSB first).

From 184e8b6a36c9eadc1326f8a84bc403bede19faf0 Mon Sep 17 00:00:00 2001
From: Xiaofei Bai <xiaofei.bai@arm.com>
Date: Tue, 26 Oct 2021 09:23:42 +0000
Subject: [PATCH 822/966] Add exist_ok and use git rev-parse to process
 revisions

Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
---
 scripts/code_size_compare.py | 65 +++++++++++++++++++-----------------
 1 file changed, 34 insertions(+), 31 deletions(-)

diff --git a/scripts/code_size_compare.py b/scripts/code_size_compare.py
index 96ebf3d54b..898aaf9f38 100755
--- a/scripts/code_size_compare.py
+++ b/scripts/code_size_compare.py
@@ -41,12 +41,10 @@ class CodeSizeComparison:
         """
         self.repo_path = "."
         self.result_dir = os.path.abspath(result_dir)
-        if os.path.exists(self.result_dir) is False:
-            os.makedirs(self.result_dir)
+        os.makedirs(self.result_dir, exist_ok=True)
 
         self.csv_dir = os.path.abspath("code_size_records/")
-        if os.path.exists(self.csv_dir) is False:
-            os.makedirs(self.csv_dir)
+        os.makedirs(self.csv_dir, exist_ok=True)
 
         self.old_rev = old_revision
         self.new_rev = new_revision
@@ -60,20 +58,20 @@ class CodeSizeComparison:
 
     @staticmethod
     def validate_revision(revision):
-        result = subprocess.run(["git", "cat-file", "-e", revision], check=False)
-        return result.returncode
+        result = subprocess.run(["git", "rev-parse", "--verify", revision],
+                                check=False, stdout=subprocess.PIPE)
+        return result
 
     def _create_git_worktree(self, revision):
         """Make a separate worktree for revision.
         Do not modify the current worktree."""
 
-        if revision == "HEAD":
+        if revision == "current":
             print("Using current work directory.")
             git_worktree_path = self.repo_path
         else:
             print("Creating git worktree for", revision)
-            rev_dirname = revision.replace("/", "_")
-            git_worktree_path = os.path.join(self.repo_path, "temp-" + rev_dirname)
+            git_worktree_path = os.path.join(self.repo_path, "temp-" + revision)
             subprocess.check_output(
                 [self.git_command, "worktree", "add", "--detach",
                  git_worktree_path, revision], cwd=self.repo_path,
@@ -93,8 +91,11 @@ class CodeSizeComparison:
     def _gen_code_size_csv(self, revision, git_worktree_path):
         """Generate code size csv file."""
 
-        csv_fname = revision.replace("/", "_") + ".csv"
-        print("Measuring code size for", revision)
+        csv_fname = revision + ".csv"
+        if revision == "current":
+            print("Measuring code size in current work directory.")
+        else:
+            print("Measuring code size for", revision)
         result = subprocess.check_output(
             ["size library/*.o"], cwd=git_worktree_path, shell=True
         )
@@ -118,8 +119,8 @@ class CodeSizeComparison:
         """Generate code size csv file for the specified git revision."""
 
         # Check if the corresponding record exists
-        csv_fname = revision.replace("/", "_") + ".csv"
-        if (revision != "HEAD") and \
+        csv_fname = revision + ".csv"
+        if (revision != "current") and \
            os.path.exists(os.path.join(self.csv_dir, csv_fname)):
             print("Code size csv file for", revision, "already exists.")
         else:
@@ -133,13 +134,11 @@ class CodeSizeComparison:
         old and new. Measured code size results of these two revisions
         must be available."""
 
-        old_file = open(os.path.join(self.csv_dir, \
-                        self.old_rev.replace("/", "_") + ".csv"), "r")
-        new_file = open(os.path.join(self.csv_dir, \
-                        self.new_rev.replace("/", "_") + ".csv"), "r")
-        res_file = open(os.path.join(self.result_dir, \
-                        "compare-" + self.old_rev.replace("/", "_") + "-" \
-                        + self.new_rev.replace("/", "_") + ".csv"), "w")
+        old_file = open(os.path.join(self.csv_dir, self.old_rev + ".csv"), "r")
+        new_file = open(os.path.join(self.csv_dir, self.new_rev + ".csv"), "r")
+        res_file = open(os.path.join(self.result_dir, "compare-" + self.old_rev
+                                     + "-" + self.new_rev + ".csv"), "w")
+
         res_file.write("file_name, this_size, old_size, change, change %\n")
         print("Generating comparision results.")
 
@@ -194,12 +193,13 @@ def main():
               default is comparison",
     )
     parser.add_argument(
-        "-o", "--old-rev", type=str, help="old revision for comparison.(prefer commit ID)",
+        "-o", "--old-rev", type=str, help="old revision for comparison.",
         required=True,
     )
     parser.add_argument(
-        "-n", "--new-rev", type=str, default="HEAD",
-        help="new revision for comparison, default is current work directory."
+        "-n", "--new-rev", type=str, default=None,
+        help="new revision for comparison, default is the current work \
+              directory, including uncommited changes."
     )
     comp_args = parser.parse_args()
 
@@ -207,15 +207,18 @@ def main():
         print("Error: {} is not a directory".format(comp_args.result_dir))
         parser.exit()
 
-    validate_result = CodeSizeComparison.validate_revision(comp_args.old_rev)
-    if validate_result != 0:
-        sys.exit(validate_result)
-    old_revision = comp_args.old_rev
+    validate_res = CodeSizeComparison.validate_revision(comp_args.old_rev)
+    if validate_res.returncode != 0:
+        sys.exit(validate_res.returncode)
+    old_revision = validate_res.stdout.decode().replace("\n", "")
 
-    validate_result = CodeSizeComparison.validate_revision(comp_args.new_rev)
-    if validate_result != 0:
-        sys.exit(validate_result)
-    new_revision = comp_args.new_rev
+    if comp_args.new_rev is not None:
+        validate_res = CodeSizeComparison.validate_revision(comp_args.new_rev)
+        if validate_res.returncode != 0:
+            sys.exit(validate_res.returncode)
+        new_revision = validate_res.stdout.decode().replace("\n", "")
+    else:
+        new_revision = "current"
 
     result_dir = comp_args.result_dir
     size_compare = CodeSizeComparison(old_revision, new_revision, result_dir)

From 4cb97390389aab5525fa91ebedb896e7b87d28de Mon Sep 17 00:00:00 2001
From: Mateusz Starzyk <mateusz.starzyk@mobica.com>
Date: Wed, 27 Oct 2021 10:42:31 +0200
Subject: [PATCH 823/966] Use separate MBEDTLS_MODE for the CCM*.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
---
 include/mbedtls/cipher.h    |  10 ++++
 library/cipher.c            |   6 +-
 library/cipher_wrap.c       | 108 ++++++++++++++++++++++++++++++++++++
 library/psa_crypto_cipher.c |   2 +-
 4 files changed, 122 insertions(+), 4 deletions(-)

diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h
index b4630f63cd..892771e638 100644
--- a/include/mbedtls/cipher.h
+++ b/include/mbedtls/cipher.h
@@ -140,9 +140,15 @@ typedef enum {
     MBEDTLS_CIPHER_AES_128_CCM,          /**< AES cipher with 128-bit CCM mode. */
     MBEDTLS_CIPHER_AES_192_CCM,          /**< AES cipher with 192-bit CCM mode. */
     MBEDTLS_CIPHER_AES_256_CCM,          /**< AES cipher with 256-bit CCM mode. */
+    MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG, /**< AES cipher with 128-bit CCM_STAR_NO_TAG mode. */
+    MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG, /**< AES cipher with 192-bit CCM_STAR_NO_TAG mode. */
+    MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG, /**< AES cipher with 256-bit CCM_STAR_NO_TAG mode. */
     MBEDTLS_CIPHER_CAMELLIA_128_CCM,     /**< Camellia cipher with 128-bit CCM mode. */
     MBEDTLS_CIPHER_CAMELLIA_192_CCM,     /**< Camellia cipher with 192-bit CCM mode. */
     MBEDTLS_CIPHER_CAMELLIA_256_CCM,     /**< Camellia cipher with 256-bit CCM mode. */
+    MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG, /**< Camellia cipher with 128-bit CCM_STAR_NO_TAG mode. */
+    MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG, /**< Camellia cipher with 192-bit CCM_STAR_NO_TAG mode. */
+    MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG, /**< Camellia cipher with 256-bit CCM_STAR_NO_TAG mode. */
     MBEDTLS_CIPHER_ARIA_128_ECB,         /**< Aria cipher with 128-bit key and ECB mode. */
     MBEDTLS_CIPHER_ARIA_192_ECB,         /**< Aria cipher with 192-bit key and ECB mode. */
     MBEDTLS_CIPHER_ARIA_256_ECB,         /**< Aria cipher with 256-bit key and ECB mode. */
@@ -161,6 +167,9 @@ typedef enum {
     MBEDTLS_CIPHER_ARIA_128_CCM,         /**< Aria cipher with 128-bit key and CCM mode. */
     MBEDTLS_CIPHER_ARIA_192_CCM,         /**< Aria cipher with 192-bit key and CCM mode. */
     MBEDTLS_CIPHER_ARIA_256_CCM,         /**< Aria cipher with 256-bit key and CCM mode. */
+    MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG, /**< Aria cipher with 128-bit key and CCM_STAR_NO_TAG mode. */
+    MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG, /**< Aria cipher with 192-bit key and CCM_STAR_NO_TAG mode. */
+    MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG, /**< Aria cipher with 256-bit key and CCM_STAR_NO_TAG mode. */
     MBEDTLS_CIPHER_AES_128_OFB,          /**< AES 128-bit cipher in OFB mode. */
     MBEDTLS_CIPHER_AES_192_OFB,          /**< AES 192-bit cipher in OFB mode. */
     MBEDTLS_CIPHER_AES_256_OFB,          /**< AES 256-bit cipher in OFB mode. */
@@ -187,6 +196,7 @@ typedef enum {
     MBEDTLS_MODE_GCM,                    /**< The GCM cipher mode.         */
     MBEDTLS_MODE_STREAM,                 /**< The stream cipher mode.      */
     MBEDTLS_MODE_CCM,                    /**< The CCM cipher mode.         */
+    MBEDTLS_MODE_CCM_STAR_NO_TAG,        /**< The CCM*-no-tag cipher mode. */
     MBEDTLS_MODE_XTS,                    /**< The XTS cipher mode.         */
     MBEDTLS_MODE_CHACHAPOLY,             /**< The ChaCha-Poly cipher mode. */
     MBEDTLS_MODE_KW,                     /**< The SP800-38F KW mode */
diff --git a/library/cipher.c b/library/cipher.c
index 4ed6c910f0..ff851ec936 100644
--- a/library/cipher.c
+++ b/library/cipher.c
@@ -425,7 +425,7 @@ int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx,
 #endif
 
 #if defined(MBEDTLS_CCM_C)
-    if( MBEDTLS_MODE_CCM == ctx->cipher_info->mode )
+    if( MBEDTLS_MODE_CCM_STAR_NO_TAG == ctx->cipher_info->mode )
     {
         int set_lengths_result;
         int ccm_star_mode;
@@ -586,7 +586,7 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i
 #endif
 
 #if defined(MBEDTLS_CCM_C)
-    if( ctx->cipher_info->mode == MBEDTLS_MODE_CCM )
+    if( ctx->cipher_info->mode == MBEDTLS_MODE_CCM_STAR_NO_TAG )
     {
         return( mbedtls_ccm_update( (mbedtls_ccm_context *) ctx->cipher_ctx,
                                     input, ilen,
@@ -981,7 +981,7 @@ int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx,
         MBEDTLS_MODE_OFB == ctx->cipher_info->mode ||
         MBEDTLS_MODE_CTR == ctx->cipher_info->mode ||
         MBEDTLS_MODE_GCM == ctx->cipher_info->mode ||
-        MBEDTLS_MODE_CCM == ctx->cipher_info->mode ||
+        MBEDTLS_MODE_CCM_STAR_NO_TAG == ctx->cipher_info->mode ||
         MBEDTLS_MODE_XTS == ctx->cipher_info->mode ||
         MBEDTLS_MODE_STREAM == ctx->cipher_info->mode )
     {
diff --git a/library/cipher_wrap.c b/library/cipher_wrap.c
index 5776d5e45d..7da7d9d522 100644
--- a/library/cipher_wrap.c
+++ b/library/cipher_wrap.c
@@ -639,6 +639,39 @@ static const mbedtls_cipher_info_t aes_256_ccm_info = {
     16,
     &ccm_aes_info
 };
+
+static const mbedtls_cipher_info_t aes_128_ccm_star_no_tag_info = {
+    MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG,
+    MBEDTLS_MODE_CCM_STAR_NO_TAG,
+    128,
+    "AES-128-CCM*-NO-TAG",
+    12,
+    MBEDTLS_CIPHER_VARIABLE_IV_LEN,
+    16,
+    &ccm_aes_info
+};
+
+static const mbedtls_cipher_info_t aes_192_ccm_star_no_tag_info = {
+    MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG,
+    MBEDTLS_MODE_CCM_STAR_NO_TAG,
+    192,
+    "AES-192-CCM*-NO-TAG",
+    12,
+    MBEDTLS_CIPHER_VARIABLE_IV_LEN,
+    16,
+    &ccm_aes_info
+};
+
+static const mbedtls_cipher_info_t aes_256_ccm_star_no_tag_info = {
+    MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG,
+    MBEDTLS_MODE_CCM_STAR_NO_TAG,
+    256,
+    "AES-256-CCM*-NO-TAG",
+    12,
+    MBEDTLS_CIPHER_VARIABLE_IV_LEN,
+    16,
+    &ccm_aes_info
+};
 #endif /* MBEDTLS_CCM_C */
 
 #endif /* MBEDTLS_AES_C */
@@ -1014,6 +1047,39 @@ static const mbedtls_cipher_info_t camellia_256_ccm_info = {
     16,
     &ccm_camellia_info
 };
+
+static const mbedtls_cipher_info_t camellia_128_ccm_star_no_tag_info = {
+    MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG,
+    MBEDTLS_MODE_CCM_STAR_NO_TAG,
+    128,
+    "CAMELLIA-128-CCM*-NO-TAG",
+    12,
+    MBEDTLS_CIPHER_VARIABLE_IV_LEN,
+    16,
+    &ccm_camellia_info
+};
+
+static const mbedtls_cipher_info_t camellia_192_ccm_star_no_tag_info = {
+    MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG,
+    MBEDTLS_MODE_CCM_STAR_NO_TAG,
+    192,
+    "CAMELLIA-192-CCM*-NO-TAG",
+    12,
+    MBEDTLS_CIPHER_VARIABLE_IV_LEN,
+    16,
+    &ccm_camellia_info
+};
+
+static const mbedtls_cipher_info_t camellia_256_ccm_star_no_tag_info = {
+    MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG,
+    MBEDTLS_MODE_CCM_STAR_NO_TAG,
+    256,
+    "CAMELLIA-256-CCM*-NO-TAG",
+    12,
+    MBEDTLS_CIPHER_VARIABLE_IV_LEN,
+    16,
+    &ccm_camellia_info
+};
 #endif /* MBEDTLS_CCM_C */
 
 #endif /* MBEDTLS_CAMELLIA_C */
@@ -1390,6 +1456,39 @@ static const mbedtls_cipher_info_t aria_256_ccm_info = {
     16,
     &ccm_aria_info
 };
+
+static const mbedtls_cipher_info_t aria_128_ccm_star_no_tag_info = {
+    MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG,
+    MBEDTLS_MODE_CCM_STAR_NO_TAG,
+    128,
+    "ARIA-128-CCM*-NO-TAG",
+    12,
+    MBEDTLS_CIPHER_VARIABLE_IV_LEN,
+    16,
+    &ccm_aria_info
+};
+
+static const mbedtls_cipher_info_t aria_192_ccm_star_no_tag_info = {
+    MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG,
+    MBEDTLS_MODE_CCM_STAR_NO_TAG,
+    192,
+    "ARIA-192-CCM*-NO-TAG",
+    12,
+    MBEDTLS_CIPHER_VARIABLE_IV_LEN,
+    16,
+    &ccm_aria_info
+};
+
+static const mbedtls_cipher_info_t aria_256_ccm_star_no_tag_info = {
+    MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG,
+    MBEDTLS_MODE_CCM_STAR_NO_TAG,
+    256,
+    "ARIA-256-CCM*-NO-TAG",
+    12,
+    MBEDTLS_CIPHER_VARIABLE_IV_LEN,
+    16,
+    &ccm_aria_info
+};
 #endif /* MBEDTLS_CCM_C */
 
 #endif /* MBEDTLS_ARIA_C */
@@ -2055,6 +2154,9 @@ const mbedtls_cipher_definition_t mbedtls_cipher_definitions[] =
     { MBEDTLS_CIPHER_AES_128_CCM,          &aes_128_ccm_info },
     { MBEDTLS_CIPHER_AES_192_CCM,          &aes_192_ccm_info },
     { MBEDTLS_CIPHER_AES_256_CCM,          &aes_256_ccm_info },
+    { MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG,          &aes_128_ccm_star_no_tag_info },
+    { MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG,          &aes_192_ccm_star_no_tag_info },
+    { MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG,          &aes_256_ccm_star_no_tag_info },
 #endif
 #endif /* MBEDTLS_AES_C */
 
@@ -2086,6 +2188,9 @@ const mbedtls_cipher_definition_t mbedtls_cipher_definitions[] =
     { MBEDTLS_CIPHER_CAMELLIA_128_CCM,     &camellia_128_ccm_info },
     { MBEDTLS_CIPHER_CAMELLIA_192_CCM,     &camellia_192_ccm_info },
     { MBEDTLS_CIPHER_CAMELLIA_256_CCM,     &camellia_256_ccm_info },
+    { MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG,     &camellia_128_ccm_star_no_tag_info },
+    { MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG,     &camellia_192_ccm_star_no_tag_info },
+    { MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG,     &camellia_256_ccm_star_no_tag_info },
 #endif
 #endif /* MBEDTLS_CAMELLIA_C */
 
@@ -2117,6 +2222,9 @@ const mbedtls_cipher_definition_t mbedtls_cipher_definitions[] =
     { MBEDTLS_CIPHER_ARIA_128_CCM,     &aria_128_ccm_info },
     { MBEDTLS_CIPHER_ARIA_192_CCM,     &aria_192_ccm_info },
     { MBEDTLS_CIPHER_ARIA_256_CCM,     &aria_256_ccm_info },
+    { MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG,     &aria_128_ccm_star_no_tag_info },
+    { MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG,     &aria_192_ccm_star_no_tag_info },
+    { MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG,     &aria_256_ccm_star_no_tag_info },
 #endif
 #endif /* MBEDTLS_ARIA_C */
 
diff --git a/library/psa_crypto_cipher.c b/library/psa_crypto_cipher.c
index acbbd5ca6b..69dc0561cd 100644
--- a/library/psa_crypto_cipher.c
+++ b/library/psa_crypto_cipher.c
@@ -93,7 +93,7 @@ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa(
                 mode = MBEDTLS_MODE_CBC;
                 break;
             case PSA_ALG_CCM_STAR_NO_TAG:
-                mode = MBEDTLS_MODE_CCM;
+                mode = MBEDTLS_MODE_CCM_STAR_NO_TAG;
                 break;
             case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 0 ):
                 mode = MBEDTLS_MODE_CCM;

From f3f5c210cb25408b316d22ab671972cc45a565cc Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Wed, 27 Oct 2021 17:05:49 +0800
Subject: [PATCH 824/966] fix comments issue

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/common.h | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/library/common.h b/library/common.h
index 8dfa816dcf..7c8d4bf478 100644
--- a/library/common.h
+++ b/library/common.h
@@ -227,12 +227,12 @@ extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const c
 #endif
 
 /**
- * Get the unsigned 24 bits integer corresponding to four bytes in
+ * Get the unsigned 24 bits integer corresponding to three bytes in
  * big-endian order (MSB first).
  *
- * \param   data    Base address of the memory to get the four bytes from.
- * \param   offset  Offset from \p base of the first and most significant
- *                  byte of the four bytes to build the 24 bits unsigned
+ * \param   data    Base address of the memory to get the three bytes from.
+ * \param   offset  Offset from \p data of the first and most significant
+ *                  byte of the three bytes to build the 24 bits unsigned
  *                  integer from.
  */
 #ifndef MBEDTLS_GET_UINT24_BE
@@ -250,7 +250,7 @@ extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const c
  * \param   n       24 bits unsigned integer to put in memory.
  * \param   data    Base address of the memory where to put the 24
  *                  bits unsigned integer in.
- * \param   offset  Offset from \p base where to put the most significant
+ * \param   offset  Offset from \p data where to put the most significant
  *                  byte of the 24 bits unsigned integer \p n.
  */
 #ifndef MBEDTLS_PUT_UINT24_BE
@@ -263,12 +263,12 @@ extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const c
 #endif
 
 /**
- * Get the unsigned 24 bits integer corresponding to four bytes in
+ * Get the unsigned 24 bits integer corresponding to three bytes in
  * little-endian order (LSB first).
  *
- * \param   data    Base address of the memory to get the four bytes from.
- * \param   offset  Offset from \p base of the first and least significant
- *                  byte of the four bytes to build the 24 bits unsigned
+ * \param   data    Base address of the memory to get the three bytes from.
+ * \param   offset  Offset from \p data of the first and least significant
+ *                  byte of the three bytes to build the 24 bits unsigned
  *                  integer from.
  */
 #ifndef MBEDTLS_GET_UINT24_LE
@@ -286,7 +286,7 @@ extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const c
  * \param   n       24 bits unsigned integer to put in memory.
  * \param   data    Base address of the memory where to put the 24
  *                  bits unsigned integer in.
- * \param   offset  Offset from \p base where to put the least significant
+ * \param   offset  Offset from \p data where to put the least significant
  *                  byte of the 24 bits unsigned integer \p n.
  */
 #ifndef MBEDTLS_PUT_UINT24_LE

From 7de19ddaf50fc310b3170f36b6cf45ceecb0d26e Mon Sep 17 00:00:00 2001
From: Mateusz Starzyk <mateusz.starzyk@mobica.com>
Date: Wed, 27 Oct 2021 11:25:08 +0200
Subject: [PATCH 825/966] Remove invalid comments in CCM API

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
---
 include/mbedtls/ccm.h | 2 --
 1 file changed, 2 deletions(-)

diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h
index 0dc5b59683..1be1689df1 100644
--- a/include/mbedtls/ccm.h
+++ b/include/mbedtls/ccm.h
@@ -208,7 +208,6 @@ int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
  *                  at least \p ad_len Bytes.
  * \param ad_len    The length of additional data in Bytes.
  *                  This must be less than 2^16 - 2^8.
- *                  For tag length = 0, AD length can be 0.
  * \param input     The buffer holding the input data. If \p length is greater
  *                  than zero, \p input must be a readable buffer of at least
  *                  that length.
@@ -291,7 +290,6 @@ int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
  *                  at least that \p ad_len Bytes.
  * \param ad_len    The length of additional data in Bytes.
  *                  This must be less than 2^16 - 2^8.
- *                  For tag length = 0, AD length can be 0.
  * \param input     The buffer holding the input data. If \p length is greater
  *                  than zero, \p input must be a readable buffer of at least
  *                  that length.

From 812ef6b379217e186a7e7c52e82d3b9d942ad99b Mon Sep 17 00:00:00 2001
From: Mateusz Starzyk <mateusz.starzyk@mobica.com>
Date: Wed, 27 Oct 2021 11:26:47 +0200
Subject: [PATCH 826/966] Fix ccm*-no-tag changelog entry

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
---
 ChangeLog.d/ccm_star_no_tag.txt | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/ChangeLog.d/ccm_star_no_tag.txt b/ChangeLog.d/ccm_star_no_tag.txt
index 88c0d1fb1f..dbd25d1eec 100644
--- a/ChangeLog.d/ccm_star_no_tag.txt
+++ b/ChangeLog.d/ccm_star_no_tag.txt
@@ -2,6 +2,8 @@ Changes
    * Ignore plaintext/ciphertext lengths for CCM*-no-tag operations.
      For CCM* encryption/decryption without authentication, input
      length will be ignored.
+
+Features
    * Add support for CCM*-no-tag cipher to the PSA.
      Currently only 13-byte long IV's are supported.
      For decryption a minimum of 16-byte long input is expected.

From d025422c288c10243f568548f3b54065c049f513 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Tue, 14 Sep 2021 11:28:22 +0200
Subject: [PATCH 827/966] Remove on-target testing

It was unmaintained and untested, and the fear of breaking it was holding us
back. Resolves #4934.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 ChangeLog.d/remove-greentea-support.txt |   3 +
 tests/Makefile                          |  39 +-
 tests/scripts/generate_test_code.py     |   4 -
 tests/scripts/mbedtls_test.py           | 382 --------------------
 tests/suites/target_test.function       | 449 ------------------------
 5 files changed, 4 insertions(+), 873 deletions(-)
 create mode 100644 ChangeLog.d/remove-greentea-support.txt
 delete mode 100755 tests/scripts/mbedtls_test.py
 delete mode 100644 tests/suites/target_test.function

diff --git a/ChangeLog.d/remove-greentea-support.txt b/ChangeLog.d/remove-greentea-support.txt
new file mode 100644
index 0000000000..af4df4baa1
--- /dev/null
+++ b/ChangeLog.d/remove-greentea-support.txt
@@ -0,0 +1,3 @@
+Removals
+   * Remove the partial support for running unit tests via Greentea on Mbed OS,
+     which had been unmaintained since 2018.
diff --git a/tests/Makefile b/tests/Makefile
index db642c7798..77a31720f0 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -173,7 +173,7 @@ $(BINARIES): %$(EXEXT): %.c $(MBEDLIBS) $(TEST_OBJS_DEPS) $(MBEDTLS_TEST_OBJS)
 
 clean:
 ifndef WINDOWS
-	rm -rf $(BINARIES) *.c *.datax TESTS
+	rm -rf $(BINARIES) *.c *.datax
 	rm -f src/*.o src/drivers/*.o src/libmbed*
 	rm -f include/test/instrument_record_status.h
 else
@@ -184,9 +184,6 @@ else
 	if exist src/drivers/*.o del /Q /F src/drivers/*.o
 	if exist src/libmbed* del /Q /F src/libmed*
 	if exist include/test/instrument_record_status.h del /Q /F include/test/instrument_record_status.h
-ifneq ($(wildcard TESTS/.*),)
-	rmdir /Q /S TESTS
-endif
 endif
 
 neat: clean
@@ -202,40 +199,6 @@ check: $(BINARIES)
 
 test: check
 
-# Create separate targets for generating embedded tests.
-EMBEDDED_TESTS := $(addprefix embedded_,$(APPS))
-
-# Generate test code for target.
-
-.SECONDEXPANSION:
-$(EMBEDDED_TESTS): embedded_%: suites/$$(firstword $$(subst ., ,$$*)).function suites/%.data scripts/generate_test_code.py suites/helpers.function suites/main_test.function suites/target_test.function
-	echo "  Gen  ./TESTS/mbedtls/$*/$*.c"
-	$(PYTHON) scripts/generate_test_code.py -f suites/$(firstword $(subst ., ,$*)).function \
-		-d suites/$*.data \
-		-t suites/main_test.function \
-		-p suites/target_test.function \
-		-s suites  \
-		--helpers-file suites/helpers.function \
-		-o ./TESTS/mbedtls/$*
-
-generate-target-tests: $(EMBEDDED_TESTS)
-
-define copy_header_to_target
-TESTS/mbedtls/$(1)/$(2): include/test/$(2)
-	echo "  Copy ./$$@"
-ifndef WINDOWS
-	mkdir -p $$(@D)
-	cp $$< $$@
-else
-	mkdir $$(@D)
-	copy $$< $$@
-endif
-
-endef
-$(foreach app, $(APPS), $(foreach file, $(notdir $(wildcard include/test/*.h)), \
-	$(eval $(call copy_header_to_target,$(app),$(file)))))
-$(addprefix embedded_,$(filter test_suite_psa_%, $(APPS))): embedded_%: $(patsubst TESTS/mbedtls/%, include/test/%, $(wildcard include/test/*. include/test/*/*.h))
-
 ifdef RECORD_PSA_STATUS_COVERAGE_LOG
 include/test/instrument_record_status.h: ../include/psa/crypto.h Makefile
 	echo "  Gen  $@"
diff --git a/tests/scripts/generate_test_code.py b/tests/scripts/generate_test_code.py
index 7382fb6ecb..f5750aacfa 100755
--- a/tests/scripts/generate_test_code.py
+++ b/tests/scripts/generate_test_code.py
@@ -106,10 +106,6 @@ Platform file:
 Platform file contains platform specific setup code and test case
 dispatch code. For example, host_test.function reads test data
 file from host's file system and dispatches tests.
-In case of on-target target_test.function tests are not dispatched
-on target. Target code is kept minimum and only test functions are
-dispatched. Test case dispatch is done on the host using tools like
-Greentea.
 
 Template file:
 ---------
diff --git a/tests/scripts/mbedtls_test.py b/tests/scripts/mbedtls_test.py
deleted file mode 100755
index 64f12bbb31..0000000000
--- a/tests/scripts/mbedtls_test.py
+++ /dev/null
@@ -1,382 +0,0 @@
-#!/usr/bin/env python3
-
-# Greentea host test script for Mbed TLS on-target test suite testing.
-#
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-
-"""
-Mbed TLS on-target test suite tests are implemented as Greentea
-tests. Greentea tests are implemented in two parts: target test and
-host test. Target test is a C application that is built for the
-target platform and executes on the target. Host test is a Python
-class derived from mbed_host_tests.BaseHostTest. Target communicates
-with the host over serial for the test data and sends back the result.
-
-Python tool mbedgt (Greentea) is responsible for flashing the test
-binary on to the target and dynamically loading this host test module.
-
-Greentea documentation can be found here:
-https://github.com/ARMmbed/greentea
-"""
-
-
-import re
-import os
-import binascii
-
-from mbed_host_tests import BaseHostTest, event_callback # type: ignore # pylint: disable=import-error
-
-
-class TestDataParserError(Exception):
-    """Indicates error in test data, read from .data file."""
-    pass
-
-
-class TestDataParser:
-    """
-    Parses test name, dependencies, test function name and test parameters
-    from the data file.
-    """
-
-    def __init__(self):
-        """
-        Constructor
-        """
-        self.tests = []
-
-    def parse(self, data_file):
-        """
-        Data file parser.
-
-        :param data_file: Data file path
-        """
-        with open(data_file, 'r') as data_f:
-            self.__parse(data_f)
-
-    @staticmethod
-    def __escaped_split(inp_str, split_char):
-        """
-        Splits inp_str on split_char except when escaped.
-
-        :param inp_str: String to split
-        :param split_char: Split character
-        :return: List of splits
-        """
-        split_colon_fn = lambda x: re.sub(r'\\' + split_char, split_char, x)
-        if len(split_char) > 1:
-            raise ValueError('Expected split character. Found string!')
-        out = list(map(split_colon_fn, re.split(r'(?<!\\)' + split_char, inp_str)))
-        out = [x for x in out if x]
-        return out
-
-    def __parse(self, data_f):
-        """
-        Parses data file using supplied file object.
-
-        :param data_f: Data file object
-        :return:
-        """
-        for line in data_f:
-            line = line.strip()
-            if not line:
-                continue
-            # Read test name
-            name = line
-
-            # Check dependencies
-            dependencies = []
-            line = next(data_f).strip()
-            match = re.search('depends_on:(.*)', line)
-            if match:
-                dependencies = [int(x) for x in match.group(1).split(':')]
-                line = next(data_f).strip()
-
-            # Read test vectors
-            line = line.replace('\\n', '\n')
-            parts = self.__escaped_split(line, ':')
-            function_name = int(parts[0])
-            args = parts[1:]
-            args_count = len(args)
-            if args_count % 2 != 0:
-                err_str_fmt = "Number of test arguments({}) should be even: {}"
-                raise TestDataParserError(err_str_fmt.format(args_count, line))
-            grouped_args = [(args[i * 2], args[(i * 2) + 1])
-                            for i in range(int(len(args)/2))]
-            self.tests.append((name, function_name, dependencies,
-                               grouped_args))
-
-    def get_test_data(self):
-        """
-        Returns test data.
-        """
-        return self.tests
-
-
-class MbedTlsTest(BaseHostTest):
-    """
-    Host test for Mbed TLS unit tests. This script is loaded at
-    run time by Greentea for executing Mbed TLS test suites. Each
-    communication from the target is received in this object as
-    an event, which is then handled by the event handler method
-    decorated by the associated event. Ex: @event_callback('GO').
-
-    Target test sends requests for dispatching next test. It reads
-    tests from the intermediate data file and sends test function
-    identifier, dependency identifiers, expression identifiers and
-    the test data in binary form. Target test checks dependencies
-    , evaluate integer constant expressions and dispatches the test
-    function with received test parameters. After test function is
-    finished, target sends the result. This class handles the result
-    event and prints verdict in the form that Greentea understands.
-
-    """
-    # status/error codes from suites/helpers.function
-    DEPENDENCY_SUPPORTED = 0
-    KEY_VALUE_MAPPING_FOUND = DEPENDENCY_SUPPORTED
-    DISPATCH_TEST_SUCCESS = DEPENDENCY_SUPPORTED
-
-    KEY_VALUE_MAPPING_NOT_FOUND = -1    # Expression Id not found.
-    DEPENDENCY_NOT_SUPPORTED = -2       # Dependency not supported.
-    DISPATCH_TEST_FN_NOT_FOUND = -3     # Test function not found.
-    DISPATCH_INVALID_TEST_DATA = -4     # Invalid parameter type.
-    DISPATCH_UNSUPPORTED_SUITE = -5     # Test suite not supported/enabled.
-
-    def __init__(self):
-        """
-        Constructor initialises test index to 0.
-        """
-        super(MbedTlsTest, self).__init__()
-        self.tests = []
-        self.test_index = -1
-        self.dep_index = 0
-        self.suite_passed = True
-        self.error_str = dict()
-        self.error_str[self.DEPENDENCY_SUPPORTED] = \
-            'DEPENDENCY_SUPPORTED'
-        self.error_str[self.KEY_VALUE_MAPPING_NOT_FOUND] = \
-            'KEY_VALUE_MAPPING_NOT_FOUND'
-        self.error_str[self.DEPENDENCY_NOT_SUPPORTED] = \
-            'DEPENDENCY_NOT_SUPPORTED'
-        self.error_str[self.DISPATCH_TEST_FN_NOT_FOUND] = \
-            'DISPATCH_TEST_FN_NOT_FOUND'
-        self.error_str[self.DISPATCH_INVALID_TEST_DATA] = \
-            'DISPATCH_INVALID_TEST_DATA'
-        self.error_str[self.DISPATCH_UNSUPPORTED_SUITE] = \
-            'DISPATCH_UNSUPPORTED_SUITE'
-
-    def setup(self):
-        """
-        Setup hook implementation. Reads test suite data file and parses out
-        tests.
-        """
-        binary_path = self.get_config_item('image_path')
-        script_dir = os.path.split(os.path.abspath(__file__))[0]
-        suite_name = os.path.splitext(os.path.basename(binary_path))[0]
-        data_file = ".".join((suite_name, 'datax'))
-        data_file = os.path.join(script_dir, '..', 'mbedtls',
-                                 suite_name, data_file)
-        if os.path.exists(data_file):
-            self.log("Running tests from %s" % data_file)
-            parser = TestDataParser()
-            parser.parse(data_file)
-            self.tests = parser.get_test_data()
-            self.print_test_info()
-        else:
-            self.log("Data file not found: %s" % data_file)
-            self.notify_complete(False)
-
-    def print_test_info(self):
-        """
-        Prints test summary read by Greentea to detect test cases.
-        """
-        self.log('{{__testcase_count;%d}}' % len(self.tests))
-        for name, _, _, _ in self.tests:
-            self.log('{{__testcase_name;%s}}' % name)
-
-    @staticmethod
-    def align_32bit(data_bytes):
-        """
-        4 byte aligns input byte array.
-
-        :return:
-        """
-        data_bytes += bytearray((4 - (len(data_bytes))) % 4)
-
-    @staticmethod
-    def hex_str_bytes(hex_str):
-        """
-        Converts Hex string representation to byte array
-
-        :param hex_str: Hex in string format.
-        :return: Output Byte array
-        """
-        if hex_str[0] != '"' or hex_str[len(hex_str) - 1] != '"':
-            raise TestDataParserError("HEX test parameter missing '\"':"
-                                      " %s" % hex_str)
-        hex_str = hex_str.strip('"')
-        if len(hex_str) % 2 != 0:
-            raise TestDataParserError("HEX parameter len should be mod of "
-                                      "2: %s" % hex_str)
-
-        data_bytes = binascii.unhexlify(hex_str)
-        return data_bytes
-
-    @staticmethod
-    def int32_to_big_endian_bytes(i):
-        """
-        Coverts i to byte array in big endian format.
-
-        :param i: Input integer
-        :return: Output bytes array in big endian or network order
-        """
-        data_bytes = bytearray([((i >> x) & 0xff) for x in [24, 16, 8, 0]])
-        return data_bytes
-
-    def test_vector_to_bytes(self, function_id, dependencies, parameters):
-        """
-        Converts test vector into a byte array that can be sent to the target.
-
-        :param function_id: Test Function Identifier
-        :param dependencies: Dependency list
-        :param parameters: Test function input parameters
-        :return: Byte array and its length
-        """
-        data_bytes = bytearray([len(dependencies)])
-        if dependencies:
-            data_bytes += bytearray(dependencies)
-        data_bytes += bytearray([function_id, len(parameters)])
-        for typ, param in parameters:
-            if typ in ('int', 'exp'):
-                i = int(param, 0)
-                data_bytes += b'I' if typ == 'int' else b'E'
-                self.align_32bit(data_bytes)
-                data_bytes += self.int32_to_big_endian_bytes(i)
-            elif typ == 'char*':
-                param = param.strip('"')
-                i = len(param) + 1  # + 1 for null termination
-                data_bytes += b'S'
-                self.align_32bit(data_bytes)
-                data_bytes += self.int32_to_big_endian_bytes(i)
-                data_bytes += bytearray(param, encoding='ascii')
-                data_bytes += b'\0'   # Null terminate
-            elif typ == 'hex':
-                binary_data = self.hex_str_bytes(param)
-                data_bytes += b'H'
-                self.align_32bit(data_bytes)
-                i = len(binary_data)
-                data_bytes += self.int32_to_big_endian_bytes(i)
-                data_bytes += binary_data
-        length = self.int32_to_big_endian_bytes(len(data_bytes))
-        return data_bytes, length
-
-    def run_next_test(self):
-        """
-        Fetch next test information and execute the test.
-
-        """
-        self.test_index += 1
-        self.dep_index = 0
-        if self.test_index < len(self.tests):
-            name, function_id, dependencies, args = self.tests[self.test_index]
-            self.run_test(name, function_id, dependencies, args)
-        else:
-            self.notify_complete(self.suite_passed)
-
-    def run_test(self, name, function_id, dependencies, args):
-        """
-        Execute the test on target by sending next test information.
-
-        :param name: Test name
-        :param function_id: function identifier
-        :param dependencies: Dependencies list
-        :param args: test parameters
-        :return:
-        """
-        self.log("Running: %s" % name)
-
-        param_bytes, length = self.test_vector_to_bytes(function_id,
-                                                        dependencies, args)
-        self.send_kv(
-            ''.join('{:02x}'.format(x) for x in length),
-            ''.join('{:02x}'.format(x) for x in param_bytes)
-        )
-
-    @staticmethod
-    def get_result(value):
-        """
-        Converts result from string type to integer
-        :param value: Result code in string
-        :return: Integer result code. Value is from the test status
-                 constants defined under the MbedTlsTest class.
-        """
-        try:
-            return int(value)
-        except ValueError:
-            ValueError("Result should return error number. "
-                       "Instead received %s" % value)
-
-    @event_callback('GO')
-    def on_go(self, _key, _value, _timestamp):
-        """
-        Sent by the target to start first test.
-
-        :param _key: Event key
-        :param _value: Value. ignored
-        :param _timestamp: Timestamp ignored.
-        :return:
-        """
-        self.run_next_test()
-
-    @event_callback("R")
-    def on_result(self, _key, value, _timestamp):
-        """
-        Handle result. Prints test start, finish required by Greentea
-        to detect test execution.
-
-        :param _key: Event key
-        :param value: Value. ignored
-        :param _timestamp: Timestamp ignored.
-        :return:
-        """
-        int_val = self.get_result(value)
-        name, _, _, _ = self.tests[self.test_index]
-        self.log('{{__testcase_start;%s}}' % name)
-        self.log('{{__testcase_finish;%s;%d;%d}}' % (name, int_val == 0,
-                                                     int_val != 0))
-        if int_val != 0:
-            self.suite_passed = False
-        self.run_next_test()
-
-    @event_callback("F")
-    def on_failure(self, _key, value, _timestamp):
-        """
-        Handles test execution failure. That means dependency not supported or
-        Test function not supported. Hence marking test as skipped.
-
-        :param _key: Event key
-        :param value: Value. ignored
-        :param _timestamp: Timestamp ignored.
-        :return:
-        """
-        int_val = self.get_result(value)
-        if int_val in self.error_str:
-            err = self.error_str[int_val]
-        else:
-            err = 'Unknown error'
-        # For skip status, do not write {{__testcase_finish;...}}
-        self.log("Error: %s" % err)
-        self.run_next_test()
diff --git a/tests/suites/target_test.function b/tests/suites/target_test.function
deleted file mode 100644
index 637a79d5ee..0000000000
--- a/tests/suites/target_test.function
+++ /dev/null
@@ -1,449 +0,0 @@
-#line 2 "suites/target_test.function"
-
-#include "greentea-client/test_env.h"
-
-/**
- * \brief       Increments pointer and asserts that it does not overflow.
- *
- * \param p     Pointer to byte array
- * \param start Pointer to start of byte array
- * \param len   Length of byte array
- * \param step  Increment size
- *
- */
-#define INCR_ASSERT(p, start, len, step) do                     \
-{                                                               \
-    TEST_HELPER_ASSERT( ( p ) >= ( start ) );                               \
-    TEST_HELPER_ASSERT( sizeof( *( p ) ) == sizeof( *( start ) ) );         \
-    /* <= is checked to support use inside a loop where         \
-       pointer is incremented after reading data.       */      \
-    TEST_HELPER_ASSERT( (uint32_t)( ( ( p ) - ( start ) ) + ( step ) ) <= ( len ) );\
-    ( p ) += ( step );                                          \
-}                                                               \
-while( 0 )
-
-
-/**
- * \brief       4 byte align unsigned char pointer
- *
- * \param p     Pointer to byte array
- * \param start Pointer to start of byte array
- * \param len   Length of byte array
- *
- */
-#define ALIGN_32BIT(p, start, len) do               \
-{                                                   \
-    uint32_t align = ( - (uintptr_t)( p ) ) % 4;    \
-    INCR_ASSERT( ( p ), ( start ), ( len ), align );\
-}                                                   \
-while( 0 )
-
-
-/**
- * \brief       Verify dependencies. Dependency identifiers are
- *              encoded in the buffer as 8 bit unsigned integers.
- *
- * \param count     Number of dependencies.
- * \param dep_p     Pointer to buffer.
- *
- * \return          DEPENDENCY_SUPPORTED if success else DEPENDENCY_NOT_SUPPORTED.
- */
-int verify_dependencies( uint8_t count, uint8_t * dep_p )
-{
-    uint8_t i;
-    for ( i = 0; i < count; i++ )
-    {
-        if ( dep_check( (int)(dep_p[i]) ) != DEPENDENCY_SUPPORTED )
-            return( DEPENDENCY_NOT_SUPPORTED );
-    }
-    return( DEPENDENCY_SUPPORTED );
-}
-
-/**
- * \brief       Receives hex string on serial interface, and converts to a byte.
- *
- * \param none
- *
- * \return      unsigned int8
- */
-uint8_t receive_byte()
-{
-    uint8_t byte;
-    uint8_t c[3];
-    size_t len;
-
-    c[0] = greentea_getc();
-    c[1] = greentea_getc();
-    c[2] = '\0';
-
-    TEST_HELPER_ASSERT( mbedtls_test_unhexify( &byte, sizeof( byte ),
-                                               c, &len ) == 0 );
-    TEST_HELPER_ASSERT( len != 2 );
-
-    return( byte );
-}
-
-/**
- * \brief       Receives unsigned integer on serial interface.
- *              Integers are encoded in network order, and sent as hex ascii string.
- *
- * \param none
- *
- * \return      unsigned int
- */
-uint32_t receive_uint32()
-{
-    uint32_t value;
-    size_t len;
-    const uint8_t c_be[8] = { greentea_getc(),
-                              greentea_getc(),
-                              greentea_getc(),
-                              greentea_getc(),
-                              greentea_getc(),
-                              greentea_getc(),
-                              greentea_getc(),
-                              greentea_getc()
-                             };
-    const uint8_t c[9] = { c_be[6], c_be[7], c_be[4], c_be[5], c_be[2],
-                           c_be[3], c_be[0], c_be[1], '\0' };
-
-    TEST_HELPER_ASSERT( mbedtls_test_unhexify( (uint8_t*)&value, sizeof( value ),
-                                               c, &len ) == 0 );
-    TEST_HELPER_ASSERT( len != 8 );
-
-    return( value );
-}
-
-/**
- * \brief       Parses out an unsigned 32 int value from the byte array.
- *              Integers are encoded in network order.
- *
- * \param p     Pointer to byte array
- *
- * \return      unsigned int
- */
-uint32_t parse_uint32( uint8_t * p )
-{
-    uint32_t value;
-    value =  *p++ << 24;
-    value |= *p++ << 16;
-    value |= *p++ << 8;
-    value |= *p;
-    return( value );
-}
-
-
-/**
- * \brief       Receives test data on serial as greentea key,value pair:
- *              {{<length>;<byte array>}}
- *
- * \param data_len  Out pointer to hold received data length.
- *
- * \return      Byte array.
- */
-uint8_t * receive_data( uint32_t * data_len )
-{
-    uint32_t i = 0, errors = 0;
-    char c;
-    uint8_t * data = NULL;
-
-    /* Read opening braces */
-    i = 0;
-    while ( i < 2 )
-    {
-        c = greentea_getc();
-        /* Ignore any prevous CR LF characters */
-        if ( c == '\n' || c == '\r' )
-            continue;
-        i++;
-        if ( c != '{' )
-            return( NULL );
-    }
-
-    /* Read data length */
-    *data_len = receive_uint32();
-    data = (uint8_t *)malloc( *data_len );
-    TEST_HELPER_ASSERT( data != NULL );
-
-    greentea_getc(); // read ';' received after key i.e. *data_len
-
-    for( i = 0; i < *data_len; i++ )
-        data[i] = receive_byte();
-
-    /* Read closing braces */
-    for( i = 0; i < 2; i++ )
-    {
-        c = greentea_getc();
-        if ( c != '}' )
-        {
-            errors++;
-            break;
-        }
-    }
-
-    if ( errors )
-    {
-        free( data );
-        data = NULL;
-        *data_len = 0;
-    }
-
-    return( data );
-}
-
-/**
- * \brief       Parse the received byte array and count the number of arguments
- *              to the test function passed as type hex.
- *
- * \param count     Parameter count
- * \param data      Received Byte array
- * \param data_len  Byte array length
- *
- * \return      count of hex params
- */
-uint32_t find_hex_count( uint8_t count, uint8_t * data, uint32_t data_len )
-{
-    uint32_t i = 0, sz = 0;
-    char c;
-    uint8_t * p = NULL;
-    uint32_t hex_count = 0;
-
-    p = data;
-
-    for( i = 0; i < count; i++ )
-    {
-        c = (char)*p;
-        INCR_ASSERT( p, data, data_len, 1 );
-
-        /* Align p to 4 bytes for int, expression, string len or hex length */
-        ALIGN_32BIT( p, data, data_len );
-
-        /* Network to host conversion */
-        sz = (int32_t)parse_uint32( p );
-
-        INCR_ASSERT( p, data, data_len, sizeof( int32_t ) );
-
-        if ( c == 'H' || c == 'S' )
-        {
-            INCR_ASSERT( p, data, data_len, sz );
-            hex_count += ( c == 'H' )?1:0;
-        }
-    }
-
-    return( hex_count );
-}
-
-/**
- * \brief       Parses received byte array for test parameters.
- *
- * \param count     Parameter count
- * \param data      Received Byte array
- * \param data_len  Byte array length
- * \param error     Parsing error out variable.
- *
- * \return      Array of parsed parameters allocated on heap.
- *              Note: Caller has the responsibility to delete
- *                    the memory after use.
- */
-void ** parse_parameters( uint8_t count, uint8_t * data, uint32_t data_len,
-                          int * error )
-{
-    uint32_t i = 0, hex_count = 0;
-    char c;
-    void ** params = NULL;
-    void ** cur = NULL;
-    uint8_t * p = NULL;
-
-    hex_count = find_hex_count(count, data, data_len);
-
-    params = (void **)malloc( sizeof( void *) * ( count + hex_count ) );
-    TEST_HELPER_ASSERT( params != NULL );
-    cur = params;
-
-    p = data;
-
-    /* Parameters */
-    for( i = 0; i < count; i++ )
-    {
-        c = (char)*p;
-        INCR_ASSERT( p, data, data_len, 1 );
-
-        /* Align p to 4 bytes for int, expression, string len or hex length */
-        ALIGN_32BIT( p, data, data_len );
-
-        /* Network to host conversion */
-        *( (int32_t *)p ) = (int32_t)parse_uint32( p );
-
-        switch( c )
-        {
-            case 'E':
-                {
-                    if ( get_expression( *( (int32_t *)p ), (int32_t *)p ) )
-                    {
-                        *error = KEY_VALUE_MAPPING_NOT_FOUND;
-                        goto exit;
-                    }
-                } /* Intentional fall through */
-            case 'I':
-                {
-                    *cur++ = (void *)p;
-                    INCR_ASSERT( p, data, data_len, sizeof( int32_t ) );
-                }
-                break;
-            case 'H': /* Intentional fall through */
-            case 'S':
-                {
-                    uint32_t * sz = (uint32_t *)p;
-                    INCR_ASSERT( p, data, data_len, sizeof( int32_t ) );
-                    *cur++ = (void *)p;
-                    if ( c == 'H' )
-                        *cur++ = (void *)sz;
-                    INCR_ASSERT( p, data, data_len, ( *sz ) );
-                }
-                break;
-            default:
-                    {
-                        *error = DISPATCH_INVALID_TEST_DATA;
-                        goto exit;
-                    }
-                break;
-        }
-    }
-
-exit:
-    if ( *error )
-    {
-        free( params );
-        params = NULL;
-    }
-
-    return( params );
-}
-
-/**
- * \brief       Sends greentea key and int value pair to host.
- *
- * \param key   key string
- * \param value integer value
- *
- * \return      void
- */
-void send_key_integer( char * key, int value )
-{
-    char str[50];
-    snprintf( str, sizeof( str ), "%d", value );
-    greentea_send_kv( key, str );
-}
-
-/**
- * \brief       Sends test setup failure to the host.
- *
- * \param failure   Test set failure
- *
- * \return      void
- */
-void send_failure( int failure )
-{
-    send_key_integer( "F", failure );
-}
-
-/**
- * \brief       Sends test status to the host.
- *
- * \param status    Test status (PASS=0/FAIL=!0)
- *
- * \return      void
- */
-void send_status( int status )
-{
-    send_key_integer( "R", status );
-}
-
-
-/**
- * \brief       Embedded implementation of execute_tests().
- *              Ignores command line and received test data
- *              on serial.
- *
- * \param argc  not used
- * \param argv  not used
- *
- * \return      Program exit status.
- */
-int execute_tests( int args, const char ** argv )
-{
-    int ret = 0;
-    uint32_t data_len = 0;
-    uint8_t count = 0, function_id;
-    void ** params = NULL;
-    uint8_t * data = NULL, * p = NULL;
-
-    GREENTEA_SETUP( 800, "mbedtls_test" );
-    greentea_send_kv( "GO", " " );
-
-    while ( 1 )
-    {
-        ret = 0;
-        mbedtls_test_info_reset( );
-        data_len = 0;
-
-        data = receive_data( &data_len );
-        if ( data == NULL )
-            continue;
-        p = data;
-
-        do
-        {
-            /* Read dependency count */
-            count = *p;
-            TEST_HELPER_ASSERT( count < data_len );
-            INCR_ASSERT( p, data, data_len, sizeof( uint8_t ) );
-            ret = verify_dependencies( count, p );
-            if ( ret != DEPENDENCY_SUPPORTED )
-                break;
-
-            if ( count )
-                INCR_ASSERT( p, data, data_len, count );
-
-            /* Read function id */
-            function_id = *p;
-            INCR_ASSERT( p, data, data_len, sizeof( uint8_t ) );
-            if ( ( ret = check_test( function_id ) ) != DISPATCH_TEST_SUCCESS )
-                break;
-
-            /* Read number of parameters */
-            count = *p;
-            INCR_ASSERT( p, data, data_len, sizeof( uint8_t ) );
-
-            /* Parse parameters if present */
-            if ( count )
-            {
-                params = parse_parameters( count, p, data_len - ( p - data ), &ret );
-                if ( ret )
-                    break;
-            }
-
-            ret = dispatch_test( function_id, params );
-        }
-        while ( 0 );
-
-        if ( data )
-        {
-            free( data );
-            data = NULL;
-        }
-
-        if ( params )
-        {
-            free( params );
-            params = NULL;
-        }
-
-        if ( ret )
-            send_failure( ret );
-        else
-            send_status( mbedtls_test_info.result );
-    }
-    return( 0 );
-}
-

From f257a6e8f8c9b85ad2f42600bbac8c2518323607 Mon Sep 17 00:00:00 2001
From: Mateusz Starzyk <mateusz.starzyk@mobica.com>
Date: Wed, 27 Oct 2021 16:27:44 +0200
Subject: [PATCH 828/966] Add CCM*-no-tag tests for the cipher module.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
---
 tests/suites/test_suite_cipher.aes.data      | 312 +++++++++++++++++++
 tests/suites/test_suite_cipher.aria.data     | 312 +++++++++++++++++++
 tests/suites/test_suite_cipher.camellia.data | 312 +++++++++++++++++++
 tests/suites/test_suite_cipher.function      |  23 +-
 4 files changed, 954 insertions(+), 5 deletions(-)

diff --git a/tests/suites/test_suite_cipher.aes.data b/tests/suites/test_suite_cipher.aes.data
index c8fbca290b..bd5c2f68f8 100644
--- a/tests/suites/test_suite_cipher.aes.data
+++ b/tests/suites/test_suite_cipher.aes.data
@@ -790,6 +790,318 @@ AES-256 OFB - Encrypt and decrypt 32 bytes in multiple parts 1
 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB
 enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_OFB:256:16:16:-1:16:16:16:16
 
+AES-128 CCM*-NO-TAG - Encrypt and decrypt 0 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:"AES-128-CCM*-NO-TAG":128:0:-1
+
+AES-128 CCM*-NO-TAG - Encrypt and decrypt 1 byte
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:"AES-128-CCM*-NO-TAG":128:1:-1
+
+AES-128 CCM*-NO-TAG - Encrypt and decrypt 2 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:"AES-128-CCM*-NO-TAG":128:2:-1
+
+AES-128 CCM*-NO-TAG - Encrypt and decrypt 7 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:"AES-128-CCM*-NO-TAG":128:7:-1
+
+AES-128 CCM*-NO-TAG - Encrypt and decrypt 8 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:"AES-128-CCM*-NO-TAG":128:8:-1
+
+AES-128 CCM*-NO-TAG - Encrypt and decrypt 9 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:"AES-128-CCM*-NO-TAG":128:9:-1
+
+AES-128 CCM*-NO-TAG - Encrypt and decrypt 15 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:"AES-128-CCM*-NO-TAG":128:15:-1
+
+AES-128 CCM*-NO-TAG - Encrypt and decrypt 16 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:"AES-128-CCM*-NO-TAG":128:16:-1
+
+AES-128 CCM*-NO-TAG - Encrypt and decrypt 17 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:"AES-128-CCM*-NO-TAG":128:17:-1
+
+AES-128 CCM*-NO-TAG - Encrypt and decrypt 31 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:"AES-128-CCM*-NO-TAG":128:31:-1
+
+AES-128 CCM*-NO-TAG - Encrypt and decrypt 32 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:"AES-128-CCM*-NO-TAG":128:32:-1
+
+AES-128 CCM*-NO-TAG - Encrypt and decrypt 33 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:"AES-128-CCM*-NO-TAG":128:33:-1
+
+AES-128 CCM*-NO-TAG - Encrypt and decrypt 47 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:"AES-128-CCM*-NO-TAG":128:47:-1
+
+AES-128 CCM*-NO-TAG - Encrypt and decrypt 48 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:"AES-128-CCM*-NO-TAG":128:48:-1
+
+AES-128 CCM*-NO-TAG - Encrypt and decrypt 49 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:"AES-128-CCM*-NO-TAG":128:49:-1
+
+AES-128 CCM*-NO-TAG - Encrypt and decrypt 0 bytes in multiple parts
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:128:0:0:-1:0:0:0:0
+
+AES-128 CCM*-NO-TAG - Encrypt and decrypt 1 bytes in multiple parts 1
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:128:1:0:-1:1:0:1:0
+
+AES-128 CCM*-NO-TAG - Encrypt and decrypt 1 bytes in multiple parts 2
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:128:0:1:-1:0:1:0:1
+
+AES-128 CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 1
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:128:16:0:-1:16:0:16:0
+
+AES-128 CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 2
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:128:0:16:-1:0:16:0:16
+
+AES-128 CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 3
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:128:1:15:-1:1:15:1:15
+
+AES-128 CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 4
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:128:15:1:-1:15:1:15:1
+
+AES-128 CCM*-NO-TAG - Encrypt and decrypt 22 bytes in multiple parts 1
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:128:15:7:-1:15:7:15:7
+
+AES-128-CCM*-NO-TAG - Encrypt and decrypt 22 bytes in multiple parts 2
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:128:16:6:-1:16:6:16:6
+
+AES-128-CCM*-NO-TAG - Encrypt and decrypt 23 bytes in multiple parts 1
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:128:17:6:-1:17:6:17:6
+
+AES-128-CCM*-NO-TAG - Encrypt and decrypt 32 bytes in multiple parts 1
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:128:16:16:-1:16:16:16:16
+
+AES-192-CCM*-NO-TAG - Encrypt and decrypt 0 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:"AES-192-CCM*-NO-TAG":192:0:-1
+
+AES-192-CCM*-NO-TAG - Encrypt and decrypt 1 byte
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:"AES-192-CCM*-NO-TAG":192:1:-1
+
+AES-192-CCM*-NO-TAG - Encrypt and decrypt 2 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:"AES-192-CCM*-NO-TAG":192:2:-1
+
+AES-192-CCM*-NO-TAG - Encrypt and decrypt 7 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:"AES-192-CCM*-NO-TAG":192:7:-1
+
+AES-192-CCM*-NO-TAG - Encrypt and decrypt 8 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:"AES-192-CCM*-NO-TAG":192:8:-1
+
+AES-192-CCM*-NO-TAG - Encrypt and decrypt 9 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:"AES-192-CCM*-NO-TAG":192:9:-1
+
+AES-192-CCM*-NO-TAG - Encrypt and decrypt 15 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:"AES-192-CCM*-NO-TAG":192:15:-1
+
+AES-192-CCM*-NO-TAG - Encrypt and decrypt 16 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:"AES-192-CCM*-NO-TAG":192:16:-1
+
+AES-192-CCM*-NO-TAG - Encrypt and decrypt 17 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:"AES-192-CCM*-NO-TAG":192:17:-1
+
+AES-192-CCM*-NO-TAG - Encrypt and decrypt 31 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:"AES-192-CCM*-NO-TAG":192:31:-1
+
+AES-192-CCM*-NO-TAG - Encrypt and decrypt 32 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:"AES-192-CCM*-NO-TAG":192:32:-1
+
+AES-192-CCM*-NO-TAG - Encrypt and decrypt 33 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:"AES-192-CCM*-NO-TAG":192:33:-1
+
+AES-192-CCM*-NO-TAG - Encrypt and decrypt 47 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:"AES-192-CCM*-NO-TAG":192:47:-1
+
+AES-192-CCM*-NO-TAG - Encrypt and decrypt 48 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:"AES-192-CCM*-NO-TAG":192:48:-1
+
+AES-192-CCM*-NO-TAG - Encrypt and decrypt 49 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:"AES-192-CCM*-NO-TAG":192:49:-1
+
+AES-192-CCM*-NO-TAG - Encrypt and decrypt 0 bytes in multiple parts
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:192:0:0:-1:0:0:0:0
+
+AES-192-CCM*-NO-TAG - Encrypt and decrypt 1 bytes in multiple parts 1
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:192:1:0:-1:1:0:1:0
+
+AES-192-CCM*-NO-TAG - Encrypt and decrypt 1 bytes in multiple parts 2
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:192:0:1:-1:0:1:0:1
+
+AES-192-CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 1
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:192:16:0:-1:16:0:16:0
+
+AES-192-CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 2
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:192:0:16:-1:0:16:0:16
+
+AES-192-CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 3
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:192:1:15:-1:1:15:1:15
+
+AES-192-CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 4
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:192:15:1:-1:15:1:15:1
+
+AES-192-CCM*-NO-TAG - Encrypt and decrypt 22 bytes in multiple parts 1
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:192:15:7:-1:15:7:15:7
+
+AES-192-CCM*-NO-TAG - Encrypt and decrypt 22 bytes in multiple parts 2
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:192:16:6:-1:16:6:16:6
+
+AES-192-CCM*-NO-TAG - Encrypt and decrypt 23 bytes in multiple parts 1
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:192:17:6:-1:17:6:17:6
+
+AES-192-CCM*-NO-TAG - Encrypt and decrypt 32 bytes in multiple parts 1
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:192:16:16:-1:16:16:16:16
+
+AES-256-CCM*-NO-TAG - Encrypt and decrypt 0 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:"AES-256-CCM*-NO-TAG":256:0:-1
+
+AES-256-CCM*-NO-TAG - Encrypt and decrypt 1 byte
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:"AES-256-CCM*-NO-TAG":256:1:-1
+
+AES-256-CCM*-NO-TAG - Encrypt and decrypt 2 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:"AES-256-CCM*-NO-TAG":256:2:-1
+
+AES-256-CCM*-NO-TAG - Encrypt and decrypt 7 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:"AES-256-CCM*-NO-TAG":256:7:-1
+
+AES-256-CCM*-NO-TAG - Encrypt and decrypt 8 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:"AES-256-CCM*-NO-TAG":256:8:-1
+
+AES-256-CCM*-NO-TAG - Encrypt and decrypt 9 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:"AES-256-CCM*-NO-TAG":256:9:-1
+
+AES-256-CCM*-NO-TAG - Encrypt and decrypt 15 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:"AES-256-CCM*-NO-TAG":256:15:-1
+
+AES-256-CCM*-NO-TAG - Encrypt and decrypt 16 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:"AES-256-CCM*-NO-TAG":256:16:-1
+
+AES-256-CCM*-NO-TAG - Encrypt and decrypt 17 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:"AES-256-CCM*-NO-TAG":256:17:-1
+
+AES-256-CCM*-NO-TAG - Encrypt and decrypt 31 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:"AES-256-CCM*-NO-TAG":256:31:-1
+
+AES-256-CCM*-NO-TAG - Encrypt and decrypt 32 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:"AES-256-CCM*-NO-TAG":256:32:-1
+
+AES-256-CCM*-NO-TAG - Encrypt and decrypt 33 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:"AES-256-CCM*-NO-TAG":256:33:-1
+
+AES-256-CCM*-NO-TAG - Encrypt and decrypt 47 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:"AES-256-CCM*-NO-TAG":256:47:-1
+
+AES-256-CCM*-NO-TAG - Encrypt and decrypt 48 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:"AES-256-CCM*-NO-TAG":256:48:-1
+
+AES-256-CCM*-NO-TAG - Encrypt and decrypt 49 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:"AES-256-CCM*-NO-TAG":256:49:-1
+
+AES-256-CCM*-NO-TAG - Encrypt and decrypt 0 bytes in multiple parts
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:256:0:0:-1:0:0:0:0
+
+AES-256-CCM*-NO-TAG - Encrypt and decrypt 1 bytes in multiple parts 1
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:256:1:0:-1:1:0:1:0
+
+AES-256-CCM*-NO-TAG - Encrypt and decrypt 1 bytes in multiple parts 2
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:256:0:1:-1:0:1:0:1
+
+AES-256-CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 1
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:256:16:0:-1:16:0:16:0
+
+AES-256-CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 2
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:256:0:16:-1:0:16:0:16
+
+AES-256-CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 3
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:256:1:15:-1:1:15:1:15
+
+AES-256-CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 4
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:256:15:1:-1:15:1:15:1
+
+AES-256-CCM*-NO-TAG - Encrypt and decrypt 22 bytes in multiple parts 1
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:256:15:7:-1:15:7:15:7
+
+AES-256-CCM*-NO-TAG - Encrypt and decrypt 22 bytes in multiple parts 2
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:256:16:6:-1:16:6:16:6
+
+AES-256-CCM*-NO-TAG - Encrypt and decrypt 23 bytes in multiple parts 1
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:256:17:6:-1:17:6:17:6
+
+AES-256-CCM*-NO-TAG - Encrypt and decrypt 32 bytes in multiple parts 1
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:256:16:16:-1:16:16:16:16
+
 AES-128 XTS - Encrypt and decrypt 16 bytes
 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_XTS
 enc_dec_buf:MBEDTLS_CIPHER_AES_128_XTS:"AES-128-XTS":256:16:-1
diff --git a/tests/suites/test_suite_cipher.aria.data b/tests/suites/test_suite_cipher.aria.data
index 2c50a21fc7..4b14bcc78b 100644
--- a/tests/suites/test_suite_cipher.aria.data
+++ b/tests/suites/test_suite_cipher.aria.data
@@ -1,3 +1,315 @@
 Aria CBC Decrypt empty buffer
 depends_on:MBEDTLS_ARIA_C:MBEDTLS_CIPHER_MODE_CBC
 dec_empty_buf:MBEDTLS_CIPHER_ARIA_128_CBC:0:0
+
+ARIA-128 CCM*-NO-TAG - Encrypt and decrypt 0 bytes
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:"ARIA-128-CCM*-NO-TAG":128:0:-1
+
+ARIA-128 CCM*-NO-TAG - Encrypt and decrypt 1 byte
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:"ARIA-128-CCM*-NO-TAG":128:1:-1
+
+ARIA-128 CCM*-NO-TAG - Encrypt and decrypt 2 bytes
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:"ARIA-128-CCM*-NO-TAG":128:2:-1
+
+ARIA-128 CCM*-NO-TAG - Encrypt and decrypt 7 bytes
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:"ARIA-128-CCM*-NO-TAG":128:7:-1
+
+ARIA-128 CCM*-NO-TAG - Encrypt and decrypt 8 bytes
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:"ARIA-128-CCM*-NO-TAG":128:8:-1
+
+ARIA-128 CCM*-NO-TAG - Encrypt and decrypt 9 bytes
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:"ARIA-128-CCM*-NO-TAG":128:9:-1
+
+ARIA-128 CCM*-NO-TAG - Encrypt and decrypt 15 bytes
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:"ARIA-128-CCM*-NO-TAG":128:15:-1
+
+ARIA-128 CCM*-NO-TAG - Encrypt and decrypt 16 bytes
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:"ARIA-128-CCM*-NO-TAG":128:16:-1
+
+ARIA-128 CCM*-NO-TAG - Encrypt and decrypt 17 bytes
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:"ARIA-128-CCM*-NO-TAG":128:17:-1
+
+ARIA-128 CCM*-NO-TAG - Encrypt and decrypt 31 bytes
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:"ARIA-128-CCM*-NO-TAG":128:31:-1
+
+ARIA-128 CCM*-NO-TAG - Encrypt and decrypt 32 bytes
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:"ARIA-128-CCM*-NO-TAG":128:32:-1
+
+ARIA-128 CCM*-NO-TAG - Encrypt and decrypt 33 bytes
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:"ARIA-128-CCM*-NO-TAG":128:33:-1
+
+ARIA-128 CCM*-NO-TAG - Encrypt and decrypt 47 bytes
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:"ARIA-128-CCM*-NO-TAG":128:47:-1
+
+ARIA-128 CCM*-NO-TAG - Encrypt and decrypt 48 bytes
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:"ARIA-128-CCM*-NO-TAG":128:48:-1
+
+ARIA-128 CCM*-NO-TAG - Encrypt and decrypt 49 bytes
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:"ARIA-128-CCM*-NO-TAG":128:49:-1
+
+ARIA-128 CCM*-NO-TAG - Encrypt and decrypt 0 bytes in multiple parts
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:128:0:0:-1:0:0:0:0
+
+ARIA-128 CCM*-NO-TAG - Encrypt and decrypt 1 bytes in multiple parts 1
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:128:1:0:-1:1:0:1:0
+
+ARIA-128 CCM*-NO-TAG - Encrypt and decrypt 1 bytes in multiple parts 2
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:128:0:1:-1:0:1:0:1
+
+ARIA-128 CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 1
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:128:16:0:-1:16:0:16:0
+
+ARIA-128 CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 2
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:128:0:16:-1:0:16:0:16
+
+ARIA-128 CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 3
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:128:1:15:-1:1:15:1:15
+
+ARIA-128 CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 4
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:128:15:1:-1:15:1:15:1
+
+ARIA-128 CCM*-NO-TAG - Encrypt and decrypt 22 bytes in multiple parts 1
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:128:15:7:-1:15:7:15:7
+
+ARIA-128-CCM*-NO-TAG - Encrypt and decrypt 22 bytes in multiple parts 2
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:128:16:6:-1:16:6:16:6
+
+ARIA-128-CCM*-NO-TAG - Encrypt and decrypt 23 bytes in multiple parts 1
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:128:17:6:-1:17:6:17:6
+
+ARIA-128-CCM*-NO-TAG - Encrypt and decrypt 32 bytes in multiple parts 1
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:128:16:16:-1:16:16:16:16
+
+ARIA-192-CCM*-NO-TAG - Encrypt and decrypt 0 bytes
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:"ARIA-192-CCM*-NO-TAG":192:0:-1
+
+ARIA-192-CCM*-NO-TAG - Encrypt and decrypt 1 byte
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:"ARIA-192-CCM*-NO-TAG":192:1:-1
+
+ARIA-192-CCM*-NO-TAG - Encrypt and decrypt 2 bytes
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:"ARIA-192-CCM*-NO-TAG":192:2:-1
+
+ARIA-192-CCM*-NO-TAG - Encrypt and decrypt 7 bytes
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:"ARIA-192-CCM*-NO-TAG":192:7:-1
+
+ARIA-192-CCM*-NO-TAG - Encrypt and decrypt 8 bytes
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:"ARIA-192-CCM*-NO-TAG":192:8:-1
+
+ARIA-192-CCM*-NO-TAG - Encrypt and decrypt 9 bytes
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:"ARIA-192-CCM*-NO-TAG":192:9:-1
+
+ARIA-192-CCM*-NO-TAG - Encrypt and decrypt 15 bytes
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:"ARIA-192-CCM*-NO-TAG":192:15:-1
+
+ARIA-192-CCM*-NO-TAG - Encrypt and decrypt 16 bytes
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:"ARIA-192-CCM*-NO-TAG":192:16:-1
+
+ARIA-192-CCM*-NO-TAG - Encrypt and decrypt 17 bytes
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:"ARIA-192-CCM*-NO-TAG":192:17:-1
+
+ARIA-192-CCM*-NO-TAG - Encrypt and decrypt 31 bytes
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:"ARIA-192-CCM*-NO-TAG":192:31:-1
+
+ARIA-192-CCM*-NO-TAG - Encrypt and decrypt 32 bytes
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:"ARIA-192-CCM*-NO-TAG":192:32:-1
+
+ARIA-192-CCM*-NO-TAG - Encrypt and decrypt 33 bytes
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:"ARIA-192-CCM*-NO-TAG":192:33:-1
+
+ARIA-192-CCM*-NO-TAG - Encrypt and decrypt 47 bytes
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:"ARIA-192-CCM*-NO-TAG":192:47:-1
+
+ARIA-192-CCM*-NO-TAG - Encrypt and decrypt 48 bytes
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:"ARIA-192-CCM*-NO-TAG":192:48:-1
+
+ARIA-192-CCM*-NO-TAG - Encrypt and decrypt 49 bytes
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:"ARIA-192-CCM*-NO-TAG":192:49:-1
+
+ARIA-192-CCM*-NO-TAG - Encrypt and decrypt 0 bytes in multiple parts
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:192:0:0:-1:0:0:0:0
+
+ARIA-192-CCM*-NO-TAG - Encrypt and decrypt 1 bytes in multiple parts 1
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:192:1:0:-1:1:0:1:0
+
+ARIA-192-CCM*-NO-TAG - Encrypt and decrypt 1 bytes in multiple parts 2
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:192:0:1:-1:0:1:0:1
+
+ARIA-192-CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 1
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:192:16:0:-1:16:0:16:0
+
+ARIA-192-CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 2
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:192:0:16:-1:0:16:0:16
+
+ARIA-192-CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 3
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:192:1:15:-1:1:15:1:15
+
+ARIA-192-CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 4
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:192:15:1:-1:15:1:15:1
+
+ARIA-192-CCM*-NO-TAG - Encrypt and decrypt 22 bytes in multiple parts 1
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:192:15:7:-1:15:7:15:7
+
+ARIA-192-CCM*-NO-TAG - Encrypt and decrypt 22 bytes in multiple parts 2
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:192:16:6:-1:16:6:16:6
+
+ARIA-192-CCM*-NO-TAG - Encrypt and decrypt 23 bytes in multiple parts 1
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:192:17:6:-1:17:6:17:6
+
+ARIA-192-CCM*-NO-TAG - Encrypt and decrypt 32 bytes in multiple parts 1
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:192:16:16:-1:16:16:16:16
+
+ARIA-256-CCM*-NO-TAG - Encrypt and decrypt 0 bytes
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:"ARIA-256-CCM*-NO-TAG":256:0:-1
+
+ARIA-256-CCM*-NO-TAG - Encrypt and decrypt 1 byte
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:"ARIA-256-CCM*-NO-TAG":256:1:-1
+
+ARIA-256-CCM*-NO-TAG - Encrypt and decrypt 2 bytes
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:"ARIA-256-CCM*-NO-TAG":256:2:-1
+
+ARIA-256-CCM*-NO-TAG - Encrypt and decrypt 7 bytes
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:"ARIA-256-CCM*-NO-TAG":256:7:-1
+
+ARIA-256-CCM*-NO-TAG - Encrypt and decrypt 8 bytes
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:"ARIA-256-CCM*-NO-TAG":256:8:-1
+
+ARIA-256-CCM*-NO-TAG - Encrypt and decrypt 9 bytes
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:"ARIA-256-CCM*-NO-TAG":256:9:-1
+
+ARIA-256-CCM*-NO-TAG - Encrypt and decrypt 15 bytes
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:"ARIA-256-CCM*-NO-TAG":256:15:-1
+
+ARIA-256-CCM*-NO-TAG - Encrypt and decrypt 16 bytes
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:"ARIA-256-CCM*-NO-TAG":256:16:-1
+
+ARIA-256-CCM*-NO-TAG - Encrypt and decrypt 17 bytes
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:"ARIA-256-CCM*-NO-TAG":256:17:-1
+
+ARIA-256-CCM*-NO-TAG - Encrypt and decrypt 31 bytes
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:"ARIA-256-CCM*-NO-TAG":256:31:-1
+
+ARIA-256-CCM*-NO-TAG - Encrypt and decrypt 32 bytes
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:"ARIA-256-CCM*-NO-TAG":256:32:-1
+
+ARIA-256-CCM*-NO-TAG - Encrypt and decrypt 33 bytes
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:"ARIA-256-CCM*-NO-TAG":256:33:-1
+
+ARIA-256-CCM*-NO-TAG - Encrypt and decrypt 47 bytes
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:"ARIA-256-CCM*-NO-TAG":256:47:-1
+
+ARIA-256-CCM*-NO-TAG - Encrypt and decrypt 48 bytes
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:"ARIA-256-CCM*-NO-TAG":256:48:-1
+
+ARIA-256-CCM*-NO-TAG - Encrypt and decrypt 49 bytes
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:"ARIA-256-CCM*-NO-TAG":256:49:-1
+
+ARIA-256-CCM*-NO-TAG - Encrypt and decrypt 0 bytes in multiple parts
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:256:0:0:-1:0:0:0:0
+
+ARIA-256-CCM*-NO-TAG - Encrypt and decrypt 1 bytes in multiple parts 1
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:256:1:0:-1:1:0:1:0
+
+ARIA-256-CCM*-NO-TAG - Encrypt and decrypt 1 bytes in multiple parts 2
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:256:0:1:-1:0:1:0:1
+
+ARIA-256-CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 1
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:256:16:0:-1:16:0:16:0
+
+ARIA-256-CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 2
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:256:0:16:-1:0:16:0:16
+
+ARIA-256-CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 3
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:256:1:15:-1:1:15:1:15
+
+ARIA-256-CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 4
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:256:15:1:-1:15:1:15:1
+
+ARIA-256-CCM*-NO-TAG - Encrypt and decrypt 22 bytes in multiple parts 1
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:256:15:7:-1:15:7:15:7
+
+ARIA-256-CCM*-NO-TAG - Encrypt and decrypt 22 bytes in multiple parts 2
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:256:16:6:-1:16:6:16:6
+
+ARIA-256-CCM*-NO-TAG - Encrypt and decrypt 23 bytes in multiple parts 1
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:256:17:6:-1:17:6:17:6
+
+ARIA-256-CCM*-NO-TAG - Encrypt and decrypt 32 bytes in multiple parts 1
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:256:16:16:-1:16:16:16:16
diff --git a/tests/suites/test_suite_cipher.camellia.data b/tests/suites/test_suite_cipher.camellia.data
index 3e7bffa45b..2c7a069ca2 100644
--- a/tests/suites/test_suite_cipher.camellia.data
+++ b/tests/suites/test_suite_cipher.camellia.data
@@ -765,3 +765,315 @@ enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:17:6:-1:16:0:16:0
 CAMELLIA Encrypt and decrypt 32 bytes in multiple parts 1 [#5]
 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
 enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:16:16:-1:16:16:0:32
+
+CAMELLIA-128 CCM*-NO-TAG - Encrypt and decrypt 0 bytes
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG:"CAMELLIA-128-CCM*-NO-TAG":128:0:-1
+
+CAMELLIA-128 CCM*-NO-TAG - Encrypt and decrypt 1 byte
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG:"CAMELLIA-128-CCM*-NO-TAG":128:1:-1
+
+CAMELLIA-128 CCM*-NO-TAG - Encrypt and decrypt 2 bytes
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG:"CAMELLIA-128-CCM*-NO-TAG":128:2:-1
+
+CAMELLIA-128 CCM*-NO-TAG - Encrypt and decrypt 7 bytes
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG:"CAMELLIA-128-CCM*-NO-TAG":128:7:-1
+
+CAMELLIA-128 CCM*-NO-TAG - Encrypt and decrypt 8 bytes
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG:"CAMELLIA-128-CCM*-NO-TAG":128:8:-1
+
+CAMELLIA-128 CCM*-NO-TAG - Encrypt and decrypt 9 bytes
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG:"CAMELLIA-128-CCM*-NO-TAG":128:9:-1
+
+CAMELLIA-128 CCM*-NO-TAG - Encrypt and decrypt 15 bytes
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG:"CAMELLIA-128-CCM*-NO-TAG":128:15:-1
+
+CAMELLIA-128 CCM*-NO-TAG - Encrypt and decrypt 16 bytes
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG:"CAMELLIA-128-CCM*-NO-TAG":128:16:-1
+
+CAMELLIA-128 CCM*-NO-TAG - Encrypt and decrypt 17 bytes
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG:"CAMELLIA-128-CCM*-NO-TAG":128:17:-1
+
+CAMELLIA-128 CCM*-NO-TAG - Encrypt and decrypt 31 bytes
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG:"CAMELLIA-128-CCM*-NO-TAG":128:31:-1
+
+CAMELLIA-128 CCM*-NO-TAG - Encrypt and decrypt 32 bytes
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG:"CAMELLIA-128-CCM*-NO-TAG":128:32:-1
+
+CAMELLIA-128 CCM*-NO-TAG - Encrypt and decrypt 33 bytes
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG:"CAMELLIA-128-CCM*-NO-TAG":128:33:-1
+
+CAMELLIA-128 CCM*-NO-TAG - Encrypt and decrypt 47 bytes
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG:"CAMELLIA-128-CCM*-NO-TAG":128:47:-1
+
+CAMELLIA-128 CCM*-NO-TAG - Encrypt and decrypt 48 bytes
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG:"CAMELLIA-128-CCM*-NO-TAG":128:48:-1
+
+CAMELLIA-128 CCM*-NO-TAG - Encrypt and decrypt 49 bytes
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG:"CAMELLIA-128-CCM*-NO-TAG":128:49:-1
+
+CAMELLIA-128 CCM*-NO-TAG - Encrypt and decrypt 0 bytes in multiple parts
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG:128:0:0:-1:0:0:0:0
+
+CAMELLIA-128 CCM*-NO-TAG - Encrypt and decrypt 1 bytes in multiple parts 1
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG:128:1:0:-1:1:0:1:0
+
+CAMELLIA-128 CCM*-NO-TAG - Encrypt and decrypt 1 bytes in multiple parts 2
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG:128:0:1:-1:0:1:0:1
+
+CAMELLIA-128 CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 1
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG:128:16:0:-1:16:0:16:0
+
+CAMELLIA-128 CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 2
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG:128:0:16:-1:0:16:0:16
+
+CAMELLIA-128 CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 3
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG:128:1:15:-1:1:15:1:15
+
+CAMELLIA-128 CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 4
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG:128:15:1:-1:15:1:15:1
+
+CAMELLIA-128 CCM*-NO-TAG - Encrypt and decrypt 22 bytes in multiple parts 1
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG:128:15:7:-1:15:7:15:7
+
+CAMELLIA-128-CCM*-NO-TAG - Encrypt and decrypt 22 bytes in multiple parts 2
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG:128:16:6:-1:16:6:16:6
+
+CAMELLIA-128-CCM*-NO-TAG - Encrypt and decrypt 23 bytes in multiple parts 1
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG:128:17:6:-1:17:6:17:6
+
+CAMELLIA-128-CCM*-NO-TAG - Encrypt and decrypt 32 bytes in multiple parts 1
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG:128:16:16:-1:16:16:16:16
+
+CAMELLIA-192-CCM*-NO-TAG - Encrypt and decrypt 0 bytes
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG:"CAMELLIA-192-CCM*-NO-TAG":192:0:-1
+
+CAMELLIA-192-CCM*-NO-TAG - Encrypt and decrypt 1 byte
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG:"CAMELLIA-192-CCM*-NO-TAG":192:1:-1
+
+CAMELLIA-192-CCM*-NO-TAG - Encrypt and decrypt 2 bytes
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG:"CAMELLIA-192-CCM*-NO-TAG":192:2:-1
+
+CAMELLIA-192-CCM*-NO-TAG - Encrypt and decrypt 7 bytes
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG:"CAMELLIA-192-CCM*-NO-TAG":192:7:-1
+
+CAMELLIA-192-CCM*-NO-TAG - Encrypt and decrypt 8 bytes
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG:"CAMELLIA-192-CCM*-NO-TAG":192:8:-1
+
+CAMELLIA-192-CCM*-NO-TAG - Encrypt and decrypt 9 bytes
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG:"CAMELLIA-192-CCM*-NO-TAG":192:9:-1
+
+CAMELLIA-192-CCM*-NO-TAG - Encrypt and decrypt 15 bytes
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG:"CAMELLIA-192-CCM*-NO-TAG":192:15:-1
+
+CAMELLIA-192-CCM*-NO-TAG - Encrypt and decrypt 16 bytes
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG:"CAMELLIA-192-CCM*-NO-TAG":192:16:-1
+
+CAMELLIA-192-CCM*-NO-TAG - Encrypt and decrypt 17 bytes
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG:"CAMELLIA-192-CCM*-NO-TAG":192:17:-1
+
+CAMELLIA-192-CCM*-NO-TAG - Encrypt and decrypt 31 bytes
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG:"CAMELLIA-192-CCM*-NO-TAG":192:31:-1
+
+CAMELLIA-192-CCM*-NO-TAG - Encrypt and decrypt 32 bytes
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG:"CAMELLIA-192-CCM*-NO-TAG":192:32:-1
+
+CAMELLIA-192-CCM*-NO-TAG - Encrypt and decrypt 33 bytes
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG:"CAMELLIA-192-CCM*-NO-TAG":192:33:-1
+
+CAMELLIA-192-CCM*-NO-TAG - Encrypt and decrypt 47 bytes
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG:"CAMELLIA-192-CCM*-NO-TAG":192:47:-1
+
+CAMELLIA-192-CCM*-NO-TAG - Encrypt and decrypt 48 bytes
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG:"CAMELLIA-192-CCM*-NO-TAG":192:48:-1
+
+CAMELLIA-192-CCM*-NO-TAG - Encrypt and decrypt 49 bytes
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG:"CAMELLIA-192-CCM*-NO-TAG":192:49:-1
+
+CAMELLIA-192-CCM*-NO-TAG - Encrypt and decrypt 0 bytes in multiple parts
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG:192:0:0:-1:0:0:0:0
+
+CAMELLIA-192-CCM*-NO-TAG - Encrypt and decrypt 1 bytes in multiple parts 1
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG:192:1:0:-1:1:0:1:0
+
+CAMELLIA-192-CCM*-NO-TAG - Encrypt and decrypt 1 bytes in multiple parts 2
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG:192:0:1:-1:0:1:0:1
+
+CAMELLIA-192-CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 1
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG:192:16:0:-1:16:0:16:0
+
+CAMELLIA-192-CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 2
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG:192:0:16:-1:0:16:0:16
+
+CAMELLIA-192-CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 3
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG:192:1:15:-1:1:15:1:15
+
+CAMELLIA-192-CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 4
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG:192:15:1:-1:15:1:15:1
+
+CAMELLIA-192-CCM*-NO-TAG - Encrypt and decrypt 22 bytes in multiple parts 1
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG:192:15:7:-1:15:7:15:7
+
+CAMELLIA-192-CCM*-NO-TAG - Encrypt and decrypt 22 bytes in multiple parts 2
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG:192:16:6:-1:16:6:16:6
+
+CAMELLIA-192-CCM*-NO-TAG - Encrypt and decrypt 23 bytes in multiple parts 1
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG:192:17:6:-1:17:6:17:6
+
+CAMELLIA-192-CCM*-NO-TAG - Encrypt and decrypt 32 bytes in multiple parts 1
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG:192:16:16:-1:16:16:16:16
+
+CAMELLIA-256-CCM*-NO-TAG - Encrypt and decrypt 0 bytes
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:"CAMELLIA-256-CCM*-NO-TAG":256:0:-1
+
+CAMELLIA-256-CCM*-NO-TAG - Encrypt and decrypt 1 byte
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:"CAMELLIA-256-CCM*-NO-TAG":256:1:-1
+
+CAMELLIA-256-CCM*-NO-TAG - Encrypt and decrypt 2 bytes
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:"CAMELLIA-256-CCM*-NO-TAG":256:2:-1
+
+CAMELLIA-256-CCM*-NO-TAG - Encrypt and decrypt 7 bytes
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:"CAMELLIA-256-CCM*-NO-TAG":256:7:-1
+
+CAMELLIA-256-CCM*-NO-TAG - Encrypt and decrypt 8 bytes
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:"CAMELLIA-256-CCM*-NO-TAG":256:8:-1
+
+CAMELLIA-256-CCM*-NO-TAG - Encrypt and decrypt 9 bytes
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:"CAMELLIA-256-CCM*-NO-TAG":256:9:-1
+
+CAMELLIA-256-CCM*-NO-TAG - Encrypt and decrypt 15 bytes
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:"CAMELLIA-256-CCM*-NO-TAG":256:15:-1
+
+CAMELLIA-256-CCM*-NO-TAG - Encrypt and decrypt 16 bytes
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:"CAMELLIA-256-CCM*-NO-TAG":256:16:-1
+
+CAMELLIA-256-CCM*-NO-TAG - Encrypt and decrypt 17 bytes
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:"CAMELLIA-256-CCM*-NO-TAG":256:17:-1
+
+CAMELLIA-256-CCM*-NO-TAG - Encrypt and decrypt 31 bytes
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:"CAMELLIA-256-CCM*-NO-TAG":256:31:-1
+
+CAMELLIA-256-CCM*-NO-TAG - Encrypt and decrypt 32 bytes
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:"CAMELLIA-256-CCM*-NO-TAG":256:32:-1
+
+CAMELLIA-256-CCM*-NO-TAG - Encrypt and decrypt 33 bytes
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:"CAMELLIA-256-CCM*-NO-TAG":256:33:-1
+
+CAMELLIA-256-CCM*-NO-TAG - Encrypt and decrypt 47 bytes
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:"CAMELLIA-256-CCM*-NO-TAG":256:47:-1
+
+CAMELLIA-256-CCM*-NO-TAG - Encrypt and decrypt 48 bytes
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:"CAMELLIA-256-CCM*-NO-TAG":256:48:-1
+
+CAMELLIA-256-CCM*-NO-TAG - Encrypt and decrypt 49 bytes
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:"CAMELLIA-256-CCM*-NO-TAG":256:49:-1
+
+CAMELLIA-256-CCM*-NO-TAG - Encrypt and decrypt 0 bytes in multiple parts
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:256:0:0:-1:0:0:0:0
+
+CAMELLIA-256-CCM*-NO-TAG - Encrypt and decrypt 1 bytes in multiple parts 1
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:256:1:0:-1:1:0:1:0
+
+CAMELLIA-256-CCM*-NO-TAG - Encrypt and decrypt 1 bytes in multiple parts 2
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:256:0:1:-1:0:1:0:1
+
+CAMELLIA-256-CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 1
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:256:16:0:-1:16:0:16:0
+
+CAMELLIA-256-CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 2
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:256:0:16:-1:0:16:0:16
+
+CAMELLIA-256-CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 3
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:256:1:15:-1:1:15:1:15
+
+CAMELLIA-256-CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 4
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:256:15:1:-1:15:1:15:1
+
+CAMELLIA-256-CCM*-NO-TAG - Encrypt and decrypt 22 bytes in multiple parts 1
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:256:15:7:-1:15:7:15:7
+
+CAMELLIA-256-CCM*-NO-TAG - Encrypt and decrypt 22 bytes in multiple parts 2
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:256:16:6:-1:16:6:16:6
+
+CAMELLIA-256-CCM*-NO-TAG - Encrypt and decrypt 23 bytes in multiple parts 1
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:256:17:6:-1:17:6:17:6
+
+CAMELLIA-256-CCM*-NO-TAG - Encrypt and decrypt 32 bytes in multiple parts 1
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:256:16:16:-1:16:16:16:16
diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function
index c809d9a280..e496856e2e 100644
--- a/tests/suites/test_suite_cipher.function
+++ b/tests/suites/test_suite_cipher.function
@@ -343,7 +343,7 @@ exit:
 void enc_dec_buf( int cipher_id, char * cipher_string, int key_len,
                   int length_val, int pad_mode )
 {
-    size_t length = length_val, outlen, total_len, i, block_size;
+    size_t length = length_val, outlen, total_len, i, block_size, iv_len;
     unsigned char key[64];
     unsigned char iv[16];
     unsigned char ad[13];
@@ -401,8 +401,14 @@ void enc_dec_buf( int cipher_id, char * cipher_string, int key_len,
     memset( decbuf, 0, sizeof( decbuf ) );
     memset( tag, 0, sizeof( tag ) );
 
-    TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx_dec, iv, sizeof( iv ) ) );
-    TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx_enc, iv, sizeof( iv ) ) );
+    if( NULL != strstr( cipher_info->name, "CCM*-NO-TAG") )
+        iv_len = 13; /* For CCM, IV length is expected to be between 7 and 13 bytes.
+                      * For CCM*-NO-TAG, IV length must be exactly 13 bytes long. */
+    else
+        iv_len = sizeof(iv);
+
+    TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx_dec, iv, iv_len ) );
+    TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx_enc, iv, iv_len ) );
 
     TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx_dec ) );
     TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx_enc ) );
@@ -597,6 +603,7 @@ void enc_dec_buf_multipart( int cipher_id, int key_len, int first_length_val,
     size_t second_length = second_length_val;
     size_t length = first_length + second_length;
     size_t block_size;
+    size_t iv_len;
     unsigned char key[32];
     unsigned char iv[16];
 
@@ -641,8 +648,14 @@ void enc_dec_buf_multipart( int cipher_id, int key_len, int first_length_val,
     (void) pad_mode;
 #endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
 
-    TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx_dec, iv, 16 ) );
-    TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx_enc, iv, 16 ) );
+    if( NULL != strstr( cipher_info->name, "CCM*-NO-TAG") )
+        iv_len = 13; /* For CCM, IV length is expected to be between 7 and 13 bytes.
+                      * For CCM*-NO-TAG, IV length must be exactly 13 bytes long. */
+    else
+        iv_len = sizeof(iv);
+
+    TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx_dec, iv, iv_len ) );
+    TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx_enc, iv, iv_len ) );
 
     TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx_dec ) );
     TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx_enc ) );

From 2d5c72be0bd1e32bcf0fa06d23220002da554614 Mon Sep 17 00:00:00 2001
From: XiaokangQian <xiaokang.qian@arm.com>
Date: Mon, 13 Sep 2021 07:30:09 +0000
Subject: [PATCH 829/966] TLS1.3: Add Encrypted Extensions

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
---
 include/mbedtls/ssl.h       |   1 +
 library/ssl_tls13_client.c  | 124 +++++++++++++++++++++++++++++++++++-
 library/ssl_tls13_generic.c |  33 ++++++++++
 3 files changed, 155 insertions(+), 3 deletions(-)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index fa2429d07c..6bdb7acd18 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -486,6 +486,7 @@
 #define MBEDTLS_SSL_HS_SERVER_HELLO             2
 #define MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST     3
 #define MBEDTLS_SSL_HS_NEW_SESSION_TICKET       4
+#define MBEDTLS_SSL_HS_ENCRYPTED_EXTENSION      8 // NEW IN TLS 1.3
 #define MBEDTLS_SSL_HS_CERTIFICATE             11
 #define MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE     12
 #define MBEDTLS_SSL_HS_CERTIFICATE_REQUEST     13
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 979db31449..686edfe3b9 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -1395,11 +1395,125 @@ cleanup:
 }
 
 /*
- * Handler for MBEDTLS_SSL_ENCRYPTED_EXTENSIONS
+ *
+ * EncryptedExtensions message
+ *
+ * The EncryptedExtensions message contains any extensions which
+ * should be protected, i.e., any which are not needed to establish
+ * the cryptographic context.
  */
-static int ssl_tls1_3_process_encrypted_extensions( mbedtls_ssl_context *ssl )
+
+/*
+ * Overview
+ */
+static int ssl_tls1_3_read_encrypted_extensions( mbedtls_ssl_context *ssl );
+
+/* Main entry point; orchestrates the other functions */
+static int ssl_tls13_encrypted_extensions_process( mbedtls_ssl_context *ssl );
+
+static int ssl_tls13_encrypted_extensions_parse( mbedtls_ssl_context *ssl,
+                                           const unsigned char *buf,
+                                           size_t buf_len );
+static int ssl_tls13_encrypted_extensions_postprocess( mbedtls_ssl_context *ssl );
+
+/*
+ * Handler for  MBEDTLS_SSL_ENCRYPTED_ENTENSIONS
+ */
+static int ssl_tls13_encrypted_extensions_process( mbedtls_ssl_context *ssl )
+{
+    int ret;
+    unsigned char *buf;
+    size_t buf_len;
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse encrypted extensions" ) );
+
+    MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_fetch_handshake_msg( ssl,
+                                             MBEDTLS_SSL_HS_ENCRYPTED_EXTENSION,
+                                             &buf, &buf_len ) );
+
+    /* Process the message contents */
+    MBEDTLS_SSL_PROC_CHK( ssl_tls13_encrypted_extensions_parse( ssl, buf, buf_len ) );
+
+    mbedtls_ssl_tls13_add_hs_msg_to_checksum(
+        ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSION, buf, buf_len );
+
+    MBEDTLS_SSL_PROC_CHK( ssl_tls13_encrypted_extensions_postprocess( ssl ) );
+
+cleanup:
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse encrypted extensions" ) );
+    return( ret );
+
+}
+
+static int ssl_tls13_encrypted_extensions_parse( mbedtls_ssl_context *ssl,
+                                           const unsigned char *buf,
+                                           size_t buf_len )
+{
+    int ret = 0;
+    size_t ext_len;
+    const unsigned char *ext;
+
+    if( buf_len < 2 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "EncryptedExtension message too short" ) );
+        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+    }
+
+    ext_len = MBEDTLS_GET_UINT16_BE(buf, 0);
+
+    buf += 2; /* skip extension length */
+    ext = buf;
+
+    /* Checking for an extension length that is too short */
+    if( ext_len > 0 && ext_len < 4 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "EncryptedExtension message too short" ) );
+        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+    }
+
+    /* Checking for an extension length that isn't aligned with the rest
+     * of the message */
+    if( buf_len != 2 + ext_len )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "EncryptedExtension lengths misaligned" ) );
+        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+    }
+
+    MBEDTLS_SSL_DEBUG_BUF( 3, "encrypted extensions extensions", ext, ext_len );
+
+    while( ext_len )
+    {
+        unsigned int ext_id = MBEDTLS_GET_UINT16_BE(ext, 0);
+        size_t ext_size = MBEDTLS_GET_UINT16_BE(ext, 2);
+
+        if( ext_size + 4 > ext_len )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad encrypted extensions message" ) );
+            return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+        }
+
+        /* TBD: The client MUST check EncryptedExtensions for the
+         * presence of any forbidden extensions and if any are found MUST abort
+         * the handshake with an "illegal_parameter" alert.
+         */
+        ((void) ext_id);
+
+        ext_len -= 4 + ext_size;
+        ext += 4 + ext_size;
+
+        if( ext_len > 0 && ext_len < 4 )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad encrypted extensions message" ) );
+            return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+        }
+    }
+
+    return( ret );
+}
+
+static int ssl_tls13_encrypted_extensions_postprocess( mbedtls_ssl_context *ssl )
 {
-    MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) );
     mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CERTIFICATE_REQUEST );
     return( 0 );
 }
@@ -1555,6 +1669,10 @@ int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl )
             ret = ssl_tls1_3_handshake_wrapup( ssl );
             break;
 
+        case MBEDTLS_SSL_ENCRYPTED_EXTENSIONS:
+            ret = ssl_tls13_encrypted_extensions_process( ssl );
+            break;
+
         default:
             MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid state %d", ssl->state ) );
             return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index b3a4a09ddc..949fa74741 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -27,6 +27,39 @@
 #include "mbedtls/debug.h"
 
 #include "ssl_misc.h"
+#include <mbedtls/debug.h>
+
+int mbedtls_ssl_tls13_fetch_handshake_msg( mbedtls_ssl_context *ssl,
+                                     unsigned hs_type,
+                                     unsigned char **buf,
+                                     size_t *buflen )
+{
+    int ret;
+
+    if( ( ret = mbedtls_ssl_read_record( ssl, 0 ) ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
+        goto cleanup;
+    }
+
+    if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE         ||
+        ssl->in_msg[0]  != hs_type )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate verify message" ) );
+        MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE,
+                              MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
+        ret = MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE;
+        goto cleanup;
+    }
+
+    *buf    = ssl->in_msg   + 4;
+    *buflen = ssl->in_hslen - 4;
+
+
+cleanup:
+
+    return( ret );
+}
 
 int mbedtls_ssl_tls1_3_fetch_handshake_msg( mbedtls_ssl_context *ssl,
                                             unsigned hs_type,

From c1fe000cfd8cca1d9b6994519bee84bdfa0bb608 Mon Sep 17 00:00:00 2001
From: XiaokangQian <xiaokang.qian@arm.com>
Date: Thu, 16 Sep 2021 03:02:14 +0000
Subject: [PATCH 830/966] TLS1.3: Solve check name issue-macro definition

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
---
 library/ssl_tls13_client.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 686edfe3b9..a27f7239dd 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -1417,7 +1417,7 @@ static int ssl_tls13_encrypted_extensions_parse( mbedtls_ssl_context *ssl,
 static int ssl_tls13_encrypted_extensions_postprocess( mbedtls_ssl_context *ssl );
 
 /*
- * Handler for  MBEDTLS_SSL_ENCRYPTED_ENTENSIONS
+ * Handler for  MBEDTLS_SSL_ENCRYPTED_EXTENSIONS
  */
 static int ssl_tls13_encrypted_extensions_process( mbedtls_ssl_context *ssl )
 {

From e87e5924c9e8bf4bd6c08bb4ed375afd0d954acb Mon Sep 17 00:00:00 2001
From: XiaokangQian <xiaokang.qian@arm.com>
Date: Fri, 24 Sep 2021 07:35:32 +0000
Subject: [PATCH 831/966] Fix some issues such as naming mismatch based on
 comments.

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
---
 library/ssl_tls13_client.c  | 25 ++++++++++---------------
 library/ssl_tls13_generic.c | 32 --------------------------------
 2 files changed, 10 insertions(+), 47 deletions(-)

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index a27f7239dd..00c1835dd3 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -1406,20 +1406,19 @@ cleanup:
 /*
  * Overview
  */
-static int ssl_tls1_3_read_encrypted_extensions( mbedtls_ssl_context *ssl );
 
 /* Main entry point; orchestrates the other functions */
-static int ssl_tls13_encrypted_extensions_process( mbedtls_ssl_context *ssl );
+static int ssl_tls1_3_process_encrypted_extensions( mbedtls_ssl_context *ssl );
 
-static int ssl_tls13_encrypted_extensions_parse( mbedtls_ssl_context *ssl,
+static int ssl_tls1_3_parse_encrypted_extensions( mbedtls_ssl_context *ssl,
                                            const unsigned char *buf,
                                            size_t buf_len );
-static int ssl_tls13_encrypted_extensions_postprocess( mbedtls_ssl_context *ssl );
+static int ssl_tls1_3_postprocess_encrypted_extensions( mbedtls_ssl_context *ssl );
 
 /*
  * Handler for  MBEDTLS_SSL_ENCRYPTED_EXTENSIONS
  */
-static int ssl_tls13_encrypted_extensions_process( mbedtls_ssl_context *ssl )
+static int ssl_tls1_3_process_encrypted_extensions( mbedtls_ssl_context *ssl )
 {
     int ret;
     unsigned char *buf;
@@ -1427,17 +1426,17 @@ static int ssl_tls13_encrypted_extensions_process( mbedtls_ssl_context *ssl )
 
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse encrypted extensions" ) );
 
-    MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_fetch_handshake_msg( ssl,
+    MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls1_3_fetch_handshake_msg( ssl,
                                              MBEDTLS_SSL_HS_ENCRYPTED_EXTENSION,
                                              &buf, &buf_len ) );
 
     /* Process the message contents */
-    MBEDTLS_SSL_PROC_CHK( ssl_tls13_encrypted_extensions_parse( ssl, buf, buf_len ) );
+    MBEDTLS_SSL_PROC_CHK( ssl_tls1_3_parse_encrypted_extensions( ssl, buf, buf_len ) );
 
-    mbedtls_ssl_tls13_add_hs_msg_to_checksum(
+    mbedtls_ssl_tls1_3_add_hs_msg_to_checksum(
         ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSION, buf, buf_len );
 
-    MBEDTLS_SSL_PROC_CHK( ssl_tls13_encrypted_extensions_postprocess( ssl ) );
+    MBEDTLS_SSL_PROC_CHK( ssl_tls1_3_postprocess_encrypted_extensions( ssl ) );
 
 cleanup:
 
@@ -1446,7 +1445,7 @@ cleanup:
 
 }
 
-static int ssl_tls13_encrypted_extensions_parse( mbedtls_ssl_context *ssl,
+static int ssl_tls1_3_parse_encrypted_extensions( mbedtls_ssl_context *ssl,
                                            const unsigned char *buf,
                                            size_t buf_len )
 {
@@ -1512,7 +1511,7 @@ static int ssl_tls13_encrypted_extensions_parse( mbedtls_ssl_context *ssl,
     return( ret );
 }
 
-static int ssl_tls13_encrypted_extensions_postprocess( mbedtls_ssl_context *ssl )
+static int ssl_tls1_3_postprocess_encrypted_extensions( mbedtls_ssl_context *ssl )
 {
     mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CERTIFICATE_REQUEST );
     return( 0 );
@@ -1669,10 +1668,6 @@ int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl )
             ret = ssl_tls1_3_handshake_wrapup( ssl );
             break;
 
-        case MBEDTLS_SSL_ENCRYPTED_EXTENSIONS:
-            ret = ssl_tls13_encrypted_extensions_process( ssl );
-            break;
-
         default:
             MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid state %d", ssl->state ) );
             return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 949fa74741..70c2b02103 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -29,38 +29,6 @@
 #include "ssl_misc.h"
 #include <mbedtls/debug.h>
 
-int mbedtls_ssl_tls13_fetch_handshake_msg( mbedtls_ssl_context *ssl,
-                                     unsigned hs_type,
-                                     unsigned char **buf,
-                                     size_t *buflen )
-{
-    int ret;
-
-    if( ( ret = mbedtls_ssl_read_record( ssl, 0 ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
-        goto cleanup;
-    }
-
-    if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE         ||
-        ssl->in_msg[0]  != hs_type )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate verify message" ) );
-        MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE,
-                              MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
-        ret = MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE;
-        goto cleanup;
-    }
-
-    *buf    = ssl->in_msg   + 4;
-    *buflen = ssl->in_hslen - 4;
-
-
-cleanup:
-
-    return( ret );
-}
-
 int mbedtls_ssl_tls1_3_fetch_handshake_msg( mbedtls_ssl_context *ssl,
                                             unsigned hs_type,
                                             unsigned char **buf,

From 140f0459ed6f99d88b96d5451dc46c9abf0e1aa0 Mon Sep 17 00:00:00 2001
From: XiaokangQian <xiaokang.qian@arm.com>
Date: Fri, 8 Oct 2021 08:05:53 +0000
Subject: [PATCH 832/966] Encrypted Extension: Align the code style of buffer
 pointer

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
---
 library/ssl_tls13_client.c  | 45 ++++++++++++++++++++-----------------
 library/ssl_tls13_generic.c |  1 -
 2 files changed, 24 insertions(+), 22 deletions(-)

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 00c1835dd3..acdfa0542e 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -1450,45 +1450,46 @@ static int ssl_tls1_3_parse_encrypted_extensions( mbedtls_ssl_context *ssl,
                                            size_t buf_len )
 {
     int ret = 0;
-    size_t ext_len;
-    const unsigned char *ext;
+    size_t p_ext_len;
+    const unsigned char *end = buf + buf_len;
+    const unsigned char *p = buf;
 
-    if( buf_len < 2 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "EncryptedExtension message too short" ) );
-        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
-    }
+    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2);
+    p_ext_len = MBEDTLS_GET_UINT16_BE(buf, 0);
 
-    ext_len = MBEDTLS_GET_UINT16_BE(buf, 0);
-
-    buf += 2; /* skip extension length */
-    ext = buf;
+    p += 2; /* skip extension length */
 
     /* Checking for an extension length that is too short */
-    if( ext_len > 0 && ext_len < 4 )
+    if( p_ext_len > 0 && p_ext_len < 4 )
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "EncryptedExtension message too short" ) );
+        MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,   \
+                                      MBEDTLS_ERR_SSL_DECODE_ERROR );
         return( MBEDTLS_ERR_SSL_DECODE_ERROR );
     }
 
     /* Checking for an extension length that isn't aligned with the rest
      * of the message */
-    if( buf_len != 2 + ext_len )
+    if( buf_len != 2 + p_ext_len )
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "EncryptedExtension lengths misaligned" ) );
+        MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,   \
+                                      MBEDTLS_ERR_SSL_DECODE_ERROR );
         return( MBEDTLS_ERR_SSL_DECODE_ERROR );
     }
 
-    MBEDTLS_SSL_DEBUG_BUF( 3, "encrypted extensions extensions", ext, ext_len );
+    MBEDTLS_SSL_DEBUG_BUF( 3, "encrypted extensions extensions", p, p_ext_len );
 
-    while( ext_len )
+    while( p_ext_len )
     {
-        unsigned int ext_id = MBEDTLS_GET_UINT16_BE(ext, 0);
-        size_t ext_size = MBEDTLS_GET_UINT16_BE(ext, 2);
+        unsigned int ext_id = MBEDTLS_GET_UINT16_BE(p, 0);
+        size_t ext_size = MBEDTLS_GET_UINT16_BE(p, 2);
 
-        if( ext_size + 4 > ext_len )
+        if( ext_size + 4 > p_ext_len )
         {
             MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad encrypted extensions message" ) );
+            MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,   \
+                                          MBEDTLS_ERR_SSL_DECODE_ERROR );
             return( MBEDTLS_ERR_SSL_DECODE_ERROR );
         }
 
@@ -1498,12 +1499,14 @@ static int ssl_tls1_3_parse_encrypted_extensions( mbedtls_ssl_context *ssl,
          */
         ((void) ext_id);
 
-        ext_len -= 4 + ext_size;
-        ext += 4 + ext_size;
+        p_ext_len -= 4 + ext_size;
+        p += 4 + ext_size;
 
-        if( ext_len > 0 && ext_len < 4 )
+        if( p_ext_len > 0 && p_ext_len < 4 )
         {
             MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad encrypted extensions message" ) );
+            MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,   \
+                                          MBEDTLS_ERR_SSL_DECODE_ERROR );
             return( MBEDTLS_ERR_SSL_DECODE_ERROR );
         }
     }
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 70c2b02103..b3a4a09ddc 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -27,7 +27,6 @@
 #include "mbedtls/debug.h"
 
 #include "ssl_misc.h"
-#include <mbedtls/debug.h>
 
 int mbedtls_ssl_tls1_3_fetch_handshake_msg( mbedtls_ssl_context *ssl,
                                             unsigned hs_type,

From 08da26c58f959ba4e93498d3ed626717b5ee1cdf Mon Sep 17 00:00:00 2001
From: XiaokangQian <xiaokang.qian@arm.com>
Date: Sat, 9 Oct 2021 10:12:11 +0000
Subject: [PATCH 833/966] Refine encrypted extensions parse function

Change arguments of API.
Send different messages base on extensions types.

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
---
 library/ssl_tls13_client.c | 83 +++++++++++++++++++++-----------------
 1 file changed, 47 insertions(+), 36 deletions(-)

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index acdfa0542e..13fb47079c 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -1411,8 +1411,8 @@ cleanup:
 static int ssl_tls1_3_process_encrypted_extensions( mbedtls_ssl_context *ssl );
 
 static int ssl_tls1_3_parse_encrypted_extensions( mbedtls_ssl_context *ssl,
-                                           const unsigned char *buf,
-                                           size_t buf_len );
+                                                  const unsigned char *buf,
+                                                  const unsigned char *end );
 static int ssl_tls1_3_postprocess_encrypted_extensions( mbedtls_ssl_context *ssl );
 
 /*
@@ -1431,7 +1431,7 @@ static int ssl_tls1_3_process_encrypted_extensions( mbedtls_ssl_context *ssl )
                                              &buf, &buf_len ) );
 
     /* Process the message contents */
-    MBEDTLS_SSL_PROC_CHK( ssl_tls1_3_parse_encrypted_extensions( ssl, buf, buf_len ) );
+    MBEDTLS_SSL_PROC_CHK( ssl_tls1_3_parse_encrypted_extensions( ssl, buf, ( buf + buf_len ) ) );
 
     mbedtls_ssl_tls1_3_add_hs_msg_to_checksum(
         ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSION, buf, buf_len );
@@ -1445,32 +1445,27 @@ cleanup:
 
 }
 
+/* Parse EncryptedExtensions message
+ * struct {
+ * Extension extensions<0..2^16-1>;
+ * } EncryptedExtensions;
+ */
 static int ssl_tls1_3_parse_encrypted_extensions( mbedtls_ssl_context *ssl,
-                                           const unsigned char *buf,
-                                           size_t buf_len )
+                                                  const unsigned char *buf,
+                                                  const unsigned char *end )
 {
     int ret = 0;
-    size_t p_ext_len;
-    const unsigned char *end = buf + buf_len;
+    size_t extensions_len;
     const unsigned char *p = buf;
 
-    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2);
-    p_ext_len = MBEDTLS_GET_UINT16_BE(buf, 0);
+    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2 );
+    extensions_len = MBEDTLS_GET_UINT16_BE(p, 0);
 
-    p += 2; /* skip extension length */
-
-    /* Checking for an extension length that is too short */
-    if( p_ext_len > 0 && p_ext_len < 4 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "EncryptedExtension message too short" ) );
-        MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,   \
-                                      MBEDTLS_ERR_SSL_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
-    }
+    p += 2;
 
     /* Checking for an extension length that isn't aligned with the rest
      * of the message */
-    if( buf_len != 2 + p_ext_len )
+    if( p + extensions_len != end )
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "EncryptedExtension lengths misaligned" ) );
         MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,   \
@@ -1478,31 +1473,47 @@ static int ssl_tls1_3_parse_encrypted_extensions( mbedtls_ssl_context *ssl,
         return( MBEDTLS_ERR_SSL_DECODE_ERROR );
     }
 
-    MBEDTLS_SSL_DEBUG_BUF( 3, "encrypted extensions extensions", p, p_ext_len );
+    MBEDTLS_SSL_DEBUG_BUF( 3, "encrypted extensions extensions", p, extensions_len );
 
-    while( p_ext_len )
+    while( p < end )
     {
-        unsigned int ext_id = MBEDTLS_GET_UINT16_BE(p, 0);
-        size_t ext_size = MBEDTLS_GET_UINT16_BE(p, 2);
+        unsigned int extension_type;
+        size_t extension_data_len;
 
-        if( ext_size + 4 > p_ext_len )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad encrypted extensions message" ) );
-            MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,   \
-                                          MBEDTLS_ERR_SSL_DECODE_ERROR );
-            return( MBEDTLS_ERR_SSL_DECODE_ERROR );
-        }
+        /*
+         * struct {
+         * ExtensionType extension_type; (2 bytes)
+         * opaque extension_data<0..2^16-1>;
+         * } Extension;
+         */
+        MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 4 );
+        extension_type = MBEDTLS_GET_UINT16_BE( p, 0 );
+        extension_data_len = MBEDTLS_GET_UINT16_BE( p, 2 );
+        p += 4;
+
+        MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, extension_data_len );
 
         /* TBD: The client MUST check EncryptedExtensions for the
          * presence of any forbidden extensions and if any are found MUST abort
-         * the handshake with an "illegal_parameter" alert.
+         * the handshake with an "unsupported_extension" alert.
          */
-        ((void) ext_id);
+        switch( extension_type )
+        {
 
-        p_ext_len -= 4 + ext_size;
-        p += 4 + ext_size;
+            case MBEDTLS_TLS_EXT_SUPPORTED_GROUPS:
+                MBEDTLS_SSL_DEBUG_MSG( 3, ( "found extensions supported groups" ) );
+                break;
 
-        if( p_ext_len > 0 && p_ext_len < 4 )
+            default:
+                MBEDTLS_SSL_DEBUG_MSG( 3, ( "unsupported extension found: %d ( ignoring )", extension_type) );
+                break;
+        }
+
+        extensions_len -= 4 + extension_data_len;
+        p += extension_data_len;
+
+        /* Checking for an extension length that is too short */
+        if( extensions_len > 0 && extensions_len < 4 )
         {
             MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad encrypted extensions message" ) );
             MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,   \

From 97799ac27bb095d1966aa0abce294cb076fa7706 Mon Sep 17 00:00:00 2001
From: XiaokangQian <xiaokang.qian@arm.com>
Date: Mon, 11 Oct 2021 10:05:54 +0000
Subject: [PATCH 834/966] Encrypted Extensions: Align code style and some check
 logic

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
---
 library/ssl_tls13_client.c | 74 ++++++++++++++++++--------------------
 1 file changed, 34 insertions(+), 40 deletions(-)

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 13fb47079c..f7f7eaabac 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -1408,17 +1408,17 @@ cleanup:
  */
 
 /* Main entry point; orchestrates the other functions */
-static int ssl_tls1_3_process_encrypted_extensions( mbedtls_ssl_context *ssl );
+static int ssl_tls13_process_encrypted_extensions( mbedtls_ssl_context *ssl );
 
-static int ssl_tls1_3_parse_encrypted_extensions( mbedtls_ssl_context *ssl,
-                                                  const unsigned char *buf,
-                                                  const unsigned char *end );
-static int ssl_tls1_3_postprocess_encrypted_extensions( mbedtls_ssl_context *ssl );
+static int ssl_tls13_parse_encrypted_extensions( mbedtls_ssl_context *ssl,
+                                                 const unsigned char *buf,
+                                                 const unsigned char *end );
+static int ssl_tls13_postprocess_encrypted_extensions( mbedtls_ssl_context *ssl );
 
 /*
  * Handler for  MBEDTLS_SSL_ENCRYPTED_EXTENSIONS
  */
-static int ssl_tls1_3_process_encrypted_extensions( mbedtls_ssl_context *ssl )
+static int ssl_tls13_process_encrypted_extensions( mbedtls_ssl_context *ssl )
 {
     int ret;
     unsigned char *buf;
@@ -1431,12 +1431,13 @@ static int ssl_tls1_3_process_encrypted_extensions( mbedtls_ssl_context *ssl )
                                              &buf, &buf_len ) );
 
     /* Process the message contents */
-    MBEDTLS_SSL_PROC_CHK( ssl_tls1_3_parse_encrypted_extensions( ssl, buf, ( buf + buf_len ) ) );
+    MBEDTLS_SSL_PROC_CHK(
+        ssl_tls13_parse_encrypted_extensions( ssl, buf, ( buf + buf_len ) ) );
 
     mbedtls_ssl_tls1_3_add_hs_msg_to_checksum(
         ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSION, buf, buf_len );
 
-    MBEDTLS_SSL_PROC_CHK( ssl_tls1_3_postprocess_encrypted_extensions( ssl ) );
+    MBEDTLS_SSL_PROC_CHK( ssl_tls13_postprocess_encrypted_extensions( ssl ) );
 
 cleanup:
 
@@ -1447,33 +1448,22 @@ cleanup:
 
 /* Parse EncryptedExtensions message
  * struct {
- * Extension extensions<0..2^16-1>;
+ *     Extension extensions<0..2^16-1>;
  * } EncryptedExtensions;
  */
-static int ssl_tls1_3_parse_encrypted_extensions( mbedtls_ssl_context *ssl,
-                                                  const unsigned char *buf,
-                                                  const unsigned char *end )
+static int ssl_tls13_parse_encrypted_extensions( mbedtls_ssl_context *ssl,
+                                                 const unsigned char *buf,
+                                                 const unsigned char *end )
 {
     int ret = 0;
     size_t extensions_len;
     const unsigned char *p = buf;
 
     MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2 );
-    extensions_len = MBEDTLS_GET_UINT16_BE(p, 0);
-
+    extensions_len = MBEDTLS_GET_UINT16_BE( p, 0 );
     p += 2;
 
-    /* Checking for an extension length that isn't aligned with the rest
-     * of the message */
-    if( p + extensions_len != end )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "EncryptedExtension lengths misaligned" ) );
-        MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,   \
-                                      MBEDTLS_ERR_SSL_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
-    }
-
-    MBEDTLS_SSL_DEBUG_BUF( 3, "encrypted extensions extensions", p, extensions_len );
+    MBEDTLS_SSL_DEBUG_BUF( 3, "encrypted extensions", p, extensions_len );
 
     while( p < end )
     {
@@ -1482,8 +1472,8 @@ static int ssl_tls1_3_parse_encrypted_extensions( mbedtls_ssl_context *ssl,
 
         /*
          * struct {
-         * ExtensionType extension_type; (2 bytes)
-         * opaque extension_data<0..2^16-1>;
+         *     ExtensionType extension_type; (2 bytes)
+         *     opaque extension_data<0..2^16-1>;
          * } Extension;
          */
         MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 4 );
@@ -1493,7 +1483,7 @@ static int ssl_tls1_3_parse_encrypted_extensions( mbedtls_ssl_context *ssl,
 
         MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, extension_data_len );
 
-        /* TBD: The client MUST check EncryptedExtensions for the
+        /* The client MUST check EncryptedExtensions for the
          * presence of any forbidden extensions and if any are found MUST abort
          * the handshake with an "unsupported_extension" alert.
          */
@@ -1505,27 +1495,31 @@ static int ssl_tls1_3_parse_encrypted_extensions( mbedtls_ssl_context *ssl,
                 break;
 
             default:
-                MBEDTLS_SSL_DEBUG_MSG( 3, ( "unsupported extension found: %d ( ignoring )", extension_type) );
+                MBEDTLS_SSL_DEBUG_MSG(
+                    3, ( "unsupported extension found: %u ", extension_type) );
+                MBEDTLS_SSL_PEND_FATAL_ALERT(
+                    MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT,   \
+                    MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION );
+                return ( MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION );
                 break;
         }
 
-        extensions_len -= 4 + extension_data_len;
         p += extension_data_len;
+    }
 
-        /* Checking for an extension length that is too short */
-        if( extensions_len > 0 && extensions_len < 4 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad encrypted extensions message" ) );
-            MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,   \
-                                          MBEDTLS_ERR_SSL_DECODE_ERROR );
-            return( MBEDTLS_ERR_SSL_DECODE_ERROR );
-        }
+    /* Check that we consumed all the message. */
+    if( p != end )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "EncryptedExtension lengths misaligned" ) );
+        MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,   \
+                                      MBEDTLS_ERR_SSL_DECODE_ERROR );
+        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
     }
 
     return( ret );
 }
 
-static int ssl_tls1_3_postprocess_encrypted_extensions( mbedtls_ssl_context *ssl )
+static int ssl_tls13_postprocess_encrypted_extensions( mbedtls_ssl_context *ssl )
 {
     mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CERTIFICATE_REQUEST );
     return( 0 );
@@ -1643,7 +1637,7 @@ int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl )
             break;
 
         case MBEDTLS_SSL_ENCRYPTED_EXTENSIONS:
-            ret = ssl_tls1_3_process_encrypted_extensions( ssl );
+            ret = ssl_tls13_process_encrypted_extensions( ssl );
             break;
 
         case MBEDTLS_SSL_CERTIFICATE_REQUEST:

From 8db25fffb48ca5c7c5a67d288451428e1652da8a Mon Sep 17 00:00:00 2001
From: XiaokangQian <xiaokang.qian@arm.com>
Date: Wed, 13 Oct 2021 05:56:18 +0000
Subject: [PATCH 835/966] Encrypted Extensions: Change extensions length check

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
---
 library/ssl_tls13_client.c | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index f7f7eaabac..68f5ae568a 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -1432,7 +1432,7 @@ static int ssl_tls13_process_encrypted_extensions( mbedtls_ssl_context *ssl )
 
     /* Process the message contents */
     MBEDTLS_SSL_PROC_CHK(
-        ssl_tls13_parse_encrypted_extensions( ssl, buf, ( buf + buf_len ) ) );
+        ssl_tls13_parse_encrypted_extensions( ssl, buf, buf + buf_len ) );
 
     mbedtls_ssl_tls1_3_add_hs_msg_to_checksum(
         ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSION, buf, buf_len );
@@ -1458,14 +1458,17 @@ static int ssl_tls13_parse_encrypted_extensions( mbedtls_ssl_context *ssl,
     int ret = 0;
     size_t extensions_len;
     const unsigned char *p = buf;
+    const unsigned char *extensions_end;
 
     MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2 );
     extensions_len = MBEDTLS_GET_UINT16_BE( p, 0 );
     p += 2;
 
     MBEDTLS_SSL_DEBUG_BUF( 3, "encrypted extensions", p, extensions_len );
+    extensions_end = p + extensions_len;
+    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, extensions_len );
 
-    while( p < end )
+    while( p < extensions_end )
     {
         unsigned int extension_type;
         size_t extension_data_len;
@@ -1476,12 +1479,12 @@ static int ssl_tls13_parse_encrypted_extensions( mbedtls_ssl_context *ssl,
          *     opaque extension_data<0..2^16-1>;
          * } Extension;
          */
-        MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 4 );
+        MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, 4 );
         extension_type = MBEDTLS_GET_UINT16_BE( p, 0 );
         extension_data_len = MBEDTLS_GET_UINT16_BE( p, 2 );
         p += 4;
 
-        MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, extension_data_len );
+        MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, extension_data_len );
 
         /* The client MUST check EncryptedExtensions for the
          * presence of any forbidden extensions and if any are found MUST abort
@@ -1501,18 +1504,17 @@ static int ssl_tls13_parse_encrypted_extensions( mbedtls_ssl_context *ssl,
                     MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT,   \
                     MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION );
                 return ( MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION );
-                break;
         }
 
         p += extension_data_len;
     }
 
     /* Check that we consumed all the message. */
-    if( p != end )
+    if( p != extensions_end )
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "EncryptedExtension lengths misaligned" ) );
-        MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,   \
-                                      MBEDTLS_ERR_SSL_DECODE_ERROR );
+        MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,   \
+                                      MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
         return( MBEDTLS_ERR_SSL_DECODE_ERROR );
     }
 

From 7b2d4efee8b8d35b783ddf3a3bb7c263f2c04da0 Mon Sep 17 00:00:00 2001
From: XiaokangQian <xiaokang.qian@arm.com>
Date: Wed, 13 Oct 2021 10:19:02 +0000
Subject: [PATCH 836/966] Change the buffer boundary check and alert type

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
---
 include/mbedtls/ssl.h      | 2 +-
 library/ssl_tls13_client.c | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 6bdb7acd18..288d9b3c5c 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -486,7 +486,7 @@
 #define MBEDTLS_SSL_HS_SERVER_HELLO             2
 #define MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST     3
 #define MBEDTLS_SSL_HS_NEW_SESSION_TICKET       4
-#define MBEDTLS_SSL_HS_ENCRYPTED_EXTENSION      8 // NEW IN TLS 1.3
+#define MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS     8 // NEW IN TLS 1.3
 #define MBEDTLS_SSL_HS_CERTIFICATE             11
 #define MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE     12
 #define MBEDTLS_SSL_HS_CERTIFICATE_REQUEST     13
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 68f5ae568a..2c2d0f3afd 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -1510,11 +1510,11 @@ static int ssl_tls13_parse_encrypted_extensions( mbedtls_ssl_context *ssl,
     }
 
     /* Check that we consumed all the message. */
-    if( p != extensions_end )
+    if( p != end )
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "EncryptedExtension lengths misaligned" ) );
-        MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,   \
-                                      MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+        MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,   \
+                                      MBEDTLS_ERR_SSL_DECODE_ERROR );
         return( MBEDTLS_ERR_SSL_DECODE_ERROR );
     }
 

From ab7f50d6389b9f6a6e2d60881d68c28f67126bf5 Mon Sep 17 00:00:00 2001
From: XiaokangQian <xiaokang.qian@arm.com>
Date: Thu, 21 Oct 2021 06:23:29 +0000
Subject: [PATCH 837/966] Change macro names and add test script for extensions

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
---
 library/ssl_tls13_client.c |  4 ++--
 tests/ssl-opt.sh           | 11 ++++++-----
 2 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 2c2d0f3afd..5ed01aade2 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -1427,7 +1427,7 @@ static int ssl_tls13_process_encrypted_extensions( mbedtls_ssl_context *ssl )
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse encrypted extensions" ) );
 
     MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls1_3_fetch_handshake_msg( ssl,
-                                             MBEDTLS_SSL_HS_ENCRYPTED_EXTENSION,
+                                             MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS,
                                              &buf, &buf_len ) );
 
     /* Process the message contents */
@@ -1435,7 +1435,7 @@ static int ssl_tls13_process_encrypted_extensions( mbedtls_ssl_context *ssl )
         ssl_tls13_parse_encrypted_extensions( ssl, buf, buf + buf_len ) );
 
     mbedtls_ssl_tls1_3_add_hs_msg_to_checksum(
-        ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSION, buf, buf_len );
+        ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, buf, buf_len );
 
     MBEDTLS_SSL_PROC_CHK( ssl_tls13_postprocess_encrypted_extensions( ssl ) );
 
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 8fbe67739b..f9bfec2e1e 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -8808,7 +8808,7 @@ requires_openssl_tls1_3
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
 requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
 run_test    "TLS1.3: Test client hello msg work - openssl" \
-            "$O_NEXT_SRV -tls1_3 -msg" \
+            "$O_NEXT_SRV -tls1_3 -msg -no_middlebox" \
             "$P_CLI debug_level=3 min_version=tls1_3 max_version=tls1_3" \
             1 \
             -c "SSL - The requested feature is not available" \
@@ -8828,13 +8828,14 @@ run_test    "TLS1.3: Test client hello msg work - openssl" \
             -c "<= ssl_tls1_3_process_server_hello" \
             -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
             -c "ECDH curve: x25519"         \
-            -c "=> ssl_tls1_3_process_server_hello"
+            -c "=> ssl_tls1_3_process_server_hello" \
+            -c "<= parse encrypted extensions"
 
 requires_gnutls_tls1_3
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
 requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
 run_test    "TLS1.3: Test client hello msg work - gnutls" \
-            "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --debug=4" \
+            "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%DISABLE_TLS13_COMPAT_MODE --debug=4" \
             "$P_CLI debug_level=3 min_version=tls1_3 max_version=tls1_3" \
             1 \
             -c "SSL - The requested feature is not available" \
@@ -8854,8 +8855,8 @@ run_test    "TLS1.3: Test client hello msg work - gnutls" \
             -c "<= ssl_tls1_3_process_server_hello" \
             -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
             -c "ECDH curve: x25519"         \
-            -c "=> ssl_tls1_3_process_server_hello"
-
+            -c "=> ssl_tls1_3_process_server_hello" \
+            -c "<= parse encrypted extensions"
 
 # Test heap memory usage after handshake
 requires_config_enabled MBEDTLS_MEMORY_DEBUG

From 29287a46d2a6a24236a4062f4216f681ef0a8d9b Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Thu, 28 Oct 2021 10:26:13 +0800
Subject: [PATCH 838/966] fix wrong para name in doxygen comments

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/common.h | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/library/common.h b/library/common.h
index 7c8d4bf478..a630fcc456 100644
--- a/library/common.h
+++ b/library/common.h
@@ -87,7 +87,7 @@ extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const c
  * big-endian order (MSB first).
  *
  * \param   data    Base address of the memory to get the four bytes from.
- * \param   offset  Offset from \p base of the first and most significant
+ * \param   offset  Offset from \p data of the first and most significant
  *                  byte of the four bytes to build the 32 bits unsigned
  *                  integer from.
  */
@@ -107,7 +107,7 @@ extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const c
  * \param   n       32 bits unsigned integer to put in memory.
  * \param   data    Base address of the memory where to put the 32
  *                  bits unsigned integer in.
- * \param   offset  Offset from \p base where to put the most significant
+ * \param   offset  Offset from \p data where to put the most significant
  *                  byte of the 32 bits unsigned integer \p n.
  */
 #ifndef MBEDTLS_PUT_UINT32_BE
@@ -125,7 +125,7 @@ extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const c
  * little-endian order (LSB first).
  *
  * \param   data    Base address of the memory to get the four bytes from.
- * \param   offset  Offset from \p base of the first and least significant
+ * \param   offset  Offset from \p data of the first and least significant
  *                  byte of the four bytes to build the 32 bits unsigned
  *                  integer from.
  */
@@ -145,7 +145,7 @@ extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const c
  * \param   n       32 bits unsigned integer to put in memory.
  * \param   data    Base address of the memory where to put the 32
  *                  bits unsigned integer in.
- * \param   offset  Offset from \p base where to put the least significant
+ * \param   offset  Offset from \p data where to put the least significant
  *                  byte of the 32 bits unsigned integer \p n.
  */
 #ifndef MBEDTLS_PUT_UINT32_LE
@@ -163,7 +163,7 @@ extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const c
  * little-endian order (LSB first).
  *
  * \param   data    Base address of the memory to get the two bytes from.
- * \param   offset  Offset from \p base of the first and least significant
+ * \param   offset  Offset from \p data of the first and least significant
  *                  byte of the two bytes to build the 16 bits unsigned
  *                  integer from.
  */
@@ -181,7 +181,7 @@ extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const c
  * \param   n       16 bits unsigned integer to put in memory.
  * \param   data    Base address of the memory where to put the 16
  *                  bits unsigned integer in.
- * \param   offset  Offset from \p base where to put the least significant
+ * \param   offset  Offset from \p data where to put the least significant
  *                  byte of the 16 bits unsigned integer \p n.
  */
 #ifndef MBEDTLS_PUT_UINT16_LE
@@ -197,7 +197,7 @@ extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const c
  * big-endian order (MSB first).
  *
  * \param   data    Base address of the memory to get the two bytes from.
- * \param   offset  Offset from \p base of the first and most significant
+ * \param   offset  Offset from \p data of the first and most significant
  *                  byte of the two bytes to build the 16 bits unsigned
  *                  integer from.
  */
@@ -215,7 +215,7 @@ extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const c
  * \param   n       16 bits unsigned integer to put in memory.
  * \param   data    Base address of the memory where to put the 16
  *                  bits unsigned integer in.
- * \param   offset  Offset from \p base where to put the most significant
+ * \param   offset  Offset from \p data where to put the most significant
  *                  byte of the 16 bits unsigned integer \p n.
  */
 #ifndef MBEDTLS_PUT_UINT16_BE
@@ -303,7 +303,7 @@ extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const c
  * big-endian order (MSB first).
  *
  * \param   data    Base address of the memory to get the eight bytes from.
- * \param   offset  Offset from \p base of the first and most significant
+ * \param   offset  Offset from \p data of the first and most significant
  *                  byte of the eight bytes to build the 64 bits unsigned
  *                  integer from.
  */
@@ -327,7 +327,7 @@ extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const c
  * \param   n       64 bits unsigned integer to put in memory.
  * \param   data    Base address of the memory where to put the 64
  *                  bits unsigned integer in.
- * \param   offset  Offset from \p base where to put the most significant
+ * \param   offset  Offset from \p data where to put the most significant
  *                  byte of the 64 bits unsigned integer \p n.
  */
 #ifndef MBEDTLS_PUT_UINT64_BE
@@ -349,7 +349,7 @@ extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const c
  * little-endian order (LSB first).
  *
  * \param   data    Base address of the memory to get the eight bytes from.
- * \param   offset  Offset from \p base of the first and least significant
+ * \param   offset  Offset from \p data of the first and least significant
  *                  byte of the eight bytes to build the 64 bits unsigned
  *                  integer from.
  */
@@ -373,7 +373,7 @@ extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const c
  * \param   n       64 bits unsigned integer to put in memory.
  * \param   data    Base address of the memory where to put the 64
  *                  bits unsigned integer in.
- * \param   offset  Offset from \p base where to put the least significant
+ * \param   offset  Offset from \p data where to put the least significant
  *                  byte of the 64 bits unsigned integer \p n.
  */
 #ifndef MBEDTLS_PUT_UINT64_LE

From 947571efff70d8a1b66501c2aa761bd702d538ee Mon Sep 17 00:00:00 2001
From: Xiaofei Bai <xiaofei.bai@arm.com>
Date: Wed, 29 Sep 2021 09:12:03 +0000
Subject: [PATCH 839/966] add tls1_3 read certificate

Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
---
 library/ssl_misc.h          |   6 +
 library/ssl_tls13_client.c  |   7 +-
 library/ssl_tls13_generic.c | 367 ++++++++++++++++++++++++++++++++++++
 3 files changed, 379 insertions(+), 1 deletion(-)

diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 66fb26c624..dbef6aa212 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -1627,6 +1627,12 @@ int mbedtls_ssl_tls13_start_handshake_msg( mbedtls_ssl_context *ssl,
                                            unsigned hs_type,
                                            unsigned char **buf,
                                            size_t *buflen );
+
+/*
+ * Handler of TLS 1.3 server certificate message
+ */
+int mbedtls_ssl_tls13_process_certificate( mbedtls_ssl_context *ssl );
+
 /*
  * Write TLS 1.3 handshake message tail
  */
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 5ed01aade2..44c7b1ecc9 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -1542,7 +1542,12 @@ static int ssl_tls1_3_process_certificate_request( mbedtls_ssl_context *ssl )
  */
 static int ssl_tls1_3_process_server_certificate( mbedtls_ssl_context *ssl )
 {
-    MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) );
+    int ret;
+
+    ret = mbedtls_ssl_tls13_process_certificate( ssl );
+    if( ret != 0)
+        return( ret );
+
     mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CERTIFICATE_VERIFY );
     return( 0 );
 }
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index b3a4a09ddc..8cae7898bf 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -27,6 +27,10 @@
 #include "mbedtls/debug.h"
 
 #include "ssl_misc.h"
+#include <mbedtls/debug.h>
+#include <mbedtls/oid.h>
+#include <mbedtls/platform.h>
+
 
 int mbedtls_ssl_tls1_3_fetch_handshake_msg( mbedtls_ssl_context *ssl,
                                             unsigned hs_type,
@@ -215,6 +219,369 @@ int mbedtls_ssl_tls13_write_sig_alg_ext( mbedtls_ssl_context *ssl,
 
 #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
 
+/*
+ *
+ * STATE HANDLING: Incoming Certificate, client-side only currently.
+ *
+ */
+
+/*
+ * Overview
+ */
+
+/* Main state-handling entry point; orchestrates the other functions. */
+int mbedtls_ssl_tls13_process_certificate( mbedtls_ssl_context *ssl );
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
+/* Parse certificate chain send by the server. */
+static int ssl_tls13_parse_certificate( mbedtls_ssl_context *ssl,
+                                        const unsigned char *buf,
+                                        const unsigned char *end );
+/* Validate certificate chain sent by the server. */
+static int ssl_tls13_validate_certificate( mbedtls_ssl_context *ssl );
+
+#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
+
+/* Update the state after handling the incoming certificate message. */
+static int ssl_tls13_process_certificate_postprocess( mbedtls_ssl_context *ssl );
+
+/*
+ * Implementation
+ */
+
+int mbedtls_ssl_tls13_process_certificate( mbedtls_ssl_context *ssl )
+{
+    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate" ) );
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
+    unsigned char *buf;
+    size_t buf_len;
+
+    MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls1_3_fetch_handshake_msg(
+                          ssl, MBEDTLS_SSL_HS_CERTIFICATE,
+                          &buf, &buf_len ) );
+
+    /* Parse the certificate chain sent by the peer. */
+    MBEDTLS_SSL_PROC_CHK( ssl_tls13_parse_certificate( ssl, buf, buf + buf_len ) );
+    /* Validate the certificate chain and set the verification results. */
+    MBEDTLS_SSL_PROC_CHK( ssl_tls13_validate_certificate( ssl ) );
+
+    mbedtls_ssl_tls1_3_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_CERTIFICATE,
+                                               buf, buf_len );
+
+#else
+    MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+    return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
+
+    /* Update state */
+    MBEDTLS_SSL_PROC_CHK( ssl_tls13_process_certificate_postprocess( ssl ) );
+
+cleanup:
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse certificate" ) );
+    return( ret );
+}
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
+#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+/*
+ * Structure of Certificate message:
+ *
+ * enum {
+ *     X509(0),
+ *     RawPublicKey(2),
+ *     (255)
+ * } CertificateType;
+ *
+ * struct {
+ *     select (certificate_type) {
+ *         case RawPublicKey:
+ *           * From RFC 7250 ASN.1_subjectPublicKeyInfo *
+ *           opaque ASN1_subjectPublicKeyInfo<1..2^24-1>;
+ *         case X509:
+ *           opaque cert_data<1..2^24-1>;
+ *     };
+ *     Extension extensions<0..2^16-1>;
+ * } CertificateEntry;
+ *
+ * struct {
+ *     opaque certificate_request_context<0..2^8-1>;
+ *     CertificateEntry certificate_list<0..2^24-1>;
+ * } Certificate;
+ *
+ */
+static int ssl_tls13_parse_certificate( mbedtls_ssl_context *ssl,
+                                        const unsigned char *buf,
+                                        const unsigned char *end )
+{
+    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+    size_t certificate_request_context_len = 0;
+    size_t certificate_list_len = 0;
+    const unsigned char *p = buf;
+    const unsigned char *certificate_list_end;
+
+    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 4 );
+    certificate_request_context_len = p[0];
+    certificate_list_len = ( p[1] << 16 ) | ( p[2] << 8 ) | p[3];
+
+    /* In theory, the certificate list can be up to 2^24 Bytes, but we don't
+     * support anything beyond 2^16 = 64K.
+     */
+    if( certificate_request_context_len != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
+        MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,
+                                      MBEDTLS_ERR_SSL_DECODE_ERROR );
+        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+    }
+
+    /* In case we tried to reuse a session but it failed */
+    if( ssl->session_negotiate->peer_cert != NULL )
+    {
+        mbedtls_x509_crt_free( ssl->session_negotiate->peer_cert );
+        mbedtls_free( ssl->session_negotiate->peer_cert );
+    }
+
+    if( ( ssl->session_negotiate->peer_cert =
+          mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) ) ) == NULL )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc( %" MBEDTLS_PRINTF_SIZET " bytes ) failed",
+                                    sizeof( mbedtls_x509_crt ) ) );
+        MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR,
+                                      MBEDTLS_ERR_SSL_ALLOC_FAILED );
+        return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+    }
+
+    mbedtls_x509_crt_init( ssl->session_negotiate->peer_cert );
+
+    p += 4;
+    certificate_list_end = p + certificate_list_len;
+    while ( p < certificate_list_end )
+    {
+        size_t cert_data_len, extensions_len;
+
+        MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 3 );
+        cert_data_len = ( ( size_t )p[0] << 16 ) |
+                        ( ( size_t )p[1] << 8  ) |
+                        ( ( size_t )p[2]       );
+        p += 3;
+
+        /* In theory, the CRT can be up to 2^24 Bytes, but we don't support
+         * anything beyond 2^16 = 64K. Otherwise as in the TLS 1.2 code,
+         * check that we have a minimum of 128 bytes of data, this is not
+         * clear why we need that though.
+         */
+        if( ( cert_data_len < 128 ) || ( cert_data_len >= 0x10000 ) )
+	{
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad Certificate message" ) );
+            MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,
+                                          MBEDTLS_ERR_SSL_DECODE_ERROR );
+            return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+        }
+
+        MBEDTLS_SSL_CHK_BUF_READ_PTR( p, certificate_list_end, cert_data_len);
+        ret = mbedtls_x509_crt_parse_der( ssl->session_negotiate->peer_cert,
+                                          p, cert_data_len );
+
+        switch( ret )
+        {
+            case 0: /*ok*/
+                break;
+            case MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG + MBEDTLS_ERR_OID_NOT_FOUND:
+                /* Ignore certificate with an unknown algorithm: maybe a
+                   prior certificate was already trusted. */
+                break;
+
+            case MBEDTLS_ERR_X509_ALLOC_FAILED:
+                MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR,
+                                              MBEDTLS_ERR_X509_ALLOC_FAILED );
+                MBEDTLS_SSL_DEBUG_RET( 1, " mbedtls_x509_crt_parse_der", ret );
+                return( ret );
+
+            case MBEDTLS_ERR_X509_UNKNOWN_VERSION:
+                MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT,
+                                              MBEDTLS_ERR_X509_UNKNOWN_VERSION );
+                MBEDTLS_SSL_DEBUG_RET( 1, " mbedtls_x509_crt_parse_der", ret );
+                return( ret );
+
+            default:
+                MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_BAD_CERT,
+                                              ret );
+                MBEDTLS_SSL_DEBUG_RET( 1, " mbedtls_x509_crt_parse_der", ret );
+                return( ret );
+        }
+
+        p += cert_data_len;
+
+        /* Certificate extensions length */
+        MBEDTLS_SSL_CHK_BUF_READ_PTR( p, certificate_list_end, 2 );
+        extensions_len = MBEDTLS_GET_UINT16_BE( p, 0 );
+        p += 2;
+        MBEDTLS_SSL_CHK_BUF_READ_PTR( p, certificate_list_end, extensions_len);
+        p += extensions_len;
+    }
+
+    /* Check that all the message is consumed. */
+    if( p != end )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad Certificate message" ) );
+        MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR, \
+                                      MBEDTLS_ERR_SSL_DECODE_ERROR );
+        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+    }
+
+    MBEDTLS_SSL_DEBUG_CRT( 3, "peer certificate", ssl->session_negotiate->peer_cert );
+
+    return( ret );
+}
+#else
+static int ssl_tls13_parse_certificate( mbedtls_ssl_context *ssl,
+                                        const unsigned char *buf,
+                                        const unsigned char *end )
+{
+    ((void) ssl);
+    ((void) buf);
+    ((void) end);
+    return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+}
+#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
+#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
+#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+static int ssl_tls13_validate_certificate( mbedtls_ssl_context *ssl )
+{
+    int ret = 0;
+    mbedtls_x509_crt *ca_chain;
+    mbedtls_x509_crl *ca_crl;
+
+#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
+    if( ssl->handshake->sni_ca_chain != NULL )
+    {
+        ca_chain = ssl->handshake->sni_ca_chain;
+        ca_crl = ssl->handshake->sni_ca_crl;
+    }
+    else
+#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
+    {
+        ca_chain = ssl->conf->ca_chain;
+        ca_crl = ssl->conf->ca_crl;
+    }
+
+    /*
+     * Main check: verify certificate
+     */
+    ret = mbedtls_x509_crt_verify_with_profile(
+        ssl->session_negotiate->peer_cert,
+        ca_chain, ca_crl,
+        ssl->conf->cert_profile,
+        ssl->hostname,
+        &ssl->session_negotiate->verify_result,
+        ssl->conf->f_vrfy, ssl->conf->p_vrfy );
+
+    if( ret != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "x509_verify_cert", ret );
+    }
+
+    /*
+     * Secondary checks: always done, but change 'ret' only if it was 0
+     */
+
+#if defined(MBEDTLS_ECP_C)
+    {
+        const mbedtls_pk_context *pk = &ssl->session_negotiate->peer_cert->pk;
+
+        /* If certificate uses an EC key, make sure the curve is OK */
+        if( mbedtls_pk_can_do( pk, MBEDTLS_PK_ECKEY ) &&
+            mbedtls_ssl_check_curve( ssl, mbedtls_pk_ec( *pk )->grp.id ) != 0 )
+        {
+            ssl->session_negotiate->verify_result |= MBEDTLS_X509_BADCERT_BAD_KEY;
+
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate ( EC key curve )" ) );
+            if( ret == 0 )
+                ret = MBEDTLS_ERR_SSL_BAD_CERTIFICATE;
+        }
+    }
+#endif /* MBEDTLS_ECP_C */
+
+    if( mbedtls_ssl_check_cert_usage( ssl->session_negotiate->peer_cert,
+                                      ssl->handshake->ciphersuite_info,
+                                      !ssl->conf->endpoint,
+                                      &ssl->session_negotiate->verify_result ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate ( usage extensions )" ) );
+        if( ret == 0 )
+            ret = MBEDTLS_ERR_SSL_BAD_CERTIFICATE;
+    }
+
+
+    if( ca_chain == NULL )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no CA chain" ) );
+        ret = MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED;
+    }
+
+    if( ret != 0 )
+    {
+        /* The certificate may have been rejected for several reasons.
+           Pick one and send the corresponding alert. Which alert to send
+           may be a subject of debate in some cases. */
+        if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_OTHER )
+            MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED, ret );
+        else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_CN_MISMATCH )
+            MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_BAD_CERT, ret );
+        else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_KEY_USAGE )
+            MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT, ret );
+        else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_EXT_KEY_USAGE )
+            MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT, ret );
+        else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_NS_CERT_TYPE )
+            MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT, ret );
+        else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_BAD_PK )
+            MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT, ret );
+        else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_BAD_KEY )
+            MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT, ret );
+        else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_EXPIRED )
+            MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED, ret );
+        else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_REVOKED )
+            MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED, ret );
+        else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_NOT_TRUSTED )
+            MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA, ret );
+        else
+            MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN, ret );
+    }
+
+#if defined(MBEDTLS_DEBUG_C)
+    if( ssl->session_negotiate->verify_result != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 3, ( "! Certificate verification flags %08x",
+                                    (unsigned int) ssl->session_negotiate->verify_result ) );
+    }
+    else
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 3, ( "Certificate verification flags clear" ) );
+    }
+#endif /* MBEDTLS_DEBUG_C */
+
+    return( ret );
+}
+#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
+static int ssl_tls13_validate_certificate( mbedtls_ssl_context *ssl )
+{
+    ((void) ssl);
+    return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+}
+#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
+#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
+
+static int ssl_tls13_process_certificate_postprocess( mbedtls_ssl_context *ssl )
+{
+    mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CERTIFICATE_VERIFY );
+    return( 0 );
+}
+
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
 
 #endif /* MBEDTLS_SSL_TLS_C */

From 79595acf3f078b3ab7efea088ced5060391be0e9 Mon Sep 17 00:00:00 2001
From: Xiaofei Bai <xiaofei.bai@arm.com>
Date: Tue, 26 Oct 2021 07:16:45 +0000
Subject: [PATCH 840/966] Update based on review comments.

Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
---
 library/ssl_tls13_generic.c | 105 ++++++++++++++----------------------
 1 file changed, 40 insertions(+), 65 deletions(-)

diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 8cae7898bf..6f2c3ec178 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -225,65 +225,10 @@ int mbedtls_ssl_tls13_write_sig_alg_ext( mbedtls_ssl_context *ssl,
  *
  */
 
-/*
- * Overview
- */
-
-/* Main state-handling entry point; orchestrates the other functions. */
-int mbedtls_ssl_tls13_process_certificate( mbedtls_ssl_context *ssl );
-
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
-/* Parse certificate chain send by the server. */
-static int ssl_tls13_parse_certificate( mbedtls_ssl_context *ssl,
-                                        const unsigned char *buf,
-                                        const unsigned char *end );
-/* Validate certificate chain sent by the server. */
-static int ssl_tls13_validate_certificate( mbedtls_ssl_context *ssl );
-
-#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
-
-/* Update the state after handling the incoming certificate message. */
-static int ssl_tls13_process_certificate_postprocess( mbedtls_ssl_context *ssl );
-
 /*
  * Implementation
  */
 
-int mbedtls_ssl_tls13_process_certificate( mbedtls_ssl_context *ssl )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate" ) );
-
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
-    unsigned char *buf;
-    size_t buf_len;
-
-    MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls1_3_fetch_handshake_msg(
-                          ssl, MBEDTLS_SSL_HS_CERTIFICATE,
-                          &buf, &buf_len ) );
-
-    /* Parse the certificate chain sent by the peer. */
-    MBEDTLS_SSL_PROC_CHK( ssl_tls13_parse_certificate( ssl, buf, buf + buf_len ) );
-    /* Validate the certificate chain and set the verification results. */
-    MBEDTLS_SSL_PROC_CHK( ssl_tls13_validate_certificate( ssl ) );
-
-    mbedtls_ssl_tls1_3_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_CERTIFICATE,
-                                               buf, buf_len );
-
-#else
-    MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-    return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
-
-    /* Update state */
-    MBEDTLS_SSL_PROC_CHK( ssl_tls13_process_certificate_postprocess( ssl ) );
-
-cleanup:
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse certificate" ) );
-    return( ret );
-}
-
 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
 #if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
 /*
@@ -312,6 +257,8 @@ cleanup:
  * } Certificate;
  *
  */
+
+/* Parse certificate chain send by the server. */
 static int ssl_tls13_parse_certificate( mbedtls_ssl_context *ssl,
                                         const unsigned char *buf,
                                         const unsigned char *end )
@@ -325,11 +272,13 @@ static int ssl_tls13_parse_certificate( mbedtls_ssl_context *ssl,
     MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 4 );
     certificate_request_context_len = p[0];
     certificate_list_len = ( p[1] << 16 ) | ( p[2] << 8 ) | p[3];
+    p += 4;
 
     /* In theory, the certificate list can be up to 2^24 Bytes, but we don't
      * support anything beyond 2^16 = 64K.
      */
-    if( certificate_request_context_len != 0 )
+    if( ( certificate_request_context_len != 0 ) ||
+        ( certificate_list_len >= 0x10000 ) )
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
         MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,
@@ -356,13 +305,12 @@ static int ssl_tls13_parse_certificate( mbedtls_ssl_context *ssl,
 
     mbedtls_x509_crt_init( ssl->session_negotiate->peer_cert );
 
-    p += 4;
     certificate_list_end = p + certificate_list_len;
-    while ( p < certificate_list_end )
+    while( p < certificate_list_end )
     {
         size_t cert_data_len, extensions_len;
 
-        MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 3 );
+        MBEDTLS_SSL_CHK_BUF_READ_PTR( p, certificate_list_end, 3 );
         cert_data_len = ( ( size_t )p[0] << 16 ) |
                         ( ( size_t )p[1] << 8  ) |
                         ( ( size_t )p[2]       );
@@ -374,14 +322,14 @@ static int ssl_tls13_parse_certificate( mbedtls_ssl_context *ssl,
          * clear why we need that though.
          */
         if( ( cert_data_len < 128 ) || ( cert_data_len >= 0x10000 ) )
-	{
+        {
             MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad Certificate message" ) );
             MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,
                                           MBEDTLS_ERR_SSL_DECODE_ERROR );
             return( MBEDTLS_ERR_SSL_DECODE_ERROR );
         }
 
-        MBEDTLS_SSL_CHK_BUF_READ_PTR( p, certificate_list_end, cert_data_len);
+        MBEDTLS_SSL_CHK_BUF_READ_PTR( p, certificate_list_end, cert_data_len );
         ret = mbedtls_x509_crt_parse_der( ssl->session_negotiate->peer_cert,
                                           p, cert_data_len );
 
@@ -419,7 +367,7 @@ static int ssl_tls13_parse_certificate( mbedtls_ssl_context *ssl,
         MBEDTLS_SSL_CHK_BUF_READ_PTR( p, certificate_list_end, 2 );
         extensions_len = MBEDTLS_GET_UINT16_BE( p, 0 );
         p += 2;
-        MBEDTLS_SSL_CHK_BUF_READ_PTR( p, certificate_list_end, extensions_len);
+        MBEDTLS_SSL_CHK_BUF_READ_PTR( p, certificate_list_end, extensions_len );
         p += extensions_len;
     }
 
@@ -451,6 +399,7 @@ static int ssl_tls13_parse_certificate( mbedtls_ssl_context *ssl,
 
 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
 #if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+/* Validate certificate chain sent by the server. */
 static int ssl_tls13_validate_certificate( mbedtls_ssl_context *ssl )
 {
     int ret = 0;
@@ -576,10 +525,36 @@ static int ssl_tls13_validate_certificate( mbedtls_ssl_context *ssl )
 #endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
 
-static int ssl_tls13_process_certificate_postprocess( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_tls13_process_certificate( mbedtls_ssl_context *ssl )
 {
-    mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CERTIFICATE_VERIFY );
-    return( 0 );
+    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate" ) );
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
+    unsigned char *buf;
+    size_t buf_len;
+
+    MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls1_3_fetch_handshake_msg(
+                          ssl, MBEDTLS_SSL_HS_CERTIFICATE,
+                          &buf, &buf_len ) );
+
+    /* Parse the certificate chain sent by the peer. */
+    MBEDTLS_SSL_PROC_CHK( ssl_tls13_parse_certificate( ssl, buf, buf + buf_len ) );
+    /* Validate the certificate chain and set the verification results. */
+    MBEDTLS_SSL_PROC_CHK( ssl_tls13_validate_certificate( ssl ) );
+
+    mbedtls_ssl_tls1_3_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_CERTIFICATE,
+                                               buf, buf_len );
+
+#else
+    MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+    return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
+
+cleanup:
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse certificate" ) );
+    return( ret );
 }
 
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */

From 10aeec0685c878601cc65aee4fc424be9f65e823 Mon Sep 17 00:00:00 2001
From: Xiaofei Bai <xiaofei.bai@arm.com>
Date: Tue, 26 Oct 2021 09:50:08 +0000
Subject: [PATCH 841/966] Fix a build error

Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
---
 library/ssl_tls13_generic.c | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 6f2c3ec178..0157726afb 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -546,14 +546,13 @@ int mbedtls_ssl_tls13_process_certificate( mbedtls_ssl_context *ssl )
     mbedtls_ssl_tls1_3_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_CERTIFICATE,
                                                buf, buf_len );
 
-#else
-    MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-    return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
-
 cleanup:
 
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse certificate" ) );
+#else
+    MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+    ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
+#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
     return( ret );
 }
 

From ff45602c7438b9900c44519f4a9c54d8d30c7a39 Mon Sep 17 00:00:00 2001
From: Xiaofei Bai <xiaofei.bai@arm.com>
Date: Thu, 28 Oct 2021 06:50:17 +0000
Subject: [PATCH 842/966] Add local variable verify_result

Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
---
 library/ssl_tls13_generic.c | 36 +++++++++++++++++-------------------
 1 file changed, 17 insertions(+), 19 deletions(-)

diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 0157726afb..026c94c7e7 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -405,6 +405,7 @@ static int ssl_tls13_validate_certificate( mbedtls_ssl_context *ssl )
     int ret = 0;
     mbedtls_x509_crt *ca_chain;
     mbedtls_x509_crl *ca_crl;
+    uint32_t verify_result = 0;
 
 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
     if( ssl->handshake->sni_ca_chain != NULL )
@@ -427,7 +428,7 @@ static int ssl_tls13_validate_certificate( mbedtls_ssl_context *ssl )
         ca_chain, ca_crl,
         ssl->conf->cert_profile,
         ssl->hostname,
-        &ssl->session_negotiate->verify_result,
+        &verify_result,
         ssl->conf->f_vrfy, ssl->conf->p_vrfy );
 
     if( ret != 0 )
@@ -447,7 +448,7 @@ static int ssl_tls13_validate_certificate( mbedtls_ssl_context *ssl )
         if( mbedtls_pk_can_do( pk, MBEDTLS_PK_ECKEY ) &&
             mbedtls_ssl_check_curve( ssl, mbedtls_pk_ec( *pk )->grp.id ) != 0 )
         {
-            ssl->session_negotiate->verify_result |= MBEDTLS_X509_BADCERT_BAD_KEY;
+            verify_result |= MBEDTLS_X509_BADCERT_BAD_KEY;
 
             MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate ( EC key curve )" ) );
             if( ret == 0 )
@@ -459,7 +460,7 @@ static int ssl_tls13_validate_certificate( mbedtls_ssl_context *ssl )
     if( mbedtls_ssl_check_cert_usage( ssl->session_negotiate->peer_cert,
                                       ssl->handshake->ciphersuite_info,
                                       !ssl->conf->endpoint,
-                                      &ssl->session_negotiate->verify_result ) != 0 )
+                                      &verify_result ) != 0 )
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate ( usage extensions )" ) );
         if( ret == 0 )
@@ -478,35 +479,31 @@ static int ssl_tls13_validate_certificate( mbedtls_ssl_context *ssl )
         /* The certificate may have been rejected for several reasons.
            Pick one and send the corresponding alert. Which alert to send
            may be a subject of debate in some cases. */
-        if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_OTHER )
+        if( verify_result & MBEDTLS_X509_BADCERT_OTHER )
             MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED, ret );
-        else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_CN_MISMATCH )
+        else if( verify_result & MBEDTLS_X509_BADCERT_CN_MISMATCH )
             MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_BAD_CERT, ret );
-        else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_KEY_USAGE )
+        else if( ( verify_result & MBEDTLS_X509_BADCERT_KEY_USAGE ) ||
+                 ( verify_result & MBEDTLS_X509_BADCERT_EXT_KEY_USAGE ) ||
+                 ( verify_result & MBEDTLS_X509_BADCERT_NS_CERT_TYPE ) ||
+                 ( verify_result & MBEDTLS_X509_BADCERT_BAD_PK ) ||
+                 ( verify_result & MBEDTLS_X509_BADCERT_BAD_KEY ) )
             MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT, ret );
-        else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_EXT_KEY_USAGE )
-            MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT, ret );
-        else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_NS_CERT_TYPE )
-            MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT, ret );
-        else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_BAD_PK )
-            MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT, ret );
-        else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_BAD_KEY )
-            MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT, ret );
-        else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_EXPIRED )
+        else if( verify_result & MBEDTLS_X509_BADCERT_EXPIRED )
             MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED, ret );
-        else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_REVOKED )
+        else if( verify_result & MBEDTLS_X509_BADCERT_REVOKED )
             MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED, ret );
-        else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_NOT_TRUSTED )
+        else if( verify_result & MBEDTLS_X509_BADCERT_NOT_TRUSTED )
             MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA, ret );
         else
             MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN, ret );
     }
 
 #if defined(MBEDTLS_DEBUG_C)
-    if( ssl->session_negotiate->verify_result != 0 )
+    if( verify_result != 0 )
     {
         MBEDTLS_SSL_DEBUG_MSG( 3, ( "! Certificate verification flags %08x",
-                                    (unsigned int) ssl->session_negotiate->verify_result ) );
+                                    verify_result ) );
     }
     else
     {
@@ -514,6 +511,7 @@ static int ssl_tls13_validate_certificate( mbedtls_ssl_context *ssl )
     }
 #endif /* MBEDTLS_DEBUG_C */
 
+    ssl->session_negotiate->verify_result = verify_result;
     return( ret );
 }
 #else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */

From 937ac673fae8a06143753ae4e1b1129fd0636af1 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Thu, 28 Oct 2021 17:39:28 +0800
Subject: [PATCH 843/966] Disable client cert for gnutls tests

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 tests/ssl-opt.sh | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index f9bfec2e1e..70b9f4b7a0 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -8763,6 +8763,7 @@ run_test    "export keys functionality" \
 
 # openssl feature tests: check if tls1.3 exists.
 requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
 run_test    "TLS1.3: Test openssl tls1_3 feature" \
             "$O_NEXT_SRV -tls1_3 -msg" \
             "$O_NEXT_CLI -tls1_3 -msg" \
@@ -8774,8 +8775,9 @@ run_test    "TLS1.3: Test openssl tls1_3 feature" \
 requires_gnutls_tls1_3
 requires_gnutls_next_no_ticket
 requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
 run_test    "TLS1.3: Test gnutls tls1_3 feature" \
-            "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
+            "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE --disable-client-cert " \
             "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \
             0 \
             -s "Version: TLS1.3" \
@@ -8832,10 +8834,12 @@ run_test    "TLS1.3: Test client hello msg work - openssl" \
             -c "<= parse encrypted extensions"
 
 requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
 requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
 run_test    "TLS1.3: Test client hello msg work - gnutls" \
-            "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%DISABLE_TLS13_COMPAT_MODE --debug=4" \
+            "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE --disable-client-cert" \
             "$P_CLI debug_level=3 min_version=tls1_3 max_version=tls1_3" \
             1 \
             -c "SSL - The requested feature is not available" \

From a93ac116c80e7955b6c0d8892e7dfeb9fd31bb84 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Wed, 27 Oct 2021 16:31:48 +0800
Subject: [PATCH 844/966] Remove certificate_request state

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_tls13_client.c | 29 +++++++++++++----------------
 1 file changed, 13 insertions(+), 16 deletions(-)

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 44c7b1ecc9..7be69fac3a 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -1523,20 +1523,19 @@ static int ssl_tls13_parse_encrypted_extensions( mbedtls_ssl_context *ssl,
 
 static int ssl_tls13_postprocess_encrypted_extensions( mbedtls_ssl_context *ssl )
 {
-    mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CERTIFICATE_REQUEST );
-    return( 0 );
-}
-
-/*
- * Handler for  MBEDTLS_SSL_CERTIFICATE_REQUEST
- */
-static int ssl_tls1_3_process_certificate_request( mbedtls_ssl_context *ssl )
-{
-    MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) );
-    mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_CERTIFICATE );
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+    if( mbedtls_ssl_tls1_3_some_psk_enabled( ssl ) )
+        mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_FINISHED );
+    else
+        mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_CERTIFICATE );
+#else
+    ((void) ssl);
+    mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_FINISHED );
+#endif
     return( 0 );
 }
 
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
 /*
  * Handler for MBEDTLS_SSL_SERVER_CERTIFICATE
  */
@@ -1561,7 +1560,7 @@ static int ssl_tls1_3_process_certificate_verify( mbedtls_ssl_context *ssl )
     mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_FINISHED );
     return( 0 );
 }
-
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
 /*
  * Handler for MBEDTLS_SSL_SERVER_FINISHED
  */
@@ -1647,10 +1646,7 @@ int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl )
             ret = ssl_tls13_process_encrypted_extensions( ssl );
             break;
 
-        case MBEDTLS_SSL_CERTIFICATE_REQUEST:
-            ret = ssl_tls1_3_process_certificate_request( ssl );
-            break;
-
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
         case MBEDTLS_SSL_SERVER_CERTIFICATE:
             ret = ssl_tls1_3_process_server_certificate( ssl );
             break;
@@ -1658,6 +1654,7 @@ int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl )
         case MBEDTLS_SSL_CERTIFICATE_VERIFY:
             ret = ssl_tls1_3_process_certificate_verify( ssl );
             break;
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
 
         case MBEDTLS_SSL_SERVER_FINISHED:
             ret = ssl_tls1_3_process_server_finished( ssl );

From 7aa71860221aaa27c5a7594bf9dbb8a3e2b199f2 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Thu, 28 Oct 2021 21:41:30 +0800
Subject: [PATCH 845/966] fix various issues

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_tls13_client.c  | 4 ++--
 library/ssl_tls13_generic.c | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 7be69fac3a..49ca7f0b8b 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -1501,7 +1501,7 @@ static int ssl_tls13_parse_encrypted_extensions( mbedtls_ssl_context *ssl,
                 MBEDTLS_SSL_DEBUG_MSG(
                     3, ( "unsupported extension found: %u ", extension_type) );
                 MBEDTLS_SSL_PEND_FATAL_ALERT(
-                    MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT,   \
+                    MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT,
                     MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION );
                 return ( MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION );
         }
@@ -1513,7 +1513,7 @@ static int ssl_tls13_parse_encrypted_extensions( mbedtls_ssl_context *ssl,
     if( p != end )
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "EncryptedExtension lengths misaligned" ) );
-        MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,   \
+        MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,
                                       MBEDTLS_ERR_SSL_DECODE_ERROR );
         return( MBEDTLS_ERR_SSL_DECODE_ERROR );
     }
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 026c94c7e7..598b2bc375 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -271,7 +271,7 @@ static int ssl_tls13_parse_certificate( mbedtls_ssl_context *ssl,
 
     MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 4 );
     certificate_request_context_len = p[0];
-    certificate_list_len = ( p[1] << 16 ) | ( p[2] << 8 ) | p[3];
+    certificate_list_len = MBEDTLS_GET_UINT24_BE( p, 0 );
     p += 4;
 
     /* In theory, the certificate list can be up to 2^24 Bytes, but we don't

From 83bb13101ab37dbe78135fade230b865d1105d22 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Thu, 28 Oct 2021 22:16:33 +0800
Subject: [PATCH 846/966] fix format warning

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_tls13_generic.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 598b2bc375..18bb984178 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -503,7 +503,7 @@ static int ssl_tls13_validate_certificate( mbedtls_ssl_context *ssl )
     if( verify_result != 0 )
     {
         MBEDTLS_SSL_DEBUG_MSG( 3, ( "! Certificate verification flags %08x",
-                                    verify_result ) );
+                                    (unsigned int) verify_result ) );
     }
     else
     {

From 36b70b2a4e75855c1c1de6c0e2a011aa16a2f5f6 Mon Sep 17 00:00:00 2001
From: Brett Warren <brett.warren@arm.com>
Date: Tue, 19 Oct 2021 23:39:07 +0100
Subject: [PATCH 847/966] Change MBEDTLS_ECP_DP_MAX to 14

Signed-off-by: Brett Warren <brett.warren@arm.com>
---
 include/mbedtls/ecp.h | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h
index b2a2e32564..5b26084d45 100644
--- a/include/mbedtls/ecp.h
+++ b/include/mbedtls/ecp.h
@@ -130,10 +130,8 @@ typedef enum
 
 /**
  * The number of supported curves, plus one for #MBEDTLS_ECP_DP_NONE.
- *
- * \note Montgomery curves are currently excluded.
  */
-#define MBEDTLS_ECP_DP_MAX     12
+#define MBEDTLS_ECP_DP_MAX     14
 
 /*
  * Curve types

From a706e5e317fca6812a96df78cc6305c3c45d16fd Mon Sep 17 00:00:00 2001
From: Mateusz Starzyk <mateusz.starzyk@mobica.com>
Date: Thu, 28 Oct 2021 17:59:06 +0200
Subject: [PATCH 848/966] Add missing cipher mode translations for PSA

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
---
 include/mbedtls/psa_util.h | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h
index 80bcd721c0..c54c035c37 100644
--- a/include/mbedtls/psa_util.h
+++ b/include/mbedtls/psa_util.h
@@ -51,6 +51,9 @@ static inline psa_key_type_t mbedtls_psa_translate_cipher_type(
         case MBEDTLS_CIPHER_AES_128_CCM:
         case MBEDTLS_CIPHER_AES_192_CCM:
         case MBEDTLS_CIPHER_AES_256_CCM:
+        case MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:
+        case MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:
+        case MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:
         case MBEDTLS_CIPHER_AES_128_GCM:
         case MBEDTLS_CIPHER_AES_192_GCM:
         case MBEDTLS_CIPHER_AES_256_GCM:
@@ -66,6 +69,9 @@ static inline psa_key_type_t mbedtls_psa_translate_cipher_type(
         /* case MBEDTLS_CIPHER_ARIA_128_CCM:
            case MBEDTLS_CIPHER_ARIA_192_CCM:
            case MBEDTLS_CIPHER_ARIA_256_CCM:
+           case MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:
+           case MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:
+           case MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:
            case MBEDTLS_CIPHER_ARIA_128_GCM:
            case MBEDTLS_CIPHER_ARIA_192_GCM:
            case MBEDTLS_CIPHER_ARIA_256_GCM:
@@ -90,6 +96,8 @@ static inline psa_algorithm_t mbedtls_psa_translate_cipher_mode(
             return( PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, taglen ) );
         case MBEDTLS_MODE_CCM:
             return( PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, taglen ) );
+        case MBEDTLS_MODE_CCM_STAR_NO_TAG:
+            return PSA_ALG_CCM_STAR_NO_TAG;
         case MBEDTLS_MODE_CBC:
             if( taglen == 0 )
                 return( PSA_ALG_CBC_NO_PADDING );

From 10fad74a1fee8c691948a5ccff7ae7624a1efe2e Mon Sep 17 00:00:00 2001
From: Mateusz Starzyk <mateusz.starzyk@mobica.com>
Date: Thu, 28 Oct 2021 18:00:33 +0200
Subject: [PATCH 849/966] Extend CCM*-no-tag tests

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
---
 tests/suites/test_suite_cipher.aes.data      | 48 ++++++++++++++++++++
 tests/suites/test_suite_cipher.aria.data     | 24 ++++++++++
 tests/suites/test_suite_cipher.camellia.data | 24 ++++++++++
 3 files changed, 96 insertions(+)

diff --git a/tests/suites/test_suite_cipher.aes.data b/tests/suites/test_suite_cipher.aes.data
index bd5c2f68f8..8c2ba3c221 100644
--- a/tests/suites/test_suite_cipher.aes.data
+++ b/tests/suites/test_suite_cipher.aes.data
@@ -2206,6 +2206,54 @@ AES-256-ECB crypt Decrypt NIST KAT #4 PSA
 depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
 test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"":"5c9d844ed46f9885085e5d6a4f94c7d7":"014730f80ac625fe84f026c60bfd547d":0:1
 
+AES-128-CCM*-NO-TAG crypt Encrypt NIST VPT AES-128 #15
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+test_vec_crypt:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:MBEDTLS_ENCRYPT:"7301c907b9d2aaac355c5416ff25c59b":"7304b65b6dab466273862c88b9":"484300aa3a506afcd313b49ead8d":"928ca58b0d373dc50c52afac787c":0:0
+
+AES-128-CCM*-NO-TAG crypt Decrypt NIST DVPT AES-128 #15
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+test_vec_crypt:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:MBEDTLS_DECRYPT:"90929a4b0ac65b350ad1591611fe4829":"5a8aa485c316e9403aff859fbb":"4bfe4e35784f0a65b545477e5e2f4bae0e1e6fa717eaf2cb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697":0:0
+
+AES-192-CCM*-NO-TAG crypt Encrypt NIST VTT AES-192 #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+test_vec_crypt:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:MBEDTLS_ENCRYPT:"11fd45743d946e6d37341fec49947e8c70482494a8f07fcc":"c6aeebcb146cfafaae66f78aab":"ee7e6075ba52846de5d6254959a18affc4faf59c8ef63489":"137d9da59baf5cbfd46620c5f298fc766de10ac68e774edf":0:0
+
+AES-192-CCM*-NO-TAG crypt Decrypt NIST DVPT AES-192 #15
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+test_vec_crypt:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:MBEDTLS_DECRYPT:"90929a4b0ac65b350ad1591611fe48297e03956f6083e451":"5a8aa485c316e9403aff859fbb":"a5b7d8cca2069908d1ed88e6a9fe2c9bede3131dad54671e":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697":0:0
+
+AES-256-CCM*-NO-TAG crypt Encrypt NIST VADT AES-256 #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+test_vec_crypt:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:MBEDTLS_ENCRYPT:"26511fb51fcfa75cb4b44da75a6e5a0eb8d9c8f3b906f886df3ba3e6da3a1389":"72a60f345a1978fb40f28a2fa4":"30d56ff2a25b83fee791110fcaea48e41db7c7f098a81000":"55f068c0bbba8b598013dd1841fd740fda2902322148ab5e":0:0
+
+AES-256-CCM*-NO-TAG crypt Decrypt NIST DVPT AES-256 #13
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+test_vec_crypt:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:MBEDTLS_DECRYPT:"f7079dfa3b5c7b056347d7e437bcded683abd6e2c9e069d333284082cbb5d453":"a544218dadd3c10583db49cf39":"63e00d30e4b08fd2a1cc8d70fab327b2368e77a93be4f412":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e":0:0
+
+AES-128-CCM*-NO-TAG crypt Encrypt NIST VPT AES-128 #15 PSA
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+test_vec_crypt:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:MBEDTLS_ENCRYPT:"7301c907b9d2aaac355c5416ff25c59b":"7304b65b6dab466273862c88b9":"484300aa3a506afcd313b49ead8d":"928ca58b0d373dc50c52afac787c":0:1
+
+AES-128-CCM*-NO-TAG crypt Decrypt NIST DVPT AES-128 #15 PSA
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+test_vec_crypt:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:MBEDTLS_DECRYPT:"90929a4b0ac65b350ad1591611fe4829":"5a8aa485c316e9403aff859fbb":"4bfe4e35784f0a65b545477e5e2f4bae0e1e6fa717eaf2cb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697":0:1
+
+AES-192-CCM*-NO-TAG crypt Encrypt NIST VTT AES-192 #1 PSA
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+test_vec_crypt:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:MBEDTLS_ENCRYPT:"11fd45743d946e6d37341fec49947e8c70482494a8f07fcc":"c6aeebcb146cfafaae66f78aab":"ee7e6075ba52846de5d6254959a18affc4faf59c8ef63489":"137d9da59baf5cbfd46620c5f298fc766de10ac68e774edf":0:1
+
+AES-192-CCM*-NO-TAG crypt Decrypt NIST DVPT AES-192 #15 PSA
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+test_vec_crypt:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:MBEDTLS_DECRYPT:"90929a4b0ac65b350ad1591611fe48297e03956f6083e451":"5a8aa485c316e9403aff859fbb":"a5b7d8cca2069908d1ed88e6a9fe2c9bede3131dad54671e":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697":0:1
+
+AES-256-CCM*-NO-TAG crypt Encrypt NIST VADT AES-256 #1 PSA
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+test_vec_crypt:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:MBEDTLS_ENCRYPT:"26511fb51fcfa75cb4b44da75a6e5a0eb8d9c8f3b906f886df3ba3e6da3a1389":"72a60f345a1978fb40f28a2fa4":"30d56ff2a25b83fee791110fcaea48e41db7c7f098a81000":"55f068c0bbba8b598013dd1841fd740fda2902322148ab5e":0:1
+
+AES-256-CCM*-NO-TAG crypt Decrypt NIST DVPT AES-256 #13 PSA
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+test_vec_crypt:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:MBEDTLS_DECRYPT:"f7079dfa3b5c7b056347d7e437bcded683abd6e2c9e069d333284082cbb5d453":"a544218dadd3c10583db49cf39":"63e00d30e4b08fd2a1cc8d70fab327b2368e77a93be4f412":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e":0:1
+
 Cipher Corner Case behaviours
 depends_on:MBEDTLS_AES_C
 cipher_special_behaviours:
diff --git a/tests/suites/test_suite_cipher.aria.data b/tests/suites/test_suite_cipher.aria.data
index 4b14bcc78b..c1e19909bc 100644
--- a/tests/suites/test_suite_cipher.aria.data
+++ b/tests/suites/test_suite_cipher.aria.data
@@ -313,3 +313,27 @@ enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:256:17:6:-1:17:6:1
 ARIA-256-CCM*-NO-TAG - Encrypt and decrypt 32 bytes in multiple parts 1
 depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
 enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:256:16:16:-1:16:16:16:16
+
+ARIA-128-CCM*-NO-TAG crypt Encrypt
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+test_vec_crypt:MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:MBEDTLS_ENCRYPT:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"00000003020100A0A1A2A3A4A5":"08090A0B0C0D0E0F101112131415161718191A1B1C1D1E":"6781f39fdf8d1c44165fc40ee2fb11f1d6e2ddc8c6512b":0:0
+
+ARIA-128-CCM*-NO-TAG crypt Decrypt
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+test_vec_crypt:MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:MBEDTLS_DECRYPT:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"00000003020100A0A1A2A3A4A5":"08090A0B0C0D0E0F101112131415161718191A1B1C1D1E":"6781f39fdf8d1c44165fc40ee2fb11f1d6e2ddc8c6512b":0:0
+
+ARIA-192-CCM*-NO-TAG crypt Encrypt
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+test_vec_crypt:MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:MBEDTLS_ENCRYPT:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECFC0C1C2C3C4C5C6C7":"00000003020100A0A1A2A3A4A5":"08090A0B0C0D0E0F101112131415161718191A1B1C1D1E":"993df86214d98ae70582c784903702e349dd64ece488c2":0:0
+
+ARIA-192-CCM*-NO-TAG crypt Decrypt
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+test_vec_crypt:MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:MBEDTLS_DECRYPT:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECFC0C1C2C3C4C5C6C7":"00000003020100A0A1A2A3A4A5":"08090A0B0C0D0E0F101112131415161718191A1B1C1D1E":"993df86214d98ae70582c784903702e349dd64ece488c2":0:0
+
+ARIA-256-CCM*-NO-TAG crypt Encrypt
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+test_vec_crypt:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:MBEDTLS_ENCRYPT:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECFC0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"00000003020100A0A1A2A3A4A5":"08090A0B0C0D0E0F101112131415161718191A1B1C1D1E":"5fdd984a6aa77c1d9a204c08f28172c4b4528bee27c41f":0:0
+
+ARIA-256-CCM*-NO-TAG crypt Decrypt
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+test_vec_crypt:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:MBEDTLS_DECRYPT:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECFC0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"00000003020100A0A1A2A3A4A5":"08090A0B0C0D0E0F101112131415161718191A1B1C1D1E":"5fdd984a6aa77c1d9a204c08f28172c4b4528bee27c41f":0:0
diff --git a/tests/suites/test_suite_cipher.camellia.data b/tests/suites/test_suite_cipher.camellia.data
index 2c7a069ca2..31fe92286f 100644
--- a/tests/suites/test_suite_cipher.camellia.data
+++ b/tests/suites/test_suite_cipher.camellia.data
@@ -1077,3 +1077,27 @@ enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:256:17:6:-1:17
 CAMELLIA-256-CCM*-NO-TAG - Encrypt and decrypt 32 bytes in multiple parts 1
 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
 enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:256:16:16:-1:16:16:16:16
+
+CAMELLIA-128-CCM*-NO-TAG crypt Encrypt
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+test_vec_crypt:MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG:MBEDTLS_ENCRYPT:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"00000003020100A0A1A2A3A4A5":"08090A0B0C0D0E0F101112131415161718191A1B1C1D1E":"BA737185E719310492F38A5F1251DA55FAFBC949848A0D":0:0
+
+CAMELLIA-128-CCM*-NO-TAG crypt Decrypt
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+test_vec_crypt:MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG:MBEDTLS_DECRYPT:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"00000003020100A0A1A2A3A4A5":"08090A0B0C0D0E0F101112131415161718191A1B1C1D1E":"BA737185E719310492F38A5F1251DA55FAFBC949848A0D":0:0
+
+CAMELLIA-192-CCM*-NO-TAG crypt Encrypt
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+test_vec_crypt:MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG:MBEDTLS_ENCRYPT:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECFC0C1C2C3C4C5C6C7":"00000003020100A0A1A2A3A4A5":"08090A0B0C0D0E0F101112131415161718191A1B1C1D1E":"c3ceaa2a68fb31d8347a83950f25f3a7956b8a284a5b35":0:0
+
+CAMELLIA-192-CCM*-NO-TAG crypt Decrypt
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+test_vec_crypt:MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG:MBEDTLS_DECRYPT:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECFC0C1C2C3C4C5C6C7":"00000003020100A0A1A2A3A4A5":"08090A0B0C0D0E0F101112131415161718191A1B1C1D1E":"c3ceaa2a68fb31d8347a83950f25f3a7956b8a284a5b35":0:0
+
+CAMELLIA-256-CCM*-NO-TAG crypt Encrypt
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+test_vec_crypt:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:MBEDTLS_ENCRYPT:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECFC0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"00000003020100A0A1A2A3A4A5":"08090A0B0C0D0E0F101112131415161718191A1B1C1D1E":"933f749801d0e1262cd101831defd8366ab2a22e7c03cd":0:0
+
+CAMELLIA-256-CCM*-NO-TAG crypt Decrypt
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+test_vec_crypt:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:MBEDTLS_DECRYPT:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECFC0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"00000003020100A0A1A2A3A4A5":"08090A0B0C0D0E0F101112131415161718191A1B1C1D1E":"933f749801d0e1262cd101831defd8366ab2a22e7c03cd":0:0

From b640bf6c15c87d0c2dea1f27632052f39236842e Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Fri, 29 Oct 2021 10:05:32 +0800
Subject: [PATCH 850/966] fix CI build fail

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_tls13_generic.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 18bb984178..9e643d478d 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -271,7 +271,7 @@ static int ssl_tls13_parse_certificate( mbedtls_ssl_context *ssl,
 
     MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 4 );
     certificate_request_context_len = p[0];
-    certificate_list_len = MBEDTLS_GET_UINT24_BE( p, 0 );
+    certificate_list_len = MBEDTLS_GET_UINT24_BE( p, 1 );
     p += 4;
 
     /* In theory, the certificate list can be up to 2^24 Bytes, but we don't

From d2674314a3a783cc4fb639512916eeacb4f9be0a Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Fri, 29 Oct 2021 10:08:19 +0800
Subject: [PATCH 851/966] Restore certificate_request state

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_tls13_client.c | 34 +++++++++++++++++++++++++++++++++-
 1 file changed, 33 insertions(+), 1 deletion(-)

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 49ca7f0b8b..f1a31cab6b 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -1527,7 +1527,7 @@ static int ssl_tls13_postprocess_encrypted_extensions( mbedtls_ssl_context *ssl
     if( mbedtls_ssl_tls1_3_some_psk_enabled( ssl ) )
         mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_FINISHED );
     else
-        mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_CERTIFICATE );
+        mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CERTIFICATE_REQUEST );
 #else
     ((void) ssl);
     mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_FINISHED );
@@ -1536,6 +1536,34 @@ static int ssl_tls13_postprocess_encrypted_extensions( mbedtls_ssl_context *ssl
 }
 
 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+/*
+ * Handler for  MBEDTLS_SSL_CERTIFICATE_REQUEST
+ */
+static int ssl_tls13_process_certificate_request( mbedtls_ssl_context *ssl )
+{
+    int ret = mbedtls_ssl_read_record( ssl, 0 );
+
+    if( ret != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
+        return( ret );
+    }
+
+    if( ( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE ) &&
+        ( ssl->in_msg[0] == MBEDTLS_SSL_HS_CERTIFICATE_REQUEST ) )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "CertificateRequest not supported" ) );
+        MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE,
+                                      MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+        return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+    }
+
+    ssl->keep_current_message = 1;
+    mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_CERTIFICATE );
+
+    return( 0 );
+}
+
 /*
  * Handler for MBEDTLS_SSL_SERVER_CERTIFICATE
  */
@@ -1647,6 +1675,10 @@ int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl )
             break;
 
 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+        case MBEDTLS_SSL_CERTIFICATE_REQUEST:
+            ret = ssl_tls13_process_certificate_request( ssl );
+            break;
+
         case MBEDTLS_SSL_SERVER_CERTIFICATE:
             ret = ssl_tls1_3_process_server_certificate( ssl );
             break;

From 1df3db04676851fc1e2d3d3f252a9c9ed19c4430 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Fri, 29 Oct 2021 10:18:43 +0800
Subject: [PATCH 852/966] Add certificate success check

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 tests/ssl-opt.sh | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 70b9f4b7a0..993021013c 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -8831,6 +8831,7 @@ run_test    "TLS1.3: Test client hello msg work - openssl" \
             -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
             -c "ECDH curve: x25519"         \
             -c "=> ssl_tls1_3_process_server_hello" \
+            -c "Certificate verification flags clear" \
             -c "<= parse encrypted extensions"
 
 requires_gnutls_tls1_3
@@ -8860,6 +8861,7 @@ run_test    "TLS1.3: Test client hello msg work - gnutls" \
             -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
             -c "ECDH curve: x25519"         \
             -c "=> ssl_tls1_3_process_server_hello" \
+            -c "Certificate verification flags clear" \
             -c "<= parse encrypted extensions"
 
 # Test heap memory usage after handshake

From f93cbd267443e27e9b5e3a53742fb0f20cf6a5ea Mon Sep 17 00:00:00 2001
From: Xiaofei Bai <xiaofei.bai@arm.com>
Date: Fri, 29 Oct 2021 02:39:30 +0000
Subject: [PATCH 853/966] fix some format issues

Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
---
 library/ssl_tls13_client.c  |  2 +-
 library/ssl_tls13_generic.c | 14 ++++++--------
 2 files changed, 7 insertions(+), 9 deletions(-)

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index f1a31cab6b..0fb09c4ced 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -1572,7 +1572,7 @@ static int ssl_tls1_3_process_server_certificate( mbedtls_ssl_context *ssl )
     int ret;
 
     ret = mbedtls_ssl_tls13_process_certificate( ssl );
-    if( ret != 0)
+    if( ret != 0 )
         return( ret );
 
     mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CERTIFICATE_VERIFY );
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 9e643d478d..c8601ce17e 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -311,9 +311,7 @@ static int ssl_tls13_parse_certificate( mbedtls_ssl_context *ssl,
         size_t cert_data_len, extensions_len;
 
         MBEDTLS_SSL_CHK_BUF_READ_PTR( p, certificate_list_end, 3 );
-        cert_data_len = ( ( size_t )p[0] << 16 ) |
-                        ( ( size_t )p[1] << 8  ) |
-                        ( ( size_t )p[2]       );
+        cert_data_len = MBEDTLS_GET_UINT24_BE( p, 0 );
         p += 3;
 
         /* In theory, the CRT can be up to 2^24 Bytes, but we don't support
@@ -483,11 +481,11 @@ static int ssl_tls13_validate_certificate( mbedtls_ssl_context *ssl )
             MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED, ret );
         else if( verify_result & MBEDTLS_X509_BADCERT_CN_MISMATCH )
             MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_BAD_CERT, ret );
-        else if( ( verify_result & MBEDTLS_X509_BADCERT_KEY_USAGE ) ||
-                 ( verify_result & MBEDTLS_X509_BADCERT_EXT_KEY_USAGE ) ||
-                 ( verify_result & MBEDTLS_X509_BADCERT_NS_CERT_TYPE ) ||
-                 ( verify_result & MBEDTLS_X509_BADCERT_BAD_PK ) ||
-                 ( verify_result & MBEDTLS_X509_BADCERT_BAD_KEY ) )
+        else if( verify_result & ( MBEDTLS_X509_BADCERT_KEY_USAGE |
+                                   MBEDTLS_X509_BADCERT_EXT_KEY_USAGE |
+                                   MBEDTLS_X509_BADCERT_NS_CERT_TYPE |
+                                   MBEDTLS_X509_BADCERT_BAD_PK |
+                                   MBEDTLS_X509_BADCERT_BAD_KEY ) )
             MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT, ret );
         else if( verify_result & MBEDTLS_X509_BADCERT_EXPIRED )
             MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED, ret );

From ca9236b0c56ac290e9f2c8da15330914dbd8bdaa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= <bence.szepkuti@arm.com>
Date: Mon, 25 Oct 2021 19:29:07 +0200
Subject: [PATCH 854/966] Make the changes easier to backport
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The code replaced in this patch was not compatible with the
development_2.x branch.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
---
 tests/scripts/all.sh                 | 12 +++++++++---
 tests/scripts/test_psa_compliance.py |  5 ++---
 2 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 68163559a8..d86a9f773b 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -2758,15 +2758,21 @@ component_test_zeroize () {
 
 component_test_psa_compliance () {
     msg "build: make, default config (out-of-box), libmbedcrypto.a only"
-    make library/libmbedcrypto.a
+    make -C library libmbedcrypto.a
 
     msg "unit test: test_psa_compliance.py"
     ./tests/scripts/test_psa_compliance.py
 }
 
 support_test_psa_compliance () {
-    local ver=($(cmake --version | sed 's/cmake version //; y/./ /; q'))
-    [ "${ver[0]}" -eq 3 ] && [ "${ver[1]}" -ge 10 ]
+    ver="$(cmake --version)"
+    ver="${ver#cmake version }"
+    ver_major="${ver%%.*}"
+
+    ver="${ver#*.}"
+    ver_minor="${ver%%.*}"
+
+    [ "$ver_major" -eq 3 ] && [ "$ver_minor" -ge 10 ]
 }
 
 component_check_python_files () {
diff --git a/tests/scripts/test_psa_compliance.py b/tests/scripts/test_psa_compliance.py
index 07fa76e60f..d6fe8c4407 100755
--- a/tests/scripts/test_psa_compliance.py
+++ b/tests/scripts/test_psa_compliance.py
@@ -16,9 +16,8 @@ PSA_ARCH_TESTS_REF = 'crypto1.0-3.0'
 def main():
     mbedtls_dir = os.getcwd()
 
-    mbedcrypto_lib = 'library/libmbedcrypto.a'
-    if not os.path.exists(mbedcrypto_lib):
-        subprocess.check_call(['make', mbedcrypto_lib])
+    if not os.path.exists('library/libmbedcrypto.a'):
+        subprocess.check_call(['make', '-C', 'library', 'libmbedcrypto.a'])
 
     psa_arch_tests_dir = 'psa-arch-tests'
     try:

From e0edc8407b7df1467036b9b8706e37e99e6dfc22 Mon Sep 17 00:00:00 2001
From: Brett Warren <brett.warren@arm.com>
Date: Tue, 17 Aug 2021 09:53:13 +0100
Subject: [PATCH 855/966] Add mbedtls_ssl_conf_groups to API

mbedtls_ssl_conf_groups allows supported groups for key
sharing to be configured via their IANA NamedGroup ID.

This is added in anticipation of PQC and Hybrid key
sharing algorithms being integrated into Mbed TLS.

mbedtls_ssl_conf_curves is deprecated in favor of
mbedtls_ssl_conf_groups. handshake_init has been
modified to translate and copy curves configured
via conf_curves into a heap allocatied array of
NamedGroup IDs. This allows the refactoring of code
interacting with conf_curve related variables (such
as curve_list) to use NamedGroup IDs while retaining
the deprecated API.

Signed-off-by: Brett Warren <brett.warren@arm.com>
---
 include/mbedtls/ssl.h |  83 ++++++++++++++++++++++-----
 library/ssl_misc.h    |  42 +++++++++++---
 library/ssl_tls.c     | 127 +++++++++++++++++++++++++++++++++---------
 3 files changed, 206 insertions(+), 46 deletions(-)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index fa2429d07c..323ffa90bf 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -21,6 +21,7 @@
  */
 #ifndef MBEDTLS_SSL_H
 #define MBEDTLS_SSL_H
+#include "mbedtls/platform_util.h"
 #include "mbedtls/private_access.h"
 
 #include "mbedtls/build_info.h"
@@ -187,18 +188,28 @@
  *     } NamedGroup;
  *
  */
+
 /* Elliptic Curve Groups (ECDHE) */
-#define MBEDTLS_SSL_TLS13_NAMED_GROUP_SECP256R1     0x0017
-#define MBEDTLS_SSL_TLS13_NAMED_GROUP_SECP384R1     0x0018
-#define MBEDTLS_SSL_TLS13_NAMED_GROUP_SECP521R1     0x0019
-#define MBEDTLS_SSL_TLS13_NAMED_GROUP_X25519        0x001D
-#define MBEDTLS_SSL_TLS13_NAMED_GROUP_X448          0x001E
+#define MBEDTLS_SSL_IANA_TLS_GROUP_NONE               0
+#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP192K1     0x0012
+#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1     0x0013
+#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP224K1     0x0014
+#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1     0x0015
+#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1     0x0016
+#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1     0x0017
+#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1     0x0018
+#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1     0x0019
+#define MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1       0x001A
+#define MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1       0x001B
+#define MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1       0x001C
+#define MBEDTLS_SSL_IANA_TLS_GROUP_X25519        0x001D
+#define MBEDTLS_SSL_IANA_TLS_GROUP_X448          0x001E
 /* Finite Field Groups (DHE) */
-#define MBEDTLS_SSL_TLS13_NAMED_GROUP_FFDHE2048     0x0100
-#define MBEDTLS_SSL_TLS13_NAMED_GROUP_FFDHE3072     0x0101
-#define MBEDTLS_SSL_TLS13_NAMED_GROUP_FFDHE4096     0x0102
-#define MBEDTLS_SSL_TLS13_NAMED_GROUP_FFDHE6144     0x0103
-#define MBEDTLS_SSL_TLS13_NAMED_GROUP_FFDHE8192     0x0104
+#define MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048     0x0100
+#define MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072     0x0101
+#define MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096     0x0102
+#define MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144     0x0103
+#define MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192     0x0104
 
 /*
  * TLS 1.3 Key Exchange Modes
@@ -1282,10 +1293,12 @@ struct mbedtls_ssl_config
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
 #endif
 
-#if defined(MBEDTLS_ECP_C)
+#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED)
     const mbedtls_ecp_group_id *MBEDTLS_PRIVATE(curve_list); /*!< allowed curves             */
 #endif
 
+    const uint16_t *MBEDTLS_PRIVATE(group_list);     /*!< allowed IANA NamedGroups */
+
 #if defined(MBEDTLS_DHM_C)
     mbedtls_mpi MBEDTLS_PRIVATE(dhm_P);              /*!< prime modulus for DHM              */
     mbedtls_mpi MBEDTLS_PRIVATE(dhm_G);              /*!< generator for DHM                  */
@@ -3142,6 +3155,7 @@ void mbedtls_ssl_conf_dhm_min_bitlen( mbedtls_ssl_config *conf,
 #endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_CLI_C */
 
 #if defined(MBEDTLS_ECP_C)
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
 /**
  * \brief          Set the allowed curves in order of preference.
  *
@@ -3155,6 +3169,8 @@ void mbedtls_ssl_conf_dhm_min_bitlen( mbedtls_ssl_config *conf,
  *                 Both sides: limits the set of curves accepted for use in
  *                 ECDHE and in the peer's end-entity certificate.
  *
+ * \deprecated     Superseeded by mbedtls_ssl_conf_groups().
+ *
  * \note           This has no influence on which curves are allowed inside the
  *                 certificate chains, see \c mbedtls_ssl_conf_cert_profile()
  *                 for that. For the end-entity certificate however, the key
@@ -3181,10 +3197,51 @@ void mbedtls_ssl_conf_dhm_min_bitlen( mbedtls_ssl_config *conf,
  * \param curves   Ordered list of allowed curves,
  *                 terminated by MBEDTLS_ECP_DP_NONE.
  */
-void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf,
-                              const mbedtls_ecp_group_id *curves );
+void MBEDTLS_DEPRECATED mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf,
+                                                 const mbedtls_ecp_group_id *curves );
+#endif /* MBEDTLS_DEPRECATED_REMOVED */
 #endif /* MBEDTLS_ECP_C */
 
+/**
+ * \brief          Set the allowed groups in order of preference.
+ *
+ *                 On server: This only affects the choice of key agreement mechanism
+ *
+ *                 On client: this affects the list of groups offered for any
+ *                 use. The server can override our preference order.
+ *
+ *                 Both sides: limits the set of groups accepted for use in
+ *                 key sharing.
+ *
+ * \note           This function replaces the deprecated mbedtls_ssl_conf_curves(),
+ *                 which only allows ECP curves to be configured.
+ *
+ * \note           The most recent invocation of either mbedtls_ssl_conf_curves()
+ *                 or mbedtls_ssl_conf_groups() nullifies all previous invocations
+ *                 of both.
+ *
+ * \note           This list should be ordered by decreasing preference
+ *                 (preferred group first).
+ *
+ * \note           When this function is not called, a default list is used,
+ *                 consisting of all supported curves at 255 bits and above,
+ *                 and all supported finite fields at 2048 bits and above.
+ *                 The order favors groups with the lowest resource usage.
+ *
+ * \note           New minor versions of Mbed TLS will not remove items
+ *                 from the default list unless serious security concerns require it.
+ *                 New minor versions of Mbed TLS may change the order in
+ *                 keeping with the general principle of favoring the lowest
+ *                 resource usage.
+ *
+ * \param conf     SSL configuration
+ * \param groups   List of allowed groups ordered by preference, terminated by 0.
+ *                 Must contain valid IANA NamedGroup IDs (provided via either an integer
+ *                 or using MBEDTLS_TLS13_NAMED_GROUP_XXX macros).
+ */
+void mbedtls_ssl_conf_groups( mbedtls_ssl_config *conf,
+                              const uint16_t *groups );
+
 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
 /**
  * \brief          Set the allowed hashes for signatures during the handshake.
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 9041c51d2c..56a5718a6a 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -520,6 +520,11 @@ struct mbedtls_ssl_handshake_params
     int tls1_3_kex_modes; /*!< key exchange modes for TLS 1.3 */
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
 
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
+    const uint16_t *group_list;
+    unsigned char group_list_heap_allocated;
+#endif
+
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
     defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
     mbedtls_ssl_sig_hash_set_t hash_algs;             /*!<  Set of suitable sig-hash pairs */
@@ -1565,17 +1570,17 @@ static inline int mbedtls_ssl_conf_is_hybrid_tls12_tls13( const mbedtls_ssl_conf
  */
 static inline int mbedtls_ssl_tls13_named_group_is_ecdhe( uint16_t named_group )
 {
-    return( named_group == MBEDTLS_SSL_TLS13_NAMED_GROUP_SECP256R1 ||
-            named_group == MBEDTLS_SSL_TLS13_NAMED_GROUP_SECP384R1 ||
-            named_group == MBEDTLS_SSL_TLS13_NAMED_GROUP_SECP521R1 ||
-            named_group == MBEDTLS_SSL_TLS13_NAMED_GROUP_X25519    ||
-            named_group == MBEDTLS_SSL_TLS13_NAMED_GROUP_X448 );
+    return( named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1 ||
+            named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1 ||
+            named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1 ||
+            named_group == MBEDTLS_SSL_IANA_TLS_GROUP_X25519    ||
+            named_group == MBEDTLS_SSL_IANA_TLS_GROUP_X448 );
 }
 
 static inline int mbedtls_ssl_tls13_named_group_is_dhe( uint16_t named_group )
 {
-    return( named_group >= MBEDTLS_SSL_TLS13_NAMED_GROUP_FFDHE2048 &&
-            named_group <= MBEDTLS_SSL_TLS13_NAMED_GROUP_FFDHE8192 );
+    return( named_group >= MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048 &&
+            named_group <= MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192 );
 }
 
 static inline void mbedtls_ssl_handshake_set_state( mbedtls_ssl_context *ssl,
@@ -1638,4 +1643,27 @@ int mbedtls_ssl_get_handshake_transcript( mbedtls_ssl_context *ssl,
                                           size_t dst_len,
                                           size_t *olen );
 
+/*
+ * Return supported groups.
+ *
+ * In future, invocations can be changed to ssl->conf->group_list
+ * when mbedtls_ssl_conf_curves() is deleted.
+ *
+ * ssl->handshake->group_list is either a translation of curve_list to IANA TLS group
+ * identifiers when mbedtls_ssl_conf_curves() has been used, or a pointer to
+ * ssl->conf->group_list when mbedtls_ssl_conf_groups() has been more recently invoked.
+ *
+ */
+static inline const void *mbedtls_ssl_get_groups( const mbedtls_ssl_context *ssl )
+{
+    #if defined(MBEDTLS_DEPRECATED_REMOVED) || !defined(MBEDTLS_ECP_C)
+    return( ssl->conf->group_list );
+    #else
+    if( ( ssl->handshake != NULL ) && ( ssl->handshake->group_list != NULL ) )
+        return( ssl->handshake->group_list );
+    else
+        return( ssl->conf->group_list );
+    #endif
+}
+
 #endif /* ssl_misc.h */
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index c5079508ee..d604f38cee 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -3073,6 +3073,52 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl )
     }
 #endif
 
+/*
+ * curve_list is translated to IANA TLS group identifiers here because
+ * mbedtls_ssl_conf_curves returns void and so can't return
+ * any error codes.
+ */
+#if defined(MBEDTLS_ECP_C)
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
+    /* Heap allocate and translate curve_list from internal to IANA group ids */
+    if ( ssl->conf->curve_list != NULL )
+    {
+        size_t length;
+        const mbedtls_ecp_group_id *curve_list = ssl->conf->curve_list;
+
+        for( length = 0;  ( curve_list[length] != MBEDTLS_ECP_DP_NONE ) &&
+                          ( length < MBEDTLS_ECP_DP_MAX ); length++ ) {}
+
+        /* Leave room for zero termination */
+        uint16_t *group_list = mbedtls_calloc( length + 1, sizeof(uint16_t) );
+        if ( group_list == NULL )
+            return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+
+        for( size_t i = 0; i < length; i++ )
+        {
+            const mbedtls_ecp_curve_info *info =
+                        mbedtls_ecp_curve_info_from_grp_id( curve_list[i] );
+            if ( info == NULL )
+            {
+                mbedtls_free( group_list );
+                return( MBEDTLS_ERR_SSL_BAD_CONFIG );
+            }
+            group_list[i] = info->tls_id;
+        }
+
+        group_list[length] = 0;
+
+        ssl->handshake->group_list = group_list;
+        ssl->handshake->group_list_heap_allocated = 1;
+    }
+    else
+    {
+        ssl->handshake->group_list = ssl->conf->group_list;
+        ssl->handshake->group_list_heap_allocated = 0;
+    }
+#endif /* MBEDTLS_DEPRECATED_REMOVED */
+#endif /* MBEDTLS_ECP_C */
+
     return( 0 );
 }
 
@@ -3928,16 +3974,36 @@ void mbedtls_ssl_conf_sig_algs( mbedtls_ssl_config *conf,
 #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
 
 #if defined(MBEDTLS_ECP_C)
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
 /*
  * Set the allowed elliptic curves
+ *
+ * mbedtls_ssl_setup() takes the provided list
+ * and translates it to a list of IANA TLS group identifiers,
+ * stored in ssl->handshake->group_list.
+ *
  */
 void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf,
                              const mbedtls_ecp_group_id *curve_list )
 {
     conf->curve_list = curve_list;
+    conf->group_list = NULL;
 }
+#endif /* MBEDTLS_DEPRECATED_REMOVED */
 #endif /* MBEDTLS_ECP_C */
 
+/*
+ * Set the allowed groups
+ */
+void mbedtls_ssl_conf_groups( mbedtls_ssl_config *conf,
+                              const uint16_t *group_list )
+{
+#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED)
+    conf->curve_list = NULL;
+#endif
+    conf->group_list = group_list;
+}
+
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
 int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname )
 {
@@ -5379,6 +5445,14 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl )
     if( handshake == NULL )
         return;
 
+#if defined(MBEDTLS_ECP_C)
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
+    if ( ssl->handshake->group_list_heap_allocated )
+        mbedtls_free( (void*) handshake->group_list );
+    handshake->group_list = NULL;
+#endif /* MBEDTLS_DEPRECATED_REMOVED */
+#endif /* MBEDTLS_ECP_C */
+
 #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
     if( ssl->conf->f_async_cancel != NULL && handshake->async_in_progress != 0 )
     {
@@ -6233,41 +6307,39 @@ static int ssl_preset_default_hashes[] = {
 };
 #endif
 
-#if defined(MBEDTLS_ECP_C)
 /* The selection should be the same as mbedtls_x509_crt_profile_default in
  * x509_crt.c, plus Montgomery curves for ECDHE. Here, the order matters:
  * curves with a lower resource usage come first.
  * See the documentation of mbedtls_ssl_conf_curves() for what we promise
  * about this list.
  */
-static mbedtls_ecp_group_id ssl_preset_default_curves[] = {
+static uint16_t ssl_preset_default_groups[] = {
 #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
-    MBEDTLS_ECP_DP_CURVE25519,
+    MBEDTLS_SSL_IANA_TLS_GROUP_X25519,
 #endif
 #if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
-    MBEDTLS_ECP_DP_SECP256R1,
+    MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1,
 #endif
 #if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
-    MBEDTLS_ECP_DP_SECP384R1,
+    MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1,
 #endif
 #if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
-    MBEDTLS_ECP_DP_CURVE448,
+    MBEDTLS_SSL_IANA_TLS_GROUP_X448,
 #endif
 #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
-    MBEDTLS_ECP_DP_SECP521R1,
+    MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1,
 #endif
 #if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
-    MBEDTLS_ECP_DP_BP256R1,
+    MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1,
 #endif
 #if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
-    MBEDTLS_ECP_DP_BP384R1,
+    MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1,
 #endif
 #if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
-    MBEDTLS_ECP_DP_BP512R1,
+    MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1,
 #endif
-    MBEDTLS_ECP_DP_NONE
+    MBEDTLS_SSL_IANA_TLS_GROUP_NONE
 };
-#endif
 
 static int ssl_preset_suiteb_ciphersuites[] = {
     MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
@@ -6314,17 +6386,15 @@ static uint16_t ssl_preset_suiteb_sig_algs[] = {
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
 #endif
 
-#if defined(MBEDTLS_ECP_C)
-static mbedtls_ecp_group_id ssl_preset_suiteb_curves[] = {
+static uint16_t ssl_preset_suiteb_groups[] = {
 #if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
-    MBEDTLS_ECP_DP_SECP256R1,
+    MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1,
 #endif
 #if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
-    MBEDTLS_ECP_DP_SECP384R1,
+    MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1,
 #endif
-    MBEDTLS_ECP_DP_NONE
+    MBEDTLS_SSL_IANA_TLS_GROUP_NONE
 };
-#endif
 
 /*
  * Load default in mbedtls_ssl_config
@@ -6438,9 +6508,10 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
 #endif
 
-#if defined(MBEDTLS_ECP_C)
-            conf->curve_list = ssl_preset_suiteb_curves;
+#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED)
+            conf->curve_list = NULL;
 #endif
+            conf->group_list = ssl_preset_suiteb_groups;
             break;
 
         /*
@@ -6475,9 +6546,10 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
 #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
 
-#if defined(MBEDTLS_ECP_C)
-            conf->curve_list = ssl_preset_default_curves;
+#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED)
+            conf->curve_list = NULL;
 #endif
+            conf->group_list = ssl_preset_default_groups;
 
 #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
             conf->dhm_min_bitlen = 1024;
@@ -6701,14 +6773,17 @@ unsigned char mbedtls_ssl_hash_from_md_alg( int md )
  */
 int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id )
 {
-    const mbedtls_ecp_group_id *gid;
+    const uint16_t *group_list = mbedtls_ssl_get_groups( ssl );
 
-    if( ssl->conf->curve_list == NULL )
+    if( group_list == NULL )
         return( -1 );
+    uint16_t tls_id = mbedtls_ecp_curve_info_from_grp_id(grp_id)->tls_id;
 
-    for( gid = ssl->conf->curve_list; *gid != MBEDTLS_ECP_DP_NONE; gid++ )
-        if( *gid == grp_id )
+    for( ; *group_list != 0; group_list++ )
+    {
+        if( *group_list == tls_id )
             return( 0 );
+    }
 
     return( -1 );
 }

From fed825a9aaabf9f66066ce2a71f44404e2f69a39 Mon Sep 17 00:00:00 2001
From: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
Date: Tue, 26 Oct 2021 14:32:10 +0200
Subject: [PATCH 856/966] ssl_client2, ssl_server2: add check for psa memory
 leaks

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
---
 programs/ssl/ssl_client2.c              | 13 +++++++++++++
 programs/ssl/ssl_server2.c              | 12 ++++++++++++
 tests/include/test/psa_crypto_helpers.h |  2 ++
 3 files changed, 27 insertions(+)

diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index f872e60fc3..130f3f98ef 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -21,6 +21,11 @@
 
 #include "ssl_test_lib.h"
 
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#define SKIP_LIBRARY_HEADERS
+#include "test/psa_crypto_helpers.h"
+#endif
+
 #if defined(MBEDTLS_SSL_TEST_IMPOSSIBLE)
 int main( void )
 {
@@ -3059,7 +3064,15 @@ exit:
 #endif
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
+
     mbedtls_psa_crypto_free( );
+    const char* message = mbedtls_test_helper_is_psa_leaking();
+    if( message )
+    {
+        if( ret == 0 )
+            ret = 1;
+        mbedtls_printf( "PSA memory leak detected: %s\n",  message);
+    }
 #endif
 
 #if defined(MBEDTLS_TEST_HOOKS)
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index c0f3196748..d20d1faa10 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -65,6 +65,11 @@ int main( void )
 #include <windows.h>
 #endif
 
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#define SKIP_LIBRARY_HEADERS
+#include "test/psa_crypto_helpers.h"
+#endif
+
 /* Size of memory to be allocated for the heap, when using the library's memory
  * management and MBEDTLS_MEMORY_BUFFER_ALLOC_C is enabled. */
 #define MEMORY_HEAP_SIZE        120000
@@ -4027,6 +4032,13 @@ exit:
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
     mbedtls_psa_crypto_free( );
+    const char* message = mbedtls_test_helper_is_psa_leaking();
+    if( message )
+    {
+        if( ret == 0 )
+            ret = 1;
+        mbedtls_printf( "PSA memory leak detected: %s\n",  message);
+    }
 #endif
 
 #if defined(MBEDTLS_TEST_HOOKS)
diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h
index 8a8c37e008..8e7d425a93 100644
--- a/tests/include/test/psa_crypto_helpers.h
+++ b/tests/include/test/psa_crypto_helpers.h
@@ -28,7 +28,9 @@
 #include "test/psa_helpers.h"
 
 #include <psa/crypto.h>
+#if !defined(SKIP_LIBRARY_HEADERS)
 #include <psa_crypto_slot_management.h>
+#endif
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
 #include "mbedtls/psa_util.h"

From 0bbb39786dc41e3e503c7b80b4db1ca9f52f06bb Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Sun, 19 Sep 2021 20:27:17 +0800
Subject: [PATCH 857/966] tls13: add labels

add client and server cv magic words

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_tls13_keys.h | 45 ++++++++++++++++++++++------------------
 1 file changed, 25 insertions(+), 20 deletions(-)

diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h
index 384f433b59..165b58a2d4 100644
--- a/library/ssl_tls13_keys.h
+++ b/library/ssl_tls13_keys.h
@@ -22,25 +22,27 @@
 /* This requires MBEDTLS_SSL_TLS1_3_LABEL( idx, name, string ) to be defined at
  * the point of use. See e.g. the definition of mbedtls_ssl_tls1_3_labels_union
  * below. */
-#define MBEDTLS_SSL_TLS1_3_LABEL_LIST                               \
-    MBEDTLS_SSL_TLS1_3_LABEL( finished    , "finished"     ) \
-    MBEDTLS_SSL_TLS1_3_LABEL( resumption  , "resumption"   ) \
-    MBEDTLS_SSL_TLS1_3_LABEL( traffic_upd , "traffic upd"  ) \
-    MBEDTLS_SSL_TLS1_3_LABEL( exporter    , "exporter"     ) \
-    MBEDTLS_SSL_TLS1_3_LABEL( key         , "key"          ) \
-    MBEDTLS_SSL_TLS1_3_LABEL( iv          , "iv"           ) \
-    MBEDTLS_SSL_TLS1_3_LABEL( c_hs_traffic, "c hs traffic" ) \
-    MBEDTLS_SSL_TLS1_3_LABEL( c_ap_traffic, "c ap traffic" ) \
-    MBEDTLS_SSL_TLS1_3_LABEL( c_e_traffic , "c e traffic"  ) \
-    MBEDTLS_SSL_TLS1_3_LABEL( s_hs_traffic, "s hs traffic" ) \
-    MBEDTLS_SSL_TLS1_3_LABEL( s_ap_traffic, "s ap traffic" ) \
-    MBEDTLS_SSL_TLS1_3_LABEL( s_e_traffic , "s e traffic"  ) \
-    MBEDTLS_SSL_TLS1_3_LABEL( e_exp_master, "e exp master" ) \
-    MBEDTLS_SSL_TLS1_3_LABEL( res_master  , "res master"   ) \
-    MBEDTLS_SSL_TLS1_3_LABEL( exp_master  , "exp master"   ) \
-    MBEDTLS_SSL_TLS1_3_LABEL( ext_binder  , "ext binder"   ) \
-    MBEDTLS_SSL_TLS1_3_LABEL( res_binder  , "res binder"   ) \
-    MBEDTLS_SSL_TLS1_3_LABEL( derived     , "derived"      )
+#define MBEDTLS_SSL_TLS1_3_LABEL_LIST                                             \
+    MBEDTLS_SSL_TLS1_3_LABEL( finished    , "finished"                          ) \
+    MBEDTLS_SSL_TLS1_3_LABEL( resumption  , "resumption"                        ) \
+    MBEDTLS_SSL_TLS1_3_LABEL( traffic_upd , "traffic upd"                       ) \
+    MBEDTLS_SSL_TLS1_3_LABEL( exporter    , "exporter"                          ) \
+    MBEDTLS_SSL_TLS1_3_LABEL( key         , "key"                               ) \
+    MBEDTLS_SSL_TLS1_3_LABEL( iv          , "iv"                                ) \
+    MBEDTLS_SSL_TLS1_3_LABEL( c_hs_traffic, "c hs traffic"                      ) \
+    MBEDTLS_SSL_TLS1_3_LABEL( c_ap_traffic, "c ap traffic"                      ) \
+    MBEDTLS_SSL_TLS1_3_LABEL( c_e_traffic , "c e traffic"                       ) \
+    MBEDTLS_SSL_TLS1_3_LABEL( s_hs_traffic, "s hs traffic"                      ) \
+    MBEDTLS_SSL_TLS1_3_LABEL( s_ap_traffic, "s ap traffic"                      ) \
+    MBEDTLS_SSL_TLS1_3_LABEL( s_e_traffic , "s e traffic"                       ) \
+    MBEDTLS_SSL_TLS1_3_LABEL( e_exp_master, "e exp master"                      ) \
+    MBEDTLS_SSL_TLS1_3_LABEL( res_master  , "res master"                        ) \
+    MBEDTLS_SSL_TLS1_3_LABEL( exp_master  , "exp master"                        ) \
+    MBEDTLS_SSL_TLS1_3_LABEL( ext_binder  , "ext binder"                        ) \
+    MBEDTLS_SSL_TLS1_3_LABEL( res_binder  , "res binder"                        ) \
+    MBEDTLS_SSL_TLS1_3_LABEL( derived     , "derived"                           ) \
+    MBEDTLS_SSL_TLS1_3_LABEL( client_cv   , "TLS 1.3, client CertificateVerify" ) \
+    MBEDTLS_SSL_TLS1_3_LABEL( server_cv   , "TLS 1.3, server CertificateVerify" )
 
 #define MBEDTLS_SSL_TLS1_3_LABEL( name, string )       \
     const unsigned char name    [ sizeof(string) - 1 ];
@@ -57,9 +59,12 @@ struct mbedtls_ssl_tls1_3_labels_struct
 
 extern const struct mbedtls_ssl_tls1_3_labels_struct mbedtls_ssl_tls1_3_labels;
 
+#define MBEDTLS_SSL_TLS1_3_LBL_LEN( LABEL )  \
+    sizeof(mbedtls_ssl_tls1_3_labels.LABEL)
+
 #define MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( LABEL )  \
     mbedtls_ssl_tls1_3_labels.LABEL,              \
-    sizeof(mbedtls_ssl_tls1_3_labels.LABEL)
+    MBEDTLS_SSL_TLS1_3_LBL_LEN( LABEL )
 
 #define MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_LABEL_LEN  \
     sizeof( union mbedtls_ssl_tls1_3_labels_union )

From 30b071cb66766efa5b367772a14f375248b64f54 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Sun, 12 Sep 2021 20:16:03 +0800
Subject: [PATCH 858/966] tls13:Add certificate verify

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_misc.h          |   5 +
 library/ssl_tls13_client.c  |   7 +-
 library/ssl_tls13_generic.c | 375 +++++++++++++++++++++++++++++++++++-
 3 files changed, 382 insertions(+), 5 deletions(-)

diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index dbef6aa212..56633464b2 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -1633,6 +1633,11 @@ int mbedtls_ssl_tls13_start_handshake_msg( mbedtls_ssl_context *ssl,
  */
 int mbedtls_ssl_tls13_process_certificate( mbedtls_ssl_context *ssl );
 
+/*
+ * Generic handler of Certificate Verify
+ */
+int mbedtls_ssl_tls13_process_certificate_verify( mbedtls_ssl_context *ssl );
+
 /*
  * Write TLS 1.3 handshake message tail
  */
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 0fb09c4ced..6e16c07ba7 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -1584,7 +1584,12 @@ static int ssl_tls1_3_process_server_certificate( mbedtls_ssl_context *ssl )
  */
 static int ssl_tls1_3_process_certificate_verify( mbedtls_ssl_context *ssl )
 {
-    MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) );
+    int ret;
+
+    ret = mbedtls_ssl_tls13_process_certificate_verify( ssl );
+    if( ret != 0 )
+        return( ret );
+
     mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_FINISHED );
     return( 0 );
 }
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index c8601ce17e..e484b79663 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -23,14 +23,15 @@
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
 
+#include <string.h>
+
 #include "mbedtls/error.h"
 #include "mbedtls/debug.h"
+#include "mbedtls/oid.h"
+#include "mbedtls/platform.h"
 
 #include "ssl_misc.h"
-#include <mbedtls/debug.h>
-#include <mbedtls/oid.h>
-#include <mbedtls/platform.h>
-
+#include "ssl_tls13_keys.h"
 
 int mbedtls_ssl_tls1_3_fetch_handshake_msg( mbedtls_ssl_context *ssl,
                                             unsigned hs_type,
@@ -217,8 +218,374 @@ int mbedtls_ssl_tls13_write_sig_alg_ext( mbedtls_ssl_context *ssl,
     return( 0 );
 }
 
+/*
+ * The ssl_tls13_create_verify_structure() creates the verify structure.
+ * As input, it requires the transcript hash.
+ *
+ * The caller has to ensure that the buffer has size at least
+ * SSL_VERIFY_STRUCT_MAX_SIZE bytes.
+ */
+static void ssl_tls13_create_verify_structure( unsigned char *transcript_hash,
+                                               size_t transcript_hash_len,
+                                               unsigned char *verify_buffer,
+                                               size_t *verify_buffer_len,
+                                               int from )
+{
+    size_t idx = 0;
+
+    /* RFC 8446, Section 4.4.3:
+     *
+     * The digital signature [in the CertificateVerify message] is then
+     * computed over the concatenation of:
+     * -  A string that consists of octet 32 (0x20) repeated 64 times
+     * -  The context string
+     * -  A single 0 byte which serves as the separator
+     * -  The content to be signed
+     */
+    uint8_t const verify_padding_val = 0x20;
+    size_t const verify_padding_len = 64;
+
+    memset( verify_buffer + idx, verify_padding_val, verify_padding_len );
+    idx += verify_padding_len;
+
+    if( from == MBEDTLS_SSL_IS_CLIENT )
+    {
+        memcpy( verify_buffer + idx, MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( client_cv ) );
+        idx += MBEDTLS_SSL_TLS1_3_LBL_LEN( client_cv );
+    }
+    else
+    { /* from == MBEDTLS_SSL_IS_SERVER */
+        memcpy( verify_buffer + idx, MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( server_cv ) );
+        idx += MBEDTLS_SSL_TLS1_3_LBL_LEN( server_cv );
+    }
+
+    verify_buffer[idx++] = 0x0;
+
+    memcpy( verify_buffer + idx, transcript_hash, transcript_hash_len );
+    idx += transcript_hash_len;
+
+    *verify_buffer_len = idx;
+}
+
 #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
 
+/*
+ * STATE HANDLING: Read CertificateVerify
+ */
+/* Macro to express the length of the verify structure length.
+ *
+ * The structure is computed per TLS 1.3 specification as:
+ *   - 64 bytes of octet 32,
+ *   - 33 bytes for the context string
+ *        (which is either "TLS 1.3, client CertificateVerify"
+ *         or "TLS 1.3, server CertificateVerify"),
+ *   - 1 byte for the octet 0x0, which servers as a separator,
+ *   - 32 or 48 bytes for the Transcript-Hash(Handshake Context, Certificate)
+ *     (depending on the size of the transcript_hash)
+ *
+ * This results in a total size of
+ * - 130 bytes for a SHA256-based transcript hash, or
+ *   (64 + 33 + 1 + 32 bytes)
+ * - 146 bytes for a SHA384-based transcript hash.
+ *   (64 + 33 + 1 + 48 bytes)
+ *
+ */
+#define SSL_VERIFY_STRUCT_MAX_SIZE  ( 64 +                 \
+                                      33 +                 \
+                                       1 +                 \
+                                      MBEDTLS_MD_MAX_SIZE  \
+                                    )
+/* Coordinate: Check whether a certificate verify message is expected.
+ * Returns a negative value on failure, and otherwise
+ * - SSL_CERTIFICATE_VERIFY_SKIP
+ * - SSL_CERTIFICATE_VERIFY_READ
+ * to indicate if the CertificateVerify message should be present or not.
+ */
+#define SSL_CERTIFICATE_VERIFY_SKIP 0
+#define SSL_CERTIFICATE_VERIFY_READ 1
+static int ssl_tls13_process_certificate_verify_coordinate(
+                                    mbedtls_ssl_context *ssl )
+{
+    if( mbedtls_ssl_tls1_3_some_psk_enabled( ssl ) )
+        return( SSL_CERTIFICATE_VERIFY_SKIP );
+
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+    if( ssl->session_negotiate->peer_cert == NULL )
+        return( SSL_CERTIFICATE_VERIFY_SKIP );
+    return( SSL_CERTIFICATE_VERIFY_READ );
+#else
+    MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+    return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+}
+
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+static int ssl_tls13_process_certificate_verify_parse( mbedtls_ssl_context *ssl,
+                                                       const unsigned char *buf,
+                                                       const unsigned char *end,
+                                                       const unsigned char *verify_buffer,
+                                                       size_t verify_buffer_len )
+{
+    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+    const unsigned char *p = buf;
+    uint16_t algorithm;
+    const uint16_t *tls13_sig_alg = ssl->conf->tls13_sig_algs;
+    size_t signature_len;
+    mbedtls_pk_type_t sig_alg;
+    mbedtls_md_type_t md_alg;
+    unsigned char verify_hash[MBEDTLS_TLS1_3_MD_MAX_SIZE];
+    size_t verify_hash_len;
+
+    /*
+     * struct {
+     *     SignatureScheme algorithm;
+     *     opaque signature<0..2^16-1>;
+     * } CertificateVerify;
+     */
+    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2 );
+    algorithm = MBEDTLS_GET_UINT16_BE( p, 0 );
+    p += 2;
+
+    /* RFC 8446 section 4.4.3
+     *
+     * If the CertificateVerify message is sent by a server, the signature algorithm
+     * MUST be one offered in the client's "signature_algorithms" extension unless
+     * no valid certificate chain can be produced without unsupported algorithms
+     *
+     * RFC 8446 section 4.4.2.2
+     *
+     * If the client cannot construct an acceptable chain using the provided
+     * certificates and decides to abort the handshake, then it MUST abort the handshake
+     * with an appropriate certificate-related alert (by default, "unsupported_certificate").
+     *
+     * Check if algorithm in offered signature algorithms. Send `unsupported_certificate`
+     * alert message on failure.
+     */
+    while( 1 )
+    {
+        /* Found algorithm in offered signature algorithms */
+        if( *tls13_sig_alg == algorithm )
+            break;
+
+        if( *tls13_sig_alg == MBEDTLS_TLS13_SIG_NONE )
+        {
+            /* End of offered signature algorithms list */
+            MBEDTLS_SSL_DEBUG_MSG( 1,
+                                   ( "signature algorithm(%04x) not in offered"
+                                     "signature algorithms ",
+                                     ( unsigned int ) algorithm ) );
+            MBEDTLS_SSL_PEND_FATAL_ALERT(
+                MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT,
+                MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+            return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
+        }
+
+        tls13_sig_alg++;
+    }
+
+    /* We currently only support ECDSA-based signatures */
+    switch( algorithm )
+    {
+        case MBEDTLS_TLS13_SIG_ECDSA_SECP256R1_SHA256:
+            md_alg = MBEDTLS_MD_SHA256;
+            sig_alg = MBEDTLS_PK_ECDSA;
+            break;
+        case MBEDTLS_TLS13_SIG_ECDSA_SECP384R1_SHA384:
+            md_alg = MBEDTLS_MD_SHA384;
+            sig_alg = MBEDTLS_PK_ECDSA;
+            break;
+        case MBEDTLS_TLS13_SIG_ECDSA_SECP521R1_SHA512:
+            md_alg = MBEDTLS_MD_SHA512;
+            sig_alg = MBEDTLS_PK_ECDSA;
+            break;
+        default:
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "Certificate Verify: Unknown signature algorithm." ) );
+            MBEDTLS_SSL_PEND_FATAL_ALERT(
+                MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT,
+                MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+            return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+    }
+
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "Certificate Verify: Signature algorithm ( %04x )",
+                                ( unsigned int ) algorithm ) );
+
+    /*
+     * Check the certificate's key type matches the signature alg
+     */
+    if( !mbedtls_pk_can_do( &ssl->session_negotiate->peer_cert->pk, sig_alg ) )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "signature algorithm doesn't match cert key" ) );
+        MBEDTLS_SSL_PEND_FATAL_ALERT(
+            MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT,
+            MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+        return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+    }
+
+    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2 );
+    signature_len = MBEDTLS_GET_UINT16_BE( p, 0 );
+    p += 2;
+    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, signature_len );
+
+    /* Hash verify buffer with indicated hash function */
+    switch( md_alg )
+    {
+#if defined(MBEDTLS_SHA256_C)
+        case MBEDTLS_MD_SHA256:
+            verify_hash_len = 32;
+            if( ( ret = mbedtls_sha256( verify_buffer,
+                                        verify_buffer_len,
+                                        verify_hash,
+                                        0 ) ) != 0 )
+            {
+                MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha256", ret );
+                MBEDTLS_SSL_PEND_FATAL_ALERT(
+                    MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT,
+                    MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+                return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+            }
+            break;
+#endif /* MBEDTLS_SHA256_C */
+
+#if defined(MBEDTLS_SHA384_C)
+        case MBEDTLS_MD_SHA384:
+            verify_hash_len = 48;
+            if( ( ret = mbedtls_sha512( verify_buffer,
+                                        verify_buffer_len,
+                                        verify_hash,
+                                        1 ) ) != 0 )
+            {
+                MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha384", ret );
+                MBEDTLS_SSL_PEND_FATAL_ALERT(
+                    MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT,
+                    MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+                return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+            }
+            break;
+#endif /* MBEDTLS_SHA384_C */
+
+#if defined(MBEDTLS_SHA512_C)
+        case MBEDTLS_MD_SHA512:
+            verify_hash_len = 64;
+            if( ( ret = mbedtls_sha512( verify_buffer,
+                                        verify_buffer_len,
+                                        verify_hash,
+                                        0 ) ) != 0 )
+            {
+                MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha512", ret );
+                MBEDTLS_SSL_PEND_FATAL_ALERT(
+                    MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT,
+                    MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+                return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+            }
+            break;
+#endif /* MBEDTLS_SHA512_C */
+
+    default:
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "Certificate Verify: Unknown signature algorithm." ) );
+        MBEDTLS_SSL_PEND_FATAL_ALERT(
+                    MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT,
+                    MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+        return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+    }
+
+    MBEDTLS_SSL_DEBUG_BUF( 3, "verify hash", verify_hash, verify_hash_len );
+
+    if( ( ret = mbedtls_pk_verify_ext( sig_alg, NULL,
+                                       &ssl->session_negotiate->peer_cert->pk,
+                                       md_alg, verify_hash, verify_hash_len,
+                                       buf, signature_len ) ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_verify_ext", ret );
+
+        /* RFC 8446 section 4.4.3
+         *
+         * If the verification fails, the receiver MUST terminate the handshake
+         * with a "decrypt_error" alert.
+         */
+        MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR, ret );
+
+        return( ret );
+    }
+
+    return( ret );
+}
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+
+int mbedtls_ssl_tls13_process_certificate_verify( mbedtls_ssl_context *ssl )
+{
+    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+
+    /* Coordination step */
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate verify" ) );
+
+    MBEDTLS_SSL_PROC_CHK_NEG( ssl_tls13_process_certificate_verify_coordinate( ssl ) );
+
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) // TBD: double-check
+    if( ret == SSL_CERTIFICATE_VERIFY_READ )
+    {
+        unsigned char verify_buffer[SSL_VERIFY_STRUCT_MAX_SIZE];
+        size_t verify_buffer_len;
+        unsigned char transcript[MBEDTLS_TLS1_3_MD_MAX_SIZE];
+        size_t transcript_len;
+        unsigned char *buf;
+        size_t buf_len;
+
+        /* Need to calculate the hash of the transcript first
+         * before reading the message since otherwise it gets
+         * included in the transcript
+         */
+        ret = mbedtls_ssl_get_handshake_transcript( ssl,
+                               ssl->handshake->ciphersuite_info->mac,
+                               transcript, sizeof( transcript ),
+                               &transcript_len );
+        if( ret != 0 )
+        {
+            MBEDTLS_SSL_PEND_FATAL_ALERT(
+                MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR,
+                MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+            return( ret );
+        }
+
+        MBEDTLS_SSL_DEBUG_BUF( 3, "handshake hash", transcript, transcript_len );
+
+        /* Create verify structure */
+        ssl_tls13_create_verify_structure( transcript,
+                                           transcript_len,
+                                           verify_buffer,
+                                           &verify_buffer_len,
+                                           !ssl->conf->endpoint );
+
+        MBEDTLS_SSL_PROC_CHK(
+            mbedtls_ssl_tls1_3_fetch_handshake_msg( ssl,
+                    MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, &buf, &buf_len ) );
+
+        /* Process the message contents */
+        MBEDTLS_SSL_PROC_CHK(
+            ssl_tls13_process_certificate_verify_parse( ssl,
+                buf, buf + buf_len, verify_buffer, verify_buffer_len ) );
+
+        mbedtls_ssl_tls1_3_add_hs_msg_to_checksum( ssl,
+                            MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, buf, buf_len );
+    }
+    else
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+    if( ret == SSL_CERTIFICATE_VERIFY_SKIP )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate verify" ) );
+    }
+    else
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    }
+
+
+cleanup:
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse certificate verify" ) );
+    return( ret );
+}
+
 /*
  *
  * STATE HANDLING: Incoming Certificate, client-side only currently.

From 26c2d118027ec9a930ffb83da860c2b129fa32ea Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Mon, 25 Oct 2021 12:42:58 +0800
Subject: [PATCH 859/966] Fix various issues

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_tls13_generic.c | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index e484b79663..db99d9de49 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -231,7 +231,7 @@ static void ssl_tls13_create_verify_structure( unsigned char *transcript_hash,
                                                size_t *verify_buffer_len,
                                                int from )
 {
-    size_t idx = 0;
+    size_t idx;
 
     /* RFC 8446, Section 4.4.3:
      *
@@ -245,8 +245,8 @@ static void ssl_tls13_create_verify_structure( unsigned char *transcript_hash,
     uint8_t const verify_padding_val = 0x20;
     size_t const verify_padding_len = 64;
 
-    memset( verify_buffer + idx, verify_padding_val, verify_padding_len );
-    idx += verify_padding_len;
+    memset( verify_buffer, verify_padding_val, verify_padding_len );
+    idx = verify_padding_len;
 
     if( from == MBEDTLS_SSL_IS_CLIENT )
     {
@@ -290,10 +290,10 @@ static void ssl_tls13_create_verify_structure( unsigned char *transcript_hash,
  *   (64 + 33 + 1 + 48 bytes)
  *
  */
-#define SSL_VERIFY_STRUCT_MAX_SIZE  ( 64 +                 \
-                                      33 +                 \
-                                       1 +                 \
-                                      MBEDTLS_MD_MAX_SIZE  \
+#define SSL_VERIFY_STRUCT_MAX_SIZE  ( 64 +                          \
+                                      33 +                          \
+                                       1 +                          \
+                                      MBEDTLS_TLS1_3_MD_MAX_SIZE    \
                                     )
 /* Coordinate: Check whether a certificate verify message is expected.
  * Returns a negative value on failure, and otherwise
@@ -530,6 +530,10 @@ int mbedtls_ssl_tls13_process_certificate_verify( mbedtls_ssl_context *ssl )
         unsigned char *buf;
         size_t buf_len;
 
+        MBEDTLS_SSL_PROC_CHK(
+            mbedtls_ssl_tls1_3_fetch_handshake_msg( ssl,
+                    MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, &buf, &buf_len ) );
+
         /* Need to calculate the hash of the transcript first
          * before reading the message since otherwise it gets
          * included in the transcript
@@ -555,10 +559,6 @@ int mbedtls_ssl_tls13_process_certificate_verify( mbedtls_ssl_context *ssl )
                                            &verify_buffer_len,
                                            !ssl->conf->endpoint );
 
-        MBEDTLS_SSL_PROC_CHK(
-            mbedtls_ssl_tls1_3_fetch_handshake_msg( ssl,
-                    MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, &buf, &buf_len ) );
-
         /* Process the message contents */
         MBEDTLS_SSL_PROC_CHK(
             ssl_tls13_process_certificate_verify_parse( ssl,

From 133690cceff604a5836e271fb0a5e8055a1884d7 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Mon, 25 Oct 2021 14:01:13 +0800
Subject: [PATCH 860/966] Refactor hash computation

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_tls13_generic.c | 45 ++++++++++---------------------------
 1 file changed, 12 insertions(+), 33 deletions(-)

diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index db99d9de49..24275e5c54 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -432,51 +432,21 @@ static int ssl_tls13_process_certificate_verify_parse( mbedtls_ssl_context *ssl,
 #if defined(MBEDTLS_SHA256_C)
         case MBEDTLS_MD_SHA256:
             verify_hash_len = 32;
-            if( ( ret = mbedtls_sha256( verify_buffer,
-                                        verify_buffer_len,
-                                        verify_hash,
-                                        0 ) ) != 0 )
-            {
-                MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha256", ret );
-                MBEDTLS_SSL_PEND_FATAL_ALERT(
-                    MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT,
-                    MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
-                return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
-            }
+            ret = mbedtls_sha256( verify_buffer, verify_buffer_len, verify_hash, 0 );
             break;
 #endif /* MBEDTLS_SHA256_C */
 
 #if defined(MBEDTLS_SHA384_C)
         case MBEDTLS_MD_SHA384:
             verify_hash_len = 48;
-            if( ( ret = mbedtls_sha512( verify_buffer,
-                                        verify_buffer_len,
-                                        verify_hash,
-                                        1 ) ) != 0 )
-            {
-                MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha384", ret );
-                MBEDTLS_SSL_PEND_FATAL_ALERT(
-                    MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT,
-                    MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
-                return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
-            }
+            ret = mbedtls_sha512( verify_buffer, verify_buffer_len, verify_hash, 1 );
             break;
 #endif /* MBEDTLS_SHA384_C */
 
 #if defined(MBEDTLS_SHA512_C)
         case MBEDTLS_MD_SHA512:
             verify_hash_len = 64;
-            if( ( ret = mbedtls_sha512( verify_buffer,
-                                        verify_buffer_len,
-                                        verify_hash,
-                                        0 ) ) != 0 )
-            {
-                MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha512", ret );
-                MBEDTLS_SSL_PEND_FATAL_ALERT(
-                    MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT,
-                    MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
-                return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
-            }
+            ret = mbedtls_sha512( verify_buffer, verify_buffer_len, verify_hash, 0 );
             break;
 #endif /* MBEDTLS_SHA512_C */
 
@@ -488,6 +458,15 @@ static int ssl_tls13_process_certificate_verify_parse( mbedtls_ssl_context *ssl,
         return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
     }
 
+    if( ret != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "hash computation error", ret );
+        MBEDTLS_SSL_PEND_FATAL_ALERT(
+                        MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT,
+                        MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+        return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+    }
+
     MBEDTLS_SSL_DEBUG_BUF( 3, "verify hash", verify_hash, verify_hash_len );
 
     if( ( ret = mbedtls_pk_verify_ext( sig_alg, NULL,

From 982d9e5db2e5dbd414dbe400d3bfdb1721a47525 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Thu, 14 Oct 2021 15:59:37 +0800
Subject: [PATCH 861/966] Add ssl_tls13_sig_alg_is_offered

To keep consistent with cipher_suite check

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_tls13_generic.c | 41 +++++++++++++++++++------------------
 1 file changed, 21 insertions(+), 20 deletions(-)

diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 24275e5c54..66c6678ec3 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -320,6 +320,18 @@ static int ssl_tls13_process_certificate_verify_coordinate(
 }
 
 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+static int ssl_tls13_sig_alg_is_offered( mbedtls_ssl_context *ssl, uint16_t sig_alg )
+{
+    const uint16_t *tls13_sig_alg = ssl->conf->tls13_sig_algs;
+
+    for( ; *tls13_sig_alg !=MBEDTLS_TLS13_SIG_NONE ; tls13_sig_alg++ )
+    {
+        if( *tls13_sig_alg == sig_alg )
+            return 1;
+    }
+    return 0;
+}
+
 static int ssl_tls13_process_certificate_verify_parse( mbedtls_ssl_context *ssl,
                                                        const unsigned char *buf,
                                                        const unsigned char *end,
@@ -329,7 +341,6 @@ static int ssl_tls13_process_certificate_verify_parse( mbedtls_ssl_context *ssl,
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     const unsigned char *p = buf;
     uint16_t algorithm;
-    const uint16_t *tls13_sig_alg = ssl->conf->tls13_sig_algs;
     size_t signature_len;
     mbedtls_pk_type_t sig_alg;
     mbedtls_md_type_t md_alg;
@@ -361,26 +372,16 @@ static int ssl_tls13_process_certificate_verify_parse( mbedtls_ssl_context *ssl,
      * Check if algorithm in offered signature algorithms. Send `unsupported_certificate`
      * alert message on failure.
      */
-    while( 1 )
+    if( ssl_tls13_sig_alg_is_offered( ssl, algorithm ) == 0 )
     {
-        /* Found algorithm in offered signature algorithms */
-        if( *tls13_sig_alg == algorithm )
-            break;
-
-        if( *tls13_sig_alg == MBEDTLS_TLS13_SIG_NONE )
-        {
-            /* End of offered signature algorithms list */
-            MBEDTLS_SSL_DEBUG_MSG( 1,
-                                   ( "signature algorithm(%04x) not in offered"
-                                     "signature algorithms ",
-                                     ( unsigned int ) algorithm ) );
-            MBEDTLS_SSL_PEND_FATAL_ALERT(
-                MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT,
-                MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
-            return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
-        }
-
-        tls13_sig_alg++;
+        /* algorithm not in offered signature algorithms list */
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "Received signature algorithm(%04x) is not "
+                                    "offered.",
+                                    ( unsigned int ) algorithm ) );
+        MBEDTLS_SSL_PEND_FATAL_ALERT(
+            MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT,
+            MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+        return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
     }
 
     /* We currently only support ECDSA-based signatures */

From da8cdf2fa969573039115003bfce08fb5b170c7d Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Mon, 25 Oct 2021 15:06:49 +0800
Subject: [PATCH 862/966] Remove certificate_verify_coordinate

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_tls13_generic.c | 134 ++++++++++++++----------------------
 1 file changed, 53 insertions(+), 81 deletions(-)

diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 66c6678ec3..2a8695a475 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -295,29 +295,7 @@ static void ssl_tls13_create_verify_structure( unsigned char *transcript_hash,
                                        1 +                          \
                                       MBEDTLS_TLS1_3_MD_MAX_SIZE    \
                                     )
-/* Coordinate: Check whether a certificate verify message is expected.
- * Returns a negative value on failure, and otherwise
- * - SSL_CERTIFICATE_VERIFY_SKIP
- * - SSL_CERTIFICATE_VERIFY_READ
- * to indicate if the CertificateVerify message should be present or not.
- */
-#define SSL_CERTIFICATE_VERIFY_SKIP 0
-#define SSL_CERTIFICATE_VERIFY_READ 1
-static int ssl_tls13_process_certificate_verify_coordinate(
-                                    mbedtls_ssl_context *ssl )
-{
-    if( mbedtls_ssl_tls1_3_some_psk_enabled( ssl ) )
-        return( SSL_CERTIFICATE_VERIFY_SKIP );
 
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
-    if( ssl->session_negotiate->peer_cert == NULL )
-        return( SSL_CERTIFICATE_VERIFY_SKIP );
-    return( SSL_CERTIFICATE_VERIFY_READ );
-#else
-    MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-    return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
-}
 
 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
 static int ssl_tls13_sig_alg_is_offered( mbedtls_ssl_context *ssl, uint16_t sig_alg )
@@ -493,77 +471,71 @@ static int ssl_tls13_process_certificate_verify_parse( mbedtls_ssl_context *ssl,
 
 int mbedtls_ssl_tls13_process_certificate_verify( mbedtls_ssl_context *ssl )
 {
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    /* Coordination step */
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+    unsigned char verify_buffer[SSL_VERIFY_STRUCT_MAX_SIZE];
+    size_t verify_buffer_len;
+    unsigned char transcript[MBEDTLS_TLS1_3_MD_MAX_SIZE];
+    size_t transcript_len;
+    unsigned char *buf;
+    size_t buf_len;
+
+    if( mbedtls_ssl_tls1_3_some_psk_enabled( ssl ) )
+        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+
+    if( ssl->session_negotiate->peer_cert == NULL )
+        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+
+
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate verify" ) );
 
-    MBEDTLS_SSL_PROC_CHK_NEG( ssl_tls13_process_certificate_verify_coordinate( ssl ) );
+    MBEDTLS_SSL_PROC_CHK(
+        mbedtls_ssl_tls1_3_fetch_handshake_msg( ssl,
+                MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, &buf, &buf_len ) );
 
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) // TBD: double-check
-    if( ret == SSL_CERTIFICATE_VERIFY_READ )
+    /* Need to calculate the hash of the transcript first
+        * before reading the message since otherwise it gets
+        * included in the transcript
+        */
+    ret = mbedtls_ssl_get_handshake_transcript( ssl,
+                            ssl->handshake->ciphersuite_info->mac,
+                            transcript, sizeof( transcript ),
+                            &transcript_len );
+    if( ret != 0 )
     {
-        unsigned char verify_buffer[SSL_VERIFY_STRUCT_MAX_SIZE];
-        size_t verify_buffer_len;
-        unsigned char transcript[MBEDTLS_TLS1_3_MD_MAX_SIZE];
-        size_t transcript_len;
-        unsigned char *buf;
-        size_t buf_len;
-
-        MBEDTLS_SSL_PROC_CHK(
-            mbedtls_ssl_tls1_3_fetch_handshake_msg( ssl,
-                    MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, &buf, &buf_len ) );
-
-        /* Need to calculate the hash of the transcript first
-         * before reading the message since otherwise it gets
-         * included in the transcript
-         */
-        ret = mbedtls_ssl_get_handshake_transcript( ssl,
-                               ssl->handshake->ciphersuite_info->mac,
-                               transcript, sizeof( transcript ),
-                               &transcript_len );
-        if( ret != 0 )
-        {
-            MBEDTLS_SSL_PEND_FATAL_ALERT(
-                MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR,
-                MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-            return( ret );
-        }
-
-        MBEDTLS_SSL_DEBUG_BUF( 3, "handshake hash", transcript, transcript_len );
-
-        /* Create verify structure */
-        ssl_tls13_create_verify_structure( transcript,
-                                           transcript_len,
-                                           verify_buffer,
-                                           &verify_buffer_len,
-                                           !ssl->conf->endpoint );
-
-        /* Process the message contents */
-        MBEDTLS_SSL_PROC_CHK(
-            ssl_tls13_process_certificate_verify_parse( ssl,
-                buf, buf + buf_len, verify_buffer, verify_buffer_len ) );
-
-        mbedtls_ssl_tls1_3_add_hs_msg_to_checksum( ssl,
-                            MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, buf, buf_len );
-    }
-    else
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
-    if( ret == SSL_CERTIFICATE_VERIFY_SKIP )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate verify" ) );
-    }
-    else
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+        MBEDTLS_SSL_PEND_FATAL_ALERT(
+            MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR,
+            MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+        return( ret );
     }
 
+    MBEDTLS_SSL_DEBUG_BUF( 3, "handshake hash", transcript, transcript_len );
+
+    /* Create verify structure */
+    ssl_tls13_create_verify_structure( transcript,
+                                        transcript_len,
+                                        verify_buffer,
+                                        &verify_buffer_len,
+                                        !ssl->conf->endpoint );
+
+    /* Process the message contents */
+    MBEDTLS_SSL_PROC_CHK(
+        ssl_tls13_process_certificate_verify_parse( ssl,
+            buf, buf + buf_len, verify_buffer, verify_buffer_len ) );
+
+    mbedtls_ssl_tls1_3_add_hs_msg_to_checksum( ssl,
+                        MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, buf, buf_len );
 
 cleanup:
 
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse certificate verify" ) );
     return( ret );
+#else
+    ((void) ssl);
+    MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+    return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
 }
 
 /*

From 0b32c502a407a107800786043ea2ad35227e3f16 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Thu, 28 Oct 2021 13:41:59 +0800
Subject: [PATCH 863/966] fix various issues

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_tls13_generic.c | 138 ++++++++++++++++--------------------
 1 file changed, 61 insertions(+), 77 deletions(-)

diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 2a8695a475..d42e463a93 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -218,57 +218,6 @@ int mbedtls_ssl_tls13_write_sig_alg_ext( mbedtls_ssl_context *ssl,
     return( 0 );
 }
 
-/*
- * The ssl_tls13_create_verify_structure() creates the verify structure.
- * As input, it requires the transcript hash.
- *
- * The caller has to ensure that the buffer has size at least
- * SSL_VERIFY_STRUCT_MAX_SIZE bytes.
- */
-static void ssl_tls13_create_verify_structure( unsigned char *transcript_hash,
-                                               size_t transcript_hash_len,
-                                               unsigned char *verify_buffer,
-                                               size_t *verify_buffer_len,
-                                               int from )
-{
-    size_t idx;
-
-    /* RFC 8446, Section 4.4.3:
-     *
-     * The digital signature [in the CertificateVerify message] is then
-     * computed over the concatenation of:
-     * -  A string that consists of octet 32 (0x20) repeated 64 times
-     * -  The context string
-     * -  A single 0 byte which serves as the separator
-     * -  The content to be signed
-     */
-    uint8_t const verify_padding_val = 0x20;
-    size_t const verify_padding_len = 64;
-
-    memset( verify_buffer, verify_padding_val, verify_padding_len );
-    idx = verify_padding_len;
-
-    if( from == MBEDTLS_SSL_IS_CLIENT )
-    {
-        memcpy( verify_buffer + idx, MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( client_cv ) );
-        idx += MBEDTLS_SSL_TLS1_3_LBL_LEN( client_cv );
-    }
-    else
-    { /* from == MBEDTLS_SSL_IS_SERVER */
-        memcpy( verify_buffer + idx, MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( server_cv ) );
-        idx += MBEDTLS_SSL_TLS1_3_LBL_LEN( server_cv );
-    }
-
-    verify_buffer[idx++] = 0x0;
-
-    memcpy( verify_buffer + idx, transcript_hash, transcript_hash_len );
-    idx += transcript_hash_len;
-
-    *verify_buffer_len = idx;
-}
-
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
-
 /*
  * STATE HANDLING: Read CertificateVerify
  */
@@ -296,8 +245,52 @@ static void ssl_tls13_create_verify_structure( unsigned char *transcript_hash,
                                       MBEDTLS_TLS1_3_MD_MAX_SIZE    \
                                     )
 
+/*
+ * The ssl_tls13_create_verify_structure() creates the verify structure.
+ * As input, it requires the transcript hash.
+ *
+ * The caller has to ensure that the buffer has size at least
+ * SSL_VERIFY_STRUCT_MAX_SIZE bytes.
+ */
+static void ssl_tls13_create_verify_structure( unsigned char *transcript_hash,
+                                               size_t transcript_hash_len,
+                                               unsigned char *verify_buffer,
+                                               size_t *verify_buffer_len,
+                                               int from )
+{
+    size_t idx;
+
+    /* RFC 8446, Section 4.4.3:
+     *
+     * The digital signature [in the CertificateVerify message] is then
+     * computed over the concatenation of:
+     * -  A string that consists of octet 32 (0x20) repeated 64 times
+     * -  The context string
+     * -  A single 0 byte which serves as the separator
+     * -  The content to be signed
+     */
+    memset( verify_buffer, 0x20, 64 );
+    idx = 64;
+
+    if( from == MBEDTLS_SSL_IS_CLIENT )
+    {
+        memcpy( verify_buffer + idx, MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( client_cv ) );
+        idx += MBEDTLS_SSL_TLS1_3_LBL_LEN( client_cv );
+    }
+    else
+    { /* from == MBEDTLS_SSL_IS_SERVER */
+        memcpy( verify_buffer + idx, MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( server_cv ) );
+        idx += MBEDTLS_SSL_TLS1_3_LBL_LEN( server_cv );
+    }
+
+    verify_buffer[idx++] = 0x0;
+
+    memcpy( verify_buffer + idx, transcript_hash, transcript_hash_len );
+    idx += transcript_hash_len;
+
+    *verify_buffer_len = idx;
+}
 
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
 static int ssl_tls13_sig_alg_is_offered( mbedtls_ssl_context *ssl, uint16_t sig_alg )
 {
     const uint16_t *tls13_sig_alg = ssl->conf->tls13_sig_algs;
@@ -310,7 +303,7 @@ static int ssl_tls13_sig_alg_is_offered( mbedtls_ssl_context *ssl, uint16_t sig_
     return 0;
 }
 
-static int ssl_tls13_process_certificate_verify_parse( mbedtls_ssl_context *ssl,
+static int ssl_tls13_parse_certificate_verify( mbedtls_ssl_context *ssl,
                                                        const unsigned char *buf,
                                                        const unsigned char *end,
                                                        const unsigned char *verify_buffer,
@@ -350,7 +343,7 @@ static int ssl_tls13_process_certificate_verify_parse( mbedtls_ssl_context *ssl,
      * Check if algorithm in offered signature algorithms. Send `unsupported_certificate`
      * alert message on failure.
      */
-    if( ssl_tls13_sig_alg_is_offered( ssl, algorithm ) == 0 )
+    if( ! ssl_tls13_sig_alg_is_offered( ssl, algorithm ) )
     {
         /* algorithm not in offered signature algorithms list */
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "Received signature algorithm(%04x) is not "
@@ -429,12 +422,9 @@ static int ssl_tls13_process_certificate_verify_parse( mbedtls_ssl_context *ssl,
             break;
 #endif /* MBEDTLS_SHA512_C */
 
-    default:
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "Certificate Verify: Unknown signature algorithm." ) );
-        MBEDTLS_SSL_PEND_FATAL_ALERT(
-                    MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT,
-                    MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
-        return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+        default:
+            ret = MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
+            break;
     }
 
     if( ret != 0 )
@@ -481,13 +471,6 @@ int mbedtls_ssl_tls13_process_certificate_verify( mbedtls_ssl_context *ssl )
     unsigned char *buf;
     size_t buf_len;
 
-    if( mbedtls_ssl_tls1_3_some_psk_enabled( ssl ) )
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-
-    if( ssl->session_negotiate->peer_cert == NULL )
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-
-
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate verify" ) );
 
     MBEDTLS_SSL_PROC_CHK(
@@ -495,9 +478,9 @@ int mbedtls_ssl_tls13_process_certificate_verify( mbedtls_ssl_context *ssl )
                 MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, &buf, &buf_len ) );
 
     /* Need to calculate the hash of the transcript first
-        * before reading the message since otherwise it gets
-        * included in the transcript
-        */
+     * before reading the message since otherwise it gets
+     * included in the transcript
+     */
     ret = mbedtls_ssl_get_handshake_transcript( ssl,
                             ssl->handshake->ciphersuite_info->mac,
                             transcript, sizeof( transcript ),
@@ -514,15 +497,16 @@ int mbedtls_ssl_tls13_process_certificate_verify( mbedtls_ssl_context *ssl )
 
     /* Create verify structure */
     ssl_tls13_create_verify_structure( transcript,
-                                        transcript_len,
-                                        verify_buffer,
-                                        &verify_buffer_len,
-                                        !ssl->conf->endpoint );
+                                       transcript_len,
+                                       verify_buffer,
+                                       &verify_buffer_len,
+                                       ( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) ?
+                                         MBEDTLS_SSL_IS_SERVER :
+                                         MBEDTLS_SSL_IS_CLIENT );
 
     /* Process the message contents */
-    MBEDTLS_SSL_PROC_CHK(
-        ssl_tls13_process_certificate_verify_parse( ssl,
-            buf, buf + buf_len, verify_buffer, verify_buffer_len ) );
+    MBEDTLS_SSL_PROC_CHK( ssl_tls13_parse_certificate_verify( ssl, buf,
+                            buf + buf_len, verify_buffer, verify_buffer_len ) );
 
     mbedtls_ssl_tls1_3_add_hs_msg_to_checksum( ssl,
                         MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, buf, buf_len );

From d0fc585b7e686c4837c5b9cb5e26f00c68d16aa6 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Fri, 29 Oct 2021 11:09:06 +0800
Subject: [PATCH 864/966] fix various issues

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_tls13_generic.c | 33 +++++++++++++++++----------------
 1 file changed, 17 insertions(+), 16 deletions(-)

diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index d42e463a93..c83c98b186 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -221,14 +221,14 @@ int mbedtls_ssl_tls13_write_sig_alg_ext( mbedtls_ssl_context *ssl,
 /*
  * STATE HANDLING: Read CertificateVerify
  */
-/* Macro to express the length of the verify structure length.
+/* Macro to express the maximum length of the verify structure.
  *
  * The structure is computed per TLS 1.3 specification as:
  *   - 64 bytes of octet 32,
  *   - 33 bytes for the context string
  *        (which is either "TLS 1.3, client CertificateVerify"
  *         or "TLS 1.3, server CertificateVerify"),
- *   - 1 byte for the octet 0x0, which servers as a separator,
+ *   - 1 byte for the octet 0x0, which serves as a separator,
  *   - 32 or 48 bytes for the Transcript-Hash(Handshake Context, Certificate)
  *     (depending on the size of the transcript_hash)
  *
@@ -252,7 +252,7 @@ int mbedtls_ssl_tls13_write_sig_alg_ext( mbedtls_ssl_context *ssl,
  * The caller has to ensure that the buffer has size at least
  * SSL_VERIFY_STRUCT_MAX_SIZE bytes.
  */
-static void ssl_tls13_create_verify_structure( unsigned char *transcript_hash,
+static void ssl_tls13_create_verify_structure( const unsigned char *transcript_hash,
                                                size_t transcript_hash_len,
                                                unsigned char *verify_buffer,
                                                size_t *verify_buffer_len,
@@ -291,23 +291,24 @@ static void ssl_tls13_create_verify_structure( unsigned char *transcript_hash,
     *verify_buffer_len = idx;
 }
 
-static int ssl_tls13_sig_alg_is_offered( mbedtls_ssl_context *ssl, uint16_t sig_alg )
+static int ssl_tls13_sig_alg_is_offered( const mbedtls_ssl_context *ssl,
+                                         uint16_t sig_alg )
 {
     const uint16_t *tls13_sig_alg = ssl->conf->tls13_sig_algs;
 
-    for( ; *tls13_sig_alg !=MBEDTLS_TLS13_SIG_NONE ; tls13_sig_alg++ )
+    for( ; *tls13_sig_alg != MBEDTLS_TLS13_SIG_NONE ; tls13_sig_alg++ )
     {
         if( *tls13_sig_alg == sig_alg )
-            return 1;
+            return( 1 );
     }
-    return 0;
+    return( 0 );
 }
 
 static int ssl_tls13_parse_certificate_verify( mbedtls_ssl_context *ssl,
-                                                       const unsigned char *buf,
-                                                       const unsigned char *end,
-                                                       const unsigned char *verify_buffer,
-                                                       size_t verify_buffer_len )
+                                               const unsigned char *buf,
+                                               const unsigned char *end,
+                                               const unsigned char *verify_buffer,
+                                               size_t verify_buffer_len )
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     const unsigned char *p = buf;
@@ -315,7 +316,7 @@ static int ssl_tls13_parse_certificate_verify( mbedtls_ssl_context *ssl,
     size_t signature_len;
     mbedtls_pk_type_t sig_alg;
     mbedtls_md_type_t md_alg;
-    unsigned char verify_hash[MBEDTLS_TLS1_3_MD_MAX_SIZE];
+    unsigned char verify_hash[MBEDTLS_MD_MAX_SIZE];
     size_t verify_hash_len;
 
     /*
@@ -340,7 +341,7 @@ static int ssl_tls13_parse_certificate_verify( mbedtls_ssl_context *ssl,
      * certificates and decides to abort the handshake, then it MUST abort the handshake
      * with an appropriate certificate-related alert (by default, "unsupported_certificate").
      *
-     * Check if algorithm in offered signature algorithms. Send `unsupported_certificate`
+     * Check if algorithm is an offered signature algorithm. Send `unsupported_certificate`
      * alert message on failure.
      */
     if( ! ssl_tls13_sig_alg_is_offered( ssl, algorithm ) )
@@ -352,7 +353,7 @@ static int ssl_tls13_parse_certificate_verify( mbedtls_ssl_context *ssl,
         MBEDTLS_SSL_PEND_FATAL_ALERT(
             MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT,
             MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
-        return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
+        return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
     }
 
     /* We currently only support ECDSA-based signatures */
@@ -441,7 +442,7 @@ static int ssl_tls13_parse_certificate_verify( mbedtls_ssl_context *ssl,
     if( ( ret = mbedtls_pk_verify_ext( sig_alg, NULL,
                                        &ssl->session_negotiate->peer_cert->pk,
                                        md_alg, verify_hash, verify_hash_len,
-                                       buf, signature_len ) ) != 0 )
+                                       p, signature_len ) ) != 0 )
     {
         MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_verify_ext", ret );
 
@@ -455,7 +456,7 @@ static int ssl_tls13_parse_certificate_verify( mbedtls_ssl_context *ssl,
         return( ret );
     }
 
-    return( ret );
+    return( 0 );
 }
 #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
 

From daac3593318e57390baa7ba77e312e2ce963bab2 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Fri, 29 Oct 2021 20:01:42 +0800
Subject: [PATCH 865/966] Change check condition order

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 tests/ssl-opt.sh | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 993021013c..d43f43dbac 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -8831,8 +8831,8 @@ run_test    "TLS1.3: Test client hello msg work - openssl" \
             -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
             -c "ECDH curve: x25519"         \
             -c "=> ssl_tls1_3_process_server_hello" \
-            -c "Certificate verification flags clear" \
-            -c "<= parse encrypted extensions"
+            -c "<= parse encrypted extensions"      \
+            -c "Certificate verification flags clear"
 
 requires_gnutls_tls1_3
 requires_gnutls_next_no_ticket
@@ -8861,8 +8861,8 @@ run_test    "TLS1.3: Test client hello msg work - gnutls" \
             -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
             -c "ECDH curve: x25519"         \
             -c "=> ssl_tls1_3_process_server_hello" \
-            -c "Certificate verification flags clear" \
-            -c "<= parse encrypted extensions"
+            -c "<= parse encrypted extensions"      \
+            -c "Certificate verification flags clear"
 
 # Test heap memory usage after handshake
 requires_config_enabled MBEDTLS_MEMORY_DEBUG

From 6f87f2521c8da36e68b074c92774e30aa20fca44 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Fri, 29 Oct 2021 20:12:51 +0800
Subject: [PATCH 866/966] Refactor ssl_tls13_parse_certificate_verify

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_tls13_generic.c | 48 ++++++++++++++-----------------------
 1 file changed, 18 insertions(+), 30 deletions(-)

diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index c83c98b186..45692d8771 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -341,8 +341,7 @@ static int ssl_tls13_parse_certificate_verify( mbedtls_ssl_context *ssl,
      * certificates and decides to abort the handshake, then it MUST abort the handshake
      * with an appropriate certificate-related alert (by default, "unsupported_certificate").
      *
-     * Check if algorithm is an offered signature algorithm. Send `unsupported_certificate`
-     * alert message on failure.
+     * Check if algorithm is an offered signature algorithm.
      */
     if( ! ssl_tls13_sig_alg_is_offered( ssl, algorithm ) )
     {
@@ -350,10 +349,7 @@ static int ssl_tls13_parse_certificate_verify( mbedtls_ssl_context *ssl,
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "Received signature algorithm(%04x) is not "
                                     "offered.",
                                     ( unsigned int ) algorithm ) );
-        MBEDTLS_SSL_PEND_FATAL_ALERT(
-            MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT,
-            MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
-        return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+        goto error;
     }
 
     /* We currently only support ECDSA-based signatures */
@@ -373,10 +369,7 @@ static int ssl_tls13_parse_certificate_verify( mbedtls_ssl_context *ssl,
             break;
         default:
             MBEDTLS_SSL_DEBUG_MSG( 1, ( "Certificate Verify: Unknown signature algorithm." ) );
-            MBEDTLS_SSL_PEND_FATAL_ALERT(
-                MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT,
-                MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
-            return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+            goto error;
     }
 
     MBEDTLS_SSL_DEBUG_MSG( 3, ( "Certificate Verify: Signature algorithm ( %04x )",
@@ -388,10 +381,7 @@ static int ssl_tls13_parse_certificate_verify( mbedtls_ssl_context *ssl,
     if( !mbedtls_pk_can_do( &ssl->session_negotiate->peer_cert->pk, sig_alg ) )
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "signature algorithm doesn't match cert key" ) );
-        MBEDTLS_SSL_PEND_FATAL_ALERT(
-            MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT,
-            MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
-        return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+        goto error;
     }
 
     MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2 );
@@ -431,10 +421,7 @@ static int ssl_tls13_parse_certificate_verify( mbedtls_ssl_context *ssl,
     if( ret != 0 )
     {
         MBEDTLS_SSL_DEBUG_RET( 1, "hash computation error", ret );
-        MBEDTLS_SSL_PEND_FATAL_ALERT(
-                        MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT,
-                        MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
-        return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+        goto error;
     }
 
     MBEDTLS_SSL_DEBUG_BUF( 3, "verify hash", verify_hash, verify_hash_len );
@@ -442,21 +429,22 @@ static int ssl_tls13_parse_certificate_verify( mbedtls_ssl_context *ssl,
     if( ( ret = mbedtls_pk_verify_ext( sig_alg, NULL,
                                        &ssl->session_negotiate->peer_cert->pk,
                                        md_alg, verify_hash, verify_hash_len,
-                                       p, signature_len ) ) != 0 )
+                                       p, signature_len ) ) == 0 )
     {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_verify_ext", ret );
-
-        /* RFC 8446 section 4.4.3
-         *
-         * If the verification fails, the receiver MUST terminate the handshake
-         * with a "decrypt_error" alert.
-         */
-        MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR, ret );
-
-        return( ret );
+        return( 0 );
     }
+    MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_verify_ext", ret );
+
+error:
+    /* RFC 8446 section 4.4.3
+     *
+     * If the verification fails, the receiver MUST terminate the handshake
+     * with a "decrypt_error" alert.
+    */
+    MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR,
+                                  MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+    return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
 
-    return( 0 );
 }
 #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
 

From 7f813d5d88e4ba3f9127d65ff0280a40816fd781 Mon Sep 17 00:00:00 2001
From: Brett Warren <brett.warren@arm.com>
Date: Wed, 20 Oct 2021 23:08:38 +0100
Subject: [PATCH 867/966] add group api tests

Signed-off-by: Brett Warren <brett.warren@arm.com>
---
 tests/suites/test_suite_ssl.data     |  6 +++
 tests/suites/test_suite_ssl.function | 69 ++++++++++++++++++++++++++++
 2 files changed, 75 insertions(+)

diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data
index 25eefb3ab9..9dabb51c21 100644
--- a/tests/suites/test_suite_ssl.data
+++ b/tests/suites/test_suite_ssl.data
@@ -6229,3 +6229,9 @@ ssl_cf_memcpy_offset:0:255:32
 # we could get this with 255-bytes plaintext and untruncated SHA-384
 Constant-flow memcpy from offset: large
 ssl_cf_memcpy_offset:100:339:48
+
+Test configuration of groups for DHE through mbedtls_ssl_conf_curves()
+conf_curve:
+
+Test configuration of groups for DHE through mbedtls_ssl_conf_groups()
+conf_group:
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 69d2e0066c..75eda1dcd2 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -4881,3 +4881,72 @@ exit:
 
 }
 /* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_ECP_C:!MBEDTLS_DEPRECATED_REMOVED:!MBEDTLS_DEPRECATED_WARNING:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_ECP_DP_SECP224R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED */
+void conf_curve()
+{
+
+    mbedtls_ecp_group_id curve_list[] = { MBEDTLS_ECP_DP_SECP192R1,
+                                          MBEDTLS_ECP_DP_SECP224R1,
+                                          MBEDTLS_ECP_DP_SECP256R1,
+                                          MBEDTLS_ECP_DP_NONE };
+    mbedtls_ecp_group_id iana_tls_group_list[] = { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1,
+                                         MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1,
+                                         MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1,
+                                         MBEDTLS_SSL_IANA_TLS_GROUP_NONE };
+
+    mbedtls_ssl_config conf;
+    mbedtls_ssl_config_init( &conf );
+
+    mbedtls_ssl_conf_max_version( &conf, 3, 3 );
+    mbedtls_ssl_conf_min_version( &conf, 3, 3 );
+    mbedtls_ssl_conf_curves( &conf, curve_list );
+
+    mbedtls_ssl_context ssl;
+    mbedtls_ssl_init( &ssl );
+    mbedtls_ssl_setup( &ssl, &conf );
+
+    TEST_ASSERT( ssl.handshake != NULL && ssl.handshake->group_list != NULL );
+    TEST_ASSERT( ssl.conf != NULL && ssl.conf->group_list == NULL );
+
+    TEST_EQUAL( ssl.handshake->group_list[ARRAY_LENGTH( iana_tls_group_list ) - 1], MBEDTLS_SSL_IANA_TLS_GROUP_NONE );
+
+    for( size_t i = 0; i < ARRAY_LENGTH( iana_tls_group_list ); i++ )
+        TEST_EQUAL( iana_tls_group_list[i], ssl.handshake->group_list[i] );
+
+    mbedtls_ssl_free( &ssl );
+    mbedtls_ssl_config_free( &conf );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_DEPRECATED_REMOVED */
+void conf_group()
+{
+    uint16_t iana_tls_group_list[] = { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1,
+                             MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1,
+                             MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1,
+                             MBEDTLS_SSL_IANA_TLS_GROUP_NONE };
+
+    mbedtls_ssl_config conf;
+    mbedtls_ssl_config_init( &conf );
+
+    mbedtls_ssl_conf_max_version( &conf, 3, 3 );
+    mbedtls_ssl_conf_min_version( &conf, 3, 3 );
+
+    mbedtls_ssl_conf_groups( &conf, iana_tls_group_list );
+
+    mbedtls_ssl_context ssl;
+    mbedtls_ssl_init( &ssl );
+    mbedtls_ssl_setup( &ssl, &conf );
+
+    TEST_ASSERT( ssl.conf != NULL && ssl.conf->group_list != NULL );
+
+    TEST_EQUAL( ssl.conf->group_list[ARRAY_LENGTH( iana_tls_group_list ) - 1], MBEDTLS_SSL_IANA_TLS_GROUP_NONE );
+
+    for( size_t i = 0; i < ARRAY_LENGTH( iana_tls_group_list ); i++ )
+         TEST_EQUAL( iana_tls_group_list[i], ssl.conf->group_list[i] );
+
+    mbedtls_ssl_free( &ssl );
+    mbedtls_ssl_config_free( &conf );
+}
+/* END_CASE */

From 01f3dae3f30d4c016ed7b1b5cb251d5e5abaceb5 Mon Sep 17 00:00:00 2001
From: Brett Warren <brett.warren@arm.com>
Date: Tue, 17 Aug 2021 13:50:51 +0100
Subject: [PATCH 868/966] Refactor elliptic curve extension for NamedGroups

The refactoring is needed for the group api to work
properly. Code is modified to use mbedtls_get_supported_groups
instead of direct access so that both deprecated and new api
are useable.

Signed-off-by: Brett Warren <brett.warren@arm.com>
---
 library/ssl_cli.c | 32 ++++++++++++--------------------
 library/ssl_srv.c |  8 +++++---
 2 files changed, 17 insertions(+), 23 deletions(-)

diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 9120aa2f75..9fc8041262 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -309,27 +309,32 @@ static int ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl,
     unsigned char *elliptic_curve_list = p + 6;
     size_t elliptic_curve_len = 0;
     const mbedtls_ecp_curve_info *info;
-    const mbedtls_ecp_group_id *grp_id;
-
+    const uint16_t *group_list = mbedtls_ssl_get_groups( ssl );
     *olen = 0;
 
+    /* Check there is room for header */
+    MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 );
+
     MBEDTLS_SSL_DEBUG_MSG( 3,
         ( "client hello, adding supported_elliptic_curves extension" ) );
 
-    if( ssl->conf->curve_list == NULL )
+    if( group_list == NULL )
         return( MBEDTLS_ERR_SSL_BAD_CONFIG );
 
-    for( grp_id = ssl->conf->curve_list;
-         *grp_id != MBEDTLS_ECP_DP_NONE;
-         grp_id++ )
+    for( ; *group_list != 0; group_list++ )
     {
-        info = mbedtls_ecp_curve_info_from_grp_id( *grp_id );
+        info = mbedtls_ecp_curve_info_from_tls_id( *group_list );
         if( info == NULL )
         {
             MBEDTLS_SSL_DEBUG_MSG( 1,
                 ( "invalid curve in ssl configuration" ) );
             return( MBEDTLS_ERR_SSL_BAD_CONFIG );
         }
+
+        /* Check there is room for another curve */
+        MBEDTLS_SSL_CHK_BUF_PTR( elliptic_curve_list, end, elliptic_curve_len + 2 );
+
+        MBEDTLS_PUT_UINT16_BE( *group_list, elliptic_curve_list, elliptic_curve_len );
         elliptic_curve_len += 2;
 
         if( elliptic_curve_len > MBEDTLS_SSL_MAX_CURVE_LIST_LEN )
@@ -344,19 +349,6 @@ static int ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl,
     if( elliptic_curve_len == 0 )
         return( MBEDTLS_ERR_SSL_BAD_CONFIG );
 
-    MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 + elliptic_curve_len );
-
-    elliptic_curve_len = 0;
-
-    for( grp_id = ssl->conf->curve_list;
-         *grp_id != MBEDTLS_ECP_DP_NONE;
-         grp_id++ )
-    {
-        info = mbedtls_ecp_curve_info_from_grp_id( *grp_id );
-        elliptic_curve_list[elliptic_curve_len++] = MBEDTLS_BYTE_1( info->tls_id );
-        elliptic_curve_list[elliptic_curve_len++] = MBEDTLS_BYTE_0( info->tls_id );
-    }
-
     MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES, p, 0 );
     p += 2;
 
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index e27fdff5e3..881b1fd695 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -3036,14 +3036,16 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl,
          * } ServerECDHParams;
          */
         const mbedtls_ecp_curve_info **curve = NULL;
-        const mbedtls_ecp_group_id *gid;
+        const uint16_t *group_list = mbedtls_ssl_get_groups( ssl );
         int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
         size_t len = 0;
 
         /* Match our preference list against the offered curves */
-        for( gid = ssl->conf->curve_list; *gid != MBEDTLS_ECP_DP_NONE; gid++ )
+        if( group_list == NULL )
+            return( MBEDTLS_ERR_SSL_BAD_CONFIG );
+        for( ; *group_list != 0; group_list++ )
             for( curve = ssl->handshake->curves; *curve != NULL; curve++ )
-                if( (*curve)->grp_id == *gid )
+                if( (*curve)->tls_id == *group_list )
                     goto curve_matching_done;
 
 curve_matching_done:

From 25386b7652570098093af149160c19b08cdfa14d Mon Sep 17 00:00:00 2001
From: Brett Warren <brett.warren@arm.com>
Date: Tue, 17 Aug 2021 09:32:04 +0100
Subject: [PATCH 869/966] Refactor ssl_{server2,client2} for NamedGroup IDs

Signed-off-by: Brett Warren <brett.warren@arm.com>
---
 programs/ssl/ssl_client2.c | 10 +++++-----
 programs/ssl/ssl_server2.c | 10 +++++-----
 2 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index a02d977ec9..19e74be876 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -678,7 +678,7 @@ int main( int argc, char *argv[] )
 #endif
 
 #if defined(MBEDTLS_ECP_C)
-    mbedtls_ecp_group_id curve_list[CURVE_LIST_SIZE];
+    uint16_t group_list[CURVE_LIST_SIZE];
     const mbedtls_ecp_curve_info *curve_cur;
 #endif
 #if defined(MBEDTLS_SSL_DTLS_SRTP)
@@ -1452,7 +1452,7 @@ int main( int argc, char *argv[] )
 
         if( strcmp( p, "none" ) == 0 )
         {
-            curve_list[0] = MBEDTLS_ECP_DP_NONE;
+            group_list[0] = 0;
         }
         else if( strcmp( p, "default" ) != 0 )
         {
@@ -1469,7 +1469,7 @@ int main( int argc, char *argv[] )
 
                 if( ( curve_cur = mbedtls_ecp_curve_info_from_name( q ) ) != NULL )
                 {
-                    curve_list[i++] = curve_cur->grp_id;
+                    group_list[i++] = curve_cur->tls_id;
                 }
                 else
                 {
@@ -1495,7 +1495,7 @@ int main( int argc, char *argv[] )
                 goto exit;
             }
 
-            curve_list[i] = MBEDTLS_ECP_DP_NONE;
+            group_list[i] = 0;
         }
     }
 #endif /* MBEDTLS_ECP_C */
@@ -1889,7 +1889,7 @@ int main( int argc, char *argv[] )
     if( opt.curves != NULL &&
         strcmp( opt.curves, "default" ) != 0 )
     {
-        mbedtls_ssl_conf_curves( &conf, curve_list );
+        mbedtls_ssl_conf_groups( &conf, group_list );
     }
 #endif
 
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 40a6902294..dd28ef3309 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -1326,7 +1326,7 @@ int main( int argc, char *argv[] )
     sni_entry *sni_info = NULL;
 #endif
 #if defined(MBEDTLS_ECP_C)
-    mbedtls_ecp_group_id curve_list[CURVE_LIST_SIZE];
+    uint16_t group_list[CURVE_LIST_SIZE];
     const mbedtls_ecp_curve_info * curve_cur;
 #endif
 #if defined(MBEDTLS_SSL_ALPN)
@@ -2177,7 +2177,7 @@ int main( int argc, char *argv[] )
 
         if( strcmp( p, "none" ) == 0 )
         {
-            curve_list[0] = MBEDTLS_ECP_DP_NONE;
+            group_list[0] = 0;
         }
         else if( strcmp( p, "default" ) != 0 )
         {
@@ -2194,7 +2194,7 @@ int main( int argc, char *argv[] )
 
                 if( ( curve_cur = mbedtls_ecp_curve_info_from_name( q ) ) != NULL )
                 {
-                    curve_list[i++] = curve_cur->grp_id;
+                    group_list[i++] = curve_cur->tls_id;
                 }
                 else
                 {
@@ -2220,7 +2220,7 @@ int main( int argc, char *argv[] )
                 goto exit;
             }
 
-            curve_list[i] = MBEDTLS_ECP_DP_NONE;
+            group_list[i] = 0;
         }
     }
 #endif /* MBEDTLS_ECP_C */
@@ -2857,7 +2857,7 @@ int main( int argc, char *argv[] )
     if( opt.curves != NULL &&
         strcmp( opt.curves, "default" ) != 0 )
     {
-        mbedtls_ssl_conf_curves( &conf, curve_list );
+        mbedtls_ssl_conf_groups( &conf, group_list );
     }
 #endif
 

From 14efd33a6cca867eabaf1e356cd8366345571612 Mon Sep 17 00:00:00 2001
From: Brett Warren <brett.warren@arm.com>
Date: Wed, 6 Oct 2021 09:32:11 +0100
Subject: [PATCH 870/966] Convert TLS1.3 functions to get_supported_groups

Signed-off-by: Brett Warren <brett.warren@arm.com>
---
 library/ssl_tls13_client.c | 36 +++++++++++++++++-------------------
 1 file changed, 17 insertions(+), 19 deletions(-)

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 633bb8da2e..8fe2232ec5 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -117,36 +117,35 @@ static int ssl_tls13_write_supported_versions_ext( mbedtls_ssl_context *ssl,
  * 'elliptic_curves' and only contained elliptic curve groups.
  */
 static int ssl_tls13_write_named_group_list_ecdhe( mbedtls_ssl_context *ssl,
-                                            unsigned char *buf,
-                                            unsigned char *end,
-                                            size_t *olen )
+                                                   unsigned char *buf,
+                                                   unsigned char *end,
+                                                   size_t *olen )
 {
     unsigned char *p = buf;
 
     *olen = 0;
 
-    if( ssl->conf->curve_list == NULL )
+    const uint16_t *group_list = mbedtls_ssl_get_groups( ssl );
+
+    if( group_list == NULL )
         return( MBEDTLS_ERR_SSL_BAD_CONFIG );
 
-    for ( const mbedtls_ecp_group_id *grp_id = ssl->conf->curve_list;
-          *grp_id != MBEDTLS_ECP_DP_NONE;
-          grp_id++ )
+    for ( ; *group_list != 0; group_list++ )
     {
         const mbedtls_ecp_curve_info *info;
-        info = mbedtls_ecp_curve_info_from_grp_id( *grp_id );
+        info = mbedtls_ecp_curve_info_from_tls_id( *group_list );
         if( info == NULL )
             continue;
 
-        if( !mbedtls_ssl_tls13_named_group_is_ecdhe( info->tls_id ) )
+        if( !mbedtls_ssl_tls13_named_group_is_ecdhe( *group_list ) )
             continue;
 
         MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2);
-        MBEDTLS_PUT_UINT16_BE( info->tls_id, p, 0 );
+        MBEDTLS_PUT_UINT16_BE( *group_list, p, 0 );
         p += 2;
 
         MBEDTLS_SSL_DEBUG_MSG( 3, ( "NamedGroup: %s ( %x )",
-                  mbedtls_ecp_curve_info_from_tls_id( info->tls_id )->name,
-                  info->tls_id ) );
+                                    info->name, *group_list ) );
     }
 
     *olen = p - buf;
@@ -301,20 +300,19 @@ static int ssl_tls13_get_default_group_id( mbedtls_ssl_context *ssl,
 
 
 #if defined(MBEDTLS_ECDH_C)
+    const uint16_t *group_list = mbedtls_ssl_get_groups( ssl );
     /* Pick first available ECDHE group compatible with TLS 1.3 */
-    if( ssl->conf->curve_list == NULL )
+    if( group_list == NULL )
         return( MBEDTLS_ERR_SSL_BAD_CONFIG );
 
-    for ( const mbedtls_ecp_group_id *grp_id = ssl->conf->curve_list;
-          *grp_id != MBEDTLS_ECP_DP_NONE;
-          grp_id++ )
+    for ( ; *group_list != 0; group_list++ )
     {
         const mbedtls_ecp_curve_info *info;
-        info = mbedtls_ecp_curve_info_from_grp_id( *grp_id );
+        info = mbedtls_ecp_curve_info_from_tls_id( *group_list );
         if( info != NULL &&
-            mbedtls_ssl_tls13_named_group_is_ecdhe( info->tls_id ) )
+            mbedtls_ssl_tls13_named_group_is_ecdhe( *group_list ) )
         {
-            *group_id = info->tls_id;
+            *group_id = *group_list;
             return( 0 );
         }
     }

From 834886d2112b54dca7781d2da1a239434bd43f2c Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Sat, 30 Oct 2021 13:26:15 +0800
Subject: [PATCH 871/966] Add certificate verify check

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 tests/ssl-opt.sh | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index d43f43dbac..037dfa5188 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -8832,7 +8832,8 @@ run_test    "TLS1.3: Test client hello msg work - openssl" \
             -c "ECDH curve: x25519"         \
             -c "=> ssl_tls1_3_process_server_hello" \
             -c "<= parse encrypted extensions"      \
-            -c "Certificate verification flags clear"
+            -c "Certificate verification flags clear" \
+            -c "<= parse certificate verify"
 
 requires_gnutls_tls1_3
 requires_gnutls_next_no_ticket
@@ -8862,7 +8863,8 @@ run_test    "TLS1.3: Test client hello msg work - gnutls" \
             -c "ECDH curve: x25519"         \
             -c "=> ssl_tls1_3_process_server_hello" \
             -c "<= parse encrypted extensions"      \
-            -c "Certificate verification flags clear"
+            -c "Certificate verification flags clear" \
+            -c "<= parse certificate verify"
 
 # Test heap memory usage after handshake
 requires_config_enabled MBEDTLS_MEMORY_DEBUG

From 47413c2c8f5ad766874e279445a1e567ed9935e3 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Fri, 29 Oct 2021 17:19:41 +0800
Subject: [PATCH 872/966] fix wrong version header for tls1.3

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_msg.c | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 3795c65475..40eb57e223 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -2560,9 +2560,15 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush )
 #endif
         /* Skip writing the record content type to after the encryption,
          * as it may change when using the CID extension. */
-
-        mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver,
-                           ssl->conf->transport, ssl->out_hdr + 1 );
+        int minor_ver = ssl->minor_ver;
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+        /* TLS 1.3 still uses the TLS 1.3 version identifier
+        * for backwards compatibility. */
+        if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
+            minor_ver = MBEDTLS_SSL_MINOR_VERSION_3;
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
+        mbedtls_ssl_write_version( ssl->major_ver, minor_ver,
+                                   ssl->conf->transport, ssl->out_hdr + 1 );
 
         memcpy( ssl->out_ctr, ssl->cur_out_ctr, MBEDTLS_SSL_SEQUENCE_NUMBER_LEN );
         MBEDTLS_PUT_UINT16_BE( len, ssl->out_len, 0);
@@ -2577,7 +2583,7 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush )
             rec.data_offset = ssl->out_msg - rec.buf;
 
             memcpy( &rec.ctr[0], ssl->out_ctr, sizeof( rec.ctr ) );
-            mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver,
+            mbedtls_ssl_write_version( ssl->major_ver, minor_ver,
                                        ssl->conf->transport, rec.ver );
             rec.type = ssl->out_msgtype;
 
@@ -5619,6 +5625,7 @@ static void ssl_buffering_free_slot( mbedtls_ssl_context *ssl,
 void mbedtls_ssl_write_version( int major, int minor, int transport,
                         unsigned char ver[2] )
 {
+
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
     if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
     {

From ba9c727e94a6d26fd9c93c10759872310bd5e6f1 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Sat, 30 Oct 2021 11:54:10 +0800
Subject: [PATCH 873/966] fix memory leak issue

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_tls.c | 20 ++++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index c5079508ee..1929d8b3ee 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -5477,8 +5477,15 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl )
     psa_destroy_key( handshake->ecdh_psa_privkey );
 #endif /* MBEDTLS_ECDH_C && MBEDTLS_USE_PSA_CRYPTO */
 
-    mbedtls_platform_zeroize( handshake,
-                              sizeof( mbedtls_ssl_handshake_params ) );
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+    mbedtls_ssl_transform_free(handshake->transform_handshake);
+    mbedtls_ssl_transform_free(handshake->transform_earlydata);
+    mbedtls_free( handshake->transform_earlydata );
+    mbedtls_free( handshake->transform_handshake );
+    handshake->transform_earlydata = NULL;
+    handshake->transform_handshake = NULL;
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
+
 
 #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
     /* If the buffers are too big - reallocate. Because of the way Mbed TLS
@@ -5489,12 +5496,9 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl )
                                     mbedtls_ssl_get_output_buflen( ssl ) );
 #endif
 
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
-    mbedtls_free( handshake->transform_earlydata );
-    mbedtls_free( handshake->transform_handshake );
-    handshake->transform_earlydata = NULL;
-    handshake->transform_handshake = NULL;
-#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
+    /* mbedtls_platform_zeroize MUST be last one in this function */
+    mbedtls_platform_zeroize( handshake,
+                              sizeof( mbedtls_ssl_handshake_params ) );
 }
 
 void mbedtls_ssl_session_free( mbedtls_ssl_session *session )

From 7bc26b8c2ad82a3f1050ed9af4abb92580a18154 Mon Sep 17 00:00:00 2001
From: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
Date: Tue, 2 Nov 2021 10:50:44 +0100
Subject: [PATCH 874/966] generate_psa_tests.py: add key generation result to
 test case argument list, add comments

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
---
 scripts/mbedtls_dev/test_case.py    |  8 --------
 tests/scripts/generate_psa_tests.py | 16 ++++++++--------
 2 files changed, 8 insertions(+), 16 deletions(-)

diff --git a/scripts/mbedtls_dev/test_case.py b/scripts/mbedtls_dev/test_case.py
index 11117fcdd7..8ec2115461 100644
--- a/scripts/mbedtls_dev/test_case.py
+++ b/scripts/mbedtls_dev/test_case.py
@@ -42,7 +42,6 @@ class TestCase:
         self.dependencies = [] #type: List[str]
         self.function = None #type: Optional[str]
         self.arguments = [] #type: List[str]
-        self.result = '' #type: str
 
     def add_comment(self, *lines: str) -> None:
         self.comments += lines
@@ -59,9 +58,6 @@ class TestCase:
     def set_arguments(self, arguments: List[str]) -> None:
         self.arguments = arguments
 
-    def set_result(self, result: str) -> None:
-        self.result = result
-
     def check_completeness(self) -> None:
         if self.description is None:
             raise MissingDescription
@@ -86,10 +82,6 @@ class TestCase:
         if self.dependencies:
             out.write('depends_on:' + ':'.join(self.dependencies) + '\n')
         out.write(self.function + ':' + ':'.join(self.arguments))
-        if self.result:
-            out.write(':' + self.result + '\n')
-        else:
-            out.write('\n')
 
 def write_data_file(filename: str,
                     test_cases: Iterable[TestCase],
diff --git a/tests/scripts/generate_psa_tests.py b/tests/scripts/generate_psa_tests.py
index a850ea7cbf..7c16778969 100755
--- a/tests/scripts/generate_psa_tests.py
+++ b/tests/scripts/generate_psa_tests.py
@@ -203,7 +203,8 @@ class NotSupported:
                 # supported or not depending on implementation capabilities,
                 # only generate the test case once.
                 continue
-                # Public key cannot be generated
+                # For public key we expect that key generation fails with
+                # INVALID_ARGUMENT. It is handled by KeyGenerate class.
             if not kt.name.endswith('_PUBLIC_KEY'):
                 yield test_case_for_key_type_not_supported(
                     'generate', kt.expression, bits,
@@ -246,8 +247,7 @@ def test_case_for_key_generation(
                        .format(short_key_type, bits))
     tc.set_dependencies(dependencies)
     tc.set_function('generate_key')
-    tc.set_arguments([key_type] + list(args))
-    tc.set_result(result)
+    tc.set_arguments([key_type] + list(args) + [result])
 
     return tc
 
@@ -260,11 +260,8 @@ class KeyGenerate:
     ECC_KEY_TYPES = ('PSA_KEY_TYPE_ECC_KEY_PAIR',
                      'PSA_KEY_TYPE_ECC_PUBLIC_KEY')
 
-    RSA_KEY_TYPES = ('PSA_KEY_TYPE_RSA_KEY_PAIR',
-                     'PSA_KEY_TYPE_RSA_PUBLIC_KEY')
-
+    @staticmethod
     def test_cases_for_key_type_key_generation(
-            self,
             kt: crypto_knowledge.KeyType
     ) -> Iterator[test_case.TestCase]:
         """Return test cases exercising key generation.
@@ -279,11 +276,14 @@ class KeyGenerate:
             import_dependencies += [psa_want_symbol(sym)
                                     for i, sym in enumerate(kt.params)]
         if kt.name.endswith('_PUBLIC_KEY'):
+            # The library checks whether the key type is a public key generically,
+            # before it reaches a point where it needs support for the specific key
+            # type, so it returns INVALID_ARGUMENT for unsupported public key types.
             generate_dependencies = []
             result = 'PSA_ERROR_INVALID_ARGUMENT'
         else:
             generate_dependencies = import_dependencies
-            if kt.name in self.RSA_KEY_TYPES:
+            if kt.name == 'PSA_KEY_TYPE_RSA_KEY_PAIR':
                 generate_dependencies.append("MBEDTLS_GENPRIME")
         for bits in kt.sizes_to_test():
             yield test_case_for_key_generation(

From e3fcb5087aa07094959ae9dd992267fd0834855c Mon Sep 17 00:00:00 2001
From: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
Date: Tue, 2 Nov 2021 10:52:53 +0100
Subject: [PATCH 875/966] Adapt generate_key() test code to mbedTLS standards

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
---
 ...est_suite_psa_crypto_generate_key.function | 37 ++++++++-----------
 1 file changed, 16 insertions(+), 21 deletions(-)

diff --git a/tests/suites/test_suite_psa_crypto_generate_key.function b/tests/suites/test_suite_psa_crypto_generate_key.function
index d30c0e4876..dbe9a0ecf9 100644
--- a/tests/suites/test_suite_psa_crypto_generate_key.function
+++ b/tests/suites/test_suite_psa_crypto_generate_key.function
@@ -13,41 +13,36 @@
  */
 
 /* BEGIN_CASE */
-void generate_key( int key_type, int bits, int result)
+void generate_key( int key_type_arg, int bits_arg, int expected_status_arg)
 {
     psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     mbedtls_svc_key_id_t key_id = INVALID_KEY_ID;
 
     // key lifetiem, usage flags, algorithm are irrelevant for this test
-    psa_key_lifetime_t _key_life_time = (psa_key_lifetime_t) 0;
-    psa_key_usage_t _key_usage_flags = (psa_key_usage_t) 0;
-    psa_algorithm_t _key_algorithm = (psa_algorithm_t) 0;
-    psa_key_type_t _key_type = (psa_key_type_t) key_type;
-    size_t _key_bits = (size_t) bits;
-    psa_status_t _result = (psa_status_t) result;
+    psa_key_type_t key_type = key_type_arg;
+    size_t bits = bits_arg;
+    psa_status_t expected_status = expected_status_arg;
 
     PSA_ASSERT( psa_crypto_init( ) );
-    psa_set_key_lifetime( &attributes, _key_life_time );
-    psa_set_key_usage_flags( &attributes, _key_usage_flags );
-    psa_set_key_algorithm( &attributes, _key_algorithm );
-    psa_set_key_type( &attributes, _key_type );
-    psa_set_key_bits( &attributes, _key_bits );
+    psa_set_key_type( &attributes, key_type );
+    psa_set_key_bits( &attributes, bits );
     TEST_EQUAL( psa_generate_key( &attributes, &key_id ),
-                _result );
+                expected_status );
 
     // Verify attributes of the created key on success
-    if (_result == PSA_SUCCESS)
+    if ( expected_status == PSA_SUCCESS )
     {
-        psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
-        PSA_ASSERT( psa_get_key_attributes( key_id, &key_attributes ) );
-        TEST_EQUAL( psa_get_key_lifetime( &key_attributes ), 0 );
-        TEST_EQUAL( psa_get_key_usage_flags( &key_attributes ), 0 );
-        TEST_EQUAL( psa_get_key_algorithm( &key_attributes ), 0 );
-        TEST_EQUAL( psa_get_key_type( &key_attributes ), _key_type );
-        TEST_EQUAL( psa_get_key_bits( &key_attributes ), _key_bits );
+        psa_reset_key_attributes(&attributes);
+        PSA_ASSERT( psa_get_key_attributes( key_id, &attributes ) );
+        TEST_EQUAL( psa_get_key_lifetime( &attributes ), PSA_KEY_LIFETIME_VOLATILE );
+        TEST_EQUAL( psa_get_key_usage_flags( &attributes ), 0 );
+        TEST_EQUAL( psa_get_key_algorithm( &attributes ), 0 );
+        TEST_EQUAL( psa_get_key_type( &attributes ), key_type );
+        TEST_EQUAL( psa_get_key_bits( &attributes ), bits );
     }
 
 exit:
+    psa_reset_key_attributes(&attributes);
     psa_destroy_key( key_id );
     PSA_DONE( );
 }

From d2ea2c0df3399a55d96274d34b85aa41a775bf10 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= <bence.szepkuti@arm.com>
Date: Mon, 25 Oct 2021 20:58:14 +0200
Subject: [PATCH 876/966] Indicate errors interleaved with test suite output
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Indicate whether a success or failure is unexpected, or expected and
ignored as they happen.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
---
 tests/scripts/test_psa_compliance.py | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/tests/scripts/test_psa_compliance.py b/tests/scripts/test_psa_compliance.py
index d6fe8c4407..aa0a480e5c 100755
--- a/tests/scripts/test_psa_compliance.py
+++ b/tests/scripts/test_psa_compliance.py
@@ -52,7 +52,7 @@ def main():
     proc = subprocess.Popen(['./psa-arch-tests-crypto'],
                             bufsize=1, stdout=subprocess.PIPE, universal_newlines=True)
 
-    test_re = re.compile('^TEST(?:: ([0-9]*)| RESULT: FAILED)')
+    test_re = re.compile('^TEST(?:: ([0-9]*)| RESULT: (FAILED|PASSED))')
     test = -1
     unexpected_successes = set(EXPECTED_FAILURES)
     expected_failures = []
@@ -63,12 +63,16 @@ def main():
         if match is not None:
             if match.group(1) is not None:
                 test = int(match.group(1))
-            else:
+            elif match.group(2) == 'FAILED':
                 try:
                     unexpected_successes.remove(test)
                     expected_failures.append(test)
+                    print('Expected failure, ignoring')
                 except KeyError:
                     unexpected_failures.append(test)
+                    print('ERROR: Unexpected failure')
+            elif test in unexpected_successes:
+                print('ERROR: Unexpected success')
     proc.wait()
 
     print()

From c2bac00530bb010015090fa9c38885ca1d41f1e7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= <bence.szepkuti@arm.com>
Date: Mon, 25 Oct 2021 20:58:14 +0200
Subject: [PATCH 877/966] Use print(end='') to silence double newline
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
---
 tests/scripts/test_psa_compliance.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/scripts/test_psa_compliance.py b/tests/scripts/test_psa_compliance.py
index aa0a480e5c..ca9387954e 100755
--- a/tests/scripts/test_psa_compliance.py
+++ b/tests/scripts/test_psa_compliance.py
@@ -58,7 +58,7 @@ def main():
     expected_failures = []
     unexpected_failures = []
     for line in proc.stdout:
-        print(line[:-1])
+        print(line, end='')
         match = test_re.match(line)
         if match is not None:
             if match.group(1) is not None:

From 83aa604ce5d6b3de956de2a116b8fa1c6caefc22 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= <bence.szepkuti@arm.com>
Date: Fri, 29 Oct 2021 12:06:19 +0200
Subject: [PATCH 878/966] Simplify regex and use named capture groups
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
---
 tests/scripts/test_psa_compliance.py | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/tests/scripts/test_psa_compliance.py b/tests/scripts/test_psa_compliance.py
index ca9387954e..dfd23938a2 100755
--- a/tests/scripts/test_psa_compliance.py
+++ b/tests/scripts/test_psa_compliance.py
@@ -52,7 +52,10 @@ def main():
     proc = subprocess.Popen(['./psa-arch-tests-crypto'],
                             bufsize=1, stdout=subprocess.PIPE, universal_newlines=True)
 
-    test_re = re.compile('^TEST(?:: ([0-9]*)| RESULT: (FAILED|PASSED))')
+    test_re = re.compile(
+        '^TEST: (?P<test_num>[0-9]*)|'
+        '^TEST RESULT: (?P<test_result>FAILED|PASSED)'
+    )
     test = -1
     unexpected_successes = set(EXPECTED_FAILURES)
     expected_failures = []
@@ -61,9 +64,11 @@ def main():
         print(line, end='')
         match = test_re.match(line)
         if match is not None:
-            if match.group(1) is not None:
-                test = int(match.group(1))
-            elif match.group(2) == 'FAILED':
+            groupdict = match.groupdict()
+            test_num = groupdict['test_num']
+            if test_num is not None:
+                test = int(test_num)
+            elif groupdict['test_result'] == 'FAILED':
                 try:
                     unexpected_successes.remove(test)
                     expected_failures.append(test)

From 449781fda774db94b3b0366002047817e774f683 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= <bence.szepkuti@arm.com>
Date: Tue, 2 Nov 2021 13:41:14 +0100
Subject: [PATCH 879/966] Fix pylint errors
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
---
 tests/scripts/test_psa_compliance.py | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/tests/scripts/test_psa_compliance.py b/tests/scripts/test_psa_compliance.py
index dfd23938a2..41003d80da 100755
--- a/tests/scripts/test_psa_compliance.py
+++ b/tests/scripts/test_psa_compliance.py
@@ -1,5 +1,11 @@
 #!/usr/bin/env python3
-#pylint: disable=missing-module-docstring
+"""Run the PSA Cryto API compliance test suite.
+Clone the repo and check out the commit specified by PSA_ARCH_TEST_REPO and PSA_ARCH_TEST_REF,
+then complie and run the test suite.
+Known defects in either the test suite or mbedtls - identified by their test number - are ignored,
+while unexpected failures AND successes are reported as errors,
+to help keep the list of known defects as up to date as possible.
+"""
 import os
 import re
 import shutil
@@ -90,8 +96,8 @@ def main():
     if unexpected_successes or unexpected_failures:
         if unexpected_successes:
             print('Unexpected successes encountered.')
-            #pylint: disable=line-too-long
-            print('Please remove the corresponding tests from EXPECTED_FAILURES in tests/scripts/compliance_test.py')
+            print('Please remove the corresponding tests from '
+                  'EXPECTED_FAILURES in tests/scripts/compliance_test.py')
             print()
         print('FAILED')
         sys.exit(1)

From 386f5820aae5c9acdb1b55d2c7680f00e569e540 Mon Sep 17 00:00:00 2001
From: Andrzej Kurek <Andrzej.Kurek@arm.com>
Date: Tue, 2 Nov 2021 16:51:24 +0100
Subject: [PATCH 880/966] Add a missing psa_crypto test suite test name

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
---
 tests/suites/test_suite_psa_crypto.data | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index 9c204957a0..caac146f4a 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -1911,6 +1911,7 @@ PSA symmetric encrypt: AES-CBC-nopad, input too short
 depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_AES
 cipher_encrypt_fail:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee223":PSA_ERROR_INVALID_ARGUMENT
 
+PSA symmetric encrypt: AES-ECB, 0 bytes, good
 depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES
 cipher_encrypt_alg_without_iv:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":""
 

From 01ef723bbab53fa3004e7d7c1f7fb011e9c482cc Mon Sep 17 00:00:00 2001
From: Harmen Stoppels <harmenstoppels@gmail.com>
Date: Wed, 3 Nov 2021 00:53:05 +0100
Subject: [PATCH 881/966] DT_NEEDED for shared builds in makefile

The makefile build specifies -L. -lmbedx509 -lmbedcrypto flags first,
and only then object files referencing symbols from those libraries.

In this order the linker will not add the linked libraries to the
DT_NEEDED section because they are not referenced yet (at least that
happens for me on ubuntu 20.04 with the default gnu compiler tools).

By first specifying the object files and then the linked libraries, we
do end up with libmbedx509 and libmbedcrypto in the DT_NEEDED sections.

This way running dlopen(...) on libmedtls.so just works.

Note that the CMake build does this by default.

Signed-off-by: Harmen Stoppels <harmenstoppels@gmail.com>
---
 README.md        |  2 +-
 library/Makefile | 12 ++++++------
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/README.md b/README.md
index e6924cbe1d..c8d94500e2 100644
--- a/README.md
+++ b/README.md
@@ -38,7 +38,7 @@ There are currently three active build systems used within Mbed TLS releases:
 
 The main systems used for development are CMake and GNU Make. Those systems are always complete and up-to-date. The others should reflect all changes present in the CMake and Make build system, although features may not be ported there automatically.
 
-The Make and CMake build systems create three libraries: libmbedcrypto, libmbedx509, and libmbedtls. Note that libmbedtls depends on libmbedx509 and libmbedcrypto, and libmbedx509 depends on libmbedcrypto. As a result, some linkers will expect flags to be in a specific order, for example the GNU linker wants `-lmbedtls -lmbedx509 -lmbedcrypto`. Also, when loading shared libraries using dlopen(), you'll need to load libmbedcrypto first, then libmbedx509, before you can load libmbedtls.
+The Make and CMake build systems create three libraries: libmbedcrypto, libmbedx509, and libmbedtls. Note that libmbedtls depends on libmbedx509 and libmbedcrypto, and libmbedx509 depends on libmbedcrypto. As a result, some linkers will expect flags to be in a specific order, for example the GNU linker wants `-lmbedtls -lmbedx509 -lmbedcrypto`.
 
 ### Tool versions
 
diff --git a/library/Makefile b/library/Makefile
index 13cd7db0c6..cbe6031ff8 100644
--- a/library/Makefile
+++ b/library/Makefile
@@ -199,7 +199,7 @@ endif
 
 libmbedtls.$(SOEXT_TLS): $(OBJS_TLS) libmbedx509.so
 	echo "  LD    $@"
-	$(CC) -shared -Wl,-soname,$@ -L. -lmbedcrypto -lmbedx509 $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ $(OBJS_TLS)
+	$(CC) -shared -Wl,-soname,$@ -o $@ $(OBJS_TLS) -L. -lmbedcrypto -lmbedx509$(LOCAL_LDFLAGS) $(LDFLAGS)
 
 libmbedtls.so: libmbedtls.$(SOEXT_TLS)
 	echo "  LN    $@ -> $<"
@@ -207,7 +207,7 @@ libmbedtls.so: libmbedtls.$(SOEXT_TLS)
 
 libmbedtls.dylib: $(OBJS_TLS) libmbedx509.dylib
 	echo "  LD    $@"
-	$(CC) -dynamiclib -L. -lmbedcrypto -lmbedx509 $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ $(OBJS_TLS)
+	$(CC) -dynamiclib -o $@ $(OBJS_TLS) -L. -lmbedcrypto -lmbedx509 $(LOCAL_LDFLAGS) $(LDFLAGS)
 
 libmbedtls.dll: $(OBJS_TLS) libmbedx509.dll
 	echo "  LD    $@"
@@ -226,7 +226,7 @@ endif
 
 libmbedx509.$(SOEXT_X509): $(OBJS_X509) libmbedcrypto.so
 	echo "  LD    $@"
-	$(CC) -shared -Wl,-soname,$@ -L. -lmbedcrypto $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ $(OBJS_X509)
+	$(CC) -shared -Wl,-soname,$@ -o $@ $(OBJS_X509) -L. -lmbedcrypto $(LOCAL_LDFLAGS) $(LDFLAGS)
 
 libmbedx509.so: libmbedx509.$(SOEXT_X509)
 	echo "  LN    $@ -> $<"
@@ -234,7 +234,7 @@ libmbedx509.so: libmbedx509.$(SOEXT_X509)
 
 libmbedx509.dylib: $(OBJS_X509) libmbedcrypto.dylib
 	echo "  LD    $@"
-	$(CC) -dynamiclib -L. -lmbedcrypto  $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ $(OBJS_X509)
+	$(CC) -dynamiclib -o $@ $(OBJS_X509) -L. -lmbedcrypto  $(LOCAL_LDFLAGS) $(LDFLAGS)
 
 libmbedx509.dll: $(OBJS_X509) libmbedcrypto.dll
 	echo "  LD    $@"
@@ -253,7 +253,7 @@ endif
 
 libmbedcrypto.$(SOEXT_CRYPTO): $(OBJS_CRYPTO)
 	echo "  LD    $@"
-	$(CC) -shared -Wl,-soname,$@ $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ $(OBJS_CRYPTO)
+	$(CC) -shared -Wl,-soname,$@ -o $@ $(OBJS_CRYPTO) $(LOCAL_LDFLAGS) $(LDFLAGS)
 
 libmbedcrypto.so: libmbedcrypto.$(SOEXT_CRYPTO)
 	echo "  LN    $@ -> $<"
@@ -261,7 +261,7 @@ libmbedcrypto.so: libmbedcrypto.$(SOEXT_CRYPTO)
 
 libmbedcrypto.dylib: $(OBJS_CRYPTO)
 	echo "  LD    $@"
-	$(CC) -dynamiclib $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ $(OBJS_CRYPTO)
+	$(CC) -dynamiclib -o $@ $(OBJS_CRYPTO) $(LOCAL_LDFLAGS) $(LDFLAGS)
 
 libmbedcrypto.dll: $(OBJS_CRYPTO)
 	echo "  LD    $@"

From ccd738b85381b7cf42a5ec356a8249ce6755859b Mon Sep 17 00:00:00 2001
From: Xiaofei Bai <xiaofei.bai@arm.com>
Date: Wed, 3 Nov 2021 07:12:31 +0000
Subject: [PATCH 882/966] Add git rev-parse options

Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
---
 scripts/code_size_compare.py | 12 ++++--------
 1 file changed, 4 insertions(+), 8 deletions(-)

diff --git a/scripts/code_size_compare.py b/scripts/code_size_compare.py
index 898aaf9f38..85393d031c 100755
--- a/scripts/code_size_compare.py
+++ b/scripts/code_size_compare.py
@@ -58,8 +58,8 @@ class CodeSizeComparison:
 
     @staticmethod
     def validate_revision(revision):
-        result = subprocess.run(["git", "rev-parse", "--verify", revision],
-                                check=False, stdout=subprocess.PIPE)
+        result = subprocess.check_output(["git", "rev-parse", "--verify",
+                                          revision + "^{commit}"], shell=False)
         return result
 
     def _create_git_worktree(self, revision):
@@ -208,15 +208,11 @@ def main():
         parser.exit()
 
     validate_res = CodeSizeComparison.validate_revision(comp_args.old_rev)
-    if validate_res.returncode != 0:
-        sys.exit(validate_res.returncode)
-    old_revision = validate_res.stdout.decode().replace("\n", "")
+    old_revision = validate_res.decode().replace("\n", "")
 
     if comp_args.new_rev is not None:
         validate_res = CodeSizeComparison.validate_revision(comp_args.new_rev)
-        if validate_res.returncode != 0:
-            sys.exit(validate_res.returncode)
-        new_revision = validate_res.stdout.decode().replace("\n", "")
+        new_revision = validate_res.decode().replace("\n", "")
     else:
         new_revision = "current"
 

From bbb22bbd9e42e76f5899fd14d57413a6512fcf55 Mon Sep 17 00:00:00 2001
From: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
Date: Wed, 3 Nov 2021 09:06:09 +0100
Subject: [PATCH 883/966] ssl_client2/ssl_server2: Move is_psa_leaking() before
 mbedtls_psa_crypto_free() (and rng_free())

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
---
 programs/ssl/ssl_client2.c | 29 +++++++++++++++++------------
 programs/ssl/ssl_server2.c | 32 +++++++++++++++++++-------------
 2 files changed, 36 insertions(+), 25 deletions(-)

diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 130f3f98ef..deecbad3e9 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -3050,6 +3050,23 @@ exit:
 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED &&
           MBEDTLS_USE_PSA_CRYPTO */
 
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    const char* message = mbedtls_test_helper_is_psa_leaking();
+    if( message )
+    {
+        if( ret == 0 )
+            ret = 1;
+        mbedtls_printf( "PSA memory leak detected: %s\n",  message);
+    }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+    /* For builds with MBEDTLS_TEST_USE_PSA_CRYPTO_RNG psa crypto
+     * resources are freed by rng_free(). */
+#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
+    !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
+    mbedtls_psa_crypto_free( );
+#endif
+
     mbedtls_ssl_session_free( &saved_session );
     mbedtls_ssl_free( &ssl );
     mbedtls_ssl_config_free( &conf );
@@ -3063,18 +3080,6 @@ exit:
     mbedtls_free( context_buf );
 #endif
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-
-    mbedtls_psa_crypto_free( );
-    const char* message = mbedtls_test_helper_is_psa_leaking();
-    if( message )
-    {
-        if( ret == 0 )
-            ret = 1;
-        mbedtls_printf( "PSA memory leak detected: %s\n",  message);
-    }
-#endif
-
 #if defined(MBEDTLS_TEST_HOOKS)
     if( test_hooks_failure_detected( ) )
     {
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index d20d1faa10..f95c151843 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -4008,10 +4008,6 @@ exit:
 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED &&
           MBEDTLS_USE_PSA_CRYPTO */
 
-    mbedtls_ssl_free( &ssl );
-    mbedtls_ssl_config_free( &conf );
-    rng_free( &rng );
-
 #if defined(MBEDTLS_SSL_CACHE_C)
     mbedtls_ssl_cache_free( &cache );
 #endif
@@ -4022,16 +4018,7 @@ exit:
     mbedtls_ssl_cookie_free( &cookie_ctx );
 #endif
 
-    mbedtls_free( buf );
-
-#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
-    if( context_buf != NULL )
-        mbedtls_platform_zeroize( context_buf, context_buf_len );
-    mbedtls_free( context_buf );
-#endif
-
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    mbedtls_psa_crypto_free( );
     const char* message = mbedtls_test_helper_is_psa_leaking();
     if( message )
     {
@@ -4041,6 +4028,25 @@ exit:
     }
 #endif
 
+    /* For builds with MBEDTLS_TEST_USE_PSA_CRYPTO_RNG psa crypto
+     * resources are freed by rng_free(). */
+#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
+    !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
+    mbedtls_psa_crypto_free( );
+#endif
+
+    mbedtls_ssl_free( &ssl );
+    mbedtls_ssl_config_free( &conf );
+    rng_free( &rng );
+
+    mbedtls_free( buf );
+
+#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
+    if( context_buf != NULL )
+        mbedtls_platform_zeroize( context_buf, context_buf_len );
+    mbedtls_free( context_buf );
+#endif
+
 #if defined(MBEDTLS_TEST_HOOKS)
     /* Let test hooks detect errors such as resource leaks.
      * Don't do it in query_config mode, because some test code prints

From 53de2622f3667bb812de0fe17d8988bfa6da6a27 Mon Sep 17 00:00:00 2001
From: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
Date: Wed, 3 Nov 2021 09:35:35 +0100
Subject: [PATCH 884/966] Move psa_crypto_slot_management.h out from
 psa_crypto_helpers.h

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
---
 programs/ssl/ssl_client2.c              | 1 -
 programs/ssl/ssl_server2.c              | 1 -
 tests/include/test/psa_crypto_helpers.h | 3 ---
 tests/src/psa_crypto_helpers.c          | 1 +
 tests/src/psa_exercise_key.c            | 1 +
 5 files changed, 2 insertions(+), 5 deletions(-)

diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index deecbad3e9..62bba1380b 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -22,7 +22,6 @@
 #include "ssl_test_lib.h"
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-#define SKIP_LIBRARY_HEADERS
 #include "test/psa_crypto_helpers.h"
 #endif
 
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index f95c151843..6a4a033aa9 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -66,7 +66,6 @@ int main( void )
 #endif
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-#define SKIP_LIBRARY_HEADERS
 #include "test/psa_crypto_helpers.h"
 #endif
 
diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h
index 8e7d425a93..f5622e2d2d 100644
--- a/tests/include/test/psa_crypto_helpers.h
+++ b/tests/include/test/psa_crypto_helpers.h
@@ -28,9 +28,6 @@
 #include "test/psa_helpers.h"
 
 #include <psa/crypto.h>
-#if !defined(SKIP_LIBRARY_HEADERS)
-#include <psa_crypto_slot_management.h>
-#endif
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
 #include "mbedtls/psa_util.h"
diff --git a/tests/src/psa_crypto_helpers.c b/tests/src/psa_crypto_helpers.c
index d9d841abd5..299b6d125d 100644
--- a/tests/src/psa_crypto_helpers.c
+++ b/tests/src/psa_crypto_helpers.c
@@ -22,6 +22,7 @@
 
 #include <test/helpers.h>
 #include <test/macros.h>
+#include <psa_crypto_slot_management.h>
 #include <test/psa_crypto_helpers.h>
 
 #if defined(MBEDTLS_PSA_CRYPTO_C)
diff --git a/tests/src/psa_exercise_key.c b/tests/src/psa_exercise_key.c
index 923d2c136a..29e673ae76 100644
--- a/tests/src/psa_exercise_key.c
+++ b/tests/src/psa_exercise_key.c
@@ -29,6 +29,7 @@
 #include <psa/crypto.h>
 
 #include <test/asn1_helpers.h>
+#include <psa_crypto_slot_management.h>
 #include <test/psa_crypto_helpers.h>
 
 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)

From 34b5f5634407a7b9ce5c3a36fb853276caed2985 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= <bence.szepkuti@arm.com>
Date: Tue, 2 Nov 2021 13:48:39 +0100
Subject: [PATCH 885/966] Make main() suitable to being called from python
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Don't call sys.exit(), and don't clobber the working directory.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
---
 tests/scripts/test_psa_compliance.py | 146 ++++++++++++++-------------
 1 file changed, 75 insertions(+), 71 deletions(-)

diff --git a/tests/scripts/test_psa_compliance.py b/tests/scripts/test_psa_compliance.py
index 41003d80da..7d7192f063 100755
--- a/tests/scripts/test_psa_compliance.py
+++ b/tests/scripts/test_psa_compliance.py
@@ -18,7 +18,7 @@ EXPECTED_FAILURES = {
 PSA_ARCH_TESTS_REPO = 'https://github.com/ronald-cron-arm/psa-arch-tests.git'
 PSA_ARCH_TESTS_REF = 'crypto1.0-3.0'
 
-#pylint: disable=too-many-statements
+#pylint: disable=too-many-branches,too-many-statements
 def main():
     mbedtls_dir = os.getcwd()
 
@@ -30,81 +30,85 @@ def main():
         os.mkdir(psa_arch_tests_dir)
     except FileExistsError:
         pass
-    os.chdir(psa_arch_tests_dir)
-
-    subprocess.check_call(['git', 'init'])
-    subprocess.check_call(['git', 'fetch', PSA_ARCH_TESTS_REPO, PSA_ARCH_TESTS_REF])
-    subprocess.check_call(['git', 'checkout', 'FETCH_HEAD'])
-
-    build_dir = 'api-tests/build'
     try:
-        shutil.rmtree(build_dir)
-    except FileNotFoundError:
-        pass
-    os.mkdir(build_dir)
-    os.chdir(build_dir)
+        os.chdir(psa_arch_tests_dir)
 
-    #pylint: disable=bad-continuation
-    subprocess.check_call([
-        'cmake', '..', '-GUnix Makefiles',
-                       '-DTARGET=tgt_dev_apis_stdc',
-                       '-DTOOLCHAIN=HOST_GCC',
-                       '-DSUITE=CRYPTO',
-                       '-DPSA_CRYPTO_LIB_FILENAME={}/library/libmbedcrypto.a'.format(mbedtls_dir),
-                       '-DPSA_INCLUDE_PATHS={}/include'.format(mbedtls_dir)
-    ])
-    subprocess.check_call(['cmake', '--build', '.'])
+        subprocess.check_call(['git', 'init'])
+        subprocess.check_call(['git', 'fetch', PSA_ARCH_TESTS_REPO, PSA_ARCH_TESTS_REF])
+        subprocess.check_call(['git', 'checkout', 'FETCH_HEAD'])
 
-    proc = subprocess.Popen(['./psa-arch-tests-crypto'],
-                            bufsize=1, stdout=subprocess.PIPE, universal_newlines=True)
+        build_dir = 'api-tests/build'
+        try:
+            shutil.rmtree(build_dir)
+        except FileNotFoundError:
+            pass
+        os.mkdir(build_dir)
+        os.chdir(build_dir)
 
-    test_re = re.compile(
-        '^TEST: (?P<test_num>[0-9]*)|'
-        '^TEST RESULT: (?P<test_result>FAILED|PASSED)'
-    )
-    test = -1
-    unexpected_successes = set(EXPECTED_FAILURES)
-    expected_failures = []
-    unexpected_failures = []
-    for line in proc.stdout:
-        print(line, end='')
-        match = test_re.match(line)
-        if match is not None:
-            groupdict = match.groupdict()
-            test_num = groupdict['test_num']
-            if test_num is not None:
-                test = int(test_num)
-            elif groupdict['test_result'] == 'FAILED':
-                try:
-                    unexpected_successes.remove(test)
-                    expected_failures.append(test)
-                    print('Expected failure, ignoring')
-                except KeyError:
-                    unexpected_failures.append(test)
-                    print('ERROR: Unexpected failure')
-            elif test in unexpected_successes:
-                print('ERROR: Unexpected success')
-    proc.wait()
+        #pylint: disable=bad-continuation
+        subprocess.check_call([
+            'cmake', '..',
+                     '-GUnix Makefiles',
+                     '-DTARGET=tgt_dev_apis_stdc',
+                     '-DTOOLCHAIN=HOST_GCC',
+                     '-DSUITE=CRYPTO',
+                     '-DPSA_CRYPTO_LIB_FILENAME={}/library/libmbedcrypto.a'.format(mbedtls_dir),
+                     '-DPSA_INCLUDE_PATHS={}/include'.format(mbedtls_dir)
+        ])
+        subprocess.check_call(['cmake', '--build', '.'])
 
-    print()
-    print('***** test_psa_compliance.py report ******')
-    print()
-    print('Expected failures:', ', '.join(str(i) for i in expected_failures))
-    print('Unexpected failures:', ', '.join(str(i) for i in unexpected_failures))
-    print('Unexpected successes:', ', '.join(str(i) for i in sorted(unexpected_successes)))
-    print()
-    if unexpected_successes or unexpected_failures:
-        if unexpected_successes:
-            print('Unexpected successes encountered.')
-            print('Please remove the corresponding tests from '
-                  'EXPECTED_FAILURES in tests/scripts/compliance_test.py')
-            print()
-        print('FAILED')
-        sys.exit(1)
-    else:
+        proc = subprocess.Popen(['./psa-arch-tests-crypto'],
+                                bufsize=1, stdout=subprocess.PIPE, universal_newlines=True)
+
+        test_re = re.compile(
+            '^TEST: (?P<test_num>[0-9]*)|'
+            '^TEST RESULT: (?P<test_result>FAILED|PASSED)'
+        )
+        test = -1
+        unexpected_successes = set(EXPECTED_FAILURES)
+        expected_failures = []
+        unexpected_failures = []
+        for line in proc.stdout:
+            print(line, end='')
+            match = test_re.match(line)
+            if match is not None:
+                groupdict = match.groupdict()
+                test_num = groupdict['test_num']
+                if test_num is not None:
+                    test = int(test_num)
+                elif groupdict['test_result'] == 'FAILED':
+                    try:
+                        unexpected_successes.remove(test)
+                        expected_failures.append(test)
+                        print('Expected failure, ignoring')
+                    except KeyError:
+                        unexpected_failures.append(test)
+                        print('ERROR: Unexpected failure')
+                elif test in unexpected_successes:
+                    print('ERROR: Unexpected success')
+        proc.wait()
+
+        print()
+        print('***** test_psa_compliance.py report ******')
+        print()
+        print('Expected failures:', ', '.join(str(i) for i in expected_failures))
+        print('Unexpected failures:', ', '.join(str(i) for i in unexpected_failures))
+        print('Unexpected successes:', ', '.join(str(i) for i in sorted(unexpected_successes)))
+        print()
+        if unexpected_successes or unexpected_failures:
+            if unexpected_successes:
+                print('Unexpected successes encountered.')
+                print('Please remove the corresponding tests from '
+                      'EXPECTED_FAILURES in tests/scripts/compliance_test.py')
+                print()
+            print('FAILED')
+            return 1
+        else:
+            shutil.rmtree(psa_arch_tests_dir)
+            print('SUCCESS')
+            return 0
+    finally:
         os.chdir(mbedtls_dir)
-        shutil.rmtree(psa_arch_tests_dir)
-        print('SUCCESS')
 
 if __name__ == '__main__':
-    main()
+    sys.exit(main())

From 67fb3149c01dd5e121980f1de8061124288eb8d2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= <bence.szepkuti@arm.com>
Date: Tue, 2 Nov 2021 14:01:08 +0100
Subject: [PATCH 886/966] Add licence header to script
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
---
 tests/scripts/test_psa_compliance.py | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/tests/scripts/test_psa_compliance.py b/tests/scripts/test_psa_compliance.py
index 7d7192f063..d94f6c2422 100755
--- a/tests/scripts/test_psa_compliance.py
+++ b/tests/scripts/test_psa_compliance.py
@@ -6,6 +6,22 @@ Known defects in either the test suite or mbedtls - identified by their test num
 while unexpected failures AND successes are reported as errors,
 to help keep the list of known defects as up to date as possible.
 """
+
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 import os
 import re
 import shutil

From c63d1605ab69f8aff97cf9c8678bbfdfd6f8fe00 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= <bence.szepkuti@arm.com>
Date: Tue, 2 Nov 2021 14:06:40 +0100
Subject: [PATCH 887/966] Make directory creation code more compact
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
---
 tests/scripts/test_psa_compliance.py | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/tests/scripts/test_psa_compliance.py b/tests/scripts/test_psa_compliance.py
index d94f6c2422..33207c014b 100755
--- a/tests/scripts/test_psa_compliance.py
+++ b/tests/scripts/test_psa_compliance.py
@@ -42,10 +42,7 @@ def main():
         subprocess.check_call(['make', '-C', 'library', 'libmbedcrypto.a'])
 
     psa_arch_tests_dir = 'psa-arch-tests'
-    try:
-        os.mkdir(psa_arch_tests_dir)
-    except FileExistsError:
-        pass
+    os.makedirs(psa_arch_tests_dir, exist_ok=True)
     try:
         os.chdir(psa_arch_tests_dir)
 

From b3818412bcb043503bfe287de0e1135502a33448 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= <bence.szepkuti@arm.com>
Date: Wed, 3 Nov 2021 11:32:51 +0100
Subject: [PATCH 888/966] Keep local clone around even if the test succeeds
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
---
 .gitignore                           | 3 +++
 tests/scripts/test_psa_compliance.py | 4 ++--
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/.gitignore b/.gitignore
index 0792920a8b..e86092c45f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -41,6 +41,9 @@ massif-*
 # Generated documentation:
 /apidoc
 
+# PSA Crypto compliance test repo, cloned by test_psa_complaince.py
+/psa-arch-tests
+
 # Editor navigation files:
 /GPATH
 /GRTAGS
diff --git a/tests/scripts/test_psa_compliance.py b/tests/scripts/test_psa_compliance.py
index 33207c014b..2f67f08c88 100755
--- a/tests/scripts/test_psa_compliance.py
+++ b/tests/scripts/test_psa_compliance.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python3
 """Run the PSA Cryto API compliance test suite.
 Clone the repo and check out the commit specified by PSA_ARCH_TEST_REPO and PSA_ARCH_TEST_REF,
-then complie and run the test suite.
+then complie and run the test suite. The clone is stored at <Mbed TLS root>/psa-arch-tests.
 Known defects in either the test suite or mbedtls - identified by their test number - are ignored,
 while unexpected failures AND successes are reported as errors,
 to help keep the list of known defects as up to date as possible.
@@ -46,6 +46,7 @@ def main():
     try:
         os.chdir(psa_arch_tests_dir)
 
+        # Reuse existing local clone
         subprocess.check_call(['git', 'init'])
         subprocess.check_call(['git', 'fetch', PSA_ARCH_TESTS_REPO, PSA_ARCH_TESTS_REF])
         subprocess.check_call(['git', 'checkout', 'FETCH_HEAD'])
@@ -117,7 +118,6 @@ def main():
             print('FAILED')
             return 1
         else:
-            shutil.rmtree(psa_arch_tests_dir)
             print('SUCCESS')
             return 0
     finally:

From ef0d02ed317c431a9eaa3ec8c3ba58cf8952d673 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= <bence.szepkuti@arm.com>
Date: Wed, 3 Nov 2021 11:36:09 +0100
Subject: [PATCH 889/966] Explain why support_test_psa_compliance is needed
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
---
 tests/scripts/all.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index d86a9f773b..449b213ff7 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -2765,6 +2765,7 @@ component_test_psa_compliance () {
 }
 
 support_test_psa_compliance () {
+    # psa-compliance-tests only supports CMake >= 3.10.0
     ver="$(cmake --version)"
     ver="${ver#cmake version }"
     ver_major="${ver%%.*}"

From 505712338ea7ac8661026c2acd8f8ccb310c7e01 Mon Sep 17 00:00:00 2001
From: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
Date: Wed, 3 Nov 2021 14:19:52 +0100
Subject: [PATCH 890/966] ssl_client2: move memory leak check before rng_free()

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
---
 programs/ssl/ssl_client2.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 62bba1380b..4360fd3438 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -3049,6 +3049,10 @@ exit:
 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED &&
           MBEDTLS_USE_PSA_CRYPTO */
 
+    mbedtls_ssl_session_free( &saved_session );
+    mbedtls_ssl_free( &ssl );
+    mbedtls_ssl_config_free( &conf );
+
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
     const char* message = mbedtls_test_helper_is_psa_leaking();
     if( message )
@@ -3066,9 +3070,6 @@ exit:
     mbedtls_psa_crypto_free( );
 #endif
 
-    mbedtls_ssl_session_free( &saved_session );
-    mbedtls_ssl_free( &ssl );
-    mbedtls_ssl_config_free( &conf );
     rng_free( &rng );
     if( session_data != NULL )
         mbedtls_platform_zeroize( session_data, session_data_len );

From e6d3edaf327ec3097ad18f442df42b0369d90556 Mon Sep 17 00:00:00 2001
From: Mateusz Starzyk <mateusz.starzyk@mobica.com>
Date: Thu, 26 Aug 2021 11:46:14 +0200
Subject: [PATCH 891/966] Add missing PSA_ALG_IS_SIGN_HASH macro.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
---
 include/psa/crypto.h        |  8 ++++++--
 include/psa/crypto_values.h | 15 +++++++++++++++
 library/psa_crypto.c        |  2 +-
 3 files changed, 22 insertions(+), 3 deletions(-)

diff --git a/include/psa/crypto.h b/include/psa/crypto.h
index 5d9854a7ba..ee4b54cbf9 100644
--- a/include/psa/crypto.h
+++ b/include/psa/crypto.h
@@ -2990,7 +2990,9 @@ psa_status_t psa_verify_message( mbedtls_svc_key_id_t key,
  * \param key                   Identifier of the key to use for the operation.
  *                              It must be an asymmetric key pair. The key must
  *                              allow the usage #PSA_KEY_USAGE_SIGN_HASH.
- * \param alg                   A signature algorithm that is compatible with
+ * \param alg                   A signature algorithm (PSA_ALG_XXX
+ *                              value such that #PSA_ALG_IS_SIGN_HASH(\p alg)
+ *                              is true), that is compatible with
  *                              the type of \p key.
  * \param[in] hash              The hash or message to sign.
  * \param hash_length           Size of the \p hash buffer in bytes.
@@ -3043,7 +3045,9 @@ psa_status_t psa_sign_hash(mbedtls_svc_key_id_t key,
  *                          must be a public key or an asymmetric key pair. The
  *                          key must allow the usage
  *                          #PSA_KEY_USAGE_VERIFY_HASH.
- * \param alg               A signature algorithm that is compatible with
+ * \param alg               A signature algorithm (PSA_ALG_XXX
+ *                          value such that #PSA_ALG_IS_SIGN_HASH(\p alg)
+ *                          is true), that is compatible with
  *                          the type of \p key.
  * \param[in] hash          The hash or message whose signature is to be
  *                          verified.
diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h
index 621b872fc8..526b4549d2 100644
--- a/include/psa/crypto_values.h
+++ b/include/psa/crypto_values.h
@@ -1621,6 +1621,21 @@
 #define PSA_ALG_IS_SIGN_MESSAGE(alg)                                    \
     (PSA_ALG_IS_HASH_AND_SIGN(alg) || (alg) == PSA_ALG_PURE_EDDSA )
 
+/** Whether the specified algorithm is a signature algorithm that can be used
+ * with psa_sign_hash() and psa_verify_hash().
+ *
+ * \param alg An algorithm identifier (value of type psa_algorithm_t).
+ *
+ * \return 1 if alg is a signature algorithm that can be used to sign a
+ *         hash. 0 if alg is a signature algorithm that can only be used
+ *         to sign a message. 0 if alg is not a signature algorithm.
+ *         This macro can return either 0 or 1 if alg is not a
+ *         supported algorithm identifier.
+ */
+#define PSA_ALG_IS_SIGN_HASH(alg)                                       \
+    (PSA_ALG_IS_HASH_AND_SIGN(alg) || (alg) == PSA_ALG_ED25519PH ||     \
+    (alg) == PSA_ALG_ED448PH)
+
 /** Get the hash used by a hash-and-sign signature algorithm.
  *
  * A hash-and-sign algorithm is a signature algorithm which is
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 3670071a5d..84b85667cc 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -2652,7 +2652,7 @@ static psa_status_t psa_sign_verify_check_alg( int input_is_message,
     }
     else
     {
-        if( ! PSA_ALG_IS_HASH_AND_SIGN( alg ) )
+        if( ! PSA_ALG_IS_SIGN_HASH( alg ) )
             return( PSA_ERROR_INVALID_ARGUMENT );
     }
 

From 359b5ab6eaa5ff6fcfee6e88cc445db129bc37af Mon Sep 17 00:00:00 2001
From: Mateusz Starzyk <mateusz.starzyk@mobica.com>
Date: Thu, 26 Aug 2021 12:52:56 +0200
Subject: [PATCH 892/966] Add missing PSA_ALG_NONE macro.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
---
 include/psa/crypto_values.h | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h
index 526b4549d2..9ce8b68780 100644
--- a/include/psa/crypto_values.h
+++ b/include/psa/crypto_values.h
@@ -847,6 +847,9 @@
     (PSA_ALG_IS_KEY_DERIVATION(alg) &&              \
      (alg) & PSA_ALG_KEY_DERIVATION_STRETCHING_FLAG)
 
+/** An invalid algorithm identifier value. */
+#define PSA_ALG_NONE                            ((psa_algorithm_t)0)
+
 #define PSA_ALG_HASH_MASK                       ((psa_algorithm_t)0x000000ff)
 /** MD5 */
 #define PSA_ALG_MD5                             ((psa_algorithm_t)0x02000003)

From 7d262dd1ee62e62942928428846470c12f5de93d Mon Sep 17 00:00:00 2001
From: Mateusz Starzyk <mateusz.starzyk@mobica.com>
Date: Thu, 26 Aug 2021 13:28:46 +0200
Subject: [PATCH 893/966] Add missing PSA_HASH_BLOCK_LENGTH macro.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
---
 include/psa/crypto_sizes.h | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h
index 4c67f10afa..5f230e0f0f 100644
--- a/include/psa/crypto_sizes.h
+++ b/include/psa/crypto_sizes.h
@@ -79,6 +79,38 @@
         PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_512 ? 64 :       \
         0)
 
+/** The input block size of a hash algorithm, in bytes.
+ *
+ * Hash algorithms process their input data in blocks. Hash operations will
+ * retain any partial blocks until they have enough input to fill the block or
+ * until the operation is finished.
+ * This affects the output from psa_hash_suspend().
+ *
+ * \param alg   A hash algorithm (\c PSA_ALG_XXX value such that
+ *              PSA_ALG_IS_HASH(\p alg) is true).
+ *
+ * \return      The block size in bytes for the specified hash algorithm.
+ *              If the hash algorithm is not recognized, return 0.
+ *              An implementation can return either 0 or the correct size for a
+ *              hash algorithm that it recognizes, but does not support.
+ */
+#define PSA_HASH_BLOCK_LENGTH(alg)                                  \
+    (                                                               \
+        PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD5 ? 64 :            \
+        PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_RIPEMD160 ? 64 :      \
+        PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_1 ? 64 :          \
+        PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_224 ? 64 :        \
+        PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_256 ? 64 :        \
+        PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_384 ? 128 :       \
+        PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512 ? 128 :       \
+        PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_224 ? 128 :   \
+        PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_256 ? 128 :   \
+        PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_224 ? 144 :      \
+        PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_256 ? 136 :      \
+        PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_384 ? 104 :      \
+        PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_512 ? 72 :       \
+        0)
+
 /** \def PSA_HASH_MAX_SIZE
  *
  * Maximum size of a hash.

From c5c5b9361102de706ae66b054408e93f89b95121 Mon Sep 17 00:00:00 2001
From: Mateusz Starzyk <mateusz.starzyk@mobica.com>
Date: Thu, 26 Aug 2021 13:32:30 +0200
Subject: [PATCH 894/966] Add missing PSA_KEY_ID_NULL macro.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
---
 include/psa/crypto_values.h | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h
index 9ce8b68780..252c29590d 100644
--- a/include/psa/crypto_values.h
+++ b/include/psa/crypto_values.h
@@ -2150,6 +2150,9 @@
 
 #define PSA_KEY_LOCATION_VENDOR_FLAG            ((psa_key_location_t)0x800000)
 
+/** The null key identifier.
+ */
+#define PSA_KEY_ID_NULL                         ((psa_key_id_t)0)
 /** The minimum value for a key identifier chosen by the application.
  */
 #define PSA_KEY_ID_USER_MIN                     ((psa_key_id_t)0x00000001)

From 5bc9bf7584f7bb1d3ef35f854803a1fb1ac84563 Mon Sep 17 00:00:00 2001
From: Mateusz Starzyk <mateusz.starzyk@mobica.com>
Date: Thu, 26 Aug 2021 14:29:02 +0200
Subject: [PATCH 895/966] Add changelog entry for new PSA Crypto API macros.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
---
 ChangeLog.d/psa_crypto_api_macros.txt | 3 +++
 1 file changed, 3 insertions(+)
 create mode 100644 ChangeLog.d/psa_crypto_api_macros.txt

diff --git a/ChangeLog.d/psa_crypto_api_macros.txt b/ChangeLog.d/psa_crypto_api_macros.txt
new file mode 100644
index 0000000000..c695ff5c95
--- /dev/null
+++ b/ChangeLog.d/psa_crypto_api_macros.txt
@@ -0,0 +1,3 @@
+Features
+   * Add missing PSA macros declared by PSA Crypto API 1.0.0:
+     PSA_ALG_IS_SIGN_HASH, PSA_ALG_NONE, PSA_HASH_BLOCK_LENGTH, PSA_KEY_ID_NULL

From e7be73d5794f26c15920adbb53d3f6f31be17a22 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Wed, 22 Sep 2021 14:44:28 +0200
Subject: [PATCH 896/966] Use the new macro PSA_HASH_BLOCK_LENGTH

Replace an equivalent internal function.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 library/psa_crypto_mac.c | 27 ++-------------------------
 1 file changed, 2 insertions(+), 25 deletions(-)

diff --git a/library/psa_crypto_mac.c b/library/psa_crypto_mac.c
index 2c079d434f..7e0a8325df 100644
--- a/library/psa_crypto_mac.c
+++ b/library/psa_crypto_mac.c
@@ -42,29 +42,6 @@
 #endif
 
 #if defined(BUILTIN_ALG_HMAC)
-static size_t psa_get_hash_block_size( psa_algorithm_t alg )
-{
-    switch( alg )
-    {
-        case PSA_ALG_MD5:
-            return( 64 );
-        case PSA_ALG_RIPEMD160:
-            return( 64 );
-        case PSA_ALG_SHA_1:
-            return( 64 );
-        case PSA_ALG_SHA_224:
-            return( 64 );
-        case PSA_ALG_SHA_256:
-            return( 64 );
-        case PSA_ALG_SHA_384:
-            return( 128 );
-        case PSA_ALG_SHA_512:
-            return( 128 );
-        default:
-            return( 0 );
-    }
-}
-
 static psa_status_t psa_hmac_abort_internal(
     mbedtls_psa_hmac_operation_t *hmac )
 {
@@ -81,7 +58,7 @@ static psa_status_t psa_hmac_setup_internal(
     uint8_t ipad[PSA_HMAC_MAX_HASH_BLOCK_SIZE];
     size_t i;
     size_t hash_size = PSA_HASH_LENGTH( hash_alg );
-    size_t block_size = psa_get_hash_block_size( hash_alg );
+    size_t block_size = PSA_HASH_BLOCK_LENGTH( hash_alg );
     psa_status_t status;
 
     hmac->alg = hash_alg;
@@ -153,7 +130,7 @@ static psa_status_t psa_hmac_finish_internal(
     uint8_t tmp[MBEDTLS_MD_MAX_SIZE];
     psa_algorithm_t hash_alg = hmac->alg;
     size_t hash_size = 0;
-    size_t block_size = psa_get_hash_block_size( hash_alg );
+    size_t block_size = PSA_HASH_BLOCK_LENGTH( hash_alg );
     psa_status_t status;
 
     status = psa_hash_finish( &hmac->hash_ctx, tmp, sizeof( tmp ), &hash_size );

From c1ec49eb13d0b0769ce610dcf1248282bb5ed43a Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Wed, 22 Sep 2021 14:47:26 +0200
Subject: [PATCH 897/966] Test PSA_HASH_BLOCK_LENGTH

Only tested for algorithms for which we support HMAC, since that's all we
use PSA_HASH_BLOCK_LENGTH for at the moment.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 tests/suites/test_suite_psa_crypto_metadata.function | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tests/suites/test_suite_psa_crypto_metadata.function b/tests/suites/test_suite_psa_crypto_metadata.function
index ab9b2f879a..d868f5903d 100644
--- a/tests/suites/test_suite_psa_crypto_metadata.function
+++ b/tests/suites/test_suite_psa_crypto_metadata.function
@@ -353,6 +353,7 @@ void hmac_algorithm( int alg_arg,
     TEST_ASSERT( PSA_ALG_IS_HASH( hash_alg ) );
     TEST_EQUAL( PSA_ALG_HMAC( hash_alg ), alg );
 
+    TEST_ASSERT( block_size == PSA_HASH_BLOCK_LENGTH( alg ) );
     TEST_ASSERT( block_size <= PSA_HMAC_MAX_HASH_BLOCK_SIZE );
 
     test_mac_algorithm( alg_arg, ALG_IS_HMAC, length,

From f7b4137e69e494c9e40b4620f7567775bf44bab3 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Wed, 22 Sep 2021 16:15:05 +0200
Subject: [PATCH 898/966] Untangle PSA_ALG_IS_HASH_AND_SIGN and
 PSA_ALG_IS_SIGN_HASH

The current definition of PSA_ALG_IS_HASH_AND_SIGN includes
PSA_ALG_RSA_PKCS1V15_SIGN_RAW and PSA_ALG_ECDSA_ANY, which don't strictly
follow the hash-and-sign paradigm: the algorithm does not encode a hash
algorithm that is applied prior to the signature step. The definition in
fact encompasses what can be used with psa_sign_hash/psa_verify_hash, so
it's the correct definition for PSA_ALG_IS_SIGN_HASH. Therefore this commit
moves definition of PSA_ALG_IS_HASH_AND_SIGN to PSA_ALG_IS_SIGN_HASH, and
replace the definition of PSA_ALG_IS_HASH_AND_SIGN by a correct one (based
on PSA_ALG_IS_SIGN_HASH, excluding the algorithms where the pre-signature
step isn't to apply the hash encoded in the algorithm).

In the definition of PSA_ALG_SIGN_GET_HASH, keep the condition for a nonzero
output to be PSA_ALG_IS_HASH_AND_SIGN.

Everywhere else in the code base (definition of PSA_ALG_IS_SIGN_MESSAGE, and
every use of PSA_ALG_IS_HASH_AND_SIGN outside of crypto_values.h), we meant
PSA_ALG_IS_SIGN_HASH where we wrote PSA_ALG_IS_HASH_AND_SIGN, so do a
global replacement.
```
git grep -l IS_HASH_AND_SIGN ':!include/psa/crypto_values.h' | xargs perl -i -pe 's/ALG_IS_HASH_AND_SIGN/ALG_IS_SIGN_HASH/g'
```

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 include/psa/crypto_values.h                   | 34 ++++++++++++++-----
 library/psa_crypto.c                          | 12 +++----
 tests/src/psa_exercise_key.c                  |  4 +--
 tests/suites/test_suite_psa_crypto.function   |  2 +-
 .../test_suite_psa_crypto_metadata.data       | 18 +++++-----
 .../test_suite_psa_crypto_metadata.function   |  6 ++--
 6 files changed, 47 insertions(+), 29 deletions(-)

diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h
index 252c29590d..cb40d4e442 100644
--- a/include/psa/crypto_values.h
+++ b/include/psa/crypto_values.h
@@ -1597,7 +1597,20 @@
  * Hash-and-sign algorithms are asymmetric (public-key) signature algorithms
  * structured in two parts: first the calculation of a hash in a way that
  * does not depend on the key, then the calculation of a signature from the
- * hash value and the key.
+ * hash value and the key. Hash-and-sign algorithms encode the hash
+ * used for the hashing step, and you can call #PSA_ALG_SIGN_GET_HASH
+ * to extract this algorithm.
+ *
+ * Thus, for a hash-and-sign algorithm,
+ * `psa_sign_message(key, alg, input, ...)` is equivalent to
+ * ```
+ * psa_hash_compute(PSA_ALG_SIGN_GET_HASH(alg), input, ..., hash, ...);
+ * psa_sign_hash(key, alg, hash, ..., signature, ...);
+ * ```
+ * Most usefully, separating the hash from the signature allows the hash
+ * to be calculated in multiple steps with psa_hash_setup(), psa_hash_update()
+ * and psa_hash_finish(). Likewise psa_verify_message() is equivalent to
+ * calculating the hash and then calling psa_verify_hash().
  *
  * \param alg An algorithm identifier (value of type #psa_algorithm_t).
  *
@@ -1606,9 +1619,8 @@
  *         algorithm identifier.
  */
 #define PSA_ALG_IS_HASH_AND_SIGN(alg)                                   \
-    (PSA_ALG_IS_RSA_PSS(alg) || PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) ||    \
-     PSA_ALG_IS_ECDSA(alg) || PSA_ALG_IS_HASH_EDDSA(alg) ||             \
-     PSA_ALG_IS_VENDOR_HASH_AND_SIGN(alg))
+    (PSA_ALG_IS_SIGN_HASH(alg) &&                                       \
+     ((alg) & PSA_ALG_HASH_MASK) != 0)
 
 /** Whether the specified algorithm is a signature algorithm that can be used
  * with psa_sign_message() and psa_verify_message().
@@ -1622,11 +1634,17 @@
  *         supported algorithm identifier.
  */
 #define PSA_ALG_IS_SIGN_MESSAGE(alg)                                    \
-    (PSA_ALG_IS_HASH_AND_SIGN(alg) || (alg) == PSA_ALG_PURE_EDDSA )
+    (PSA_ALG_IS_SIGN_HASH(alg) || (alg) == PSA_ALG_PURE_EDDSA )
 
 /** Whether the specified algorithm is a signature algorithm that can be used
  * with psa_sign_hash() and psa_verify_hash().
  *
+ * This encompasses all strict hash-and-sign algorithms categorized by
+ * PSA_ALG_IS_HASH_AND_SIGN(), as well as algorithms that follow the
+ * paradigm more loosely:
+ * - #PSA_ALG_RSA_PKCS1V15_SIGN_RAW (expects its input to be an encoded hash)
+ * - #PSA_ALG_ECDSA_ANY (doesn't specify what kind of hash the input is)
+ *
  * \param alg An algorithm identifier (value of type psa_algorithm_t).
  *
  * \return 1 if alg is a signature algorithm that can be used to sign a
@@ -1636,8 +1654,9 @@
  *         supported algorithm identifier.
  */
 #define PSA_ALG_IS_SIGN_HASH(alg)                                       \
-    (PSA_ALG_IS_HASH_AND_SIGN(alg) || (alg) == PSA_ALG_ED25519PH ||     \
-    (alg) == PSA_ALG_ED448PH)
+    (PSA_ALG_IS_RSA_PSS(alg) || PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) ||    \
+     PSA_ALG_IS_ECDSA(alg) || PSA_ALG_IS_HASH_EDDSA(alg) ||             \
+     PSA_ALG_IS_VENDOR_HASH_AND_SIGN(alg))
 
 /** Get the hash used by a hash-and-sign signature algorithm.
  *
@@ -1659,7 +1678,6 @@
  */
 #define PSA_ALG_SIGN_GET_HASH(alg)                                     \
     (PSA_ALG_IS_HASH_AND_SIGN(alg) ?                                   \
-     ((alg) & PSA_ALG_HASH_MASK) == 0 ? /*"raw" algorithm*/ 0 :        \
      ((alg) & PSA_ALG_HASH_MASK) | PSA_ALG_CATEGORY_HASH :             \
      0)
 
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 84b85667cc..c4bcddcb1a 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -623,8 +623,8 @@ static psa_algorithm_t psa_key_policy_algorithm_intersection(
         return( alg1 );
     /* If the policies are from the same hash-and-sign family, check
      * if one is a wildcard. If so the other has the specific algorithm. */
-    if( PSA_ALG_IS_HASH_AND_SIGN( alg1 ) &&
-        PSA_ALG_IS_HASH_AND_SIGN( alg2 ) &&
+    if( PSA_ALG_IS_SIGN_HASH( alg1 ) &&
+        PSA_ALG_IS_SIGN_HASH( alg2 ) &&
         ( alg1 & ~PSA_ALG_HASH_MASK ) == ( alg2 & ~PSA_ALG_HASH_MASK ) )
     {
         if( PSA_ALG_SIGN_GET_HASH( alg1 ) == PSA_ALG_ANY_HASH )
@@ -726,7 +726,7 @@ static int psa_key_algorithm_permits( psa_key_type_t key_type,
     /* If policy_alg is a hash-and-sign with a wildcard for the hash,
      * and requested_alg is the same hash-and-sign family with any hash,
      * then requested_alg is compliant with policy_alg. */
-    if( PSA_ALG_IS_HASH_AND_SIGN( requested_alg ) &&
+    if( PSA_ALG_IS_SIGN_HASH( requested_alg ) &&
         PSA_ALG_SIGN_GET_HASH( policy_alg ) == PSA_ALG_ANY_HASH )
     {
         return( ( policy_alg & ~PSA_ALG_HASH_MASK ) ==
@@ -2644,7 +2644,7 @@ static psa_status_t psa_sign_verify_check_alg( int input_is_message,
         if( ! PSA_ALG_IS_SIGN_MESSAGE( alg ) )
             return( PSA_ERROR_INVALID_ARGUMENT );
 
-        if ( PSA_ALG_IS_HASH_AND_SIGN( alg ) )
+        if ( PSA_ALG_IS_SIGN_HASH( alg ) )
         {
             if( ! PSA_ALG_IS_HASH( PSA_ALG_SIGN_GET_HASH( alg ) ) )
                 return( PSA_ERROR_INVALID_ARGUMENT );
@@ -2802,7 +2802,7 @@ psa_status_t psa_sign_message_builtin(
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
-    if ( PSA_ALG_IS_HASH_AND_SIGN( alg ) )
+    if ( PSA_ALG_IS_SIGN_HASH( alg ) )
     {
         size_t hash_length;
         uint8_t hash[PSA_HASH_MAX_SIZE];
@@ -2849,7 +2849,7 @@ psa_status_t psa_verify_message_builtin(
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
-    if ( PSA_ALG_IS_HASH_AND_SIGN( alg ) )
+    if ( PSA_ALG_IS_SIGN_HASH( alg ) )
     {
         size_t hash_length;
         uint8_t hash[PSA_HASH_MAX_SIZE];
diff --git a/tests/src/psa_exercise_key.c b/tests/src/psa_exercise_key.c
index 923d2c136a..91bac678ef 100644
--- a/tests/src/psa_exercise_key.c
+++ b/tests/src/psa_exercise_key.c
@@ -306,7 +306,7 @@ static int exercise_signature_key( mbedtls_svc_key_id_t key,
         psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH( alg );
 
         /* If the policy allows signing with any hash, just pick one. */
-        if( PSA_ALG_IS_HASH_AND_SIGN( alg ) && hash_alg == PSA_ALG_ANY_HASH )
+        if( PSA_ALG_IS_SIGN_HASH( alg ) && hash_alg == PSA_ALG_ANY_HASH )
         {
     #if defined(KNOWN_SUPPORTED_HASH_ALG)
             hash_alg = KNOWN_SUPPORTED_HASH_ALG;
@@ -925,7 +925,7 @@ psa_key_usage_t mbedtls_test_psa_usage_to_exercise( psa_key_type_t type,
 {
     if( PSA_ALG_IS_MAC( alg ) || PSA_ALG_IS_SIGN( alg ) )
     {
-        if( PSA_ALG_IS_HASH_AND_SIGN( alg ) )
+        if( PSA_ALG_IS_SIGN_HASH( alg ) )
         {
             if( PSA_ALG_SIGN_GET_HASH( alg ) )
                 return( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ?
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 591c2960de..01a06989df 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -1422,7 +1422,7 @@ void asymmetric_signature_key_policy( int policy_usage_arg,
     else
         TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
 
-    if( PSA_ALG_IS_HASH_AND_SIGN( exercise_alg ) &&
+    if( PSA_ALG_IS_SIGN_HASH( exercise_alg ) &&
         PSA_ALG_IS_HASH( PSA_ALG_SIGN_GET_HASH( exercise_alg ) ) )
     {
         status = psa_sign_message( key, exercise_alg,
diff --git a/tests/suites/test_suite_psa_crypto_metadata.data b/tests/suites/test_suite_psa_crypto_metadata.data
index ad806c77cc..d6758fabae 100644
--- a/tests/suites/test_suite_psa_crypto_metadata.data
+++ b/tests/suites/test_suite_psa_crypto_metadata.data
@@ -196,31 +196,31 @@ aead_algorithm:PSA_ALG_CHACHA20_POLY1305:0:16:PSA_KEY_TYPE_CHACHA20:256
 
 Asymmetric signature: RSA PKCS#1 v1.5 raw
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN
-asymmetric_signature_algorithm:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:ALG_IS_RSA_PKCS1V15_SIGN | ALG_IS_HASH_AND_SIGN
+asymmetric_signature_algorithm:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:ALG_IS_RSA_PKCS1V15_SIGN | ALG_IS_SIGN_HASH
 
 Asymmetric signature: RSA PKCS#1 v1.5 SHA-256
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256
-asymmetric_signature_algorithm:PSA_ALG_RSA_PKCS1V15_SIGN( PSA_ALG_SHA_256 ):ALG_IS_RSA_PKCS1V15_SIGN | ALG_IS_HASH_AND_SIGN
+asymmetric_signature_algorithm:PSA_ALG_RSA_PKCS1V15_SIGN( PSA_ALG_SHA_256 ):ALG_IS_RSA_PKCS1V15_SIGN | ALG_IS_SIGN_HASH
 
 Asymmetric signature: RSA PSS SHA-256
 depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256
-asymmetric_signature_algorithm:PSA_ALG_RSA_PSS( PSA_ALG_SHA_256 ):ALG_IS_RSA_PSS | ALG_IS_RSA_PSS_STANDARD_SALT | ALG_IS_HASH_AND_SIGN
+asymmetric_signature_algorithm:PSA_ALG_RSA_PSS( PSA_ALG_SHA_256 ):ALG_IS_RSA_PSS | ALG_IS_RSA_PSS_STANDARD_SALT | ALG_IS_SIGN_HASH
 
 Asymmetric signature: RSA PSS-any-salt SHA-256
 depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256
-asymmetric_signature_algorithm:PSA_ALG_RSA_PSS_ANY_SALT( PSA_ALG_SHA_256 ):ALG_IS_RSA_PSS | ALG_IS_RSA_PSS_ANY_SALT | ALG_IS_HASH_AND_SIGN
+asymmetric_signature_algorithm:PSA_ALG_RSA_PSS_ANY_SALT( PSA_ALG_SHA_256 ):ALG_IS_RSA_PSS | ALG_IS_RSA_PSS_ANY_SALT | ALG_IS_SIGN_HASH
 
 Asymmetric signature: randomized ECDSA (no hashing)
 depends_on:PSA_WANT_ALG_ECDSA
-asymmetric_signature_algorithm:PSA_ALG_ECDSA_ANY:ALG_IS_ECDSA | ALG_IS_RANDOMIZED_ECDSA | ALG_IS_HASH_AND_SIGN
+asymmetric_signature_algorithm:PSA_ALG_ECDSA_ANY:ALG_IS_ECDSA | ALG_IS_RANDOMIZED_ECDSA | ALG_IS_SIGN_HASH
 
 Asymmetric signature: SHA-256 + randomized ECDSA
 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256
-asymmetric_signature_algorithm:PSA_ALG_ECDSA( PSA_ALG_SHA_256 ):ALG_IS_ECDSA | ALG_IS_RANDOMIZED_ECDSA | ALG_IS_HASH_AND_SIGN
+asymmetric_signature_algorithm:PSA_ALG_ECDSA( PSA_ALG_SHA_256 ):ALG_IS_ECDSA | ALG_IS_RANDOMIZED_ECDSA | ALG_IS_SIGN_HASH
 
 Asymmetric signature: SHA-256 + deterministic ECDSA using SHA-256
 depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256
-asymmetric_signature_algorithm:PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):ALG_IS_ECDSA | ALG_IS_DETERMINISTIC_ECDSA | ALG_ECDSA_IS_DETERMINISTIC | ALG_IS_HASH_AND_SIGN
+asymmetric_signature_algorithm:PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):ALG_IS_ECDSA | ALG_IS_DETERMINISTIC_ECDSA | ALG_ECDSA_IS_DETERMINISTIC | ALG_IS_SIGN_HASH
 
 Asymmetric signature: pure EdDSA
 depends_on:PSA_WANT_ALG_EDDSA
@@ -228,11 +228,11 @@ asymmetric_signature_algorithm:PSA_ALG_PURE_EDDSA:0
 
 Asymmetric signature: Ed25519ph
 depends_on:PSA_WANT_ALG_EDDSA
-asymmetric_signature_algorithm:PSA_ALG_ED25519PH:ALG_IS_HASH_EDDSA | ALG_IS_HASH_AND_SIGN
+asymmetric_signature_algorithm:PSA_ALG_ED25519PH:ALG_IS_HASH_EDDSA | ALG_IS_SIGN_HASH
 
 Asymmetric signature: Ed448ph
 depends_on:PSA_WANT_ALG_EDDSA
-asymmetric_signature_algorithm:PSA_ALG_ED448PH:ALG_IS_HASH_EDDSA | ALG_IS_HASH_AND_SIGN
+asymmetric_signature_algorithm:PSA_ALG_ED448PH:ALG_IS_HASH_EDDSA | ALG_IS_SIGN_HASH
 
 Asymmetric signature: RSA PKCS#1 v1.5 with wildcard hash
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN
diff --git a/tests/suites/test_suite_psa_crypto_metadata.function b/tests/suites/test_suite_psa_crypto_metadata.function
index d868f5903d..e64dc39477 100644
--- a/tests/suites/test_suite_psa_crypto_metadata.function
+++ b/tests/suites/test_suite_psa_crypto_metadata.function
@@ -33,7 +33,7 @@
 #define ALG_IS_DETERMINISTIC_ECDSA      ( 1u << 14 )
 #define ALG_IS_RANDOMIZED_ECDSA         ( 1u << 15 )
 #define ALG_IS_HASH_EDDSA               ( 1u << 16 )
-#define ALG_IS_HASH_AND_SIGN            ( 1u << 17 )
+#define ALG_IS_SIGN_HASH            ( 1u << 17 )
 #define ALG_IS_RSA_OAEP                 ( 1u << 18 )
 #define ALG_IS_HKDF                     ( 1u << 19 )
 #define ALG_IS_FFDH                     ( 1u << 20 )
@@ -114,7 +114,7 @@ void algorithm_classification( psa_algorithm_t alg, unsigned flags )
     TEST_CLASSIFICATION_MACRO( ALG_IS_DETERMINISTIC_ECDSA, alg, flags );
     TEST_CLASSIFICATION_MACRO( ALG_IS_RANDOMIZED_ECDSA, alg, flags );
     TEST_CLASSIFICATION_MACRO( ALG_IS_HASH_EDDSA, alg, flags );
-    TEST_CLASSIFICATION_MACRO( ALG_IS_HASH_AND_SIGN, alg, flags );
+    TEST_CLASSIFICATION_MACRO( ALG_IS_SIGN_HASH, alg, flags );
     TEST_CLASSIFICATION_MACRO( ALG_IS_RSA_OAEP, alg, flags );
     TEST_CLASSIFICATION_MACRO( ALG_IS_HKDF, alg, flags );
     TEST_CLASSIFICATION_MACRO( ALG_IS_WILDCARD, alg, flags );
@@ -490,7 +490,7 @@ void asymmetric_signature_algorithm( int alg_arg, int classification_flags )
 /* BEGIN_CASE */
 void asymmetric_signature_wildcard( int alg_arg, int classification_flags )
 {
-    classification_flags |= ALG_IS_HASH_AND_SIGN | ALG_IS_WILDCARD;
+    classification_flags |= ALG_IS_SIGN_HASH | ALG_IS_WILDCARD;
     test_asymmetric_signature_algorithm( alg_arg, classification_flags );
     /* Any failure of this test function comes from
      * asymmetric_signature_algorithm. Pacify -Werror=unused-label. */

From f2fe31ab4e39bc633d8c35703bb4c2ca47127f57 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Wed, 22 Sep 2021 16:42:02 +0200
Subject: [PATCH 899/966] Reorder macro definitions

Definition before mention

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 include/psa/crypto_values.h | 72 ++++++++++++++++++-------------------
 1 file changed, 36 insertions(+), 36 deletions(-)

diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h
index cb40d4e442..f0d76fb557 100644
--- a/include/psa/crypto_values.h
+++ b/include/psa/crypto_values.h
@@ -1592,6 +1592,42 @@
  * file. */
 #define PSA_ALG_IS_VENDOR_HASH_AND_SIGN(alg) 0
 
+/** Whether the specified algorithm is a signature algorithm that can be used
+ * with psa_sign_hash() and psa_verify_hash().
+ *
+ * This encompasses all strict hash-and-sign algorithms categorized by
+ * PSA_ALG_IS_HASH_AND_SIGN(), as well as algorithms that follow the
+ * paradigm more loosely:
+ * - #PSA_ALG_RSA_PKCS1V15_SIGN_RAW (expects its input to be an encoded hash)
+ * - #PSA_ALG_ECDSA_ANY (doesn't specify what kind of hash the input is)
+ *
+ * \param alg An algorithm identifier (value of type psa_algorithm_t).
+ *
+ * \return 1 if alg is a signature algorithm that can be used to sign a
+ *         hash. 0 if alg is a signature algorithm that can only be used
+ *         to sign a message. 0 if alg is not a signature algorithm.
+ *         This macro can return either 0 or 1 if alg is not a
+ *         supported algorithm identifier.
+ */
+#define PSA_ALG_IS_SIGN_HASH(alg)                                       \
+    (PSA_ALG_IS_RSA_PSS(alg) || PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) ||    \
+     PSA_ALG_IS_ECDSA(alg) || PSA_ALG_IS_HASH_EDDSA(alg) ||             \
+     PSA_ALG_IS_VENDOR_HASH_AND_SIGN(alg))
+
+/** Whether the specified algorithm is a signature algorithm that can be used
+ * with psa_sign_message() and psa_verify_message().
+ *
+ * \param alg An algorithm identifier (value of type #psa_algorithm_t).
+ *
+ * \return 1 if alg is a signature algorithm that can be used to sign a
+ *         message. 0 if \p alg is a signature algorithm that can only be used
+ *         to sign an already-calculated hash. 0 if \p alg is not a signature
+ *         algorithm. This macro can return either 0 or 1 if \p alg is not a
+ *         supported algorithm identifier.
+ */
+#define PSA_ALG_IS_SIGN_MESSAGE(alg)                                    \
+    (PSA_ALG_IS_SIGN_HASH(alg) || (alg) == PSA_ALG_PURE_EDDSA )
+
 /** Whether the specified algorithm is a hash-and-sign algorithm.
  *
  * Hash-and-sign algorithms are asymmetric (public-key) signature algorithms
@@ -1622,42 +1658,6 @@
     (PSA_ALG_IS_SIGN_HASH(alg) &&                                       \
      ((alg) & PSA_ALG_HASH_MASK) != 0)
 
-/** Whether the specified algorithm is a signature algorithm that can be used
- * with psa_sign_message() and psa_verify_message().
- *
- * \param alg An algorithm identifier (value of type #psa_algorithm_t).
- *
- * \return 1 if alg is a signature algorithm that can be used to sign a
- *         message. 0 if \p alg is a signature algorithm that can only be used
- *         to sign an already-calculated hash. 0 if \p alg is not a signature
- *         algorithm. This macro can return either 0 or 1 if \p alg is not a
- *         supported algorithm identifier.
- */
-#define PSA_ALG_IS_SIGN_MESSAGE(alg)                                    \
-    (PSA_ALG_IS_SIGN_HASH(alg) || (alg) == PSA_ALG_PURE_EDDSA )
-
-/** Whether the specified algorithm is a signature algorithm that can be used
- * with psa_sign_hash() and psa_verify_hash().
- *
- * This encompasses all strict hash-and-sign algorithms categorized by
- * PSA_ALG_IS_HASH_AND_SIGN(), as well as algorithms that follow the
- * paradigm more loosely:
- * - #PSA_ALG_RSA_PKCS1V15_SIGN_RAW (expects its input to be an encoded hash)
- * - #PSA_ALG_ECDSA_ANY (doesn't specify what kind of hash the input is)
- *
- * \param alg An algorithm identifier (value of type psa_algorithm_t).
- *
- * \return 1 if alg is a signature algorithm that can be used to sign a
- *         hash. 0 if alg is a signature algorithm that can only be used
- *         to sign a message. 0 if alg is not a signature algorithm.
- *         This macro can return either 0 or 1 if alg is not a
- *         supported algorithm identifier.
- */
-#define PSA_ALG_IS_SIGN_HASH(alg)                                       \
-    (PSA_ALG_IS_RSA_PSS(alg) || PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) ||    \
-     PSA_ALG_IS_ECDSA(alg) || PSA_ALG_IS_HASH_EDDSA(alg) ||             \
-     PSA_ALG_IS_VENDOR_HASH_AND_SIGN(alg))
-
 /** Get the hash used by a hash-and-sign signature algorithm.
  *
  * A hash-and-sign algorithm is a signature algorithm which is

From 4977e9fe64ab468be1fa8ae3059820116c36235b Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Wed, 22 Sep 2021 18:12:31 +0200
Subject: [PATCH 900/966] Add PSA_ALG_IS_HASH_AND_SIGN to the metadata tests

The status of signature wildcards with respect to PSA_ALG_IS_HASH_AND_SIGN
is unclear in the specification. A wildcard is usually instantiated with a
specific hash, making the implementation hash-and-sign, but it could also be
instantiated with a non-hash-and-sign algorithm. For the time being, go with
what's currently implemented, which is that they are considered
hash-and-sign.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 .../test_suite_psa_crypto_metadata.data       | 14 +++++-----
 .../test_suite_psa_crypto_metadata.function   | 28 +++++++++++--------
 2 files changed, 23 insertions(+), 19 deletions(-)

diff --git a/tests/suites/test_suite_psa_crypto_metadata.data b/tests/suites/test_suite_psa_crypto_metadata.data
index d6758fabae..83763c55d9 100644
--- a/tests/suites/test_suite_psa_crypto_metadata.data
+++ b/tests/suites/test_suite_psa_crypto_metadata.data
@@ -200,15 +200,15 @@ asymmetric_signature_algorithm:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:ALG_IS_RSA_PKCS1V15
 
 Asymmetric signature: RSA PKCS#1 v1.5 SHA-256
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256
-asymmetric_signature_algorithm:PSA_ALG_RSA_PKCS1V15_SIGN( PSA_ALG_SHA_256 ):ALG_IS_RSA_PKCS1V15_SIGN | ALG_IS_SIGN_HASH
+asymmetric_signature_algorithm:PSA_ALG_RSA_PKCS1V15_SIGN( PSA_ALG_SHA_256 ):ALG_IS_RSA_PKCS1V15_SIGN | ALG_IS_SIGN_HASH | ALG_IS_HASH_AND_SIGN
 
 Asymmetric signature: RSA PSS SHA-256
 depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256
-asymmetric_signature_algorithm:PSA_ALG_RSA_PSS( PSA_ALG_SHA_256 ):ALG_IS_RSA_PSS | ALG_IS_RSA_PSS_STANDARD_SALT | ALG_IS_SIGN_HASH
+asymmetric_signature_algorithm:PSA_ALG_RSA_PSS( PSA_ALG_SHA_256 ):ALG_IS_RSA_PSS | ALG_IS_RSA_PSS_STANDARD_SALT | ALG_IS_SIGN_HASH | ALG_IS_HASH_AND_SIGN
 
 Asymmetric signature: RSA PSS-any-salt SHA-256
 depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256
-asymmetric_signature_algorithm:PSA_ALG_RSA_PSS_ANY_SALT( PSA_ALG_SHA_256 ):ALG_IS_RSA_PSS | ALG_IS_RSA_PSS_ANY_SALT | ALG_IS_SIGN_HASH
+asymmetric_signature_algorithm:PSA_ALG_RSA_PSS_ANY_SALT( PSA_ALG_SHA_256 ):ALG_IS_RSA_PSS | ALG_IS_RSA_PSS_ANY_SALT | ALG_IS_SIGN_HASH | ALG_IS_HASH_AND_SIGN
 
 Asymmetric signature: randomized ECDSA (no hashing)
 depends_on:PSA_WANT_ALG_ECDSA
@@ -216,11 +216,11 @@ asymmetric_signature_algorithm:PSA_ALG_ECDSA_ANY:ALG_IS_ECDSA | ALG_IS_RANDOMIZE
 
 Asymmetric signature: SHA-256 + randomized ECDSA
 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256
-asymmetric_signature_algorithm:PSA_ALG_ECDSA( PSA_ALG_SHA_256 ):ALG_IS_ECDSA | ALG_IS_RANDOMIZED_ECDSA | ALG_IS_SIGN_HASH
+asymmetric_signature_algorithm:PSA_ALG_ECDSA( PSA_ALG_SHA_256 ):ALG_IS_ECDSA | ALG_IS_RANDOMIZED_ECDSA | ALG_IS_SIGN_HASH | ALG_IS_HASH_AND_SIGN
 
 Asymmetric signature: SHA-256 + deterministic ECDSA using SHA-256
 depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256
-asymmetric_signature_algorithm:PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):ALG_IS_ECDSA | ALG_IS_DETERMINISTIC_ECDSA | ALG_ECDSA_IS_DETERMINISTIC | ALG_IS_SIGN_HASH
+asymmetric_signature_algorithm:PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):ALG_IS_ECDSA | ALG_IS_DETERMINISTIC_ECDSA | ALG_ECDSA_IS_DETERMINISTIC | ALG_IS_SIGN_HASH | ALG_IS_HASH_AND_SIGN
 
 Asymmetric signature: pure EdDSA
 depends_on:PSA_WANT_ALG_EDDSA
@@ -228,11 +228,11 @@ asymmetric_signature_algorithm:PSA_ALG_PURE_EDDSA:0
 
 Asymmetric signature: Ed25519ph
 depends_on:PSA_WANT_ALG_EDDSA
-asymmetric_signature_algorithm:PSA_ALG_ED25519PH:ALG_IS_HASH_EDDSA | ALG_IS_SIGN_HASH
+asymmetric_signature_algorithm:PSA_ALG_ED25519PH:ALG_IS_HASH_EDDSA | ALG_IS_SIGN_HASH | ALG_IS_HASH_AND_SIGN
 
 Asymmetric signature: Ed448ph
 depends_on:PSA_WANT_ALG_EDDSA
-asymmetric_signature_algorithm:PSA_ALG_ED448PH:ALG_IS_HASH_EDDSA | ALG_IS_SIGN_HASH
+asymmetric_signature_algorithm:PSA_ALG_ED448PH:ALG_IS_HASH_EDDSA | ALG_IS_SIGN_HASH | ALG_IS_HASH_AND_SIGN
 
 Asymmetric signature: RSA PKCS#1 v1.5 with wildcard hash
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN
diff --git a/tests/suites/test_suite_psa_crypto_metadata.function b/tests/suites/test_suite_psa_crypto_metadata.function
index e64dc39477..0f2fcec590 100644
--- a/tests/suites/test_suite_psa_crypto_metadata.function
+++ b/tests/suites/test_suite_psa_crypto_metadata.function
@@ -33,16 +33,17 @@
 #define ALG_IS_DETERMINISTIC_ECDSA      ( 1u << 14 )
 #define ALG_IS_RANDOMIZED_ECDSA         ( 1u << 15 )
 #define ALG_IS_HASH_EDDSA               ( 1u << 16 )
-#define ALG_IS_SIGN_HASH            ( 1u << 17 )
-#define ALG_IS_RSA_OAEP                 ( 1u << 18 )
-#define ALG_IS_HKDF                     ( 1u << 19 )
-#define ALG_IS_FFDH                     ( 1u << 20 )
-#define ALG_IS_ECDH                     ( 1u << 21 )
-#define ALG_IS_WILDCARD                 ( 1u << 22 )
-#define ALG_IS_RAW_KEY_AGREEMENT        ( 1u << 23 )
-#define ALG_IS_AEAD_ON_BLOCK_CIPHER     ( 1u << 24 )
-#define ALG_IS_TLS12_PRF                ( 1u << 25 )
-#define ALG_IS_TLS12_PSK_TO_MS          ( 1u << 26 )
+#define ALG_IS_SIGN_HASH                ( 1u << 17 )
+#define ALG_IS_HASH_AND_SIGN            ( 1u << 18 )
+#define ALG_IS_RSA_OAEP                 ( 1u << 19 )
+#define ALG_IS_HKDF                     ( 1u << 20 )
+#define ALG_IS_FFDH                     ( 1u << 21 )
+#define ALG_IS_ECDH                     ( 1u << 22 )
+#define ALG_IS_WILDCARD                 ( 1u << 23 )
+#define ALG_IS_RAW_KEY_AGREEMENT        ( 1u << 24 )
+#define ALG_IS_AEAD_ON_BLOCK_CIPHER     ( 1u << 25 )
+#define ALG_IS_TLS12_PRF                ( 1u << 26 )
+#define ALG_IS_TLS12_PSK_TO_MS          ( 1u << 27 )
 
 /* Flags for key type classification macros. There is a flag for every
  * key type classification macro PSA_KEY_TYPE_IS_xxx except for some that
@@ -51,7 +52,7 @@
 #define KEY_TYPE_IS_VENDOR_DEFINED      ( 1u << 0 )
 #define KEY_TYPE_IS_UNSTRUCTURED        ( 1u << 1 )
 #define KEY_TYPE_IS_PUBLIC_KEY          ( 1u << 2 )
-#define KEY_TYPE_IS_KEY_PAIR             ( 1u << 3 )
+#define KEY_TYPE_IS_KEY_PAIR            ( 1u << 3 )
 #define KEY_TYPE_IS_RSA                 ( 1u << 4 )
 #define KEY_TYPE_IS_DSA                 ( 1u << 5 )
 #define KEY_TYPE_IS_ECC                 ( 1u << 6 )
@@ -115,6 +116,7 @@ void algorithm_classification( psa_algorithm_t alg, unsigned flags )
     TEST_CLASSIFICATION_MACRO( ALG_IS_RANDOMIZED_ECDSA, alg, flags );
     TEST_CLASSIFICATION_MACRO( ALG_IS_HASH_EDDSA, alg, flags );
     TEST_CLASSIFICATION_MACRO( ALG_IS_SIGN_HASH, alg, flags );
+    TEST_CLASSIFICATION_MACRO( ALG_IS_HASH_AND_SIGN, alg, flags );
     TEST_CLASSIFICATION_MACRO( ALG_IS_RSA_OAEP, alg, flags );
     TEST_CLASSIFICATION_MACRO( ALG_IS_HKDF, alg, flags );
     TEST_CLASSIFICATION_MACRO( ALG_IS_WILDCARD, alg, flags );
@@ -490,7 +492,9 @@ void asymmetric_signature_algorithm( int alg_arg, int classification_flags )
 /* BEGIN_CASE */
 void asymmetric_signature_wildcard( int alg_arg, int classification_flags )
 {
-    classification_flags |= ALG_IS_SIGN_HASH | ALG_IS_WILDCARD;
+    classification_flags |= ALG_IS_WILDCARD;
+    classification_flags |= ALG_IS_SIGN_HASH;
+    classification_flags |= ALG_IS_HASH_AND_SIGN;
     test_asymmetric_signature_algorithm( alg_arg, classification_flags );
     /* Any failure of this test function comes from
      * asymmetric_signature_algorithm. Pacify -Werror=unused-label. */

From c323d4585fd51b7c75c959c2289d6ab9efa14183 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Fri, 15 Oct 2021 21:38:35 +0200
Subject: [PATCH 901/966] Note the change to PSA_ALG_IS_HASH_AND_SIGN in the
 changelog

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 ChangeLog.d/psa_crypto_api_macros.txt | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/ChangeLog.d/psa_crypto_api_macros.txt b/ChangeLog.d/psa_crypto_api_macros.txt
index c695ff5c95..ff53e33c2d 100644
--- a/ChangeLog.d/psa_crypto_api_macros.txt
+++ b/ChangeLog.d/psa_crypto_api_macros.txt
@@ -1,3 +1,11 @@
 Features
    * Add missing PSA macros declared by PSA Crypto API 1.0.0:
-     PSA_ALG_IS_SIGN_HASH, PSA_ALG_NONE, PSA_HASH_BLOCK_LENGTH, PSA_KEY_ID_NULL
+     PSA_ALG_IS_SIGN_HASH, PSA_ALG_NONE, PSA_HASH_BLOCK_LENGTH, PSA_KEY_ID_NULL.
+
+Bugfix
+   * The existing predicate macro name PSA_ALG_IS_HASH_AND_SIGN is now reserved
+     for algorithm values that fully encode the hashing step, as per the PSA
+     Crypto API specification. This excludes PSA_ALG_RSA_PKCS1V15_SIGN_RAW and
+     PSA_ALG_ECDSA_ANY. The new predicate macro PSA_ALG_IS_SIGN_HASH covers
+     all algorithms that can be used with psa_{sign,verify}_hash(), including
+     these two.

From a4256c1b2dc90fd144c154b746ff9d718bd33f35 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Wed, 3 Nov 2021 14:18:08 +0100
Subject: [PATCH 902/966] Ensure that all flags are actually tested

At least twice, we added a classification flag but forgot to test it in the
relevant test functions. Add some protection so that this doesn't happen
again. In each classification category, put a macro xxx_FLAG_MASK_PLUS_ONE
at the end. In the corresponding test function, keep track of the flags that
are tested, and check that their mask is xxx_FLAG_MASK_PLUS_ONE - 1 which is
all the bits of the previous flags set.

Now, if we add a flag without testing it, the test
TEST_EQUAL( classification_flags_tested, xxx_FLAG_MASK_PLUS_ONE - 1 )
will fail. It will also fail if we make the set of flag numbers
non-consecutive, which is ok.

This reveals that three algorithm flags had been added but not tested (in
two separate occasions). Also, one key type flag that is no longer used by
the library was still defined but not tested, which is not a test gap but is
inconsistent. It's for DSA, which is relevant to the PSA encoding even if
Mbed TLS doesn't implement it, so keep the flag and do test it.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 .../test_suite_psa_crypto_metadata.function   | 112 +++++++++++-------
 1 file changed, 69 insertions(+), 43 deletions(-)

diff --git a/tests/suites/test_suite_psa_crypto_metadata.function b/tests/suites/test_suite_psa_crypto_metadata.function
index 0f2fcec590..f02adf3a74 100644
--- a/tests/suites/test_suite_psa_crypto_metadata.function
+++ b/tests/suites/test_suite_psa_crypto_metadata.function
@@ -44,6 +44,7 @@
 #define ALG_IS_AEAD_ON_BLOCK_CIPHER     ( 1u << 25 )
 #define ALG_IS_TLS12_PRF                ( 1u << 26 )
 #define ALG_IS_TLS12_PSK_TO_MS          ( 1u << 27 )
+#define ALG_FLAG_MASK_PLUS_ONE          ( 1u << 28 ) /* must be last! */
 
 /* Flags for key type classification macros. There is a flag for every
  * key type classification macro PSA_KEY_TYPE_IS_xxx except for some that
@@ -57,21 +58,38 @@
 #define KEY_TYPE_IS_DSA                 ( 1u << 5 )
 #define KEY_TYPE_IS_ECC                 ( 1u << 6 )
 #define KEY_TYPE_IS_DH                  ( 1u << 7 )
+#define KEY_TYPE_FLAG_MASK_PLUS_ONE     ( 1u << 8 ) /* must be last! */
 
 /* Flags for lifetime classification macros. There is a flag for every
  * lifetime classification macro PSA_KEY_LIFETIME_IS_xxx. The name of the
  * flag is the name of the classification macro without the PSA_ prefix. */
 #define KEY_LIFETIME_IS_VOLATILE        ( 1u << 0 )
 #define KEY_LIFETIME_IS_READ_ONLY       ( 1u << 1 )
+#define KEY_LIFETIME_FLAG_MASK_PLUS_ONE ( 1u << 2 ) /* must be last! */
 
-#define TEST_CLASSIFICATION_MACRO( flag, alg, flags ) \
-    do                                                \
-    {                                                 \
-        if( ( flags ) & ( flag ) )                    \
-            TEST_ASSERT( PSA_##flag( alg ) );         \
-        else                                          \
-            TEST_ASSERT( ! PSA_##flag( alg ) );       \
-    }                                                 \
+/* Check that in the value of flags, the bit flag (which should be a macro
+ * expanding to a number of the form 1 << k) is set if and only if
+ * PSA_##flag(alg) is true.
+ *
+ * Only perform this check if cond is true. Typically cond is 1, but it can
+ * be different if the value of the flag bit is only specified under specific
+ * conditions.
+ *
+ * Unconditionally mask flag into the ambient variable
+ * classification_flags_tested.
+ */
+#define TEST_CLASSIFICATION_MACRO( cond, flag, alg, flags )     \
+    do                                                          \
+    {                                                           \
+        if( cond )                                              \
+        {                                                       \
+            if( ( flags ) & ( flag ) )                          \
+                TEST_ASSERT( PSA_##flag( alg ) );               \
+            else                                                \
+                TEST_ASSERT( ! PSA_##flag( alg ) );             \
+        }                                                       \
+        classification_flags_tested |= ( flag );                \
+    }                                                           \
     while( 0 )
 
 /* Check the parity of value.
@@ -98,45 +116,50 @@ int has_even_parity( uint32_t value )
 
 void algorithm_classification( psa_algorithm_t alg, unsigned flags )
 {
-    TEST_CLASSIFICATION_MACRO( ALG_IS_VENDOR_DEFINED, alg, flags );
-    TEST_CLASSIFICATION_MACRO( ALG_IS_HMAC, alg, flags );
-    TEST_CLASSIFICATION_MACRO( ALG_IS_BLOCK_CIPHER_MAC, alg, flags );
-    TEST_CLASSIFICATION_MACRO( ALG_IS_STREAM_CIPHER, alg, flags );
-    TEST_CLASSIFICATION_MACRO( ALG_IS_RSA_PKCS1V15_SIGN, alg, flags );
-    TEST_CLASSIFICATION_MACRO( ALG_IS_RSA_PSS, alg, flags );
-    TEST_CLASSIFICATION_MACRO( ALG_IS_DSA, alg, flags );
-    if ( PSA_ALG_IS_DSA( alg ) )
-        TEST_CLASSIFICATION_MACRO( ALG_DSA_IS_DETERMINISTIC, alg, flags );
-    TEST_CLASSIFICATION_MACRO( ALG_IS_DETERMINISTIC_DSA, alg, flags );
-    TEST_CLASSIFICATION_MACRO( ALG_IS_RANDOMIZED_DSA, alg, flags );
-    TEST_CLASSIFICATION_MACRO( ALG_IS_ECDSA, alg, flags );
-    if ( PSA_ALG_IS_ECDSA( alg ) )
-        TEST_CLASSIFICATION_MACRO( ALG_ECDSA_IS_DETERMINISTIC, alg, flags );
-    TEST_CLASSIFICATION_MACRO( ALG_IS_DETERMINISTIC_ECDSA, alg, flags );
-    TEST_CLASSIFICATION_MACRO( ALG_IS_RANDOMIZED_ECDSA, alg, flags );
-    TEST_CLASSIFICATION_MACRO( ALG_IS_HASH_EDDSA, alg, flags );
-    TEST_CLASSIFICATION_MACRO( ALG_IS_SIGN_HASH, alg, flags );
-    TEST_CLASSIFICATION_MACRO( ALG_IS_HASH_AND_SIGN, alg, flags );
-    TEST_CLASSIFICATION_MACRO( ALG_IS_RSA_OAEP, alg, flags );
-    TEST_CLASSIFICATION_MACRO( ALG_IS_HKDF, alg, flags );
-    TEST_CLASSIFICATION_MACRO( ALG_IS_WILDCARD, alg, flags );
-    TEST_CLASSIFICATION_MACRO( ALG_IS_ECDH, alg, flags );
-    TEST_CLASSIFICATION_MACRO( ALG_IS_FFDH, alg, flags );
-    TEST_CLASSIFICATION_MACRO( ALG_IS_RAW_KEY_AGREEMENT, alg, flags );
-    TEST_CLASSIFICATION_MACRO( ALG_IS_AEAD_ON_BLOCK_CIPHER, alg, flags );
+    unsigned classification_flags_tested = 0;
+    TEST_CLASSIFICATION_MACRO( 1, ALG_IS_VENDOR_DEFINED, alg, flags );
+    TEST_CLASSIFICATION_MACRO( 1, ALG_IS_HMAC, alg, flags );
+    TEST_CLASSIFICATION_MACRO( 1, ALG_IS_BLOCK_CIPHER_MAC, alg, flags );
+    TEST_CLASSIFICATION_MACRO( 1, ALG_IS_STREAM_CIPHER, alg, flags );
+    TEST_CLASSIFICATION_MACRO( 1, ALG_IS_RSA_PKCS1V15_SIGN, alg, flags );
+    TEST_CLASSIFICATION_MACRO( 1, ALG_IS_RSA_PSS, alg, flags );
+    TEST_CLASSIFICATION_MACRO( 1, ALG_IS_DSA, alg, flags );
+    TEST_CLASSIFICATION_MACRO( PSA_ALG_IS_DSA( alg ),
+                               ALG_DSA_IS_DETERMINISTIC, alg, flags );
+    TEST_CLASSIFICATION_MACRO( 1, ALG_IS_DETERMINISTIC_DSA, alg, flags );
+    TEST_CLASSIFICATION_MACRO( 1, ALG_IS_RANDOMIZED_DSA, alg, flags );
+    TEST_CLASSIFICATION_MACRO( 1, ALG_IS_ECDSA, alg, flags );
+    TEST_CLASSIFICATION_MACRO( PSA_ALG_IS_ECDSA( alg ),
+                               ALG_ECDSA_IS_DETERMINISTIC, alg, flags );
+    TEST_CLASSIFICATION_MACRO( 1, ALG_IS_DETERMINISTIC_ECDSA, alg, flags );
+    TEST_CLASSIFICATION_MACRO( 1, ALG_IS_RANDOMIZED_ECDSA, alg, flags );
+    TEST_CLASSIFICATION_MACRO( 1, ALG_IS_HASH_EDDSA, alg, flags );
+    TEST_CLASSIFICATION_MACRO( 1, ALG_IS_SIGN_HASH, alg, flags );
+    TEST_CLASSIFICATION_MACRO( 1, ALG_IS_HASH_AND_SIGN, alg, flags );
+    TEST_CLASSIFICATION_MACRO( 1, ALG_IS_RSA_OAEP, alg, flags );
+    TEST_CLASSIFICATION_MACRO( 1, ALG_IS_HKDF, alg, flags );
+    TEST_CLASSIFICATION_MACRO( 1, ALG_IS_WILDCARD, alg, flags );
+    TEST_CLASSIFICATION_MACRO( 1, ALG_IS_ECDH, alg, flags );
+    TEST_CLASSIFICATION_MACRO( 1, ALG_IS_FFDH, alg, flags );
+    TEST_CLASSIFICATION_MACRO( 1, ALG_IS_RAW_KEY_AGREEMENT, alg, flags );
+    TEST_CLASSIFICATION_MACRO( 1, ALG_IS_AEAD_ON_BLOCK_CIPHER, alg, flags );
+    TEST_EQUAL( classification_flags_tested, ALG_FLAG_MASK_PLUS_ONE - 1 );
 exit: ;
 }
 
 void key_type_classification( psa_key_type_t type, unsigned flags )
 {
+    unsigned classification_flags_tested = 0;
+
     /* Macros tested based on the test case parameter */
-    TEST_CLASSIFICATION_MACRO( KEY_TYPE_IS_VENDOR_DEFINED, type, flags );
-    TEST_CLASSIFICATION_MACRO( KEY_TYPE_IS_UNSTRUCTURED, type, flags );
-    TEST_CLASSIFICATION_MACRO( KEY_TYPE_IS_PUBLIC_KEY, type, flags );
-    TEST_CLASSIFICATION_MACRO( KEY_TYPE_IS_KEY_PAIR, type, flags );
-    TEST_CLASSIFICATION_MACRO( KEY_TYPE_IS_RSA, type, flags );
-    TEST_CLASSIFICATION_MACRO( KEY_TYPE_IS_ECC, type, flags );
-    TEST_CLASSIFICATION_MACRO( KEY_TYPE_IS_DH, type, flags );
+    TEST_CLASSIFICATION_MACRO( 1, KEY_TYPE_IS_VENDOR_DEFINED, type, flags );
+    TEST_CLASSIFICATION_MACRO( 1, KEY_TYPE_IS_UNSTRUCTURED, type, flags );
+    TEST_CLASSIFICATION_MACRO( 1, KEY_TYPE_IS_PUBLIC_KEY, type, flags );
+    TEST_CLASSIFICATION_MACRO( 1, KEY_TYPE_IS_KEY_PAIR, type, flags );
+    TEST_CLASSIFICATION_MACRO( 1, KEY_TYPE_IS_RSA, type, flags );
+    TEST_CLASSIFICATION_MACRO( 1, KEY_TYPE_IS_ECC, type, flags );
+    TEST_CLASSIFICATION_MACRO( 1, KEY_TYPE_IS_DH, type, flags );
+    TEST_EQUAL( classification_flags_tested, KEY_TYPE_FLAG_MASK_PLUS_ONE - 1 );
 
     /* Macros with derived semantics */
     TEST_EQUAL( PSA_KEY_TYPE_IS_ASYMMETRIC( type ),
@@ -698,9 +721,12 @@ void lifetime( int lifetime_arg, int classification_flags,
     psa_key_persistence_t persistence = persistence_arg;
     psa_key_location_t location = location_arg;
     unsigned flags = classification_flags;
+    unsigned classification_flags_tested = 0;
 
-    TEST_CLASSIFICATION_MACRO( KEY_LIFETIME_IS_VOLATILE, lifetime, flags );
-    TEST_CLASSIFICATION_MACRO( KEY_LIFETIME_IS_READ_ONLY, lifetime, flags );
+    TEST_CLASSIFICATION_MACRO( 1, KEY_LIFETIME_IS_VOLATILE, lifetime, flags );
+    TEST_CLASSIFICATION_MACRO( 1, KEY_LIFETIME_IS_READ_ONLY, lifetime, flags );
+    TEST_EQUAL( classification_flags_tested,
+                KEY_LIFETIME_FLAG_MASK_PLUS_ONE - 1 );
 
     TEST_EQUAL( PSA_KEY_LIFETIME_GET_PERSISTENCE( lifetime ), persistence );
     TEST_EQUAL( PSA_KEY_LIFETIME_GET_LOCATION( lifetime ), location );

From 4db2624bfe2bd47b87be2d53747db8d59c1dc58f Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Wed, 3 Nov 2021 13:56:47 +0100
Subject: [PATCH 903/966] Fix test bug: some classification flags were not
 tested

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 tests/suites/test_suite_psa_crypto_metadata.function | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/tests/suites/test_suite_psa_crypto_metadata.function b/tests/suites/test_suite_psa_crypto_metadata.function
index f02adf3a74..092780c4db 100644
--- a/tests/suites/test_suite_psa_crypto_metadata.function
+++ b/tests/suites/test_suite_psa_crypto_metadata.function
@@ -123,6 +123,8 @@ void algorithm_classification( psa_algorithm_t alg, unsigned flags )
     TEST_CLASSIFICATION_MACRO( 1, ALG_IS_STREAM_CIPHER, alg, flags );
     TEST_CLASSIFICATION_MACRO( 1, ALG_IS_RSA_PKCS1V15_SIGN, alg, flags );
     TEST_CLASSIFICATION_MACRO( 1, ALG_IS_RSA_PSS, alg, flags );
+    TEST_CLASSIFICATION_MACRO( 1, ALG_IS_RSA_PSS_ANY_SALT, alg, flags );
+    TEST_CLASSIFICATION_MACRO( 1, ALG_IS_RSA_PSS_STANDARD_SALT, alg, flags );
     TEST_CLASSIFICATION_MACRO( 1, ALG_IS_DSA, alg, flags );
     TEST_CLASSIFICATION_MACRO( PSA_ALG_IS_DSA( alg ),
                                ALG_DSA_IS_DETERMINISTIC, alg, flags );
@@ -143,6 +145,8 @@ void algorithm_classification( psa_algorithm_t alg, unsigned flags )
     TEST_CLASSIFICATION_MACRO( 1, ALG_IS_FFDH, alg, flags );
     TEST_CLASSIFICATION_MACRO( 1, ALG_IS_RAW_KEY_AGREEMENT, alg, flags );
     TEST_CLASSIFICATION_MACRO( 1, ALG_IS_AEAD_ON_BLOCK_CIPHER, alg, flags );
+    TEST_CLASSIFICATION_MACRO( 1, ALG_IS_TLS12_PRF, alg, flags );
+    TEST_CLASSIFICATION_MACRO( 1, ALG_IS_TLS12_PSK_TO_MS, alg, flags );
     TEST_EQUAL( classification_flags_tested, ALG_FLAG_MASK_PLUS_ONE - 1 );
 exit: ;
 }
@@ -157,6 +161,7 @@ void key_type_classification( psa_key_type_t type, unsigned flags )
     TEST_CLASSIFICATION_MACRO( 1, KEY_TYPE_IS_PUBLIC_KEY, type, flags );
     TEST_CLASSIFICATION_MACRO( 1, KEY_TYPE_IS_KEY_PAIR, type, flags );
     TEST_CLASSIFICATION_MACRO( 1, KEY_TYPE_IS_RSA, type, flags );
+    TEST_CLASSIFICATION_MACRO( 1, KEY_TYPE_IS_DSA, type, flags );
     TEST_CLASSIFICATION_MACRO( 1, KEY_TYPE_IS_ECC, type, flags );
     TEST_CLASSIFICATION_MACRO( 1, KEY_TYPE_IS_DH, type, flags );
     TEST_EQUAL( classification_flags_tested, KEY_TYPE_FLAG_MASK_PLUS_ONE - 1 );

From f4ecf305fe783cffac73f2373b79ad32cefc3925 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Wed, 3 Nov 2021 18:27:22 +0100
Subject: [PATCH 904/966] Fix copypasta in #endif comment

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 library/base64_invasive.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/base64_invasive.h b/library/base64_invasive.h
index 9e264719d4..ed5f7cb824 100644
--- a/library/base64_invasive.h
+++ b/library/base64_invasive.h
@@ -52,4 +52,4 @@ unsigned char mbedtls_base64_enc_char( unsigned char val );
 signed char mbedtls_base64_dec_value( unsigned char c );
 #endif /* MBEDTLS_TEST_HOOKS */
 
-#endif /* MBEDTLS_SSL_INVASIVE_H */
+#endif /* MBEDTLS_BASE64_INVASIVE_H */

From 70842950fdf8b4dd36ee3e0a18cd432443355d3d Mon Sep 17 00:00:00 2001
From: Harmen Stoppels <harmenstoppels@gmail.com>
Date: Thu, 4 Nov 2021 13:09:02 +0100
Subject: [PATCH 905/966] Restore the whitespace

Signed-off-by: Harmen Stoppels <harmenstoppels@gmail.com>
---
 library/Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/Makefile b/library/Makefile
index cbe6031ff8..6b02f77c18 100644
--- a/library/Makefile
+++ b/library/Makefile
@@ -199,7 +199,7 @@ endif
 
 libmbedtls.$(SOEXT_TLS): $(OBJS_TLS) libmbedx509.so
 	echo "  LD    $@"
-	$(CC) -shared -Wl,-soname,$@ -o $@ $(OBJS_TLS) -L. -lmbedcrypto -lmbedx509$(LOCAL_LDFLAGS) $(LDFLAGS)
+	$(CC) -shared -Wl,-soname,$@ -o $@ $(OBJS_TLS) -L. -lmbedcrypto -lmbedx509 $(LOCAL_LDFLAGS) $(LDFLAGS)
 
 libmbedtls.so: libmbedtls.$(SOEXT_TLS)
 	echo "  LN    $@ -> $<"

From 9e9aa5d2ebd4ffbeb6ac46d070dc389665e71e0d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= <bence.szepkuti@arm.com>
Date: Thu, 4 Nov 2021 16:39:48 +0100
Subject: [PATCH 906/966] Fix typo
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
---
 .gitignore | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.gitignore b/.gitignore
index e86092c45f..26986d60c1 100644
--- a/.gitignore
+++ b/.gitignore
@@ -41,7 +41,7 @@ massif-*
 # Generated documentation:
 /apidoc
 
-# PSA Crypto compliance test repo, cloned by test_psa_complaince.py
+# PSA Crypto compliance test repo, cloned by test_psa_compliance.py
 /psa-arch-tests
 
 # Editor navigation files:

From fcb4fb71e3888edf257f86d92e394abac4be81b6 Mon Sep 17 00:00:00 2001
From: Harmen Stoppels <harmenstoppels@gmail.com>
Date: Thu, 4 Nov 2021 17:33:51 +0100
Subject: [PATCH 907/966] Reorder linker flags

Signed-off-by: Harmen Stoppels <harmenstoppels@gmail.com>
---
 library/Makefile | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/library/Makefile b/library/Makefile
index 6b02f77c18..01e85cf5b3 100644
--- a/library/Makefile
+++ b/library/Makefile
@@ -199,7 +199,7 @@ endif
 
 libmbedtls.$(SOEXT_TLS): $(OBJS_TLS) libmbedx509.so
 	echo "  LD    $@"
-	$(CC) -shared -Wl,-soname,$@ -o $@ $(OBJS_TLS) -L. -lmbedcrypto -lmbedx509 $(LOCAL_LDFLAGS) $(LDFLAGS)
+	$(CC) -shared -Wl,-soname,$@ -o $@ $(OBJS_TLS) -L. -lmbedx509 -lmbedcrypto $(LOCAL_LDFLAGS) $(LDFLAGS)
 
 libmbedtls.so: libmbedtls.$(SOEXT_TLS)
 	echo "  LN    $@ -> $<"
@@ -207,11 +207,11 @@ libmbedtls.so: libmbedtls.$(SOEXT_TLS)
 
 libmbedtls.dylib: $(OBJS_TLS) libmbedx509.dylib
 	echo "  LD    $@"
-	$(CC) -dynamiclib -o $@ $(OBJS_TLS) -L. -lmbedcrypto -lmbedx509 $(LOCAL_LDFLAGS) $(LDFLAGS)
+	$(CC) -dynamiclib -o $@ $(OBJS_TLS) -L. -lmbedx509 -lmbedcrypto $(LOCAL_LDFLAGS) $(LDFLAGS)
 
 libmbedtls.dll: $(OBJS_TLS) libmbedx509.dll
 	echo "  LD    $@"
-	$(CC) -shared -Wl,-soname,$@ -Wl,--out-implib,$@.a -o $@ $(OBJS_TLS) -lws2_32 -lwinmm -lgdi32 -L. -lmbedcrypto -lmbedx509 -static-libgcc $(LOCAL_LDFLAGS) $(LDFLAGS)
+	$(CC) -shared -Wl,-soname,$@ -Wl,--out-implib,$@.a -o $@ $(OBJS_TLS) -lws2_32 -lwinmm -lgdi32 -L. -lmbedx509 -lmbedcrypto -static-libgcc $(LOCAL_LDFLAGS) $(LDFLAGS)
 
 # x509
 libmbedx509.a: $(OBJS_X509)

From 5398c10b897de8f4f29aa897484621b76748bea4 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Fri, 5 Nov 2021 13:32:38 +0800
Subject: [PATCH 908/966] Add return value check for cerificate verify

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_tls13_generic.c | 1 +
 tests/ssl-opt.sh            | 8 ++++++--
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 45692d8771..75b11c93af 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -503,6 +503,7 @@ int mbedtls_ssl_tls13_process_certificate_verify( mbedtls_ssl_context *ssl )
 cleanup:
 
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse certificate verify" ) );
+    MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_process_certificate_verify", ret );
     return( ret );
 #else
     ((void) ssl);
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 037dfa5188..0e78356bc9 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -8833,7 +8833,9 @@ run_test    "TLS1.3: Test client hello msg work - openssl" \
             -c "=> ssl_tls1_3_process_server_hello" \
             -c "<= parse encrypted extensions"      \
             -c "Certificate verification flags clear" \
-            -c "<= parse certificate verify"
+            -c "=> parse certificate verify"          \
+            -c "<= parse certificate verify"          \
+            -c "mbedtls_ssl_tls13_process_certificate_verify() returned 0"
 
 requires_gnutls_tls1_3
 requires_gnutls_next_no_ticket
@@ -8864,7 +8866,9 @@ run_test    "TLS1.3: Test client hello msg work - gnutls" \
             -c "=> ssl_tls1_3_process_server_hello" \
             -c "<= parse encrypted extensions"      \
             -c "Certificate verification flags clear" \
-            -c "<= parse certificate verify"
+            -c "=> parse certificate verify"          \
+            -c "<= parse certificate verify"          \
+            -c "mbedtls_ssl_tls13_process_certificate_verify() returned 0"
 
 # Test heap memory usage after handshake
 requires_config_enabled MBEDTLS_MEMORY_DEBUG

From 3e636161eccd98c4d51cef4631bf2ae6a7c26170 Mon Sep 17 00:00:00 2001
From: Harmen Stoppels <harmenstoppels@gmail.com>
Date: Fri, 5 Nov 2021 09:12:09 +0100
Subject: [PATCH 909/966] Add changelog

Signed-off-by: Harmen Stoppels <harmenstoppels@gmail.com>
---
 ChangeLog.d/fix-needed-shared-libraries-linux.txt | 3 +++
 1 file changed, 3 insertions(+)
 create mode 100644 ChangeLog.d/fix-needed-shared-libraries-linux.txt

diff --git a/ChangeLog.d/fix-needed-shared-libraries-linux.txt b/ChangeLog.d/fix-needed-shared-libraries-linux.txt
new file mode 100644
index 0000000000..74ad3bc753
--- /dev/null
+++ b/ChangeLog.d/fix-needed-shared-libraries-linux.txt
@@ -0,0 +1,3 @@
+Bugfix
+   * Fix issue in Makefile on Linux with SHARED=1, that caused shared libraries
+     not to list other shared libraries they need.

From 15a56813a28814cc4132188dd233a8c11b2794de Mon Sep 17 00:00:00 2001
From: Xiaofei Bai <xiaofei.bai@arm.com>
Date: Fri, 5 Nov 2021 10:52:12 +0000
Subject: [PATCH 910/966] TLS1.3 Add hostname extention

Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
---
 library/ssl_cli.c          | 9 +++++++++
 library/ssl_misc.h         | 7 +++++++
 library/ssl_tls13_client.c | 8 ++++++++
 3 files changed, 24 insertions(+)

diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 9fc8041262..f070b0fade 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -156,6 +156,15 @@ static int ssl_write_hostname_ext( mbedtls_ssl_context *ssl,
 
     return( 0 );
 }
+
+int mbedtls_ssl_write_hostname_ext( mbedtls_ssl_context *ssl,
+                                    unsigned char *buf,
+                                    const unsigned char *end,
+                                    size_t *olen )
+{
+    return ssl_write_hostname_ext( ssl, buf, end, olen );
+}
+
 #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
 
 #if defined(MBEDTLS_SSL_RENEGOTIATION)
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index c7d966bf2c..87347bf263 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -1037,6 +1037,13 @@ void mbedtls_ssl_set_inbound_transform( mbedtls_ssl_context *ssl,
 void mbedtls_ssl_set_outbound_transform( mbedtls_ssl_context *ssl,
                                          mbedtls_ssl_transform *transform );
 
+#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
+int mbedtls_ssl_write_hostname_ext( mbedtls_ssl_context *ssl,
+                                    unsigned char *buf,
+                                    const unsigned char *end,
+                                    size_t *olen );
+#endif
+
 int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl );
 int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl );
 void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl );
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 9c8848454f..511f4cd289 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -798,6 +798,14 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl,
 
 #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
 
+#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
+    /* Write server name extention */
+    ret = mbedtls_ssl_write_hostname_ext( ssl, p, end, &output_len );
+    if( ret != 0 )
+        return( ret );
+    p += output_len;
+#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
+
     /* Add more extensions here */
 
     /* Write the length of the list of extensions. */

From 1ca80f7ca5fe9cc93849ee0cb1d7aa91baec6759 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Mon, 8 Nov 2021 10:30:54 +0800
Subject: [PATCH 911/966] fix comment issue

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_msg.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 40eb57e223..fc3ecc8824 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -2562,8 +2562,8 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush )
          * as it may change when using the CID extension. */
         int minor_ver = ssl->minor_ver;
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
-        /* TLS 1.3 still uses the TLS 1.3 version identifier
-        * for backwards compatibility. */
+        /* TLS 1.3 still uses the TLS 1.2 version identifier
+         * for backwards compatibility. */
         if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
             minor_ver = MBEDTLS_SSL_MINOR_VERSION_3;
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */

From a1a568c2f6fa5f87889d972b92867c7517f88f5b Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Tue, 9 Nov 2021 10:17:21 +0800
Subject: [PATCH 912/966] fix various issues

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_msg.c | 1 -
 library/ssl_tls.c | 6 ++----
 2 files changed, 2 insertions(+), 5 deletions(-)

diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index fc3ecc8824..3c7700bab3 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -5625,7 +5625,6 @@ static void ssl_buffering_free_slot( mbedtls_ssl_context *ssl,
 void mbedtls_ssl_write_version( int major, int minor, int transport,
                         unsigned char ver[2] )
 {
-
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
     if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
     {
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 1929d8b3ee..d91f2312cf 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -5478,12 +5478,10 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl )
 #endif /* MBEDTLS_ECDH_C && MBEDTLS_USE_PSA_CRYPTO */
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
-    mbedtls_ssl_transform_free(handshake->transform_handshake);
-    mbedtls_ssl_transform_free(handshake->transform_earlydata);
+    mbedtls_ssl_transform_free( handshake->transform_handshake );
+    mbedtls_ssl_transform_free( handshake->transform_earlydata );
     mbedtls_free( handshake->transform_earlydata );
     mbedtls_free( handshake->transform_handshake );
-    handshake->transform_earlydata = NULL;
-    handshake->transform_handshake = NULL;
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
 
 

From 58afdba88727babbd9ebea002d60cc1fda7a72fd Mon Sep 17 00:00:00 2001
From: Xiaofei Bai <xiaofei.bai@arm.com>
Date: Tue, 9 Nov 2021 03:10:05 +0000
Subject: [PATCH 913/966] Fix typo and remove wrapper

Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
---
 library/ssl_cli.c          | 17 ++++-------------
 library/ssl_tls13_client.c |  2 +-
 2 files changed, 5 insertions(+), 14 deletions(-)

diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index f070b0fade..d871dba66b 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -89,10 +89,10 @@ static int ssl_conf_has_static_raw_psk( mbedtls_ssl_config const *conf )
 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
 
 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
-static int ssl_write_hostname_ext( mbedtls_ssl_context *ssl,
-                                   unsigned char *buf,
-                                   const unsigned char *end,
-                                   size_t *olen )
+int mbedtls_ssl_write_hostname_ext( mbedtls_ssl_context *ssl,
+                                    unsigned char *buf,
+                                    const unsigned char *end,
+                                    size_t *olen )
 {
     unsigned char *p = buf;
     size_t hostname_len;
@@ -156,15 +156,6 @@ static int ssl_write_hostname_ext( mbedtls_ssl_context *ssl,
 
     return( 0 );
 }
-
-int mbedtls_ssl_write_hostname_ext( mbedtls_ssl_context *ssl,
-                                    unsigned char *buf,
-                                    const unsigned char *end,
-                                    size_t *olen )
-{
-    return ssl_write_hostname_ext( ssl, buf, end, olen );
-}
-
 #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
 
 #if defined(MBEDTLS_SSL_RENEGOTIATION)
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 511f4cd289..5abb18c6c6 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -799,7 +799,7 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl,
 #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
 
 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
-    /* Write server name extention */
+    /* Write server name extension */
     ret = mbedtls_ssl_write_hostname_ext( ssl, p, end, &output_len );
     if( ret != 0 )
         return( ret );

From 6f435f07d2bac2fdcfafb5daec05e197f9aba309 Mon Sep 17 00:00:00 2001
From: Xiaofei Bai <xiaofei.bai@arm.com>
Date: Tue, 9 Nov 2021 04:08:32 +0000
Subject: [PATCH 914/966] Fix compile error

Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
---
 library/ssl_cli.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index d871dba66b..f3327b26c6 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -1168,10 +1168,10 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
     MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
 
 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
-    if( ( ret = ssl_write_hostname_ext( ssl, p + 2 + ext_len,
+    if( ( ret = mbedtls_ssl_write_hostname_ext( ssl, p + 2 + ext_len,
                                         end, &olen ) ) != 0 )
     {
-        MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_hostname_ext", ret );
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_hostname_ext", ret );
         return( ret );
     }
     ext_len += olen;

From f36e1677b12622da38864af4fc44936db33a7aba Mon Sep 17 00:00:00 2001
From: Xiaofei Bai <xiaofei.bai@arm.com>
Date: Tue, 9 Nov 2021 09:28:25 +0000
Subject: [PATCH 915/966] Fix alignment

Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
---
 library/ssl_cli.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index f3327b26c6..8c5c0242be 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -1169,7 +1169,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
 
 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
     if( ( ret = mbedtls_ssl_write_hostname_ext( ssl, p + 2 + ext_len,
-                                        end, &olen ) ) != 0 )
+                                                end, &olen ) ) != 0 )
     {
         MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_hostname_ext", ret );
         return( ret );

From 729c24481933d2aead531a6f63fc274630c8b7fb Mon Sep 17 00:00:00 2001
From: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
Date: Tue, 9 Nov 2021 14:40:12 +0100
Subject: [PATCH 916/966] test_case.py: add new line between test cases

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
---
 scripts/mbedtls_dev/test_case.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/mbedtls_dev/test_case.py b/scripts/mbedtls_dev/test_case.py
index 8ec2115461..6a46e4209b 100644
--- a/scripts/mbedtls_dev/test_case.py
+++ b/scripts/mbedtls_dev/test_case.py
@@ -81,7 +81,7 @@ class TestCase:
         out.write(self.description + '\n')
         if self.dependencies:
             out.write('depends_on:' + ':'.join(self.dependencies) + '\n')
-        out.write(self.function + ':' + ':'.join(self.arguments))
+        out.write(self.function + ':' + ':'.join(self.arguments) + '\n')
 
 def write_data_file(filename: str,
                     test_cases: Iterable[TestCase],

From e2855c32b5d121efe4863782b6694761a600a848 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= <bence.szepkuti@arm.com>
Date: Tue, 9 Nov 2021 17:33:57 +0100
Subject: [PATCH 917/966] Move to an updated fork of psa-arch-tests
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The new fork was rebased on top of the upstream master, removing the
need for most of the downstream patches we carried.

On the other hand, the new fork includes a couple of fixes to problems
that were not addressed by the original fork, or were introduced with the
new version of psa-arch-tests.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
---
 tests/scripts/test_psa_compliance.py | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/tests/scripts/test_psa_compliance.py b/tests/scripts/test_psa_compliance.py
index 2f67f08c88..58cb8f1a90 100755
--- a/tests/scripts/test_psa_compliance.py
+++ b/tests/scripts/test_psa_compliance.py
@@ -29,10 +29,18 @@ import subprocess
 import sys
 
 EXPECTED_FAILURES = {
-    216, 221, 224, 225, 248, 249, 252, 253, 254, 255, 256, 257, 258, 259, 260, 261, 262, 263
+    221, 224, 225, 252, 253, 254, 255, 256, 257, 258, 259, 261, 262, 263
 }
-PSA_ARCH_TESTS_REPO = 'https://github.com/ronald-cron-arm/psa-arch-tests.git'
-PSA_ARCH_TESTS_REF = 'crypto1.0-3.0'
+
+# We currently use a fork of ARM-software/psa-arch-tests, with a couple of downstream patches
+# that allow it to build with MbedTLS 3, and fixes a couple of issues in the compliance test suite.
+# These fixes allow the tests numbered 216, 248 and 249 to complete successfully.
+#
+# Once all the fixes are upstreamed, this fork should be replaced with an upstream commit/tag.
+#
+# Web URL: https://github.com/bensze01/psa-arch-tests/tree/fixes-for-mbedtls-3
+PSA_ARCH_TESTS_REPO = 'https://github.com/bensze01/psa-arch-tests.git'
+PSA_ARCH_TESTS_REF = 'fixes-for-mbedtls-3'
 
 #pylint: disable=too-many-branches,too-many-statements
 def main():

From cb288713264175dfab7987b67f1578b40803ca76 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= <bence.szepkuti@arm.com>
Date: Tue, 9 Nov 2021 21:30:43 +0100
Subject: [PATCH 918/966] Document the values in EXPECTED_FAILURES
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Including the issues where the corresponding defects are tracked.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
---
 tests/scripts/test_psa_compliance.py | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

diff --git a/tests/scripts/test_psa_compliance.py b/tests/scripts/test_psa_compliance.py
index 58cb8f1a90..31e3fce774 100755
--- a/tests/scripts/test_psa_compliance.py
+++ b/tests/scripts/test_psa_compliance.py
@@ -28,8 +28,28 @@ import shutil
 import subprocess
 import sys
 
+# PSA Compliance tests we expect to fail due to known defects in Mbed TLS (or the test suite)
+# The test numbers correspond to the numbers used by the console output of the test suite.
+# Test number 2xx corresponds to the files in the folder
+# psa-arch-tests/api-tests/dev_apis/crypto/test_c0xx
 EXPECTED_FAILURES = {
-    221, 224, 225, 252, 253, 254, 255, 256, 257, 258, 259, 261, 262, 263
+    # psa_key_derivation_output_key() returns PSA_ERROR_NOT_PERMITTED instead of
+    # PSA_ERROR_BAD_STATE when called after the operation was aborted.
+    # - Tracked in issue #5143
+    221,
+
+    # psa_aead_[encrypt/decrypt]() returns PSA_ERROR_NOT_SUPPORTED instead of
+    # PSA_ERROR_INVALID_ARGUMENT when called with an invalid nonce.
+    # - Tracked in issue #5144
+    224, 225,
+
+    # Multipart CCM is not supported.
+    # - Tracked in issue #3721
+    252, 253, 254, 255, 256, 257, 258, 259, 261,
+
+    # psa_hash_suspend() and psa_hash_resume() are not supported.
+    # - Tracked in issue #3274
+    262, 263
 }
 
 # We currently use a fork of ARM-software/psa-arch-tests, with a couple of downstream patches

From b376eac5aca9b82659bc46f723c458bed02607ea Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= <bence.szepkuti@arm.com>
Date: Tue, 9 Nov 2021 22:13:46 +0100
Subject: [PATCH 919/966] Track upstreaming task in an issue
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
---
 tests/scripts/test_psa_compliance.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tests/scripts/test_psa_compliance.py b/tests/scripts/test_psa_compliance.py
index 31e3fce774..2f6358132d 100755
--- a/tests/scripts/test_psa_compliance.py
+++ b/tests/scripts/test_psa_compliance.py
@@ -57,6 +57,7 @@ EXPECTED_FAILURES = {
 # These fixes allow the tests numbered 216, 248 and 249 to complete successfully.
 #
 # Once all the fixes are upstreamed, this fork should be replaced with an upstream commit/tag.
+# - Tracked in issue #5145
 #
 # Web URL: https://github.com/bensze01/psa-arch-tests/tree/fixes-for-mbedtls-3
 PSA_ARCH_TESTS_REPO = 'https://github.com/bensze01/psa-arch-tests.git'

From aa5f5c1f5d1256955a690f04613e03683467a875 Mon Sep 17 00:00:00 2001
From: XiaokangQian <xiaokang.qian@arm.com>
Date: Sat, 18 Sep 2021 06:20:25 +0000
Subject: [PATCH 920/966] TLS1.3: Add server finish processing in client side

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
---
 include/mbedtls/ssl.h       |  12 ++-
 library/ssl_misc.h          | 103 +++++++++++++++++++
 library/ssl_tls13_generic.c | 153 ++++++++++++++++++++++++++++
 library/ssl_tls13_keys.c    | 194 ++++++++++++++++++++++++++++++++++++
 library/ssl_tls13_keys.h    |  61 ++++++++++++
 5 files changed, 522 insertions(+), 1 deletion(-)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 5d04a115fa..3e10181253 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -39,7 +39,6 @@
 #if defined(MBEDTLS_DHM_C)
 #include "mbedtls/dhm.h"
 #endif
-
 /* Adding guard for MBEDTLS_ECDSA_C to ensure no compile errors due
  * to guards also being in ssl_srv.c and ssl_cli.c. There is a gap
  * in functionality that access to ecdh_ctx structure is needed for
@@ -637,6 +636,7 @@ typedef enum
     MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET,
     MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT,
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+    MBEDTLS_SSL_END_OF_EARLY_DATA,
     MBEDTLS_SSL_ENCRYPTED_EXTENSIONS,
     MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY,
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
@@ -1050,6 +1050,14 @@ typedef void mbedtls_ssl_async_cancel_t( mbedtls_ssl_context *ssl );
 #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED &&
           !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
 
+typedef struct
+{
+    unsigned char client_application_traffic_secret_N[ MBEDTLS_MD_MAX_SIZE ];
+    unsigned char server_application_traffic_secret_N[ MBEDTLS_MD_MAX_SIZE ];
+    unsigned char exporter_master_secret             [ MBEDTLS_MD_MAX_SIZE ];
+    unsigned char resumption_master_secret           [ MBEDTLS_MD_MAX_SIZE ];
+} mbedtls_ssl_tls1_3_application_secrets;
+
 #if defined(MBEDTLS_SSL_DTLS_SRTP)
 
 #define MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH             255
@@ -1114,6 +1122,8 @@ struct mbedtls_ssl_session
      * to be studied whether one of them can be removed. */
     unsigned char MBEDTLS_PRIVATE(minor_ver);    /*!< The TLS version used in the session. */
 
+    mbedtls_ssl_tls1_3_application_secrets MBEDTLS_PRIVATE(app_secrets);
+
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
 #if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
     mbedtls_x509_crt *MBEDTLS_PRIVATE(peer_cert);       /*!< peer X.509 cert chain */
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 23d5970d91..ae6cbfab5b 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -719,6 +719,104 @@ struct mbedtls_ssl_handshake_params
                                 * but can be overwritten by the HRR. */
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
 
+    /*
+     * State-local variables used during the processing
+     * of a specific handshake state.
+     */
+    union
+    {
+        /* Outgoing Finished message */
+        struct
+        {
+            uint8_t preparation_done;
+
+            /* Buffer holding digest of the handshake up to
+             * but excluding the outgoing finished message. */
+            unsigned char digest[MBEDTLS_MD_MAX_SIZE];
+            size_t digest_len;
+        } finished_out;
+
+        /* Incoming Finished message */
+        struct
+        {
+            /* Buffer holding digest of the handshake up to but
+             * excluding the peer's incoming finished message. */
+            unsigned char digest[MBEDTLS_MD_MAX_SIZE];
+            size_t digest_len;
+        } finished_in;
+
+#if defined(MBEDTLS_SSL_CLI_C)
+
+        /* Client, incoming ServerKeyExchange */
+        struct
+        {
+            uint8_t preparation_done;
+        } srv_key_exchange;
+
+        /* Client, incoming ServerHello */
+        struct
+        {
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+            int renego_info_seen;
+#else
+            int dummy;
+#endif
+        } srv_hello_in;
+
+        /* Client, outgoing ClientKeyExchange */
+        struct
+        {
+            uint8_t preparation_done;
+        } cli_key_exch_out;
+
+        /* Client, outgoing Certificate Verify */
+        struct
+        {
+            uint8_t preparation_done;
+        } crt_vrfy_out;
+
+        /* Client, outgoing ClientHello */
+        struct
+        {
+            uint8_t preparation_done;
+        }  cli_hello_out;
+
+#endif /* MBEDTLS_SSL_CLI_C */
+
+#if defined(MBEDTLS_SSL_SRV_C)
+
+        /* Server, outgoing ClientKeyExchange */
+        struct
+        {
+            uint8_t preparation_done;
+        } cli_key_exch_in;
+
+        /* Server, outgoing ClientKeyExchange */
+        struct
+        {
+            uint8_t preparation_done;
+        } encrypted_extensions_out;
+
+#endif /* MBEDTLS_SSL_SRV_C */
+
+        /* Incoming CertificateVerify */
+        struct
+        {
+            unsigned char verify_buffer[ 64 + 33 + 1 + MBEDTLS_MD_MAX_SIZE ];
+            size_t verify_buffer_len;
+        } certificate_verify_in;
+
+        /* Outgoing CertificateVerify */
+        struct
+        {
+            unsigned char handshake_hash[ MBEDTLS_MD_MAX_SIZE ];
+            size_t handshake_hash_len;
+        } certificate_verify_out;
+
+    } state_local;
+
+    /* End of state-local variables. */
+
     mbedtls_ssl_ciphersuite_t const *ciphersuite_info;
 
     size_t pmslen;                      /*!<  premaster length        */
@@ -1162,6 +1260,11 @@ static inline int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl )
 int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush );
 int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl );
 
+int mbedtls_ssl_read_certificate_process(mbedtls_ssl_context *ssl);
+int mbedtls_ssl_write_certificate_process(mbedtls_ssl_context *ssl);
+int mbedtls_ssl_tls1_3_finished_in_process( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_tls1_3_finished_out_process( mbedtls_ssl_context *ssl );
+
 int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl );
 int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl );
 
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 75b11c93af..c9bf78e6a7 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -845,6 +845,159 @@ cleanup:
     return( ret );
 }
 
+/*
+ *
+ * STATE HANDLING: Incoming Finished
+ * Overview
+ */
+
+/* Main entry point: orchestrates the other functions */
+int mbedtls_ssl_tls1_3_finished_in_process( mbedtls_ssl_context* ssl );
+
+static int ssl_finished_in_preprocess( mbedtls_ssl_context* ssl );
+static int ssl_finished_in_postprocess( mbedtls_ssl_context* ssl );
+static int ssl_finished_in_parse( mbedtls_ssl_context* ssl,
+                                  const unsigned char* buf,
+                                  size_t buflen );
+
+/*
+ * Implementation
+ */
+
+int mbedtls_ssl_tls1_3_finished_in_process( mbedtls_ssl_context* ssl )
+{
+    int ret = 0;
+    unsigned char *buf;
+    size_t buflen;
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse finished" ) );
+
+    /* Preprocessing step: Compute handshake digest */
+    MBEDTLS_SSL_PROC_CHK( ssl_finished_in_preprocess( ssl ) );
+
+    MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls1_3_fetch_handshake_msg( ssl,
+                                              MBEDTLS_SSL_HS_FINISHED,
+                                              &buf, &buflen ) );
+    MBEDTLS_SSL_PROC_CHK( ssl_finished_in_parse( ssl, buf, buflen ) );
+    mbedtls_ssl_tls1_3_add_hs_msg_to_checksum(
+        ssl, MBEDTLS_SSL_HS_FINISHED, buf, buflen );
+    MBEDTLS_SSL_PROC_CHK( ssl_finished_in_postprocess( ssl ) );
+
+cleanup:
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse finished" ) );
+    return( ret );
+}
+
+static int ssl_finished_in_preprocess( mbedtls_ssl_context* ssl )
+{
+    int ret;
+
+    ret = mbedtls_ssl_tls1_3_calc_finished( ssl,
+                    ssl->handshake->state_local.finished_in.digest,
+                    sizeof( ssl->handshake->state_local.finished_in.digest ),
+                    &ssl->handshake->state_local.finished_in.digest_len,
+                    ssl->conf->endpoint ^ 1 );
+    if( ret != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_calc_finished", ret );
+        return( ret );
+    }
+
+    return( 0 );
+}
+
+static int ssl_finished_in_parse( mbedtls_ssl_context* ssl,
+                                  const unsigned char* buf,
+                                  size_t buflen )
+{
+    /* Structural validation */
+    if( buflen != ssl->handshake->state_local.finished_in.digest_len )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad finished message" ) );
+
+        MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,
+                              MBEDTLS_ERR_SSL_DECODE_ERROR );
+        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+    }
+
+    MBEDTLS_SSL_DEBUG_BUF( 4, "Hash (self-computed):",
+                           ssl->handshake->state_local.finished_in.digest,
+                           ssl->handshake->state_local.finished_in.digest_len );
+    MBEDTLS_SSL_DEBUG_BUF( 4, "Hash (received message):", buf,
+                           ssl->handshake->state_local.finished_in.digest_len );
+
+    /* Semantic validation */
+    if( mbedtls_ssl_safer_memcmp( buf,
+                   ssl->handshake->state_local.finished_in.digest,
+                   ssl->handshake->state_local.finished_in.digest_len ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad finished message" ) );
+
+        MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,
+                              MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+        return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+    }
+    return( 0 );
+}
+
+static int ssl_finished_in_postprocess_cli( mbedtls_ssl_context *ssl )
+{
+    int ret = 0;
+    mbedtls_ssl_key_set traffic_keys;
+    mbedtls_ssl_transform *transform_application;
+
+    ret = mbedtls_ssl_tls1_3_key_schedule_stage_application( ssl );
+    if( ret != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1,
+           "mbedtls_ssl_tls1_3_key_schedule_stage_application", ret );
+        return( ret );
+    }
+
+    ret = mbedtls_ssl_tls1_3_generate_application_keys(
+        ssl, &traffic_keys );
+    if( ret != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1,
+            "mbedtls_ssl_tls1_3_generate_application_keys", ret );
+        return( ret );
+    }
+
+    transform_application =
+        mbedtls_calloc( 1, sizeof( mbedtls_ssl_transform ) );
+    if( transform_application == NULL )
+        return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+
+    ret = mbedtls_ssl_tls13_populate_transform(
+                                    transform_application,
+                                    ssl->conf->endpoint,
+                                    ssl->session_negotiate->ciphersuite,
+                                    &traffic_keys,
+                                    ssl );
+    if( ret != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_populate_transform", ret );
+        return( ret );
+    }
+
+    ssl->transform_application = transform_application;
+
+    mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_END_OF_EARLY_DATA );
+    return( 0 );
+}
+
+static int ssl_finished_in_postprocess( mbedtls_ssl_context* ssl )
+{
+
+    if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
+    {
+        return( ssl_finished_in_postprocess_cli( ssl ) );
+    }
+
+    return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+}
+
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
 
 #endif /* MBEDTLS_SSL_TLS_C */
diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index 96f5310797..010d6352da 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -564,6 +564,36 @@ int mbedtls_ssl_tls1_3_derive_resumption_master_secret(
     return( 0 );
 }
 
+int mbedtls_ssl_tls1_3_key_schedule_stage_application(
+    mbedtls_ssl_context *ssl )
+{
+    int ret = 0;
+    mbedtls_md_type_t const md_type = ssl->handshake->ciphersuite_info->mac;
+#if defined(MBEDTLS_DEBUG_C)
+    mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type );
+    size_t const md_size = mbedtls_md_get_size( md_info );
+#endif /* MBEDTLS_DEBUG_C */
+
+    /*
+     * Compute MasterSecret
+     */
+
+    ret = mbedtls_ssl_tls1_3_evolve_secret( md_type,
+                    ssl->handshake->tls1_3_master_secrets.handshake,
+                    NULL, 0,
+                    ssl->handshake->tls1_3_master_secrets.app );
+    if( ret != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_evolve_secret", ret );
+        return( ret );
+    }
+
+    MBEDTLS_SSL_DEBUG_BUF( 4, "Master secret",
+             ssl->handshake->tls1_3_master_secrets.app, md_size );
+
+    return( 0 );
+}
+
 static int ssl_tls1_3_calc_finished_core( mbedtls_md_type_t md_type,
                                           unsigned char const *base_key,
                                           unsigned char const *transcript,
@@ -614,6 +644,54 @@ exit:
     return( ret );
 }
 
+int mbedtls_ssl_tls1_3_calc_finished( mbedtls_ssl_context* ssl,
+                                      unsigned char* dst,
+                                      size_t dst_len,
+                                      size_t *actual_len,
+                                      int from )
+{
+    int ret;
+
+    unsigned char transcript[MBEDTLS_MD_MAX_SIZE];
+    size_t transcript_len;
+
+    unsigned char const *base_key = NULL;
+
+    mbedtls_md_type_t const md_type = ssl->handshake->ciphersuite_info->mac;
+    const mbedtls_md_info_t* const md = mbedtls_md_info_from_type( md_type );
+    size_t const md_size = mbedtls_md_get_size( md );
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> mbedtls_ssl_tls1_3_calc_finished" ) );
+
+    if( dst_len < md_size )
+        return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+
+    ret = mbedtls_ssl_get_handshake_transcript( ssl, md_type,
+                                                transcript, sizeof( transcript ),
+                                                &transcript_len );
+    if( ret != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_get_handshake_transcript", ret );
+        return( ret );
+    }
+    MBEDTLS_SSL_DEBUG_BUF( 4, "handshake hash", transcript, transcript_len );
+
+    if( from == MBEDTLS_SSL_IS_CLIENT )
+        base_key = ssl->handshake->tls1_3_hs_secrets.client_handshake_traffic_secret;
+    else
+        base_key = ssl->handshake->tls1_3_hs_secrets.server_handshake_traffic_secret;
+
+    ret = ssl_tls1_3_calc_finished_core( md_type, base_key, transcript, dst );
+    if( ret != 0 )
+        return( ret );
+    *actual_len = md_size;
+
+    MBEDTLS_SSL_DEBUG_BUF( 3, "verify_data for finished message", dst, md_size );
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= mbedtls_ssl_tls1_3_calc_finished" ) );
+    return( 0 );
+}
+
 int mbedtls_ssl_tls1_3_create_psk_binder( mbedtls_ssl_context *ssl,
                                const mbedtls_md_type_t md_type,
                                unsigned char const *psk, size_t psk_len,
@@ -1028,4 +1106,120 @@ int mbedtls_ssl_tls13_key_schedule_stage_handshake( mbedtls_ssl_context *ssl )
     return( 0 );
 }
 
+/* Generate application traffic keys since any records following a 1-RTT Finished message
+ * MUST be encrypted under the application traffic key.
+ */
+int mbedtls_ssl_tls1_3_generate_application_keys(
+                                        mbedtls_ssl_context *ssl,
+                                        mbedtls_ssl_key_set *traffic_keys )
+{
+    int ret = 0;
+
+    /* Address at which to store the application secrets */
+    mbedtls_ssl_tls1_3_application_secrets * const app_secrets =
+        &ssl->session_negotiate->app_secrets;
+
+    /* Holding the transcript up to and including the ServerFinished */
+    unsigned char transcript[MBEDTLS_MD_MAX_SIZE];
+    size_t transcript_len;
+
+    /* Variables relating to the hash for the chosen ciphersuite. */
+    mbedtls_md_type_t md_type;
+    mbedtls_md_info_t const *md_info;
+    size_t md_size;
+
+    /* Variables relating to the cipher for the chosen ciphersuite. */
+    mbedtls_cipher_info_t const *cipher_info;
+    size_t keylen, ivlen;
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> derive application traffic keys" ) );
+
+    /* Extract basic information about hash and ciphersuite */
+
+    cipher_info = mbedtls_cipher_info_from_type(
+                                  ssl->handshake->ciphersuite_info->cipher );
+    keylen = cipher_info->key_bitlen / 8;
+    ivlen = cipher_info->iv_size;
+
+    md_type = ssl->handshake->ciphersuite_info->mac;
+    md_info = mbedtls_md_info_from_type( md_type );
+    md_size = mbedtls_md_get_size( md_info );
+
+    /* Compute current handshake transcript. It's the caller's responsiblity
+     * to call this at the right time, that is, after the ServerFinished. */
+
+    ret = mbedtls_ssl_get_handshake_transcript( ssl, md_type,
+                                      transcript, sizeof( transcript ),
+                                      &transcript_len );
+    if( ret != 0 )
+        return( ret );
+
+    /* Compute application secrets from master secret and transcript hash. */
+
+    ret = mbedtls_ssl_tls1_3_derive_application_secrets( md_type,
+                                   ssl->handshake->tls1_3_master_secrets.app,
+                                   transcript, transcript_len,
+                                   app_secrets );
+    if( ret != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1,
+                     "mbedtls_ssl_tls1_3_derive_application_secrets", ret );
+        return( ret );
+    }
+
+    /* Derive first epoch of IV + Key for application traffic. */
+
+    ret = mbedtls_ssl_tls1_3_make_traffic_keys( md_type,
+                             app_secrets->client_application_traffic_secret_N,
+                             app_secrets->server_application_traffic_secret_N,
+                             md_size, keylen, ivlen, traffic_keys );
+    if( ret != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_make_traffic_keys", ret );
+        return( ret );
+    }
+
+    MBEDTLS_SSL_DEBUG_BUF( 4, "Client application traffic secret",
+                           app_secrets->client_application_traffic_secret_N,
+                           md_size );
+
+    MBEDTLS_SSL_DEBUG_BUF( 4, "Server application traffic secret",
+                           app_secrets->server_application_traffic_secret_N,
+                           md_size );
+
+    /*
+     * Export client/server application traffic secret 0
+     */
+#if defined(MBEDTLS_SSL_EXPORT_KEYS)
+    if( ssl->f_export_keys != NULL )
+    {
+        ssl->f_export_keys( ssl->p_export_keys,
+                MBEDTLS_SSL_KEY_EXPORT_TLS13_CLIENT_APPLICATION_TRAFFIC_SECRET,
+                app_secrets->client_application_traffic_secret_N, md_size,
+                ssl->handshake->randbytes + 32,
+                ssl->handshake->randbytes,
+                MBEDTLS_SSL_TLS_PRF_NONE /* TODO: FIX! */ );
+
+        ssl->f_export_keys( ssl->p_export_keys,
+                MBEDTLS_SSL_KEY_EXPORT_TLS13_SERVER_APPLICATION_TRAFFIC_SECRET,
+                app_secrets->server_application_traffic_secret_N, md_size,
+                ssl->handshake->randbytes + 32,
+                ssl->handshake->randbytes,
+                MBEDTLS_SSL_TLS_PRF_NONE /* TODO: FIX! */ );
+    }
+#endif /* MBEDTLS_SSL_EXPORT_KEYS */
+
+    MBEDTLS_SSL_DEBUG_BUF( 4, "client application_write_key:",
+                              traffic_keys->client_write_key, keylen );
+    MBEDTLS_SSL_DEBUG_BUF( 4, "server application write key",
+                              traffic_keys->server_write_key, keylen );
+    MBEDTLS_SSL_DEBUG_BUF( 4, "client application write IV",
+                              traffic_keys->client_write_iv, ivlen );
+    MBEDTLS_SSL_DEBUG_BUF( 4, "server application write IV",
+                              traffic_keys->server_write_iv, ivlen );
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= derive application traffic keys" ) );
+    return( 0 );
+}
+
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h
index 165b58a2d4..78bfc2a3d6 100644
--- a/library/ssl_tls13_keys.h
+++ b/library/ssl_tls13_keys.h
@@ -570,4 +570,65 @@ int mbedtls_ssl_tls13_key_schedule_stage_handshake( mbedtls_ssl_context *ssl );
 int mbedtls_ssl_tls13_generate_handshake_keys( mbedtls_ssl_context *ssl,
                                                mbedtls_ssl_key_set *traffic_keys );
 
+/**
+ * \brief Transition into application stage of TLS 1.3 key schedule.
+ *
+ *        The TLS 1.3 key schedule can be viewed as a simple state machine
+ *        with states Initial -> Early -> Handshake -> Application, and
+ *        this function represents the Handshake -> Application transition.
+ *
+ *        In the handshake stage, mbedtls_ssl_tls1_3_generate_application_keys()
+ *        can be used to derive the handshake traffic keys.
+ *
+ * \param ssl  The SSL context to operate on. This must be in key schedule
+ *             stage \c Handshake.
+ *
+ * \returns    \c 0 on success.
+ * \returns    A negative error code on failure.
+ */
+int mbedtls_ssl_tls1_3_key_schedule_stage_application(
+    mbedtls_ssl_context *ssl );
+
+/**
+ * \brief Compute TLS 1.3 application traffic keys.
+ *
+ * \param ssl  The SSL context to operate on. This must be in
+ *             key schedule stage \c Application, see
+ *             mbedtls_ssl_tls1_3_key_schedule_stage_application().
+ * \param traffic_keys The address at which to store the application traffic key
+ *                     keys. This must be writable but may be uninitialized.
+ *
+ * \returns    \c 0 on success.
+ * \returns    A negative error code on failure.
+ */
+int mbedtls_ssl_tls1_3_generate_application_keys(
+    mbedtls_ssl_context* ssl, mbedtls_ssl_key_set *traffic_keys );
+
+/**
+ * \brief Calculate content of TLS 1.3 Finished message.
+ *
+ * \param ssl  The SSL context to operate on. This must be in
+ *             key schedule stage \c Handshake, see
+ *             mbedtls_ssl_tls1_3_key_schedule_stage_application().
+ * \param dst        The address at which to write the Finished content.
+ * \param dst_len    The size of \p dst in bytes.
+ * \param actual_len The address at which to store the amount of data
+ *                   actually written to \p dst upon success.
+ * \param from       The endpoint the Finished message originates from:
+ *                   - #MBEDTLS_SSL_IS_CLIENT for the Client's Finished message
+ *                   - #MBEDTLS_SSL_IS_SERVER for the Server's Finished message
+ *
+ * \note       Both client and server call this function twice, once to
+ *             generate their own Finished message, and once to verify the
+ *             peer's Finished message.
+
+ * \returns    \c 0 on success.
+ * \returns    A negative error code on failure.
+ */
+int mbedtls_ssl_tls1_3_calc_finished( mbedtls_ssl_context *ssl,
+                                      unsigned char *dst,
+                                      size_t dst_len,
+                                      size_t *actual_len,
+                                      int from );
+
 #endif /* MBEDTLS_SSL_TLS1_3_KEYS_H */

From 4cab0240c77b97e94840f07fd1b904073ef6a695 Mon Sep 17 00:00:00 2001
From: XiaokangQian <xiaokang.qian@arm.com>
Date: Tue, 12 Oct 2021 08:43:37 +0000
Subject: [PATCH 921/966] Change coding style

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
---
 library/ssl_misc.h          | 21 +++------------------
 library/ssl_tls13_client.c  |  4 +---
 library/ssl_tls13_generic.c | 30 +++++++++++++++---------------
 library/ssl_tls13_keys.c    | 24 +++++++++++++++++-------
 library/ssl_tls13_keys.h    |  6 +++---
 5 files changed, 39 insertions(+), 46 deletions(-)

diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index ae6cbfab5b..3b0d61b35c 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -783,22 +783,6 @@ struct mbedtls_ssl_handshake_params
 
 #endif /* MBEDTLS_SSL_CLI_C */
 
-#if defined(MBEDTLS_SSL_SRV_C)
-
-        /* Server, outgoing ClientKeyExchange */
-        struct
-        {
-            uint8_t preparation_done;
-        } cli_key_exch_in;
-
-        /* Server, outgoing ClientKeyExchange */
-        struct
-        {
-            uint8_t preparation_done;
-        } encrypted_extensions_out;
-
-#endif /* MBEDTLS_SSL_SRV_C */
-
         /* Incoming CertificateVerify */
         struct
         {
@@ -1262,8 +1246,9 @@ int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl );
 
 int mbedtls_ssl_read_certificate_process(mbedtls_ssl_context *ssl);
 int mbedtls_ssl_write_certificate_process(mbedtls_ssl_context *ssl);
-int mbedtls_ssl_tls1_3_finished_in_process( mbedtls_ssl_context *ssl );
-int mbedtls_ssl_tls1_3_finished_out_process( mbedtls_ssl_context *ssl );
+
+int mbedtls_ssl_tls13_finished_in_process( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_tls13_finished_out_process( mbedtls_ssl_context *ssl );
 
 int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl );
 int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl );
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index e36e28d9d7..2bde4a8252 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -1605,9 +1605,7 @@ static int ssl_tls1_3_process_certificate_verify( mbedtls_ssl_context *ssl )
  */
 static int ssl_tls1_3_process_server_finished( mbedtls_ssl_context *ssl )
 {
-    MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) );
-    mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE );
-    return( 0 );
+    return ( mbedtls_ssl_tls13_finished_in_process( ssl ) );
 }
 
 /*
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index c9bf78e6a7..87bc12ce24 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -852,11 +852,11 @@ cleanup:
  */
 
 /* Main entry point: orchestrates the other functions */
-int mbedtls_ssl_tls1_3_finished_in_process( mbedtls_ssl_context* ssl );
+int mbedtls_ssl_tls13_finished_in_process( mbedtls_ssl_context* ssl );
 
-static int ssl_finished_in_preprocess( mbedtls_ssl_context* ssl );
-static int ssl_finished_in_postprocess( mbedtls_ssl_context* ssl );
-static int ssl_finished_in_parse( mbedtls_ssl_context* ssl,
+static int ssl_tls13_finished_in_preprocess( mbedtls_ssl_context* ssl );
+static int ssl_tls13_finished_in_postprocess( mbedtls_ssl_context* ssl );
+static int ssl_tls13_finished_in_parse( mbedtls_ssl_context* ssl,
                                   const unsigned char* buf,
                                   size_t buflen );
 
@@ -864,7 +864,7 @@ static int ssl_finished_in_parse( mbedtls_ssl_context* ssl,
  * Implementation
  */
 
-int mbedtls_ssl_tls1_3_finished_in_process( mbedtls_ssl_context* ssl )
+int mbedtls_ssl_tls13_finished_in_process( mbedtls_ssl_context* ssl )
 {
     int ret = 0;
     unsigned char *buf;
@@ -873,15 +873,15 @@ int mbedtls_ssl_tls1_3_finished_in_process( mbedtls_ssl_context* ssl )
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse finished" ) );
 
     /* Preprocessing step: Compute handshake digest */
-    MBEDTLS_SSL_PROC_CHK( ssl_finished_in_preprocess( ssl ) );
+    MBEDTLS_SSL_PROC_CHK( ssl_tls13_finished_in_preprocess( ssl ) );
 
     MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls1_3_fetch_handshake_msg( ssl,
                                               MBEDTLS_SSL_HS_FINISHED,
                                               &buf, &buflen ) );
-    MBEDTLS_SSL_PROC_CHK( ssl_finished_in_parse( ssl, buf, buflen ) );
+    MBEDTLS_SSL_PROC_CHK( ssl_tls13_finished_in_parse( ssl, buf, buflen ) );
     mbedtls_ssl_tls1_3_add_hs_msg_to_checksum(
         ssl, MBEDTLS_SSL_HS_FINISHED, buf, buflen );
-    MBEDTLS_SSL_PROC_CHK( ssl_finished_in_postprocess( ssl ) );
+    MBEDTLS_SSL_PROC_CHK( ssl_tls13_finished_in_postprocess( ssl ) );
 
 cleanup:
 
@@ -889,7 +889,7 @@ cleanup:
     return( ret );
 }
 
-static int ssl_finished_in_preprocess( mbedtls_ssl_context* ssl )
+static int ssl_tls13_finished_in_preprocess( mbedtls_ssl_context* ssl )
 {
     int ret;
 
@@ -907,7 +907,7 @@ static int ssl_finished_in_preprocess( mbedtls_ssl_context* ssl )
     return( 0 );
 }
 
-static int ssl_finished_in_parse( mbedtls_ssl_context* ssl,
+static int ssl_tls13_finished_in_parse( mbedtls_ssl_context* ssl,
                                   const unsigned char* buf,
                                   size_t buflen )
 {
@@ -941,17 +941,17 @@ static int ssl_finished_in_parse( mbedtls_ssl_context* ssl,
     return( 0 );
 }
 
-static int ssl_finished_in_postprocess_cli( mbedtls_ssl_context *ssl )
+static int ssl_tls13_finished_in_postprocess_cli( mbedtls_ssl_context *ssl )
 {
     int ret = 0;
     mbedtls_ssl_key_set traffic_keys;
     mbedtls_ssl_transform *transform_application;
 
-    ret = mbedtls_ssl_tls1_3_key_schedule_stage_application( ssl );
+    ret = mbedtls_ssl_tls13_key_schedule_stage_application( ssl );
     if( ret != 0 )
     {
         MBEDTLS_SSL_DEBUG_RET( 1,
-           "mbedtls_ssl_tls1_3_key_schedule_stage_application", ret );
+           "mbedtls_ssl_tls13_key_schedule_stage_application", ret );
         return( ret );
     }
 
@@ -987,12 +987,12 @@ static int ssl_finished_in_postprocess_cli( mbedtls_ssl_context *ssl )
     return( 0 );
 }
 
-static int ssl_finished_in_postprocess( mbedtls_ssl_context* ssl )
+static int ssl_tls13_finished_in_postprocess( mbedtls_ssl_context* ssl )
 {
 
     if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
     {
-        return( ssl_finished_in_postprocess_cli( ssl ) );
+        return( ssl_tls13_finished_in_postprocess_cli( ssl ) );
     }
 
     return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index 010d6352da..ddbeb626ea 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -564,7 +564,7 @@ int mbedtls_ssl_tls1_3_derive_resumption_master_secret(
     return( 0 );
 }
 
-int mbedtls_ssl_tls1_3_key_schedule_stage_application(
+int mbedtls_ssl_tls13_key_schedule_stage_application(
     mbedtls_ssl_context *ssl )
 {
     int ret = 0;
@@ -577,7 +577,6 @@ int mbedtls_ssl_tls1_3_key_schedule_stage_application(
     /*
      * Compute MasterSecret
      */
-
     ret = mbedtls_ssl_tls1_3_evolve_secret( md_type,
                     ssl->handshake->tls1_3_master_secrets.handshake,
                     NULL, 0,
@@ -687,7 +686,6 @@ int mbedtls_ssl_tls1_3_calc_finished( mbedtls_ssl_context* ssl,
     *actual_len = md_size;
 
     MBEDTLS_SSL_DEBUG_BUF( 3, "verify_data for finished message", dst, md_size );
-
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= mbedtls_ssl_tls1_3_calc_finished" ) );
     return( 0 );
 }
@@ -1152,7 +1150,7 @@ int mbedtls_ssl_tls1_3_generate_application_keys(
                                       transcript, sizeof( transcript ),
                                       &transcript_len );
     if( ret != 0 )
-        return( ret );
+        goto cleanup;
 
     /* Compute application secrets from master secret and transcript hash. */
 
@@ -1164,7 +1162,7 @@ int mbedtls_ssl_tls1_3_generate_application_keys(
     {
         MBEDTLS_SSL_DEBUG_RET( 1,
                      "mbedtls_ssl_tls1_3_derive_application_secrets", ret );
-        return( ret );
+        goto cleanup;
     }
 
     /* Derive first epoch of IV + Key for application traffic. */
@@ -1176,7 +1174,7 @@ int mbedtls_ssl_tls1_3_generate_application_keys(
     if( ret != 0 )
     {
         MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_make_traffic_keys", ret );
-        return( ret );
+        goto cleanup;
     }
 
     MBEDTLS_SSL_DEBUG_BUF( 4, "Client application traffic secret",
@@ -1219,7 +1217,19 @@ int mbedtls_ssl_tls1_3_generate_application_keys(
                               traffic_keys->server_write_iv, ivlen );
 
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= derive application traffic keys" ) );
-    return( 0 );
+
+ cleanup:
+
+    mbedtls_platform_zeroize( transcript, sizeof(transcript) );
+    mbedtls_platform_zeroize( traffic_keys->client_write_key,
+                              sizeof(traffic_keys->client_write_key)  );
+    mbedtls_platform_zeroize( traffic_keys->server_write_key,
+                              sizeof(traffic_keys->server_write_key)  );
+    mbedtls_platform_zeroize( traffic_keys->client_write_iv,
+                              sizeof(traffic_keys->client_write_iv)  );
+    mbedtls_platform_zeroize( traffic_keys->server_write_iv,
+                              sizeof(traffic_keys->server_write_iv)  );
+    return( ret );
 }
 
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h
index 78bfc2a3d6..31a5029b42 100644
--- a/library/ssl_tls13_keys.h
+++ b/library/ssl_tls13_keys.h
@@ -586,7 +586,7 @@ int mbedtls_ssl_tls13_generate_handshake_keys( mbedtls_ssl_context *ssl,
  * \returns    \c 0 on success.
  * \returns    A negative error code on failure.
  */
-int mbedtls_ssl_tls1_3_key_schedule_stage_application(
+int mbedtls_ssl_tls13_key_schedule_stage_application(
     mbedtls_ssl_context *ssl );
 
 /**
@@ -594,7 +594,7 @@ int mbedtls_ssl_tls1_3_key_schedule_stage_application(
  *
  * \param ssl  The SSL context to operate on. This must be in
  *             key schedule stage \c Application, see
- *             mbedtls_ssl_tls1_3_key_schedule_stage_application().
+ *             mbedtls_ssl_tls13_key_schedule_stage_application().
  * \param traffic_keys The address at which to store the application traffic key
  *                     keys. This must be writable but may be uninitialized.
  *
@@ -609,7 +609,7 @@ int mbedtls_ssl_tls1_3_generate_application_keys(
  *
  * \param ssl  The SSL context to operate on. This must be in
  *             key schedule stage \c Handshake, see
- *             mbedtls_ssl_tls1_3_key_schedule_stage_application().
+ *             mbedtls_ssl_tls13_key_schedule_stage_application().
  * \param dst        The address at which to write the Finished content.
  * \param dst_len    The size of \p dst in bytes.
  * \param actual_len The address at which to store the amount of data

From a763498490601288b651f3f3843d06cd17a1693a Mon Sep 17 00:00:00 2001
From: XiaokangQian <xiaokang.qian@arm.com>
Date: Fri, 22 Oct 2021 06:32:32 +0000
Subject: [PATCH 922/966] Change code based on commetns

Focus on the code style, naming rule,etc.

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
---
 include/mbedtls/ssl.h                |  9 +++++++--
 library/ssl_tls13_generic.c          |  8 ++++----
 library/ssl_tls13_keys.c             | 16 ++++++++--------
 library/ssl_tls13_keys.h             |  6 +++---
 tests/suites/test_suite_ssl.function |  4 ++--
 5 files changed, 24 insertions(+), 19 deletions(-)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 3e10181253..b88351f90e 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -39,6 +39,7 @@
 #if defined(MBEDTLS_DHM_C)
 #include "mbedtls/dhm.h"
 #endif
+
 /* Adding guard for MBEDTLS_ECDSA_C to ensure no compile errors due
  * to guards also being in ssl_srv.c and ssl_cli.c. There is a gap
  * in functionality that access to ecdh_ctx structure is needed for
@@ -1050,13 +1051,15 @@ typedef void mbedtls_ssl_async_cancel_t( mbedtls_ssl_context *ssl );
 #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED &&
           !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
 
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
 typedef struct
 {
     unsigned char client_application_traffic_secret_N[ MBEDTLS_MD_MAX_SIZE ];
     unsigned char server_application_traffic_secret_N[ MBEDTLS_MD_MAX_SIZE ];
     unsigned char exporter_master_secret             [ MBEDTLS_MD_MAX_SIZE ];
     unsigned char resumption_master_secret           [ MBEDTLS_MD_MAX_SIZE ];
-} mbedtls_ssl_tls1_3_application_secrets;
+} mbedtls_ssl_tls13_application_secrets;
+#endif
 
 #if defined(MBEDTLS_SSL_DTLS_SRTP)
 
@@ -1122,7 +1125,9 @@ struct mbedtls_ssl_session
      * to be studied whether one of them can be removed. */
     unsigned char MBEDTLS_PRIVATE(minor_ver);    /*!< The TLS version used in the session. */
 
-    mbedtls_ssl_tls1_3_application_secrets MBEDTLS_PRIVATE(app_secrets);
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+    mbedtls_ssl_tls13_application_secrets MBEDTLS_PRIVATE(app_secrets);
+#endif
 
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
 #if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 87bc12ce24..1d41cd3d39 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -870,7 +870,7 @@ int mbedtls_ssl_tls13_finished_in_process( mbedtls_ssl_context* ssl )
     unsigned char *buf;
     size_t buflen;
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse finished" ) );
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse server finished_in_process" ) );
 
     /* Preprocessing step: Compute handshake digest */
     MBEDTLS_SSL_PROC_CHK( ssl_tls13_finished_in_preprocess( ssl ) );
@@ -885,7 +885,7 @@ int mbedtls_ssl_tls13_finished_in_process( mbedtls_ssl_context* ssl )
 
 cleanup:
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse finished" ) );
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse server finished_in_process" ) );
     return( ret );
 }
 
@@ -893,14 +893,14 @@ static int ssl_tls13_finished_in_preprocess( mbedtls_ssl_context* ssl )
 {
     int ret;
 
-    ret = mbedtls_ssl_tls1_3_calc_finished( ssl,
+    ret = mbedtls_ssl_tls1_3_calculate_expected_finished( ssl,
                     ssl->handshake->state_local.finished_in.digest,
                     sizeof( ssl->handshake->state_local.finished_in.digest ),
                     &ssl->handshake->state_local.finished_in.digest_len,
                     ssl->conf->endpoint ^ 1 );
     if( ret != 0 )
     {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_calc_finished", ret );
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_calculate_expected_finished", ret );
         return( ret );
     }
 
diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index ddbeb626ea..85026f5384 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -469,7 +469,7 @@ int mbedtls_ssl_tls1_3_derive_application_secrets(
           mbedtls_md_type_t md_type,
           unsigned char const *application_secret,
           unsigned char const *transcript, size_t transcript_len,
-          mbedtls_ssl_tls1_3_application_secrets *derived )
+          mbedtls_ssl_tls13_application_secrets *derived )
 {
     int ret;
     mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type );
@@ -539,7 +539,7 @@ int mbedtls_ssl_tls1_3_derive_resumption_master_secret(
           mbedtls_md_type_t md_type,
           unsigned char const *application_secret,
           unsigned char const *transcript, size_t transcript_len,
-          mbedtls_ssl_tls1_3_application_secrets *derived )
+          mbedtls_ssl_tls13_application_secrets *derived )
 {
     int ret;
     mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type );
@@ -643,13 +643,13 @@ exit:
     return( ret );
 }
 
-int mbedtls_ssl_tls1_3_calc_finished( mbedtls_ssl_context* ssl,
+int mbedtls_ssl_tls1_3_calculate_expected_finished( mbedtls_ssl_context* ssl,
                                       unsigned char* dst,
                                       size_t dst_len,
                                       size_t *actual_len,
                                       int from )
 {
-    int ret;
+    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
     unsigned char transcript[MBEDTLS_MD_MAX_SIZE];
     size_t transcript_len;
@@ -660,7 +660,7 @@ int mbedtls_ssl_tls1_3_calc_finished( mbedtls_ssl_context* ssl,
     const mbedtls_md_info_t* const md = mbedtls_md_info_from_type( md_type );
     size_t const md_size = mbedtls_md_get_size( md );
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> mbedtls_ssl_tls1_3_calc_finished" ) );
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> mbedtls_ssl_tls1_3_calculate_expected_finished" ) );
 
     if( dst_len < md_size )
         return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
@@ -686,7 +686,7 @@ int mbedtls_ssl_tls1_3_calc_finished( mbedtls_ssl_context* ssl,
     *actual_len = md_size;
 
     MBEDTLS_SSL_DEBUG_BUF( 3, "verify_data for finished message", dst, md_size );
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= mbedtls_ssl_tls1_3_calc_finished" ) );
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= mbedtls_ssl_tls1_3_calculate_expected_finished" ) );
     return( 0 );
 }
 
@@ -1111,10 +1111,10 @@ int mbedtls_ssl_tls1_3_generate_application_keys(
                                         mbedtls_ssl_context *ssl,
                                         mbedtls_ssl_key_set *traffic_keys )
 {
-    int ret = 0;
+    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
     /* Address at which to store the application secrets */
-    mbedtls_ssl_tls1_3_application_secrets * const app_secrets =
+    mbedtls_ssl_tls13_application_secrets * const app_secrets =
         &ssl->session_negotiate->app_secrets;
 
     /* Holding the transcript up to and including the ServerFinished */
diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h
index 31a5029b42..2509cffd59 100644
--- a/library/ssl_tls13_keys.h
+++ b/library/ssl_tls13_keys.h
@@ -344,7 +344,7 @@ int mbedtls_ssl_tls1_3_derive_application_secrets(
           mbedtls_md_type_t md_type,
           unsigned char const *master_secret,
           unsigned char const *transcript, size_t transcript_len,
-          mbedtls_ssl_tls1_3_application_secrets *derived );
+          mbedtls_ssl_tls13_application_secrets *derived );
 
 /**
  * \brief Derive TLS 1.3 resumption master secret from the master secret.
@@ -374,7 +374,7 @@ int mbedtls_ssl_tls1_3_derive_resumption_master_secret(
           mbedtls_md_type_t md_type,
           unsigned char const *application_secret,
           unsigned char const *transcript, size_t transcript_len,
-          mbedtls_ssl_tls1_3_application_secrets *derived );
+          mbedtls_ssl_tls13_application_secrets *derived );
 
 /**
  * \brief Compute the next secret in the TLS 1.3 key schedule
@@ -625,7 +625,7 @@ int mbedtls_ssl_tls1_3_generate_application_keys(
  * \returns    \c 0 on success.
  * \returns    A negative error code on failure.
  */
-int mbedtls_ssl_tls1_3_calc_finished( mbedtls_ssl_context *ssl,
+int mbedtls_ssl_tls1_3_calculate_expected_finished( mbedtls_ssl_context *ssl,
                                       unsigned char *dst,
                                       size_t dst_len,
                                       size_t *actual_len,
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 75eda1dcd2..6d262cee26 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -3862,7 +3862,7 @@ void ssl_tls1_3_derive_application_secrets( int hash_alg,
                                           data_t *server_expected,
                                           data_t *exporter_expected )
 {
-    mbedtls_ssl_tls1_3_application_secrets secrets;
+    mbedtls_ssl_tls13_application_secrets secrets;
 
     /* Double-check that we've passed sane parameters. */
     mbedtls_md_type_t md_type = (mbedtls_md_type_t) hash_alg;
@@ -3894,7 +3894,7 @@ void ssl_tls1_3_derive_resumption_secrets( int hash_alg,
                                            data_t *transcript,
                                            data_t *resumption_expected )
 {
-    mbedtls_ssl_tls1_3_application_secrets secrets;
+    mbedtls_ssl_tls13_application_secrets secrets;
 
     /* Double-check that we've passed sane parameters. */
     mbedtls_md_type_t md_type = (mbedtls_md_type_t) hash_alg;

From 46c6fc74f19b5d742d4704013509a40bb2d7e01d Mon Sep 17 00:00:00 2001
From: XiaokangQian <xiaokang.qian@arm.com>
Date: Fri, 22 Oct 2021 10:20:28 +0000
Subject: [PATCH 923/966] Fix compile issue about
 MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
---
 library/ssl_tls13_keys.h | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h
index 2509cffd59..1e6fff58bf 100644
--- a/library/ssl_tls13_keys.h
+++ b/library/ssl_tls13_keys.h
@@ -19,6 +19,7 @@
 #if !defined(MBEDTLS_SSL_TLS1_3_KEYS_H)
 #define MBEDTLS_SSL_TLS1_3_KEYS_H
 
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
 /* This requires MBEDTLS_SSL_TLS1_3_LABEL( idx, name, string ) to be defined at
  * the point of use. See e.g. the definition of mbedtls_ssl_tls1_3_labels_union
  * below. */
@@ -631,4 +632,5 @@ int mbedtls_ssl_tls1_3_calculate_expected_finished( mbedtls_ssl_context *ssl,
                                       size_t *actual_len,
                                       int from );
 
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
 #endif /* MBEDTLS_SSL_TLS1_3_KEYS_H */

From 7c91705e21b9a39116c7bf0c4ef6e1a357cd7751 Mon Sep 17 00:00:00 2001
From: XiaokangQian <xiaokang.qian@arm.com>
Date: Mon, 25 Oct 2021 06:17:12 +0000
Subject: [PATCH 924/966] Remove support for MBEDTLS_SSL_EXPORT_KEYS

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
---
 library/ssl_tls13_keys.c | 22 ----------------------
 1 file changed, 22 deletions(-)

diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index 85026f5384..54a9275284 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -1185,28 +1185,6 @@ int mbedtls_ssl_tls1_3_generate_application_keys(
                            app_secrets->server_application_traffic_secret_N,
                            md_size );
 
-    /*
-     * Export client/server application traffic secret 0
-     */
-#if defined(MBEDTLS_SSL_EXPORT_KEYS)
-    if( ssl->f_export_keys != NULL )
-    {
-        ssl->f_export_keys( ssl->p_export_keys,
-                MBEDTLS_SSL_KEY_EXPORT_TLS13_CLIENT_APPLICATION_TRAFFIC_SECRET,
-                app_secrets->client_application_traffic_secret_N, md_size,
-                ssl->handshake->randbytes + 32,
-                ssl->handshake->randbytes,
-                MBEDTLS_SSL_TLS_PRF_NONE /* TODO: FIX! */ );
-
-        ssl->f_export_keys( ssl->p_export_keys,
-                MBEDTLS_SSL_KEY_EXPORT_TLS13_SERVER_APPLICATION_TRAFFIC_SECRET,
-                app_secrets->server_application_traffic_secret_N, md_size,
-                ssl->handshake->randbytes + 32,
-                ssl->handshake->randbytes,
-                MBEDTLS_SSL_TLS_PRF_NONE /* TODO: FIX! */ );
-    }
-#endif /* MBEDTLS_SSL_EXPORT_KEYS */
-
     MBEDTLS_SSL_DEBUG_BUF( 4, "client application_write_key:",
                               traffic_keys->client_write_key, keylen );
     MBEDTLS_SSL_DEBUG_BUF( 4, "server application write key",

From f13c56032f32f7a7e1a68de0d271e500a338bfac Mon Sep 17 00:00:00 2001
From: XiaokangQian <xiaokang.qian@arm.com>
Date: Tue, 26 Oct 2021 10:22:25 +0000
Subject: [PATCH 925/966] Revert some changes about tls13 and macros

There is one PR #4988 to change it in the future

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
---
 include/mbedtls/ssl.h                | 8 ++------
 library/ssl_tls13_keys.c             | 6 +++---
 library/ssl_tls13_keys.h             | 6 ++----
 tests/suites/test_suite_ssl.function | 4 ++--
 4 files changed, 9 insertions(+), 15 deletions(-)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index b88351f90e..ed6a445c22 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1051,15 +1051,13 @@ typedef void mbedtls_ssl_async_cancel_t( mbedtls_ssl_context *ssl );
 #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED &&
           !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
 
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
 typedef struct
 {
     unsigned char client_application_traffic_secret_N[ MBEDTLS_MD_MAX_SIZE ];
     unsigned char server_application_traffic_secret_N[ MBEDTLS_MD_MAX_SIZE ];
     unsigned char exporter_master_secret             [ MBEDTLS_MD_MAX_SIZE ];
     unsigned char resumption_master_secret           [ MBEDTLS_MD_MAX_SIZE ];
-} mbedtls_ssl_tls13_application_secrets;
-#endif
+} mbedtls_ssl_tls1_3_application_secrets;
 
 #if defined(MBEDTLS_SSL_DTLS_SRTP)
 
@@ -1125,9 +1123,7 @@ struct mbedtls_ssl_session
      * to be studied whether one of them can be removed. */
     unsigned char MBEDTLS_PRIVATE(minor_ver);    /*!< The TLS version used in the session. */
 
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
-    mbedtls_ssl_tls13_application_secrets MBEDTLS_PRIVATE(app_secrets);
-#endif
+    mbedtls_ssl_tls1_3_application_secrets MBEDTLS_PRIVATE(app_secrets);
 
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
 #if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index 54a9275284..2127393fc9 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -469,7 +469,7 @@ int mbedtls_ssl_tls1_3_derive_application_secrets(
           mbedtls_md_type_t md_type,
           unsigned char const *application_secret,
           unsigned char const *transcript, size_t transcript_len,
-          mbedtls_ssl_tls13_application_secrets *derived )
+          mbedtls_ssl_tls1_3_application_secrets *derived )
 {
     int ret;
     mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type );
@@ -539,7 +539,7 @@ int mbedtls_ssl_tls1_3_derive_resumption_master_secret(
           mbedtls_md_type_t md_type,
           unsigned char const *application_secret,
           unsigned char const *transcript, size_t transcript_len,
-          mbedtls_ssl_tls13_application_secrets *derived )
+          mbedtls_ssl_tls1_3_application_secrets *derived )
 {
     int ret;
     mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type );
@@ -1114,7 +1114,7 @@ int mbedtls_ssl_tls1_3_generate_application_keys(
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
     /* Address at which to store the application secrets */
-    mbedtls_ssl_tls13_application_secrets * const app_secrets =
+    mbedtls_ssl_tls1_3_application_secrets * const app_secrets =
         &ssl->session_negotiate->app_secrets;
 
     /* Holding the transcript up to and including the ServerFinished */
diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h
index 1e6fff58bf..e96cfc10c2 100644
--- a/library/ssl_tls13_keys.h
+++ b/library/ssl_tls13_keys.h
@@ -19,7 +19,6 @@
 #if !defined(MBEDTLS_SSL_TLS1_3_KEYS_H)
 #define MBEDTLS_SSL_TLS1_3_KEYS_H
 
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
 /* This requires MBEDTLS_SSL_TLS1_3_LABEL( idx, name, string ) to be defined at
  * the point of use. See e.g. the definition of mbedtls_ssl_tls1_3_labels_union
  * below. */
@@ -345,7 +344,7 @@ int mbedtls_ssl_tls1_3_derive_application_secrets(
           mbedtls_md_type_t md_type,
           unsigned char const *master_secret,
           unsigned char const *transcript, size_t transcript_len,
-          mbedtls_ssl_tls13_application_secrets *derived );
+          mbedtls_ssl_tls1_3_application_secrets *derived );
 
 /**
  * \brief Derive TLS 1.3 resumption master secret from the master secret.
@@ -375,7 +374,7 @@ int mbedtls_ssl_tls1_3_derive_resumption_master_secret(
           mbedtls_md_type_t md_type,
           unsigned char const *application_secret,
           unsigned char const *transcript, size_t transcript_len,
-          mbedtls_ssl_tls13_application_secrets *derived );
+          mbedtls_ssl_tls1_3_application_secrets *derived );
 
 /**
  * \brief Compute the next secret in the TLS 1.3 key schedule
@@ -632,5 +631,4 @@ int mbedtls_ssl_tls1_3_calculate_expected_finished( mbedtls_ssl_context *ssl,
                                       size_t *actual_len,
                                       int from );
 
-#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
 #endif /* MBEDTLS_SSL_TLS1_3_KEYS_H */
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 6d262cee26..75eda1dcd2 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -3862,7 +3862,7 @@ void ssl_tls1_3_derive_application_secrets( int hash_alg,
                                           data_t *server_expected,
                                           data_t *exporter_expected )
 {
-    mbedtls_ssl_tls13_application_secrets secrets;
+    mbedtls_ssl_tls1_3_application_secrets secrets;
 
     /* Double-check that we've passed sane parameters. */
     mbedtls_md_type_t md_type = (mbedtls_md_type_t) hash_alg;
@@ -3894,7 +3894,7 @@ void ssl_tls1_3_derive_resumption_secrets( int hash_alg,
                                            data_t *transcript,
                                            data_t *resumption_expected )
 {
-    mbedtls_ssl_tls13_application_secrets secrets;
+    mbedtls_ssl_tls1_3_application_secrets secrets;
 
     /* Double-check that we've passed sane parameters. */
     mbedtls_md_type_t md_type = (mbedtls_md_type_t) hash_alg;

From f26f6ade0c650dded604bd3350460593cb2ae77f Mon Sep 17 00:00:00 2001
From: XiaokangQian <xiaokang.qian@arm.com>
Date: Thu, 28 Oct 2021 05:50:31 +0000
Subject: [PATCH 926/966] Rebase and solve conflicts

Remove the double definition and change name

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
---
 library/ssl_misc.h       | 8 --------
 library/ssl_tls13_keys.c | 4 ++--
 2 files changed, 2 insertions(+), 10 deletions(-)

diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 3b0d61b35c..7044769a2a 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -522,14 +522,6 @@ typedef struct
     unsigned char server_handshake_traffic_secret[ MBEDTLS_TLS1_3_MD_MAX_SIZE ];
 } mbedtls_ssl_tls1_3_handshake_secrets;
 
-typedef struct
-{
-    unsigned char client_application_traffic_secret_N[ MBEDTLS_TLS1_3_MD_MAX_SIZE ];
-    unsigned char server_application_traffic_secret_N[ MBEDTLS_TLS1_3_MD_MAX_SIZE ];
-    unsigned char exporter_master_secret             [ MBEDTLS_TLS1_3_MD_MAX_SIZE ];
-    unsigned char resumption_master_secret           [ MBEDTLS_TLS1_3_MD_MAX_SIZE ];
-} mbedtls_ssl_tls1_3_application_secrets;
-
 /*
  * This structure contains the parameters only needed during handshake.
  */
diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index 2127393fc9..5bd3e47196 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -676,9 +676,9 @@ int mbedtls_ssl_tls1_3_calculate_expected_finished( mbedtls_ssl_context* ssl,
     MBEDTLS_SSL_DEBUG_BUF( 4, "handshake hash", transcript, transcript_len );
 
     if( from == MBEDTLS_SSL_IS_CLIENT )
-        base_key = ssl->handshake->tls1_3_hs_secrets.client_handshake_traffic_secret;
+        base_key = ssl->handshake->tls13_hs_secrets.client_handshake_traffic_secret;
     else
-        base_key = ssl->handshake->tls1_3_hs_secrets.server_handshake_traffic_secret;
+        base_key = ssl->handshake->tls13_hs_secrets.server_handshake_traffic_secret;
 
     ret = ssl_tls1_3_calc_finished_core( md_type, base_key, transcript, dst );
     if( ret != 0 )

From 61bdbbc18b4da3cd20cdf7bc8b80031d4240513b Mon Sep 17 00:00:00 2001
From: XiaokangQian <xiaokang.qian@arm.com>
Date: Thu, 28 Oct 2021 08:03:38 +0000
Subject: [PATCH 927/966] Add cleanup in functions for secure reason

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
---
 library/ssl_tls13_generic.c | 24 +++++++++++++++++++-----
 library/ssl_tls13_keys.c    | 20 ++++++++------------
 2 files changed, 27 insertions(+), 17 deletions(-)

diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 1d41cd3d39..dd550f7721 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -952,7 +952,7 @@ static int ssl_tls13_finished_in_postprocess_cli( mbedtls_ssl_context *ssl )
     {
         MBEDTLS_SSL_DEBUG_RET( 1,
            "mbedtls_ssl_tls13_key_schedule_stage_application", ret );
-        return( ret );
+        goto cleanup;
     }
 
     ret = mbedtls_ssl_tls1_3_generate_application_keys(
@@ -961,13 +961,16 @@ static int ssl_tls13_finished_in_postprocess_cli( mbedtls_ssl_context *ssl )
     {
         MBEDTLS_SSL_DEBUG_RET( 1,
             "mbedtls_ssl_tls1_3_generate_application_keys", ret );
-        return( ret );
+        goto cleanup;
     }
 
     transform_application =
         mbedtls_calloc( 1, sizeof( mbedtls_ssl_transform ) );
     if( transform_application == NULL )
-        return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+    {
+        ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
+        goto cleanup;
+    }
 
     ret = mbedtls_ssl_tls13_populate_transform(
                                     transform_application,
@@ -978,13 +981,24 @@ static int ssl_tls13_finished_in_postprocess_cli( mbedtls_ssl_context *ssl )
     if( ret != 0 )
     {
         MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_populate_transform", ret );
-        return( ret );
+        goto cleanup;
     }
 
     ssl->transform_application = transform_application;
 
     mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_END_OF_EARLY_DATA );
-    return( 0 );
+
+cleanup:
+
+    mbedtls_platform_zeroize( &traffic_keys, sizeof(mbedtls_ssl_key_set) );
+	if( ret != 0)
+	{
+	    mbedtls_free( transform_application );
+	    MBEDTLS_SSL_PEND_FATAL_ALERT(
+	                MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE,
+	                MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+	}
+    return( ret );
 }
 
 static int ssl_tls13_finished_in_postprocess( mbedtls_ssl_context* ssl )
diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index 5bd3e47196..34d8a19df2 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -567,7 +567,7 @@ int mbedtls_ssl_tls1_3_derive_resumption_master_secret(
 int mbedtls_ssl_tls13_key_schedule_stage_application(
     mbedtls_ssl_context *ssl )
 {
-    int ret = 0;
+    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_md_type_t const md_type = ssl->handshake->ciphersuite_info->mac;
 #if defined(MBEDTLS_DEBUG_C)
     mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type );
@@ -671,7 +671,7 @@ int mbedtls_ssl_tls1_3_calculate_expected_finished( mbedtls_ssl_context* ssl,
     if( ret != 0 )
     {
         MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_get_handshake_transcript", ret );
-        return( ret );
+        goto exit;
     }
     MBEDTLS_SSL_DEBUG_BUF( 4, "handshake hash", transcript, transcript_len );
 
@@ -682,12 +682,16 @@ int mbedtls_ssl_tls1_3_calculate_expected_finished( mbedtls_ssl_context* ssl,
 
     ret = ssl_tls1_3_calc_finished_core( md_type, base_key, transcript, dst );
     if( ret != 0 )
-        return( ret );
+        goto exit;
     *actual_len = md_size;
 
     MBEDTLS_SSL_DEBUG_BUF( 3, "verify_data for finished message", dst, md_size );
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= mbedtls_ssl_tls1_3_calculate_expected_finished" ) );
-    return( 0 );
+
+exit:
+
+    mbedtls_platform_zeroize( transcript, sizeof( transcript) );
+    return( ret );
 }
 
 int mbedtls_ssl_tls1_3_create_psk_binder( mbedtls_ssl_context *ssl,
@@ -1199,14 +1203,6 @@ int mbedtls_ssl_tls1_3_generate_application_keys(
  cleanup:
 
     mbedtls_platform_zeroize( transcript, sizeof(transcript) );
-    mbedtls_platform_zeroize( traffic_keys->client_write_key,
-                              sizeof(traffic_keys->client_write_key)  );
-    mbedtls_platform_zeroize( traffic_keys->server_write_key,
-                              sizeof(traffic_keys->server_write_key)  );
-    mbedtls_platform_zeroize( traffic_keys->client_write_iv,
-                              sizeof(traffic_keys->client_write_iv)  );
-    mbedtls_platform_zeroize( traffic_keys->server_write_iv,
-                              sizeof(traffic_keys->server_write_iv)  );
     return( ret );
 }
 

From 1aef02ee20a1271aae8cad561193060211f41269 Mon Sep 17 00:00:00 2001
From: XiaokangQian <xiaokang.qian@arm.com>
Date: Thu, 28 Oct 2021 09:54:34 +0000
Subject: [PATCH 928/966] Fix initialized issues and remove useless code

Fix the variable not inialized issue, remove the client
certificate related code, remove early data related code.

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
---
 include/mbedtls/ssl.h       |  1 -
 library/ssl_tls13_client.c  | 28 ----------------------------
 library/ssl_tls13_generic.c | 18 +++++++++---------
 3 files changed, 9 insertions(+), 38 deletions(-)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index ed6a445c22..508a5e34ad 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -637,7 +637,6 @@ typedef enum
     MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET,
     MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT,
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
-    MBEDTLS_SSL_END_OF_EARLY_DATA,
     MBEDTLS_SSL_ENCRYPTED_EXTENSIONS,
     MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY,
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 2bde4a8252..5dba0f0c40 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -1608,26 +1608,6 @@ static int ssl_tls1_3_process_server_finished( mbedtls_ssl_context *ssl )
     return ( mbedtls_ssl_tls13_finished_in_process( ssl ) );
 }
 
-/*
- * Handler for MBEDTLS_SSL_CLIENT_CERTIFICATE
- */
-static int ssl_tls1_3_write_client_certificate( mbedtls_ssl_context *ssl )
-{
-    MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) );
-    mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY );
-    return( 0 );
-}
-
-/*
- * Handler for MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY
- */
-static int ssl_tls1_3_write_client_certificate_verify( mbedtls_ssl_context *ssl )
-{
-    MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) );
-    mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_FINISHED );
-    return( 0 );
-}
-
 /*
  * Handler for MBEDTLS_SSL_CLIENT_FINISHED
  */
@@ -1701,14 +1681,6 @@ int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl )
             ret = ssl_tls1_3_process_server_finished( ssl );
             break;
 
-        case MBEDTLS_SSL_CLIENT_CERTIFICATE:
-            ret = ssl_tls1_3_write_client_certificate( ssl );
-            break;
-
-        case MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY:
-            ret = ssl_tls1_3_write_client_certificate_verify( ssl );
-            break;
-
         case MBEDTLS_SSL_CLIENT_FINISHED:
             ret = ssl_tls1_3_write_client_finished( ssl );
             break;
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index dd550f7721..f379485854 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -945,7 +945,7 @@ static int ssl_tls13_finished_in_postprocess_cli( mbedtls_ssl_context *ssl )
 {
     int ret = 0;
     mbedtls_ssl_key_set traffic_keys;
-    mbedtls_ssl_transform *transform_application;
+    mbedtls_ssl_transform *transform_application = NULL;
 
     ret = mbedtls_ssl_tls13_key_schedule_stage_application( ssl );
     if( ret != 0 )
@@ -986,18 +986,18 @@ static int ssl_tls13_finished_in_postprocess_cli( mbedtls_ssl_context *ssl )
 
     ssl->transform_application = transform_application;
 
-    mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_END_OF_EARLY_DATA );
+    mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_FINISHED );
 
 cleanup:
 
     mbedtls_platform_zeroize( &traffic_keys, sizeof(mbedtls_ssl_key_set) );
-	if( ret != 0)
-	{
-	    mbedtls_free( transform_application );
-	    MBEDTLS_SSL_PEND_FATAL_ALERT(
-	                MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE,
-	                MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
-	}
+    if( ret != 0)
+    {
+        mbedtls_free( transform_application );
+        MBEDTLS_SSL_PEND_FATAL_ALERT(
+                MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE,
+                MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+    }
     return( ret );
 }
 

From 8903bd97b0eea085f09670f227946eef07420176 Mon Sep 17 00:00:00 2001
From: XiaokangQian <xiaokang.qian@arm.com>
Date: Wed, 3 Nov 2021 05:56:49 +0000
Subject: [PATCH 929/966] Change some naming style issues and remove useless
 code

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
---
 library/ssl_misc.h          | 21 ++-------------------
 library/ssl_tls13_client.c  |  2 +-
 library/ssl_tls13_generic.c | 35 ++++++++++++++++-------------------
 library/ssl_tls13_keys.h    |  8 ++++----
 4 files changed, 23 insertions(+), 43 deletions(-)

diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 7044769a2a..6b9bc599de 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -775,20 +775,6 @@ struct mbedtls_ssl_handshake_params
 
 #endif /* MBEDTLS_SSL_CLI_C */
 
-        /* Incoming CertificateVerify */
-        struct
-        {
-            unsigned char verify_buffer[ 64 + 33 + 1 + MBEDTLS_MD_MAX_SIZE ];
-            size_t verify_buffer_len;
-        } certificate_verify_in;
-
-        /* Outgoing CertificateVerify */
-        struct
-        {
-            unsigned char handshake_hash[ MBEDTLS_MD_MAX_SIZE ];
-            size_t handshake_hash_len;
-        } certificate_verify_out;
-
     } state_local;
 
     /* End of state-local variables. */
@@ -1236,11 +1222,8 @@ static inline int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl )
 int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush );
 int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl );
 
-int mbedtls_ssl_read_certificate_process(mbedtls_ssl_context *ssl);
-int mbedtls_ssl_write_certificate_process(mbedtls_ssl_context *ssl);
-
-int mbedtls_ssl_tls13_finished_in_process( mbedtls_ssl_context *ssl );
-int mbedtls_ssl_tls13_finished_out_process( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_tls13_process_finished_in( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_tls13_process_finished_out( mbedtls_ssl_context *ssl );
 
 int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl );
 int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl );
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 5dba0f0c40..8644db9587 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -1605,7 +1605,7 @@ static int ssl_tls1_3_process_certificate_verify( mbedtls_ssl_context *ssl )
  */
 static int ssl_tls1_3_process_server_finished( mbedtls_ssl_context *ssl )
 {
-    return ( mbedtls_ssl_tls13_finished_in_process( ssl ) );
+    return ( mbedtls_ssl_tls13_process_finished_in( ssl ) );
 }
 
 /*
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index f379485854..b2e5ad0619 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -851,20 +851,17 @@ cleanup:
  * Overview
  */
 
-/* Main entry point: orchestrates the other functions */
-int mbedtls_ssl_tls13_finished_in_process( mbedtls_ssl_context* ssl );
-
-static int ssl_tls13_finished_in_preprocess( mbedtls_ssl_context* ssl );
-static int ssl_tls13_finished_in_postprocess( mbedtls_ssl_context* ssl );
-static int ssl_tls13_finished_in_parse( mbedtls_ssl_context* ssl,
-                                  const unsigned char* buf,
-                                  size_t buflen );
+static int ssl_tls13_preprocess_finished_in( mbedtls_ssl_context *ssl );
+static int ssl_tls13_postprocess_finished_in( mbedtls_ssl_context *ssl );
+static int ssl_tls13_parse_finished_in( mbedtls_ssl_context *ssl,
+                                        const unsigned char *buf,
+                                        size_t buflen );
 
 /*
  * Implementation
  */
 
-int mbedtls_ssl_tls13_finished_in_process( mbedtls_ssl_context* ssl )
+int mbedtls_ssl_tls13_process_finished_in( mbedtls_ssl_context *ssl )
 {
     int ret = 0;
     unsigned char *buf;
@@ -873,15 +870,15 @@ int mbedtls_ssl_tls13_finished_in_process( mbedtls_ssl_context* ssl )
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse server finished_in_process" ) );
 
     /* Preprocessing step: Compute handshake digest */
-    MBEDTLS_SSL_PROC_CHK( ssl_tls13_finished_in_preprocess( ssl ) );
+    MBEDTLS_SSL_PROC_CHK( ssl_tls13_preprocess_finished_in( ssl ) );
 
     MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls1_3_fetch_handshake_msg( ssl,
                                               MBEDTLS_SSL_HS_FINISHED,
                                               &buf, &buflen ) );
-    MBEDTLS_SSL_PROC_CHK( ssl_tls13_finished_in_parse( ssl, buf, buflen ) );
+    MBEDTLS_SSL_PROC_CHK( ssl_tls13_parse_finished_in( ssl, buf, buflen ) );
     mbedtls_ssl_tls1_3_add_hs_msg_to_checksum(
         ssl, MBEDTLS_SSL_HS_FINISHED, buf, buflen );
-    MBEDTLS_SSL_PROC_CHK( ssl_tls13_finished_in_postprocess( ssl ) );
+    MBEDTLS_SSL_PROC_CHK( ssl_tls13_postprocess_finished_in( ssl ) );
 
 cleanup:
 
@@ -889,7 +886,7 @@ cleanup:
     return( ret );
 }
 
-static int ssl_tls13_finished_in_preprocess( mbedtls_ssl_context* ssl )
+static int ssl_tls13_preprocess_finished_in( mbedtls_ssl_context *ssl )
 {
     int ret;
 
@@ -907,9 +904,9 @@ static int ssl_tls13_finished_in_preprocess( mbedtls_ssl_context* ssl )
     return( 0 );
 }
 
-static int ssl_tls13_finished_in_parse( mbedtls_ssl_context* ssl,
-                                  const unsigned char* buf,
-                                  size_t buflen )
+static int ssl_tls13_parse_finished_in( mbedtls_ssl_context *ssl,
+                                        const unsigned char *buf,
+                                        size_t buflen )
 {
     /* Structural validation */
     if( buflen != ssl->handshake->state_local.finished_in.digest_len )
@@ -941,7 +938,7 @@ static int ssl_tls13_finished_in_parse( mbedtls_ssl_context* ssl,
     return( 0 );
 }
 
-static int ssl_tls13_finished_in_postprocess_cli( mbedtls_ssl_context *ssl )
+static int ssl_tls13_postprocess_finished_in_cli( mbedtls_ssl_context *ssl )
 {
     int ret = 0;
     mbedtls_ssl_key_set traffic_keys;
@@ -1001,12 +998,12 @@ cleanup:
     return( ret );
 }
 
-static int ssl_tls13_finished_in_postprocess( mbedtls_ssl_context* ssl )
+static int ssl_tls13_postprocess_finished_in( mbedtls_ssl_context* ssl )
 {
 
     if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
     {
-        return( ssl_tls13_finished_in_postprocess_cli( ssl ) );
+        return( ssl_tls13_postprocess_finished_in_cli( ssl ) );
     }
 
     return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h
index e96cfc10c2..fbc6e83c89 100644
--- a/library/ssl_tls13_keys.h
+++ b/library/ssl_tls13_keys.h
@@ -626,9 +626,9 @@ int mbedtls_ssl_tls1_3_generate_application_keys(
  * \returns    A negative error code on failure.
  */
 int mbedtls_ssl_tls1_3_calculate_expected_finished( mbedtls_ssl_context *ssl,
-                                      unsigned char *dst,
-                                      size_t dst_len,
-                                      size_t *actual_len,
-                                      int from );
+                                                    unsigned char *dst,
+                                                    size_t dst_len,
+                                                    size_t *actual_len,
+                                                    int from );
 
 #endif /* MBEDTLS_SSL_TLS1_3_KEYS_H */

From ac0385c08f76108c733b8677af8473e51a2f8648 Mon Sep 17 00:00:00 2001
From: XiaokangQian <xiaokang.qian@arm.com>
Date: Wed, 3 Nov 2021 06:40:11 +0000
Subject: [PATCH 930/966] Change code based on comments

Move set_state function into client
Add back export_key callback function in generate
application keys

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
---
 library/ssl_tls13_client.c  |  9 ++++++++-
 library/ssl_tls13_generic.c |  2 --
 library/ssl_tls13_keys.c    | 20 ++++++++++++++++++++
 3 files changed, 28 insertions(+), 3 deletions(-)

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 8644db9587..c30d5627df 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -1605,7 +1605,14 @@ static int ssl_tls1_3_process_certificate_verify( mbedtls_ssl_context *ssl )
  */
 static int ssl_tls1_3_process_server_finished( mbedtls_ssl_context *ssl )
 {
-    return ( mbedtls_ssl_tls13_process_finished_in( ssl ) );
+    int ret;
+
+    ret = mbedtls_ssl_tls13_process_finished_in( ssl );
+    if( ret != 0 )
+        return( ret );
+
+    mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_FINISHED );
+    return( 0 );
 }
 
 /*
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index b2e5ad0619..9754395f7a 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -983,8 +983,6 @@ static int ssl_tls13_postprocess_finished_in_cli( mbedtls_ssl_context *ssl )
 
     ssl->transform_application = transform_application;
 
-    mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_FINISHED );
-
 cleanup:
 
     mbedtls_platform_zeroize( &traffic_keys, sizeof(mbedtls_ssl_key_set) );
diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index 34d8a19df2..b97a70f29f 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -1189,6 +1189,26 @@ int mbedtls_ssl_tls1_3_generate_application_keys(
                            app_secrets->server_application_traffic_secret_N,
                            md_size );
 
+    /*
+     * Export client/server application traffic secret 0
+     */
+    if( ssl->f_export_keys != NULL )
+    {
+        ssl->f_export_keys( ssl->p_export_keys,
+                MBEDTLS_SSL_KEY_EXPORT_TLS13_CLIENT_APPLICATION_TRAFFIC_SECRET,
+                app_secrets->client_application_traffic_secret_N, md_size,
+                ssl->handshake->randbytes + 32,
+                ssl->handshake->randbytes,
+                MBEDTLS_SSL_TLS_PRF_NONE /* TODO: FIX! */ );
+
+        ssl->f_export_keys( ssl->p_export_keys,
+                MBEDTLS_SSL_KEY_EXPORT_TLS13_SERVER_APPLICATION_TRAFFIC_SECRET,
+                app_secrets->server_application_traffic_secret_N, md_size,
+                ssl->handshake->randbytes + 32,
+                ssl->handshake->randbytes,
+                MBEDTLS_SSL_TLS_PRF_NONE /* TODO: FIX! */ );
+    }
+
     MBEDTLS_SSL_DEBUG_BUF( 4, "client application_write_key:",
                               traffic_keys->client_write_key, keylen );
     MBEDTLS_SSL_DEBUG_BUF( 4, "server application write key",

From b51f8841c42864e39b7eba4f7e68c52c751ed26a Mon Sep 17 00:00:00 2001
From: XiaokangQian <xiaokang.qian@arm.com>
Date: Thu, 4 Nov 2021 03:02:47 +0000
Subject: [PATCH 931/966] Change comments for export_keys callback

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
---
 library/ssl_tls13_keys.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index b97a70f29f..1f0dd8a841 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -1199,14 +1199,16 @@ int mbedtls_ssl_tls1_3_generate_application_keys(
                 app_secrets->client_application_traffic_secret_N, md_size,
                 ssl->handshake->randbytes + 32,
                 ssl->handshake->randbytes,
-                MBEDTLS_SSL_TLS_PRF_NONE /* TODO: FIX! */ );
+                MBEDTLS_SSL_TLS_PRF_NONE /* TODO: this should be replaced by
+                                            a new constant for TLS 1.3! */ );
 
         ssl->f_export_keys( ssl->p_export_keys,
                 MBEDTLS_SSL_KEY_EXPORT_TLS13_SERVER_APPLICATION_TRAFFIC_SECRET,
                 app_secrets->server_application_traffic_secret_N, md_size,
                 ssl->handshake->randbytes + 32,
                 ssl->handshake->randbytes,
-                MBEDTLS_SSL_TLS_PRF_NONE /* TODO: FIX! */ );
+                MBEDTLS_SSL_TLS_PRF_NONE /* TODO: this should be replaced by
+                                            a new constant for TLS 1.3! */ );
     }
 
     MBEDTLS_SSL_DEBUG_BUF( 4, "client application_write_key:",

From 44c38f7e3669694d3fc8785a6442f8664a477039 Mon Sep 17 00:00:00 2001
From: XiaokangQian <xiaokang.qian@arm.com>
Date: Fri, 5 Nov 2021 06:49:27 +0000
Subject: [PATCH 932/966] Chande debug message in finished and rename finalize
 functions

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
---
 library/ssl_tls13_generic.c | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 9754395f7a..27cef72871 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -852,7 +852,7 @@ cleanup:
  */
 
 static int ssl_tls13_preprocess_finished_in( mbedtls_ssl_context *ssl );
-static int ssl_tls13_postprocess_finished_in( mbedtls_ssl_context *ssl );
+static int ssl_tls13_finalize_finished_in( mbedtls_ssl_context *ssl );
 static int ssl_tls13_parse_finished_in( mbedtls_ssl_context *ssl,
                                         const unsigned char *buf,
                                         size_t buflen );
@@ -867,7 +867,7 @@ int mbedtls_ssl_tls13_process_finished_in( mbedtls_ssl_context *ssl )
     unsigned char *buf;
     size_t buflen;
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse server finished_in_process" ) );
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse finished_in" ) );
 
     /* Preprocessing step: Compute handshake digest */
     MBEDTLS_SSL_PROC_CHK( ssl_tls13_preprocess_finished_in( ssl ) );
@@ -878,11 +878,11 @@ int mbedtls_ssl_tls13_process_finished_in( mbedtls_ssl_context *ssl )
     MBEDTLS_SSL_PROC_CHK( ssl_tls13_parse_finished_in( ssl, buf, buflen ) );
     mbedtls_ssl_tls1_3_add_hs_msg_to_checksum(
         ssl, MBEDTLS_SSL_HS_FINISHED, buf, buflen );
-    MBEDTLS_SSL_PROC_CHK( ssl_tls13_postprocess_finished_in( ssl ) );
+    MBEDTLS_SSL_PROC_CHK( ssl_tls13_finalize_finished_in( ssl ) );
 
 cleanup:
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse server finished_in_process" ) );
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse finished_in" ) );
     return( ret );
 }
 
@@ -938,7 +938,7 @@ static int ssl_tls13_parse_finished_in( mbedtls_ssl_context *ssl,
     return( 0 );
 }
 
-static int ssl_tls13_postprocess_finished_in_cli( mbedtls_ssl_context *ssl )
+static int ssl_tls13_finalize_finished_in_cli( mbedtls_ssl_context *ssl )
 {
     int ret = 0;
     mbedtls_ssl_key_set traffic_keys;
@@ -996,12 +996,12 @@ cleanup:
     return( ret );
 }
 
-static int ssl_tls13_postprocess_finished_in( mbedtls_ssl_context* ssl )
+static int ssl_tls13_finalize_finished_in( mbedtls_ssl_context* ssl )
 {
 
     if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
     {
-        return( ssl_tls13_postprocess_finished_in_cli( ssl ) );
+        return( ssl_tls13_finalize_finished_in_cli( ssl ) );
     }
 
     return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );

From c5c39d5800d38add9e5eee30e44c41b338edce31 Mon Sep 17 00:00:00 2001
From: XiaokangQian <xiaokang.qian@arm.com>
Date: Tue, 9 Nov 2021 11:55:10 +0000
Subject: [PATCH 933/966] Change code for styles and comments .etc

Remove useless code in union.
Rename functions and parameters.
Move definitions into othe files.

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
---
 include/mbedtls/ssl.h       | 10 ++--
 library/ssl_misc.h          | 46 ++-----------------
 library/ssl_tls13_client.c  |  2 +-
 library/ssl_tls13_generic.c | 92 +++++++++++++++++--------------------
 library/ssl_tls13_keys.c    |  6 +--
 library/ssl_tls13_keys.h    |  9 ++--
 6 files changed, 61 insertions(+), 104 deletions(-)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 508a5e34ad..fba8f8f846 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -605,6 +605,8 @@ union mbedtls_ssl_premaster_secret
 
 #define MBEDTLS_PREMASTER_SIZE     sizeof( union mbedtls_ssl_premaster_secret )
 
+#define MBEDTLS_TLS1_3_MD_MAX_SIZE         MBEDTLS_MD_MAX_SIZE
+
 /* Length in number of bytes of the TLS sequence number */
 #define MBEDTLS_SSL_SEQUENCE_NUMBER_LEN 8
 
@@ -1052,10 +1054,10 @@ typedef void mbedtls_ssl_async_cancel_t( mbedtls_ssl_context *ssl );
 
 typedef struct
 {
-    unsigned char client_application_traffic_secret_N[ MBEDTLS_MD_MAX_SIZE ];
-    unsigned char server_application_traffic_secret_N[ MBEDTLS_MD_MAX_SIZE ];
-    unsigned char exporter_master_secret             [ MBEDTLS_MD_MAX_SIZE ];
-    unsigned char resumption_master_secret           [ MBEDTLS_MD_MAX_SIZE ];
+    unsigned char client_application_traffic_secret_N[ MBEDTLS_TLS1_3_MD_MAX_SIZE ];
+    unsigned char server_application_traffic_secret_N[ MBEDTLS_TLS1_3_MD_MAX_SIZE ];
+    unsigned char exporter_master_secret             [ MBEDTLS_TLS1_3_MD_MAX_SIZE ];
+    unsigned char resumption_master_secret           [ MBEDTLS_TLS1_3_MD_MAX_SIZE ];
 } mbedtls_ssl_tls1_3_application_secrets;
 
 #if defined(MBEDTLS_SSL_DTLS_SRTP)
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 6b9bc599de..89a5d4313f 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -307,8 +307,6 @@
       + ( MBEDTLS_SSL_CID_OUT_LEN_MAX ) )
 #endif
 
-#define MBEDTLS_TLS1_3_MD_MAX_SIZE         MBEDTLS_MD_MAX_SIZE
-
 #define MBEDTLS_CLIENT_HELLO_RANDOM_LEN 32
 #define MBEDTLS_SERVER_HELLO_RANDOM_LEN 32
 
@@ -724,7 +722,7 @@ struct mbedtls_ssl_handshake_params
 
             /* Buffer holding digest of the handshake up to
              * but excluding the outgoing finished message. */
-            unsigned char digest[MBEDTLS_MD_MAX_SIZE];
+            unsigned char digest[MBEDTLS_TLS1_3_MD_MAX_SIZE];
             size_t digest_len;
         } finished_out;
 
@@ -733,48 +731,10 @@ struct mbedtls_ssl_handshake_params
         {
             /* Buffer holding digest of the handshake up to but
              * excluding the peer's incoming finished message. */
-            unsigned char digest[MBEDTLS_MD_MAX_SIZE];
+            unsigned char digest[MBEDTLS_TLS1_3_MD_MAX_SIZE];
             size_t digest_len;
         } finished_in;
 
-#if defined(MBEDTLS_SSL_CLI_C)
-
-        /* Client, incoming ServerKeyExchange */
-        struct
-        {
-            uint8_t preparation_done;
-        } srv_key_exchange;
-
-        /* Client, incoming ServerHello */
-        struct
-        {
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
-            int renego_info_seen;
-#else
-            int dummy;
-#endif
-        } srv_hello_in;
-
-        /* Client, outgoing ClientKeyExchange */
-        struct
-        {
-            uint8_t preparation_done;
-        } cli_key_exch_out;
-
-        /* Client, outgoing Certificate Verify */
-        struct
-        {
-            uint8_t preparation_done;
-        } crt_vrfy_out;
-
-        /* Client, outgoing ClientHello */
-        struct
-        {
-            uint8_t preparation_done;
-        }  cli_hello_out;
-
-#endif /* MBEDTLS_SSL_CLI_C */
-
     } state_local;
 
     /* End of state-local variables. */
@@ -1222,7 +1182,7 @@ static inline int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl )
 int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush );
 int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl );
 
-int mbedtls_ssl_tls13_process_finished_in( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_tls13_process_finished_message( mbedtls_ssl_context *ssl );
 int mbedtls_ssl_tls13_process_finished_out( mbedtls_ssl_context *ssl );
 
 int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl );
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index c30d5627df..6deab2a8c7 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -1607,7 +1607,7 @@ static int ssl_tls1_3_process_server_finished( mbedtls_ssl_context *ssl )
 {
     int ret;
 
-    ret = mbedtls_ssl_tls13_process_finished_in( ssl );
+    ret = mbedtls_ssl_tls13_process_finished_message( ssl );
     if( ret != 0 )
         return( ret );
 
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 27cef72871..83f7202242 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -847,69 +847,37 @@ cleanup:
 
 /*
  *
- * STATE HANDLING: Incoming Finished
- * Overview
+ * STATE HANDLING: Incoming Finished message.
  */
-
-static int ssl_tls13_preprocess_finished_in( mbedtls_ssl_context *ssl );
-static int ssl_tls13_finalize_finished_in( mbedtls_ssl_context *ssl );
-static int ssl_tls13_parse_finished_in( mbedtls_ssl_context *ssl,
-                                        const unsigned char *buf,
-                                        size_t buflen );
-
 /*
  * Implementation
  */
 
-int mbedtls_ssl_tls13_process_finished_in( mbedtls_ssl_context *ssl )
-{
-    int ret = 0;
-    unsigned char *buf;
-    size_t buflen;
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse finished_in" ) );
-
-    /* Preprocessing step: Compute handshake digest */
-    MBEDTLS_SSL_PROC_CHK( ssl_tls13_preprocess_finished_in( ssl ) );
-
-    MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls1_3_fetch_handshake_msg( ssl,
-                                              MBEDTLS_SSL_HS_FINISHED,
-                                              &buf, &buflen ) );
-    MBEDTLS_SSL_PROC_CHK( ssl_tls13_parse_finished_in( ssl, buf, buflen ) );
-    mbedtls_ssl_tls1_3_add_hs_msg_to_checksum(
-        ssl, MBEDTLS_SSL_HS_FINISHED, buf, buflen );
-    MBEDTLS_SSL_PROC_CHK( ssl_tls13_finalize_finished_in( ssl ) );
-
-cleanup:
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse finished_in" ) );
-    return( ret );
-}
-
-static int ssl_tls13_preprocess_finished_in( mbedtls_ssl_context *ssl )
+static int ssl_tls13_prepare_finished_in( mbedtls_ssl_context *ssl )
 {
     int ret;
 
-    ret = mbedtls_ssl_tls1_3_calculate_expected_finished( ssl,
+    ret = mbedtls_ssl_tls13_calculate_verify_data( ssl,
                     ssl->handshake->state_local.finished_in.digest,
                     sizeof( ssl->handshake->state_local.finished_in.digest ),
                     &ssl->handshake->state_local.finished_in.digest_len,
-                    ssl->conf->endpoint ^ 1 );
+                    ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ?
+                    MBEDTLS_SSL_IS_SERVER : MBEDTLS_SSL_IS_CLIENT );
     if( ret != 0 )
     {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_calculate_expected_finished", ret );
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_calculate_verify_data", ret );
         return( ret );
     }
 
     return( 0 );
 }
 
-static int ssl_tls13_parse_finished_in( mbedtls_ssl_context *ssl,
-                                        const unsigned char *buf,
-                                        size_t buflen )
+static int ssl_tls13_parse_finished_message( mbedtls_ssl_context *ssl,
+                                             const unsigned char *buf,
+                                             const unsigned char *end )
 {
     /* Structural validation */
-    if( buflen != ssl->handshake->state_local.finished_in.digest_len )
+    if( (size_t)( end - buf ) != ssl->handshake->state_local.finished_in.digest_len )
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad finished message" ) );
 
@@ -918,10 +886,10 @@ static int ssl_tls13_parse_finished_in( mbedtls_ssl_context *ssl,
         return( MBEDTLS_ERR_SSL_DECODE_ERROR );
     }
 
-    MBEDTLS_SSL_DEBUG_BUF( 4, "Hash (self-computed):",
+    MBEDTLS_SSL_DEBUG_BUF( 4, "verify_data (self-computed):",
                            ssl->handshake->state_local.finished_in.digest,
                            ssl->handshake->state_local.finished_in.digest_len );
-    MBEDTLS_SSL_DEBUG_BUF( 4, "Hash (received message):", buf,
+    MBEDTLS_SSL_DEBUG_BUF( 4, "verify_data (received message):", buf,
                            ssl->handshake->state_local.finished_in.digest_len );
 
     /* Semantic validation */
@@ -938,7 +906,7 @@ static int ssl_tls13_parse_finished_in( mbedtls_ssl_context *ssl,
     return( 0 );
 }
 
-static int ssl_tls13_finalize_finished_in_cli( mbedtls_ssl_context *ssl )
+static int ssl_tls13_finalize_server_finished_message( mbedtls_ssl_context *ssl )
 {
     int ret = 0;
     mbedtls_ssl_key_set traffic_keys;
@@ -985,8 +953,8 @@ static int ssl_tls13_finalize_finished_in_cli( mbedtls_ssl_context *ssl )
 
 cleanup:
 
-    mbedtls_platform_zeroize( &traffic_keys, sizeof(mbedtls_ssl_key_set) );
-    if( ret != 0)
+    mbedtls_platform_zeroize( &traffic_keys, sizeof( mbedtls_ssl_key_set ) );
+    if( ret != 0 )
     {
         mbedtls_free( transform_application );
         MBEDTLS_SSL_PEND_FATAL_ALERT(
@@ -996,17 +964,43 @@ cleanup:
     return( ret );
 }
 
-static int ssl_tls13_finalize_finished_in( mbedtls_ssl_context* ssl )
+static int ssl_tls13_finalize_finished_message( mbedtls_ssl_context* ssl )
 {
 
     if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
     {
-        return( ssl_tls13_finalize_finished_in_cli( ssl ) );
+        return( ssl_tls13_finalize_server_finished_message( ssl ) );
     }
 
     return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
 }
 
+int mbedtls_ssl_tls13_process_finished_message( mbedtls_ssl_context *ssl )
+{
+    int ret = 0;
+    unsigned char *buf;
+    size_t buflen;
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse finished_in" ) );
+
+    /* Preprocessing step: Compute handshake digest */
+    MBEDTLS_SSL_PROC_CHK( ssl_tls13_prepare_finished_in( ssl ) );
+
+    MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls1_3_fetch_handshake_msg( ssl,
+                                              MBEDTLS_SSL_HS_FINISHED,
+                                              &buf, &buflen ) );
+    MBEDTLS_SSL_PROC_CHK( ssl_tls13_parse_finished_message( ssl, buf, buf + buflen ) );
+    mbedtls_ssl_tls1_3_add_hs_msg_to_checksum(
+        ssl, MBEDTLS_SSL_HS_FINISHED, buf, buflen );
+    MBEDTLS_SSL_PROC_CHK( ssl_tls13_finalize_finished_message( ssl ) );
+
+cleanup:
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse finished_in" ) );
+    return( ret );
+}
+
+
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
 
 #endif /* MBEDTLS_SSL_TLS_C */
diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index 1f0dd8a841..8f089f580b 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -643,7 +643,7 @@ exit:
     return( ret );
 }
 
-int mbedtls_ssl_tls1_3_calculate_expected_finished( mbedtls_ssl_context* ssl,
+int mbedtls_ssl_tls13_calculate_verify_data( mbedtls_ssl_context* ssl,
                                       unsigned char* dst,
                                       size_t dst_len,
                                       size_t *actual_len,
@@ -660,7 +660,7 @@ int mbedtls_ssl_tls1_3_calculate_expected_finished( mbedtls_ssl_context* ssl,
     const mbedtls_md_info_t* const md = mbedtls_md_info_from_type( md_type );
     size_t const md_size = mbedtls_md_get_size( md );
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> mbedtls_ssl_tls1_3_calculate_expected_finished" ) );
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> mbedtls_ssl_tls13_calculate_verify_data" ) );
 
     if( dst_len < md_size )
         return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
@@ -686,7 +686,7 @@ int mbedtls_ssl_tls1_3_calculate_expected_finished( mbedtls_ssl_context* ssl,
     *actual_len = md_size;
 
     MBEDTLS_SSL_DEBUG_BUF( 3, "verify_data for finished message", dst, md_size );
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= mbedtls_ssl_tls1_3_calculate_expected_finished" ) );
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= mbedtls_ssl_tls13_calculate_verify_data" ) );
 
 exit:
 
diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h
index fbc6e83c89..c5c3a34162 100644
--- a/library/ssl_tls13_keys.h
+++ b/library/ssl_tls13_keys.h
@@ -605,16 +605,17 @@ int mbedtls_ssl_tls1_3_generate_application_keys(
     mbedtls_ssl_context* ssl, mbedtls_ssl_key_set *traffic_keys );
 
 /**
- * \brief Calculate content of TLS 1.3 Finished message.
+ * \brief Calculate the verify_data value for the client or server TLS 1.3
+ * Finished message.
  *
  * \param ssl  The SSL context to operate on. This must be in
  *             key schedule stage \c Handshake, see
  *             mbedtls_ssl_tls13_key_schedule_stage_application().
- * \param dst        The address at which to write the Finished content.
+ * \param dst        The address at which to write the verify_data value.
  * \param dst_len    The size of \p dst in bytes.
  * \param actual_len The address at which to store the amount of data
  *                   actually written to \p dst upon success.
- * \param from       The endpoint the Finished message originates from:
+ * \param from       The message to calculate the `verify_data` for:
  *                   - #MBEDTLS_SSL_IS_CLIENT for the Client's Finished message
  *                   - #MBEDTLS_SSL_IS_SERVER for the Server's Finished message
  *
@@ -625,7 +626,7 @@ int mbedtls_ssl_tls1_3_generate_application_keys(
  * \returns    \c 0 on success.
  * \returns    A negative error code on failure.
  */
-int mbedtls_ssl_tls1_3_calculate_expected_finished( mbedtls_ssl_context *ssl,
+int mbedtls_ssl_tls13_calculate_verify_data( mbedtls_ssl_context *ssl,
                                                     unsigned char *dst,
                                                     size_t dst_len,
                                                     size_t *actual_len,

From aaa0e197a81ea8fe8b8a9364987019603b81f519 Mon Sep 17 00:00:00 2001
From: XiaokangQian <xiaokang.qian@arm.com>
Date: Wed, 10 Nov 2021 03:07:04 +0000
Subject: [PATCH 934/966] Change the alignment and names of functions and a
 macro

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
---
 library/ssl_misc.h          |  1 -
 library/ssl_tls13_generic.c | 12 ++++++------
 library/ssl_tls13_keys.c    | 10 +++++-----
 library/ssl_tls13_keys.h    | 10 +++++-----
 4 files changed, 16 insertions(+), 17 deletions(-)

diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 89a5d4313f..c0a370e06b 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -1183,7 +1183,6 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush );
 int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl );
 
 int mbedtls_ssl_tls13_process_finished_message( mbedtls_ssl_context *ssl );
-int mbedtls_ssl_tls13_process_finished_out( mbedtls_ssl_context *ssl );
 
 int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl );
 int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl );
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 83f7202242..9be6948cb2 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -853,7 +853,7 @@ cleanup:
  * Implementation
  */
 
-static int ssl_tls13_prepare_finished_in( mbedtls_ssl_context *ssl )
+static int ssl_tls13_preprocess_finished_message( mbedtls_ssl_context *ssl )
 {
     int ret;
 
@@ -906,7 +906,7 @@ static int ssl_tls13_parse_finished_message( mbedtls_ssl_context *ssl,
     return( 0 );
 }
 
-static int ssl_tls13_finalize_server_finished_message( mbedtls_ssl_context *ssl )
+static int ssl_tls13_postprocess_server_finished_message( mbedtls_ssl_context *ssl )
 {
     int ret = 0;
     mbedtls_ssl_key_set traffic_keys;
@@ -964,12 +964,12 @@ cleanup:
     return( ret );
 }
 
-static int ssl_tls13_finalize_finished_message( mbedtls_ssl_context* ssl )
+static int ssl_tls13_postprocess_finished_message( mbedtls_ssl_context* ssl )
 {
 
     if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
     {
-        return( ssl_tls13_finalize_server_finished_message( ssl ) );
+        return( ssl_tls13_postprocess_server_finished_message( ssl ) );
     }
 
     return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
@@ -984,7 +984,7 @@ int mbedtls_ssl_tls13_process_finished_message( mbedtls_ssl_context *ssl )
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse finished_in" ) );
 
     /* Preprocessing step: Compute handshake digest */
-    MBEDTLS_SSL_PROC_CHK( ssl_tls13_prepare_finished_in( ssl ) );
+    MBEDTLS_SSL_PROC_CHK( ssl_tls13_preprocess_finished_message( ssl ) );
 
     MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls1_3_fetch_handshake_msg( ssl,
                                               MBEDTLS_SSL_HS_FINISHED,
@@ -992,7 +992,7 @@ int mbedtls_ssl_tls13_process_finished_message( mbedtls_ssl_context *ssl )
     MBEDTLS_SSL_PROC_CHK( ssl_tls13_parse_finished_message( ssl, buf, buf + buflen ) );
     mbedtls_ssl_tls1_3_add_hs_msg_to_checksum(
         ssl, MBEDTLS_SSL_HS_FINISHED, buf, buflen );
-    MBEDTLS_SSL_PROC_CHK( ssl_tls13_finalize_finished_message( ssl ) );
+    MBEDTLS_SSL_PROC_CHK( ssl_tls13_postprocess_finished_message( ssl ) );
 
 cleanup:
 
diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index 8f089f580b..fbbf096c98 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -644,14 +644,14 @@ exit:
 }
 
 int mbedtls_ssl_tls13_calculate_verify_data( mbedtls_ssl_context* ssl,
-                                      unsigned char* dst,
-                                      size_t dst_len,
-                                      size_t *actual_len,
-                                      int from )
+                                             unsigned char* dst,
+                                             size_t dst_len,
+                                             size_t *actual_len,
+                                             int from )
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    unsigned char transcript[MBEDTLS_MD_MAX_SIZE];
+    unsigned char transcript[MBEDTLS_TLS1_3_MD_MAX_SIZE];
     size_t transcript_len;
 
     unsigned char const *base_key = NULL;
diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h
index c5c3a34162..53dbe732e8 100644
--- a/library/ssl_tls13_keys.h
+++ b/library/ssl_tls13_keys.h
@@ -615,7 +615,7 @@ int mbedtls_ssl_tls1_3_generate_application_keys(
  * \param dst_len    The size of \p dst in bytes.
  * \param actual_len The address at which to store the amount of data
  *                   actually written to \p dst upon success.
- * \param from       The message to calculate the `verify_data` for:
+ * \param which      The message to calculate the `verify_data` for:
  *                   - #MBEDTLS_SSL_IS_CLIENT for the Client's Finished message
  *                   - #MBEDTLS_SSL_IS_SERVER for the Server's Finished message
  *
@@ -627,9 +627,9 @@ int mbedtls_ssl_tls1_3_generate_application_keys(
  * \returns    A negative error code on failure.
  */
 int mbedtls_ssl_tls13_calculate_verify_data( mbedtls_ssl_context *ssl,
-                                                    unsigned char *dst,
-                                                    size_t dst_len,
-                                                    size_t *actual_len,
-                                                    int from );
+                                             unsigned char *dst,
+                                             size_t dst_len,
+                                             size_t *actual_len,
+                                             int which );
 
 #endif /* MBEDTLS_SSL_TLS1_3_KEYS_H */

From 57b2aff8a8bc32a5bf81087321f95f2c1e235e3d Mon Sep 17 00:00:00 2001
From: XiaokangQian <xiaokang.qian@arm.com>
Date: Wed, 10 Nov 2021 03:12:11 +0000
Subject: [PATCH 935/966] Align the union size

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
---
 library/ssl_misc.h | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index c0a370e06b..362117fd9a 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -729,6 +729,8 @@ struct mbedtls_ssl_handshake_params
         /* Incoming Finished message */
         struct
         {
+            uint8_t preparation_done;
+
             /* Buffer holding digest of the handshake up to but
              * excluding the peer's incoming finished message. */
             unsigned char digest[MBEDTLS_TLS1_3_MD_MAX_SIZE];

From d0aa3e930764be11c659729de019cef51ee152eb Mon Sep 17 00:00:00 2001
From: XiaokangQian <xiaokang.qian@arm.com>
Date: Wed, 10 Nov 2021 06:17:40 +0000
Subject: [PATCH 936/966] Inprove code base on review comments

Change debug messag for server finished.
Change name of generate_application_keys.
Remove the client vertificate tests from ssl-opt.sh.
Add test strings for server finished in ssl-opt.sh.

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
---
 library/ssl_tls13_generic.c |  8 ++++----
 library/ssl_tls13_keys.c    |  2 +-
 library/ssl_tls13_keys.h    |  4 ++--
 tests/ssl-opt.sh            | 11 +++++------
 4 files changed, 12 insertions(+), 13 deletions(-)

diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 9be6948cb2..91b4bdfecc 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -920,12 +920,12 @@ static int ssl_tls13_postprocess_server_finished_message( mbedtls_ssl_context *s
         goto cleanup;
     }
 
-    ret = mbedtls_ssl_tls1_3_generate_application_keys(
+    ret = mbedtls_ssl_tls13_generate_application_keys(
         ssl, &traffic_keys );
     if( ret != 0 )
     {
         MBEDTLS_SSL_DEBUG_RET( 1,
-            "mbedtls_ssl_tls1_3_generate_application_keys", ret );
+            "mbedtls_ssl_tls13_generate_application_keys", ret );
         goto cleanup;
     }
 
@@ -981,7 +981,7 @@ int mbedtls_ssl_tls13_process_finished_message( mbedtls_ssl_context *ssl )
     unsigned char *buf;
     size_t buflen;
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse finished_in" ) );
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse finished message" ) );
 
     /* Preprocessing step: Compute handshake digest */
     MBEDTLS_SSL_PROC_CHK( ssl_tls13_preprocess_finished_message( ssl ) );
@@ -996,7 +996,7 @@ int mbedtls_ssl_tls13_process_finished_message( mbedtls_ssl_context *ssl )
 
 cleanup:
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse finished_in" ) );
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse finished message" ) );
     return( ret );
 }
 
diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index fbbf096c98..c035504bf0 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -1111,7 +1111,7 @@ int mbedtls_ssl_tls13_key_schedule_stage_handshake( mbedtls_ssl_context *ssl )
 /* Generate application traffic keys since any records following a 1-RTT Finished message
  * MUST be encrypted under the application traffic key.
  */
-int mbedtls_ssl_tls1_3_generate_application_keys(
+int mbedtls_ssl_tls13_generate_application_keys(
                                         mbedtls_ssl_context *ssl,
                                         mbedtls_ssl_key_set *traffic_keys )
 {
diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h
index 53dbe732e8..7ea018339e 100644
--- a/library/ssl_tls13_keys.h
+++ b/library/ssl_tls13_keys.h
@@ -577,7 +577,7 @@ int mbedtls_ssl_tls13_generate_handshake_keys( mbedtls_ssl_context *ssl,
  *        with states Initial -> Early -> Handshake -> Application, and
  *        this function represents the Handshake -> Application transition.
  *
- *        In the handshake stage, mbedtls_ssl_tls1_3_generate_application_keys()
+ *        In the handshake stage, mbedtls_ssl_tls13_generate_application_keys()
  *        can be used to derive the handshake traffic keys.
  *
  * \param ssl  The SSL context to operate on. This must be in key schedule
@@ -601,7 +601,7 @@ int mbedtls_ssl_tls13_key_schedule_stage_application(
  * \returns    \c 0 on success.
  * \returns    A negative error code on failure.
  */
-int mbedtls_ssl_tls1_3_generate_application_keys(
+int mbedtls_ssl_tls13_generate_application_keys(
     mbedtls_ssl_context* ssl, mbedtls_ssl_key_set *traffic_keys );
 
 /**
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 0e78356bc9..997bdee639 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -8820,9 +8820,7 @@ run_test    "TLS1.3: Test client hello msg work - openssl" \
             -c "tls1_3 client state: 19"    \
             -c "tls1_3 client state: 5"     \
             -c "tls1_3 client state: 3"     \
-            -c "tls1_3 client state: 9"     \
             -c "tls1_3 client state: 13"    \
-            -c "tls1_3 client state: 7"     \
             -c "tls1_3 client state: 20"    \
             -c "tls1_3 client state: 11"    \
             -c "tls1_3 client state: 14"    \
@@ -8835,7 +8833,8 @@ run_test    "TLS1.3: Test client hello msg work - openssl" \
             -c "Certificate verification flags clear" \
             -c "=> parse certificate verify"          \
             -c "<= parse certificate verify"          \
-            -c "mbedtls_ssl_tls13_process_certificate_verify() returned 0"
+            -c "mbedtls_ssl_tls13_process_certificate_verify() returned 0" \
+            -c "<= parse finished message"
 
 requires_gnutls_tls1_3
 requires_gnutls_next_no_ticket
@@ -8853,9 +8852,7 @@ run_test    "TLS1.3: Test client hello msg work - gnutls" \
             -c "tls1_3 client state: 19"    \
             -c "tls1_3 client state: 5"     \
             -c "tls1_3 client state: 3"     \
-            -c "tls1_3 client state: 9"     \
             -c "tls1_3 client state: 13"    \
-            -c "tls1_3 client state: 7"     \
             -c "tls1_3 client state: 20"    \
             -c "tls1_3 client state: 11"    \
             -c "tls1_3 client state: 14"    \
@@ -8868,7 +8865,9 @@ run_test    "TLS1.3: Test client hello msg work - gnutls" \
             -c "Certificate verification flags clear" \
             -c "=> parse certificate verify"          \
             -c "<= parse certificate verify"          \
-            -c "mbedtls_ssl_tls13_process_certificate_verify() returned 0"
+            -c "mbedtls_ssl_tls13_process_certificate_verify() returned 0" \
+            -c "<= parse finished message"
+
 
 # Test heap memory usage after handshake
 requires_config_enabled MBEDTLS_MEMORY_DEBUG

From d6914e3196909a00fe0ade7af64c0a921ebd0b96 Mon Sep 17 00:00:00 2001
From: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
Date: Wed, 10 Nov 2021 10:46:11 +0100
Subject: [PATCH 937/966] ssl_client2/ssl_server2: Rework ordering of cleanup

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
---
 programs/ssl/ssl_client2.c | 25 ++++++++-------
 programs/ssl/ssl_server2.c | 64 ++++++++++++++++++++------------------
 2 files changed, 46 insertions(+), 43 deletions(-)

diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 4360fd3438..01459c08ed 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -3019,6 +3019,19 @@ exit:
 
     mbedtls_net_free( &server_fd );
 
+    mbedtls_ssl_free( &ssl );
+    mbedtls_ssl_config_free( &conf );
+    mbedtls_ssl_session_free( &saved_session );
+
+    if( session_data != NULL )
+        mbedtls_platform_zeroize( session_data, session_data_len );
+    mbedtls_free( session_data );
+#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
+    if( context_buf != NULL )
+        mbedtls_platform_zeroize( context_buf, context_buf_len );
+    mbedtls_free( context_buf );
+#endif
+
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
     mbedtls_x509_crt_free( &clicert );
     mbedtls_x509_crt_free( &cacert );
@@ -3049,10 +3062,6 @@ exit:
 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED &&
           MBEDTLS_USE_PSA_CRYPTO */
 
-    mbedtls_ssl_session_free( &saved_session );
-    mbedtls_ssl_free( &ssl );
-    mbedtls_ssl_config_free( &conf );
-
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
     const char* message = mbedtls_test_helper_is_psa_leaking();
     if( message )
@@ -3071,14 +3080,6 @@ exit:
 #endif
 
     rng_free( &rng );
-    if( session_data != NULL )
-        mbedtls_platform_zeroize( session_data, session_data_len );
-    mbedtls_free( session_data );
-#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
-    if( context_buf != NULL )
-        mbedtls_platform_zeroize( context_buf, context_buf_len );
-    mbedtls_free( context_buf );
-#endif
 
 #if defined(MBEDTLS_TEST_HOOKS)
     if( test_hooks_failure_detected( ) )
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 6a4a033aa9..6f5d118d62 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -3951,9 +3951,35 @@ exit:
     mbedtls_net_free( &client_fd );
     mbedtls_net_free( &listen_fd );
 
-#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO)
-    mbedtls_dhm_free( &dhm );
+    mbedtls_ssl_free( &ssl );
+    mbedtls_ssl_config_free( &conf );
+
+#if defined(MBEDTLS_SSL_CACHE_C)
+    mbedtls_ssl_cache_free( &cache );
 #endif
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+    mbedtls_ssl_ticket_free( &ticket_ctx );
+#endif
+#if defined(MBEDTLS_SSL_COOKIE_C)
+    mbedtls_ssl_cookie_free( &cookie_ctx );
+#endif
+
+#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
+    if( context_buf != NULL )
+        mbedtls_platform_zeroize( context_buf, context_buf_len );
+    mbedtls_free( context_buf );
+#endif
+
+#if defined(SNI_OPTION)
+    sni_free( sni_info );
+#endif
+
+#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+    ret = psk_free( psk_info );
+    if( ( ret != 0 ) && ( opt.query_config_mode == DFL_QUERY_CONFIG_MODE ) )
+        mbedtls_printf( "Failed to list of opaque PSKs - error was %d\n", ret );
+#endif
+
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
     mbedtls_x509_crt_free( &cacert );
     mbedtls_x509_crt_free( &srvcert );
@@ -3965,6 +3991,11 @@ exit:
     psa_destroy_key( key_slot2 );
 #endif
 #endif
+
+#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO)
+    mbedtls_dhm_free( &dhm );
+#endif
+
 #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
     for( i = 0; (size_t) i < ssl_async_keys.slots_used; i++ )
     {
@@ -3976,17 +4007,6 @@ exit:
         }
     }
 #endif
-#if defined(SNI_OPTION)
-    sni_free( sni_info );
-#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
-    ret = psk_free( psk_info );
-    if( ( ret != 0 ) && ( opt.query_config_mode == DFL_QUERY_CONFIG_MODE ) )
-        mbedtls_printf( "Failed to list of opaque PSKs - error was %d\n", ret );
-#endif
-#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO)
-    mbedtls_dhm_free( &dhm );
-#endif
 
 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) && \
     defined(MBEDTLS_USE_PSA_CRYPTO)
@@ -4007,16 +4027,6 @@ exit:
 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED &&
           MBEDTLS_USE_PSA_CRYPTO */
 
-#if defined(MBEDTLS_SSL_CACHE_C)
-    mbedtls_ssl_cache_free( &cache );
-#endif
-#if defined(MBEDTLS_SSL_SESSION_TICKETS)
-    mbedtls_ssl_ticket_free( &ticket_ctx );
-#endif
-#if defined(MBEDTLS_SSL_COOKIE_C)
-    mbedtls_ssl_cookie_free( &cookie_ctx );
-#endif
-
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
     const char* message = mbedtls_test_helper_is_psa_leaking();
     if( message )
@@ -4034,18 +4044,10 @@ exit:
     mbedtls_psa_crypto_free( );
 #endif
 
-    mbedtls_ssl_free( &ssl );
-    mbedtls_ssl_config_free( &conf );
     rng_free( &rng );
 
     mbedtls_free( buf );
 
-#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
-    if( context_buf != NULL )
-        mbedtls_platform_zeroize( context_buf, context_buf_len );
-    mbedtls_free( context_buf );
-#endif
-
 #if defined(MBEDTLS_TEST_HOOKS)
     /* Let test hooks detect errors such as resource leaks.
      * Don't do it in query_config mode, because some test code prints

From 0eedd36557b43174519dd88c44b5a98f9ee76e7f Mon Sep 17 00:00:00 2001
From: Tom Cosgrove <tom.cosgrove@arm.com>
Date: Wed, 10 Nov 2021 11:15:46 +0000
Subject: [PATCH 938/966] Serialise builds of the .a files on Windows

This is a workaround for an issue with mkstemp() in older MinGW releases that
causes simultaneous creation of .a files in the same directory to fail.

Fixes #5146

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
---
 library/Makefile | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/library/Makefile b/library/Makefile
index 01e85cf5b3..15c9a8b153 100644
--- a/library/Makefile
+++ b/library/Makefile
@@ -186,6 +186,14 @@ static: libmbedcrypto.a libmbedx509.a libmbedtls.a
 
 shared: libmbedcrypto.$(DLEXT) libmbedx509.$(DLEXT) libmbedtls.$(DLEXT)
 
+# Windows builds under Mingw can fail if make tries to create archives in the same
+# directory at the same time - see https://bugs.launchpad.net/gcc-arm-embedded/+bug/1848002.
+# This forces builds of the .a files to be serialised.
+ifdef WINDOWS
+libmbedtls.a: | libmbedx509.a
+libmbedx509.a: | libmbedcrypto.a
+endif
+
 # tls
 libmbedtls.a: $(OBJS_TLS)
 	echo "  AR    $@"

From d6d234f69879d0038214724b8b14c7b52a38c551 Mon Sep 17 00:00:00 2001
From: XiaokangQian <xiaokang.qian@arm.com>
Date: Thu, 11 Nov 2021 02:22:12 +0000
Subject: [PATCH 939/966] Solve the ABI_API check issue for mbedtls_ssl_session

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
---
 include/mbedtls/ssl.h | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index fba8f8f846..89cc0513e7 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1124,7 +1124,9 @@ struct mbedtls_ssl_session
      * to be studied whether one of them can be removed. */
     unsigned char MBEDTLS_PRIVATE(minor_ver);    /*!< The TLS version used in the session. */
 
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
     mbedtls_ssl_tls1_3_application_secrets MBEDTLS_PRIVATE(app_secrets);
+#endif
 
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
 #if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)

From 33062847764d9dd4c13cc7990fc3ba0b207cd097 Mon Sep 17 00:00:00 2001
From: XiaokangQian <xiaokang.qian@arm.com>
Date: Thu, 11 Nov 2021 03:37:45 +0000
Subject: [PATCH 940/966] Change code base on comments

Remove client certificate verify in tests.
Change the layout of structure to fix abi_api check issues.
Add comments of Finished.
Align with the coding styles.

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
---
 include/mbedtls/ssl.h       |  8 ++++----
 library/ssl_tls13_generic.c | 32 ++++++++++++++++++++------------
 library/ssl_tls13_keys.c    | 30 ++++++++++++++++--------------
 tests/ssl-opt.sh            |  4 ++--
 4 files changed, 42 insertions(+), 32 deletions(-)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 89cc0513e7..45e05447be 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1124,10 +1124,6 @@ struct mbedtls_ssl_session
      * to be studied whether one of them can be removed. */
     unsigned char MBEDTLS_PRIVATE(minor_ver);    /*!< The TLS version used in the session. */
 
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
-    mbedtls_ssl_tls1_3_application_secrets MBEDTLS_PRIVATE(app_secrets);
-#endif
-
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
 #if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
     mbedtls_x509_crt *MBEDTLS_PRIVATE(peer_cert);       /*!< peer X.509 cert chain */
@@ -1154,6 +1150,10 @@ struct mbedtls_ssl_session
 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
     int MBEDTLS_PRIVATE(encrypt_then_mac);       /*!< flag for EtM activation                */
 #endif
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+    mbedtls_ssl_tls1_3_application_secrets MBEDTLS_PRIVATE(app_secrets);
+#endif
 };
 
 /*
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 91b4bdfecc..e989d71770 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -876,8 +876,17 @@ static int ssl_tls13_parse_finished_message( mbedtls_ssl_context *ssl,
                                              const unsigned char *buf,
                                              const unsigned char *end )
 {
+    /*
+     * struct {
+     * opaque verify_data[Hash.length];
+     * } Finished;
+     */
+    const unsigned char *expected_verify_data =
+        ssl->handshake->state_local.finished_in.digest;
+    size_t expected_verify_data_len =
+        ssl->handshake->state_local.finished_in.digest_len;
     /* Structural validation */
-    if( (size_t)( end - buf ) != ssl->handshake->state_local.finished_in.digest_len )
+    if( (size_t)( end - buf ) != expected_verify_data_len )
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad finished message" ) );
 
@@ -887,19 +896,19 @@ static int ssl_tls13_parse_finished_message( mbedtls_ssl_context *ssl,
     }
 
     MBEDTLS_SSL_DEBUG_BUF( 4, "verify_data (self-computed):",
-                           ssl->handshake->state_local.finished_in.digest,
-                           ssl->handshake->state_local.finished_in.digest_len );
+                           expected_verify_data,
+                           expected_verify_data_len );
     MBEDTLS_SSL_DEBUG_BUF( 4, "verify_data (received message):", buf,
-                           ssl->handshake->state_local.finished_in.digest_len );
+                           expected_verify_data_len );
 
     /* Semantic validation */
     if( mbedtls_ssl_safer_memcmp( buf,
-                   ssl->handshake->state_local.finished_in.digest,
-                   ssl->handshake->state_local.finished_in.digest_len ) != 0 )
+                                  expected_verify_data,
+                                  expected_verify_data_len ) != 0 )
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad finished message" ) );
 
-        MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,
+        MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR,
                               MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
         return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
     }
@@ -908,7 +917,7 @@ static int ssl_tls13_parse_finished_message( mbedtls_ssl_context *ssl,
 
 static int ssl_tls13_postprocess_server_finished_message( mbedtls_ssl_context *ssl )
 {
-    int ret = 0;
+    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_ssl_key_set traffic_keys;
     mbedtls_ssl_transform *transform_application = NULL;
 
@@ -920,8 +929,7 @@ static int ssl_tls13_postprocess_server_finished_message( mbedtls_ssl_context *s
         goto cleanup;
     }
 
-    ret = mbedtls_ssl_tls13_generate_application_keys(
-        ssl, &traffic_keys );
+    ret = mbedtls_ssl_tls13_generate_application_keys( ssl, &traffic_keys );
     if( ret != 0 )
     {
         MBEDTLS_SSL_DEBUG_RET( 1,
@@ -953,7 +961,7 @@ static int ssl_tls13_postprocess_server_finished_message( mbedtls_ssl_context *s
 
 cleanup:
 
-    mbedtls_platform_zeroize( &traffic_keys, sizeof( mbedtls_ssl_key_set ) );
+    mbedtls_platform_zeroize( &traffic_keys, sizeof( traffic_keys ) );
     if( ret != 0 )
     {
         mbedtls_free( transform_application );
@@ -977,7 +985,7 @@ static int ssl_tls13_postprocess_finished_message( mbedtls_ssl_context* ssl )
 
 int mbedtls_ssl_tls13_process_finished_message( mbedtls_ssl_context *ssl )
 {
-    int ret = 0;
+    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char *buf;
     size_t buflen;
 
diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index c035504bf0..a030b65d30 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -568,7 +568,8 @@ int mbedtls_ssl_tls13_key_schedule_stage_application(
     mbedtls_ssl_context *ssl )
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    mbedtls_md_type_t const md_type = ssl->handshake->ciphersuite_info->mac;
+    mbedtls_ssl_handshake_params *handshake = ssl->handshake;
+    mbedtls_md_type_t const md_type = handshake->ciphersuite_info->mac;
 #if defined(MBEDTLS_DEBUG_C)
     mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type );
     size_t const md_size = mbedtls_md_get_size( md_info );
@@ -578,9 +579,9 @@ int mbedtls_ssl_tls13_key_schedule_stage_application(
      * Compute MasterSecret
      */
     ret = mbedtls_ssl_tls1_3_evolve_secret( md_type,
-                    ssl->handshake->tls1_3_master_secrets.handshake,
+                    handshake->tls1_3_master_secrets.handshake,
                     NULL, 0,
-                    ssl->handshake->tls1_3_master_secrets.app );
+                    handshake->tls1_3_master_secrets.app );
     if( ret != 0 )
     {
         MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_evolve_secret", ret );
@@ -588,7 +589,7 @@ int mbedtls_ssl_tls13_key_schedule_stage_application(
     }
 
     MBEDTLS_SSL_DEBUG_BUF( 4, "Master secret",
-             ssl->handshake->tls1_3_master_secrets.app, md_size );
+             handshake->tls1_3_master_secrets.app, md_size );
 
     return( 0 );
 }
@@ -690,7 +691,7 @@ int mbedtls_ssl_tls13_calculate_verify_data( mbedtls_ssl_context* ssl,
 
 exit:
 
-    mbedtls_platform_zeroize( transcript, sizeof( transcript) );
+    mbedtls_platform_zeroize( transcript, sizeof( transcript ) );
     return( ret );
 }
 
@@ -1116,13 +1117,14 @@ int mbedtls_ssl_tls13_generate_application_keys(
                                         mbedtls_ssl_key_set *traffic_keys )
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+    mbedtls_ssl_handshake_params *handshake = ssl->handshake;
 
     /* Address at which to store the application secrets */
     mbedtls_ssl_tls1_3_application_secrets * const app_secrets =
         &ssl->session_negotiate->app_secrets;
 
     /* Holding the transcript up to and including the ServerFinished */
-    unsigned char transcript[MBEDTLS_MD_MAX_SIZE];
+    unsigned char transcript[MBEDTLS_TLS1_3_MD_MAX_SIZE];
     size_t transcript_len;
 
     /* Variables relating to the hash for the chosen ciphersuite. */
@@ -1139,11 +1141,11 @@ int mbedtls_ssl_tls13_generate_application_keys(
     /* Extract basic information about hash and ciphersuite */
 
     cipher_info = mbedtls_cipher_info_from_type(
-                                  ssl->handshake->ciphersuite_info->cipher );
+                                  handshake->ciphersuite_info->cipher );
     keylen = cipher_info->key_bitlen / 8;
     ivlen = cipher_info->iv_size;
 
-    md_type = ssl->handshake->ciphersuite_info->mac;
+    md_type = handshake->ciphersuite_info->mac;
     md_info = mbedtls_md_info_from_type( md_type );
     md_size = mbedtls_md_get_size( md_info );
 
@@ -1159,7 +1161,7 @@ int mbedtls_ssl_tls13_generate_application_keys(
     /* Compute application secrets from master secret and transcript hash. */
 
     ret = mbedtls_ssl_tls1_3_derive_application_secrets( md_type,
-                                   ssl->handshake->tls1_3_master_secrets.app,
+                                   handshake->tls1_3_master_secrets.app,
                                    transcript, transcript_len,
                                    app_secrets );
     if( ret != 0 )
@@ -1197,16 +1199,16 @@ int mbedtls_ssl_tls13_generate_application_keys(
         ssl->f_export_keys( ssl->p_export_keys,
                 MBEDTLS_SSL_KEY_EXPORT_TLS13_CLIENT_APPLICATION_TRAFFIC_SECRET,
                 app_secrets->client_application_traffic_secret_N, md_size,
-                ssl->handshake->randbytes + 32,
-                ssl->handshake->randbytes,
+                handshake->randbytes + 32,
+                handshake->randbytes,
                 MBEDTLS_SSL_TLS_PRF_NONE /* TODO: this should be replaced by
                                             a new constant for TLS 1.3! */ );
 
         ssl->f_export_keys( ssl->p_export_keys,
                 MBEDTLS_SSL_KEY_EXPORT_TLS13_SERVER_APPLICATION_TRAFFIC_SECRET,
                 app_secrets->server_application_traffic_secret_N, md_size,
-                ssl->handshake->randbytes + 32,
-                ssl->handshake->randbytes,
+                handshake->randbytes + 32,
+                handshake->randbytes,
                 MBEDTLS_SSL_TLS_PRF_NONE /* TODO: this should be replaced by
                                             a new constant for TLS 1.3! */ );
     }
@@ -1224,7 +1226,7 @@ int mbedtls_ssl_tls13_generate_application_keys(
 
  cleanup:
 
-    mbedtls_platform_zeroize( transcript, sizeof(transcript) );
+    mbedtls_platform_zeroize( transcript, sizeof( transcript ) );
     return( ret );
 }
 
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 997bdee639..43759c59e4 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -8820,8 +8820,8 @@ run_test    "TLS1.3: Test client hello msg work - openssl" \
             -c "tls1_3 client state: 19"    \
             -c "tls1_3 client state: 5"     \
             -c "tls1_3 client state: 3"     \
+            -c "tls1_3 client state: 9"     \
             -c "tls1_3 client state: 13"    \
-            -c "tls1_3 client state: 20"    \
             -c "tls1_3 client state: 11"    \
             -c "tls1_3 client state: 14"    \
             -c "tls1_3 client state: 15"    \
@@ -8852,8 +8852,8 @@ run_test    "TLS1.3: Test client hello msg work - gnutls" \
             -c "tls1_3 client state: 19"    \
             -c "tls1_3 client state: 5"     \
             -c "tls1_3 client state: 3"     \
+            -c "tls1_3 client state: 9"     \
             -c "tls1_3 client state: 13"    \
-            -c "tls1_3 client state: 20"    \
             -c "tls1_3 client state: 11"    \
             -c "tls1_3 client state: 14"    \
             -c "tls1_3 client state: 15"    \

From c13f935c05df20d6cb80380d3b0fb40a754dfda9 Mon Sep 17 00:00:00 2001
From: XiaokangQian <xiaokang.qian@arm.com>
Date: Thu, 11 Nov 2021 06:13:22 +0000
Subject: [PATCH 941/966] Align code styles of indent and so on

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
---
 library/ssl_tls13_generic.c | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index e989d71770..42c786aee0 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -862,7 +862,7 @@ static int ssl_tls13_preprocess_finished_message( mbedtls_ssl_context *ssl )
                     sizeof( ssl->handshake->state_local.finished_in.digest ),
                     &ssl->handshake->state_local.finished_in.digest_len,
                     ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ?
-                    MBEDTLS_SSL_IS_SERVER : MBEDTLS_SSL_IS_CLIENT );
+                        MBEDTLS_SSL_IS_SERVER : MBEDTLS_SSL_IS_CLIENT );
     if( ret != 0 )
     {
         MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_calculate_verify_data", ret );
@@ -878,7 +878,7 @@ static int ssl_tls13_parse_finished_message( mbedtls_ssl_context *ssl,
 {
     /*
      * struct {
-     * opaque verify_data[Hash.length];
+     *     opaque verify_data[Hash.length];
      * } Finished;
      */
     const unsigned char *expected_verify_data =
@@ -891,7 +891,7 @@ static int ssl_tls13_parse_finished_message( mbedtls_ssl_context *ssl,
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad finished message" ) );
 
         MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,
-                              MBEDTLS_ERR_SSL_DECODE_ERROR );
+                                      MBEDTLS_ERR_SSL_DECODE_ERROR );
         return( MBEDTLS_ERR_SSL_DECODE_ERROR );
     }
 
@@ -909,12 +909,14 @@ static int ssl_tls13_parse_finished_message( mbedtls_ssl_context *ssl,
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad finished message" ) );
 
         MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR,
-                              MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+                                      MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
         return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
     }
     return( 0 );
 }
 
+
+#if defined(MBEDTLS_SSL_CLI_C)
 static int ssl_tls13_postprocess_server_finished_message( mbedtls_ssl_context *ssl )
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@@ -971,14 +973,19 @@ cleanup:
     }
     return( ret );
 }
+#endif /* MBEDTLS_SSL_CLI_C */
 
 static int ssl_tls13_postprocess_finished_message( mbedtls_ssl_context* ssl )
 {
 
+#if defined(MBEDTLS_SSL_CLI_C)
     if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
     {
         return( ssl_tls13_postprocess_server_finished_message( ssl ) );
     }
+#else
+    ((void) ssl);
+#endif /* MBEDTLS_SSL_CLI_C */
 
     return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
 }

From a4c99f2c2d85595cb248fe04638796adb89e3612 Mon Sep 17 00:00:00 2001
From: XiaokangQian <xiaokang.qian@arm.com>
Date: Thu, 11 Nov 2021 06:46:35 +0000
Subject: [PATCH 942/966] Remove useless blank line

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
---
 library/ssl_tls13_generic.c | 1 -
 library/ssl_tls13_keys.c    | 3 +--
 library/ssl_tls13_keys.h    | 3 +--
 3 files changed, 2 insertions(+), 5 deletions(-)

diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 42c786aee0..b2a70f3cdd 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -915,7 +915,6 @@ static int ssl_tls13_parse_finished_message( mbedtls_ssl_context *ssl,
     return( 0 );
 }
 
-
 #if defined(MBEDTLS_SSL_CLI_C)
 static int ssl_tls13_postprocess_server_finished_message( mbedtls_ssl_context *ssl )
 {
diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index a030b65d30..3ca28d56ec 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -564,8 +564,7 @@ int mbedtls_ssl_tls1_3_derive_resumption_master_secret(
     return( 0 );
 }
 
-int mbedtls_ssl_tls13_key_schedule_stage_application(
-    mbedtls_ssl_context *ssl )
+int mbedtls_ssl_tls13_key_schedule_stage_application( mbedtls_ssl_context *ssl )
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_ssl_handshake_params *handshake = ssl->handshake;
diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h
index 7ea018339e..d598448b5e 100644
--- a/library/ssl_tls13_keys.h
+++ b/library/ssl_tls13_keys.h
@@ -586,8 +586,7 @@ int mbedtls_ssl_tls13_generate_handshake_keys( mbedtls_ssl_context *ssl,
  * \returns    \c 0 on success.
  * \returns    A negative error code on failure.
  */
-int mbedtls_ssl_tls13_key_schedule_stage_application(
-    mbedtls_ssl_context *ssl );
+int mbedtls_ssl_tls13_key_schedule_stage_application( mbedtls_ssl_context *ssl );
 
 /**
  * \brief Compute TLS 1.3 application traffic keys.

From 74af2a827ed385235d9ccf6055017b6cad5adfcf Mon Sep 17 00:00:00 2001
From: XiaokangQian <xiaokang.qian@arm.com>
Date: Wed, 22 Sep 2021 07:40:30 +0000
Subject: [PATCH 943/966] TLS1.3: Add client finish processing in client side

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
---
 library/ssl_tls13_client.c  |   8 +--
 library/ssl_tls13_generic.c | 126 ++++++++++++++++++++++++++++++++++++
 library/ssl_tls13_keys.c    |  50 ++++++++++++++
 3 files changed, 179 insertions(+), 5 deletions(-)

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 6deab2a8c7..a0f0c9c986 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -1618,11 +1618,9 @@ static int ssl_tls1_3_process_server_finished( mbedtls_ssl_context *ssl )
 /*
  * Handler for MBEDTLS_SSL_CLIENT_FINISHED
  */
-static int ssl_tls1_3_write_client_finished( mbedtls_ssl_context *ssl )
+static int ssl_tls13_write_client_finished( mbedtls_ssl_context *ssl )
 {
-    MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) );
-    mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_FLUSH_BUFFERS );
-    return( 0 );
+    return ( mbedtls_ssl_tls1_3_finished_out_process( ssl ) );
 }
 
 /*
@@ -1689,7 +1687,7 @@ int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl )
             break;
 
         case MBEDTLS_SSL_CLIENT_FINISHED:
-            ret = ssl_tls1_3_write_client_finished( ssl );
+            ret = ssl_tls13_write_client_finished( ssl );
             break;
 
         case MBEDTLS_SSL_FLUSH_BUFFERS:
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index b2a70f3cdd..a42ede1e39 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -29,6 +29,7 @@
 #include "mbedtls/debug.h"
 #include "mbedtls/oid.h"
 #include "mbedtls/platform.h"
+#include <string.h>
 
 #include "ssl_misc.h"
 #include "ssl_tls13_keys.h"
@@ -1014,6 +1015,131 @@ cleanup:
     return( ret );
 }
 
+/*
+ *
+ * STATE HANDLING: Outgoing Finished
+ *
+ */
+
+/*
+ * Overview
+ */
+
+/* Main entry point: orchestrates the other functions */
+
+int mbedtls_ssl_finished_out_process( mbedtls_ssl_context *ssl );
+
+static int ssl_finished_out_prepare( mbedtls_ssl_context *ssl );
+static int ssl_finished_out_write( mbedtls_ssl_context *ssl,
+                                   unsigned char *buf,
+                                   size_t buflen,
+                                   size_t *olen );
+static int ssl_finished_out_postprocess( mbedtls_ssl_context *ssl );
+
+
+int mbedtls_ssl_tls1_3_finished_out_process( mbedtls_ssl_context *ssl )
+{
+    int ret;
+    unsigned char *buf;
+    size_t buf_len, msg_len;
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write finished" ) );
+
+    if( !ssl->handshake->state_local.finished_out.preparation_done )
+    {
+        MBEDTLS_SSL_PROC_CHK( ssl_finished_out_prepare( ssl ) );
+        ssl->handshake->state_local.finished_out.preparation_done = 1;
+    }
+
+    MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_start_handshake_msg( ssl,
+                         MBEDTLS_SSL_HS_FINISHED, &buf, &buf_len ) );
+
+    MBEDTLS_SSL_PROC_CHK( ssl_finished_out_write(
+                              ssl, buf, buf_len, &msg_len ) );
+
+    mbedtls_ssl_tls1_3_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_FINISHED,
+                                        buf, msg_len );
+
+    MBEDTLS_SSL_PROC_CHK( ssl_finished_out_postprocess( ssl ) );
+    MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_finish_handshake_msg( ssl,
+                                              buf_len, msg_len ) );
+    MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_flush_output( ssl ) );
+
+cleanup:
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write finished" ) );
+    return( ret );
+}
+
+static int ssl_finished_out_prepare( mbedtls_ssl_context *ssl )
+{
+    int ret;
+
+    /* Compute transcript of handshake up to now. */
+    ret = mbedtls_ssl_tls1_3_calc_finished( ssl,
+                    ssl->handshake->state_local.finished_out.digest,
+                    sizeof( ssl->handshake->state_local.finished_out.digest ),
+                    &ssl->handshake->state_local.finished_out.digest_len,
+                    ssl->conf->endpoint );
+
+    if( ret != 0 )
+    {
+         MBEDTLS_SSL_DEBUG_RET( 1, "calc_finished failed", ret );
+        return( ret );
+    }
+
+    return( 0 );
+}
+
+static int ssl_finished_out_postprocess( mbedtls_ssl_context *ssl )
+{
+    int ret = 0;
+
+#if defined(MBEDTLS_SSL_CLI_C)
+    if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
+    {
+        /* Compute resumption_master_secret */
+        ret = mbedtls_ssl_tls1_3_generate_resumption_master_secret( ssl );
+        if( ret != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1,
+                    "mbedtls_ssl_tls1_3_generate_resumption_master_secret ", ret );
+            return ( ret );
+        }
+
+        mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_FLUSH_BUFFERS );
+    }
+    else
+#endif /* MBEDTLS_SSL_CLI_C */
+    {
+        /* Should never happen */
+        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    }
+
+    return( 0 );
+}
+
+static int ssl_finished_out_write( mbedtls_ssl_context *ssl,
+                                   unsigned char *buf,
+                                   size_t buflen,
+                                   size_t *olen )
+{
+    size_t finished_len = ssl->handshake->state_local.finished_out.digest_len;
+
+    /* Note: Even if DTLS is used, the current message writing functions
+     * write TLS headers, and it is only at sending time that the actual
+     * DTLS header is generated. That's why we unconditionally shift by
+     * 4 bytes here as opposed to mbedtls_ssl_hs_hdr_len( ssl ). */
+
+    if( buflen < finished_len )
+        return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+
+    memcpy( buf, ssl->handshake->state_local.finished_out.digest,
+            ssl->handshake->state_local.finished_out.digest_len );
+
+    *olen = finished_len;
+    return( 0 );
+}
 
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
 
diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index 3ca28d56ec..6dc27a4514 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -593,6 +593,56 @@ int mbedtls_ssl_tls13_key_schedule_stage_application( mbedtls_ssl_context *ssl )
     return( 0 );
 }
 
+#if defined(MBEDTLS_SSL_NEW_SESSION_TICKET)
+int mbedtls_ssl_tls1_3_generate_resumption_master_secret(
+    mbedtls_ssl_context *ssl )
+{
+    int ret = 0;
+
+    mbedtls_md_type_t md_type;
+    mbedtls_md_info_t const *md_info;
+    size_t md_size;
+
+    unsigned char transcript[MBEDTLS_MD_MAX_SIZE];
+    size_t transcript_len;
+
+    MBEDTLS_SSL_DEBUG_MSG( 2,
+          ( "=> mbedtls_ssl_tls1_3_generate_resumption_master_secret" ) );
+
+    md_type = ssl->handshake->ciphersuite_info->mac;
+    md_info = mbedtls_md_info_from_type( md_type );
+    md_size = mbedtls_md_get_size( md_info );
+
+    ret = mbedtls_ssl_get_handshake_transcript( ssl, md_type,
+                                                transcript, sizeof( transcript ),
+                                                &transcript_len );
+    if( ret != 0 )
+        return( ret );
+
+    ret = mbedtls_ssl_tls1_3_derive_resumption_master_secret( md_type,
+                              ssl->handshake->tls1_3_master_secrets.app,
+                              transcript, transcript_len,
+                              &ssl->session_negotiate->app_secrets );
+    if( ret != 0 )
+        return( ret );
+
+    MBEDTLS_SSL_DEBUG_BUF( 4, "Resumption master secret",
+             ssl->session_negotiate->app_secrets.resumption_master_secret,
+             md_size );
+
+    MBEDTLS_SSL_DEBUG_MSG( 2,
+          ( "<= mbedtls_ssl_tls1_3_generate_resumption_master_secret" ) );
+    return( 0 );
+}
+#else /* MBEDTLS_SSL_NEW_SESSION_TICKET */
+int mbedtls_ssl_tls1_3_generate_resumption_master_secret(
+    mbedtls_ssl_context *ssl )
+{
+    ((void) ssl);
+    return( 0 );
+}
+#endif /* MBEDTLS_SSL_NEW_SESSION_TICKET */
+
 static int ssl_tls1_3_calc_finished_core( mbedtls_md_type_t md_type,
                                           unsigned char const *base_key,
                                           unsigned char const *transcript,

From eab1023dbf9ffe9ae986da7fc053b2ee51c5b8bd Mon Sep 17 00:00:00 2001
From: XiaokangQian <xiaokang.qian@arm.com>
Date: Mon, 25 Oct 2021 07:38:31 +0000
Subject: [PATCH 944/966] Fix some compiling errors for name mismatch

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
---
 library/ssl_tls13_client.c  | 2 +-
 library/ssl_tls13_generic.c | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index a0f0c9c986..b64d3269d1 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -1620,7 +1620,7 @@ static int ssl_tls1_3_process_server_finished( mbedtls_ssl_context *ssl )
  */
 static int ssl_tls13_write_client_finished( mbedtls_ssl_context *ssl )
 {
-    return ( mbedtls_ssl_tls1_3_finished_out_process( ssl ) );
+    return ( mbedtls_ssl_tls13_finished_out_process( ssl ) );
 }
 
 /*
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index a42ede1e39..d1a20dfd13 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -1037,7 +1037,7 @@ static int ssl_finished_out_write( mbedtls_ssl_context *ssl,
 static int ssl_finished_out_postprocess( mbedtls_ssl_context *ssl );
 
 
-int mbedtls_ssl_tls1_3_finished_out_process( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_tls13_finished_out_process( mbedtls_ssl_context *ssl )
 {
     int ret;
     unsigned char *buf;
@@ -1076,7 +1076,7 @@ static int ssl_finished_out_prepare( mbedtls_ssl_context *ssl )
     int ret;
 
     /* Compute transcript of handshake up to now. */
-    ret = mbedtls_ssl_tls1_3_calc_finished( ssl,
+    ret = mbedtls_ssl_tls1_3_calculate_expected_finished( ssl,
                     ssl->handshake->state_local.finished_out.digest,
                     sizeof( ssl->handshake->state_local.finished_out.digest ),
                     &ssl->handshake->state_local.finished_out.digest_len,

From c00ba8131088b85d883cf0683c8fc2f9c9f7aecb Mon Sep 17 00:00:00 2001
From: XiaokangQian <xiaokang.qian@arm.com>
Date: Fri, 29 Oct 2021 02:42:35 +0000
Subject: [PATCH 945/966] Remove MBEDTLS_SSL_NEW_SESSION_TICKET in TLS1.3 MVP

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
---
 library/ssl_tls13_keys.c | 43 ----------------------------------------
 1 file changed, 43 deletions(-)

diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index 6dc27a4514..5eb52ab8c5 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -593,55 +593,12 @@ int mbedtls_ssl_tls13_key_schedule_stage_application( mbedtls_ssl_context *ssl )
     return( 0 );
 }
 
-#if defined(MBEDTLS_SSL_NEW_SESSION_TICKET)
-int mbedtls_ssl_tls1_3_generate_resumption_master_secret(
-    mbedtls_ssl_context *ssl )
-{
-    int ret = 0;
-
-    mbedtls_md_type_t md_type;
-    mbedtls_md_info_t const *md_info;
-    size_t md_size;
-
-    unsigned char transcript[MBEDTLS_MD_MAX_SIZE];
-    size_t transcript_len;
-
-    MBEDTLS_SSL_DEBUG_MSG( 2,
-          ( "=> mbedtls_ssl_tls1_3_generate_resumption_master_secret" ) );
-
-    md_type = ssl->handshake->ciphersuite_info->mac;
-    md_info = mbedtls_md_info_from_type( md_type );
-    md_size = mbedtls_md_get_size( md_info );
-
-    ret = mbedtls_ssl_get_handshake_transcript( ssl, md_type,
-                                                transcript, sizeof( transcript ),
-                                                &transcript_len );
-    if( ret != 0 )
-        return( ret );
-
-    ret = mbedtls_ssl_tls1_3_derive_resumption_master_secret( md_type,
-                              ssl->handshake->tls1_3_master_secrets.app,
-                              transcript, transcript_len,
-                              &ssl->session_negotiate->app_secrets );
-    if( ret != 0 )
-        return( ret );
-
-    MBEDTLS_SSL_DEBUG_BUF( 4, "Resumption master secret",
-             ssl->session_negotiate->app_secrets.resumption_master_secret,
-             md_size );
-
-    MBEDTLS_SSL_DEBUG_MSG( 2,
-          ( "<= mbedtls_ssl_tls1_3_generate_resumption_master_secret" ) );
-    return( 0 );
-}
-#else /* MBEDTLS_SSL_NEW_SESSION_TICKET */
 int mbedtls_ssl_tls1_3_generate_resumption_master_secret(
     mbedtls_ssl_context *ssl )
 {
     ((void) ssl);
     return( 0 );
 }
-#endif /* MBEDTLS_SSL_NEW_SESSION_TICKET */
 
 static int ssl_tls1_3_calc_finished_core( mbedtls_md_type_t md_type,
                                           unsigned char const *base_key,

From e1655e4db8b4972648621eff854e91d0f40e8c94 Mon Sep 17 00:00:00 2001
From: XiaokangQian <xiaokang.qian@arm.com>
Date: Wed, 3 Nov 2021 07:13:47 +0000
Subject: [PATCH 946/966] Change naming styles and fix ci failure

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
---
 library/ssl_tls13_client.c  |  2 +-
 library/ssl_tls13_generic.c | 23 +++++++++++------------
 2 files changed, 12 insertions(+), 13 deletions(-)

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index b64d3269d1..6c009213bf 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -1620,7 +1620,7 @@ static int ssl_tls1_3_process_server_finished( mbedtls_ssl_context *ssl )
  */
 static int ssl_tls13_write_client_finished( mbedtls_ssl_context *ssl )
 {
-    return ( mbedtls_ssl_tls13_finished_out_process( ssl ) );
+    return ( mbedtls_ssl_tls13_process_finished_out( ssl ) );
 }
 
 /*
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index d1a20dfd13..6fc141a5d4 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -1027,17 +1027,15 @@ cleanup:
 
 /* Main entry point: orchestrates the other functions */
 
-int mbedtls_ssl_finished_out_process( mbedtls_ssl_context *ssl );
-
-static int ssl_finished_out_prepare( mbedtls_ssl_context *ssl );
-static int ssl_finished_out_write( mbedtls_ssl_context *ssl,
+static int ssl_prepare_finished_out( mbedtls_ssl_context *ssl );
+static int ssl_write_finished_out( mbedtls_ssl_context *ssl,
                                    unsigned char *buf,
                                    size_t buflen,
                                    size_t *olen );
-static int ssl_finished_out_postprocess( mbedtls_ssl_context *ssl );
+static int ssl_postprocess_finished_out( mbedtls_ssl_context *ssl );
 
 
-int mbedtls_ssl_tls13_finished_out_process( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_tls13_process_finished_out( mbedtls_ssl_context *ssl )
 {
     int ret;
     unsigned char *buf;
@@ -1047,20 +1045,20 @@ int mbedtls_ssl_tls13_finished_out_process( mbedtls_ssl_context *ssl )
 
     if( !ssl->handshake->state_local.finished_out.preparation_done )
     {
-        MBEDTLS_SSL_PROC_CHK( ssl_finished_out_prepare( ssl ) );
+        MBEDTLS_SSL_PROC_CHK( ssl_prepare_finished_out( ssl ) );
         ssl->handshake->state_local.finished_out.preparation_done = 1;
     }
 
     MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_start_handshake_msg( ssl,
                          MBEDTLS_SSL_HS_FINISHED, &buf, &buf_len ) );
 
-    MBEDTLS_SSL_PROC_CHK( ssl_finished_out_write(
+    MBEDTLS_SSL_PROC_CHK( ssl_write_finished_out(
                               ssl, buf, buf_len, &msg_len ) );
 
     mbedtls_ssl_tls1_3_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_FINISHED,
                                         buf, msg_len );
 
-    MBEDTLS_SSL_PROC_CHK( ssl_finished_out_postprocess( ssl ) );
+    MBEDTLS_SSL_PROC_CHK( ssl_postprocess_finished_out( ssl ) );
     MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_finish_handshake_msg( ssl,
                                               buf_len, msg_len ) );
     MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_flush_output( ssl ) );
@@ -1071,7 +1069,7 @@ cleanup:
     return( ret );
 }
 
-static int ssl_finished_out_prepare( mbedtls_ssl_context *ssl )
+static int ssl_prepare_finished_out( mbedtls_ssl_context *ssl )
 {
     int ret;
 
@@ -1091,7 +1089,7 @@ static int ssl_finished_out_prepare( mbedtls_ssl_context *ssl )
     return( 0 );
 }
 
-static int ssl_finished_out_postprocess( mbedtls_ssl_context *ssl )
+static int ssl_postprocess_finished_out( mbedtls_ssl_context *ssl )
 {
     int ret = 0;
 
@@ -1112,6 +1110,7 @@ static int ssl_finished_out_postprocess( mbedtls_ssl_context *ssl )
     else
 #endif /* MBEDTLS_SSL_CLI_C */
     {
+        ((void) ssl);
         /* Should never happen */
         return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
     }
@@ -1119,7 +1118,7 @@ static int ssl_finished_out_postprocess( mbedtls_ssl_context *ssl )
     return( 0 );
 }
 
-static int ssl_finished_out_write( mbedtls_ssl_context *ssl,
+static int ssl_write_finished_out( mbedtls_ssl_context *ssl,
                                    unsigned char *buf,
                                    size_t buflen,
                                    size_t *olen )

From cc90c9441363143fb3693a3b26d40cf92991961b Mon Sep 17 00:00:00 2001
From: XiaokangQian <xiaokang.qian@arm.com>
Date: Tue, 9 Nov 2021 12:30:09 +0000
Subject: [PATCH 947/966] Rebase and change code

Solve conflicts.
Rename functions
Align coding style

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
---
 library/ssl_misc.h          |  1 +
 library/ssl_tls13_client.c  |  2 +-
 library/ssl_tls13_generic.c | 37 +++++++++++++++----------------------
 library/ssl_tls13_keys.c    |  7 -------
 4 files changed, 17 insertions(+), 30 deletions(-)

diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 362117fd9a..2408fd1211 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -1185,6 +1185,7 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush );
 int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl );
 
 int mbedtls_ssl_tls13_process_finished_message( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_tls13_write_finished_message( mbedtls_ssl_context *ssl );
 
 int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl );
 int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl );
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 6c009213bf..df8dfdf963 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -1620,7 +1620,7 @@ static int ssl_tls1_3_process_server_finished( mbedtls_ssl_context *ssl )
  */
 static int ssl_tls13_write_client_finished( mbedtls_ssl_context *ssl )
 {
-    return ( mbedtls_ssl_tls13_process_finished_out( ssl ) );
+    return ( mbedtls_ssl_tls13_write_finished_message( ssl ) );
 }
 
 /*
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 6fc141a5d4..39a04ac20e 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -975,7 +975,7 @@ cleanup:
 }
 #endif /* MBEDTLS_SSL_CLI_C */
 
-static int ssl_tls13_postprocess_finished_message( mbedtls_ssl_context* ssl )
+static int ssl_tls13_postprocess_finished_message( mbedtls_ssl_context *ssl )
 {
 
 #if defined(MBEDTLS_SSL_CLI_C)
@@ -1017,7 +1017,7 @@ cleanup:
 
 /*
  *
- * STATE HANDLING: Outgoing Finished
+ * STATE HANDLING: Write and send Finished message.
  *
  */
 
@@ -1027,15 +1027,15 @@ cleanup:
 
 /* Main entry point: orchestrates the other functions */
 
-static int ssl_prepare_finished_out( mbedtls_ssl_context *ssl );
-static int ssl_write_finished_out( mbedtls_ssl_context *ssl,
+static int ssl_prepare_finished_message( mbedtls_ssl_context *ssl );
+static int ssl_tls13_write_finished_message_bod( mbedtls_ssl_context *ssl,
                                    unsigned char *buf,
                                    size_t buflen,
                                    size_t *olen );
-static int ssl_postprocess_finished_out( mbedtls_ssl_context *ssl );
+static int ssl_tls13_finalize_finished_message( mbedtls_ssl_context *ssl );
 
 
-int mbedtls_ssl_tls13_process_finished_out( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_tls13_write_finished_message( mbedtls_ssl_context *ssl )
 {
     int ret;
     unsigned char *buf;
@@ -1045,20 +1045,20 @@ int mbedtls_ssl_tls13_process_finished_out( mbedtls_ssl_context *ssl )
 
     if( !ssl->handshake->state_local.finished_out.preparation_done )
     {
-        MBEDTLS_SSL_PROC_CHK( ssl_prepare_finished_out( ssl ) );
+        MBEDTLS_SSL_PROC_CHK( ssl_prepare_finished_message( ssl ) );
         ssl->handshake->state_local.finished_out.preparation_done = 1;
     }
 
     MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_start_handshake_msg( ssl,
                          MBEDTLS_SSL_HS_FINISHED, &buf, &buf_len ) );
 
-    MBEDTLS_SSL_PROC_CHK( ssl_write_finished_out(
+    MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_finished_message_bod(
                               ssl, buf, buf_len, &msg_len ) );
 
     mbedtls_ssl_tls1_3_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_FINISHED,
-                                        buf, msg_len );
+                                               buf, msg_len );
 
-    MBEDTLS_SSL_PROC_CHK( ssl_postprocess_finished_out( ssl ) );
+    MBEDTLS_SSL_PROC_CHK( ssl_tls13_finalize_finished_message( ssl ) );
     MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_finish_handshake_msg( ssl,
                                               buf_len, msg_len ) );
     MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_flush_output( ssl ) );
@@ -1069,12 +1069,12 @@ cleanup:
     return( ret );
 }
 
-static int ssl_prepare_finished_out( mbedtls_ssl_context *ssl )
+static int ssl_prepare_finished_message( mbedtls_ssl_context *ssl )
 {
     int ret;
 
     /* Compute transcript of handshake up to now. */
-    ret = mbedtls_ssl_tls1_3_calculate_expected_finished( ssl,
+    ret = mbedtls_ssl_tls13_calculate_verify_data( ssl,
                     ssl->handshake->state_local.finished_out.digest,
                     sizeof( ssl->handshake->state_local.finished_out.digest ),
                     &ssl->handshake->state_local.finished_out.digest_len,
@@ -1089,21 +1089,14 @@ static int ssl_prepare_finished_out( mbedtls_ssl_context *ssl )
     return( 0 );
 }
 
-static int ssl_postprocess_finished_out( mbedtls_ssl_context *ssl )
+static int ssl_tls13_finalize_finished_message( mbedtls_ssl_context *ssl )
 {
-    int ret = 0;
 
 #if defined(MBEDTLS_SSL_CLI_C)
     if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
     {
         /* Compute resumption_master_secret */
-        ret = mbedtls_ssl_tls1_3_generate_resumption_master_secret( ssl );
-        if( ret != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1,
-                    "mbedtls_ssl_tls1_3_generate_resumption_master_secret ", ret );
-            return ( ret );
-        }
+        ((void) ssl);
 
         mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_FLUSH_BUFFERS );
     }
@@ -1118,7 +1111,7 @@ static int ssl_postprocess_finished_out( mbedtls_ssl_context *ssl )
     return( 0 );
 }
 
-static int ssl_write_finished_out( mbedtls_ssl_context *ssl,
+static int ssl_tls13_write_finished_message_bod( mbedtls_ssl_context *ssl,
                                    unsigned char *buf,
                                    size_t buflen,
                                    size_t *olen )
diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index 5eb52ab8c5..3ca28d56ec 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -593,13 +593,6 @@ int mbedtls_ssl_tls13_key_schedule_stage_application( mbedtls_ssl_context *ssl )
     return( 0 );
 }
 
-int mbedtls_ssl_tls1_3_generate_resumption_master_secret(
-    mbedtls_ssl_context *ssl )
-{
-    ((void) ssl);
-    return( 0 );
-}
-
 static int ssl_tls1_3_calc_finished_core( mbedtls_md_type_t md_type,
                                           unsigned char const *base_key,
                                           unsigned char const *transcript,

From 8773aa0da95fbae3d83c7e63a72363338a8d2798 Mon Sep 17 00:00:00 2001
From: XiaokangQian <xiaokang.qian@arm.com>
Date: Wed, 10 Nov 2021 07:33:09 +0000
Subject: [PATCH 948/966] Align coding styles in generic for client finish

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
---
 library/ssl_tls13_generic.c | 36 +++++++++++++++---------------------
 1 file changed, 15 insertions(+), 21 deletions(-)

diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 39a04ac20e..d52ec2f799 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -1027,10 +1027,10 @@ cleanup:
 
 /* Main entry point: orchestrates the other functions */
 
-static int ssl_prepare_finished_message( mbedtls_ssl_context *ssl );
-static int ssl_tls13_write_finished_message_bod( mbedtls_ssl_context *ssl,
+static int ssl_tls13_prepare_finished_message( mbedtls_ssl_context *ssl );
+static int ssl_tls13_write_finished_message_body( mbedtls_ssl_context *ssl,
                                    unsigned char *buf,
-                                   size_t buflen,
+                                   unsigned char *end,
                                    size_t *olen );
 static int ssl_tls13_finalize_finished_message( mbedtls_ssl_context *ssl );
 
@@ -1041,19 +1041,19 @@ int mbedtls_ssl_tls13_write_finished_message( mbedtls_ssl_context *ssl )
     unsigned char *buf;
     size_t buf_len, msg_len;
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write finished" ) );
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write finished message" ) );
 
     if( !ssl->handshake->state_local.finished_out.preparation_done )
     {
-        MBEDTLS_SSL_PROC_CHK( ssl_prepare_finished_message( ssl ) );
+        MBEDTLS_SSL_PROC_CHK( ssl_tls13_prepare_finished_message( ssl ) );
         ssl->handshake->state_local.finished_out.preparation_done = 1;
     }
 
     MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_start_handshake_msg( ssl,
                          MBEDTLS_SSL_HS_FINISHED, &buf, &buf_len ) );
 
-    MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_finished_message_bod(
-                              ssl, buf, buf_len, &msg_len ) );
+    MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_finished_message_body(
+                              ssl, buf, buf + buf_len, &msg_len ) );
 
     mbedtls_ssl_tls1_3_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_FINISHED,
                                                buf, msg_len );
@@ -1065,11 +1065,11 @@ int mbedtls_ssl_tls13_write_finished_message( mbedtls_ssl_context *ssl )
 
 cleanup:
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write finished" ) );
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write finished message" ) );
     return( ret );
 }
 
-static int ssl_prepare_finished_message( mbedtls_ssl_context *ssl )
+static int ssl_tls13_prepare_finished_message( mbedtls_ssl_context *ssl )
 {
     int ret;
 
@@ -1111,25 +1111,19 @@ static int ssl_tls13_finalize_finished_message( mbedtls_ssl_context *ssl )
     return( 0 );
 }
 
-static int ssl_tls13_write_finished_message_bod( mbedtls_ssl_context *ssl,
+static int ssl_tls13_write_finished_message_body( mbedtls_ssl_context *ssl,
                                    unsigned char *buf,
-                                   size_t buflen,
+                                   unsigned char *end,
                                    size_t *olen )
 {
-    size_t finished_len = ssl->handshake->state_local.finished_out.digest_len;
+    size_t verify_data_len = ssl->handshake->state_local.finished_out.digest_len;
 
-    /* Note: Even if DTLS is used, the current message writing functions
-     * write TLS headers, and it is only at sending time that the actual
-     * DTLS header is generated. That's why we unconditionally shift by
-     * 4 bytes here as opposed to mbedtls_ssl_hs_hdr_len( ssl ). */
-
-    if( buflen < finished_len )
-        return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+    MBEDTLS_SSL_CHK_BUF_PTR( buf, end, verify_data_len );
 
     memcpy( buf, ssl->handshake->state_local.finished_out.digest,
-            ssl->handshake->state_local.finished_out.digest_len );
+            verify_data_len );
 
-    *olen = finished_len;
+    *olen = verify_data_len;
     return( 0 );
 }
 

From 35dc625e37d7a96ea83ba35c62c0f92c16cb25f1 Mon Sep 17 00:00:00 2001
From: XiaokangQian <xiaokang.qian@arm.com>
Date: Thu, 11 Nov 2021 08:16:19 +0000
Subject: [PATCH 949/966] Move the location of functions

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
---
 library/ssl_tls13_generic.c | 89 ++++++++++++++++---------------------
 1 file changed, 39 insertions(+), 50 deletions(-)

diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index d52ec2f799..064da54874 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -1020,55 +1020,10 @@ cleanup:
  * STATE HANDLING: Write and send Finished message.
  *
  */
-
 /*
- * Overview
+ * Implement
  */
 
-/* Main entry point: orchestrates the other functions */
-
-static int ssl_tls13_prepare_finished_message( mbedtls_ssl_context *ssl );
-static int ssl_tls13_write_finished_message_body( mbedtls_ssl_context *ssl,
-                                   unsigned char *buf,
-                                   unsigned char *end,
-                                   size_t *olen );
-static int ssl_tls13_finalize_finished_message( mbedtls_ssl_context *ssl );
-
-
-int mbedtls_ssl_tls13_write_finished_message( mbedtls_ssl_context *ssl )
-{
-    int ret;
-    unsigned char *buf;
-    size_t buf_len, msg_len;
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write finished message" ) );
-
-    if( !ssl->handshake->state_local.finished_out.preparation_done )
-    {
-        MBEDTLS_SSL_PROC_CHK( ssl_tls13_prepare_finished_message( ssl ) );
-        ssl->handshake->state_local.finished_out.preparation_done = 1;
-    }
-
-    MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_start_handshake_msg( ssl,
-                         MBEDTLS_SSL_HS_FINISHED, &buf, &buf_len ) );
-
-    MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_finished_message_body(
-                              ssl, buf, buf + buf_len, &msg_len ) );
-
-    mbedtls_ssl_tls1_3_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_FINISHED,
-                                               buf, msg_len );
-
-    MBEDTLS_SSL_PROC_CHK( ssl_tls13_finalize_finished_message( ssl ) );
-    MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_finish_handshake_msg( ssl,
-                                              buf_len, msg_len ) );
-    MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_flush_output( ssl ) );
-
-cleanup:
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write finished message" ) );
-    return( ret );
-}
-
 static int ssl_tls13_prepare_finished_message( mbedtls_ssl_context *ssl )
 {
     int ret;
@@ -1095,7 +1050,6 @@ static int ssl_tls13_finalize_finished_message( mbedtls_ssl_context *ssl )
 #if defined(MBEDTLS_SSL_CLI_C)
     if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
     {
-        /* Compute resumption_master_secret */
         ((void) ssl);
 
         mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_FLUSH_BUFFERS );
@@ -1112,9 +1066,9 @@ static int ssl_tls13_finalize_finished_message( mbedtls_ssl_context *ssl )
 }
 
 static int ssl_tls13_write_finished_message_body( mbedtls_ssl_context *ssl,
-                                   unsigned char *buf,
-                                   unsigned char *end,
-                                   size_t *olen )
+                                                  unsigned char *buf,
+                                                  unsigned char *end,
+                                                  size_t *olen )
 {
     size_t verify_data_len = ssl->handshake->state_local.finished_out.digest_len;
 
@@ -1127,6 +1081,41 @@ static int ssl_tls13_write_finished_message_body( mbedtls_ssl_context *ssl,
     return( 0 );
 }
 
+/* Main entry point: orchestrates the other functions */
+int mbedtls_ssl_tls13_write_finished_message( mbedtls_ssl_context *ssl )
+{
+    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+    unsigned char *buf;
+    size_t buf_len, msg_len;
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write finished message" ) );
+
+    if( !ssl->handshake->state_local.finished_out.preparation_done )
+    {
+        MBEDTLS_SSL_PROC_CHK( ssl_tls13_prepare_finished_message( ssl ) );
+        ssl->handshake->state_local.finished_out.preparation_done = 1;
+    }
+
+    MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_start_handshake_msg( ssl,
+                              MBEDTLS_SSL_HS_FINISHED, &buf, &buf_len ) );
+
+    MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_finished_message_body(
+                              ssl, buf, buf + buf_len, &msg_len ) );
+
+    mbedtls_ssl_tls1_3_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_FINISHED,
+                                               buf, msg_len );
+
+    MBEDTLS_SSL_PROC_CHK( ssl_tls13_finalize_finished_message( ssl ) );
+    MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_finish_handshake_msg( ssl,
+                                              buf_len, msg_len ) );
+    MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_flush_output( ssl ) );
+
+cleanup:
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write finished message" ) );
+    return( ret );
+}
+
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
 
 #endif /* MBEDTLS_SSL_TLS_C */

From 0fa6643eb5969a166587446f09cce4d1faceeb6a Mon Sep 17 00:00:00 2001
From: XiaokangQian <xiaokang.qian@arm.com>
Date: Mon, 15 Nov 2021 03:33:57 +0000
Subject: [PATCH 950/966] Align coding stles and remove useless code

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
---
 library/ssl_tls13_client.c  |  9 ++++++++-
 library/ssl_tls13_generic.c | 29 +++++++----------------------
 2 files changed, 15 insertions(+), 23 deletions(-)

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index df8dfdf963..69d9c665f9 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -1620,7 +1620,14 @@ static int ssl_tls1_3_process_server_finished( mbedtls_ssl_context *ssl )
  */
 static int ssl_tls13_write_client_finished( mbedtls_ssl_context *ssl )
 {
-    return ( mbedtls_ssl_tls13_write_finished_message( ssl ) );
+    int ret;
+
+    ret = mbedtls_ssl_tls13_write_finished_message( ssl );
+    if( ret != 0 )
+        return( ret );
+
+    mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_FLUSH_BUFFERS );
+    return( 0 );
 }
 
 /*
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 064da54874..97ef33d631 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -1046,21 +1046,8 @@ static int ssl_tls13_prepare_finished_message( mbedtls_ssl_context *ssl )
 
 static int ssl_tls13_finalize_finished_message( mbedtls_ssl_context *ssl )
 {
-
-#if defined(MBEDTLS_SSL_CLI_C)
-    if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
-    {
-        ((void) ssl);
-
-        mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_FLUSH_BUFFERS );
-    }
-    else
-#endif /* MBEDTLS_SSL_CLI_C */
-    {
-        ((void) ssl);
-        /* Should never happen */
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-    }
+    // TODO: Add back resumption keys calculation after MVP.
+    ((void) ssl);
 
     return( 0 );
 }
@@ -1071,7 +1058,11 @@ static int ssl_tls13_write_finished_message_body( mbedtls_ssl_context *ssl,
                                                   size_t *olen )
 {
     size_t verify_data_len = ssl->handshake->state_local.finished_out.digest_len;
-
+    /*
+     * struct {
+     *     opaque verify_data[Hash.length];
+     * } Finished;
+     */
     MBEDTLS_SSL_CHK_BUF_PTR( buf, end, verify_data_len );
 
     memcpy( buf, ssl->handshake->state_local.finished_out.digest,
@@ -1090,12 +1081,6 @@ int mbedtls_ssl_tls13_write_finished_message( mbedtls_ssl_context *ssl )
 
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write finished message" ) );
 
-    if( !ssl->handshake->state_local.finished_out.preparation_done )
-    {
-        MBEDTLS_SSL_PROC_CHK( ssl_tls13_prepare_finished_message( ssl ) );
-        ssl->handshake->state_local.finished_out.preparation_done = 1;
-    }
-
     MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_start_handshake_msg( ssl,
                               MBEDTLS_SSL_HS_FINISHED, &buf, &buf_len ) );
 

From dce82245acc80b69a1d28f4e66115018371a9870 Mon Sep 17 00:00:00 2001
From: XiaokangQian <xiaokang.qian@arm.com>
Date: Mon, 15 Nov 2021 06:01:26 +0000
Subject: [PATCH 951/966] Fix the compile issue about prepare message

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
---
 library/ssl_tls13_generic.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 97ef33d631..3678e681a2 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -1081,6 +1081,8 @@ int mbedtls_ssl_tls13_write_finished_message( mbedtls_ssl_context *ssl )
 
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write finished message" ) );
 
+    MBEDTLS_SSL_PROC_CHK( ssl_tls13_prepare_finished_message( ssl ) );
+
     MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_start_handshake_msg( ssl,
                               MBEDTLS_SSL_HS_FINISHED, &buf, &buf_len ) );
 

From 9ec8fcfddd090f91154b99cb64b3735cff77f357 Mon Sep 17 00:00:00 2001
From: XiaokangQian <xiaokang.qian@arm.com>
Date: Mon, 15 Nov 2021 08:24:08 +0000
Subject: [PATCH 952/966] Improve failure messag for calculating verify data

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
---
 library/ssl_tls13_generic.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 3678e681a2..f17bf994c2 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -1037,7 +1037,7 @@ static int ssl_tls13_prepare_finished_message( mbedtls_ssl_context *ssl )
 
     if( ret != 0 )
     {
-         MBEDTLS_SSL_DEBUG_RET( 1, "calc_finished failed", ret );
+         MBEDTLS_SSL_DEBUG_RET( 1, "calculate_verify_data failed", ret );
         return( ret );
     }
 

From fff613aa1047462efe44ca71d771efad3ccab2fe Mon Sep 17 00:00:00 2001
From: Tom Cosgrove <tom.cosgrove@arm.com>
Date: Mon, 15 Nov 2021 13:54:59 +0000
Subject: [PATCH 953/966] Fix list of LTS braches in CONTRIBUTING.md, and back
 link from BRANCHES.md

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
---
 BRANCHES.md     | 2 +-
 CONTRIBUTING.md | 3 +--
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/BRANCHES.md b/BRANCHES.md
index a63f070341..60218b099a 100644
--- a/BRANCHES.md
+++ b/BRANCHES.md
@@ -62,7 +62,7 @@ had to break ABI compatibility in an LTS branch, but we occasionally had to
 increase code size for a security fix.)
 
 For contributors, see the [Backwards Compatibility section of
-CONTRIBUTING](CONTRIBUTING.md#cackwords-compatibility).
+CONTRIBUTING](CONTRIBUTING.md#backwards-compatibility).
 
 ## Current Branches
 
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index b3a9547a51..dcaa3603b9 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -52,8 +52,7 @@ It would be highly appreciated if contributions are backported to LTS branches i
 The list of maintained branches can be found in the [Current Branches section
 of BRANCHES.md](BRANCHES.md#current-branches).
 
-Currently maintained LTS branches are:
-1. [mbedtls-2.7](https://github.com/ARMmbed/mbedtls/tree/mbedtls-2.7)
+The only currently maintained LTS branch is:
 1. [mbedtls-2.16](https://github.com/ARMmbed/mbedtls/tree/mbedtls-2.16)
 
 

From a3087e881e9d4c024ec43c9951d4425f3d87db31 Mon Sep 17 00:00:00 2001
From: XiaokangQian <xiaokang.qian@arm.com>
Date: Tue, 16 Nov 2021 02:04:21 +0000
Subject: [PATCH 954/966] Fix finished message decryption fail issue

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
---
 library/ssl_tls13_client.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 69d9c665f9..1516523e54 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -1328,6 +1328,7 @@ static int ssl_tls13_finalize_server_hello( mbedtls_ssl_context *ssl )
 
     handshake->transform_handshake = transform_handshake;
     mbedtls_ssl_set_inbound_transform( ssl, transform_handshake );
+    mbedtls_ssl_set_outbound_transform( ssl, ssl->handshake->transform_handshake );
 
     MBEDTLS_SSL_DEBUG_MSG( 1, ( "Switch to handshake keys for inbound traffic" ) );
     ssl->session_in = ssl->session_negotiate;

From d69da6c3c30306e850694c73a713f4e087b28440 Mon Sep 17 00:00:00 2001
From: Dave Rodgman <dave.rodgman@arm.com>
Date: Tue, 16 Nov 2021 10:32:48 +0000
Subject: [PATCH 955/966] Improve PSA error return code

psa_key_derivation_output_key: prioritize BAD_STATE over NOT_PERMITTED

If psa_key_derivation_output_key() is called on an operation which hasn't been
set up or which has been aborted, return PSA_ERROR_BAD_STATE. Only return
PSA_ERROR_NOT_PERMITTED if the operation state is ok for
psa_key_derivation_input_bytes() or psa_key_derivation_output_bytes() but not
ok to output a key.

Ideally psa_key_derivation_output_key() would return PSA_ERROR_NOT_PERMITTED
only when psa_key_derivation_output_bytes() is possible, but this is clumsier
to implement.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
---
 library/psa_crypto.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index d713ac823e..7591b6bb1a 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -4763,6 +4763,9 @@ psa_status_t psa_key_derivation_output_key( const psa_key_attributes_t *attribut
     if( psa_get_key_bits( attributes ) == 0 )
         return( PSA_ERROR_INVALID_ARGUMENT );
 
+    if( operation->alg == PSA_ALG_NONE )
+        return( PSA_ERROR_BAD_STATE );
+
     if( ! operation->can_output_key )
         return( PSA_ERROR_NOT_PERMITTED );
 

From 3f86a90261965fd4b712e21880d1918e7c61d045 Mon Sep 17 00:00:00 2001
From: Dave Rodgman <dave.rodgman@arm.com>
Date: Tue, 16 Nov 2021 12:05:38 +0000
Subject: [PATCH 956/966] Update test to handle changed error code

Update test to handle changed error code from psa_key_derivation_output_key

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
---
 tests/suites/test_suite_psa_crypto.data | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index 6dbf18c8e6..9060159f59 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -4262,7 +4262,7 @@ PSA key derivation: HKDF-SHA-256, bad key type, key output
 depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
 # Whether we get NOT_PERMITTED or BAD_STATE for the output is an implementation
 # detail.
-derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_RAW_DATA:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_RAW_DATA:PSA_ERROR_NOT_PERMITTED
+derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_RAW_DATA:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_RAW_DATA:PSA_ERROR_BAD_STATE
 
 PSA key derivation: HKDF-SHA-256, direct secret, direct output
 depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256

From 491d849ad14b8bb92ffcfd8bc4ae044daed5bbb4 Mon Sep 17 00:00:00 2001
From: Dave Rodgman <dave.rodgman@arm.com>
Date: Tue, 16 Nov 2021 12:12:49 +0000
Subject: [PATCH 957/966] Fix derive_input test ignoring parameter

Fix derive_input test hardcoding key type instead of using test argument.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
---
 tests/suites/test_suite_psa_crypto.function | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 1aa95275a4..d28de0c206 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -5934,7 +5934,7 @@ void derive_input( int alg_arg,
     if( output_key_type != PSA_KEY_TYPE_NONE )
     {
         psa_reset_key_attributes( &attributes );
-        psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA );
+        psa_set_key_type( &attributes, output_key_type );
         psa_set_key_bits( &attributes, 8 );
         actual_output_status =
             psa_key_derivation_output_key( &attributes, &operation,

From 3ce4d51c11602db443ffccd798af3d92c32d6e79 Mon Sep 17 00:00:00 2001
From: XiaokangQian <xiaokang.qian@arm.com>
Date: Wed, 17 Nov 2021 02:11:36 +0000
Subject: [PATCH 958/966] Move set_outbound_transform to finalize server
 finished.

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
---
 library/ssl_tls13_client.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 1516523e54..a2e5f33a0d 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -1328,7 +1328,6 @@ static int ssl_tls13_finalize_server_hello( mbedtls_ssl_context *ssl )
 
     handshake->transform_handshake = transform_handshake;
     mbedtls_ssl_set_inbound_transform( ssl, transform_handshake );
-    mbedtls_ssl_set_outbound_transform( ssl, ssl->handshake->transform_handshake );
 
     MBEDTLS_SSL_DEBUG_MSG( 1, ( "Switch to handshake keys for inbound traffic" ) );
     ssl->session_in = ssl->session_negotiate;
@@ -1612,6 +1611,7 @@ static int ssl_tls1_3_process_server_finished( mbedtls_ssl_context *ssl )
     if( ret != 0 )
         return( ret );
 
+    mbedtls_ssl_set_outbound_transform( ssl, ssl->handshake->transform_handshake );
     mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_FINISHED );
     return( 0 );
 }

From 378254d3e32e4df75d1ad92aed471a70bbbd581a Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Sat, 30 Oct 2021 21:44:47 +0800
Subject: [PATCH 959/966] Implement handshake wrapup

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_misc.h          |  3 +++
 library/ssl_tls13_client.c  | 15 +++++++++++----
 library/ssl_tls13_generic.c | 20 ++++++++++++++++++++
 3 files changed, 34 insertions(+), 4 deletions(-)

diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 2408fd1211..1eccb5e97b 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -1070,6 +1070,9 @@ int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl );
 int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl );
 void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl );
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+
+void mbedtls_ssl_tls13_handshake_wrapup( mbedtls_ssl_context *ssl );
+
 /**
  * \brief           TLS 1.3 client side state machine entry
  *
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index a2e5f33a0d..d848415316 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -1636,7 +1636,7 @@ static int ssl_tls13_write_client_finished( mbedtls_ssl_context *ssl )
  */
 static int ssl_tls1_3_flush_buffers( mbedtls_ssl_context *ssl )
 {
-    MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) );
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "handshake: done" ) );
     mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_HANDSHAKE_WRAPUP );
     return( 0 );
 }
@@ -1646,9 +1646,16 @@ static int ssl_tls1_3_flush_buffers( mbedtls_ssl_context *ssl )
  */
 static int ssl_tls1_3_handshake_wrapup( mbedtls_ssl_context *ssl )
 {
-    ((void) ssl);
-    MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) );
-    return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+    MBEDTLS_SSL_DEBUG_MSG( 1, ( "Switch to application keys for inbound traffic" ) );
+    mbedtls_ssl_set_inbound_transform ( ssl, ssl->transform_application );
+
+    MBEDTLS_SSL_DEBUG_MSG( 1, ( "Switch to application keys for outbound traffic" ) );
+    mbedtls_ssl_set_outbound_transform( ssl, ssl->transform_application );
+
+    mbedtls_ssl_tls13_handshake_wrapup( ssl );
+
+    mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_HANDSHAKE_OVER );
+    return( 0 );
 }
 
 int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl )
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index f17bf994c2..48678ff8ea 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -1103,6 +1103,26 @@ cleanup:
     return( ret );
 }
 
+void mbedtls_ssl_tls13_handshake_wrapup( mbedtls_ssl_context *ssl )
+{
+
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "=> handshake wrapup" ) );
+
+    /*
+     * Free the previous session and switch in the current one
+     */
+    if( ssl->session )
+    {
+
+        mbedtls_ssl_session_free( ssl->session );
+        mbedtls_free( ssl->session );
+    }
+    ssl->session = ssl->session_negotiate;
+    ssl->session_negotiate = NULL;
+
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "<= handshake wrapup" ) );
+}
+
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
 
 #endif /* MBEDTLS_SSL_TLS_C */

From e1b1e2de6545e3eb9d330ec3b17b7a64fa68e22e Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Fri, 29 Oct 2021 17:46:32 +0800
Subject: [PATCH 960/966] Add minimal feature sets test

Replace original negative test with work test.
Now, we can work with the simple test.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 tests/ssl-opt.sh | 13 +++++--------
 1 file changed, 5 insertions(+), 8 deletions(-)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 43759c59e4..0343818bd1 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -8809,12 +8809,10 @@ run_test    "TLS1.3: handshake dispatch test: tls1_3 only" \
 requires_openssl_tls1_3
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
 requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-run_test    "TLS1.3: Test client hello msg work - openssl" \
-            "$O_NEXT_SRV -tls1_3 -msg -no_middlebox" \
+run_test    "TLS1.3: minimal feature sets - openssl" \
+            "$O_NEXT_SRV -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
             "$P_CLI debug_level=3 min_version=tls1_3 max_version=tls1_3" \
-            1 \
-            -c "SSL - The requested feature is not available" \
-            -s "ServerHello"                \
+            0 \
             -c "tls1_3 client state: 0"     \
             -c "tls1_3 client state: 2"     \
             -c "tls1_3 client state: 19"    \
@@ -8841,11 +8839,10 @@ requires_gnutls_next_no_ticket
 requires_gnutls_next_disable_tls13_compat
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
 requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-run_test    "TLS1.3: Test client hello msg work - gnutls" \
+run_test    "TLS1.3: minimal feature sets - gnutls" \
             "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE --disable-client-cert" \
             "$P_CLI debug_level=3 min_version=tls1_3 max_version=tls1_3" \
-            1 \
-            -c "SSL - The requested feature is not available" \
+            0 \
             -s "SERVER HELLO was queued"    \
             -c "tls1_3 client state: 0"     \
             -c "tls1_3 client state: 2"     \

From cfe64f0b24aedbf96f571c44bc7f4918455af2be Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Mon, 15 Nov 2021 13:54:06 +0800
Subject: [PATCH 961/966] fix various issues

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_tls13_generic.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 48678ff8ea..12ef4d58c8 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -1109,11 +1109,10 @@ void mbedtls_ssl_tls13_handshake_wrapup( mbedtls_ssl_context *ssl )
     MBEDTLS_SSL_DEBUG_MSG( 3, ( "=> handshake wrapup" ) );
 
     /*
-     * Free the previous session and switch in the current one
+     * Free the previous session and switch to the current one.
      */
     if( ssl->session )
     {
-
         mbedtls_ssl_session_free( ssl->session );
         mbedtls_free( ssl->session );
     }

From 6d38c195825fc69ac983a8f9df0b9301e015a981 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Mon, 15 Nov 2021 14:01:04 +0800
Subject: [PATCH 962/966] Add http connection pass check

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 tests/ssl-opt.sh | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 0343818bd1..1ac34dae77 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -8832,7 +8832,8 @@ run_test    "TLS1.3: minimal feature sets - openssl" \
             -c "=> parse certificate verify"          \
             -c "<= parse certificate verify"          \
             -c "mbedtls_ssl_tls13_process_certificate_verify() returned 0" \
-            -c "<= parse finished message"
+            -c "<= parse finished message" \
+            -c "HTTP/1.0 200 ok"
 
 requires_gnutls_tls1_3
 requires_gnutls_next_no_ticket
@@ -8863,7 +8864,8 @@ run_test    "TLS1.3: minimal feature sets - gnutls" \
             -c "=> parse certificate verify"          \
             -c "<= parse certificate verify"          \
             -c "mbedtls_ssl_tls13_process_certificate_verify() returned 0" \
-            -c "<= parse finished message"
+            -c "<= parse finished message" \
+            -c "HTTP/1.0 200 OK"
 
 
 # Test heap memory usage after handshake

From a6e6c27bd37895c79be52b74eb7415e560b61811 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Wed, 17 Nov 2021 17:54:13 +0800
Subject: [PATCH 963/966] Grouplize tls1_3 special functions

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_misc.h | 136 ++++++++++++++++++++++-----------------------
 1 file changed, 65 insertions(+), 71 deletions(-)

diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 1eccb5e97b..6eec644354 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -1069,24 +1069,6 @@ int mbedtls_ssl_write_hostname_ext( mbedtls_ssl_context *ssl,
 int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl );
 int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl );
 void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl );
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
-
-void mbedtls_ssl_tls13_handshake_wrapup( mbedtls_ssl_context *ssl );
-
-/**
- * \brief           TLS 1.3 client side state machine entry
- *
- * \param ssl       SSL context
- */
-int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl );
-
-/**
- * \brief           TLS 1.3 server side state machine entry
- *
- * \param ssl       SSL context
- */
-int mbedtls_ssl_tls13_handshake_server_step( mbedtls_ssl_context *ssl );
-#endif
 
 int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl );
 
@@ -1187,9 +1169,6 @@ static inline int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl )
 int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush );
 int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl );
 
-int mbedtls_ssl_tls13_process_finished_message( mbedtls_ssl_context *ssl );
-int mbedtls_ssl_tls13_write_finished_message( mbedtls_ssl_context *ssl );
-
 int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl );
 int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl );
 
@@ -1490,7 +1469,72 @@ void mbedtls_ssl_buffering_free( mbedtls_ssl_context *ssl );
 void mbedtls_ssl_flight_free( mbedtls_ssl_flight_item *flight );
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 
+/**
+ * ssl utils functions for checking configuration.
+ */
+
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+static inline int mbedtls_ssl_conf_is_tls13_only( const mbedtls_ssl_config *conf )
+{
+    if( conf->min_major_ver == MBEDTLS_SSL_MAJOR_VERSION_3 &&
+        conf->max_major_ver == MBEDTLS_SSL_MAJOR_VERSION_3 &&
+        conf->min_minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 &&
+        conf->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
+    {
+        return( 1 );
+    }
+    return( 0 );
+}
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+static inline int mbedtls_ssl_conf_is_tls12_only( const mbedtls_ssl_config *conf )
+{
+    if( conf->min_major_ver == MBEDTLS_SSL_MAJOR_VERSION_3 &&
+        conf->max_major_ver == MBEDTLS_SSL_MAJOR_VERSION_3 &&
+        conf->min_minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 &&
+        conf->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
+    {
+        return( 1 );
+    }
+    return( 0 );
+}
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+static inline int mbedtls_ssl_conf_is_hybrid_tls12_tls13( const mbedtls_ssl_config *conf )
+{
+    if( conf->min_major_ver == MBEDTLS_SSL_MAJOR_VERSION_3 &&
+        conf->max_major_ver == MBEDTLS_SSL_MAJOR_VERSION_3 &&
+        conf->min_minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 &&
+        conf->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
+    {
+        return( 1 );
+    }
+    return( 0 );
+}
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL*/
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+
+int mbedtls_ssl_tls13_process_finished_message( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_tls13_write_finished_message( mbedtls_ssl_context *ssl );
+void mbedtls_ssl_tls13_handshake_wrapup( mbedtls_ssl_context *ssl );
+
+/**
+ * \brief           TLS 1.3 client side state machine entry
+ *
+ * \param ssl       SSL context
+ */
+int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl );
+
+/**
+ * \brief           TLS 1.3 server side state machine entry
+ *
+ * \param ssl       SSL context
+ */
+int mbedtls_ssl_tls13_handshake_server_step( mbedtls_ssl_context *ssl );
+
 
 /*
  * Helper functions around key exchange modes.
@@ -1578,56 +1622,6 @@ static inline int mbedtls_ssl_tls1_3_some_psk_enabled( mbedtls_ssl_context *ssl
                    MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_ALL ) );
 }
 
-#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
-
-/**
- * ssl utils functions for checking configuration.
- */
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
-static inline int mbedtls_ssl_conf_is_tls13_only( const mbedtls_ssl_config *conf )
-{
-    if( conf->min_major_ver == MBEDTLS_SSL_MAJOR_VERSION_3 &&
-        conf->max_major_ver == MBEDTLS_SSL_MAJOR_VERSION_3 &&
-        conf->min_minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 &&
-        conf->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
-    {
-        return( 1 );
-    }
-    return( 0 );
-}
-#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-static inline int mbedtls_ssl_conf_is_tls12_only( const mbedtls_ssl_config *conf )
-{
-    if( conf->min_major_ver == MBEDTLS_SSL_MAJOR_VERSION_3 &&
-        conf->max_major_ver == MBEDTLS_SSL_MAJOR_VERSION_3 &&
-        conf->min_minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 &&
-        conf->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
-    {
-        return( 1 );
-    }
-    return( 0 );
-}
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
-static inline int mbedtls_ssl_conf_is_hybrid_tls12_tls13( const mbedtls_ssl_config *conf )
-{
-    if( conf->min_major_ver == MBEDTLS_SSL_MAJOR_VERSION_3 &&
-        conf->max_major_ver == MBEDTLS_SSL_MAJOR_VERSION_3 &&
-        conf->min_minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 &&
-        conf->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
-    {
-        return( 1 );
-    }
-    return( 0 );
-}
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL*/
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
-
 /*
  * Helper functions for NamedGroup.
  */

From 1e4423b535e4a5f5c9c3426f48a611a4153d0a45 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= <bence.szepkuti@arm.com>
Date: Wed, 17 Nov 2021 14:39:02 +0100
Subject: [PATCH 964/966] Remove expected failure from test_psa_compliance
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Issue #5143 was fixed in PR #5180.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
---
 tests/scripts/test_psa_compliance.py | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/tests/scripts/test_psa_compliance.py b/tests/scripts/test_psa_compliance.py
index 2f6358132d..11b0c6a438 100755
--- a/tests/scripts/test_psa_compliance.py
+++ b/tests/scripts/test_psa_compliance.py
@@ -33,11 +33,6 @@ import sys
 # Test number 2xx corresponds to the files in the folder
 # psa-arch-tests/api-tests/dev_apis/crypto/test_c0xx
 EXPECTED_FAILURES = {
-    # psa_key_derivation_output_key() returns PSA_ERROR_NOT_PERMITTED instead of
-    # PSA_ERROR_BAD_STATE when called after the operation was aborted.
-    # - Tracked in issue #5143
-    221,
-
     # psa_aead_[encrypt/decrypt]() returns PSA_ERROR_NOT_SUPPORTED instead of
     # PSA_ERROR_INVALID_ARGUMENT when called with an invalid nonce.
     # - Tracked in issue #5144

From 357b78e42c2e5ce6cd3f56e3aac2bd58669ac814 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= <bence.szepkuti@arm.com>
Date: Tue, 9 Nov 2021 13:17:17 +0100
Subject: [PATCH 965/966] Indicate if we know that a nonce length is invalid
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This restores the behaviour found in the previously released versions
and development_2.x.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
---
 library/psa_crypto.c                    |  6 +++---
 tests/scripts/test_psa_compliance.py    |  5 -----
 tests/suites/test_suite_psa_crypto.data | 12 ++++++------
 3 files changed, 9 insertions(+), 14 deletions(-)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 7591b6bb1a..4677ea9e48 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3658,13 +3658,13 @@ static psa_status_t psa_aead_check_nonce_length( psa_algorithm_t alg,
         case PSA_ALG_CHACHA20_POLY1305:
             if( nonce_length == 12 )
                 return( PSA_SUCCESS );
-            break;
+            return( PSA_ERROR_NOT_SUPPORTED );
 #endif /* PSA_WANT_ALG_CHACHA20_POLY1305 */
         default:
-            break;
+            return( PSA_ERROR_NOT_SUPPORTED );
     }
 
-    return( PSA_ERROR_NOT_SUPPORTED );
+    return( PSA_ERROR_INVALID_ARGUMENT );
 }
 
 psa_status_t psa_aead_encrypt( mbedtls_svc_key_id_t key,
diff --git a/tests/scripts/test_psa_compliance.py b/tests/scripts/test_psa_compliance.py
index 11b0c6a438..ea52c93eba 100755
--- a/tests/scripts/test_psa_compliance.py
+++ b/tests/scripts/test_psa_compliance.py
@@ -33,11 +33,6 @@ import sys
 # Test number 2xx corresponds to the files in the folder
 # psa-arch-tests/api-tests/dev_apis/crypto/test_c0xx
 EXPECTED_FAILURES = {
-    # psa_aead_[encrypt/decrypt]() returns PSA_ERROR_NOT_SUPPORTED instead of
-    # PSA_ERROR_INVALID_ARGUMENT when called with an invalid nonce.
-    # - Tracked in issue #5144
-    224, 225,
-
     # Multipart CCM is not supported.
     # - Tracked in issue #3721
     252, 253, 254, 255, 256, 257, 258, 259, 261,
diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index 9060159f59..0904f630aa 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -2537,19 +2537,19 @@ aead_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WI
 
 PSA AEAD decrypt: AES-CCM, invalid nonce length 6
 depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
-aead_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:"48c090693056":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_NOT_SUPPORTED
+aead_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:"48c090693056":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT
 
 PSA AEAD decrypt: AES-CCM, invalid nonce length 14
 depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
-aead_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:"48c0906930561e0ab0ef4cd97200":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_NOT_SUPPORTED
+aead_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:"48c0906930561e0ab0ef4cd97200":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT
 
 PSA AEAD decrypt: AES-CCM_8, invalid nonce length 6
 depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
-aead_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 8 ):"48c090693056":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_NOT_SUPPORTED
+aead_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 8 ):"48c090693056":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT
 
 PSA AEAD decrypt: AES-CCM_8, invalid nonce length 14
 depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
-aead_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 8 ):"48c0906930561e0ab0ef4cd97200":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_NOT_SUPPORTED
+aead_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 8 ):"48c0906930561e0ab0ef4cd97200":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT
 
 PSA AEAD encrypt/decrypt, AES-GCM, 19 bytes #1
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
@@ -2705,11 +2705,11 @@ aead_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WI
 
 PSA AEAD decrypt: AES-GCM, nonce=0 (bad)
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"":PSA_ERROR_NOT_SUPPORTED
+aead_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"":PSA_ERROR_INVALID_ARGUMENT
 
 PSA AEAD decrypt: AES-GCM, nonce=0 (bad), TAG=12
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"":PSA_ERROR_NOT_SUPPORTED
+aead_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"":PSA_ERROR_INVALID_ARGUMENT
 
 PSA AEAD decrypt: AES-GCM, invalid tag length 18
 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES

From 6d48e20d4ba04e641e71b9181e7d694383aba873 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= <bence.szepkuti@arm.com>
Date: Mon, 15 Nov 2021 20:04:15 +0100
Subject: [PATCH 966/966] Indicate nonce sizes invalid for ChaCha20-Poly1305
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
---
 ChangeLog.d/chacha20-poly1305-invalid-nonce.txt | 3 +++
 library/psa_crypto.c                            | 4 +++-
 tests/suites/test_suite_psa_crypto.data         | 4 ++--
 3 files changed, 8 insertions(+), 3 deletions(-)
 create mode 100644 ChangeLog.d/chacha20-poly1305-invalid-nonce.txt

diff --git a/ChangeLog.d/chacha20-poly1305-invalid-nonce.txt b/ChangeLog.d/chacha20-poly1305-invalid-nonce.txt
new file mode 100644
index 0000000000..ca3f9aceea
--- /dev/null
+++ b/ChangeLog.d/chacha20-poly1305-invalid-nonce.txt
@@ -0,0 +1,3 @@
+Changes
+   * Indicate in the error returned if the nonce length used with
+     ChaCha20-Poly1305 is invalid, and not just unsupported.
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 4677ea9e48..0a04ba1061 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3658,7 +3658,9 @@ static psa_status_t psa_aead_check_nonce_length( psa_algorithm_t alg,
         case PSA_ALG_CHACHA20_POLY1305:
             if( nonce_length == 12 )
                 return( PSA_SUCCESS );
-            return( PSA_ERROR_NOT_SUPPORTED );
+            else if( nonce_length == 8 )
+                return( PSA_ERROR_NOT_SUPPORTED );
+            break;
 #endif /* PSA_WANT_ALG_CHACHA20_POLY1305 */
         default:
             return( PSA_ERROR_NOT_SUPPORTED );
diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index 0904f630aa..2c5537f391 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -2821,11 +2821,11 @@ aead_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495
 
 PSA AEAD decrypt: ChaCha20-Poly1305 (nonce=11, too short)
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
-aead_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"0700000040414243444546":"":"a0784d7a4716f3feb4f64e7f4b39bf04":"":PSA_ERROR_NOT_SUPPORTED
+aead_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"0700000040414243444546":"":"a0784d7a4716f3feb4f64e7f4b39bf04":"":PSA_ERROR_INVALID_ARGUMENT
 
 PSA AEAD decrypt: ChaCha20-Poly1305 (nonce=13, too long)
 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
-aead_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"07000000404142434445464700":"":"a0784d7a4716f3feb4f64e7f4b39bf04":"":PSA_ERROR_NOT_SUPPORTED
+aead_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"07000000404142434445464700":"":"a0784d7a4716f3feb4f64e7f4b39bf04":"":PSA_ERROR_INVALID_ARGUMENT
 
 PSA AEAD encrypt/decrypt: invalid algorithm (CTR)
 depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C