From 3e715b02e675f821960ddc6981d7b739ba9eb9b3 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Wed, 7 May 2025 12:27:02 +0100 Subject: [PATCH 01/32] Fix format specifiers for ANSI stdio Instead of using the windows-specific "I64d" format specifier, use the friendly MinGW abstraction PRId64, which works both when __USE_MINGW_ANSI_STDIO is enabled and when it is disabled. Signed-off-by: David Horstmann --- include/mbedtls/debug.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/debug.h b/include/mbedtls/debug.h index e6f5dadb14..45bf390a04 100644 --- a/include/mbedtls/debug.h +++ b/include/mbedtls/debug.h @@ -111,7 +111,7 @@ #if defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER < 1900) #include #define MBEDTLS_PRINTF_SIZET PRIuPTR - #define MBEDTLS_PRINTF_LONGLONG "I64d" + #define MBEDTLS_PRINTF_LONGLONG PRId64 #else \ /* defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER < 1900) */ #define MBEDTLS_PRINTF_SIZET "zu" From 2b410eeaeb13c0259ecb694239968d7cc3fcb8d5 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Wed, 21 May 2025 14:49:59 +0100 Subject: [PATCH 02/32] Add ChangeLog entry for MinGW format specifier fix Signed-off-by: David Horstmann --- ChangeLog.d/fix-mingw-ansi-stdio.txt | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 ChangeLog.d/fix-mingw-ansi-stdio.txt diff --git a/ChangeLog.d/fix-mingw-ansi-stdio.txt b/ChangeLog.d/fix-mingw-ansi-stdio.txt new file mode 100644 index 0000000000..d9293d95ca --- /dev/null +++ b/ChangeLog.d/fix-mingw-ansi-stdio.txt @@ -0,0 +1,4 @@ +Bugfix + * Fix a build failure with MinGW when the __USE_MINGW_ANSI_STDIO option + is set. This was caused by the wrong format specifier being used to + print long long values (MBEDTLS_PRINTF_LONGLONG). From a35f5326f5f2f5582807e72230a840beed5d5db9 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 15 Jan 2026 15:09:10 +0000 Subject: [PATCH 03/32] drivers sha256|512: Adjusted tf_psa_crypto_common.h inclusion This patch adjusts the include order so that some ACLE intrinsics macros are configured before the inclusion of `neon.h`. This fixes issues with older clang compilers but has no effect in modern versions. Signed-off-by: Minos Galanakis --- library/sha256.c | 17 ++++++++++------- library/sha512.c | 17 ++++++++++------- 2 files changed, 20 insertions(+), 14 deletions(-) diff --git a/library/sha256.c b/library/sha256.c index c2a5f9c93b..4f1ac3e0fb 100644 --- a/library/sha256.c +++ b/library/sha256.c @@ -15,10 +15,6 @@ #define _GNU_SOURCE #endif -#include "common.h" - -#if defined(MBEDTLS_SHA256_C) || defined(MBEDTLS_SHA224_C) - #if defined(__clang__) && (__clang_major__ >= 4) /* Ideally, we would simply use MBEDTLS_ARCH_IS_ARMV8_A in the following #if, @@ -30,15 +26,18 @@ #endif #if defined(MBEDTLS_SHA256_ARCH_IS_ARMV8_A) && !defined(__ARM_FEATURE_CRYPTO) -/* TODO: Re-consider above after https://reviews.llvm.org/D131064 merged. - * +/* * The intrinsic declaration are guarded by predefined ACLE macros in clang: * these are normally only enabled by the -march option on the command line. * By defining the macros ourselves we gain access to those declarations without * requiring -march on the command line. * * `arm_neon.h` is included by common.h, so we put these defines - * at the top of this file, before any includes. + * at the top of this file, before any includes but after the intrinsic + * declaration. This is necessary with + * Clang <=15.x. With Clang 16.0 and above, these macro definitions are + * no longer required, but they're harmless. See + * https://reviews.llvm.org/D131064 */ #define __ARM_FEATURE_CRYPTO 1 /* See: https://arm-software.github.io/acle/main/acle.html#cryptographic-extensions @@ -52,6 +51,10 @@ #endif /* defined(__clang__) && (__clang_major__ >= 4) */ +#include "common.h" + +#if defined(MBEDTLS_SHA256_C) || defined(MBEDTLS_SHA224_C) + #include "mbedtls/sha256.h" #include "mbedtls/platform_util.h" #include "mbedtls/error.h" diff --git a/library/sha512.c b/library/sha512.c index c7c2d92aef..286cbdf9f0 100644 --- a/library/sha512.c +++ b/library/sha512.c @@ -10,26 +10,29 @@ * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf */ -#include "common.h" - -#if defined(MBEDTLS_SHA512_C) || defined(MBEDTLS_SHA384_C) - #if defined(__aarch64__) && !defined(__ARM_FEATURE_SHA512) && \ defined(__clang__) && __clang_major__ >= 7 -/* TODO: Re-consider above after https://reviews.llvm.org/D131064 merged. - * +/* * The intrinsic declaration are guarded by predefined ACLE macros in clang: * these are normally only enabled by the -march option on the command line. * By defining the macros ourselves we gain access to those declarations without * requiring -march on the command line. * * `arm_neon.h` is included by common.h, so we put these defines - * at the top of this file, before any includes. + * at the top of this file, before any includes but after the intrinsic + * declaration. This is necessary with + * Clang <=15.x. With Clang 16.0 and above, these macro definitions are + * no longer required, but they're harmless. See + * https://reviews.llvm.org/D131064 */ #define __ARM_FEATURE_SHA512 1 #define MBEDTLS_ENABLE_ARM_SHA3_EXTENSIONS_COMPILER_FLAG #endif +#include "common.h" + +#if defined(MBEDTLS_SHA512_C) || defined(MBEDTLS_SHA384_C) + #include "mbedtls/sha512.h" #include "mbedtls/platform_util.h" #include "mbedtls/error.h" From 2f384c82a5b145f904806e487306b222edf56e1c Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 15 Jan 2026 15:22:54 +0000 Subject: [PATCH 04/32] built-in drivers(aesce): Fixed clang arm intrinsics for verions < 7 Signed-off-by: Minos Galanakis --- library/aesce.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/library/aesce.c b/library/aesce.c index 517ccf4a1b..06a8bdc0ac 100644 --- a/library/aesce.c +++ b/library/aesce.c @@ -88,7 +88,11 @@ # define MBEDTLS_POP_TARGET_PRAGMA # endif # elif defined(__clang__) -# pragma clang attribute push (__attribute__((target("aes"))), apply_to=function) +# if __clang_major__ < 7 +# pragma clang attribute push (__attribute__((target("crypto"))), apply_to=function) +# else +# pragma clang attribute push (__attribute__((target("aes"))), apply_to=function) +# endif # define MBEDTLS_POP_TARGET_PRAGMA # elif defined(__GNUC__) # pragma GCC push_options From ccf280d158ccc597ce4351ba8aaf38bf1f62e5e1 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 26 Jan 2026 17:45:48 +0100 Subject: [PATCH 05/32] Add a few more test cases for printf formats Signed-off-by: Gilles Peskine --- tests/suites/test_suite_debug.data | 34 ++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/tests/suites/test_suite_debug.data b/tests/suites/test_suite_debug.data index 46b6be4581..f0d7a029f1 100644 --- a/tests/suites/test_suite_debug.data +++ b/tests/suites/test_suite_debug.data @@ -1,12 +1,46 @@ printf "%" MBEDTLS_PRINTF_SIZET, 0 printf_int_expr:PRINTF_SIZET:sizeof(size_t):0:"0" +printf "%" MBEDTLS_PRINTF_SIZET, 1 byte +printf_int_expr:PRINTF_SIZET:sizeof(size_t):42:"42" + +printf "%" MBEDTLS_PRINTF_SIZET, 4 bytes +printf_int_expr:PRINTF_SIZET:sizeof(size_t):0xfedcba98:"4275878552" + +printf "%" MBEDTLS_PRINTF_SIZET, 8 bytes +depends_on:SIZE_MAX>=0xffffffffffffffff +printf_int_expr:PRINTF_SIZET:sizeof(size_t):0xfedcba9876543210:"18364758544493064720" + printf "%" MBEDTLS_PRINTF_LONGLONG, 0 printf_int_expr:PRINTF_LONGLONG:sizeof(long long):0:"0" +printf "%" MBEDTLS_PRINTF_LONGLONG, 1 byte +printf_int_expr:PRINTF_LONGLONG:sizeof(long long):42:"42" + +printf "%" MBEDTLS_PRINTF_LONGLONG, 4 bytes +printf_int_expr:PRINTF_LONGLONG:sizeof(long long):0xfedcba98:"4275878552" + +printf "%" MBEDTLS_PRINTF_LONGLONG, 8 bytes +printf_int_expr:PRINTF_LONGLONG:sizeof(long long):0x7edcba9876543210:"9141386507638288912" + +printf "%" MBEDTLS_PRINTF_LONGLONG, 8 bytes, negative +printf_int_expr:PRINTF_LONGLONG:sizeof(long long):-0x7edcba9876543210:"-9141386507638288912" + printf "%" MBEDTLS_PRINTF_MS_TIME, 0 printf_int_expr:PRINTF_MS_TIME:sizeof(mbedtls_ms_time_t):0:"0" +printf "%" MBEDTLS_PRINTF_MS_TIME, 1 byte +printf_int_expr:PRINTF_MS_TIME:sizeof(mbedtls_ms_time_t):42:"42" + +printf "%" MBEDTLS_PRINTF_MS_TIME, 4 bytes +printf_int_expr:PRINTF_MS_TIME:sizeof(mbedtls_ms_time_t):0xfedcba98:"4275878552" + +printf "%" MBEDTLS_PRINTF_MS_TIME, 8 bytes +printf_int_expr:PRINTF_MS_TIME:sizeof(mbedtls_ms_time_t):0x7edcba9876543210:"9141386507638288912" + +printf "%" MBEDTLS_PRINTF_MS_TIME, 8 bytes, negative +printf_int_expr:PRINTF_MS_TIME:sizeof(mbedtls_ms_time_t):-0x7edcba9876543210:"-9141386507638288912" + Debug print msg (threshold 1, level 0) debug_print_msg_threshold:1:0:"MyFile":999:"MyFile(0999)\: Text message, 2 == 2\n" From 10193b37e384cd1c99a6fbc50f8cb8597517cc3a Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 28 Jan 2026 00:00:33 +0100 Subject: [PATCH 06/32] tests: scripts: add new component to test alignment with GCC O3 optizations This is meant to test a bug found on: - Little endian platforms other than x86 or ARM (these have specific optimizations available); - GCC versions from 10 to 14.2 (below and above are fine); - Optimization level "-O3" (lower levels are fine). Signed-off-by: Valerio Setti --- tests/scripts/components-compiler.sh | 44 ++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) diff --git a/tests/scripts/components-compiler.sh b/tests/scripts/components-compiler.sh index 1eac64f54d..ed89d818ca 100644 --- a/tests/scripts/components-compiler.sh +++ b/tests/scripts/components-compiler.sh @@ -172,3 +172,47 @@ component_test_zeroize () { done done } + +# This originated from an issue (https://github.com/Mbed-TLS/TF-PSA-Crypto/issues/665) found +# in GCM when the library is built with GCC "10.0 <= version <= 14.2" on platforms other than +# x86 and ARM64. +component_test_tf_psa_crypto_optimized_alignment() { + msg "build: verify alignment with O3 optimizations in GCC" + + # Disable optimizations for x86 (and ARM64) so that alignment related problems in + # "alignment.h" can be tested also on standard PC. + scripts/config.py unset MBEDTLS_AESNI_C + scripts/config.py unset MBEDTLS_AESCE_C + + # "-O3" is the optimization level that causes issues: the compiler tries to + # optimize operations order and if memory dependencies are not respected + # (as it happens in issue tf-psa-crypto#665) this completely messes up results. + EXTRA_C_FLAGS="-O3" + # Forcedly ignore "MBEDTLS_EFFICIENT_UNALIGNED_ACCESS" on x86 so that we + # can test the problematic case, i.e. the case where uint64 integers are + # accessed through "mbedtls_uint64_unaligned_t" structs. + EXTRA_C_FLAGS="$EXTRA_C_FLAGS -DMBEDTLS_ALIGNMENT_DISABLE_EFFICENT_UNALIGNED_ACCESS" + # Adding '-g3' flag doesn't affect testing, BUT it allows to dump the generated + # assembly code for "gcm.o" module for inspection. To do this use the + # following command: + # > objdump -S --disassemble out_of_source_build/drivers/builtin/CMakeFiles/builtin.dir/src/gcm.c.o > gcm.s + # A file named "gcm.s" will be generated containing a mix of C and corresponding + # assembly code. + EXTRA_C_FLAGS="$EXTRA_C_FLAGS -g3" + + cd $OUT_OF_SOURCE_DIR + cmake -DCMAKE_C_COMPILER=gcc -DCMAKE_C_FLAGS=" $EXTRA_C_FLAGS " "$TF_PSA_CRYPTO_ROOT_DIR" + make + + msg "test: verify alignment with O3 optimizations in GCC" + make test +} + +support_test_tf_psa_crypto_optimized_alignment() { + case $(gcc -dumpfullversion 2>/dev/null) in + ""|?.*) false;; # too old + 10.*|11.*|12.*|13.*) true;; + 14.[012].*) true;; + *) false;; # too recent + esac +} From be0c788105f53add88f1034edac06e0097c7c794 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 28 Jan 2026 00:02:06 +0100 Subject: [PATCH 07/32] library: alignment.h: add internal symbol to disable optimizations on x86 MBEDTLS_ALIGNMENT_DISABLE_EFFICENT_UNALIGNED_ACCESS is used to forcedly prevent MBEDTLS_EFFICIENT_UNALIGNED_ACCESS from being set. This prevents optimizations from being used on x86 which is useful for testing purposes. Signed-off-by: Valerio Setti --- library/alignment.h | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/library/alignment.h b/library/alignment.h index a17001dd91..bbe459ed54 100644 --- a/library/alignment.h +++ b/library/alignment.h @@ -15,6 +15,7 @@ #include #include +#if !defined(MBEDTLS_ALIGNMENT_DISABLE_EFFICENT_UNALIGNED_ACCESS) //no-check-names /* * Define MBEDTLS_EFFICIENT_UNALIGNED_ACCESS for architectures where unaligned memory * accesses are known to be efficient. @@ -35,7 +36,9 @@ * device memory). */ #define MBEDTLS_EFFICIENT_UNALIGNED_ACCESS -#endif +#endif /* __ARM_FEATURE_UNALIGNED || MBEDTLS_ARCH_IS_X86 || MBEDTLS_ARCH_IS_X64 || + * MBEDTLS_PLATFORM_IS_WINDOWS_ON_ARM64 */ +#endif /* MBEDTLS_ALIGNMENT_DISABLE_EFFICENT_UNALIGNED_ACCESS */ //no-check-names #if defined(__IAR_SYSTEMS_ICC__) && \ (defined(MBEDTLS_ARCH_IS_ARM64) || defined(MBEDTLS_ARCH_IS_ARM32) \ From 32ef7050244d61a51d2b794fd3bf8c7cbef4b41e Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 28 Jan 2026 00:02:41 +0100 Subject: [PATCH 08/32] library: alignment: add "may_alias" attribute to mbedtls_uintXX_unaligned_t structs Tell the GCC compiler that pointers to types "mbedtls_uintXX_unaligned_t" (where XX is 16, 32 or 64) might alias with other types. This helps at high optimizations level (i.e. "-O3") so that the compiler does not mess up with instruction reordering and memory accesses. Signed-off-by: Valerio Setti --- library/alignment.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/alignment.h b/library/alignment.h index bbe459ed54..3c107d8695 100644 --- a/library/alignment.h +++ b/library/alignment.h @@ -88,13 +88,13 @@ typedef uint64_t __packed mbedtls_uint64_unaligned_t; #define UINT_UNALIGNED_STRUCT typedef struct { uint16_t x; -} __attribute__((packed)) mbedtls_uint16_unaligned_t; +} __attribute__((packed, may_alias)) mbedtls_uint16_unaligned_t; typedef struct { uint32_t x; -} __attribute__((packed)) mbedtls_uint32_unaligned_t; +} __attribute__((packed, may_alias)) mbedtls_uint32_unaligned_t; typedef struct { uint64_t x; -} __attribute__((packed)) mbedtls_uint64_unaligned_t; +} __attribute__((packed, may_alias)) mbedtls_uint64_unaligned_t; #endif /* From f79c548ad099e102f54a4e8e60cbfd84cea187db Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 28 Jan 2026 00:03:19 +0100 Subject: [PATCH 09/32] changelog: add changelog about fixing issue #665 in tf-psa-crypto Signed-off-by: Valerio Setti --- ChangeLog.d/issue665.txt | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 ChangeLog.d/issue665.txt diff --git a/ChangeLog.d/issue665.txt b/ChangeLog.d/issue665.txt new file mode 100644 index 0000000000..7d3da9ebce --- /dev/null +++ b/ChangeLog.d/issue665.txt @@ -0,0 +1,6 @@ +Bugfix + * Fix a bug that caused GCM tag calculations to fail, so that data was + correctly encrypted but could not be authenticated. The bug was only + observed with GCC 10.0 to 14.2 inclusive, when compiling with -O3, and + running without AESNI or AESCE. + Fixes #665. From 2b2f430fcd8548ed8c71d685151812964aa4fc58 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 28 Jan 2026 00:18:09 +0100 Subject: [PATCH 10/32] tests: scripts: adapt test_tf_psa_crypto_optimized_alignment to 3.6 Move from CMake to Make Signed-off-by: Valerio Setti --- tests/scripts/components-compiler.sh | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/tests/scripts/components-compiler.sh b/tests/scripts/components-compiler.sh index ed89d818ca..b764247380 100644 --- a/tests/scripts/components-compiler.sh +++ b/tests/scripts/components-compiler.sh @@ -200,9 +200,7 @@ component_test_tf_psa_crypto_optimized_alignment() { # assembly code. EXTRA_C_FLAGS="$EXTRA_C_FLAGS -g3" - cd $OUT_OF_SOURCE_DIR - cmake -DCMAKE_C_COMPILER=gcc -DCMAKE_C_FLAGS=" $EXTRA_C_FLAGS " "$TF_PSA_CRYPTO_ROOT_DIR" - make + make CC=gcc CFLAGS="$EXTRA_C_FLAGS" msg "test: verify alignment with O3 optimizations in GCC" make test From 4f6c8ef2ac4fdaf4e77d443623c58f0c28837b66 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 9 Jan 2026 08:45:23 -0500 Subject: [PATCH 11/32] fix error in GCC bswap Signed-off-by: Dave Rodgman --- library/alignment.h | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/library/alignment.h b/library/alignment.h index 3c107d8695..d304133382 100644 --- a/library/alignment.h +++ b/library/alignment.h @@ -280,15 +280,15 @@ static inline void mbedtls_put_unaligned_uint64(void *p, uint64_t x) /* * Detect GCC built-in byteswap routines */ -#if defined(__GNUC__) && defined(__GNUC_PREREQ) -#if __GNUC_PREREQ(4, 8) +#if defined(__GNUC__) +#if MBEDTLS_GCC_VERSION >= 40800 #define MBEDTLS_BSWAP16 __builtin_bswap16 -#endif /* __GNUC_PREREQ(4,8) */ -#if __GNUC_PREREQ(4, 3) +#endif +#if MBEDTLS_GCC_VERSION >= 40300 #define MBEDTLS_BSWAP32 __builtin_bswap32 #define MBEDTLS_BSWAP64 __builtin_bswap64 -#endif /* __GNUC_PREREQ(4,3) */ -#endif /* defined(__GNUC__) && defined(__GNUC_PREREQ) */ +#endif +#endif /* defined(__GNUC__) */ /* * Detect Clang built-in byteswap routines From 533a806405f328dbbee156c23e340f78c7019944 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 5 Feb 2026 09:30:48 +0100 Subject: [PATCH 12/32] pkwrite: test: factor common part into helper func MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_pkwrite.function | 75 ++++++++++++------------ 1 file changed, 39 insertions(+), 36 deletions(-) diff --git a/tests/suites/test_suite_pkwrite.function b/tests/suites/test_suite_pkwrite.function index 491bc489aa..a07c5dec2a 100644 --- a/tests/suites/test_suite_pkwrite.function +++ b/tests/suites/test_suite_pkwrite.function @@ -66,15 +66,46 @@ static int pk_write_any_key(mbedtls_pk_context *pk, unsigned char **p, return 0; } +static void pk_write_check_context(mbedtls_pk_context *key, + int is_public_key, int is_der, + unsigned char *check_buf, size_t check_buf_len) +{ + unsigned char *buf = NULL; + size_t buf_len; + unsigned char *start_buf; + int expected_result; + + TEST_CALLOC(buf, check_buf_len); + + start_buf = buf; + buf_len = check_buf_len; + if (is_der) { + expected_result = MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; + } else { + expected_result = MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL; + } + /* Intentionally pass a wrong size for the provided output buffer and check + * that the writing functions fails as expected. */ + for (size_t i = 1; i < buf_len; i++) { + TEST_EQUAL(pk_write_any_key(key, &start_buf, &i, is_public_key, + is_der), expected_result); + } + TEST_EQUAL(pk_write_any_key(key, &start_buf, &buf_len, is_public_key, + is_der), 0); + + TEST_MEMORY_COMPARE(start_buf, buf_len, check_buf, check_buf_len); + +exit: + mbedtls_free(buf); +} + + static void pk_write_check_common(char *key_file, int is_public_key, int is_der) { mbedtls_pk_context key; mbedtls_pk_init(&key); - unsigned char *buf = NULL; unsigned char *check_buf = NULL; - unsigned char *start_buf; - size_t buf_len, check_buf_len; - int expected_result; + size_t check_buf_len; #if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_svc_key_id_t opaque_id = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; @@ -100,8 +131,6 @@ static void pk_write_check_common(char *key_file, int is_public_key, int is_der) } TEST_ASSERT(check_buf_len > 0); - TEST_CALLOC(buf, check_buf_len); - if (is_public_key) { TEST_EQUAL(mbedtls_pk_parse_public_keyfile(&key, key_file), 0); } else { @@ -109,28 +138,12 @@ static void pk_write_check_common(char *key_file, int is_public_key, int is_der) mbedtls_test_rnd_std_rand, NULL), 0); } - start_buf = buf; - buf_len = check_buf_len; - if (is_der) { - expected_result = MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; - } else { - expected_result = MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL; - } - /* Intentionally pass a wrong size for the provided output buffer and check - * that the writing functions fails as expected. */ - for (size_t i = 1; i < buf_len; i++) { - TEST_EQUAL(pk_write_any_key(&key, &start_buf, &i, is_public_key, - is_der), expected_result); - } - TEST_EQUAL(pk_write_any_key(&key, &start_buf, &buf_len, is_public_key, - is_der), 0); - - TEST_MEMORY_COMPARE(start_buf, buf_len, check_buf, check_buf_len); + pk_write_check_context(&key, is_public_key, is_der, + check_buf, check_buf_len); #if defined(MBEDTLS_USE_PSA_CRYPTO) /* Verify that pk_write works also for opaque private keys */ if (!is_public_key) { - memset(buf, 0, check_buf_len); /* Turn the key PK context into an opaque one. * Note: set some practical usage for the key to make get_psa_attributes() happy. */ TEST_EQUAL(mbedtls_pk_get_psa_attributes(&key, PSA_KEY_USAGE_SIGN_MESSAGE, &key_attr), 0); @@ -138,18 +151,9 @@ static void pk_write_check_common(char *key_file, int is_public_key, int is_der) mbedtls_pk_free(&key); mbedtls_pk_init(&key); TEST_EQUAL(mbedtls_pk_setup_opaque(&key, opaque_id), 0); - start_buf = buf; - buf_len = check_buf_len; - /* Intentionally pass a wrong size for the provided output buffer and check - * that the writing functions fails as expected. */ - for (size_t i = 1; i < buf_len; i++) { - TEST_EQUAL(pk_write_any_key(&key, &start_buf, &i, is_public_key, - is_der), expected_result); - } - TEST_EQUAL(pk_write_any_key(&key, &start_buf, &buf_len, is_public_key, - is_der), 0); - TEST_MEMORY_COMPARE(start_buf, buf_len, check_buf, check_buf_len); + pk_write_check_context(&key, is_public_key, is_der, + check_buf, check_buf_len); } #endif /* MBEDTLS_USE_PSA_CRYPTO */ @@ -157,7 +161,6 @@ exit: #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_destroy_key(opaque_id); #endif /* MBEDTLS_USE_PSA_CRYPTO */ - mbedtls_free(buf); mbedtls_free(check_buf); mbedtls_pk_free(&key); USE_PSA_DONE(); From 56503ba3402f1f6a09c537b93d1860d2b7b761df Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 5 Feb 2026 10:08:49 +0100 Subject: [PATCH 13/32] pkwrite: tests: test that DER writes at the end MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_pkwrite.function | 47 ++++++++++++++---------- 1 file changed, 28 insertions(+), 19 deletions(-) diff --git a/tests/suites/test_suite_pkwrite.function b/tests/suites/test_suite_pkwrite.function index a07c5dec2a..8e84825c64 100644 --- a/tests/suites/test_suite_pkwrite.function +++ b/tests/suites/test_suite_pkwrite.function @@ -71,29 +71,38 @@ static void pk_write_check_context(mbedtls_pk_context *key, unsigned char *check_buf, size_t check_buf_len) { unsigned char *buf = NULL; - size_t buf_len; - unsigned char *start_buf; - int expected_result; + int expected_error = is_der ? + MBEDTLS_ERR_ASN1_BUF_TOO_SMALL : + MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL; - TEST_CALLOC(buf, check_buf_len); + /* Test with: + * - buffer too small (all sizes) + * - buffer exactly the right size + * - buffer a bit larger - DER functions should write to the end of the + * buffer, and we can only tell the difference with a larger buffer + */ + for (size_t buf_size = 1; buf_size <= check_buf_len + 2; buf_size++) { + mbedtls_free(buf); + buf = NULL; + TEST_CALLOC(buf, buf_size); - start_buf = buf; - buf_len = check_buf_len; - if (is_der) { - expected_result = MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; - } else { - expected_result = MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL; - } - /* Intentionally pass a wrong size for the provided output buffer and check - * that the writing functions fails as expected. */ - for (size_t i = 1; i < buf_len; i++) { - TEST_EQUAL(pk_write_any_key(key, &start_buf, &i, is_public_key, + unsigned char *start_buf = buf; + size_t out_len = buf_size; + int expected_result = buf_size < check_buf_len ? expected_error : 0; + mbedtls_test_set_step(buf_size); + + TEST_EQUAL(pk_write_any_key(key, &start_buf, &out_len, is_public_key, is_der), expected_result); - } - TEST_EQUAL(pk_write_any_key(key, &start_buf, &buf_len, is_public_key, - is_der), 0); - TEST_MEMORY_COMPARE(start_buf, buf_len, check_buf, check_buf_len); + if (expected_result == 0) { + TEST_MEMORY_COMPARE(start_buf, out_len, check_buf, check_buf_len); + + if (is_der) { + /* Data should be at the end of the buffer */ + TEST_ASSERT(start_buf + out_len == buf + buf_size); + } + } + } exit: mbedtls_free(buf); From 20118b65bd28e5cfa3acaf0f749e0f3830c13f5e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 5 Feb 2026 10:47:23 +0100 Subject: [PATCH 14/32] pkwrite: RSA: avoid large stack buffer MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In the default build, it was 2363 bytes which is a lot to put on the stack for constrained devices. Fortunately we already have a large enough buffer at hand: the user-provided output buffer. Use it. Signed-off-by: Manuel Pégourié-Gonnard --- library/pkwrite.c | 26 ++++++++++++++------------ 1 file changed, 14 insertions(+), 12 deletions(-) diff --git a/library/pkwrite.c b/library/pkwrite.c index 2a698448be..ff6c0bfb44 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -64,22 +64,24 @@ static int pk_write_rsa_der(unsigned char **p, unsigned char *buf, { #if defined(MBEDTLS_USE_PSA_CRYPTO) if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_OPAQUE) { - uint8_t tmp[PSA_EXPORT_KEY_PAIR_MAX_SIZE]; - size_t tmp_len = 0; + psa_status_t status; + size_t buf_size = (size_t) (*p - buf); + size_t key_len = 0; - if (psa_export_key(pk->priv_id, tmp, sizeof(tmp), &tmp_len) != PSA_SUCCESS) { - return MBEDTLS_ERR_PK_BAD_INPUT_DATA; - } - /* Ensure there's enough space in the provided buffer before copying data into it. */ - if (tmp_len > (size_t) (*p - buf)) { - mbedtls_platform_zeroize(tmp, sizeof(tmp)); + status = psa_export_key(pk->priv_id, buf, buf_size, &key_len); + if (status == PSA_ERROR_BUFFER_TOO_SMALL) { return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; + } else if (status != PSA_SUCCESS) { + return PSA_PK_RSA_TO_MBEDTLS_ERR(status); } - *p -= tmp_len; - memcpy(*p, tmp, tmp_len); - mbedtls_platform_zeroize(tmp, sizeof(tmp)); - return (int) tmp_len; + /* We wrote to the beginning of the buffer while + * we were supposed to write to its end. */ + *p -= key_len; + memmove(*p, buf, key_len); + mbedtls_platform_zeroize(buf, *p - buf); + + return (int) key_len; } #endif /* MBEDTLS_USE_PSA_CRYPTO */ return mbedtls_rsa_write_key(mbedtls_pk_rsa(*pk), buf, p); From 6617ab467feb7f4222d2930559c2463587f656e2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 5 Feb 2026 12:22:12 +0100 Subject: [PATCH 15/32] pkwrite: tests: make helper more robust MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_pkwrite.function | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/tests/suites/test_suite_pkwrite.function b/tests/suites/test_suite_pkwrite.function index 8e84825c64..691125e416 100644 --- a/tests/suites/test_suite_pkwrite.function +++ b/tests/suites/test_suite_pkwrite.function @@ -66,10 +66,11 @@ static int pk_write_any_key(mbedtls_pk_context *pk, unsigned char **p, return 0; } -static void pk_write_check_context(mbedtls_pk_context *key, - int is_public_key, int is_der, - unsigned char *check_buf, size_t check_buf_len) +static int pk_write_check_context(mbedtls_pk_context *key, + int is_public_key, int is_der, + unsigned char *check_buf, size_t check_buf_len) { + int ret = -1; unsigned char *buf = NULL; int expected_error = is_der ? MBEDTLS_ERR_ASN1_BUF_TOO_SMALL : @@ -104,8 +105,11 @@ static void pk_write_check_context(mbedtls_pk_context *key, } } + ret = 0; + exit: mbedtls_free(buf); + return ret; } @@ -147,8 +151,10 @@ static void pk_write_check_common(char *key_file, int is_public_key, int is_der) mbedtls_test_rnd_std_rand, NULL), 0); } - pk_write_check_context(&key, is_public_key, is_der, - check_buf, check_buf_len); + if (pk_write_check_context(&key, is_public_key, is_der, + check_buf, check_buf_len) != 0) { + goto exit; + } #if defined(MBEDTLS_USE_PSA_CRYPTO) /* Verify that pk_write works also for opaque private keys */ @@ -161,8 +167,10 @@ static void pk_write_check_common(char *key_file, int is_public_key, int is_der) mbedtls_pk_init(&key); TEST_EQUAL(mbedtls_pk_setup_opaque(&key, opaque_id), 0); - pk_write_check_context(&key, is_public_key, is_der, - check_buf, check_buf_len); + if (pk_write_check_context(&key, is_public_key, is_der, + check_buf, check_buf_len) != 0) { + goto exit; + } } #endif /* MBEDTLS_USE_PSA_CRYPTO */ From b47774c9a94f144ebdd13979b62a4a04fbe9a4a8 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 10 Feb 2026 14:50:00 +0100 Subject: [PATCH 16/32] Remove unused variable Signed-off-by: Gilles Peskine --- scripts/bump_version.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/scripts/bump_version.sh b/scripts/bump_version.sh index 86ed74eada..5a90895508 100755 --- a/scripts/bump_version.sh +++ b/scripts/bump_version.sh @@ -15,7 +15,6 @@ set -e VERSION="" -SOVERSION="" # Parse arguments # From f41929496eac0be474e9b7c59bde605f4034b45f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 10 Feb 2026 14:50:23 +0100 Subject: [PATCH 17/32] Don't treat --help as an error Signed-off-by: Gilles Peskine --- scripts/bump_version.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/bump_version.sh b/scripts/bump_version.sh index 5a90895508..725cf5420e 100755 --- a/scripts/bump_version.sh +++ b/scripts/bump_version.sh @@ -51,7 +51,7 @@ do echo -e " --so-x509 \tSO version to bump libmbedx509 to." echo -e " --so-tls \tSO version to bump libmbedtls to." echo -e " -v|--verbose\t\tVerbose." - exit 1 + exit 0 ;; *) # print error From a372f1a5cb073fde69ca27bb46ea946dc2941570 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 12 Feb 2026 22:09:06 +0100 Subject: [PATCH 18/32] library: check_crypto_config: remove redundant check on hash algorithms for TLS 1.2 TLS-PRF uses either SHA-256 and SHA-384, so the removed paragraph was not correct. The correct version is already available in "check_config.h". Signed-off-by: Valerio Setti --- library/check_crypto_config.h | 5 ----- 1 file changed, 5 deletions(-) diff --git a/library/check_crypto_config.h b/library/check_crypto_config.h index 6469e9f439..f1ed7f53ee 100644 --- a/library/check_crypto_config.h +++ b/library/check_crypto_config.h @@ -128,11 +128,6 @@ #error "PSA_WANT_KEY_TYPE_DH_KEY_PAIR_DERIVE defined, but feature is not supported" #endif -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_USE_PSA_CRYPTO) && \ - !(defined(PSA_WANT_ALG_SHA_1) || defined(PSA_WANT_ALG_SHA_256) || defined(PSA_WANT_ALG_SHA_512)) -#error "MBEDTLS_SSL_PROTO_TLS1_2 defined, but not all prerequisites" -#endif - #if defined(PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS) && \ !defined(PSA_WANT_ALG_SHA_256) #error "PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS defined, but not all prerequisites" From 32649e1e33f340f987cbccfb5389ee4f1148654b Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 16 Feb 2026 14:03:48 +0100 Subject: [PATCH 19/32] include: fix guard in asn1write.h Fix the location of the ending braket of "extern C" block in order to have it balanced between C guards. Signed-off-by: Valerio Setti --- include/mbedtls/asn1write.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/asn1write.h b/include/mbedtls/asn1write.h index 0c5a85ac27..9a1062a583 100644 --- a/include/mbedtls/asn1write.h +++ b/include/mbedtls/asn1write.h @@ -381,10 +381,10 @@ mbedtls_asn1_named_data *mbedtls_asn1_store_named_data(mbedtls_asn1_named_data * const unsigned char *val, size_t val_len); +#endif /* MBEDTLS_ASN1_WRITE_C */ + #ifdef __cplusplus } #endif -#endif /* MBEDTLS_ASN1_WRITE_C */ - #endif /* MBEDTLS_ASN1_WRITE_H */ From 85426311e386fdc3c229790ca60a5f3dbc2646fb Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Mon, 16 Feb 2026 16:59:20 +0000 Subject: [PATCH 20/32] Fix missing type conversion in the TLS-Exporter In the TLS-Exporter for TLS 1.3 we mistakenly call PSA_HASH_LENGTH() on an mbedtls_md_type_t when it should be called on a psa_algorithm_t. Fortunately, these two types have almost the same values, since we have previously aligned them to make conversion more efficient. As a result, PSA_HASH_LENGTH() produces exactly the same value when called on an mbedtls_md_type_t as with the equivalent psa_algorithm_t. Thanks to this happy coincidence, fix a largely cosmetic issue (rather than a major functional bug). Signed-off-by: David Horstmann --- library/ssl_tls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 30cde27923..49766ecb8a 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -10121,7 +10121,7 @@ static int mbedtls_ssl_tls13_export_keying_material(mbedtls_ssl_context *ssl, const size_t context_len) { const psa_algorithm_t psa_hash_alg = mbedtls_md_psa_alg_from_type(hash_alg); - const size_t hash_len = PSA_HASH_LENGTH(hash_alg); + const size_t hash_len = PSA_HASH_LENGTH(psa_hash_alg); const unsigned char *secret = ssl->session->app_secrets.exporter_master_secret; /* The length of the label must be at most 249 bytes to fit into the HkdfLabel From 381b2969566f836dc8a5f1a7dce28a62251eaa8c Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 14 Jan 2026 16:15:30 +0100 Subject: [PATCH 21/32] Update framework pointer Signed-off-by: Ronald Cron --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index 875ec308e7..8ed11c99fe 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 875ec308e7ff34610075507b7216172ce8eb0785 +Subproject commit 8ed11c99fe9e6d4d96289ebc1e134949421be917 From 373e08939f67f9ef199d83924798ada5a02df471 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 20 Jan 2026 16:27:28 +0100 Subject: [PATCH 22/32] Add branch specific generate_tls_handshake_tests.py file Signed-off-by: Ronald Cron --- scripts/generate_tls_handshake_tests.py | 17 +++++++++++++++++ scripts/make_generated_files.bat | 2 +- tests/CMakeLists.txt | 4 ++-- tests/Makefile | 4 ++-- tests/scripts/check-generated-files.sh | 2 +- 5 files changed, 23 insertions(+), 6 deletions(-) create mode 100755 scripts/generate_tls_handshake_tests.py diff --git a/scripts/generate_tls_handshake_tests.py b/scripts/generate_tls_handshake_tests.py new file mode 100755 index 0000000000..30f27b1b37 --- /dev/null +++ b/scripts/generate_tls_handshake_tests.py @@ -0,0 +1,17 @@ +#!/usr/bin/env python3 +""" +Generate miscellaneous TLS test cases relating to the handshake. +""" + +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +import sys + +import framework_scripts_path # pylint: disable=unused-import + +from mbedtls_framework import tls_handshake_tests + +if __name__ == '__main__': + sys.argv[1:1] = ["--no-tls12-client-hello-defragmentation-support"] + tls_handshake_tests.main() diff --git a/scripts/make_generated_files.bat b/scripts/make_generated_files.bat index 4977cecc68..f9c2ad1d57 100644 --- a/scripts/make_generated_files.bat +++ b/scripts/make_generated_files.bat @@ -25,7 +25,7 @@ python framework\scripts\generate_ecp_tests.py || exit /b 1 python framework\scripts\generate_psa_tests.py || exit /b 1 python framework\scripts\generate_test_keys.py --output tests\include\test\test_keys.h || exit /b 1 python framework\scripts\generate_test_cert_macros.py --output tests\include\test\test_certs.h || exit /b 1 -python framework\scripts\generate_tls_handshake_tests.py || exit /b 1 +python scripts\generate_tls_handshake_tests.py || exit /b 1 python framework\scripts\generate_tls13_compat_tests.py || exit /b 1 @rem @@@@ Build @@@@ diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index aacb9ec4ab..bdb30ee443 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -132,10 +132,10 @@ if(GEN_FILES) ${CMAKE_CURRENT_SOURCE_DIR}/.. COMMAND "${MBEDTLS_PYTHON_EXECUTABLE}" - "${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_tls_handshake_tests.py" + "${PROJECT_SOURCE_DIR}/scripts/generate_tls_handshake_tests.py" DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/mbedtls_framework/tls_test_case.py - ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_tls_handshake_tests.py + ${PROJECT_SOURCE_DIR}/scripts/generate_tls_handshake_tests.py ) add_custom_target(handshake-generated.sh DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/opt-testcases/handshake-generated.sh) diff --git a/tests/Makefile b/tests/Makefile index 103c4fe9db..7fe7171149 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -59,9 +59,9 @@ GENERATED_FILES += include/test/test_keys.h include/test/test_certs.h .PHONY: ssl-opt opt-testcases/handshake-generated.sh: ../framework/scripts/mbedtls_framework/tls_test_case.py -opt-testcases/handshake-generated.sh: ../framework/scripts/generate_tls_handshake_tests.py +opt-testcases/handshake-generated.sh: ../scripts/generate_tls_handshake_tests.py echo " Gen $@" - $(PYTHON) ../framework/scripts/generate_tls_handshake_tests.py -o $@ + $(PYTHON) ../scripts/generate_tls_handshake_tests.py -o $@ GENERATED_FILES += opt-testcases/handshake-generated.sh ssl-opt: opt-testcases/handshake-generated.sh diff --git a/tests/scripts/check-generated-files.sh b/tests/scripts/check-generated-files.sh index 4352480ea2..0d603aae23 100755 --- a/tests/scripts/check-generated-files.sh +++ b/tests/scripts/check-generated-files.sh @@ -135,7 +135,7 @@ if in_mbedtls_repo; then check scripts/generate_query_config.pl programs/test/query_config.c check scripts/generate_features.pl library/version_features.c check framework/scripts/generate_ssl_debug_helpers.py library/ssl_debug_helpers_generated.c - check framework/scripts/generate_tls_handshake_tests.py tests/opt-testcases/handshake-generated.sh + check scripts/generate_tls_handshake_tests.py tests/opt-testcases/handshake-generated.sh check framework/scripts/generate_tls13_compat_tests.py tests/opt-testcases/tls13-compat.sh check framework/scripts/generate_test_cert_macros.py tests/include/test/test_certs.h # generate_visualc_files enumerates source files (library/*.c). It doesn't From 9d96a23fa25721d275c52f4ccc78c7471d72513f Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 29 Jan 2026 16:04:55 +0100 Subject: [PATCH 23/32] ssl_server2.c: Flush stdout to improve logs timeliness Signed-off-by: Ronald Cron --- programs/ssl/ssl_server2.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index e9539499d1..82c01e1168 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -3592,6 +3592,7 @@ handshake: * 5. Verify the client certificate */ mbedtls_printf(" . Verifying peer X.509 certificate..."); + fflush(stdout); if ((flags = mbedtls_ssl_get_verify_result(&ssl)) != 0) { char vrfy_buf[512]; @@ -3609,6 +3610,7 @@ handshake: char crt_buf[512]; mbedtls_printf(" . Peer certificate information ...\n"); + fflush(stdout); mbedtls_x509_crt_info(crt_buf, sizeof(crt_buf), " ", mbedtls_ssl_get_peer_cert(&ssl)); mbedtls_printf("%s\n", crt_buf); @@ -4061,6 +4063,7 @@ data_exchange: size_t buf_len; mbedtls_printf(" . Serializing live connection..."); + fflush(stdout); ret = mbedtls_ssl_context_save(&ssl, NULL, 0, &buf_len); if (ret != MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL) { @@ -4095,6 +4098,7 @@ data_exchange: size_t b64_len; mbedtls_printf(" . Save serialized context to a file... "); + fflush(stdout); mbedtls_base64_encode(NULL, 0, &b64_len, context_buf, buf_len); @@ -4143,6 +4147,7 @@ data_exchange: if (opt.serialize == 1) { /* nothing to do here, done by context_save() already */ mbedtls_printf(" . Context has been reset... ok\n"); + fflush(stdout); } /* @@ -4155,6 +4160,7 @@ data_exchange: */ if (opt.serialize == 2) { mbedtls_printf(" . Freeing and reinitializing context..."); + fflush(stdout); mbedtls_ssl_free(&ssl); @@ -4191,6 +4197,7 @@ data_exchange: } mbedtls_printf(" . Deserializing connection..."); + fflush(stdout); if ((ret = mbedtls_ssl_context_load(&ssl, context_buf, buf_len)) != 0) { @@ -4220,6 +4227,7 @@ data_exchange: */ close_notify: mbedtls_printf(" . Closing the connection..."); + fflush(stdout); /* No error checking, the connection might be closed already */ do { From c065fdd4d4ae0e96b1466a5f2eee41867f5028df Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 3 Feb 2026 09:56:11 +0100 Subject: [PATCH 24/32] ssl_tls.c: Rename and expand ssl_tls13_get_hs_msg_name Signed-off-by: Ronald Cron --- library/ssl_debug_helpers.h | 2 ++ library/ssl_tls.c | 16 ++++++++++++---- 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/library/ssl_debug_helpers.h b/library/ssl_debug_helpers.h index 4889e77e04..38ef76376c 100644 --- a/library/ssl_debug_helpers.h +++ b/library/ssl_debug_helpers.h @@ -38,6 +38,8 @@ const char *mbedtls_ssl_named_group_to_str(uint16_t in); const char *mbedtls_ssl_get_extension_name(unsigned int extension_type); +const char *mbedtls_ssl_get_hs_msg_name(int hs_msg_type); + void mbedtls_ssl_print_extensions(const mbedtls_ssl_context *ssl, int level, const char *file, int line, int hs_msg_type, uint32_t extensions_mask, diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 30cde27923..96a28537cb 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -685,7 +685,7 @@ const char *mbedtls_ssl_get_extension_name(unsigned int extension_type) mbedtls_ssl_get_extension_id(extension_type)]; } -static const char *ssl_tls13_get_hs_msg_name(int hs_msg_type) +const char *mbedtls_ssl_get_hs_msg_name(int hs_msg_type) { switch (hs_msg_type) { case MBEDTLS_SSL_HS_CLIENT_HELLO: @@ -700,8 +700,16 @@ static const char *ssl_tls13_get_hs_msg_name(int hs_msg_type) return "EncryptedExtensions"; case MBEDTLS_SSL_HS_CERTIFICATE: return "Certificate"; + case MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE: + return "ServerKeyExchange"; case MBEDTLS_SSL_HS_CERTIFICATE_REQUEST: return "CertificateRequest"; + case MBEDTLS_SSL_HS_CERTIFICATE_VERIFY: + return "CertificateVerify"; + case MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE: + return "ClientKeyExchange"; + case MBEDTLS_SSL_HS_FINISHED: + return "Finished"; } return "Unknown"; } @@ -716,7 +724,7 @@ void mbedtls_ssl_print_extension(const mbedtls_ssl_context *ssl, mbedtls_debug_print_msg( ssl, level, file, line, "%s: %s(%u) extension %s %s.", - ssl_tls13_get_hs_msg_name(hs_msg_type), + mbedtls_ssl_get_hs_msg_name(hs_msg_type), mbedtls_ssl_get_extension_name(extension_type), extension_type, extra_msg0, extra_msg1); @@ -727,7 +735,7 @@ void mbedtls_ssl_print_extension(const mbedtls_ssl_context *ssl, if (extra_msg) { mbedtls_debug_print_msg( ssl, level, file, line, - "%s: %s(%u) extension %s.", ssl_tls13_get_hs_msg_name(hs_msg_type), + "%s: %s(%u) extension %s.", mbedtls_ssl_get_hs_msg_name(hs_msg_type), mbedtls_ssl_get_extension_name(extension_type), extension_type, extra_msg); return; @@ -735,7 +743,7 @@ void mbedtls_ssl_print_extension(const mbedtls_ssl_context *ssl, mbedtls_debug_print_msg( ssl, level, file, line, - "%s: %s(%u) extension.", ssl_tls13_get_hs_msg_name(hs_msg_type), + "%s: %s(%u) extension.", mbedtls_ssl_get_hs_msg_name(hs_msg_type), mbedtls_ssl_get_extension_name(extension_type), extension_type); } From a02505a7be37ac7b92414054304b59c77cc01b15 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 3 Feb 2026 09:58:21 +0100 Subject: [PATCH 25/32] ssl_msg.c: Improve HS message reassembly completed message Signed-off-by: Ronald Cron --- library/ssl_msg.c | 5 ++++- tests/ssl-opt.sh | 27 ++++++++++++++------------- 2 files changed, 18 insertions(+), 14 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index c7c24aa798..bfdfa95767 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -19,6 +19,7 @@ #include "mbedtls/ssl.h" #include "ssl_misc.h" #include "debug_internal.h" +#include "ssl_debug_helpers.h" #include "mbedtls/error.h" #include "mbedtls/platform_util.h" #include "mbedtls/version.h" @@ -4449,7 +4450,9 @@ static int ssl_load_buffered_message(mbedtls_ssl_context *ssl) return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } - MBEDTLS_SSL_DEBUG_MSG(2, ("Next handshake message has been buffered - load")); + MBEDTLS_SSL_DEBUG_MSG(2, ("%s handshake message has been buffered%s", + mbedtls_ssl_get_hs_msg_name(hs_buf->data[0]), + hs_buf->is_fragmented ? " and reassembled" : "")); MBEDTLS_SSL_DEBUG_BUF(3, "Buffered handshake message (incl. header)", hs_buf->data, msg_len + 12); diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index ad87605d4e..666ebb5f42 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -12507,9 +12507,9 @@ run_test "DTLS reordering: Buffer out-of-order handshake message on client" \ hs_timeout=2500-60000" \ 0 \ -c "Buffering HS message" \ - -c "Next handshake message has been buffered - load"\ + -c "Certificate handshake message has been buffered$"\ -S "Buffering HS message" \ - -S "Next handshake message has been buffered - load"\ + -S "handshake message has been buffered"\ -C "Injecting buffered CCS message" \ -C "Remember CCS message" \ -S "Injecting buffered CCS message" \ @@ -12527,9 +12527,9 @@ run_test "DTLS reordering: Buffer out-of-order handshake message fragment on -c "Buffering HS message" \ -c "found fragmented DTLS handshake message"\ -c "Next handshake message 1 not or only partially buffered" \ - -c "Next handshake message has been buffered - load"\ + -c "Certificate handshake message has been buffered and reassembled"\ -S "Buffering HS message" \ - -S "Next handshake message has been buffered - load"\ + -S "handshake message has been buffered" \ -C "Injecting buffered CCS message" \ -C "Remember CCS message" \ -S "Injecting buffered CCS message" \ @@ -12550,10 +12550,11 @@ run_test "DTLS reordering: Buffer out-of-order hs msg before reassembling nex hs_timeout=2500-60000" \ 0 \ -c "Buffering HS message" \ - -c "Next handshake message has been buffered - load"\ + -c "Certificate handshake message has been buffered and reassembled"\ + -c "ServerKeyExchange handshake message has been buffered$"\ -C "attempt to make space by freeing buffered messages" \ -S "Buffering HS message" \ - -S "Next handshake message has been buffered - load"\ + -S "handshake message has been buffered" \ -C "Injecting buffered CCS message" \ -C "Remember CCS message" \ -S "Injecting buffered CCS message" \ @@ -12577,7 +12578,7 @@ run_test "DTLS reordering: Buffer out-of-order hs msg before reassembling nex -c "attempt to make space by freeing buffered future messages" \ -c "Enough space available after freeing buffered HS messages" \ -S "Buffering HS message" \ - -S "Next handshake message has been buffered - load"\ + -S "handshake message has been buffered" \ -C "Injecting buffered CCS message" \ -C "Remember CCS message" \ -S "Injecting buffered CCS message" \ @@ -12593,9 +12594,9 @@ run_test "DTLS reordering: Buffer out-of-order handshake message on server" \ hs_timeout=2500-60000" \ 0 \ -C "Buffering HS message" \ - -C "Next handshake message has been buffered - load"\ + -C "handshake message has been buffered" \ -s "Buffering HS message" \ - -s "Next handshake message has been buffered - load" \ + -s "ClientKeyExchange handshake message has been buffered$" \ -C "Injecting buffered CCS message" \ -C "Remember CCS message" \ -S "Injecting buffered CCS message" \ @@ -12612,9 +12613,9 @@ run_test "DTLS reordering: Buffer out-of-order CCS message on client"\ hs_timeout=2500-60000" \ 0 \ -C "Buffering HS message" \ - -C "Next handshake message has been buffered - load"\ + -C "handshake message has been buffered" \ -S "Buffering HS message" \ - -S "Next handshake message has been buffered - load" \ + -S "handshake message has been buffered" \ -c "Injecting buffered CCS message" \ -c "Remember CCS message" \ -S "Injecting buffered CCS message" \ @@ -12630,9 +12631,9 @@ run_test "DTLS reordering: Buffer out-of-order CCS message on server"\ hs_timeout=2500-60000" \ 0 \ -C "Buffering HS message" \ - -C "Next handshake message has been buffered - load"\ + -C "handshake message has been buffered" \ -S "Buffering HS message" \ - -S "Next handshake message has been buffered - load" \ + -S "handshake message has been buffered" \ -C "Injecting buffered CCS message" \ -C "Remember CCS message" \ -s "Injecting buffered CCS message" \ From 0b4cb31fb6289918b003c342c920a92694d534fc Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 14 Jan 2026 16:24:01 +0100 Subject: [PATCH 26/32] ssl-opt.sh: Remove CH reassembly unsupported test We are about to have full support for TLS 1.2 CH reassembly on server side. The equivalent positive test would be a duplicate of one of the tests generated by generate_tls_handshake_tests.py. Thus just removing the negative test. Signed-off-by: Ronald Cron --- tests/ssl-opt.sh | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 666ebb5f42..b69e2bacf5 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -14794,16 +14794,6 @@ run_test "TLS 1.2 ClientHello indicating support for deflate compression meth # Most test cases are in opt-testcases/handshake-generated.sh -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=32, TLS 1.2 ClientHello (unsupported)" \ - "$P_SRV debug_level=4 force_version=tls12 auth_mode=required" \ - "$O_NEXT_CLI -tls1_2 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 1 \ - -s "The SSL configuration is tls12 only" \ - -s "bad client hello message" \ - -s "SSL - A message could not be parsed due to a syntactic error" - # Test server-side buffer resizing with fragmented handshake on TLS1.2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH From 87871ddf301428334c76154edf0aadf7639f48a4 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 3 Feb 2026 11:19:52 +0100 Subject: [PATCH 27/32] ssl-opt.sh: Remove DTLS reassembly redundant test Signed-off-by: Ronald Cron --- tests/ssl-opt.sh | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index b69e2bacf5..1ea53c6380 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -10984,15 +10984,7 @@ run_test "DTLS reassembly: no fragmentation (openssl server)" \ -C "error" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS reassembly: some fragmentation (openssl server)" \ - "$O_SRV -dtls -mtu 256" \ - "$P_CLI dtls=1 debug_level=2" \ - 0 \ - -c "found fragmented DTLS handshake message" \ - -C "error" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS reassembly: more fragmentation (openssl server)" \ +run_test "DTLS reassembly: fragmentation (openssl server)" \ "$O_SRV -dtls -mtu 256" \ "$P_CLI dtls=1 debug_level=2" \ 0 \ From 98b3ef2e43f50b38372b6b30341eeffcb04ec1a4 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 3 Feb 2026 11:18:20 +0100 Subject: [PATCH 28/32] ssl-opt.sh: Improve DTLS reassembly tests Improve DTLS reassembly tests with OpenSSL and GnuTLS server. Check that some messages have been reassembled. Signed-off-by: Ronald Cron --- tests/ssl-opt.sh | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 1ea53c6380..8d4313c5dc 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -10925,6 +10925,7 @@ run_test "DTLS reassembly: some fragmentation (gnutls server)" \ "$P_CLI dtls=1 debug_level=2" \ 0 \ -c "found fragmented DTLS handshake message" \ + -c "Certificate handshake message has been buffered and reassembled" \ -C "error" requires_gnutls @@ -10934,6 +10935,8 @@ run_test "DTLS reassembly: more fragmentation (gnutls server)" \ "$P_CLI dtls=1 debug_level=2" \ 0 \ -c "found fragmented DTLS handshake message" \ + -c "Certificate handshake message has been buffered and reassembled" \ + -c "ServerKeyExchange handshake message has been buffered and reassembled" \ -C "error" requires_gnutls @@ -10943,6 +10946,8 @@ run_test "DTLS reassembly: more fragmentation, nbio (gnutls server)" \ "$P_CLI dtls=1 nbio=2 debug_level=2" \ 0 \ -c "found fragmented DTLS handshake message" \ + -c "Certificate handshake message has been buffered and reassembled" \ + -c "ServerKeyExchange handshake message has been buffered and reassembled" \ -C "error" requires_gnutls @@ -10953,6 +10958,7 @@ run_test "DTLS reassembly: fragmentation, renego (gnutls server)" \ "$P_CLI debug_level=3 dtls=1 renegotiation=1 renegotiate=1" \ 0 \ -c "found fragmented DTLS handshake message" \ + -c "Certificate handshake message has been buffered and reassembled" \ -c "client hello, adding renegotiation extension" \ -c "found renegotiation extension" \ -c "=> renegotiate" \ @@ -10968,6 +10974,7 @@ run_test "DTLS reassembly: fragmentation, nbio, renego (gnutls server)" \ "$P_CLI debug_level=3 nbio=2 dtls=1 renegotiation=1 renegotiate=1" \ 0 \ -c "found fragmented DTLS handshake message" \ + -c "Certificate handshake message has been buffered and reassembled" \ -c "client hello, adding renegotiation extension" \ -c "found renegotiation extension" \ -c "=> renegotiate" \ @@ -10983,12 +10990,17 @@ run_test "DTLS reassembly: no fragmentation (openssl server)" \ -C "found fragmented DTLS handshake message" \ -C "error" +# Minimum possible MTU for OpenSSL server: 256 bytes. +# We expect the server Certificate handshake to be fragmented and verify that +# this is the case. Depending on the configuration, other handshake messages may +# also be fragmented. requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS reassembly: fragmentation (openssl server)" \ "$O_SRV -dtls -mtu 256" \ "$P_CLI dtls=1 debug_level=2" \ 0 \ -c "found fragmented DTLS handshake message" \ + -c "Certificate handshake message has been buffered and reassembled" \ -C "error" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 @@ -10997,6 +11009,7 @@ run_test "DTLS reassembly: fragmentation, nbio (openssl server)" \ "$P_CLI dtls=1 nbio=2 debug_level=2" \ 0 \ -c "found fragmented DTLS handshake message" \ + -c "Certificate handshake message has been buffered and reassembled" \ -C "error" # Tests for sending fragmented handshake messages with DTLS From 8e68a06bdf0c29a83b34f038e0938be29ec30939 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 3 Feb 2026 14:50:25 +0100 Subject: [PATCH 29/32] ssl-opt.sh: Improve DTLS proxy 3d tests Improve DTLS proxy 3d tests with OpenSSL and GnuTLS servers. Have a better control of which message is fragmented and verify it is the case. Signed-off-by: Ronald Cron --- tests/ssl-opt.sh | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 8d4313c5dc..2252feb925 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -12874,10 +12874,11 @@ not_with_valgrind # risk of non-mbedtls peer timing out requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS proxy: 3d, openssl server, fragmentation" \ -p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \ - "$O_NEXT_SRV -dtls1_2 -mtu 768" \ - "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 tickets=0" \ + "$O_NEXT_SRV -dtls1_2 -mtu 256" \ + "$P_CLI dgram_packing=0 dtls=1 debug_level=2 hs_timeout=500-60000 tickets=0" \ 0 \ - -c "HTTP/1.0 200 OK" + -c "HTTP/1.0 200 OK" \ + -c "Certificate handshake message has been buffered and reassembled" requires_openssl_next client_needs_more_time 8 @@ -12885,10 +12886,11 @@ not_with_valgrind # risk of non-mbedtls peer timing out requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS proxy: 3d, openssl server, fragmentation, nbio" \ -p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \ - "$O_NEXT_SRV -dtls1_2 -mtu 768" \ - "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 nbio=2 tickets=0" \ + "$O_NEXT_SRV -dtls1_2 -mtu 256" \ + "$P_CLI dgram_packing=0 dtls=1 debug_level=2 hs_timeout=500-60000 nbio=2 tickets=0" \ 0 \ - -c "HTTP/1.0 200 OK" + -c "HTTP/1.0 200 OK" \ + -c "Certificate handshake message has been buffered and reassembled" requires_gnutls client_needs_more_time 6 @@ -12909,10 +12911,11 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS proxy: 3d, gnutls server, fragmentation" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$G_NEXT_SRV -u --mtu 512" \ - "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000" \ + "$P_CLI dgram_packing=0 dtls=1 debug_level=2 hs_timeout=500-60000" \ 0 \ -s "Extra-header:" \ - -c "Extra-header:" + -c "Extra-header:" \ + -c "Certificate handshake message has been buffered and reassembled" requires_gnutls_next client_needs_more_time 8 @@ -12921,10 +12924,11 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS proxy: 3d, gnutls server, fragmentation, nbio" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$G_NEXT_SRV -u --mtu 512" \ - "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 nbio=2" \ + "$P_CLI dgram_packing=0 dtls=1 debug_level=2 hs_timeout=500-60000 nbio=2" \ 0 \ -s "Extra-header:" \ - -c "Extra-header:" + -c "Extra-header:" \ + -c "Certificate handshake message has been buffered and reassembled" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "export keys functionality" \ From 3b6bd65334aea3532dc0bce3c0ea57ff931617ff Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 3 Feb 2026 17:31:12 +0100 Subject: [PATCH 30/32] ssl_msg.c: Improve handshake message fragmenting message Signed-off-by: Ronald Cron --- library/ssl_msg.c | 3 ++- tests/ssl-opt.sh | 18 +++++++++--------- 2 files changed, 11 insertions(+), 10 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index bfdfa95767..38f81bd099 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -2619,7 +2619,8 @@ int mbedtls_ssl_flight_transmit(mbedtls_ssl_context *ssl) max_hs_frag_len : rem_len; if (frag_off == 0 && cur_hs_frag_len != hs_len) { - MBEDTLS_SSL_DEBUG_MSG(2, ("fragmenting handshake message (%u > %u)", + MBEDTLS_SSL_DEBUG_MSG(2, ("fragmenting %s handshake message (%u > %u)", + mbedtls_ssl_get_hs_msg_name(cur->p[0]), (unsigned) cur_hs_frag_len, (unsigned) max_hs_frag_len)); } diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 2252feb925..89ca5c629c 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -11673,12 +11673,12 @@ requires_gnutls requires_max_content_len 2048 run_test "DTLS fragmenting: gnutls server, DTLS 1.2" \ "$G_SRV -u" \ - "$P_CLI dtls=1 debug_level=2 \ + "$P_CLI dtls=1 debug_level=5 \ crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ key_file=$DATA_FILES_PATH/server8.key \ mtu=512 force_version=dtls12" \ 0 \ - -c "fragmenting handshake message" \ + -c "fragmenting Certificate handshake message" \ -C "error" # We use --insecure for the GnuTLS client because it expects @@ -11700,7 +11700,7 @@ run_test "DTLS fragmenting: gnutls client, DTLS 1.2" \ mtu=512 force_version=dtls12" \ "$G_CLI -u --insecure 127.0.0.1" \ 0 \ - -s "fragmenting handshake message" + -s "fragmenting Certificate handshake message" requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C @@ -11712,7 +11712,7 @@ run_test "DTLS fragmenting: openssl server, DTLS 1.2" \ key_file=$DATA_FILES_PATH/server8.key \ mtu=512 force_version=dtls12" \ 0 \ - -c "fragmenting handshake message" \ + -c "fragmenting Certificate handshake message" \ -C "error" requires_config_enabled MBEDTLS_SSL_PROTO_DTLS @@ -11725,7 +11725,7 @@ run_test "DTLS fragmenting: openssl client, DTLS 1.2" \ mtu=512 force_version=dtls12" \ "$O_CLI -dtls1_2" \ 0 \ - -s "fragmenting handshake message" + -s "fragmenting Certificate handshake message" # interop tests for DTLS fragmentating with unreliable connection # @@ -11744,7 +11744,7 @@ run_test "DTLS fragmenting: 3d, gnutls server, DTLS 1.2" \ key_file=$DATA_FILES_PATH/server8.key \ hs_timeout=250-60000 mtu=512 force_version=dtls12" \ 0 \ - -c "fragmenting handshake message" \ + -c "fragmenting Certificate handshake message" \ -C "error" requires_gnutls_next @@ -11760,7 +11760,7 @@ run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.2" \ hs_timeout=250-60000 mtu=512 force_version=dtls12" \ "$G_NEXT_CLI -u --insecure 127.0.0.1" \ 0 \ - -s "fragmenting handshake message" + -s "fragmenting Certificate handshake message" ## The test below requires 1.1.1a or higher version of openssl, otherwise ## it might trigger a bug due to openssl server (https://github.com/openssl/openssl/issues/6902) @@ -11777,7 +11777,7 @@ run_test "DTLS fragmenting: 3d, openssl server, DTLS 1.2" \ key_file=$DATA_FILES_PATH/server8.key \ hs_timeout=250-60000 mtu=512 force_version=dtls12" \ 0 \ - -c "fragmenting handshake message" \ + -c "fragmenting Certificate handshake message" \ -C "error" ## the test below will time out with certain seed. @@ -11795,7 +11795,7 @@ run_test "DTLS fragmenting: 3d, openssl client, DTLS 1.2" \ hs_timeout=250-60000 mtu=512 force_version=dtls12" \ "$O_CLI -dtls1_2" \ 0 \ - -s "fragmenting handshake message" + -s "fragmenting Certificate handshake message" # Tests for DTLS-SRTP (RFC 5764) requires_config_enabled MBEDTLS_SSL_DTLS_SRTP From d8b97c6a286d975849f7a9d17f6f9e7221d8dde3 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 13 Feb 2026 10:06:53 +0100 Subject: [PATCH 31/32] ssl-opt.sh: Revert leftover debug level increase Signed-off-by: Ronald Cron --- tests/ssl-opt.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 89ca5c629c..c129db0946 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -11673,7 +11673,7 @@ requires_gnutls requires_max_content_len 2048 run_test "DTLS fragmenting: gnutls server, DTLS 1.2" \ "$G_SRV -u" \ - "$P_CLI dtls=1 debug_level=5 \ + "$P_CLI dtls=1 debug_level=2 \ crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ key_file=$DATA_FILES_PATH/server8.key \ mtu=512 force_version=dtls12" \ From d841a6a7825a04abc59f838be856a9c4e32ba80d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 22 Feb 2026 20:33:27 +0100 Subject: [PATCH 32/32] Generate psa_test_wrappers.{h,c} automatically This is not only convenient, but now necessary, because if the content of the generated files changes due to changes in Python files in the framework, `all.sh check_generated_files` will fail in the framework CI. Signed-off-by: Gilles Peskine --- CMakeLists.txt | 27 +- docs/architecture/psa-shared-memory.md | 2 +- scripts/make_generated_files.bat | 1 + tests/.gitignore | 2 + tests/Makefile | 6 + tests/include/test/psa_test_wrappers.h | 789 -------------- tests/scripts/check-generated-files.sh | 6 +- tests/src/psa_test_wrappers.c | 1389 ------------------------ 8 files changed, 37 insertions(+), 2185 deletions(-) delete mode 100644 tests/include/test/psa_test_wrappers.h delete mode 100644 tests/src/psa_test_wrappers.c diff --git a/CMakeLists.txt b/CMakeLists.txt index 692629fc1b..1600756782 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -352,7 +352,29 @@ if(ENABLE_TESTING OR ENABLE_PROGRAMS) ${CMAKE_CURRENT_SOURCE_DIR}/framework/tests/src/*.c ${CMAKE_CURRENT_SOURCE_DIR}/framework/tests/src/drivers/*.c) add_library(mbedtls_test OBJECT ${MBEDTLS_TEST_FILES}) + if(GEN_FILES) + add_custom_command( + OUTPUT + ${CMAKE_CURRENT_BINARY_DIR}/tests/include/test/psa_test_wrappers.h + ${CMAKE_CURRENT_BINARY_DIR}/tests/src/psa_test_wrappers.c + COMMAND ${CMAKE_COMMAND} -E make_directory + ${CMAKE_CURRENT_BINARY_DIR}/tests/include/test + ${CMAKE_CURRENT_BINARY_DIR}/tests/src + COMMAND + "${MBEDTLS_PYTHON_EXECUTABLE}" + "${CMAKE_CURRENT_SOURCE_DIR}/framework/scripts/generate_psa_wrappers.py" + "--output-h" "${CMAKE_CURRENT_BINARY_DIR}/tests/include/test/psa_test_wrappers.h" + "--output-c" "${CMAKE_CURRENT_BINARY_DIR}/tests/src/psa_test_wrappers.c" + DEPENDS + ${CMAKE_CURRENT_SOURCE_DIR}/framework/scripts/generate_psa_wrappers.py + ) + add_custom_target(psa_test_wrappers + DEPENDS + ${CMAKE_CURRENT_BINARY_DIR}/tests/include/test/psa_test_wrappers.h + ${CMAKE_CURRENT_BINARY_DIR}/tests/src/psa_test_wrappers.c) + add_dependencies(mbedtls_test psa_test_wrappers) + add_custom_command( OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/tests/include/test/test_keys.h @@ -367,6 +389,8 @@ if(ENABLE_TESTING OR ENABLE_PROGRAMS) ) add_custom_target(test_keys_header DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/tests/include/test/test_keys.h) + add_dependencies(mbedtls_test test_keys_header) + add_custom_command( OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/tests/include/test/test_certs.h @@ -382,8 +406,9 @@ if(ENABLE_TESTING OR ENABLE_PROGRAMS) ${CMAKE_CURRENT_SOURCE_DIR}/framework/scripts/generate_test_cert_macros.py ) add_custom_target(test_certs_header DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/tests/include/test/test_certs.h) - add_dependencies(mbedtls_test test_keys_header test_certs_header) + add_dependencies(mbedtls_test test_certs_header) endif() + target_include_directories(mbedtls_test PRIVATE ${CMAKE_CURRENT_BINARY_DIR}/tests/include PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/framework/tests/include diff --git a/docs/architecture/psa-shared-memory.md b/docs/architecture/psa-shared-memory.md index 283ffc6265..89f9eede7a 100644 --- a/docs/architecture/psa-shared-memory.md +++ b/docs/architecture/psa-shared-memory.md @@ -663,7 +663,7 @@ psa_status_t mem_poison_psa_aead_update(psa_aead_operation_t *operation, There now exists a more generic mechanism for making exactly this kind of transformation - the PSA test wrappers, which exist in the files `tests/include/test/psa_test_wrappers.h` and `tests/src/psa_test_wrappers.c`. These are wrappers around all PSA functions that allow testing code to be inserted at the start and end of a PSA function call. -The test wrappers are generated by a script, although they are not automatically generated as part of the build process. Instead, they are checked into source control and must be manually updated when functions change by running `framework/scripts/generate_psa_wrappers.py`. +The test wrappers are generated by a script `framework/scripts/generate_psa_wrappers.py` as part of the product build. Poisoning code is added to these test wrappers where relevant in order to pre-poison and post-unpoison the parameters to the functions. diff --git a/scripts/make_generated_files.bat b/scripts/make_generated_files.bat index 4977cecc68..784b79d1cd 100644 --- a/scripts/make_generated_files.bat +++ b/scripts/make_generated_files.bat @@ -23,6 +23,7 @@ python framework\scripts\generate_bignum_tests.py || exit /b 1 python framework\scripts\generate_config_tests.py || exit /b 1 python framework\scripts\generate_ecp_tests.py || exit /b 1 python framework\scripts\generate_psa_tests.py || exit /b 1 +python framework\scripts\generate_psa_wrappers.py || exit /b 1 python framework\scripts\generate_test_keys.py --output tests\include\test\test_keys.h || exit /b 1 python framework\scripts\generate_test_cert_macros.py --output tests\include\test\test_certs.h || exit /b 1 python framework\scripts\generate_tls_handshake_tests.py || exit /b 1 diff --git a/tests/.gitignore b/tests/.gitignore index d32d367c46..58d4e4897e 100644 --- a/tests/.gitignore +++ b/tests/.gitignore @@ -20,11 +20,13 @@ # Generated source files /opt-testcases/handshake-generated.sh /opt-testcases/tls13-compat.sh +/src/psa_test_wrappers.c /suites/*.generated.data /suites/test_suite_config.mbedtls_boolean.data /suites/test_suite_config.psa_boolean.data /suites/test_suite_psa_crypto_storage_format.v[0-9]*.data /suites/test_suite_psa_crypto_storage_format.current.data +/include/test/psa_test_wrappers.h /include/test/test_keys.h /include/test/test_certs.h ###END_GENERATED_FILES### diff --git a/tests/Makefile b/tests/Makefile index 103c4fe9db..b054fc96cd 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -54,6 +54,7 @@ GENERATED_DATA_FILES += $(GENERATED_PSA_DATA_FILES) GENERATED_FILES = $(GENERATED_DATA_FILES) GENERATED_FILES += include/test/test_keys.h include/test/test_certs.h +GENERATED_FILES += include/test/psa_test_wrappers.h src/psa_test_wrappers.c # Generated files needed to (fully) run ssl-opt.sh .PHONY: ssl-opt @@ -164,6 +165,10 @@ all: $(BINARIES) mbedtls_test: $(MBEDTLS_TEST_OBJS) +include/test/psa_test_wrappers.h src/psa_test_wrappers.c: ../framework/scripts/generate_psa_wrappers.py + echo " Gen $@" + cd .. && $(PYTHON) framework/scripts/generate_psa_wrappers.py + include/test/test_certs.h: ../framework/scripts/generate_test_cert_macros.py \ $($(PYTHON) ../framework/scripts/generate_test_cert_macros.py --list-dependencies) echo " Gen $@" @@ -180,6 +185,7 @@ ifdef RECORD_PSA_STATUS_COVERAGE_LOG # therefore the wildcard enumeration above doesn't include it. TEST_OBJS_DEPS += ../framework/tests/include/test/instrument_record_status.h endif +TEST_OBJS_DEPS += include/test/psa_test_wrappers.h TEST_OBJS_DEPS += include/test/test_certs.h include/test/test_keys.h # Rule to compile common test C files in framework diff --git a/tests/include/test/psa_test_wrappers.h b/tests/include/test/psa_test_wrappers.h deleted file mode 100644 index 134a547c85..0000000000 --- a/tests/include/test/psa_test_wrappers.h +++ /dev/null @@ -1,789 +0,0 @@ -/* Automatically generated by generate_psa_wrappers.py, do not edit! */ - -/* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef TEST_PSA_TEST_WRAPPERS_H -#define TEST_PSA_TEST_WRAPPERS_H - -#ifdef __cplusplus -extern "C" { -#endif - -#include - -#if defined(MBEDTLS_PSA_CRYPTO_C) && defined(MBEDTLS_TEST_HOOKS) && \ - !defined(RECORD_PSA_STATUS_COVERAGE_LOG) - -#include -#include -#include -#include - -#if defined(MBEDTLS_PSA_INJECT_ENTROPY) -psa_status_t mbedtls_test_wrap_mbedtls_psa_inject_entropy( - const uint8_t *arg0_seed, - size_t arg1_seed_size); -#define mbedtls_psa_inject_entropy(arg0_seed, arg1_seed_size) \ - mbedtls_test_wrap_mbedtls_psa_inject_entropy(arg0_seed, arg1_seed_size) -#endif /* defined(MBEDTLS_PSA_INJECT_ENTROPY) */ - -#if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS) -psa_status_t mbedtls_test_wrap_mbedtls_psa_platform_get_builtin_key( - mbedtls_svc_key_id_t arg0_key_id, - psa_key_lifetime_t *arg1_lifetime, - psa_drv_slot_number_t *arg2_slot_number); -#define mbedtls_psa_platform_get_builtin_key(arg0_key_id, arg1_lifetime, arg2_slot_number) \ - mbedtls_test_wrap_mbedtls_psa_platform_get_builtin_key(arg0_key_id, arg1_lifetime, arg2_slot_number) -#endif /* defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS) */ - -#if defined(MBEDTLS_PSA_CRYPTO_SE_C) -psa_status_t mbedtls_test_wrap_mbedtls_psa_register_se_key( - const psa_key_attributes_t *arg0_attributes); -#define mbedtls_psa_register_se_key(arg0_attributes) \ - mbedtls_test_wrap_mbedtls_psa_register_se_key(arg0_attributes) -#endif /* defined(MBEDTLS_PSA_CRYPTO_SE_C) */ - -psa_status_t mbedtls_test_wrap_psa_aead_abort( - psa_aead_operation_t *arg0_operation); -#define psa_aead_abort(arg0_operation) \ - mbedtls_test_wrap_psa_aead_abort(arg0_operation) - -psa_status_t mbedtls_test_wrap_psa_aead_decrypt( - mbedtls_svc_key_id_t arg0_key, - psa_algorithm_t arg1_alg, - const uint8_t *arg2_nonce, - size_t arg3_nonce_length, - const uint8_t *arg4_additional_data, - size_t arg5_additional_data_length, - const uint8_t *arg6_ciphertext, - size_t arg7_ciphertext_length, - uint8_t *arg8_plaintext, - size_t arg9_plaintext_size, - size_t *arg10_plaintext_length); -#define psa_aead_decrypt(arg0_key, arg1_alg, arg2_nonce, arg3_nonce_length, arg4_additional_data, arg5_additional_data_length, arg6_ciphertext, arg7_ciphertext_length, arg8_plaintext, arg9_plaintext_size, arg10_plaintext_length) \ - mbedtls_test_wrap_psa_aead_decrypt(arg0_key, arg1_alg, arg2_nonce, arg3_nonce_length, arg4_additional_data, arg5_additional_data_length, arg6_ciphertext, arg7_ciphertext_length, arg8_plaintext, arg9_plaintext_size, arg10_plaintext_length) - -psa_status_t mbedtls_test_wrap_psa_aead_decrypt_setup( - psa_aead_operation_t *arg0_operation, - mbedtls_svc_key_id_t arg1_key, - psa_algorithm_t arg2_alg); -#define psa_aead_decrypt_setup(arg0_operation, arg1_key, arg2_alg) \ - mbedtls_test_wrap_psa_aead_decrypt_setup(arg0_operation, arg1_key, arg2_alg) - -psa_status_t mbedtls_test_wrap_psa_aead_encrypt( - mbedtls_svc_key_id_t arg0_key, - psa_algorithm_t arg1_alg, - const uint8_t *arg2_nonce, - size_t arg3_nonce_length, - const uint8_t *arg4_additional_data, - size_t arg5_additional_data_length, - const uint8_t *arg6_plaintext, - size_t arg7_plaintext_length, - uint8_t *arg8_ciphertext, - size_t arg9_ciphertext_size, - size_t *arg10_ciphertext_length); -#define psa_aead_encrypt(arg0_key, arg1_alg, arg2_nonce, arg3_nonce_length, arg4_additional_data, arg5_additional_data_length, arg6_plaintext, arg7_plaintext_length, arg8_ciphertext, arg9_ciphertext_size, arg10_ciphertext_length) \ - mbedtls_test_wrap_psa_aead_encrypt(arg0_key, arg1_alg, arg2_nonce, arg3_nonce_length, arg4_additional_data, arg5_additional_data_length, arg6_plaintext, arg7_plaintext_length, arg8_ciphertext, arg9_ciphertext_size, arg10_ciphertext_length) - -psa_status_t mbedtls_test_wrap_psa_aead_encrypt_setup( - psa_aead_operation_t *arg0_operation, - mbedtls_svc_key_id_t arg1_key, - psa_algorithm_t arg2_alg); -#define psa_aead_encrypt_setup(arg0_operation, arg1_key, arg2_alg) \ - mbedtls_test_wrap_psa_aead_encrypt_setup(arg0_operation, arg1_key, arg2_alg) - -psa_status_t mbedtls_test_wrap_psa_aead_finish( - psa_aead_operation_t *arg0_operation, - uint8_t *arg1_ciphertext, - size_t arg2_ciphertext_size, - size_t *arg3_ciphertext_length, - uint8_t *arg4_tag, - size_t arg5_tag_size, - size_t *arg6_tag_length); -#define psa_aead_finish(arg0_operation, arg1_ciphertext, arg2_ciphertext_size, arg3_ciphertext_length, arg4_tag, arg5_tag_size, arg6_tag_length) \ - mbedtls_test_wrap_psa_aead_finish(arg0_operation, arg1_ciphertext, arg2_ciphertext_size, arg3_ciphertext_length, arg4_tag, arg5_tag_size, arg6_tag_length) - -psa_status_t mbedtls_test_wrap_psa_aead_generate_nonce( - psa_aead_operation_t *arg0_operation, - uint8_t *arg1_nonce, - size_t arg2_nonce_size, - size_t *arg3_nonce_length); -#define psa_aead_generate_nonce(arg0_operation, arg1_nonce, arg2_nonce_size, arg3_nonce_length) \ - mbedtls_test_wrap_psa_aead_generate_nonce(arg0_operation, arg1_nonce, arg2_nonce_size, arg3_nonce_length) - -psa_status_t mbedtls_test_wrap_psa_aead_set_lengths( - psa_aead_operation_t *arg0_operation, - size_t arg1_ad_length, - size_t arg2_plaintext_length); -#define psa_aead_set_lengths(arg0_operation, arg1_ad_length, arg2_plaintext_length) \ - mbedtls_test_wrap_psa_aead_set_lengths(arg0_operation, arg1_ad_length, arg2_plaintext_length) - -psa_status_t mbedtls_test_wrap_psa_aead_set_nonce( - psa_aead_operation_t *arg0_operation, - const uint8_t *arg1_nonce, - size_t arg2_nonce_length); -#define psa_aead_set_nonce(arg0_operation, arg1_nonce, arg2_nonce_length) \ - mbedtls_test_wrap_psa_aead_set_nonce(arg0_operation, arg1_nonce, arg2_nonce_length) - -psa_status_t mbedtls_test_wrap_psa_aead_update( - psa_aead_operation_t *arg0_operation, - const uint8_t *arg1_input, - size_t arg2_input_length, - uint8_t *arg3_output, - size_t arg4_output_size, - size_t *arg5_output_length); -#define psa_aead_update(arg0_operation, arg1_input, arg2_input_length, arg3_output, arg4_output_size, arg5_output_length) \ - mbedtls_test_wrap_psa_aead_update(arg0_operation, arg1_input, arg2_input_length, arg3_output, arg4_output_size, arg5_output_length) - -psa_status_t mbedtls_test_wrap_psa_aead_update_ad( - psa_aead_operation_t *arg0_operation, - const uint8_t *arg1_input, - size_t arg2_input_length); -#define psa_aead_update_ad(arg0_operation, arg1_input, arg2_input_length) \ - mbedtls_test_wrap_psa_aead_update_ad(arg0_operation, arg1_input, arg2_input_length) - -psa_status_t mbedtls_test_wrap_psa_aead_verify( - psa_aead_operation_t *arg0_operation, - uint8_t *arg1_plaintext, - size_t arg2_plaintext_size, - size_t *arg3_plaintext_length, - const uint8_t *arg4_tag, - size_t arg5_tag_length); -#define psa_aead_verify(arg0_operation, arg1_plaintext, arg2_plaintext_size, arg3_plaintext_length, arg4_tag, arg5_tag_length) \ - mbedtls_test_wrap_psa_aead_verify(arg0_operation, arg1_plaintext, arg2_plaintext_size, arg3_plaintext_length, arg4_tag, arg5_tag_length) - -psa_status_t mbedtls_test_wrap_psa_asymmetric_decrypt( - mbedtls_svc_key_id_t arg0_key, - psa_algorithm_t arg1_alg, - const uint8_t *arg2_input, - size_t arg3_input_length, - const uint8_t *arg4_salt, - size_t arg5_salt_length, - uint8_t *arg6_output, - size_t arg7_output_size, - size_t *arg8_output_length); -#define psa_asymmetric_decrypt(arg0_key, arg1_alg, arg2_input, arg3_input_length, arg4_salt, arg5_salt_length, arg6_output, arg7_output_size, arg8_output_length) \ - mbedtls_test_wrap_psa_asymmetric_decrypt(arg0_key, arg1_alg, arg2_input, arg3_input_length, arg4_salt, arg5_salt_length, arg6_output, arg7_output_size, arg8_output_length) - -psa_status_t mbedtls_test_wrap_psa_asymmetric_encrypt( - mbedtls_svc_key_id_t arg0_key, - psa_algorithm_t arg1_alg, - const uint8_t *arg2_input, - size_t arg3_input_length, - const uint8_t *arg4_salt, - size_t arg5_salt_length, - uint8_t *arg6_output, - size_t arg7_output_size, - size_t *arg8_output_length); -#define psa_asymmetric_encrypt(arg0_key, arg1_alg, arg2_input, arg3_input_length, arg4_salt, arg5_salt_length, arg6_output, arg7_output_size, arg8_output_length) \ - mbedtls_test_wrap_psa_asymmetric_encrypt(arg0_key, arg1_alg, arg2_input, arg3_input_length, arg4_salt, arg5_salt_length, arg6_output, arg7_output_size, arg8_output_length) - -psa_status_t mbedtls_test_wrap_psa_cipher_abort( - psa_cipher_operation_t *arg0_operation); -#define psa_cipher_abort(arg0_operation) \ - mbedtls_test_wrap_psa_cipher_abort(arg0_operation) - -psa_status_t mbedtls_test_wrap_psa_cipher_decrypt( - mbedtls_svc_key_id_t arg0_key, - psa_algorithm_t arg1_alg, - const uint8_t *arg2_input, - size_t arg3_input_length, - uint8_t *arg4_output, - size_t arg5_output_size, - size_t *arg6_output_length); -#define psa_cipher_decrypt(arg0_key, arg1_alg, arg2_input, arg3_input_length, arg4_output, arg5_output_size, arg6_output_length) \ - mbedtls_test_wrap_psa_cipher_decrypt(arg0_key, arg1_alg, arg2_input, arg3_input_length, arg4_output, arg5_output_size, arg6_output_length) - -psa_status_t mbedtls_test_wrap_psa_cipher_decrypt_setup( - psa_cipher_operation_t *arg0_operation, - mbedtls_svc_key_id_t arg1_key, - psa_algorithm_t arg2_alg); -#define psa_cipher_decrypt_setup(arg0_operation, arg1_key, arg2_alg) \ - mbedtls_test_wrap_psa_cipher_decrypt_setup(arg0_operation, arg1_key, arg2_alg) - -psa_status_t mbedtls_test_wrap_psa_cipher_encrypt( - mbedtls_svc_key_id_t arg0_key, - psa_algorithm_t arg1_alg, - const uint8_t *arg2_input, - size_t arg3_input_length, - uint8_t *arg4_output, - size_t arg5_output_size, - size_t *arg6_output_length); -#define psa_cipher_encrypt(arg0_key, arg1_alg, arg2_input, arg3_input_length, arg4_output, arg5_output_size, arg6_output_length) \ - mbedtls_test_wrap_psa_cipher_encrypt(arg0_key, arg1_alg, arg2_input, arg3_input_length, arg4_output, arg5_output_size, arg6_output_length) - -psa_status_t mbedtls_test_wrap_psa_cipher_encrypt_setup( - psa_cipher_operation_t *arg0_operation, - mbedtls_svc_key_id_t arg1_key, - psa_algorithm_t arg2_alg); -#define psa_cipher_encrypt_setup(arg0_operation, arg1_key, arg2_alg) \ - mbedtls_test_wrap_psa_cipher_encrypt_setup(arg0_operation, arg1_key, arg2_alg) - -psa_status_t mbedtls_test_wrap_psa_cipher_finish( - psa_cipher_operation_t *arg0_operation, - uint8_t *arg1_output, - size_t arg2_output_size, - size_t *arg3_output_length); -#define psa_cipher_finish(arg0_operation, arg1_output, arg2_output_size, arg3_output_length) \ - mbedtls_test_wrap_psa_cipher_finish(arg0_operation, arg1_output, arg2_output_size, arg3_output_length) - -psa_status_t mbedtls_test_wrap_psa_cipher_generate_iv( - psa_cipher_operation_t *arg0_operation, - uint8_t *arg1_iv, - size_t arg2_iv_size, - size_t *arg3_iv_length); -#define psa_cipher_generate_iv(arg0_operation, arg1_iv, arg2_iv_size, arg3_iv_length) \ - mbedtls_test_wrap_psa_cipher_generate_iv(arg0_operation, arg1_iv, arg2_iv_size, arg3_iv_length) - -psa_status_t mbedtls_test_wrap_psa_cipher_set_iv( - psa_cipher_operation_t *arg0_operation, - const uint8_t *arg1_iv, - size_t arg2_iv_length); -#define psa_cipher_set_iv(arg0_operation, arg1_iv, arg2_iv_length) \ - mbedtls_test_wrap_psa_cipher_set_iv(arg0_operation, arg1_iv, arg2_iv_length) - -psa_status_t mbedtls_test_wrap_psa_cipher_update( - psa_cipher_operation_t *arg0_operation, - const uint8_t *arg1_input, - size_t arg2_input_length, - uint8_t *arg3_output, - size_t arg4_output_size, - size_t *arg5_output_length); -#define psa_cipher_update(arg0_operation, arg1_input, arg2_input_length, arg3_output, arg4_output_size, arg5_output_length) \ - mbedtls_test_wrap_psa_cipher_update(arg0_operation, arg1_input, arg2_input_length, arg3_output, arg4_output_size, arg5_output_length) - -psa_status_t mbedtls_test_wrap_psa_copy_key( - mbedtls_svc_key_id_t arg0_source_key, - const psa_key_attributes_t *arg1_attributes, - mbedtls_svc_key_id_t *arg2_target_key); -#define psa_copy_key(arg0_source_key, arg1_attributes, arg2_target_key) \ - mbedtls_test_wrap_psa_copy_key(arg0_source_key, arg1_attributes, arg2_target_key) - -#if defined(PSA_WANT_ALG_SOME_PAKE) -psa_status_t mbedtls_test_wrap_psa_crypto_driver_pake_get_cipher_suite( - const psa_crypto_driver_pake_inputs_t *arg0_inputs, - psa_pake_cipher_suite_t *arg1_cipher_suite); -#define psa_crypto_driver_pake_get_cipher_suite(arg0_inputs, arg1_cipher_suite) \ - mbedtls_test_wrap_psa_crypto_driver_pake_get_cipher_suite(arg0_inputs, arg1_cipher_suite) -#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ - -#if defined(PSA_WANT_ALG_SOME_PAKE) -psa_status_t mbedtls_test_wrap_psa_crypto_driver_pake_get_password( - const psa_crypto_driver_pake_inputs_t *arg0_inputs, - uint8_t *arg1_buffer, - size_t arg2_buffer_size, - size_t *arg3_buffer_length); -#define psa_crypto_driver_pake_get_password(arg0_inputs, arg1_buffer, arg2_buffer_size, arg3_buffer_length) \ - mbedtls_test_wrap_psa_crypto_driver_pake_get_password(arg0_inputs, arg1_buffer, arg2_buffer_size, arg3_buffer_length) -#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ - -#if defined(PSA_WANT_ALG_SOME_PAKE) -psa_status_t mbedtls_test_wrap_psa_crypto_driver_pake_get_password_len( - const psa_crypto_driver_pake_inputs_t *arg0_inputs, - size_t *arg1_password_len); -#define psa_crypto_driver_pake_get_password_len(arg0_inputs, arg1_password_len) \ - mbedtls_test_wrap_psa_crypto_driver_pake_get_password_len(arg0_inputs, arg1_password_len) -#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ - -#if defined(PSA_WANT_ALG_SOME_PAKE) -psa_status_t mbedtls_test_wrap_psa_crypto_driver_pake_get_peer( - const psa_crypto_driver_pake_inputs_t *arg0_inputs, - uint8_t *arg1_peer_id, - size_t arg2_peer_id_size, - size_t *arg3_peer_id_length); -#define psa_crypto_driver_pake_get_peer(arg0_inputs, arg1_peer_id, arg2_peer_id_size, arg3_peer_id_length) \ - mbedtls_test_wrap_psa_crypto_driver_pake_get_peer(arg0_inputs, arg1_peer_id, arg2_peer_id_size, arg3_peer_id_length) -#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ - -#if defined(PSA_WANT_ALG_SOME_PAKE) -psa_status_t mbedtls_test_wrap_psa_crypto_driver_pake_get_peer_len( - const psa_crypto_driver_pake_inputs_t *arg0_inputs, - size_t *arg1_peer_len); -#define psa_crypto_driver_pake_get_peer_len(arg0_inputs, arg1_peer_len) \ - mbedtls_test_wrap_psa_crypto_driver_pake_get_peer_len(arg0_inputs, arg1_peer_len) -#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ - -#if defined(PSA_WANT_ALG_SOME_PAKE) -psa_status_t mbedtls_test_wrap_psa_crypto_driver_pake_get_user( - const psa_crypto_driver_pake_inputs_t *arg0_inputs, - uint8_t *arg1_user_id, - size_t arg2_user_id_size, - size_t *arg3_user_id_len); -#define psa_crypto_driver_pake_get_user(arg0_inputs, arg1_user_id, arg2_user_id_size, arg3_user_id_len) \ - mbedtls_test_wrap_psa_crypto_driver_pake_get_user(arg0_inputs, arg1_user_id, arg2_user_id_size, arg3_user_id_len) -#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ - -#if defined(PSA_WANT_ALG_SOME_PAKE) -psa_status_t mbedtls_test_wrap_psa_crypto_driver_pake_get_user_len( - const psa_crypto_driver_pake_inputs_t *arg0_inputs, - size_t *arg1_user_len); -#define psa_crypto_driver_pake_get_user_len(arg0_inputs, arg1_user_len) \ - mbedtls_test_wrap_psa_crypto_driver_pake_get_user_len(arg0_inputs, arg1_user_len) -#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ - -psa_status_t mbedtls_test_wrap_psa_crypto_init(void); -#define psa_crypto_init() \ - mbedtls_test_wrap_psa_crypto_init() - -psa_status_t mbedtls_test_wrap_psa_destroy_key( - mbedtls_svc_key_id_t arg0_key); -#define psa_destroy_key(arg0_key) \ - mbedtls_test_wrap_psa_destroy_key(arg0_key) - -psa_status_t mbedtls_test_wrap_psa_export_key( - mbedtls_svc_key_id_t arg0_key, - uint8_t *arg1_data, - size_t arg2_data_size, - size_t *arg3_data_length); -#define psa_export_key(arg0_key, arg1_data, arg2_data_size, arg3_data_length) \ - mbedtls_test_wrap_psa_export_key(arg0_key, arg1_data, arg2_data_size, arg3_data_length) - -psa_status_t mbedtls_test_wrap_psa_export_public_key( - mbedtls_svc_key_id_t arg0_key, - uint8_t *arg1_data, - size_t arg2_data_size, - size_t *arg3_data_length); -#define psa_export_public_key(arg0_key, arg1_data, arg2_data_size, arg3_data_length) \ - mbedtls_test_wrap_psa_export_public_key(arg0_key, arg1_data, arg2_data_size, arg3_data_length) - -psa_status_t mbedtls_test_wrap_psa_generate_key( - const psa_key_attributes_t *arg0_attributes, - mbedtls_svc_key_id_t *arg1_key); -#define psa_generate_key(arg0_attributes, arg1_key) \ - mbedtls_test_wrap_psa_generate_key(arg0_attributes, arg1_key) - -psa_status_t mbedtls_test_wrap_psa_generate_key_custom( - const psa_key_attributes_t *arg0_attributes, - const psa_custom_key_parameters_t *arg1_custom, - const uint8_t *arg2_custom_data, - size_t arg3_custom_data_length, - mbedtls_svc_key_id_t *arg4_key); -#define psa_generate_key_custom(arg0_attributes, arg1_custom, arg2_custom_data, arg3_custom_data_length, arg4_key) \ - mbedtls_test_wrap_psa_generate_key_custom(arg0_attributes, arg1_custom, arg2_custom_data, arg3_custom_data_length, arg4_key) - -psa_status_t mbedtls_test_wrap_psa_generate_key_ext( - const psa_key_attributes_t *arg0_attributes, - const psa_key_production_parameters_t *arg1_params, - size_t arg2_params_data_length, - mbedtls_svc_key_id_t *arg3_key); -#define psa_generate_key_ext(arg0_attributes, arg1_params, arg2_params_data_length, arg3_key) \ - mbedtls_test_wrap_psa_generate_key_ext(arg0_attributes, arg1_params, arg2_params_data_length, arg3_key) - -psa_status_t mbedtls_test_wrap_psa_generate_random( - uint8_t *arg0_output, - size_t arg1_output_size); -#define psa_generate_random(arg0_output, arg1_output_size) \ - mbedtls_test_wrap_psa_generate_random(arg0_output, arg1_output_size) - -psa_status_t mbedtls_test_wrap_psa_get_key_attributes( - mbedtls_svc_key_id_t arg0_key, - psa_key_attributes_t *arg1_attributes); -#define psa_get_key_attributes(arg0_key, arg1_attributes) \ - mbedtls_test_wrap_psa_get_key_attributes(arg0_key, arg1_attributes) - -psa_status_t mbedtls_test_wrap_psa_hash_abort( - psa_hash_operation_t *arg0_operation); -#define psa_hash_abort(arg0_operation) \ - mbedtls_test_wrap_psa_hash_abort(arg0_operation) - -psa_status_t mbedtls_test_wrap_psa_hash_clone( - const psa_hash_operation_t *arg0_source_operation, - psa_hash_operation_t *arg1_target_operation); -#define psa_hash_clone(arg0_source_operation, arg1_target_operation) \ - mbedtls_test_wrap_psa_hash_clone(arg0_source_operation, arg1_target_operation) - -psa_status_t mbedtls_test_wrap_psa_hash_compare( - psa_algorithm_t arg0_alg, - const uint8_t *arg1_input, - size_t arg2_input_length, - const uint8_t *arg3_hash, - size_t arg4_hash_length); -#define psa_hash_compare(arg0_alg, arg1_input, arg2_input_length, arg3_hash, arg4_hash_length) \ - mbedtls_test_wrap_psa_hash_compare(arg0_alg, arg1_input, arg2_input_length, arg3_hash, arg4_hash_length) - -psa_status_t mbedtls_test_wrap_psa_hash_compute( - psa_algorithm_t arg0_alg, - const uint8_t *arg1_input, - size_t arg2_input_length, - uint8_t *arg3_hash, - size_t arg4_hash_size, - size_t *arg5_hash_length); -#define psa_hash_compute(arg0_alg, arg1_input, arg2_input_length, arg3_hash, arg4_hash_size, arg5_hash_length) \ - mbedtls_test_wrap_psa_hash_compute(arg0_alg, arg1_input, arg2_input_length, arg3_hash, arg4_hash_size, arg5_hash_length) - -psa_status_t mbedtls_test_wrap_psa_hash_finish( - psa_hash_operation_t *arg0_operation, - uint8_t *arg1_hash, - size_t arg2_hash_size, - size_t *arg3_hash_length); -#define psa_hash_finish(arg0_operation, arg1_hash, arg2_hash_size, arg3_hash_length) \ - mbedtls_test_wrap_psa_hash_finish(arg0_operation, arg1_hash, arg2_hash_size, arg3_hash_length) - -psa_status_t mbedtls_test_wrap_psa_hash_setup( - psa_hash_operation_t *arg0_operation, - psa_algorithm_t arg1_alg); -#define psa_hash_setup(arg0_operation, arg1_alg) \ - mbedtls_test_wrap_psa_hash_setup(arg0_operation, arg1_alg) - -psa_status_t mbedtls_test_wrap_psa_hash_update( - psa_hash_operation_t *arg0_operation, - const uint8_t *arg1_input, - size_t arg2_input_length); -#define psa_hash_update(arg0_operation, arg1_input, arg2_input_length) \ - mbedtls_test_wrap_psa_hash_update(arg0_operation, arg1_input, arg2_input_length) - -psa_status_t mbedtls_test_wrap_psa_hash_verify( - psa_hash_operation_t *arg0_operation, - const uint8_t *arg1_hash, - size_t arg2_hash_length); -#define psa_hash_verify(arg0_operation, arg1_hash, arg2_hash_length) \ - mbedtls_test_wrap_psa_hash_verify(arg0_operation, arg1_hash, arg2_hash_length) - -psa_status_t mbedtls_test_wrap_psa_import_key( - const psa_key_attributes_t *arg0_attributes, - const uint8_t *arg1_data, - size_t arg2_data_length, - mbedtls_svc_key_id_t *arg3_key); -#define psa_import_key(arg0_attributes, arg1_data, arg2_data_length, arg3_key) \ - mbedtls_test_wrap_psa_import_key(arg0_attributes, arg1_data, arg2_data_length, arg3_key) - -psa_status_t mbedtls_test_wrap_psa_key_derivation_abort( - psa_key_derivation_operation_t *arg0_operation); -#define psa_key_derivation_abort(arg0_operation) \ - mbedtls_test_wrap_psa_key_derivation_abort(arg0_operation) - -psa_status_t mbedtls_test_wrap_psa_key_derivation_get_capacity( - const psa_key_derivation_operation_t *arg0_operation, - size_t *arg1_capacity); -#define psa_key_derivation_get_capacity(arg0_operation, arg1_capacity) \ - mbedtls_test_wrap_psa_key_derivation_get_capacity(arg0_operation, arg1_capacity) - -psa_status_t mbedtls_test_wrap_psa_key_derivation_input_bytes( - psa_key_derivation_operation_t *arg0_operation, - psa_key_derivation_step_t arg1_step, - const uint8_t *arg2_data, - size_t arg3_data_length); -#define psa_key_derivation_input_bytes(arg0_operation, arg1_step, arg2_data, arg3_data_length) \ - mbedtls_test_wrap_psa_key_derivation_input_bytes(arg0_operation, arg1_step, arg2_data, arg3_data_length) - -psa_status_t mbedtls_test_wrap_psa_key_derivation_input_integer( - psa_key_derivation_operation_t *arg0_operation, - psa_key_derivation_step_t arg1_step, - uint64_t arg2_value); -#define psa_key_derivation_input_integer(arg0_operation, arg1_step, arg2_value) \ - mbedtls_test_wrap_psa_key_derivation_input_integer(arg0_operation, arg1_step, arg2_value) - -psa_status_t mbedtls_test_wrap_psa_key_derivation_input_key( - psa_key_derivation_operation_t *arg0_operation, - psa_key_derivation_step_t arg1_step, - mbedtls_svc_key_id_t arg2_key); -#define psa_key_derivation_input_key(arg0_operation, arg1_step, arg2_key) \ - mbedtls_test_wrap_psa_key_derivation_input_key(arg0_operation, arg1_step, arg2_key) - -psa_status_t mbedtls_test_wrap_psa_key_derivation_key_agreement( - psa_key_derivation_operation_t *arg0_operation, - psa_key_derivation_step_t arg1_step, - mbedtls_svc_key_id_t arg2_private_key, - const uint8_t *arg3_peer_key, - size_t arg4_peer_key_length); -#define psa_key_derivation_key_agreement(arg0_operation, arg1_step, arg2_private_key, arg3_peer_key, arg4_peer_key_length) \ - mbedtls_test_wrap_psa_key_derivation_key_agreement(arg0_operation, arg1_step, arg2_private_key, arg3_peer_key, arg4_peer_key_length) - -psa_status_t mbedtls_test_wrap_psa_key_derivation_output_bytes( - psa_key_derivation_operation_t *arg0_operation, - uint8_t *arg1_output, - size_t arg2_output_length); -#define psa_key_derivation_output_bytes(arg0_operation, arg1_output, arg2_output_length) \ - mbedtls_test_wrap_psa_key_derivation_output_bytes(arg0_operation, arg1_output, arg2_output_length) - -psa_status_t mbedtls_test_wrap_psa_key_derivation_output_key( - const psa_key_attributes_t *arg0_attributes, - psa_key_derivation_operation_t *arg1_operation, - mbedtls_svc_key_id_t *arg2_key); -#define psa_key_derivation_output_key(arg0_attributes, arg1_operation, arg2_key) \ - mbedtls_test_wrap_psa_key_derivation_output_key(arg0_attributes, arg1_operation, arg2_key) - -psa_status_t mbedtls_test_wrap_psa_key_derivation_output_key_custom( - const psa_key_attributes_t *arg0_attributes, - psa_key_derivation_operation_t *arg1_operation, - const psa_custom_key_parameters_t *arg2_custom, - const uint8_t *arg3_custom_data, - size_t arg4_custom_data_length, - mbedtls_svc_key_id_t *arg5_key); -#define psa_key_derivation_output_key_custom(arg0_attributes, arg1_operation, arg2_custom, arg3_custom_data, arg4_custom_data_length, arg5_key) \ - mbedtls_test_wrap_psa_key_derivation_output_key_custom(arg0_attributes, arg1_operation, arg2_custom, arg3_custom_data, arg4_custom_data_length, arg5_key) - -psa_status_t mbedtls_test_wrap_psa_key_derivation_output_key_ext( - const psa_key_attributes_t *arg0_attributes, - psa_key_derivation_operation_t *arg1_operation, - const psa_key_production_parameters_t *arg2_params, - size_t arg3_params_data_length, - mbedtls_svc_key_id_t *arg4_key); -#define psa_key_derivation_output_key_ext(arg0_attributes, arg1_operation, arg2_params, arg3_params_data_length, arg4_key) \ - mbedtls_test_wrap_psa_key_derivation_output_key_ext(arg0_attributes, arg1_operation, arg2_params, arg3_params_data_length, arg4_key) - -psa_status_t mbedtls_test_wrap_psa_key_derivation_set_capacity( - psa_key_derivation_operation_t *arg0_operation, - size_t arg1_capacity); -#define psa_key_derivation_set_capacity(arg0_operation, arg1_capacity) \ - mbedtls_test_wrap_psa_key_derivation_set_capacity(arg0_operation, arg1_capacity) - -psa_status_t mbedtls_test_wrap_psa_key_derivation_setup( - psa_key_derivation_operation_t *arg0_operation, - psa_algorithm_t arg1_alg); -#define psa_key_derivation_setup(arg0_operation, arg1_alg) \ - mbedtls_test_wrap_psa_key_derivation_setup(arg0_operation, arg1_alg) - -psa_status_t mbedtls_test_wrap_psa_mac_abort( - psa_mac_operation_t *arg0_operation); -#define psa_mac_abort(arg0_operation) \ - mbedtls_test_wrap_psa_mac_abort(arg0_operation) - -psa_status_t mbedtls_test_wrap_psa_mac_compute( - mbedtls_svc_key_id_t arg0_key, - psa_algorithm_t arg1_alg, - const uint8_t *arg2_input, - size_t arg3_input_length, - uint8_t *arg4_mac, - size_t arg5_mac_size, - size_t *arg6_mac_length); -#define psa_mac_compute(arg0_key, arg1_alg, arg2_input, arg3_input_length, arg4_mac, arg5_mac_size, arg6_mac_length) \ - mbedtls_test_wrap_psa_mac_compute(arg0_key, arg1_alg, arg2_input, arg3_input_length, arg4_mac, arg5_mac_size, arg6_mac_length) - -psa_status_t mbedtls_test_wrap_psa_mac_sign_finish( - psa_mac_operation_t *arg0_operation, - uint8_t *arg1_mac, - size_t arg2_mac_size, - size_t *arg3_mac_length); -#define psa_mac_sign_finish(arg0_operation, arg1_mac, arg2_mac_size, arg3_mac_length) \ - mbedtls_test_wrap_psa_mac_sign_finish(arg0_operation, arg1_mac, arg2_mac_size, arg3_mac_length) - -psa_status_t mbedtls_test_wrap_psa_mac_sign_setup( - psa_mac_operation_t *arg0_operation, - mbedtls_svc_key_id_t arg1_key, - psa_algorithm_t arg2_alg); -#define psa_mac_sign_setup(arg0_operation, arg1_key, arg2_alg) \ - mbedtls_test_wrap_psa_mac_sign_setup(arg0_operation, arg1_key, arg2_alg) - -psa_status_t mbedtls_test_wrap_psa_mac_update( - psa_mac_operation_t *arg0_operation, - const uint8_t *arg1_input, - size_t arg2_input_length); -#define psa_mac_update(arg0_operation, arg1_input, arg2_input_length) \ - mbedtls_test_wrap_psa_mac_update(arg0_operation, arg1_input, arg2_input_length) - -psa_status_t mbedtls_test_wrap_psa_mac_verify( - mbedtls_svc_key_id_t arg0_key, - psa_algorithm_t arg1_alg, - const uint8_t *arg2_input, - size_t arg3_input_length, - const uint8_t *arg4_mac, - size_t arg5_mac_length); -#define psa_mac_verify(arg0_key, arg1_alg, arg2_input, arg3_input_length, arg4_mac, arg5_mac_length) \ - mbedtls_test_wrap_psa_mac_verify(arg0_key, arg1_alg, arg2_input, arg3_input_length, arg4_mac, arg5_mac_length) - -psa_status_t mbedtls_test_wrap_psa_mac_verify_finish( - psa_mac_operation_t *arg0_operation, - const uint8_t *arg1_mac, - size_t arg2_mac_length); -#define psa_mac_verify_finish(arg0_operation, arg1_mac, arg2_mac_length) \ - mbedtls_test_wrap_psa_mac_verify_finish(arg0_operation, arg1_mac, arg2_mac_length) - -psa_status_t mbedtls_test_wrap_psa_mac_verify_setup( - psa_mac_operation_t *arg0_operation, - mbedtls_svc_key_id_t arg1_key, - psa_algorithm_t arg2_alg); -#define psa_mac_verify_setup(arg0_operation, arg1_key, arg2_alg) \ - mbedtls_test_wrap_psa_mac_verify_setup(arg0_operation, arg1_key, arg2_alg) - -#if defined(PSA_WANT_ALG_SOME_PAKE) -psa_status_t mbedtls_test_wrap_psa_pake_abort( - psa_pake_operation_t *arg0_operation); -#define psa_pake_abort(arg0_operation) \ - mbedtls_test_wrap_psa_pake_abort(arg0_operation) -#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ - -#if defined(PSA_WANT_ALG_SOME_PAKE) -psa_status_t mbedtls_test_wrap_psa_pake_get_implicit_key( - psa_pake_operation_t *arg0_operation, - psa_key_derivation_operation_t *arg1_output); -#define psa_pake_get_implicit_key(arg0_operation, arg1_output) \ - mbedtls_test_wrap_psa_pake_get_implicit_key(arg0_operation, arg1_output) -#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ - -#if defined(PSA_WANT_ALG_SOME_PAKE) -psa_status_t mbedtls_test_wrap_psa_pake_input( - psa_pake_operation_t *arg0_operation, - psa_pake_step_t arg1_step, - const uint8_t *arg2_input, - size_t arg3_input_length); -#define psa_pake_input(arg0_operation, arg1_step, arg2_input, arg3_input_length) \ - mbedtls_test_wrap_psa_pake_input(arg0_operation, arg1_step, arg2_input, arg3_input_length) -#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ - -#if defined(PSA_WANT_ALG_SOME_PAKE) -psa_status_t mbedtls_test_wrap_psa_pake_output( - psa_pake_operation_t *arg0_operation, - psa_pake_step_t arg1_step, - uint8_t *arg2_output, - size_t arg3_output_size, - size_t *arg4_output_length); -#define psa_pake_output(arg0_operation, arg1_step, arg2_output, arg3_output_size, arg4_output_length) \ - mbedtls_test_wrap_psa_pake_output(arg0_operation, arg1_step, arg2_output, arg3_output_size, arg4_output_length) -#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ - -#if defined(PSA_WANT_ALG_SOME_PAKE) -psa_status_t mbedtls_test_wrap_psa_pake_set_password_key( - psa_pake_operation_t *arg0_operation, - mbedtls_svc_key_id_t arg1_password); -#define psa_pake_set_password_key(arg0_operation, arg1_password) \ - mbedtls_test_wrap_psa_pake_set_password_key(arg0_operation, arg1_password) -#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ - -#if defined(PSA_WANT_ALG_SOME_PAKE) -psa_status_t mbedtls_test_wrap_psa_pake_set_peer( - psa_pake_operation_t *arg0_operation, - const uint8_t *arg1_peer_id, - size_t arg2_peer_id_len); -#define psa_pake_set_peer(arg0_operation, arg1_peer_id, arg2_peer_id_len) \ - mbedtls_test_wrap_psa_pake_set_peer(arg0_operation, arg1_peer_id, arg2_peer_id_len) -#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ - -#if defined(PSA_WANT_ALG_SOME_PAKE) -psa_status_t mbedtls_test_wrap_psa_pake_set_role( - psa_pake_operation_t *arg0_operation, - psa_pake_role_t arg1_role); -#define psa_pake_set_role(arg0_operation, arg1_role) \ - mbedtls_test_wrap_psa_pake_set_role(arg0_operation, arg1_role) -#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ - -#if defined(PSA_WANT_ALG_SOME_PAKE) -psa_status_t mbedtls_test_wrap_psa_pake_set_user( - psa_pake_operation_t *arg0_operation, - const uint8_t *arg1_user_id, - size_t arg2_user_id_len); -#define psa_pake_set_user(arg0_operation, arg1_user_id, arg2_user_id_len) \ - mbedtls_test_wrap_psa_pake_set_user(arg0_operation, arg1_user_id, arg2_user_id_len) -#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ - -#if defined(PSA_WANT_ALG_SOME_PAKE) -psa_status_t mbedtls_test_wrap_psa_pake_setup( - psa_pake_operation_t *arg0_operation, - const psa_pake_cipher_suite_t *arg1_cipher_suite); -#define psa_pake_setup(arg0_operation, arg1_cipher_suite) \ - mbedtls_test_wrap_psa_pake_setup(arg0_operation, arg1_cipher_suite) -#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ - -psa_status_t mbedtls_test_wrap_psa_purge_key( - mbedtls_svc_key_id_t arg0_key); -#define psa_purge_key(arg0_key) \ - mbedtls_test_wrap_psa_purge_key(arg0_key) - -psa_status_t mbedtls_test_wrap_psa_raw_key_agreement( - psa_algorithm_t arg0_alg, - mbedtls_svc_key_id_t arg1_private_key, - const uint8_t *arg2_peer_key, - size_t arg3_peer_key_length, - uint8_t *arg4_output, - size_t arg5_output_size, - size_t *arg6_output_length); -#define psa_raw_key_agreement(arg0_alg, arg1_private_key, arg2_peer_key, arg3_peer_key_length, arg4_output, arg5_output_size, arg6_output_length) \ - mbedtls_test_wrap_psa_raw_key_agreement(arg0_alg, arg1_private_key, arg2_peer_key, arg3_peer_key_length, arg4_output, arg5_output_size, arg6_output_length) - -psa_status_t mbedtls_test_wrap_psa_sign_hash( - mbedtls_svc_key_id_t arg0_key, - psa_algorithm_t arg1_alg, - const uint8_t *arg2_hash, - size_t arg3_hash_length, - uint8_t *arg4_signature, - size_t arg5_signature_size, - size_t *arg6_signature_length); -#define psa_sign_hash(arg0_key, arg1_alg, arg2_hash, arg3_hash_length, arg4_signature, arg5_signature_size, arg6_signature_length) \ - mbedtls_test_wrap_psa_sign_hash(arg0_key, arg1_alg, arg2_hash, arg3_hash_length, arg4_signature, arg5_signature_size, arg6_signature_length) - -psa_status_t mbedtls_test_wrap_psa_sign_hash_abort( - psa_sign_hash_interruptible_operation_t *arg0_operation); -#define psa_sign_hash_abort(arg0_operation) \ - mbedtls_test_wrap_psa_sign_hash_abort(arg0_operation) - -psa_status_t mbedtls_test_wrap_psa_sign_hash_complete( - psa_sign_hash_interruptible_operation_t *arg0_operation, - uint8_t *arg1_signature, - size_t arg2_signature_size, - size_t *arg3_signature_length); -#define psa_sign_hash_complete(arg0_operation, arg1_signature, arg2_signature_size, arg3_signature_length) \ - mbedtls_test_wrap_psa_sign_hash_complete(arg0_operation, arg1_signature, arg2_signature_size, arg3_signature_length) - -psa_status_t mbedtls_test_wrap_psa_sign_hash_start( - psa_sign_hash_interruptible_operation_t *arg0_operation, - mbedtls_svc_key_id_t arg1_key, - psa_algorithm_t arg2_alg, - const uint8_t *arg3_hash, - size_t arg4_hash_length); -#define psa_sign_hash_start(arg0_operation, arg1_key, arg2_alg, arg3_hash, arg4_hash_length) \ - mbedtls_test_wrap_psa_sign_hash_start(arg0_operation, arg1_key, arg2_alg, arg3_hash, arg4_hash_length) - -psa_status_t mbedtls_test_wrap_psa_sign_message( - mbedtls_svc_key_id_t arg0_key, - psa_algorithm_t arg1_alg, - const uint8_t *arg2_input, - size_t arg3_input_length, - uint8_t *arg4_signature, - size_t arg5_signature_size, - size_t *arg6_signature_length); -#define psa_sign_message(arg0_key, arg1_alg, arg2_input, arg3_input_length, arg4_signature, arg5_signature_size, arg6_signature_length) \ - mbedtls_test_wrap_psa_sign_message(arg0_key, arg1_alg, arg2_input, arg3_input_length, arg4_signature, arg5_signature_size, arg6_signature_length) - -psa_status_t mbedtls_test_wrap_psa_verify_hash( - mbedtls_svc_key_id_t arg0_key, - psa_algorithm_t arg1_alg, - const uint8_t *arg2_hash, - size_t arg3_hash_length, - const uint8_t *arg4_signature, - size_t arg5_signature_length); -#define psa_verify_hash(arg0_key, arg1_alg, arg2_hash, arg3_hash_length, arg4_signature, arg5_signature_length) \ - mbedtls_test_wrap_psa_verify_hash(arg0_key, arg1_alg, arg2_hash, arg3_hash_length, arg4_signature, arg5_signature_length) - -psa_status_t mbedtls_test_wrap_psa_verify_hash_abort( - psa_verify_hash_interruptible_operation_t *arg0_operation); -#define psa_verify_hash_abort(arg0_operation) \ - mbedtls_test_wrap_psa_verify_hash_abort(arg0_operation) - -psa_status_t mbedtls_test_wrap_psa_verify_hash_complete( - psa_verify_hash_interruptible_operation_t *arg0_operation); -#define psa_verify_hash_complete(arg0_operation) \ - mbedtls_test_wrap_psa_verify_hash_complete(arg0_operation) - -psa_status_t mbedtls_test_wrap_psa_verify_hash_start( - psa_verify_hash_interruptible_operation_t *arg0_operation, - mbedtls_svc_key_id_t arg1_key, - psa_algorithm_t arg2_alg, - const uint8_t *arg3_hash, - size_t arg4_hash_length, - const uint8_t *arg5_signature, - size_t arg6_signature_length); -#define psa_verify_hash_start(arg0_operation, arg1_key, arg2_alg, arg3_hash, arg4_hash_length, arg5_signature, arg6_signature_length) \ - mbedtls_test_wrap_psa_verify_hash_start(arg0_operation, arg1_key, arg2_alg, arg3_hash, arg4_hash_length, arg5_signature, arg6_signature_length) - -psa_status_t mbedtls_test_wrap_psa_verify_message( - mbedtls_svc_key_id_t arg0_key, - psa_algorithm_t arg1_alg, - const uint8_t *arg2_input, - size_t arg3_input_length, - const uint8_t *arg4_signature, - size_t arg5_signature_length); -#define psa_verify_message(arg0_key, arg1_alg, arg2_input, arg3_input_length, arg4_signature, arg5_signature_length) \ - mbedtls_test_wrap_psa_verify_message(arg0_key, arg1_alg, arg2_input, arg3_input_length, arg4_signature, arg5_signature_length) - -#endif /* defined(MBEDTLS_PSA_CRYPTO_C) && defined(MBEDTLS_TEST_HOOKS) && \ - !defined(RECORD_PSA_STATUS_COVERAGE_LOG) */ - -#ifdef __cplusplus -} -#endif - -#endif /* TEST_PSA_TEST_WRAPPERS_H */ - -/* End of automatically generated file. */ diff --git a/tests/scripts/check-generated-files.sh b/tests/scripts/check-generated-files.sh index 4352480ea2..eda3e7d20d 100755 --- a/tests/scripts/check-generated-files.sh +++ b/tests/scripts/check-generated-files.sh @@ -126,6 +126,7 @@ check framework/scripts/generate_bignum_tests.py $(framework/scripts/generate_bi check framework/scripts/generate_config_tests.py $(framework/scripts/generate_config_tests.py --list) check framework/scripts/generate_ecp_tests.py $(framework/scripts/generate_ecp_tests.py --list) check framework/scripts/generate_psa_tests.py $(framework/scripts/generate_psa_tests.py --list) +check framework/scripts/generate_psa_wrappers.py tests/include/test/psa_test_wrappers.h tests/src/psa_test_wrappers.c check framework/scripts/generate_test_keys.py tests/include/test/test_keys.h check scripts/generate_driver_wrappers.py $library_dir/psa_crypto_driver_wrappers.h $library_dir/psa_crypto_driver_wrappers_no_static.c @@ -143,8 +144,3 @@ if in_mbedtls_repo; then # the step that creates or updates these files. check scripts/generate_visualc_files.pl visualc/VS2017 fi - -# Generated files that are present in the repository even in the development -# branch. (This is intended to be temporary, until the generator scripts are -# fully reviewed and the build scripts support a generated header file.) -check framework/scripts/generate_psa_wrappers.py tests/include/test/psa_test_wrappers.h tests/src/psa_test_wrappers.c diff --git a/tests/src/psa_test_wrappers.c b/tests/src/psa_test_wrappers.c deleted file mode 100644 index eceb40bc70..0000000000 --- a/tests/src/psa_test_wrappers.c +++ /dev/null @@ -1,1389 +0,0 @@ -/* Automatically generated by generate_psa_wrappers.py, do not edit! */ - -/* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include - -#if defined(MBEDTLS_PSA_CRYPTO_C) && defined(MBEDTLS_TEST_HOOKS) && \ - !defined(RECORD_PSA_STATUS_COVERAGE_LOG) - -#include -#include -#include -#include - -/* Wrapper for mbedtls_psa_inject_entropy */ -#if defined(MBEDTLS_PSA_INJECT_ENTROPY) -psa_status_t mbedtls_test_wrap_mbedtls_psa_inject_entropy( - const uint8_t *arg0_seed, - size_t arg1_seed_size) -{ - psa_status_t status = (mbedtls_psa_inject_entropy)(arg0_seed, arg1_seed_size); - return status; -} -#endif /* defined(MBEDTLS_PSA_INJECT_ENTROPY) */ - -/* Wrapper for mbedtls_psa_platform_get_builtin_key */ -#if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS) -psa_status_t mbedtls_test_wrap_mbedtls_psa_platform_get_builtin_key( - mbedtls_svc_key_id_t arg0_key_id, - psa_key_lifetime_t *arg1_lifetime, - psa_drv_slot_number_t *arg2_slot_number) -{ - psa_status_t status = (mbedtls_psa_platform_get_builtin_key)(arg0_key_id, arg1_lifetime, arg2_slot_number); - return status; -} -#endif /* defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS) */ - -/* Wrapper for mbedtls_psa_register_se_key */ -#if defined(MBEDTLS_PSA_CRYPTO_SE_C) -psa_status_t mbedtls_test_wrap_mbedtls_psa_register_se_key( - const psa_key_attributes_t *arg0_attributes) -{ - psa_status_t status = (mbedtls_psa_register_se_key)(arg0_attributes); - return status; -} -#endif /* defined(MBEDTLS_PSA_CRYPTO_SE_C) */ - -/* Wrapper for psa_aead_abort */ -psa_status_t mbedtls_test_wrap_psa_aead_abort( - psa_aead_operation_t *arg0_operation) -{ - psa_status_t status = (psa_aead_abort)(arg0_operation); - return status; -} - -/* Wrapper for psa_aead_decrypt */ -psa_status_t mbedtls_test_wrap_psa_aead_decrypt( - mbedtls_svc_key_id_t arg0_key, - psa_algorithm_t arg1_alg, - const uint8_t *arg2_nonce, - size_t arg3_nonce_length, - const uint8_t *arg4_additional_data, - size_t arg5_additional_data_length, - const uint8_t *arg6_ciphertext, - size_t arg7_ciphertext_length, - uint8_t *arg8_plaintext, - size_t arg9_plaintext_size, - size_t *arg10_plaintext_length) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg2_nonce, arg3_nonce_length); - MBEDTLS_TEST_MEMORY_POISON(arg4_additional_data, arg5_additional_data_length); - MBEDTLS_TEST_MEMORY_POISON(arg6_ciphertext, arg7_ciphertext_length); - MBEDTLS_TEST_MEMORY_POISON(arg8_plaintext, arg9_plaintext_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_aead_decrypt)(arg0_key, arg1_alg, arg2_nonce, arg3_nonce_length, arg4_additional_data, arg5_additional_data_length, arg6_ciphertext, arg7_ciphertext_length, arg8_plaintext, arg9_plaintext_size, arg10_plaintext_length); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg2_nonce, arg3_nonce_length); - MBEDTLS_TEST_MEMORY_UNPOISON(arg4_additional_data, arg5_additional_data_length); - MBEDTLS_TEST_MEMORY_UNPOISON(arg6_ciphertext, arg7_ciphertext_length); - MBEDTLS_TEST_MEMORY_UNPOISON(arg8_plaintext, arg9_plaintext_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} - -/* Wrapper for psa_aead_decrypt_setup */ -psa_status_t mbedtls_test_wrap_psa_aead_decrypt_setup( - psa_aead_operation_t *arg0_operation, - mbedtls_svc_key_id_t arg1_key, - psa_algorithm_t arg2_alg) -{ - psa_status_t status = (psa_aead_decrypt_setup)(arg0_operation, arg1_key, arg2_alg); - return status; -} - -/* Wrapper for psa_aead_encrypt */ -psa_status_t mbedtls_test_wrap_psa_aead_encrypt( - mbedtls_svc_key_id_t arg0_key, - psa_algorithm_t arg1_alg, - const uint8_t *arg2_nonce, - size_t arg3_nonce_length, - const uint8_t *arg4_additional_data, - size_t arg5_additional_data_length, - const uint8_t *arg6_plaintext, - size_t arg7_plaintext_length, - uint8_t *arg8_ciphertext, - size_t arg9_ciphertext_size, - size_t *arg10_ciphertext_length) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg2_nonce, arg3_nonce_length); - MBEDTLS_TEST_MEMORY_POISON(arg4_additional_data, arg5_additional_data_length); - MBEDTLS_TEST_MEMORY_POISON(arg6_plaintext, arg7_plaintext_length); - MBEDTLS_TEST_MEMORY_POISON(arg8_ciphertext, arg9_ciphertext_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_aead_encrypt)(arg0_key, arg1_alg, arg2_nonce, arg3_nonce_length, arg4_additional_data, arg5_additional_data_length, arg6_plaintext, arg7_plaintext_length, arg8_ciphertext, arg9_ciphertext_size, arg10_ciphertext_length); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg2_nonce, arg3_nonce_length); - MBEDTLS_TEST_MEMORY_UNPOISON(arg4_additional_data, arg5_additional_data_length); - MBEDTLS_TEST_MEMORY_UNPOISON(arg6_plaintext, arg7_plaintext_length); - MBEDTLS_TEST_MEMORY_UNPOISON(arg8_ciphertext, arg9_ciphertext_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} - -/* Wrapper for psa_aead_encrypt_setup */ -psa_status_t mbedtls_test_wrap_psa_aead_encrypt_setup( - psa_aead_operation_t *arg0_operation, - mbedtls_svc_key_id_t arg1_key, - psa_algorithm_t arg2_alg) -{ - psa_status_t status = (psa_aead_encrypt_setup)(arg0_operation, arg1_key, arg2_alg); - return status; -} - -/* Wrapper for psa_aead_finish */ -psa_status_t mbedtls_test_wrap_psa_aead_finish( - psa_aead_operation_t *arg0_operation, - uint8_t *arg1_ciphertext, - size_t arg2_ciphertext_size, - size_t *arg3_ciphertext_length, - uint8_t *arg4_tag, - size_t arg5_tag_size, - size_t *arg6_tag_length) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg1_ciphertext, arg2_ciphertext_size); - MBEDTLS_TEST_MEMORY_POISON(arg4_tag, arg5_tag_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_aead_finish)(arg0_operation, arg1_ciphertext, arg2_ciphertext_size, arg3_ciphertext_length, arg4_tag, arg5_tag_size, arg6_tag_length); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg1_ciphertext, arg2_ciphertext_size); - MBEDTLS_TEST_MEMORY_UNPOISON(arg4_tag, arg5_tag_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} - -/* Wrapper for psa_aead_generate_nonce */ -psa_status_t mbedtls_test_wrap_psa_aead_generate_nonce( - psa_aead_operation_t *arg0_operation, - uint8_t *arg1_nonce, - size_t arg2_nonce_size, - size_t *arg3_nonce_length) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg1_nonce, arg2_nonce_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_aead_generate_nonce)(arg0_operation, arg1_nonce, arg2_nonce_size, arg3_nonce_length); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg1_nonce, arg2_nonce_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} - -/* Wrapper for psa_aead_set_lengths */ -psa_status_t mbedtls_test_wrap_psa_aead_set_lengths( - psa_aead_operation_t *arg0_operation, - size_t arg1_ad_length, - size_t arg2_plaintext_length) -{ - psa_status_t status = (psa_aead_set_lengths)(arg0_operation, arg1_ad_length, arg2_plaintext_length); - return status; -} - -/* Wrapper for psa_aead_set_nonce */ -psa_status_t mbedtls_test_wrap_psa_aead_set_nonce( - psa_aead_operation_t *arg0_operation, - const uint8_t *arg1_nonce, - size_t arg2_nonce_length) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg1_nonce, arg2_nonce_length); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_aead_set_nonce)(arg0_operation, arg1_nonce, arg2_nonce_length); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg1_nonce, arg2_nonce_length); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} - -/* Wrapper for psa_aead_update */ -psa_status_t mbedtls_test_wrap_psa_aead_update( - psa_aead_operation_t *arg0_operation, - const uint8_t *arg1_input, - size_t arg2_input_length, - uint8_t *arg3_output, - size_t arg4_output_size, - size_t *arg5_output_length) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg1_input, arg2_input_length); - MBEDTLS_TEST_MEMORY_POISON(arg3_output, arg4_output_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_aead_update)(arg0_operation, arg1_input, arg2_input_length, arg3_output, arg4_output_size, arg5_output_length); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg1_input, arg2_input_length); - MBEDTLS_TEST_MEMORY_UNPOISON(arg3_output, arg4_output_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} - -/* Wrapper for psa_aead_update_ad */ -psa_status_t mbedtls_test_wrap_psa_aead_update_ad( - psa_aead_operation_t *arg0_operation, - const uint8_t *arg1_input, - size_t arg2_input_length) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg1_input, arg2_input_length); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_aead_update_ad)(arg0_operation, arg1_input, arg2_input_length); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg1_input, arg2_input_length); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} - -/* Wrapper for psa_aead_verify */ -psa_status_t mbedtls_test_wrap_psa_aead_verify( - psa_aead_operation_t *arg0_operation, - uint8_t *arg1_plaintext, - size_t arg2_plaintext_size, - size_t *arg3_plaintext_length, - const uint8_t *arg4_tag, - size_t arg5_tag_length) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg1_plaintext, arg2_plaintext_size); - MBEDTLS_TEST_MEMORY_POISON(arg4_tag, arg5_tag_length); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_aead_verify)(arg0_operation, arg1_plaintext, arg2_plaintext_size, arg3_plaintext_length, arg4_tag, arg5_tag_length); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg1_plaintext, arg2_plaintext_size); - MBEDTLS_TEST_MEMORY_UNPOISON(arg4_tag, arg5_tag_length); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} - -/* Wrapper for psa_asymmetric_decrypt */ -psa_status_t mbedtls_test_wrap_psa_asymmetric_decrypt( - mbedtls_svc_key_id_t arg0_key, - psa_algorithm_t arg1_alg, - const uint8_t *arg2_input, - size_t arg3_input_length, - const uint8_t *arg4_salt, - size_t arg5_salt_length, - uint8_t *arg6_output, - size_t arg7_output_size, - size_t *arg8_output_length) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg2_input, arg3_input_length); - MBEDTLS_TEST_MEMORY_POISON(arg4_salt, arg5_salt_length); - MBEDTLS_TEST_MEMORY_POISON(arg6_output, arg7_output_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_asymmetric_decrypt)(arg0_key, arg1_alg, arg2_input, arg3_input_length, arg4_salt, arg5_salt_length, arg6_output, arg7_output_size, arg8_output_length); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg2_input, arg3_input_length); - MBEDTLS_TEST_MEMORY_UNPOISON(arg4_salt, arg5_salt_length); - MBEDTLS_TEST_MEMORY_UNPOISON(arg6_output, arg7_output_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} - -/* Wrapper for psa_asymmetric_encrypt */ -psa_status_t mbedtls_test_wrap_psa_asymmetric_encrypt( - mbedtls_svc_key_id_t arg0_key, - psa_algorithm_t arg1_alg, - const uint8_t *arg2_input, - size_t arg3_input_length, - const uint8_t *arg4_salt, - size_t arg5_salt_length, - uint8_t *arg6_output, - size_t arg7_output_size, - size_t *arg8_output_length) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg2_input, arg3_input_length); - MBEDTLS_TEST_MEMORY_POISON(arg4_salt, arg5_salt_length); - MBEDTLS_TEST_MEMORY_POISON(arg6_output, arg7_output_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_asymmetric_encrypt)(arg0_key, arg1_alg, arg2_input, arg3_input_length, arg4_salt, arg5_salt_length, arg6_output, arg7_output_size, arg8_output_length); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg2_input, arg3_input_length); - MBEDTLS_TEST_MEMORY_UNPOISON(arg4_salt, arg5_salt_length); - MBEDTLS_TEST_MEMORY_UNPOISON(arg6_output, arg7_output_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} - -/* Wrapper for psa_cipher_abort */ -psa_status_t mbedtls_test_wrap_psa_cipher_abort( - psa_cipher_operation_t *arg0_operation) -{ - psa_status_t status = (psa_cipher_abort)(arg0_operation); - return status; -} - -/* Wrapper for psa_cipher_decrypt */ -psa_status_t mbedtls_test_wrap_psa_cipher_decrypt( - mbedtls_svc_key_id_t arg0_key, - psa_algorithm_t arg1_alg, - const uint8_t *arg2_input, - size_t arg3_input_length, - uint8_t *arg4_output, - size_t arg5_output_size, - size_t *arg6_output_length) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg2_input, arg3_input_length); - MBEDTLS_TEST_MEMORY_POISON(arg4_output, arg5_output_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_cipher_decrypt)(arg0_key, arg1_alg, arg2_input, arg3_input_length, arg4_output, arg5_output_size, arg6_output_length); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg2_input, arg3_input_length); - MBEDTLS_TEST_MEMORY_UNPOISON(arg4_output, arg5_output_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} - -/* Wrapper for psa_cipher_decrypt_setup */ -psa_status_t mbedtls_test_wrap_psa_cipher_decrypt_setup( - psa_cipher_operation_t *arg0_operation, - mbedtls_svc_key_id_t arg1_key, - psa_algorithm_t arg2_alg) -{ - psa_status_t status = (psa_cipher_decrypt_setup)(arg0_operation, arg1_key, arg2_alg); - return status; -} - -/* Wrapper for psa_cipher_encrypt */ -psa_status_t mbedtls_test_wrap_psa_cipher_encrypt( - mbedtls_svc_key_id_t arg0_key, - psa_algorithm_t arg1_alg, - const uint8_t *arg2_input, - size_t arg3_input_length, - uint8_t *arg4_output, - size_t arg5_output_size, - size_t *arg6_output_length) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg2_input, arg3_input_length); - MBEDTLS_TEST_MEMORY_POISON(arg4_output, arg5_output_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_cipher_encrypt)(arg0_key, arg1_alg, arg2_input, arg3_input_length, arg4_output, arg5_output_size, arg6_output_length); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg2_input, arg3_input_length); - MBEDTLS_TEST_MEMORY_UNPOISON(arg4_output, arg5_output_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} - -/* Wrapper for psa_cipher_encrypt_setup */ -psa_status_t mbedtls_test_wrap_psa_cipher_encrypt_setup( - psa_cipher_operation_t *arg0_operation, - mbedtls_svc_key_id_t arg1_key, - psa_algorithm_t arg2_alg) -{ - psa_status_t status = (psa_cipher_encrypt_setup)(arg0_operation, arg1_key, arg2_alg); - return status; -} - -/* Wrapper for psa_cipher_finish */ -psa_status_t mbedtls_test_wrap_psa_cipher_finish( - psa_cipher_operation_t *arg0_operation, - uint8_t *arg1_output, - size_t arg2_output_size, - size_t *arg3_output_length) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg1_output, arg2_output_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_cipher_finish)(arg0_operation, arg1_output, arg2_output_size, arg3_output_length); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg1_output, arg2_output_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} - -/* Wrapper for psa_cipher_generate_iv */ -psa_status_t mbedtls_test_wrap_psa_cipher_generate_iv( - psa_cipher_operation_t *arg0_operation, - uint8_t *arg1_iv, - size_t arg2_iv_size, - size_t *arg3_iv_length) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg1_iv, arg2_iv_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_cipher_generate_iv)(arg0_operation, arg1_iv, arg2_iv_size, arg3_iv_length); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg1_iv, arg2_iv_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} - -/* Wrapper for psa_cipher_set_iv */ -psa_status_t mbedtls_test_wrap_psa_cipher_set_iv( - psa_cipher_operation_t *arg0_operation, - const uint8_t *arg1_iv, - size_t arg2_iv_length) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg1_iv, arg2_iv_length); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_cipher_set_iv)(arg0_operation, arg1_iv, arg2_iv_length); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg1_iv, arg2_iv_length); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} - -/* Wrapper for psa_cipher_update */ -psa_status_t mbedtls_test_wrap_psa_cipher_update( - psa_cipher_operation_t *arg0_operation, - const uint8_t *arg1_input, - size_t arg2_input_length, - uint8_t *arg3_output, - size_t arg4_output_size, - size_t *arg5_output_length) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg1_input, arg2_input_length); - MBEDTLS_TEST_MEMORY_POISON(arg3_output, arg4_output_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_cipher_update)(arg0_operation, arg1_input, arg2_input_length, arg3_output, arg4_output_size, arg5_output_length); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg1_input, arg2_input_length); - MBEDTLS_TEST_MEMORY_UNPOISON(arg3_output, arg4_output_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} - -/* Wrapper for psa_copy_key */ -psa_status_t mbedtls_test_wrap_psa_copy_key( - mbedtls_svc_key_id_t arg0_source_key, - const psa_key_attributes_t *arg1_attributes, - mbedtls_svc_key_id_t *arg2_target_key) -{ - psa_status_t status = (psa_copy_key)(arg0_source_key, arg1_attributes, arg2_target_key); - return status; -} - -/* Wrapper for psa_crypto_driver_pake_get_cipher_suite */ -#if defined(PSA_WANT_ALG_SOME_PAKE) -psa_status_t mbedtls_test_wrap_psa_crypto_driver_pake_get_cipher_suite( - const psa_crypto_driver_pake_inputs_t *arg0_inputs, - psa_pake_cipher_suite_t *arg1_cipher_suite) -{ - psa_status_t status = (psa_crypto_driver_pake_get_cipher_suite)(arg0_inputs, arg1_cipher_suite); - return status; -} -#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ - -/* Wrapper for psa_crypto_driver_pake_get_password */ -#if defined(PSA_WANT_ALG_SOME_PAKE) -psa_status_t mbedtls_test_wrap_psa_crypto_driver_pake_get_password( - const psa_crypto_driver_pake_inputs_t *arg0_inputs, - uint8_t *arg1_buffer, - size_t arg2_buffer_size, - size_t *arg3_buffer_length) -{ - psa_status_t status = (psa_crypto_driver_pake_get_password)(arg0_inputs, arg1_buffer, arg2_buffer_size, arg3_buffer_length); - return status; -} -#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ - -/* Wrapper for psa_crypto_driver_pake_get_password_len */ -#if defined(PSA_WANT_ALG_SOME_PAKE) -psa_status_t mbedtls_test_wrap_psa_crypto_driver_pake_get_password_len( - const psa_crypto_driver_pake_inputs_t *arg0_inputs, - size_t *arg1_password_len) -{ - psa_status_t status = (psa_crypto_driver_pake_get_password_len)(arg0_inputs, arg1_password_len); - return status; -} -#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ - -/* Wrapper for psa_crypto_driver_pake_get_peer */ -#if defined(PSA_WANT_ALG_SOME_PAKE) -psa_status_t mbedtls_test_wrap_psa_crypto_driver_pake_get_peer( - const psa_crypto_driver_pake_inputs_t *arg0_inputs, - uint8_t *arg1_peer_id, - size_t arg2_peer_id_size, - size_t *arg3_peer_id_length) -{ - psa_status_t status = (psa_crypto_driver_pake_get_peer)(arg0_inputs, arg1_peer_id, arg2_peer_id_size, arg3_peer_id_length); - return status; -} -#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ - -/* Wrapper for psa_crypto_driver_pake_get_peer_len */ -#if defined(PSA_WANT_ALG_SOME_PAKE) -psa_status_t mbedtls_test_wrap_psa_crypto_driver_pake_get_peer_len( - const psa_crypto_driver_pake_inputs_t *arg0_inputs, - size_t *arg1_peer_len) -{ - psa_status_t status = (psa_crypto_driver_pake_get_peer_len)(arg0_inputs, arg1_peer_len); - return status; -} -#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ - -/* Wrapper for psa_crypto_driver_pake_get_user */ -#if defined(PSA_WANT_ALG_SOME_PAKE) -psa_status_t mbedtls_test_wrap_psa_crypto_driver_pake_get_user( - const psa_crypto_driver_pake_inputs_t *arg0_inputs, - uint8_t *arg1_user_id, - size_t arg2_user_id_size, - size_t *arg3_user_id_len) -{ - psa_status_t status = (psa_crypto_driver_pake_get_user)(arg0_inputs, arg1_user_id, arg2_user_id_size, arg3_user_id_len); - return status; -} -#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ - -/* Wrapper for psa_crypto_driver_pake_get_user_len */ -#if defined(PSA_WANT_ALG_SOME_PAKE) -psa_status_t mbedtls_test_wrap_psa_crypto_driver_pake_get_user_len( - const psa_crypto_driver_pake_inputs_t *arg0_inputs, - size_t *arg1_user_len) -{ - psa_status_t status = (psa_crypto_driver_pake_get_user_len)(arg0_inputs, arg1_user_len); - return status; -} -#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ - -/* Wrapper for psa_crypto_init */ -psa_status_t mbedtls_test_wrap_psa_crypto_init(void) -{ - psa_status_t status = (psa_crypto_init)(); - return status; -} - -/* Wrapper for psa_destroy_key */ -psa_status_t mbedtls_test_wrap_psa_destroy_key( - mbedtls_svc_key_id_t arg0_key) -{ - psa_status_t status = (psa_destroy_key)(arg0_key); - return status; -} - -/* Wrapper for psa_export_key */ -psa_status_t mbedtls_test_wrap_psa_export_key( - mbedtls_svc_key_id_t arg0_key, - uint8_t *arg1_data, - size_t arg2_data_size, - size_t *arg3_data_length) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg1_data, arg2_data_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_export_key)(arg0_key, arg1_data, arg2_data_size, arg3_data_length); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg1_data, arg2_data_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} - -/* Wrapper for psa_export_public_key */ -psa_status_t mbedtls_test_wrap_psa_export_public_key( - mbedtls_svc_key_id_t arg0_key, - uint8_t *arg1_data, - size_t arg2_data_size, - size_t *arg3_data_length) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg1_data, arg2_data_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_export_public_key)(arg0_key, arg1_data, arg2_data_size, arg3_data_length); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg1_data, arg2_data_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} - -/* Wrapper for psa_generate_key */ -psa_status_t mbedtls_test_wrap_psa_generate_key( - const psa_key_attributes_t *arg0_attributes, - mbedtls_svc_key_id_t *arg1_key) -{ - psa_status_t status = (psa_generate_key)(arg0_attributes, arg1_key); - return status; -} - -/* Wrapper for psa_generate_key_custom */ -psa_status_t mbedtls_test_wrap_psa_generate_key_custom( - const psa_key_attributes_t *arg0_attributes, - const psa_custom_key_parameters_t *arg1_custom, - const uint8_t *arg2_custom_data, - size_t arg3_custom_data_length, - mbedtls_svc_key_id_t *arg4_key) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg2_custom_data, arg3_custom_data_length); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_generate_key_custom)(arg0_attributes, arg1_custom, arg2_custom_data, arg3_custom_data_length, arg4_key); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg2_custom_data, arg3_custom_data_length); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} - -/* Wrapper for psa_generate_key_ext */ -psa_status_t mbedtls_test_wrap_psa_generate_key_ext( - const psa_key_attributes_t *arg0_attributes, - const psa_key_production_parameters_t *arg1_params, - size_t arg2_params_data_length, - mbedtls_svc_key_id_t *arg3_key) -{ - psa_status_t status = (psa_generate_key_ext)(arg0_attributes, arg1_params, arg2_params_data_length, arg3_key); - return status; -} - -/* Wrapper for psa_generate_random */ -psa_status_t mbedtls_test_wrap_psa_generate_random( - uint8_t *arg0_output, - size_t arg1_output_size) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg0_output, arg1_output_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_generate_random)(arg0_output, arg1_output_size); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg0_output, arg1_output_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} - -/* Wrapper for psa_get_key_attributes */ -psa_status_t mbedtls_test_wrap_psa_get_key_attributes( - mbedtls_svc_key_id_t arg0_key, - psa_key_attributes_t *arg1_attributes) -{ - psa_status_t status = (psa_get_key_attributes)(arg0_key, arg1_attributes); - return status; -} - -/* Wrapper for psa_hash_abort */ -psa_status_t mbedtls_test_wrap_psa_hash_abort( - psa_hash_operation_t *arg0_operation) -{ - psa_status_t status = (psa_hash_abort)(arg0_operation); - return status; -} - -/* Wrapper for psa_hash_clone */ -psa_status_t mbedtls_test_wrap_psa_hash_clone( - const psa_hash_operation_t *arg0_source_operation, - psa_hash_operation_t *arg1_target_operation) -{ - psa_status_t status = (psa_hash_clone)(arg0_source_operation, arg1_target_operation); - return status; -} - -/* Wrapper for psa_hash_compare */ -psa_status_t mbedtls_test_wrap_psa_hash_compare( - psa_algorithm_t arg0_alg, - const uint8_t *arg1_input, - size_t arg2_input_length, - const uint8_t *arg3_hash, - size_t arg4_hash_length) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg1_input, arg2_input_length); - MBEDTLS_TEST_MEMORY_POISON(arg3_hash, arg4_hash_length); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_hash_compare)(arg0_alg, arg1_input, arg2_input_length, arg3_hash, arg4_hash_length); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg1_input, arg2_input_length); - MBEDTLS_TEST_MEMORY_UNPOISON(arg3_hash, arg4_hash_length); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} - -/* Wrapper for psa_hash_compute */ -psa_status_t mbedtls_test_wrap_psa_hash_compute( - psa_algorithm_t arg0_alg, - const uint8_t *arg1_input, - size_t arg2_input_length, - uint8_t *arg3_hash, - size_t arg4_hash_size, - size_t *arg5_hash_length) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg1_input, arg2_input_length); - MBEDTLS_TEST_MEMORY_POISON(arg3_hash, arg4_hash_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_hash_compute)(arg0_alg, arg1_input, arg2_input_length, arg3_hash, arg4_hash_size, arg5_hash_length); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg1_input, arg2_input_length); - MBEDTLS_TEST_MEMORY_UNPOISON(arg3_hash, arg4_hash_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} - -/* Wrapper for psa_hash_finish */ -psa_status_t mbedtls_test_wrap_psa_hash_finish( - psa_hash_operation_t *arg0_operation, - uint8_t *arg1_hash, - size_t arg2_hash_size, - size_t *arg3_hash_length) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg1_hash, arg2_hash_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_hash_finish)(arg0_operation, arg1_hash, arg2_hash_size, arg3_hash_length); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg1_hash, arg2_hash_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} - -/* Wrapper for psa_hash_setup */ -psa_status_t mbedtls_test_wrap_psa_hash_setup( - psa_hash_operation_t *arg0_operation, - psa_algorithm_t arg1_alg) -{ - psa_status_t status = (psa_hash_setup)(arg0_operation, arg1_alg); - return status; -} - -/* Wrapper for psa_hash_update */ -psa_status_t mbedtls_test_wrap_psa_hash_update( - psa_hash_operation_t *arg0_operation, - const uint8_t *arg1_input, - size_t arg2_input_length) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg1_input, arg2_input_length); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_hash_update)(arg0_operation, arg1_input, arg2_input_length); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg1_input, arg2_input_length); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} - -/* Wrapper for psa_hash_verify */ -psa_status_t mbedtls_test_wrap_psa_hash_verify( - psa_hash_operation_t *arg0_operation, - const uint8_t *arg1_hash, - size_t arg2_hash_length) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg1_hash, arg2_hash_length); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_hash_verify)(arg0_operation, arg1_hash, arg2_hash_length); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg1_hash, arg2_hash_length); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} - -/* Wrapper for psa_import_key */ -psa_status_t mbedtls_test_wrap_psa_import_key( - const psa_key_attributes_t *arg0_attributes, - const uint8_t *arg1_data, - size_t arg2_data_length, - mbedtls_svc_key_id_t *arg3_key) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg1_data, arg2_data_length); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_import_key)(arg0_attributes, arg1_data, arg2_data_length, arg3_key); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg1_data, arg2_data_length); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} - -/* Wrapper for psa_key_derivation_abort */ -psa_status_t mbedtls_test_wrap_psa_key_derivation_abort( - psa_key_derivation_operation_t *arg0_operation) -{ - psa_status_t status = (psa_key_derivation_abort)(arg0_operation); - return status; -} - -/* Wrapper for psa_key_derivation_get_capacity */ -psa_status_t mbedtls_test_wrap_psa_key_derivation_get_capacity( - const psa_key_derivation_operation_t *arg0_operation, - size_t *arg1_capacity) -{ - psa_status_t status = (psa_key_derivation_get_capacity)(arg0_operation, arg1_capacity); - return status; -} - -/* Wrapper for psa_key_derivation_input_bytes */ -psa_status_t mbedtls_test_wrap_psa_key_derivation_input_bytes( - psa_key_derivation_operation_t *arg0_operation, - psa_key_derivation_step_t arg1_step, - const uint8_t *arg2_data, - size_t arg3_data_length) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg2_data, arg3_data_length); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_key_derivation_input_bytes)(arg0_operation, arg1_step, arg2_data, arg3_data_length); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg2_data, arg3_data_length); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} - -/* Wrapper for psa_key_derivation_input_integer */ -psa_status_t mbedtls_test_wrap_psa_key_derivation_input_integer( - psa_key_derivation_operation_t *arg0_operation, - psa_key_derivation_step_t arg1_step, - uint64_t arg2_value) -{ - psa_status_t status = (psa_key_derivation_input_integer)(arg0_operation, arg1_step, arg2_value); - return status; -} - -/* Wrapper for psa_key_derivation_input_key */ -psa_status_t mbedtls_test_wrap_psa_key_derivation_input_key( - psa_key_derivation_operation_t *arg0_operation, - psa_key_derivation_step_t arg1_step, - mbedtls_svc_key_id_t arg2_key) -{ - psa_status_t status = (psa_key_derivation_input_key)(arg0_operation, arg1_step, arg2_key); - return status; -} - -/* Wrapper for psa_key_derivation_key_agreement */ -psa_status_t mbedtls_test_wrap_psa_key_derivation_key_agreement( - psa_key_derivation_operation_t *arg0_operation, - psa_key_derivation_step_t arg1_step, - mbedtls_svc_key_id_t arg2_private_key, - const uint8_t *arg3_peer_key, - size_t arg4_peer_key_length) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg3_peer_key, arg4_peer_key_length); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_key_derivation_key_agreement)(arg0_operation, arg1_step, arg2_private_key, arg3_peer_key, arg4_peer_key_length); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg3_peer_key, arg4_peer_key_length); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} - -/* Wrapper for psa_key_derivation_output_bytes */ -psa_status_t mbedtls_test_wrap_psa_key_derivation_output_bytes( - psa_key_derivation_operation_t *arg0_operation, - uint8_t *arg1_output, - size_t arg2_output_length) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg1_output, arg2_output_length); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_key_derivation_output_bytes)(arg0_operation, arg1_output, arg2_output_length); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg1_output, arg2_output_length); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} - -/* Wrapper for psa_key_derivation_output_key */ -psa_status_t mbedtls_test_wrap_psa_key_derivation_output_key( - const psa_key_attributes_t *arg0_attributes, - psa_key_derivation_operation_t *arg1_operation, - mbedtls_svc_key_id_t *arg2_key) -{ - psa_status_t status = (psa_key_derivation_output_key)(arg0_attributes, arg1_operation, arg2_key); - return status; -} - -/* Wrapper for psa_key_derivation_output_key_custom */ -psa_status_t mbedtls_test_wrap_psa_key_derivation_output_key_custom( - const psa_key_attributes_t *arg0_attributes, - psa_key_derivation_operation_t *arg1_operation, - const psa_custom_key_parameters_t *arg2_custom, - const uint8_t *arg3_custom_data, - size_t arg4_custom_data_length, - mbedtls_svc_key_id_t *arg5_key) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg3_custom_data, arg4_custom_data_length); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_key_derivation_output_key_custom)(arg0_attributes, arg1_operation, arg2_custom, arg3_custom_data, arg4_custom_data_length, arg5_key); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg3_custom_data, arg4_custom_data_length); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} - -/* Wrapper for psa_key_derivation_output_key_ext */ -psa_status_t mbedtls_test_wrap_psa_key_derivation_output_key_ext( - const psa_key_attributes_t *arg0_attributes, - psa_key_derivation_operation_t *arg1_operation, - const psa_key_production_parameters_t *arg2_params, - size_t arg3_params_data_length, - mbedtls_svc_key_id_t *arg4_key) -{ - psa_status_t status = (psa_key_derivation_output_key_ext)(arg0_attributes, arg1_operation, arg2_params, arg3_params_data_length, arg4_key); - return status; -} - -/* Wrapper for psa_key_derivation_set_capacity */ -psa_status_t mbedtls_test_wrap_psa_key_derivation_set_capacity( - psa_key_derivation_operation_t *arg0_operation, - size_t arg1_capacity) -{ - psa_status_t status = (psa_key_derivation_set_capacity)(arg0_operation, arg1_capacity); - return status; -} - -/* Wrapper for psa_key_derivation_setup */ -psa_status_t mbedtls_test_wrap_psa_key_derivation_setup( - psa_key_derivation_operation_t *arg0_operation, - psa_algorithm_t arg1_alg) -{ - psa_status_t status = (psa_key_derivation_setup)(arg0_operation, arg1_alg); - return status; -} - -/* Wrapper for psa_mac_abort */ -psa_status_t mbedtls_test_wrap_psa_mac_abort( - psa_mac_operation_t *arg0_operation) -{ - psa_status_t status = (psa_mac_abort)(arg0_operation); - return status; -} - -/* Wrapper for psa_mac_compute */ -psa_status_t mbedtls_test_wrap_psa_mac_compute( - mbedtls_svc_key_id_t arg0_key, - psa_algorithm_t arg1_alg, - const uint8_t *arg2_input, - size_t arg3_input_length, - uint8_t *arg4_mac, - size_t arg5_mac_size, - size_t *arg6_mac_length) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg2_input, arg3_input_length); - MBEDTLS_TEST_MEMORY_POISON(arg4_mac, arg5_mac_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_mac_compute)(arg0_key, arg1_alg, arg2_input, arg3_input_length, arg4_mac, arg5_mac_size, arg6_mac_length); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg2_input, arg3_input_length); - MBEDTLS_TEST_MEMORY_UNPOISON(arg4_mac, arg5_mac_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} - -/* Wrapper for psa_mac_sign_finish */ -psa_status_t mbedtls_test_wrap_psa_mac_sign_finish( - psa_mac_operation_t *arg0_operation, - uint8_t *arg1_mac, - size_t arg2_mac_size, - size_t *arg3_mac_length) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg1_mac, arg2_mac_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_mac_sign_finish)(arg0_operation, arg1_mac, arg2_mac_size, arg3_mac_length); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg1_mac, arg2_mac_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} - -/* Wrapper for psa_mac_sign_setup */ -psa_status_t mbedtls_test_wrap_psa_mac_sign_setup( - psa_mac_operation_t *arg0_operation, - mbedtls_svc_key_id_t arg1_key, - psa_algorithm_t arg2_alg) -{ - psa_status_t status = (psa_mac_sign_setup)(arg0_operation, arg1_key, arg2_alg); - return status; -} - -/* Wrapper for psa_mac_update */ -psa_status_t mbedtls_test_wrap_psa_mac_update( - psa_mac_operation_t *arg0_operation, - const uint8_t *arg1_input, - size_t arg2_input_length) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg1_input, arg2_input_length); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_mac_update)(arg0_operation, arg1_input, arg2_input_length); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg1_input, arg2_input_length); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} - -/* Wrapper for psa_mac_verify */ -psa_status_t mbedtls_test_wrap_psa_mac_verify( - mbedtls_svc_key_id_t arg0_key, - psa_algorithm_t arg1_alg, - const uint8_t *arg2_input, - size_t arg3_input_length, - const uint8_t *arg4_mac, - size_t arg5_mac_length) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg2_input, arg3_input_length); - MBEDTLS_TEST_MEMORY_POISON(arg4_mac, arg5_mac_length); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_mac_verify)(arg0_key, arg1_alg, arg2_input, arg3_input_length, arg4_mac, arg5_mac_length); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg2_input, arg3_input_length); - MBEDTLS_TEST_MEMORY_UNPOISON(arg4_mac, arg5_mac_length); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} - -/* Wrapper for psa_mac_verify_finish */ -psa_status_t mbedtls_test_wrap_psa_mac_verify_finish( - psa_mac_operation_t *arg0_operation, - const uint8_t *arg1_mac, - size_t arg2_mac_length) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg1_mac, arg2_mac_length); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_mac_verify_finish)(arg0_operation, arg1_mac, arg2_mac_length); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg1_mac, arg2_mac_length); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} - -/* Wrapper for psa_mac_verify_setup */ -psa_status_t mbedtls_test_wrap_psa_mac_verify_setup( - psa_mac_operation_t *arg0_operation, - mbedtls_svc_key_id_t arg1_key, - psa_algorithm_t arg2_alg) -{ - psa_status_t status = (psa_mac_verify_setup)(arg0_operation, arg1_key, arg2_alg); - return status; -} - -/* Wrapper for psa_pake_abort */ -#if defined(PSA_WANT_ALG_SOME_PAKE) -psa_status_t mbedtls_test_wrap_psa_pake_abort( - psa_pake_operation_t *arg0_operation) -{ - psa_status_t status = (psa_pake_abort)(arg0_operation); - return status; -} -#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ - -/* Wrapper for psa_pake_get_implicit_key */ -#if defined(PSA_WANT_ALG_SOME_PAKE) -psa_status_t mbedtls_test_wrap_psa_pake_get_implicit_key( - psa_pake_operation_t *arg0_operation, - psa_key_derivation_operation_t *arg1_output) -{ - psa_status_t status = (psa_pake_get_implicit_key)(arg0_operation, arg1_output); - return status; -} -#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ - -/* Wrapper for psa_pake_input */ -#if defined(PSA_WANT_ALG_SOME_PAKE) -psa_status_t mbedtls_test_wrap_psa_pake_input( - psa_pake_operation_t *arg0_operation, - psa_pake_step_t arg1_step, - const uint8_t *arg2_input, - size_t arg3_input_length) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg2_input, arg3_input_length); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_pake_input)(arg0_operation, arg1_step, arg2_input, arg3_input_length); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg2_input, arg3_input_length); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} -#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ - -/* Wrapper for psa_pake_output */ -#if defined(PSA_WANT_ALG_SOME_PAKE) -psa_status_t mbedtls_test_wrap_psa_pake_output( - psa_pake_operation_t *arg0_operation, - psa_pake_step_t arg1_step, - uint8_t *arg2_output, - size_t arg3_output_size, - size_t *arg4_output_length) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg2_output, arg3_output_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_pake_output)(arg0_operation, arg1_step, arg2_output, arg3_output_size, arg4_output_length); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg2_output, arg3_output_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} -#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ - -/* Wrapper for psa_pake_set_password_key */ -#if defined(PSA_WANT_ALG_SOME_PAKE) -psa_status_t mbedtls_test_wrap_psa_pake_set_password_key( - psa_pake_operation_t *arg0_operation, - mbedtls_svc_key_id_t arg1_password) -{ - psa_status_t status = (psa_pake_set_password_key)(arg0_operation, arg1_password); - return status; -} -#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ - -/* Wrapper for psa_pake_set_peer */ -#if defined(PSA_WANT_ALG_SOME_PAKE) -psa_status_t mbedtls_test_wrap_psa_pake_set_peer( - psa_pake_operation_t *arg0_operation, - const uint8_t *arg1_peer_id, - size_t arg2_peer_id_len) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg1_peer_id, arg2_peer_id_len); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_pake_set_peer)(arg0_operation, arg1_peer_id, arg2_peer_id_len); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg1_peer_id, arg2_peer_id_len); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} -#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ - -/* Wrapper for psa_pake_set_role */ -#if defined(PSA_WANT_ALG_SOME_PAKE) -psa_status_t mbedtls_test_wrap_psa_pake_set_role( - psa_pake_operation_t *arg0_operation, - psa_pake_role_t arg1_role) -{ - psa_status_t status = (psa_pake_set_role)(arg0_operation, arg1_role); - return status; -} -#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ - -/* Wrapper for psa_pake_set_user */ -#if defined(PSA_WANT_ALG_SOME_PAKE) -psa_status_t mbedtls_test_wrap_psa_pake_set_user( - psa_pake_operation_t *arg0_operation, - const uint8_t *arg1_user_id, - size_t arg2_user_id_len) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg1_user_id, arg2_user_id_len); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_pake_set_user)(arg0_operation, arg1_user_id, arg2_user_id_len); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg1_user_id, arg2_user_id_len); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} -#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ - -/* Wrapper for psa_pake_setup */ -#if defined(PSA_WANT_ALG_SOME_PAKE) -psa_status_t mbedtls_test_wrap_psa_pake_setup( - psa_pake_operation_t *arg0_operation, - const psa_pake_cipher_suite_t *arg1_cipher_suite) -{ - psa_status_t status = (psa_pake_setup)(arg0_operation, arg1_cipher_suite); - return status; -} -#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ - -/* Wrapper for psa_purge_key */ -psa_status_t mbedtls_test_wrap_psa_purge_key( - mbedtls_svc_key_id_t arg0_key) -{ - psa_status_t status = (psa_purge_key)(arg0_key); - return status; -} - -/* Wrapper for psa_raw_key_agreement */ -psa_status_t mbedtls_test_wrap_psa_raw_key_agreement( - psa_algorithm_t arg0_alg, - mbedtls_svc_key_id_t arg1_private_key, - const uint8_t *arg2_peer_key, - size_t arg3_peer_key_length, - uint8_t *arg4_output, - size_t arg5_output_size, - size_t *arg6_output_length) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg2_peer_key, arg3_peer_key_length); - MBEDTLS_TEST_MEMORY_POISON(arg4_output, arg5_output_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_raw_key_agreement)(arg0_alg, arg1_private_key, arg2_peer_key, arg3_peer_key_length, arg4_output, arg5_output_size, arg6_output_length); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg2_peer_key, arg3_peer_key_length); - MBEDTLS_TEST_MEMORY_UNPOISON(arg4_output, arg5_output_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} - -/* Wrapper for psa_sign_hash */ -psa_status_t mbedtls_test_wrap_psa_sign_hash( - mbedtls_svc_key_id_t arg0_key, - psa_algorithm_t arg1_alg, - const uint8_t *arg2_hash, - size_t arg3_hash_length, - uint8_t *arg4_signature, - size_t arg5_signature_size, - size_t *arg6_signature_length) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg2_hash, arg3_hash_length); - MBEDTLS_TEST_MEMORY_POISON(arg4_signature, arg5_signature_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_sign_hash)(arg0_key, arg1_alg, arg2_hash, arg3_hash_length, arg4_signature, arg5_signature_size, arg6_signature_length); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg2_hash, arg3_hash_length); - MBEDTLS_TEST_MEMORY_UNPOISON(arg4_signature, arg5_signature_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} - -/* Wrapper for psa_sign_hash_abort */ -psa_status_t mbedtls_test_wrap_psa_sign_hash_abort( - psa_sign_hash_interruptible_operation_t *arg0_operation) -{ - psa_status_t status = (psa_sign_hash_abort)(arg0_operation); - return status; -} - -/* Wrapper for psa_sign_hash_complete */ -psa_status_t mbedtls_test_wrap_psa_sign_hash_complete( - psa_sign_hash_interruptible_operation_t *arg0_operation, - uint8_t *arg1_signature, - size_t arg2_signature_size, - size_t *arg3_signature_length) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg1_signature, arg2_signature_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_sign_hash_complete)(arg0_operation, arg1_signature, arg2_signature_size, arg3_signature_length); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg1_signature, arg2_signature_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} - -/* Wrapper for psa_sign_hash_start */ -psa_status_t mbedtls_test_wrap_psa_sign_hash_start( - psa_sign_hash_interruptible_operation_t *arg0_operation, - mbedtls_svc_key_id_t arg1_key, - psa_algorithm_t arg2_alg, - const uint8_t *arg3_hash, - size_t arg4_hash_length) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg3_hash, arg4_hash_length); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_sign_hash_start)(arg0_operation, arg1_key, arg2_alg, arg3_hash, arg4_hash_length); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg3_hash, arg4_hash_length); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} - -/* Wrapper for psa_sign_message */ -psa_status_t mbedtls_test_wrap_psa_sign_message( - mbedtls_svc_key_id_t arg0_key, - psa_algorithm_t arg1_alg, - const uint8_t *arg2_input, - size_t arg3_input_length, - uint8_t *arg4_signature, - size_t arg5_signature_size, - size_t *arg6_signature_length) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg2_input, arg3_input_length); - MBEDTLS_TEST_MEMORY_POISON(arg4_signature, arg5_signature_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_sign_message)(arg0_key, arg1_alg, arg2_input, arg3_input_length, arg4_signature, arg5_signature_size, arg6_signature_length); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg2_input, arg3_input_length); - MBEDTLS_TEST_MEMORY_UNPOISON(arg4_signature, arg5_signature_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} - -/* Wrapper for psa_verify_hash */ -psa_status_t mbedtls_test_wrap_psa_verify_hash( - mbedtls_svc_key_id_t arg0_key, - psa_algorithm_t arg1_alg, - const uint8_t *arg2_hash, - size_t arg3_hash_length, - const uint8_t *arg4_signature, - size_t arg5_signature_length) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg2_hash, arg3_hash_length); - MBEDTLS_TEST_MEMORY_POISON(arg4_signature, arg5_signature_length); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_verify_hash)(arg0_key, arg1_alg, arg2_hash, arg3_hash_length, arg4_signature, arg5_signature_length); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg2_hash, arg3_hash_length); - MBEDTLS_TEST_MEMORY_UNPOISON(arg4_signature, arg5_signature_length); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} - -/* Wrapper for psa_verify_hash_abort */ -psa_status_t mbedtls_test_wrap_psa_verify_hash_abort( - psa_verify_hash_interruptible_operation_t *arg0_operation) -{ - psa_status_t status = (psa_verify_hash_abort)(arg0_operation); - return status; -} - -/* Wrapper for psa_verify_hash_complete */ -psa_status_t mbedtls_test_wrap_psa_verify_hash_complete( - psa_verify_hash_interruptible_operation_t *arg0_operation) -{ - psa_status_t status = (psa_verify_hash_complete)(arg0_operation); - return status; -} - -/* Wrapper for psa_verify_hash_start */ -psa_status_t mbedtls_test_wrap_psa_verify_hash_start( - psa_verify_hash_interruptible_operation_t *arg0_operation, - mbedtls_svc_key_id_t arg1_key, - psa_algorithm_t arg2_alg, - const uint8_t *arg3_hash, - size_t arg4_hash_length, - const uint8_t *arg5_signature, - size_t arg6_signature_length) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg3_hash, arg4_hash_length); - MBEDTLS_TEST_MEMORY_POISON(arg5_signature, arg6_signature_length); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_verify_hash_start)(arg0_operation, arg1_key, arg2_alg, arg3_hash, arg4_hash_length, arg5_signature, arg6_signature_length); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg3_hash, arg4_hash_length); - MBEDTLS_TEST_MEMORY_UNPOISON(arg5_signature, arg6_signature_length); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} - -/* Wrapper for psa_verify_message */ -psa_status_t mbedtls_test_wrap_psa_verify_message( - mbedtls_svc_key_id_t arg0_key, - psa_algorithm_t arg1_alg, - const uint8_t *arg2_input, - size_t arg3_input_length, - const uint8_t *arg4_signature, - size_t arg5_signature_length) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg2_input, arg3_input_length); - MBEDTLS_TEST_MEMORY_POISON(arg4_signature, arg5_signature_length); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_verify_message)(arg0_key, arg1_alg, arg2_input, arg3_input_length, arg4_signature, arg5_signature_length); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg2_input, arg3_input_length); - MBEDTLS_TEST_MEMORY_UNPOISON(arg4_signature, arg5_signature_length); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} - -#endif /* defined(MBEDTLS_PSA_CRYPTO_C) && defined(MBEDTLS_TEST_HOOKS) && \ - !defined(RECORD_PSA_STATUS_COVERAGE_LOG) */ - -/* End of automatically generated file. */