Merge pull request #5353 from gstrauss/mbedtls_ssl_config_defaults-repeat
Reset dhm_P and dhm_G if config call repeated; avoid memory leak
diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml
index 63076f4..c1beccd 100644
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -4,5 +4,5 @@
url: mailto:mbed-tls-security@lists.trustedfirmware.org
about: Report a security vulnerability.
- name: Mbed TLS mailing list
- url: https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls
+ url: https://lists.trustedfirmware.org/mailman3/lists/mbed-tls.lists.trustedfirmware.org
about: Mbed TLS community support and general discussion.
diff --git a/BRANCHES.md b/BRANCHES.md
index 60218b0..a6ddfd5 100644
--- a/BRANCHES.md
+++ b/BRANCHES.md
@@ -1,6 +1,6 @@
# Maintained branches
-At any point in time, we have a number of maintained branches consisting of:
+At any point in time, we have a number of maintained branches, currently consisting of:
- The [`master`](https://github.com/ARMmbed/mbedtls/tree/master) branch:
this always contains the latest release, including all publicly available
@@ -9,11 +9,18 @@
this is where the current major version of Mbed TLS (version 3.x) is being
prepared. It has API changes that make it incompatible with Mbed TLS 2.x,
as well as all the new features and bug fixes and security fixes.
-- The [`development_2.x`](https://github.com/ARMmbed/mbedtls/tree/development_2.x) branch:
- this branch retains the API of Mbed TLS 2.x, and has a subset of the
- features added after Mbed TLS 2.26.0 and bug fixes and security fixes.
-- One or more long-time support (LTS) branches:
- these only get bug fixes and security fixes.
+- One or more long-time support (LTS) branches: these only get bug fixes and
+ security fixes. Currently, the only supported LTS branch is:
+ [`mbedtls-2.28`](https://github.com/ARMmbed/mbedtls/tree/mbedtls-2.28).
+- For a short time we also have the previous LTS, which has recently ended its
+ support period,
+ [`mbedtls-2.16`](https://github.com/ARMmbed/mbedtls/tree/mbedtls-2.16).
+ This branch will move into the `archive` namespace around the time of
+ the next release.
+
+We retain a number of historical branches, whose names are prefixed by `archive/`,
+such as [`archive/mbedtls-2.7`](https://github.com/ARMmbed/mbedtls/tree/archive/mbedtls-2.7).
+These branches will not receive any changes or updates.
We use [Semantic Versioning](https://semver.org/). In particular, we maintain
API compatibility in the `master` branch across minor version changes (e.g.
@@ -70,9 +77,8 @@
- [master](https://github.com/ARMmbed/mbedtls/tree/master)
- [`development`](https://github.com/ARMmbed/mbedtls/)
-- [`development_2.x`](https://github.com/ARMmbed/mbedtls/tree/development_2.x)
-- [`mbedtls-2.16`](https://github.com/ARMmbed/mbedtls/tree/mbedtls-2.16)
- maintained until at least the end of 2021, see
- <https://tls.mbed.org/tech-updates/blog/announcing-lts-branch-mbedtls-2.16>
+- [`mbedtls-2.28`](https://github.com/ARMmbed/mbedtls/tree/mbedtls-2.28)
+ maintained until at least the end of 2024, see
+ <https://github.com/ARMmbed/mbedtls/releases/tag/v2.28.0>.
Users are urged to always use the latest version of a maintained branch.
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index dcaa360..cd41578 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -14,7 +14,7 @@
Making a Contribution
---------------------
-1. [Check for open issues](https://github.com/ARMmbed/mbedtls/issues) or [start a discussion](https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls) around a feature idea or a bug.
+1. [Check for open issues](https://github.com/ARMmbed/mbedtls/issues) or [start a discussion](https://lists.trustedfirmware.org/mailman3/lists/mbed-tls.lists.trustedfirmware.org) around a feature idea or a bug.
1. Fork the [Mbed TLS repository on GitHub](https://github.com/ARMmbed/mbedtls) to start making your changes. As a general rule, you should use the ["development" branch](https://github.com/ARMmbed/mbedtls/tree/development) as a basis.
1. Write a test which shows that the bug was fixed or that the feature works as expected.
1. Send a pull request (PR) and work with us until it gets merged and published. Contributions may need some modifications, so a few rounds of review and fixing may be necessary. We will include your name in the ChangeLog :)
diff --git a/ChangeLog.d/Driver_wrapper_codegen_1.0.txt b/ChangeLog.d/Driver_wrapper_codegen_1.0.txt
new file mode 100644
index 0000000..a4d9c54
--- /dev/null
+++ b/ChangeLog.d/Driver_wrapper_codegen_1.0.txt
@@ -0,0 +1,5 @@
+Changes
+ * The file library/psa_crypto_driver_wrappers.c is now generated
+ from a template. In the future, the generation will support
+ driver descriptions. For the time being, to customize this file,
+ see docs/proposed/psa-driver-wrappers-codegen-migration-guide.md
diff --git a/ChangeLog.d/psa_aead_singleshot_error.txt b/ChangeLog.d/psa_aead_singleshot_error.txt
new file mode 100644
index 0000000..7243874
--- /dev/null
+++ b/ChangeLog.d/psa_aead_singleshot_error.txt
@@ -0,0 +1,4 @@
+Changes
+ * Return PSA_ERROR_INVALID_ARGUMENT if the algorithm passed to singleshot
+ AEAD functions is not an AEAD algorithm. This aligns them with the
+ multipart functions, and the PSA Crypto API 1.1 spec.
diff --git a/SUPPORT.md b/SUPPORT.md
index 1bc0695..dab7ac5 100644
--- a/SUPPORT.md
+++ b/SUPPORT.md
@@ -7,9 +7,9 @@
- the `docs` directory in the source tree;
- the [Mbed TLS knowledge Base](https://tls.mbed.org/kb);
- the [Mbed TLS mailing-list
- archives](https://lists.trustedfirmware.org/pipermail/mbed-tls/).
+ archives](https://lists.trustedfirmware.org/archives/list/mbed-tls@lists.trustedfirmware.org/).
## Asking Questions
If you can't find your answer in the above sources, please use the [Mbed TLS
-mailing list](https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls).
+mailing list](https://lists.trustedfirmware.org/mailman3/lists/mbed-tls.lists.trustedfirmware.org).
diff --git a/docs/proposed/psa-driver-wrappers-codegen-migration-guide.md b/docs/proposed/psa-driver-wrappers-codegen-migration-guide.md
new file mode 100644
index 0000000..4f82bed
--- /dev/null
+++ b/docs/proposed/psa-driver-wrappers-codegen-migration-guide.md
@@ -0,0 +1,32 @@
+Migrating to an auto genrated psa_crypto_driver_wrappers.c file
+===============================================================
+
+**This is a specification of work in progress. The implementation is not yet merged into Mbed TLS.**
+
+This document describes how to migrate to the auto generated psa_crypto_driver_wrappers.c file.
+It is meant to give the library user migration guidelines while the Mbed TLS project tides over multiple minor revs of version 1.0, after which this will be merged into psa-driver-interface.md.
+
+## Introduction
+
+The design of the Driver Wrappers code generation is based on the design proposal https://github.com/ARMmbed/mbedtls/pull/5067
+During the process of implementation there might be minor variations wrt versioning and broader implementation specific ideas, but the design remains the same.
+
+## Prerequisites
+
+Python3 and Jinja2 rev 2.10.1
+
+## Feature Version
+
+1.0
+
+### What's critical for a migrating user
+
+The Driver Wrapper auto generation project is designed to use a python templating library ( Jinja2 ) to render templates based on drivers that are defined using a Driver descrioption JSON file(s).
+
+While that is the larger goal, for version 1.0 here's what's changed
+
+#### What's changed
+
+(1) psa_crypto_driver_wrappers.c will from this point on be auto generated.
+(2) The auto generation is based on the template file at scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja.
+(3) So while all driver wrapper templating support is yet to come in, the library user will need to patch into the template file as needed, this could be read as replacing the template file with the current psa_crypto_driver_wrappers.c file maintained by the library user.
diff --git a/library/.gitignore b/library/.gitignore
index cf2ddac..18cd305 100644
--- a/library/.gitignore
+++ b/library/.gitignore
@@ -7,3 +7,4 @@
/error.c
/version_features.c
/ssl_debug_helpers_generated.c
+/psa_crypto_driver_wrappers.c
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index 1884db9..ddede03 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -157,10 +157,25 @@
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/generate_ssl_debug_helpers.py
${error_headers}
)
+
+ add_custom_command(
+ OUTPUT
+ ${CMAKE_CURRENT_BINARY_DIR}/psa_crypto_driver_wrappers.c
+ COMMAND
+ ${MBEDTLS_PYTHON_EXECUTABLE}
+ ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/generate_driver_wrappers.py
+ ${CMAKE_CURRENT_BINARY_DIR}
+ DEPENDS
+ ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/generate_driver_wrappers.py
+ ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja
+ )
+
+
else()
link_to_source(error.c)
link_to_source(version_features.c)
link_to_source(ssl_debug_helpers_generated.c)
+ link_to_source(psa_crypto_driver_wrappers.c)
endif()
if(CMAKE_COMPILER_IS_GNUCC)
diff --git a/library/Makefile b/library/Makefile
index 0b5a43a..e9c0a11 100644
--- a/library/Makefile
+++ b/library/Makefile
@@ -290,7 +290,8 @@
.PHONY: generated_files
GENERATED_FILES = \
error.c version_features.c \
- ssl_debug_helpers_generated.c
+ ssl_debug_helpers_generated.c \
+ psa_crypto_driver_wrappers.c
generated_files: $(GENERATED_FILES)
error.c: ../scripts/generate_errors.pl
@@ -318,6 +319,12 @@
echo " Gen $@"
$(PERL) ../scripts/generate_features.pl
+psa_crypto_driver_wrappers.c: ../scripts/generate_driver_wrappers.py
+psa_crypto_driver_wrappers.c: ../scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja
+psa_crypto_driver_wrappers.c:
+ echo " Gen $@"
+ $(PYTHON) ../scripts/generate_driver_wrappers.py
+
clean:
ifndef WINDOWS
rm -f *.o libmbed*
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 829ed45..e021f8a 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3719,6 +3719,14 @@
return( PSA_ERROR_INVALID_ARGUMENT );
}
+static psa_status_t psa_aead_check_algorithm( psa_algorithm_t alg )
+{
+ if( !PSA_ALG_IS_AEAD( alg ) || PSA_ALG_IS_WILDCARD( alg ) )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+
+ return( PSA_SUCCESS );
+}
+
psa_status_t psa_aead_encrypt( mbedtls_svc_key_id_t key,
psa_algorithm_t alg,
const uint8_t *nonce,
@@ -3736,8 +3744,9 @@
*ciphertext_length = 0;
- if( !PSA_ALG_IS_AEAD( alg ) || PSA_ALG_IS_WILDCARD( alg ) )
- return( PSA_ERROR_NOT_SUPPORTED );
+ status = psa_aead_check_algorithm( alg );
+ if( status != PSA_SUCCESS )
+ return( status );
status = psa_get_and_lock_key_slot_with_policy(
key, &slot, PSA_KEY_USAGE_ENCRYPT, alg );
@@ -3786,8 +3795,9 @@
*plaintext_length = 0;
- if( !PSA_ALG_IS_AEAD( alg ) || PSA_ALG_IS_WILDCARD( alg ) )
- return( PSA_ERROR_NOT_SUPPORTED );
+ status = psa_aead_check_algorithm( alg );
+ if( status != PSA_SUCCESS )
+ return( status );
status = psa_get_and_lock_key_slot_with_policy(
key, &slot, PSA_KEY_USAGE_DECRYPT, alg );
@@ -3830,11 +3840,9 @@
psa_key_slot_t *slot = NULL;
psa_key_usage_t key_usage = 0;
- if( !PSA_ALG_IS_AEAD( alg ) || PSA_ALG_IS_WILDCARD( alg ) )
- {
- status = PSA_ERROR_INVALID_ARGUMENT;
+ status = psa_aead_check_algorithm( alg );
+ if( status != PSA_SUCCESS )
goto exit;
- }
if( operation->id != 0 )
{
diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h
index e09e4ed..b6620a3 100644
--- a/library/psa_crypto_driver_wrappers.h
+++ b/library/psa_crypto_driver_wrappers.h
@@ -1,7 +1,6 @@
/*
* Function signatures for functionality that can be provided by
* cryptographic accelerators.
- * Warning: This file will be auto-generated in the future.
*/
/* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0
diff --git a/scripts/bump_version.sh b/scripts/bump_version.sh
index 6a4a69d..f5d7033 100755
--- a/scripts/bump_version.sh
+++ b/scripts/bump_version.sh
@@ -126,12 +126,12 @@
read MAJOR MINOR PATCH <<<$(IFS="."; echo $VERSION)
VERSION_NR="$( printf "0x%02X%02X%02X00" $MAJOR $MINOR $PATCH )"
cat include/mbedtls/build_info.h | \
- sed -e "s/_VERSION_MAJOR .\{1,\}/_VERSION_MAJOR $MAJOR/" | \
- sed -e "s/_VERSION_MINOR .\{1,\}/_VERSION_MINOR $MINOR/" | \
- sed -e "s/_VERSION_PATCH .\{1,\}/_VERSION_PATCH $PATCH/" | \
- sed -e "s/_VERSION_NUMBER .\{1,\}/_VERSION_NUMBER $VERSION_NR/" | \
- sed -e "s/_VERSION_STRING .\{1,\}/_VERSION_STRING \"$VERSION\"/" | \
- sed -e "s/_VERSION_STRING_FULL .\{1,\}/_VERSION_STRING_FULL \"mbed TLS $VERSION\"/" \
+ sed -e "s/\(# *define *[A-Z]*_VERSION\)_MAJOR .\{1,\}/\1_MAJOR $MAJOR/" | \
+ sed -e "s/\(# *define *[A-Z]*_VERSION\)_MINOR .\{1,\}/\1_MINOR $MINOR/" | \
+ sed -e "s/\(# *define *[A-Z]*_VERSION\)_PATCH .\{1,\}/\1_PATCH $PATCH/" | \
+ sed -e "s/\(# *define *[A-Z]*_VERSION\)_NUMBER .\{1,\}/\1_NUMBER $VERSION_NR/" | \
+ sed -e "s/\(# *define *[A-Z]*_VERSION\)_STRING .\{1,\}/\1_STRING \"$VERSION\"/" | \
+ sed -e "s/\(# *define *[A-Z]*_VERSION\)_STRING_FULL .\{1,\}/\1_STRING_FULL \"mbed TLS $VERSION\"/" \
> tmp
mv tmp include/mbedtls/build_info.h
diff --git a/library/psa_crypto_driver_wrappers.c b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja
similarity index 100%
rename from library/psa_crypto_driver_wrappers.c
rename to scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja
diff --git a/scripts/generate_driver_wrappers.py b/scripts/generate_driver_wrappers.py
new file mode 100755
index 0000000..42331ac
--- /dev/null
+++ b/scripts/generate_driver_wrappers.py
@@ -0,0 +1,75 @@
+#!/usr/bin/env python3
+"""Generate library/psa_crypto_driver_wrappers.c
+
+ This module is invoked by the build sripts to auto generate the
+ psa_crypto_driver_wrappers.c based on template files in
+ script/data_files/driver_templates/.
+"""
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import sys
+import os
+import argparse
+import jinja2
+from mbedtls_dev import build_tree
+
+def render(template_path: str) -> str:
+ """
+ Render template from the input file.
+ """
+ environment = jinja2.Environment(
+ loader=jinja2.FileSystemLoader(os.path.dirname(template_path)),
+ keep_trailing_newline=True)
+ template = environment.get_template(os.path.basename(template_path))
+
+ return template.render()
+
+def generate_driver_wrapper_file(mbedtls_root: str, output_dir: str) -> None:
+ """
+ Generate the file psa_crypto_driver_wrapper.c.
+ """
+ driver_wrapper_template_filename = \
+ os.path.join(mbedtls_root, \
+ "scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja")
+
+ result = render(driver_wrapper_template_filename)
+
+ with open(os.path.join(output_dir, "psa_crypto_driver_wrappers.c"), 'w') as out_file:
+ out_file.write(result)
+
+def main() -> int:
+ """
+ Main with command line arguments.
+ """
+ def_arg_mbedtls_root = build_tree.guess_mbedtls_root()
+ def_arg_output_dir = os.path.join(def_arg_mbedtls_root, 'library')
+
+ parser = argparse.ArgumentParser()
+ parser.add_argument('--mbedtls-root', nargs='?', default=def_arg_mbedtls_root,
+ help='root directory of mbedtls source code')
+ parser.add_argument('output_directory', nargs='?',
+ default=def_arg_output_dir, help='output file\'s location')
+ args = parser.parse_args()
+
+ mbedtls_root = os.path.abspath(args.mbedtls_root)
+ output_directory = args.output_directory
+
+ generate_driver_wrapper_file(mbedtls_root, output_directory)
+
+ return 0
+
+if __name__ == '__main__':
+ sys.exit(main())
diff --git a/scripts/make_generated_files.bat b/scripts/make_generated_files.bat
index d3a8b36..662da98 100644
--- a/scripts/make_generated_files.bat
+++ b/scripts/make_generated_files.bat
@@ -1,6 +1,9 @@
@rem Generate automatically-generated configuration-independent source files
@rem and build scripts.
@rem Perl and Python 3 must be on the PATH.
+@rem psa_crypto_driver_wrappers.c needs to be generated prior to
+@rem generate_visualc_files.pl being invoked.
+python scripts\generate_driver_wrappers.py || exit /b 1
perl scripts\generate_errors.pl || exit /b 1
perl scripts\generate_query_config.pl || exit /b 1
perl scripts\generate_features.pl || exit /b 1
diff --git a/tests/docker/bionic/Dockerfile b/tests/docker/bionic/Dockerfile
index 50f5a7f..28d33b7 100644
--- a/tests/docker/bionic/Dockerfile
+++ b/tests/docker/bionic/Dockerfile
@@ -60,6 +60,10 @@
pkg-config \
&& rm -rf /var/lib/apt/lists/*
+# Jinja2 is required for driver dispatch code generation.
+RUN python3 -m pip install \
+ jinja2==2.10.1 types-jinja2
+
# Build a static, legacy openssl from sources with sslv3 enabled
# Based on https://gist.github.com/bmaupin/8caca3a1e8c3c5686141 (build-openssl.sh)
# Note: openssl-1.0.2 and earlier has known build issues with parallel make.
diff --git a/tests/scripts/check-generated-files.sh b/tests/scripts/check-generated-files.sh
index 994fd24..f42ecd6 100755
--- a/tests/scripts/check-generated-files.sh
+++ b/tests/scripts/check-generated-files.sh
@@ -117,6 +117,7 @@
check scripts/generate_errors.pl library/error.c
check scripts/generate_query_config.pl programs/test/query_config.c
+check scripts/generate_driver_wrappers.py library/psa_crypto_driver_wrappers.c
check scripts/generate_features.pl library/version_features.c
check scripts/generate_ssl_debug_helpers.py library/ssl_debug_helpers_generated.c
# generate_visualc_files enumerates source files (library/*.c). It doesn't
diff --git a/tests/scripts/test_psa_compliance.py b/tests/scripts/test_psa_compliance.py
index ea52c93..da5229b 100755
--- a/tests/scripts/test_psa_compliance.py
+++ b/tests/scripts/test_psa_compliance.py
@@ -33,10 +33,6 @@
# Test number 2xx corresponds to the files in the folder
# psa-arch-tests/api-tests/dev_apis/crypto/test_c0xx
EXPECTED_FAILURES = {
- # Multipart CCM is not supported.
- # - Tracked in issue #3721
- 252, 253, 254, 255, 256, 257, 258, 259, 261,
-
# psa_hash_suspend() and psa_hash_resume() are not supported.
# - Tracked in issue #3274
262, 263
@@ -51,7 +47,7 @@
#
# Web URL: https://github.com/bensze01/psa-arch-tests/tree/fixes-for-mbedtls-3
PSA_ARCH_TESTS_REPO = 'https://github.com/bensze01/psa-arch-tests.git'
-PSA_ARCH_TESTS_REF = 'fixes-for-mbedtls-3'
+PSA_ARCH_TESTS_REF = 'fix-pr-5272'
#pylint: disable=too-many-branches,too-many-statements
def main():
diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index c45f9f0..5aade05 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -842,7 +842,7 @@
PSA key policy: AEAD, min-length policy used as algorithm
depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
-aead_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":13:8:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):PSA_ERROR_NOT_SUPPORTED
+aead_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":13:8:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):PSA_ERROR_INVALID_ARGUMENT
PSA key policy: AEAD, tag length > exact-length policy
depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
@@ -2829,11 +2829,11 @@
PSA AEAD encrypt/decrypt: invalid algorithm (CTR)
depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
-aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CTR:"000102030405060708090A0B0C0D0E0F":"":"":PSA_ERROR_NOT_SUPPORTED
+aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CTR:"000102030405060708090A0B0C0D0E0F":"":"":PSA_ERROR_INVALID_ARGUMENT
PSA AEAD encrypt/decrypt: invalid algorithm (ChaCha20)
depends_on:MBEDTLS_CHACHA20_C
-aead_encrypt_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_STREAM_CIPHER:"":"":"":PSA_ERROR_NOT_SUPPORTED
+aead_encrypt_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_STREAM_CIPHER:"":"":"":PSA_ERROR_INVALID_ARGUMENT
PSA Multipart AEAD encrypt: AES - CCM, 23 bytes (lengths set)
depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES